* checkSemantics-path deny enforcement. Calls checkEarlyExitDeny (exact-match * + full-command prefix deny), then checks each individual SimpleCommand .text * span against prefix deny rules. The per-subcommand check is needed because * filterRulesByContentsMatchingInput has a compound-command gua
(
input: z.infer<typeof BashTool.inputSchema>,
toolPermissionContext: ToolPermissionContext,
commands: readonly { text: string }[],
)
| 1429 | * feature('BASH_CLASSIFIER') evaluation and drops pendingClassifierCheck. |
| 1430 | */ |
| 1431 | function checkSemanticsDeny( |
| 1432 | input: z.infer<typeof BashTool.inputSchema>, |
| 1433 | toolPermissionContext: ToolPermissionContext, |
| 1434 | commands: readonly { text: string }[], |
| 1435 | ): PermissionResult | null { |
| 1436 | const fullCmd = checkEarlyExitDeny(input, toolPermissionContext) |
| 1437 | if (fullCmd !== null) return fullCmd |
| 1438 | for (const cmd of commands) { |
| 1439 | const subDeny = matchingRulesForInput( |
| 1440 | { ...input, command: cmd.text }, |
| 1441 | toolPermissionContext, |
| 1442 | 'prefix', |
| 1443 | ).matchingDenyRules[0] |
| 1444 | if (subDeny !== undefined) { |
| 1445 | return { |
| 1446 | behavior: 'deny', |
| 1447 | message: `Permission to use ${BashTool.name} with command ${input.command} has been denied.`, |
| 1448 | decisionReason: { type: 'rule', rule: subDeny }, |
| 1449 | } |
| 1450 | } |
| 1451 | } |
| 1452 | return null |
| 1453 | } |
| 1454 | |
| 1455 | /** |
| 1456 | * Builds the pending classifier check metadata if classifier is enabled and has allow descriptions. |
no test coverage detected