Skip to main content

Crate clash

Crate clash 

Source
Expand description

Clash library — permission enforcement for Claude Code.

This crate provides the core building blocks for evaluating tool permissions, enforcing sandbox policies, and integrating with Claude Code’s hook system.

§Modules

  • hooks — Input/output types for the Claude Code hook protocol.
  • permissions — Policy-based permission evaluation for tool invocations.
  • policy — Policy YAML language, compilation, and evaluation engine.
  • handlers — Pre-built hook handlers that wire permissions, notifications, and session validation together.
  • settings — Loading and resolving clash configuration and policy files.
  • policy_loader — Policy file discovery, Starlark evaluation, and compilation.
  • sandbox — Platform-specific (Linux/macOS) sandbox enforcement backends.
  • audit — Structured audit logging of policy decisions.
  • notifications — Desktop notifications and Zulip integration.

§Example

use clash::hooks::ToolUseHookInput;
use clash::permissions::check_permission;
use clash::settings::ClashSettings;

let settings = ClashSettings::load_or_create().unwrap();
let input = ToolUseHookInput::from_reader(std::io::stdin().lock()).unwrap();
let output = check_permission(&input, &settings).unwrap();
output.write_stdout().unwrap();

Modules§

audit
Structured audit logging for policy decisions.
cli
cmd
debug
Debug tools for understanding and inspecting clash policy enforcement.
display
Shared formatting helpers for human-readable and JSON policy output.
errors
User-facing error display.
git
Git worktree detection.
handlers
Pre-built hook handlers for Claude Code integration.
hooks
network_hints
Detect network errors in sandboxed Bash output and provide actionable hints.
notifications
permissions
policy
Match-tree policy language.
policy_loader
Policy discovery, evaluation, and compilation.
sandbox
Sandbox enforcement backends.
sandbox_cmd
sandbox_fs_hints
Detect filesystem errors in sandboxed Bash output and provide actionable hints.
schema
Self-describing schema for the policy format.
session_policy
Detect permission acceptances and suggest session-level policy rules.
settings
shell_cmd
clash shell — bash-compatible shell with per-command sandbox enforcement.
style
TTY-aware color and styling helpers for human-friendly CLI output.
trace
Toolpath-based session tracing.
tracing_init
tui
Interactive policy editor TUI.
version