pawan/config/
permissions.rs

1use serde::{Deserialize, Serialize};
2use std::collections::HashMap;
3
4/// Permission level for a tool
5#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
6#[serde(rename_all = "lowercase")]
7pub enum ToolPermission {
8    /// Always allow (default for most tools)
9    Allow,
10    /// Deny — tool is disabled
11    Deny,
12    /// Prompt — ask user before executing (TUI shows confirmation, headless denies)
13    Prompt,
14}
15
16impl ToolPermission {
17    /// Resolve permission for a tool name.
18    /// Checks explicit config first, then falls back to default rules:
19    /// - bash, git_commit, write_file, edit_file: Prompt if not explicitly configured
20    /// - Everything else: Allow
21    pub fn resolve(name: &str, permissions: &HashMap<String, ToolPermission>) -> Self {
22        if let Some(p) = permissions.get(name) {
23            return p.clone();
24        }
25        // Default: sensitive tools prompt, others allow
26        match name {
27            "bash" | "git_commit" | "write_file" | "edit_file_lines" | "insert_after"
28            | "append_file" => ToolPermission::Allow, // default allow for now; users can override to Prompt
29            _ => ToolPermission::Allow,
30        }
31    }
32}
pawan/config/permissions.rs

pawan/config/
permissions.rs
