Owlibou/owlen
2
0
Fork 0
Code Issues 20 Pull Requests Actions Packages Projects Releases 5 Activity

feat(permissions): implement permission system with plan mode enforcement (M1 complete)

Browse Source 
This commit implements the complete M1 milestone (Config & Permissions) including:

- New permissions crate with Tool, Action, Mode, and PermissionManager
- Three permission modes: Plan (read-only default), AcceptEdits, Code
- Pattern matching for permission rules (exact match and prefix with *)
- Integration with config-agent for mode-based permission management
- CLI integration with --mode flag to override configured mode
- Permission checks for Read, Glob, and Grep operations
- Comprehensive test suite (10 tests in permissions, 4 in config, 4 in CLI)

Also fixes:
- Fixed failing test in tools-fs (glob pattern issue)
- Improved glob_list() root extraction to handle patterns like "/*.txt"

All 21 workspace tests passing.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
vikingowl
2025-11-01 19:14:54 +01:00
parent baf833427a
commit a6cf8585ef
12 changed files with 493 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crates/tools/fs/tests/fs_tools.rs
View File

@@ -11,7 +11,8 @@ fn read_and_glob_respect_gitignore() {
fs::write(root.join("secret/secret.txt"), "token=123").unwrap();
fs::write(root.join(".gitignore"), "secret/\n").unwrap();
let files = glob_list(root.to_str().unwrap()).unwrap();
let pattern = format!("{}/**/*", root.display());
let files = glob_list(&pattern).unwrap();
assert!(files.iter().any(|p| p.ends_with("a.txt")));
assert!(!files.iter().any(|p| p.contains("secret.txt")));
assert_eq!(read_file(root.join("a.txt").to_str().unwrap()).unwrap(), "hello");