( path: string, precomputedPathsToCheck?: readonly string[], )
| 618 | * @returns Object with safe=false and message if unsafe, or { safe: true } if all checks pass |
| 619 | */ |
| 620 | export function checkPathSafetyForAutoEdit( |
| 621 | path: string, |
| 622 | precomputedPathsToCheck?: readonly string[], |
| 623 | ): |
| 624 | | { safe: true } |
| 625 | | { safe: false; message: string; classifierApprovable: boolean } { |
| 626 | // Get all paths to check (original + symlink resolved paths) |
| 627 | const pathsToCheck = |
| 628 | precomputedPathsToCheck ?? getPathsForPermissionCheck(path) |
| 629 | |
| 630 | // Check for suspicious Windows path patterns on all paths |
| 631 | for (const pathToCheck of pathsToCheck) { |
| 632 | if (hasSuspiciousWindowsPathPattern(pathToCheck)) { |
| 633 | return { |
| 634 | safe: false, |
| 635 | message: `Claude requested permissions to write to ${path}, which contains a suspicious Windows path pattern that requires manual approval.`, |
| 636 | classifierApprovable: false, |
| 637 | } |
| 638 | } |
| 639 | } |
| 640 | |
| 641 | // Check for Claude config files on all paths |
| 642 | for (const pathToCheck of pathsToCheck) { |
| 643 | if (isClaudeConfigFilePath(pathToCheck)) { |
| 644 | return { |
| 645 | safe: false, |
| 646 | message: `Claude requested permissions to write to ${path}, but you haven't granted it yet.`, |
| 647 | classifierApprovable: true, |
| 648 | } |
| 649 | } |
| 650 | } |
| 651 | |
| 652 | // Check for dangerous files on all paths |
| 653 | for (const pathToCheck of pathsToCheck) { |
| 654 | if (isDangerousFilePathToAutoEdit(pathToCheck)) { |
| 655 | return { |
| 656 | safe: false, |
| 657 | message: `Claude requested permissions to edit ${path} which is a sensitive file.`, |
| 658 | classifierApprovable: true, |
| 659 | } |
| 660 | } |
| 661 | } |
| 662 | |
| 663 | // All safety checks passed |
| 664 | return { safe: true } |
| 665 | } |
| 666 | |
| 667 | export function allWorkingDirectories( |
| 668 | context: ToolPermissionContext, |
no test coverage detected