Documentation
¶
Index ¶
- func GetSuggestedPattern(toolName, args string) string
- func NormalizeCoderArgs(args string) (subcommand string, normalized string)
- type Action
- type PolicyManager
- func (pm *PolicyManager) ActivePolicyPath() string
- func (pm *PolicyManager) AddRule(pattern string, action Action) error
- func (pm *PolicyManager) Check(toolName, args string) Action
- func (pm *PolicyManager) LastMatchedRule() (Rule, bool)
- func (pm *PolicyManager) LocalMergeEnabled() bool
- func (pm *PolicyManager) LocalPolicyPath() string
- func (pm *PolicyManager) RulesCount() int
- type Rule
- type SecurityContext
- type SecurityDecision
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetSuggestedPattern ¶
GetSuggestedPattern returns a suggested policy pattern for the given tool invocation. For exec commands, it returns empty string to prevent "Allow Always" from being offered -- exec should always require per-command approval since any shell command could be destructive.
func NormalizeCoderArgs ¶ added in v1.53.1
NormalizeCoderArgs parses raw tool call args (JSON or CLI format) and returns:
- subcommand: the extracted subcommand name (e.g., "read", "exec")
- normalized: the full normalized CLI-style string with sorted flags (e.g., "read --file main.go") suitable for deterministic prefix matching.
When the subcommand cannot be determined, both return values are empty. This is a safe default because Check() will fall through to ActionAsk.
Types ¶
type PolicyManager ¶
type PolicyManager struct {
Rules []Rule `json:"rules"`
// contains filtered or unexported fields
}
func NewPolicyManager ¶
func NewPolicyManager(logger *zap.Logger) (*PolicyManager, error)
func (*PolicyManager) ActivePolicyPath ¶ added in v1.52.0
func (pm *PolicyManager) ActivePolicyPath() string
func (*PolicyManager) AddRule ¶
func (pm *PolicyManager) AddRule(pattern string, action Action) error
func (*PolicyManager) Check ¶
func (pm *PolicyManager) Check(toolName, args string) Action
func (*PolicyManager) LastMatchedRule ¶ added in v1.52.0
func (pm *PolicyManager) LastMatchedRule() (Rule, bool)
func (*PolicyManager) LocalMergeEnabled ¶ added in v1.52.0
func (pm *PolicyManager) LocalMergeEnabled() bool
func (*PolicyManager) LocalPolicyPath ¶ added in v1.52.0
func (pm *PolicyManager) LocalPolicyPath() string
func (*PolicyManager) RulesCount ¶ added in v1.52.0
func (pm *PolicyManager) RulesCount() int
type SecurityContext ¶ added in v1.64.0
type SecurityContext struct {
AgentName string // e.g., "shell", "coder", "tester"
TaskDesc string // natural language task description
}
SecurityContext provides optional metadata for richer security prompts. When provided, the prompt shows which agent is requesting the action and why.
type SecurityDecision ¶
type SecurityDecision int
const ( DecisionRunOnce SecurityDecision = iota DecisionAllowAlways DecisionDenyOnce DecisionDenyForever DecisionCancelled // user pressed Ctrl+C; action can be retried later )
func PromptSecurityCheck ¶
func PromptSecurityCheck(ctx context.Context, toolName, args string, inputCh <-chan string) SecurityDecision
PromptSecurityCheck prompts the user for a security decision (no agent context).
func PromptSecurityCheckWithContext ¶ added in v1.64.0
func PromptSecurityCheckWithContext(ctx context.Context, toolName, args string, secCtx *SecurityContext, inputCh <-chan string) SecurityDecision
PromptSecurityCheckWithContext prompts the user with full context about what is being attempted, which agent is requesting it, and the parsed command details. When inputCh is provided, input is read from the channel instead of spawning a goroutine with bufio.Scanner on stdin. This avoids orphaned goroutines that steal stdin from go-prompt after agent mode exits (e.g., on Ctrl+C).
Source Files