Skip to main content

CapabilityChecker

clawft_kernel::capability

Struct CapabilityChecker 

Source 
pub struct CapabilityChecker { /* private fields */ }
Expand description

Capability checker that enforces per-agent access control.

The checker reads capabilities from the process table and validates tool access, IPC routing, service access, and resource limits. It is designed to be called from tool execution hooks without requiring a direct dependency on the kernel crate (via trait objects in the core).

Implementations§

Source§

impl CapabilityChecker

Source

pub fn new(process_table: Arc<ProcessTable>) -> Self

Create a new capability checker backed by the given process table.

Source

pub fn check_tool_access( &self, pid: Pid, tool_name: &str, tool_permissions: Option<&ToolPermissions>, sandbox: Option<&SandboxPolicy>, ) -> Result<(), KernelError>

Check whether a process is allowed to call a tool.

Evaluation order:

  1. Agent must have can_exec_tools enabled.
  2. If tool_permissions.deny is non-empty, the tool must not be in the deny list (deny overrides allow).
  3. If tool_permissions.allow is non-empty, the tool must be in the allow list.
  4. Shell tools require sandbox.allow_shell.
§Errors

Returns KernelError::CapabilityDenied with a description of why access was denied.

Source

pub fn check_ipc_target( &self, from_pid: Pid, to_pid: Pid, ) -> Result<(), KernelError>

Check whether a process may send a message to another process.

Uses the sender’s IPC scope to determine if communication with the target PID is allowed.

§Errors

Returns KernelError::CapabilityDenied if IPC is disabled or the target is outside the sender’s IPC scope.

Source

pub fn check_ipc_topic(&self, pid: Pid, topic: &str) -> Result<(), KernelError>

Check whether a process may publish or subscribe to a topic.

§Errors

Returns KernelError::CapabilityDenied if the agent’s IPC scope does not permit the given topic.

Source

pub fn check_service_access( &self, pid: Pid, service_name: &str, tool_permissions: Option<&ToolPermissions>, ) -> Result<(), KernelError>

Check whether a process may access a named service.

If tool_permissions has a non-empty service_access list, the service name must appear in it.

§Errors

Returns KernelError::CapabilityDenied if the service is not in the agent’s service access list.

Source

pub fn check_resource_limit( &self, pid: Pid, resource: &ResourceType, ) -> Result<(), KernelError>

Check whether a resource usage is within the agent’s limits.

§Errors

Returns KernelError::ResourceLimitExceeded if the resource usage exceeds the agent’s configured limits.

Source

pub fn process_table(&self) -> &Arc<ProcessTable>

Get a reference to the underlying process table.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more