(
tool: Tool,
input: { [key: string]: unknown },
context: ToolUseContext,
)
| 1156 | } |
| 1157 | |
| 1158 | async function hasPermissionsToUseToolInner( |
| 1159 | tool: Tool, |
| 1160 | input: { [key: string]: unknown }, |
| 1161 | context: ToolUseContext, |
| 1162 | ): Promise<PermissionDecision> { |
| 1163 | if (context.abortController.signal.aborted) { |
| 1164 | throw new AbortError() |
| 1165 | } |
| 1166 | |
| 1167 | let appState = context.getAppState() |
| 1168 | |
| 1169 | // 1. Check if the tool is denied |
| 1170 | // 1a. Entire tool is denied |
| 1171 | const denyRule = getDenyRuleForTool(appState.toolPermissionContext, tool) |
| 1172 | if (denyRule) { |
| 1173 | return { |
| 1174 | behavior: 'deny', |
| 1175 | decisionReason: { |
| 1176 | type: 'rule', |
| 1177 | rule: denyRule, |
| 1178 | }, |
| 1179 | message: `Permission to use ${tool.name} has been denied.`, |
| 1180 | } |
| 1181 | } |
| 1182 | |
| 1183 | // 1b. Check if the entire tool should always ask for permission |
| 1184 | const askRule = getAskRuleForTool(appState.toolPermissionContext, tool) |
| 1185 | if (askRule) { |
| 1186 | // When autoAllowBashIfSandboxed is on, sandboxed commands skip the ask rule and |
| 1187 | // auto-allow via Bash's checkPermissions. Commands that won't be sandboxed (excluded |
| 1188 | // commands, dangerouslyDisableSandbox) still need to respect the ask rule. |
| 1189 | const canSandboxAutoAllow = |
| 1190 | tool.name === BASH_TOOL_NAME && |
| 1191 | SandboxManager.isSandboxingEnabled() && |
| 1192 | SandboxManager.isAutoAllowBashIfSandboxedEnabled() && |
| 1193 | shouldUseSandbox(input) |
| 1194 | |
| 1195 | if (!canSandboxAutoAllow) { |
| 1196 | return { |
| 1197 | behavior: 'ask', |
| 1198 | decisionReason: { |
| 1199 | type: 'rule', |
| 1200 | rule: askRule, |
| 1201 | }, |
| 1202 | message: createPermissionRequestMessage(tool.name), |
| 1203 | } |
| 1204 | } |
| 1205 | // Fall through to let Bash's checkPermissions handle command-specific rules |
| 1206 | } |
| 1207 | |
| 1208 | // 1c. Ask the tool implementation for a permission result |
| 1209 | // Overridden unless tool input schema is not valid |
| 1210 | let toolPermissionResult: PermissionResult = { |
| 1211 | behavior: 'passthrough', |
| 1212 | message: createPermissionRequestMessage(tool.name), |
| 1213 | } |
| 1214 | try { |
| 1215 | const parsedInput = tool.inputSchema.parse(input) |
no test coverage detected