MCPcopy Index your code
hub / github.com/codeaashu/claude-code / checkEarlyExitDeny

Function checkEarlyExitDeny

src/tools/BashTool/bashPermissions.ts:1391–1415  ·  view source on GitHub ↗

* Early-exit deny enforcement for the AST too-complex and checkSemantics * paths. Returns the exact-match result if non-passthrough (deny/ask/allow), * then checks prefix/wildcard deny rules. Returns null if neither matched, * meaning the caller should fall through to ask. Extracted to keep * ba

(
  input: z.infer<typeof BashTool.inputSchema>,
  toolPermissionContext: ToolPermissionContext,
)

Source from the content-addressed store, hash-verified

1389 * bashToolHasPermission under Bun's feature() DCE complexity threshold.
1390 */
1391function checkEarlyExitDeny(
1392 input: z.infer<typeof BashTool.inputSchema>,
1393 toolPermissionContext: ToolPermissionContext,
1394): PermissionResult | null {
1395 const exactMatchResult = bashToolCheckExactMatchPermission(
1396 input,
1397 toolPermissionContext,
1398 )
1399 if (exactMatchResult.behavior !== 'passthrough') {
1400 return exactMatchResult
1401 }
1402 const denyMatch = matchingRulesForInput(
1403 input,
1404 toolPermissionContext,
1405 'prefix',
1406 ).matchingDenyRules[0]
1407 if (denyMatch !== undefined) {
1408 return {
1409 behavior: 'deny',
1410 message: `Permission to use ${BashTool.name} with command ${input.command} has been denied.`,
1411 decisionReason: { type: 'rule', rule: denyMatch },
1412 }
1413 }
1414 return null
1415}
1416
1417/**
1418 * checkSemantics-path deny enforcement. Calls checkEarlyExitDeny (exact-match

Callers 2

checkSemanticsDenyFunction · 0.85
bashToolHasPermissionFunction · 0.85

Calls 2

matchingRulesForInputFunction · 0.70

Tested by

no test coverage detected