Skip to main content

Module policy

Module policy 

Source
Expand description

Write-boundary primitives.

Stateless classifiers shared by the armed guard ([super::decide]) and pipeline::detect-stray-writes: which tools write, which Bash commands mutate state outside a sandbox, and whether a path falls under an allowed root. Tool names come from the adapters’ cross-harness vocabulary union (all_tool_vocabulary), so no harness’s tool naming is hardcoded here.

Functions§

apply_patch_paths
Extract file paths from a Codex apply_patch hook payload. Codex can expose patch targets as a structured files list or as freeform patch text; collect both so the guard can deny unknown or out-of-bounds patches before they run.
classify_bash
If a Bash command matches a mutation pattern and is not scoped to one of allowed_roots, return the human reason; otherwise None. A command is treated as scoped when it textually references an allowed root.
is_patch_tool
True for an apply_patch-style tool whose payload carries patch targets (extracted with apply_patch_paths), in any harness’s vocabulary.
is_shell_tool
True for a shell-execution tool carrying a command argument, in any harness’s vocabulary.
is_under
True when target resolves to dir or a descendant of it. Relative targets resolve against repo_root. Path::starts_with matches whole path components, so .eval-magic2 is correctly not under .eval-magic.
is_under_any
True when target is under any of dirs.
is_write_tool
True for a tool name that writes the filesystem with a single target path argument, in any harness’s vocabulary.
path_arg
Pull the target path from a write tool’s arguments (file_pathnotebook_pathpath). Returns None when the input is not an object or carries no string path.