blob: dc4f83bfdd2c87d3e4ba661b1f8c87841eb8a837 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
use std::path::PathBuf;
use eyre::Result;
use crate::permissions::check::{PermissionChecker, PermissionRequest, PermissionResponse};
use crate::permissions::walker::PermissionWalker;
use crate::permissions::writer;
use crate::tools::ClientToolCall;
/// Resolves permissions for client tool calls by walking the filesystem to find permission files,
pub(crate) struct PermissionResolver {
checker: PermissionChecker,
}
impl PermissionResolver {
/// Create a new resolver that walks from `working_dir` to root for project
/// permissions, and also checks the global permissions file.
pub async fn new(working_dir: PathBuf) -> Result<Self> {
let global_file = writer::global_permissions_path();
let mut walker = PermissionWalker::new(working_dir, Some(global_file));
walker.walk().await?;
let checker = PermissionChecker::new(walker.rules().to_owned());
Ok(Self { checker })
}
/// Check whether `tool` is allowed, denied, or needs user confirmation.
pub async fn check(&self, tool: &ClientToolCall) -> Result<PermissionResponse> {
let request = PermissionRequest::new(tool);
self.checker.check(&request).await
}
}
|
