Permission policy for plan agent (read-only)
()
| 1056 | |
| 1057 | /// Permission policy for plan agent (read-only) |
| 1058 | fn plan_permissions() -> PermissionPolicy { |
| 1059 | let mut policy = PermissionPolicy::new() |
| 1060 | .allow_all(&["read", "grep", "glob", "ls"]) |
| 1061 | .deny_all(&["write", "edit", "bash", "task", "parallel_task"]); |
| 1062 | policy.default_decision = PermissionDecision::Deny; |
| 1063 | policy |
| 1064 | } |
| 1065 | |
| 1066 | /// Permission policy for verification agent (read-heavy with runtime checks) |
| 1067 | fn verification_permissions() -> PermissionPolicy { |
no test coverage detected