Module: RubynCode::Permissions::Policy

Defined in:: lib/rubyn_code/permissions/policy.rb

Constant Summary collapse

ALWAYS_ALLOW = Determine whether a tool invocation should be allowed, denied, or requires user confirmation. Tool calls that are always auto-approved regardless of permission tier Returns: (Symbol) — :allow, :deny, or :ask

%w[
  read_file glob grep git_status git_diff git_log
  memory_search memory_write load_skill compact
  task web_search web_fetch ask_user
].to_set.freeze

Class Method Summary collapse

.check(tool_name:, tier:, deny_list:, tool_input: nil) ⇒ Object

rubocop:disable Lint/UnusedMethodArgument.

Class Method Details

.check(tool_name:, tier:, deny_list:, tool_input: nil) ⇒ `Object`

rubocop:disable Lint/UnusedMethodArgument

# File 'lib/rubyn_code/permissions/policy.rb', line 21

def self.check(tool_name:, tier:, deny_list:, tool_input: nil) # rubocop:disable Lint/UnusedMethodArgument
  return :deny if deny_list.blocks?(tool_name)
  return :allow if ALWAYS_ALLOW.include?(tool_name)

  risk = resolve_risk(tool_name)

  return :ask if risk == :destructive

  resolve_by_tier(tier, risk)
end

Module: RubynCode::Permissions::Policy

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.check(tool_name:, tier:, deny_list:, tool_input: nil) ⇒ Object

.check(tool_name:, tier:, deny_list:, tool_input: nil) ⇒ `Object`