-
Notifications
You must be signed in to change notification settings - Fork 118
Expand file tree
/
Copy pathstep7.js
More file actions
87 lines (73 loc) · 2.11 KB
/
Copy pathstep7.js
File metadata and controls
87 lines (73 loc) · 2.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
/**
* Step 7 - Permission model (allow / ask / deny)
*
* Goal:
* - classify tool calls before execution
* - auto-allow low-risk reads
* - ask for writes
* - deny obviously dangerous operations
*/
const READ_ONLY_SHELL_PREFIXES = [
"pwd",
"ls",
"cat",
"find",
"rg",
"grep",
"git status",
"git diff",
"git log",
];
const DANGEROUS_BASH_PREFIXES = [
"rm ",
"sudo ",
"git push",
"git reset --hard",
"shutdown",
"reboot",
];
export function isReadOnlyCommand(command = "") {
const normalized = command.trim().replace(/\s+/g, " ");
return READ_ONLY_SHELL_PREFIXES.some(
(prefix) => normalized === prefix || normalized.startsWith(`${prefix} `),
);
}
export function isDangerousCommand(command = "") {
const normalized = command.trim().replace(/\s+/g, " ").toLowerCase();
return DANGEROUS_BASH_PREFIXES.some((prefix) => normalized.startsWith(prefix));
}
export function summarizePermissionRequest(toolName, input) {
if (toolName === "Bash") {
return `command=${input.command || "<empty>"}`;
}
return Object.entries(input)
.slice(0, 3)
.map(([key, value]) => `${key}=${String(value)}`)
.join(", ");
}
export async function checkPermission({ tool, input, mode = "default" }) {
const request = {
toolName: tool.name,
input,
summary: summarizePermissionRequest(tool.name, input),
};
if (mode === "auto") {
return { behavior: "allow", reason: "auto mode", request };
}
if (mode === "plan" && !tool.isReadOnly()) {
return { behavior: "deny", reason: "plan mode blocks write actions", request };
}
if (tool.name === "Bash") {
if (isDangerousCommand(input.command)) {
return { behavior: "deny", reason: "dangerous shell command", request };
}
if (isReadOnlyCommand(input.command)) {
return { behavior: "allow", reason: "read-only shell command", request };
}
return { behavior: "ask", reason: "shell command may change local state", request };
}
if (tool.isReadOnly()) {
return { behavior: "allow", reason: "read-only tool", request };
}
return { behavior: "ask", reason: "tool writes local state", request };
}