safe_chains/cli.rs
1use clap::Parser;
2use crate::verdict::SafetyLevel;
3
4#[derive(Parser)]
5#[command(name = "safe-chains")]
6#[command(about = "Auto-allow safe bash commands in agentic coding tools")]
7#[command(version)]
8#[allow(clippy::struct_excessive_bools)]
9pub struct Cli {
10 /// Command string to check (omit for Claude hook mode via stdin)
11 pub command: Option<String>,
12
13 /// Safety level threshold (inert, safe-read, safe-write). Only commands at or below this level pass.
14 #[arg(long, value_enum)]
15 pub level: Option<SafetyLevel>,
16
17 /// List all supported commands in Markdown format
18 #[arg(long)]
19 pub list_commands: bool,
20
21 /// Generate OpenCode permission config (merges with existing opencode.json)
22 #[arg(long)]
23 pub opencode_config: bool,
24
25 /// Generate mdBook command reference pages in docs/src/commands/
26 #[arg(long)]
27 pub generate_book: bool,
28
29 /// Configure the hook for the named tool (default: claude). Use --auto-detect for every installed tool.
30 #[arg(long)]
31 pub setup: bool,
32
33 /// Pair with --setup to select the target tool by name. See --list-tools.
34 #[arg(long, value_name = "NAME")]
35 pub tool: Option<String>,
36
37 /// Pair with --setup to install for every installed tool detected on this machine.
38 #[arg(long)]
39 pub auto_detect: bool,
40
41 /// Print the names of every supported integration target.
42 #[arg(long)]
43 pub list_tools: bool,
44
45 /// Hook subcommand: read this tool's stdin envelope, validate the command, write the response.
46 #[command(subcommand)]
47 pub subcommand: Option<Subcommand>,
48}
49
50#[derive(clap::Subcommand)]
51pub enum Subcommand {
52 /// Run as a runtime hook for the named tool.
53 Hook {
54 /// Tool to read/write the hook envelope for. See --list-tools.
55 #[arg(value_name = "TOOL")]
56 tool: String,
57 },
58}