Permission policy for explore agent (read-only)
()
| 1016 | |
| 1017 | /// Permission policy for explore agent (read-only) |
| 1018 | fn explore_permissions() -> PermissionPolicy { |
| 1019 | let mut policy = PermissionPolicy::new() |
| 1020 | .allow_all(&["read", "grep", "glob", "ls"]) |
| 1021 | .deny_all(&["write", "edit", "task", "parallel_task"]) |
| 1022 | .allow("Bash(ls:*)") |
| 1023 | .allow("Bash(cat:*)") |
| 1024 | .allow("Bash(head:*)") |
| 1025 | .allow("Bash(tail:*)") |
| 1026 | .allow("Bash(find:*)") |
| 1027 | .allow("Bash(wc:*)") |
| 1028 | .deny("Bash(rm:*)") |
| 1029 | .deny("Bash(mv:*)") |
| 1030 | .deny("Bash(cp:*)"); |
| 1031 | policy.default_decision = PermissionDecision::Deny; |
| 1032 | policy |
| 1033 | } |
| 1034 | |
| 1035 | /// Permission policy for general agent (full access except task) |
| 1036 | fn general_permissions() -> PermissionPolicy { |
no test coverage detected