gnoma/internal/engine/engine.go at 97b065596d4abcc56ab59439d8c6da2a2158bfdb

Files

vikingowl 97b065596d feat: wire permission checker into engine tool execution

Tools now go through permission.Checker before executing:
- plan mode: denies all writes (fs.write, bash), allows reads
- bypass mode: allows all (deny rules still enforced)
- default mode: prompts user (pipe: stdin prompt, TUI: auto-approve for now)
- accept_edits: auto-allows file ops, prompts for bash
- deny mode: denies all without allow rules

CLI flags: --permission <mode>, --incognito
Pipe mode: console Y/N prompt on stderr
TUI mode: auto-approve (proper overlay TODO)

Verified: plan mode correctly blocks fs.write, model sees error.

2026-04-03 16:15:41 +02:00

3.3 KiB

Raw Blame History

View Raw

3.3 KiB Raw Blame History

3.3 KiB

Raw Blame History