Module: Rubino::Trust
- Defined in:
- lib/rubino/trust.rb
Overview
Proportionate folder-trust, modelled on VS Code Workspace Trust and Claude Code’s directory-trust dialog — but DELIBERATELY lighter, because rubino auto-RUNS no code from a project directory (config is HOME-only, there are no folder-open hooks, custom slash commands are user-triggered, and the arbitrary-Ruby tool loader can no longer load from cwd — see #44).
What the gate protects: the ONE thing rubino auto-loads from a directory is *text into the system prompt* — its AGENTS.md / CLAUDE.md / .rubino.md / .cursorrules project-context files and its .rubino/skills catalogue. A hostile repo can use those to STEER the agent (prompt injection) the moment you start there. So, like VS Code’s Restricted Mode, an untrusted directory still works — it just runs WITHOUT that directory’s project context and skills until you vouch for it.
What it does NOT do: there is no feature-disabling Restricted Mode (no auto-executed code to disable) and no per-tool gating — that would be ceremony without payoff given rubino’s actual exposure.
The decision is remembered in trusted_dirs.json under RUBINO_HOME so a trusted directory is never re-prompted (mirrors trustedDirectories).
Constant Summary collapse
- FILENAME =
"trusted_dirs.json"
Class Method Summary collapse
-
.remember(dir) ⇒ Object
Remembers
diras trusted (idempotent). - .store_path ⇒ Object
-
.trusted?(dir) ⇒ Boolean
True when
dirhas been remembered as trusted. -
.trusted_dirs ⇒ Object
The remembered list, canonicalised (for display / tests).
Class Method Details
.remember(dir) ⇒ Object
Remembers dir as trusted (idempotent). Stores the canonical path so later lookups match regardless of how the dir is later referenced.
42 43 44 45 46 47 48 49 50 |
# File 'lib/rubino/trust.rb', line 42 def remember(dir) real = canonical(dir) return unless real dirs = load_dirs return if dirs.any? { |d| canonical(d) == real } save_dirs(dirs + [real]) end |
.store_path ⇒ Object
57 58 59 |
# File 'lib/rubino/trust.rb', line 57 def store_path File.join(Rubino.home_path, FILENAME) end |
.trusted?(dir) ⇒ Boolean
True when dir has been remembered as trusted. Compares on canonical (realpath) form so a symlinked/relative path matches its stored entry.
33 34 35 36 37 38 |
# File 'lib/rubino/trust.rb', line 33 def trusted?(dir) real = canonical(dir) return false unless real load_dirs.any? { |d| canonical(d) == real } end |
.trusted_dirs ⇒ Object
The remembered list, canonicalised (for display / tests).
53 54 55 |
# File 'lib/rubino/trust.rb', line 53 def trusted_dirs load_dirs end |