MCPcopy Index your code
hub / github.com/codeaashu/claude-code / hasPermissionsToUseTool

Function hasPermissionsToUseTool

src/utils/permissions/permissions.ts:473–956  ·  view source on GitHub ↗
(
  tool,
  input,
  context,
  assistantMessage,
  toolUseID,
)

Source from the content-addressed store, hash-verified

471}
472
473export const hasPermissionsToUseTool: CanUseToolFn = async (
474 tool,
475 input,
476 context,
477 assistantMessage,
478 toolUseID,
479): Promise<PermissionDecision> => {
480 const result = await hasPermissionsToUseToolInner(tool, input, context)
481
482
483 // Reset consecutive denials on any allowed tool use in auto mode.
484 // This ensures that a successful tool use (even one auto-allowed by rules)
485 // breaks the consecutive denial streak.
486 if (result.behavior === 'allow') {
487 const appState = context.getAppState()
488 if (feature('TRANSCRIPT_CLASSIFIER')) {
489 const currentDenialState =
490 context.localDenialTracking ?? appState.denialTracking
491 if (
492 appState.toolPermissionContext.mode === 'auto' &&
493 currentDenialState &&
494 currentDenialState.consecutiveDenials > 0
495 ) {
496 const newDenialState = recordSuccess(currentDenialState)
497 persistDenialState(context, newDenialState)
498 }
499 }
500 return result
501 }
502
503 // Apply dontAsk mode transformation: convert 'ask' to 'deny'
504 // This is done at the end so it can't be bypassed by early returns
505 if (result.behavior === 'ask') {
506 const appState = context.getAppState()
507
508 if (appState.toolPermissionContext.mode === 'dontAsk') {
509 return {
510 behavior: 'deny',
511 decisionReason: {
512 type: 'mode',
513 mode: 'dontAsk',
514 },
515 message: DONT_ASK_REJECT_MESSAGE(tool.name),
516 }
517 }
518 // Apply auto mode: use AI classifier instead of prompting user
519 // Check this BEFORE shouldAvoidPermissionPrompts so classifiers work in headless mode
520 if (
521 feature('TRANSCRIPT_CLASSIFIER') &&
522 (appState.toolPermissionContext.mode === 'auto' ||
523 (appState.toolPermissionContext.mode === 'plan' &&
524 (autoModeStateModule?.isAutoModeActive() ?? false)))
525 ) {
526 // Non-classifier-approvable safetyCheck decisions stay immune to ALL
527 // auto-approve paths: the acceptEdits fast-path, the safe-tool allowlist,
528 // and the classifier. Step 1g only guards bypassPermissions; this guards
529 // auto. classifierApprovable safetyChecks (sensitive-file paths) fall
530 // through to the classifier — the fast-paths below naturally don't fire

Callers 8

recheckPermissionFunction · 0.85
canUseToolFunction · 0.85
getCanUseToolFnFunction · 0.85
createCanUseToolMethod · 0.85
useCanUseToolFunction · 0.85
recheckPermissionFunction · 0.85

Calls 15

featureFunction · 0.85
recordSuccessFunction · 0.85
persistDenialStateFunction · 0.85
DONT_ASK_REJECT_MESSAGEFunction · 0.85
logForDebuggingFunction · 0.85
logEventFunction · 0.85
isInProtectedNamespaceFunction · 0.85
setClassifierCheckingFunction · 0.85

Tested by

no test coverage detected