feat(execpolicy): wire permissions.toml ask-rules into runtime
Harvested from PR #2885 by @greyfreedom. Wires ask-rules into the app-server and core ExecPolicyEngine (previously inert). Removes the original PR's NeedsApproval arm that incorrectly allow-listed the working directory as a network host. Co-Authored-By: greyfreedom <11493871+greyfreedom@users.noreply.github.com>
This commit is contained in:
greyfreedom
+3
-3
@@ -167,9 +167,9 @@ sandbox_mode = "workspace-write" # read-only | workspace-write | danger-full-acc
|
||||
# prompt_suggestion = true # opt-in: show ghost-text follow-up question in composer after each turn
|
||||
|
||||
# Typed permission rules live in a sibling `permissions.toml` file, not in
|
||||
# config.toml. This schema slice is ask-only and is parsed for follow-up
|
||||
# approval-flow wiring; allow/deny records and UI persistence are intentionally
|
||||
# out of scope here.
|
||||
# config.toml. This shape is ask-only and feeds the execution policy engine;
|
||||
# allow/deny records, glob expansion, and UI persistence are intentionally out
|
||||
# of scope here.
|
||||
#
|
||||
# Example ~/.codewhale/permissions.toml:
|
||||
#
|
||||
|
||||
Reference in New Issue
Block a user