Skip to main content

cc_toolgate/commands/
mod.rs

1//! Command evaluation specs: per-tool logic for deciding allow/ask/deny.
2//!
3//! This module contains the `CommandSpec` trait and two categories of implementation:
4//!
5//! - **`simple`** — A data-driven spec for flat command lists (allow/ask/deny with no
6//!   subcommand awareness).
7//! - **`tools`** — Subcommand-aware evaluators for specific CLI tools (git, cargo, kubectl, gh),
8//!   each with config-driven classification, env-gated auto-allow, and redirection escalation.
9
10/// Data-driven spec for flat allow/ask/deny command lists.
11pub mod simple;
12/// Subcommand-aware evaluators for specific CLI tools.
13pub mod tools;
14
15use crate::eval::{CommandContext, RuleMatch};
16
17/// Trait for command evaluation specs.
18///
19/// Each implementation knows how to evaluate a specific command (or family of commands)
20/// and returns a `RuleMatch` with the decision and reason.
21pub trait CommandSpec: Send + Sync {
22    /// Evaluate the command in the given context and return a decision.
23    fn evaluate(&self, ctx: &CommandContext) -> RuleMatch;
24}