MCPcopy
hub / github.com/codeaashu/claude-code / checkPathSafetyForAutoEdit

Function checkPathSafetyForAutoEdit

src/utils/permissions/filesystem.ts:620–665  ·  view source on GitHub ↗
(
  path: string,
  precomputedPathsToCheck?: readonly string[],
)

Source from the content-addressed store, hash-verified

618 * @returns Object with safe=false and message if unsafe, or { safe: true } if all checks pass
619 */
620export function checkPathSafetyForAutoEdit(
621 path: string,
622 precomputedPathsToCheck?: readonly string[],
623):
624 | { safe: true }
625 | { safe: false; message: string; classifierApprovable: boolean } {
626 // Get all paths to check (original + symlink resolved paths)
627 const pathsToCheck =
628 precomputedPathsToCheck ?? getPathsForPermissionCheck(path)
629
630 // Check for suspicious Windows path patterns on all paths
631 for (const pathToCheck of pathsToCheck) {
632 if (hasSuspiciousWindowsPathPattern(pathToCheck)) {
633 return {
634 safe: false,
635 message: `Claude requested permissions to write to ${path}, which contains a suspicious Windows path pattern that requires manual approval.`,
636 classifierApprovable: false,
637 }
638 }
639 }
640
641 // Check for Claude config files on all paths
642 for (const pathToCheck of pathsToCheck) {
643 if (isClaudeConfigFilePath(pathToCheck)) {
644 return {
645 safe: false,
646 message: `Claude requested permissions to write to ${path}, but you haven't granted it yet.`,
647 classifierApprovable: true,
648 }
649 }
650 }
651
652 // Check for dangerous files on all paths
653 for (const pathToCheck of pathsToCheck) {
654 if (isDangerousFilePathToAutoEdit(pathToCheck)) {
655 return {
656 safe: false,
657 message: `Claude requested permissions to edit ${path} which is a sensitive file.`,
658 classifierApprovable: true,
659 }
660 }
661 }
662
663 // All safety checks passed
664 return { safe: true }
665}
666
667export function allWorkingDirectories(
668 context: ToolPermissionContext,

Callers 3

isPathAllowedFunction · 0.85
isPathAllowedFunction · 0.85

Tested by

no test coverage detected