vtcode_config/core/
permissions.rs

1use serde::{Deserialize, Serialize};
2
3/// Permission system configuration - Controls command resolution, audit logging, and caching
4#[cfg_attr(feature = "schema", derive(schemars::JsonSchema))]
5#[derive(Debug, Clone, Deserialize, Serialize)]
6pub struct PermissionsConfig {
7    /// Enable the enhanced permission system (resolver + audit logger + cache)
8    #[serde(default = "default_enabled")]
9    pub enabled: bool,
10
11    /// Enable command resolution to actual paths (helps identify suspicious commands)
12    #[serde(default = "default_resolve_commands")]
13    pub resolve_commands: bool,
14
15    /// Enable audit logging of all permission decisions
16    #[serde(default = "default_audit_enabled")]
17    pub audit_enabled: bool,
18
19    /// Directory for audit logs (created if not exists)
20    /// Defaults to ~/.vtcode/audit
21    #[serde(default = "default_audit_directory")]
22    pub audit_directory: String,
23
24    /// Log allowed commands to audit trail
25    #[serde(default = "default_log_allowed_commands")]
26    pub log_allowed_commands: bool,
27
28    /// Log denied commands to audit trail
29    #[serde(default = "default_log_denied_commands")]
30    pub log_denied_commands: bool,
31
32    /// Log permission prompts (when user is asked for confirmation)
33    #[serde(default = "default_log_permission_prompts")]
34    pub log_permission_prompts: bool,
35
36    /// Log sandbox events
37    #[serde(default = "default_log_sandbox_events")]
38    pub log_sandbox_events: bool,
39
40    /// Enable permission decision caching to avoid redundant evaluations
41    #[serde(default = "default_cache_enabled")]
42    pub cache_enabled: bool,
43
44    /// Cache time-to-live in seconds (how long to cache decisions)
45    /// Default: 300 seconds (5 minutes)
46    #[serde(default = "default_cache_ttl_seconds")]
47    pub cache_ttl_seconds: u64,
48}
49
50fn default_enabled() -> bool {
51    true
52}
53
54fn default_resolve_commands() -> bool {
55    true
56}
57
58fn default_audit_enabled() -> bool {
59    true
60}
61
62fn default_audit_directory() -> String {
63    "~/.vtcode/audit".to_string()
64}
65
66fn default_log_allowed_commands() -> bool {
67    true
68}
69
70fn default_log_denied_commands() -> bool {
71    true
72}
73
74fn default_log_permission_prompts() -> bool {
75    true
76}
77
78fn default_log_sandbox_events() -> bool {
79    true
80}
81
82fn default_cache_enabled() -> bool {
83    true
84}
85
86fn default_cache_ttl_seconds() -> u64 {
87    300 // 5 minutes
88}
89
90impl Default for PermissionsConfig {
91    fn default() -> Self {
92        Self {
93            enabled: default_enabled(),
94            resolve_commands: default_resolve_commands(),
95            audit_enabled: default_audit_enabled(),
96            audit_directory: default_audit_directory(),
97            log_allowed_commands: default_log_allowed_commands(),
98            log_denied_commands: default_log_denied_commands(),
99            log_permission_prompts: default_log_permission_prompts(),
100            log_sandbox_events: default_log_sandbox_events(),
101            cache_enabled: default_cache_enabled(),
102            cache_ttl_seconds: default_cache_ttl_seconds(),
103        }
104    }
105}