RomanNum3ral
/
claw-code
mirror of https://github.com/instructkr/claw-code.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
claw-code/rust/crates/runtime/src
History
Jobdori 66283f4dc9 feat(runtime+tools): PermissionEnforcer — permission mode enforcement layer 
Add PermissionEnforcer in crates/runtime/src/permission_enforcer.rs
and wire enforce_permission_check() into crates/tools/src/lib.rs.

Runtime additions:
- PermissionEnforcer: wraps PermissionPolicy with enforcement API
- check(tool, input): validates tool against active mode via policy.authorize()
- check_file_write(path, workspace_root): workspace boundary enforcement
  - ReadOnly: deny all writes
  - WorkspaceWrite: allow within workspace, deny outside
  - DangerFullAccess/Allow: permit all
  - Prompt: deny (no prompter available)
- check_bash(command): read-only command heuristic (60+ safe commands)
  - Detects -i/--in-place/redirect operators as non-read-only
- is_within_workspace(): string-prefix boundary check
- is_read_only_command(): conservative allowlist of safe CLI commands

Tool wiring:
- enforce_permission_check() public API for gating execute_tool() calls
- Maps EnforcementResult::Denied to Err(reason) for tool dispatch

9 new tests covering all permission modes + workspace boundary + bash heuristic.
 		2026-04-03 17:55:04 +09:00
..
bash.rs fix: auto compaction threshold default 200k tokens 2026-04-01 03:55:00 +00:00
bootstrap.rs feat(runtime): add tests and improve error handling across runtime crate 2026-04-02 18:10:12 +09:00
compact.rs fix: align session tests with jsonl persistence 2026-04-02 11:31:53 +09:00
config.rs Merge branch 'dori/mcp-parity' 2026-04-02 18:35:38 +09:00
conversation.rs Merge branch 'dori/hooks-parity' into main 2026-04-02 18:36:37 +09:00
file_ops.rs feat(file_ops): add edge-case guards — binary detection, size limits, workspace boundary, symlink escape 2026-04-03 17:09:54 +09:00
hooks.rs feat(hooks): add PostToolUseFailure propagation, validation, and tests 2026-04-02 18:24:12 +09:00
json.rs fix: auto compaction threshold default 200k tokens 2026-04-01 03:55:00 +00:00
lib.rs feat(runtime+tools): PermissionEnforcer — permission mode enforcement layer 2026-04-03 17:55:04 +09:00
lsp_client.rs feat(runtime+tools): LspRegistry — LSP client dispatch for tool surface 2026-04-03 17:46:13 +09:00
mcp.rs feat(mcp): add toolCallTimeoutMs, timeout/reconnect/error handling 2026-04-02 18:24:30 +09:00
mcp_client.rs feat(mcp): add toolCallTimeoutMs, timeout/reconnect/error handling 2026-04-02 18:24:30 +09:00
mcp_stdio.rs fix: post-merge clippy/fmt cleanup (9407-9410 integration) 2026-04-03 05:12:51 +09:00
mcp_tool_bridge.rs feat(runtime+tools): McpToolRegistry — MCP lifecycle bridge for tool surface 2026-04-03 17:39:35 +09:00
oauth.rs fix: post-plugins-merge cleanroom fixes and workspace deps 2026-04-01 18:48:39 +09:00
permission_enforcer.rs feat(runtime+tools): PermissionEnforcer — permission mode enforcement layer 2026-04-03 17:55:04 +09:00
permissions.rs wip: hook-pipeline progress 2026-04-01 04:30:25 +00:00
prompt.rs fix: stabilize merge fallout test fixtures 2026-04-02 11:31:53 +09:00
remote.rs fix: auto compaction threshold default 200k tokens 2026-04-01 03:55:00 +00:00
sandbox.rs fix(sandbox): probe unshare capability instead of binary existence 2026-04-03 16:24:02 +09:00
session.rs feat(runtime): add tests and improve error handling across runtime crate 2026-04-02 18:10:12 +09:00
sse.rs feat(runtime): add tests and improve error handling across runtime crate 2026-04-02 18:10:12 +09:00
task_registry.rs feat(runtime): add TaskRegistry — in-memory task lifecycle management 2026-04-03 17:18:22 +09:00
team_cron_registry.rs feat(runtime+tools): TeamRegistry and CronRegistry — replace team/cron stubs 2026-04-03 17:32:57 +09:00
usage.rs wip: jsonl-session progress 2026-04-01 04:30:27 +00:00