vtcode_config/core/
permissions.rs

1use serde::{Deserialize, Serialize};
2
3/// Permission system configuration - Controls command resolution, audit logging, and caching
4#[cfg_attr(feature = "schema", derive(schemars::JsonSchema))]
5#[derive(Debug, Clone, Deserialize, Serialize)]
6pub struct PermissionsConfig {
7    /// Enable the enhanced permission system (resolver + audit logger + cache)
8    #[serde(default = "default_enabled")]
9    pub enabled: bool,
10
11    /// Enable command resolution to actual paths (helps identify suspicious commands)
12    #[serde(default = "default_resolve_commands")]
13    pub resolve_commands: bool,
14
15    /// Enable audit logging of all permission decisions
16    #[serde(default = "default_audit_enabled")]
17    pub audit_enabled: bool,
18
19    /// Directory for audit logs (created if not exists)
20    /// Defaults to ~/.vtcode/audit
21    #[serde(default = "default_audit_directory")]
22    pub audit_directory: String,
23
24    /// Log allowed commands to audit trail
25    #[serde(default = "default_log_allowed_commands")]
26    pub log_allowed_commands: bool,
27
28    /// Log denied commands to audit trail
29    #[serde(default = "default_log_denied_commands")]
30    pub log_denied_commands: bool,
31
32    /// Log permission prompts (when user is asked for confirmation)
33    #[serde(default = "default_log_permission_prompts")]
34    pub log_permission_prompts: bool,
35
36    /// Enable permission decision caching to avoid redundant evaluations
37    #[serde(default = "default_cache_enabled")]
38    pub cache_enabled: bool,
39
40    /// Cache time-to-live in seconds (how long to cache decisions)
41    /// Default: 300 seconds (5 minutes)
42    #[serde(default = "default_cache_ttl_seconds")]
43    pub cache_ttl_seconds: u64,
44}
45
46fn default_enabled() -> bool {
47    true
48}
49
50fn default_resolve_commands() -> bool {
51    true
52}
53
54fn default_audit_enabled() -> bool {
55    true
56}
57
58fn default_audit_directory() -> String {
59    "~/.vtcode/audit".to_string()
60}
61
62fn default_log_allowed_commands() -> bool {
63    true
64}
65
66fn default_log_denied_commands() -> bool {
67    true
68}
69
70fn default_log_permission_prompts() -> bool {
71    true
72}
73
74fn default_cache_enabled() -> bool {
75    true
76}
77
78fn default_cache_ttl_seconds() -> u64 {
79    300 // 5 minutes
80}
81
82impl Default for PermissionsConfig {
83    fn default() -> Self {
84        Self {
85            enabled: default_enabled(),
86            resolve_commands: default_resolve_commands(),
87            audit_enabled: default_audit_enabled(),
88            audit_directory: default_audit_directory(),
89            log_allowed_commands: default_log_allowed_commands(),
90            log_denied_commands: default_log_denied_commands(),
91            log_permission_prompts: default_log_permission_prompts(),
92            cache_enabled: default_cache_enabled(),
93            cache_ttl_seconds: default_cache_ttl_seconds(),
94        }
95    }
96}