claw-code

Files

Jobdori 66283f4dc9 feat(runtime+tools): PermissionEnforcer — permission mode enforcement layer

Add PermissionEnforcer in crates/runtime/src/permission_enforcer.rs
and wire enforce_permission_check() into crates/tools/src/lib.rs.

Runtime additions:
- PermissionEnforcer: wraps PermissionPolicy with enforcement API
- check(tool, input): validates tool against active mode via policy.authorize()
- check_file_write(path, workspace_root): workspace boundary enforcement
  - ReadOnly: deny all writes
  - WorkspaceWrite: allow within workspace, deny outside
  - DangerFullAccess/Allow: permit all
  - Prompt: deny (no prompter available)
- check_bash(command): read-only command heuristic (60+ safe commands)
  - Detects -i/--in-place/redirect operators as non-read-only
- is_within_workspace(): string-prefix boundary check
- is_read_only_command(): conservative allowlist of safe CLI commands

Tool wiring:
- enforce_permission_check() public API for gating execute_tool() calls
- Maps EnforcementResult::Denied to Err(reason) for tool dispatch

9 new tests covering all permission modes + workspace boundary + bash heuristic.

2026-04-03 17:55:04 +09:00

api

Preserve usage accounting on OpenAI SSE streams

2026-04-02 10:04:14 +00:00

commands

feat: add 40 slash commands — command surface 67/141

2026-04-03 08:09:14 +09:00

compat-harness

wip: plugins progress

2026-04-01 07:09:06 +00:00

mock-anthropic-service

Expand parity harness coverage before behavioral drift lands