vtcode_config/core/
permissions.rs

1use serde::{Deserialize, Serialize};
2
3/// Permission system configuration - Controls command resolution, audit logging, and caching
4#[cfg_attr(feature = "schema", derive(schemars::JsonSchema))]
5#[derive(Debug, Clone, Deserialize, Serialize)]
6pub struct PermissionsConfig {
7    /// Enable the enhanced permission system (resolver + audit logger + cache)
8    #[serde(default = "default_enabled")]
9    pub enabled: bool,
10
11    /// Enable command resolution to actual paths (helps identify suspicious commands)
12    #[serde(default = "default_resolve_commands")]
13    pub resolve_commands: bool,
14
15    /// Enable audit logging of all permission decisions
16    #[serde(default = "default_audit_enabled")]
17    pub audit_enabled: bool,
18
19    /// Directory for audit logs (created if not exists)
20    /// Defaults to ~/.vtcode/audit
21    #[serde(default = "default_audit_directory")]
22    pub audit_directory: String,
23
24    /// Log allowed commands to audit trail
25    #[serde(default = "default_log_allowed_commands")]
26    pub log_allowed_commands: bool,
27
28    /// Log denied commands to audit trail
29    #[serde(default = "default_log_denied_commands")]
30    pub log_denied_commands: bool,
31
32    /// Log permission prompts (when user is asked for confirmation)
33    #[serde(default = "default_log_permission_prompts")]
34    pub log_permission_prompts: bool,
35
36    /// Enable permission decision caching to avoid redundant evaluations
37    #[serde(default = "default_cache_enabled")]
38    pub cache_enabled: bool,
39
40    /// Cache time-to-live in seconds (how long to cache decisions)
41    /// Default: 300 seconds (5 minutes)
42    #[serde(default = "default_cache_ttl_seconds")]
43    pub cache_ttl_seconds: u64,
44}
45
46#[inline]
47const fn default_enabled() -> bool {
48    true
49}
50
51#[inline]
52const fn default_resolve_commands() -> bool {
53    true
54}
55
56#[inline]
57const fn default_audit_enabled() -> bool {
58    true
59}
60
61const DEFAULT_AUDIT_DIR: &str = "~/.vtcode/audit";
62
63#[inline]
64fn default_audit_directory() -> String {
65    DEFAULT_AUDIT_DIR.into()
66}
67
68#[inline]
69const fn default_log_allowed_commands() -> bool {
70    true
71}
72
73#[inline]
74const fn default_log_denied_commands() -> bool {
75    true
76}
77
78#[inline]
79const fn default_log_permission_prompts() -> bool {
80    true
81}
82
83#[inline]
84const fn default_cache_enabled() -> bool {
85    true
86}
87
88#[inline]
89const fn default_cache_ttl_seconds() -> u64 {
90    300 // 5 minutes
91}
92
93impl Default for PermissionsConfig {
94    fn default() -> Self {
95        Self {
96            enabled: default_enabled(),
97            resolve_commands: default_resolve_commands(),
98            audit_enabled: default_audit_enabled(),
99            audit_directory: default_audit_directory(),
100            log_allowed_commands: default_log_allowed_commands(),
101            log_denied_commands: default_log_denied_commands(),
102            log_permission_prompts: default_log_permission_prompts(),
103            cache_enabled: default_cache_enabled(),
104            cache_ttl_seconds: default_cache_ttl_seconds(),
105        }
106    }
107}