#[cfg(test)]
macro_rules! safe {
($($name:ident: $cmd:expr),* $(,)?) => {
$(#[test] fn $name() { assert!(check($cmd), "expected safe: {}", $cmd); })*
};
}
#[cfg(test)]
macro_rules! denied {
($($name:ident: $cmd:expr),* $(,)?) => {
$(#[test] fn $name() { assert!(!check($cmd), "expected denied: {}", $cmd); })*
};
}
#[cfg(test)]
macro_rules! inert {
($($name:ident: $cmd:expr),* $(,)?) => {
$(#[test] fn $name() {
assert_eq!(
crate::command_verdict($cmd),
crate::verdict::Verdict::Allowed(crate::verdict::SafetyLevel::Inert),
"expected Inert: {}", $cmd,
);
})*
};
}
#[cfg(test)]
macro_rules! safe_read {
($($name:ident: $cmd:expr),* $(,)?) => {
$(#[test] fn $name() {
assert_eq!(
crate::command_verdict($cmd),
crate::verdict::Verdict::Allowed(crate::verdict::SafetyLevel::SafeRead),
"expected SafeRead: {}", $cmd,
);
})*
};
}
#[cfg(test)]
macro_rules! safe_write {
($($name:ident: $cmd:expr),* $(,)?) => {
$(#[test] fn $name() {
assert_eq!(
crate::command_verdict($cmd),
crate::verdict::Verdict::Allowed(crate::verdict::SafetyLevel::SafeWrite),
"expected SafeWrite: {}", $cmd,
);
})*
};
}
pub mod cli;
pub mod cst;
pub mod docs;
mod handlers;
pub use handlers::all_opencode_patterns;
pub mod parse;
pub mod policy;
pub mod registry;
pub mod allowlist;
pub mod setup;
pub mod verdict;
pub use verdict::{SafetyLevel, Verdict};
pub fn is_safe_command(command: &str) -> bool {
command_verdict(command).is_allowed()
}
pub fn command_verdict(command: &str) -> Verdict {
cst::command_verdict(command)
}
#[cfg(test)]
mod tests;