Skip to main content

Crate clash

Crate clash 

Source
Expand description

Clash library — permission enforcement for Claude Code.

This crate provides the core building blocks for evaluating tool permissions, enforcing sandbox policies, and integrating with Claude Code’s hook system.

§Modules

  • hooks — Input/output types for the Claude Code hook protocol.
  • permissions — Policy-based permission evaluation for tool invocations.
  • policy — Policy YAML language, compilation, and evaluation engine.
  • handlers — Pre-built hook handlers that wire permissions, notifications, and session validation together.
  • settings — Loading and resolving clash configuration and policy files.
  • policy_loader — Policy file discovery, Starlark evaluation, and compilation.
  • sandbox — Platform-specific (Linux/macOS) sandbox enforcement backends.
  • audit — Structured audit logging of policy decisions.
  • notifications — Desktop notifications and Zulip integration.

§Example

use clash::hooks::ToolUseHookInput;
use clash::permissions::check_permission;
use clash::settings::ClashSettings;

let settings = ClashSettings::load_or_create().unwrap();
let input = ToolUseHookInput::from_reader(std::io::stdin().lock()).unwrap();
let output = check_permission(&input, &settings).unwrap();
output.write_stdout().unwrap();

Modules§

agents
Multi-agent support for Clash.
audit
Structured audit logging for policy decisions.
claude
Claude Code tool definitions and input schemas.
cli
cmd
debug
Debug tools for understanding and inspecting clash policy enforcement.
dialog
Interactive prompt helpers wrapping dialoguer.
display
Shared formatting helpers for human-readable and JSON policy output.
errors
User-facing error display.
git
Git worktree detection.
handlers
Pre-built hook handlers for Claude Code integration.
hooks
network_hints
Detect network errors in sandboxed Bash output and provide actionable hints.
notifications
permissions
policy
Match-tree policy language.
policy_loader
Policy discovery, evaluation, and compilation.
sandbox
Sandbox enforcement backends.
sandbox_cmd
sandbox_hints
Detect filesystem errors in sandboxed Bash output and provide actionable hints.
schema
Self-describing schema for the policy format.
session_dir
Typed handle for a clash session directory.
session_policy
Detect permission acceptances and suggest session-level policy rules.
settings
Loading and resolving clash configuration and policy files.
shell_cmd
clash shell — bash-compatible shell with per-command sandbox enforcement.
style
TTY-aware color and styling helpers for human-friendly CLI output.
trace
Toolpath-based session tracing.
trace_display
Interactive decision trace visualization for clash explain --trace.
tracing_init
tui
Interactive policy editor TUI.
ui
Terminal output helpers — everything that talks to stdout/stderr.
version

Macros§

select_enum
Declare an enum that implements SelectItem for use with select.