Class: OllamaAgent::Runtime::PermissionBridge

Inherits:

Object

• Object
• OllamaAgent::Runtime::PermissionBridge

Defined in:

lib/ollama_agent/runtime/permission_bridge.rb

Overview

Bridges legacy Permissions/Policies with Security::OwnershipIndex + CriticalityPolicy.

Instance Method Summary

• #allow_mutation?(tool_name:, path:, mode:, read_only: false, rename_to: nil) ⇒ Boolean

  Strict agreement between legacy and kernel layers (PermissionConflictError on mismatch).

• #initialize(permissions:, policies:, ownership_index:, workspace_root:) ⇒ PermissionBridge constructor

  A new instance of PermissionBridge.

• #pipeline_allowed?(tool_name:, path:, mode:, read_only: false, rename_to: nil, logger: nil, root: nil) ⇒ Boolean

  Kernel wins on disagreement (see KernelBridge); logs policy divergence.

Constructor Details

#initialize(permissions:, policies:, ownership_index:, workspace_root:) ⇒ PermissionBridge

Returns a new instance of PermissionBridge.

# File 'lib/ollama_agent/runtime/permission_bridge.rb', line 10

def initialize(permissions:, policies:, ownership_index:, workspace_root:)
  @permissions = permissions
  @policies = policies
  @ownership_index = ownership_index
  @workspace_root = File.expand_path(workspace_root.to_s)
end

Instance Method Details

#allow_mutation?(tool_name:, path:, mode:, read_only: false, rename_to: nil) ⇒ Boolean

Strict agreement between legacy and kernel layers (PermissionConflictError on mismatch).

Returns:

• (Boolean)

Raises:

• (OllamaAgent::PermissionConflictError)

# File 'lib/ollama_agent/runtime/permission_bridge.rb', line 18

def allow_mutation?(tool_name:, path:, mode:, read_only: false, rename_to: nil)
  leg = legacy_mutation_allowed?(tool_name: tool_name, path: path, read_only: read_only, rename_to: rename_to,
                                 ctx_root: @workspace_root)
  ker = kernel_mutation_allowed?(path: path, mode: mode, rename_to: rename_to)
  raise OllamaAgent::PermissionConflictError.new(legacy_allowed: leg, kernel_allowed: ker) if leg != ker

  leg && ker
end

#pipeline_allowed?(tool_name:, path:, mode:, read_only: false, rename_to: nil, logger: nil, root: nil) ⇒ Boolean

Kernel wins on disagreement (see KernelBridge); logs policy divergence. rubocop:disable Metrics/ParameterLists – mirrors KernelBridge call sites

Returns:

• (Boolean)

# File 'lib/ollama_agent/runtime/permission_bridge.rb', line 29

def pipeline_allowed?(tool_name:, path:, mode:, read_only: false, rename_to: nil, logger: nil, root: nil)
  ctx_root = root || @workspace_root
  leg = legacy_mutation_allowed?(tool_name: tool_name, path: path, read_only: read_only, rename_to: rename_to,
                                 ctx_root: ctx_root)
  ker = kernel_mutation_allowed?(path: path, mode: mode, rename_to: rename_to)
  if leg != ker
    log_divergence(logger, leg, ker, path)
    return ker
  end

  leg && ker
end