This crate implements the security policies that govern what tools the agent can execute. It ensures that dangerous operations (like bash or write) are only performed with explicit user consent or according to predefined rules.

Features

Operation Modes:
- Plan: Read-only mode for planning.
- AcceptEdits: Automatically allow file modifications but prompt for system changes.
- Code: Full access mode.
Rule-Based Access: Define granular permissions for specific tools or path patterns.
Decision Logic: Centralized logic for Allow, Ask, and Deny decisions.

Components

PermissionManager: The core policy engine.
Tool: Enum representing all available system operations.
PermissionRule: A specific grant or restriction for a tool/context.