MCPcopy Index your code
hub / github.com/codeaashu/claude-code / matchingRulesForInput

Function matchingRulesForInput

src/tools/BashTool/bashPermissions.ts:937–986  ·  view source on GitHub ↗
(
  input: z.infer<typeof BashTool.inputSchema>,
  toolPermissionContext: ToolPermissionContext,
  matchMode: 'exact' | 'prefix',
  { skipCompoundCheck = false }: { skipCompoundCheck?: boolean } = {},
)

Source from the content-addressed store, hash-verified

935}
936
937function matchingRulesForInput(
938 input: z.infer<typeof BashTool.inputSchema>,
939 toolPermissionContext: ToolPermissionContext,
940 matchMode: 'exact' | 'prefix',
941 { skipCompoundCheck = false }: { skipCompoundCheck?: boolean } = {},
942) {
943 const denyRuleByContents = getRuleByContentsForTool(
944 toolPermissionContext,
945 BashTool,
946 'deny',
947 )
948 // SECURITY: Deny/ask rules use aggressive env var stripping so that
949 // `FOO=bar denied_command` still matches a deny rule for `denied_command`.
950 const matchingDenyRules = filterRulesByContentsMatchingInput(
951 input,
952 denyRuleByContents,
953 matchMode,
954 { stripAllEnvVars: true, skipCompoundCheck: true },
955 )
956
957 const askRuleByContents = getRuleByContentsForTool(
958 toolPermissionContext,
959 BashTool,
960 'ask',
961 )
962 const matchingAskRules = filterRulesByContentsMatchingInput(
963 input,
964 askRuleByContents,
965 matchMode,
966 { stripAllEnvVars: true, skipCompoundCheck: true },
967 )
968
969 const allowRuleByContents = getRuleByContentsForTool(
970 toolPermissionContext,
971 BashTool,
972 'allow',
973 )
974 const matchingAllowRules = filterRulesByContentsMatchingInput(
975 input,
976 allowRuleByContents,
977 matchMode,
978 { skipCompoundCheck },
979 )
980
981 return {
982 matchingDenyRules,
983 matchingAskRules,
984 matchingAllowRules,
985 }
986}
987
988/**
989 * Checks if the subcommand is an exact match for a permission rule

Callers 5

bashToolCheckPermissionFunction · 0.70
checkSandboxAutoAllowFunction · 0.70
checkEarlyExitDenyFunction · 0.70
checkSemanticsDenyFunction · 0.70

Calls 2

getRuleByContentsForToolFunction · 0.85

Tested by

no test coverage detected