cc_toolgate/lib.rs
1//! cc-toolgate: a PreToolUse hook for Claude Code that gates Bash commands.
2//!
3//! This crate evaluates shell commands against configurable rules and returns
4//! one of three decisions: [`eval::Decision::Allow`], [`eval::Decision::Ask`],
5//! or [`eval::Decision::Deny`]. Commands are parsed into an AST using
6//! tree-sitter-bash, split into segments, and each segment is evaluated
7//! against a [`CommandRegistry`](crate::eval::CommandRegistry) built from configuration.
8//!
9//! # Architecture
10//!
11//! - **[`parse`]** — Shell parsing: tree-sitter-bash AST walker, shlex tokenizer, type definitions.
12//! - **[`eval`]** — Evaluation engine: command registry, decision types, per-segment context.
13//! - **[`commands`]** — Command specs: per-tool evaluation logic (git, cargo, kubectl, gh, etc.).
14//! - **[`config`]** — Configuration loading: embedded defaults + user overlay merge.
15//! - **[`logging`]** — Decision logging to `~/.local/share/cc-toolgate/decisions.log`.
16
17/// Command spec trait and per-tool implementations.
18pub mod commands;
19/// Configuration types, loading, and overlay merge logic.
20pub mod config;
21/// Evaluation engine: registry, decision aggregation, command context.
22pub mod eval;
23/// File-based decision logging.
24pub mod logging;
25/// Shell command parsing: tree-sitter AST, shlex tokenizer, pipeline types.
26pub mod parse;
27
28use eval::RuleMatch;
29
30/// Build the registry from default config and evaluate a command string.
31///
32/// This is the main entry point for tests and simple usage.
33/// For CLI usage with --escalate-deny or user config, build the registry directly.
34pub fn evaluate(command: &str) -> RuleMatch {
35 let config = config::Config::default_config();
36 let registry = eval::CommandRegistry::from_config(&config);
37 registry.evaluate(command)
38}