mirror of
https://github.com/instructkr/claw-code.git
synced 2026-04-06 16:14:49 +08:00
66283f4dc9
Add PermissionEnforcer in crates/runtime/src/permission_enforcer.rs and wire enforce_permission_check() into crates/tools/src/lib.rs. Runtime additions: - PermissionEnforcer: wraps PermissionPolicy with enforcement API - check(tool, input): validates tool against active mode via policy.authorize() - check_file_write(path, workspace_root): workspace boundary enforcement - ReadOnly: deny all writes - WorkspaceWrite: allow within workspace, deny outside - DangerFullAccess/Allow: permit all - Prompt: deny (no prompter available) - check_bash(command): read-only command heuristic (60+ safe commands) - Detects -i/--in-place/redirect operators as non-read-only - is_within_workspace(): string-prefix boundary check - is_read_only_command(): conservative allowlist of safe CLI commands Tool wiring: - enforce_permission_check() public API for gating execute_tool() calls - Maps EnforcementResult::Denied to Err(reason) for tool dispatch 9 new tests covering all permission modes + workspace boundary + bash heuristic.