Skip to main content

Module permissions

Module permissions 

Source
Expand description

Static tool permission configuration.

Provides a layered permission system where rules from different sources (user config, project config, session) are merged with well-defined semantics:

  • deny: any layer denies → denied (union)
  • allow: any layer allows → allowed (union)
  • interactive: any layer marks as interactive → interactive (union)

The session-level PermissionMode provides additional runtime behaviour on top of the static rules (plan-mode write blocking, bypass, dont-ask, etc.).

The legacy PermissionsConfig type alias provides backward compatibility for existing callers.

Modules§

auto_classifier
LLM-based permission classifier for PermissionMode::Auto.

Structs§

LayeredPermissionsConfig
Layered permission configuration.
OldPermissionsConfig
Legacy single-layer permission config.
PermissionLayer
A single layer of permission rules from one source.

Enums§

DecisionReason
The reason why a permission decision was made.
Permission
The result of a permission check.
PermissionMode
The session-wide permission mode, determining runtime behaviour for tool dispatch.
RuleBehavior
Behaviour to associate with a session-level permission rule.
RuleSource
The source/origin of a permission layer.

Type Aliases§

PermissionsConfig
Type alias for backward compatibility.
SharedPermissions
Thread-safe shared reference to a layered permissions configuration.