Expand description
Tool policy helpers.
This module centralizes tool write-classification and permission-level decisions.
The pipeline, CLI, and GUI should rely on these helpers rather than duplicating their own logic for determining whether a tool call is:
- blocked (e.g. Sandbox write),
- requires confirmation (e.g. Restricted write), or
- allowed.
Structs§
- Tool
Confirmation Info - A user-facing description of a tool confirmation prompt.
- Tool
Policy Evaluation - Evaluation of a tool call.
Enums§
- Tool
Call Decision - Decision for a tool call at a given permission level.
Functions§
- evaluate_
tool_ call - Evaluate a tool call against a [
PermissionLevel]. - is_
action_ allowed - Return whether an action should be allowed for a session at the given permission level.
- is_
shell_ command_ write_ operation - Conservatively determine whether a shell tool call is likely to perform a write.
- is_
write_ operation - Determine if a tool operation is a write operation based on tool name and arguments.
- requires_
confirmation - Return whether an action should require confirmation for a session at the given permission level.