dgf1988/codewhale
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
1,152 Commits 1 Branch 0 Tags
f8a3c6619ebc12d73e500ba12d675120fb2a0d7e
Commit Graph

8 Commits

Author SHA1 Message Date
Zhang Yonglun 0428f08625 fix(tests): cover approval decision branches 2026-05-10 08:15:19 -05:00
Hunter Bown 02fc16e10f style: clippy sweep across community PRs (-D warnings) 
13 clippy errors had accumulated from squash-merged community PRs:
collapsible-if (10), needless-late-init (1), derivable-impls (1),
sort-unstable hint (1). All auto-fixable mechanical lints — no
behaviour change. Required to satisfy CI's
`cargo clippy --workspace --all-targets --all-features --locked
-- -D warnings` gate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-05 02:15:16 -05:00
Hunter Bown ca9fccc0da fix: address review findings — broken test, expect() panic, misleading docstring 
#651: fix test assertion — section_bg now Color::Reset (was DEEPSEEK_INK)
#645: replace expect() with Result in OpenSandboxBackend::new()
#653: correct resolve_prefixes docstring to describe deny-always-wins
 2026-05-05 00:42:42 -05:00
Hunter Bown e25cb4e38b fix(build): add missing arity_dict field in ExecPolicyEngine::with_rulesets 2026-05-05 00:17:24 -05:00
Hunter Bown 8dca6deee2 feat(execpolicy): layered permission rulesets (#653) 2026-05-05 00:16:27 -05:00
wangfengcsu 9dea4ed256 feat(execpolicy): bash arity dictionary for command-prefix allow rules (closes #410) 
Add `crates/execpolicy/src/bash_arity.rs` with a hand-curated `BashArityDict`
struct (160+ entries, 30+ command families: git, npm, yarn, pnpm, cargo,
docker, kubectl, go, pip, gh, rustup, deno, bun, aws, terraform, helm, make).

Wire arity-aware prefix matching into:
- `crates/tui/src/command_safety.rs` — new public `prefix_allow_matches()`
  function so `auto_allow = ["git status"]` matches `git status -s` /
  `git status --porcelain` but NOT `git push`.
- `crates/tui/src/execpolicy/rules.rs` — `ExecPolicyConfig::evaluate()` now
  checks allow rules via `prefix_allow_matches` before falling back to the
  existing regex/wildcard `pattern_matches` path.
- `crates/execpolicy/src/lib.rs` — `ExecPolicyEngine` uses `BashArityDict`
  for trusted-prefix matching; backward-compatible with existing exact-match
  deny rules.

`cargo +nightly check` passes. 0 errors, 0 warnings.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-04 16:28:42 -07:00
wangfengcsu 210540dbb6 feat(execpolicy): layered permission rulesets — defaults+agent+user (closes #415) 
Add RulesetLayer enum (BuiltinDefault < Agent < User) and Ruleset struct
so the engine can stack multiple named permission layers. Higher-priority
layers shadow lower ones; within a layer, longest matching prefix wins.

- ExecPolicyEngine::with_rulesets() builds from explicit layers
- add_ruleset() inserts and re-sorts by priority
- resolve_prefixes() merges all layers + legacy flat lists
- Existing new(trusted, denied) constructor unchanged — backward compatible

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-04 16:25:44 -07:00
Hunter Bown 37186c3d95 Workspace migration: split into modular crates, parity CI, release updates 
- Convert root to Cargo workspace with crates/ layout
- Add deepseek-* crates mirroring Codex architecture
- Add parity CI workflow with snapshot/protocol/state tests
- Update release workflow to build both deepseek and deepseek-tui binaries
- Bump version to 0.3.28
 2026-03-02 17:52:46 -06:00