Documentation
¶
Index ¶
- func GetSuggestedPattern(toolName, args string) string
- func NormalizeCoderArgs(args string) (subcommand string, normalized string)
- type Action
- type PolicyManager
- func (pm *PolicyManager) ActivePolicyPath() string
- func (pm *PolicyManager) AddRule(pattern string, action Action) error
- func (pm *PolicyManager) Check(toolName, args string) Action
- func (pm *PolicyManager) LastMatchedRule() (Rule, bool)
- func (pm *PolicyManager) LocalMergeEnabled() bool
- func (pm *PolicyManager) LocalPolicyPath() string
- func (pm *PolicyManager) RulesCount() int
- type Rule
- type SecurityContext
- type SecurityDecision
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetSuggestedPattern ¶
GetSuggestedPattern returns a suggested policy pattern for the given tool invocation. For exec commands, it returns empty string to prevent "Allow Always" from being offered -- exec should always require per-command approval since any shell command could be destructive.
func NormalizeCoderArgs ¶ added in v1.53.1
NormalizeCoderArgs parses raw tool call args (JSON or CLI format) and returns:
- subcommand: the extracted subcommand name (e.g., "read", "exec")
- normalized: the full normalized CLI-style string with sorted flags (e.g., "read --file main.go") suitable for deterministic prefix matching.
When the subcommand cannot be determined, both return values are empty. This is a safe default because Check() will fall through to ActionAsk.
Types ¶
type PolicyManager ¶
type PolicyManager struct {
Rules []Rule `json:"rules"`
// contains filtered or unexported fields
}
func NewPolicyManager ¶
func NewPolicyManager(logger *zap.Logger) (*PolicyManager, error)
func (*PolicyManager) ActivePolicyPath ¶ added in v1.52.0
func (pm *PolicyManager) ActivePolicyPath() string
func (*PolicyManager) AddRule ¶
func (pm *PolicyManager) AddRule(pattern string, action Action) error
func (*PolicyManager) Check ¶
func (pm *PolicyManager) Check(toolName, args string) Action
func (*PolicyManager) LastMatchedRule ¶ added in v1.52.0
func (pm *PolicyManager) LastMatchedRule() (Rule, bool)
func (*PolicyManager) LocalMergeEnabled ¶ added in v1.52.0
func (pm *PolicyManager) LocalMergeEnabled() bool
func (*PolicyManager) LocalPolicyPath ¶ added in v1.52.0
func (pm *PolicyManager) LocalPolicyPath() string
func (*PolicyManager) RulesCount ¶ added in v1.52.0
func (pm *PolicyManager) RulesCount() int
type SecurityContext ¶ added in v1.64.0
type SecurityContext struct {
AgentName string // e.g., "shell", "coder", "tester"
TaskDesc string // natural language task description
}
SecurityContext provides optional metadata for richer security prompts. When provided, the prompt shows which agent is requesting the action and why.
type SecurityDecision ¶
type SecurityDecision int
const ( DecisionRunOnce SecurityDecision = iota DecisionAllowAlways DecisionDenyOnce DecisionDenyForever )
func PromptSecurityCheck ¶
func PromptSecurityCheck(ctx context.Context, toolName, args string) SecurityDecision
PromptSecurityCheck prompts the user for a security decision (no agent context).
func PromptSecurityCheckWithContext ¶ added in v1.64.0
func PromptSecurityCheckWithContext(ctx context.Context, toolName, args string, secCtx *SecurityContext) SecurityDecision
PromptSecurityCheckWithContext prompts the user with full context about what is being attempted, which agent is requesting it, and the parsed command details.
Source Files