Class: OllamaAgent::Security::OwnershipIndex

Inherits:

Object

Object
OllamaAgent::Security::OwnershipIndex

show all

Defined in:: lib/ollama_agent/security/ownership_index.rb

Overview

Longest-prefix match index over workspace-relative ownership rules. Path checks delegate to ResourceGuard semantics (adapter: same allow? contract).

Instance Attribute Summary collapse

#source_sha256 ⇒ Object readonly

Returns the value of attribute source_sha256.

Class Method Summary collapse

.node(prefix:, owner:, mutable_in_modes:, criticality:, forbidden:) ⇒ Object

Builds a frozen node for the compiler.

Instance Method Summary collapse

#initialize(nodes, source_sha256:) ⇒ OwnershipIndex constructor

A new instance of OwnershipIndex.
#lookup(absolute_path:, workspace_root:) ⇒ OwnershipNode^?

Nil when path is unsafe or no rule matches.

Constructor Details

#initialize(nodes, source_sha256:) ⇒ `OwnershipIndex`

Returns a new instance of OwnershipIndex.

Parameters:

nodes (Array<OwnershipNode>)
source_sha256 (String)

# File 'lib/ollama_agent/security/ownership_index.rb', line 17

def initialize(nodes, source_sha256:)
  @source_sha256 = source_sha256
  @sorted_nodes = nodes.sort_by { |n| -n.prefix.length }
end

Instance Attribute Details

#source_sha256 ⇒ `Object` (readonly)

Returns the value of attribute source_sha256.



22
23
24

# File 'lib/ollama_agent/security/ownership_index.rb', line 22

def source_sha256
  @source_sha256
end

Class Method Details

.node(prefix:, owner:, mutable_in_modes:, criticality:, forbidden:) ⇒ `Object`

Builds a frozen node for the compiler.

# File 'lib/ollama_agent/security/ownership_index.rb', line 25

def self.node(prefix:, owner:, mutable_in_modes:, criticality:, forbidden:)
  OwnershipNode.new(
    prefix: prefix,
    owner: owner,
    mutable_in_modes: mutable_in_modes.freeze,
    criticality: criticality,
    forbidden: forbidden
  )
end

Instance Method Details

#lookup(absolute_path:, workspace_root:) ⇒ `OwnershipNode`^?

Returns nil when path is unsafe or no rule matches.

Returns:

(OwnershipNode, nil) —

nil when path is unsafe or no rule matches

# File 'lib/ollama_agent/security/ownership_index.rb', line 36

def lookup(absolute_path:, workspace_root:)
  return nil if raw_path_has_dot_dot?(absolute_path)

  guard = ResourceGuard.new(root: workspace_root)
  return nil unless guard.allow?(absolute_path.to_s)

  root = Pathname.new(workspace_root).realpath
  abs = absolute_pathname(absolute_path, root)
  rel = abs.relative_path_from(root).to_s
  @sorted_nodes.find { |n| rel == n.prefix || rel.start_with?("#{n.prefix}/") }
rescue ArgumentError, Errno::ENOENT, Errno::ELOOP, Errno::EACCES
  nil
end