aboutsummaryrefslogtreecommitdiffstats
path: root/crates/atuin-ai/src/permissions/resolver.rs
diff options
context:
space:
mode:
Diffstat (limited to 'crates/atuin-ai/src/permissions/resolver.rs')
-rw-r--r--crates/atuin-ai/src/permissions/resolver.rs31
1 files changed, 31 insertions, 0 deletions
diff --git a/crates/atuin-ai/src/permissions/resolver.rs b/crates/atuin-ai/src/permissions/resolver.rs
new file mode 100644
index 00000000..dc4f83bf
--- /dev/null
+++ b/crates/atuin-ai/src/permissions/resolver.rs
@@ -0,0 +1,31 @@
+use std::path::PathBuf;
+
+use eyre::Result;
+
+use crate::permissions::check::{PermissionChecker, PermissionRequest, PermissionResponse};
+use crate::permissions::walker::PermissionWalker;
+use crate::permissions::writer;
+use crate::tools::ClientToolCall;
+
+/// Resolves permissions for client tool calls by walking the filesystem to find permission files,
+pub(crate) struct PermissionResolver {
+ checker: PermissionChecker,
+}
+
+impl PermissionResolver {
+ /// Create a new resolver that walks from `working_dir` to root for project
+ /// permissions, and also checks the global permissions file.
+ pub async fn new(working_dir: PathBuf) -> Result<Self> {
+ let global_file = writer::global_permissions_path();
+ let mut walker = PermissionWalker::new(working_dir, Some(global_file));
+ walker.walk().await?;
+ let checker = PermissionChecker::new(walker.rules().to_owned());
+ Ok(Self { checker })
+ }
+
+ /// Check whether `tool` is allowed, denied, or needs user confirmation.
+ pub async fn check(&self, tool: &ClientToolCall) -> Result<PermissionResponse> {
+ let request = PermissionRequest::new(tool);
+ self.checker.check(&request).await
+ }
+}
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-14 02:17:09 +0000