1#[cfg(test)]
2macro_rules! safe {
3 ($($name:ident: $cmd:expr),* $(,)?) => {
4 $(#[test] fn $name() { assert!(check($cmd), "expected safe: {}", $cmd); })*
5 };
6}
7
8#[cfg(test)]
9macro_rules! denied {
10 ($($name:ident: $cmd:expr),* $(,)?) => {
11 $(#[test] fn $name() { assert!(!check($cmd), "expected denied: {}", $cmd); })*
12 };
13}
14
15#[cfg(test)]
16macro_rules! inert {
17 ($($name:ident: $cmd:expr),* $(,)?) => {
18 $(#[test] fn $name() {
19 assert_eq!(
20 crate::command_verdict($cmd),
21 crate::verdict::Verdict::Allowed(crate::verdict::SafetyLevel::Inert),
22 "expected Inert: {}", $cmd,
23 );
24 })*
25 };
26}
27
28#[cfg(test)]
29macro_rules! safe_read {
30 ($($name:ident: $cmd:expr),* $(,)?) => {
31 $(#[test] fn $name() {
32 assert_eq!(
33 crate::command_verdict($cmd),
34 crate::verdict::Verdict::Allowed(crate::verdict::SafetyLevel::SafeRead),
35 "expected SafeRead: {}", $cmd,
36 );
37 })*
38 };
39}
40
41#[cfg(test)]
42macro_rules! safe_write {
43 ($($name:ident: $cmd:expr),* $(,)?) => {
44 $(#[test] fn $name() {
45 assert_eq!(
46 crate::command_verdict($cmd),
47 crate::verdict::Verdict::Allowed(crate::verdict::SafetyLevel::SafeWrite),
48 "expected SafeWrite: {}", $cmd,
49 );
50 })*
51 };
52}
53
54pub mod cli;
55pub mod cst;
56pub mod docs;
57mod handlers;
58pub use handlers::all_opencode_patterns;
59pub mod parse;
60pub mod policy;
61pub mod registry;
62pub mod allowlist;
63pub mod setup;
64pub mod verdict;
65
66pub use verdict::{SafetyLevel, Verdict};
67
68pub fn is_safe_command(command: &str) -> bool {
69 command_verdict(command).is_allowed()
70}
71
72pub fn command_verdict(command: &str) -> Verdict {
73 cst::command_verdict(command)
74}
75
76#[cfg(test)]
77mod tests;