1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
//! Permission classification helpers.
//!
//! Pure functions for classifying tools (is this a path tool? is it
//! high-risk?) and building `Pattern` values with the right `*`
//! semantics for the tool category. Extracted from `checker.rs` so
//! they can be unit-tested independently of the `PermissionChecker`
//! struct's configuration wiring.
//!
//! Used by `checker.rs` (through thin delegating methods) and by
//! `allowlist.rs` (for `pattern_for_tool`).
use cratePattern;
/// Tools that execute external code with broad effects. Accept mode
/// does NOT coerce `Ask → Allow` for these — the "I trust the agent
/// inside cwd" rationale that justifies the coercion for other
/// non-path tools doesn't generalize to shell + MCP servers.
pub
/// Tool names where the input is a filesystem path. For these, `*` keeps
/// classic glob semantics (one segment, doesn't cross `/`). Everything else
/// is treated as shell/text where `*` means "any chars including /".
/// Build a Pattern with the right `*` semantics for the given tool.