Skip to content

Commit 2c271a9

Browse files
bennetbobennetbo
authored
Respect permissions specified in setting files (agentclientprotocol#197)
1 parent d1315b4 commit 2c271a9

10 files changed

Lines changed: 1333 additions & 136 deletions

File tree

package-lock.json

Lines changed: 45 additions & 17 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,8 @@
5454
"@agentclientprotocol/sdk": "0.9.0",
5555
"@anthropic-ai/claude-agent-sdk": "0.1.65",
5656
"@modelcontextprotocol/sdk": "1.24.3",
57-
"diff": "8.0.2"
57+
"diff": "8.0.2",
58+
"minimatch": "^10.1.1"
5859
},
5960
"devDependencies": {
6061
"@anthropic-ai/sdk": "0.71.2",

src/acp-agent.ts

Lines changed: 25 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ import {
2626
WriteTextFileRequest,
2727
WriteTextFileResponse,
2828
} from "@agentclientprotocol/sdk";
29+
import { SettingsManager } from "./settings.js";
2930
import {
3031
CanUseTool,
3132
McpServerConfig,
@@ -40,14 +41,16 @@ import * as fs from "node:fs";
4041
import * as path from "node:path";
4142
import * as os from "node:os";
4243
import { nodeToWebReadable, nodeToWebWritable, Pushable, unreachable } from "./utils.js";
43-
import { createMcpServer, EDIT_TOOL_NAMES, toolNames } from "./mcp-server.js";
44+
import { createMcpServer } from "./mcp-server.js";
45+
import { EDIT_TOOL_NAMES, acpToolNames } from "./tools.js";
4446
import {
4547
toolInfoFromToolUse,
4648
planEntries,
4749
toolUpdateFromToolResult,
4850
ClaudePlanEntry,
4951
registerHookCallback,
5052
createPostToolUseHook,
53+
createPreToolUseHook,
5154
} from "./tools.js";
5255
import { ContentBlockParam } from "@anthropic-ai/sdk/resources";
5356
import { BetaContentBlock, BetaRawContentBlockDelta } from "@anthropic-ai/sdk/resources/beta.mjs";
@@ -69,6 +72,7 @@ type Session = {
6972
input: Pushable<SDKUserMessage>;
7073
cancelled: boolean;
7174
permissionMode: PermissionMode;
75+
settingsManager: SettingsManager;
7276
};
7377

7478
type BackgroundTerminal =
@@ -205,6 +209,11 @@ export class ClaudeAcpAgent implements Agent {
205209
const sessionId = userProvidedOptions?.resume || randomUUID();
206210
const input = new Pushable<SDKUserMessage>();
207211

212+
const settingsManager = new SettingsManager(params.cwd, {
213+
logger: this.logger,
214+
});
215+
await settingsManager.initialize();
216+
208217
const mcpServers: Record<string, McpServerConfig> = {};
209218
if (Array.isArray(params.mcpServers)) {
210219
for (const server of params.mcpServers) {
@@ -284,6 +293,12 @@ export class ClaudeAcpAgent implements Agent {
284293
}),
285294
hooks: {
286295
...userProvidedOptions?.hooks,
296+
PreToolUse: [
297+
...(userProvidedOptions?.hooks?.PreToolUse || []),
298+
{
299+
hooks: [createPreToolUseHook(settingsManager, this.logger)],
300+
},
301+
],
287302
PostToolUse: [
288303
...(userProvidedOptions?.hooks?.PostToolUse || []),
289304
{
@@ -301,25 +316,25 @@ export class ClaudeAcpAgent implements Agent {
301316

302317
if (!disableBuiltInTools) {
303318
if (this.clientCapabilities?.fs?.readTextFile) {
304-
allowedTools.push(toolNames.read);
319+
allowedTools.push(acpToolNames.read);
305320
disallowedTools.push("Read");
306321
}
307322
if (this.clientCapabilities?.fs?.writeTextFile) {
308323
disallowedTools.push("Write", "Edit");
309324
}
310325
if (this.clientCapabilities?.terminal) {
311-
allowedTools.push(toolNames.bashOutput, toolNames.killShell);
326+
allowedTools.push(acpToolNames.bashOutput, acpToolNames.killShell);
312327
disallowedTools.push("Bash", "BashOutput", "KillShell");
313328
}
314329
} else {
315330
// When built-in tools are disabled, explicitly disallow all of them
316331
disallowedTools.push(
317-
toolNames.read,
318-
toolNames.write,
319-
toolNames.edit,
320-
toolNames.bash,
321-
toolNames.bashOutput,
322-
toolNames.killShell,
332+
acpToolNames.read,
333+
acpToolNames.write,
334+
acpToolNames.edit,
335+
acpToolNames.bash,
336+
acpToolNames.bashOutput,
337+
acpToolNames.killShell,
323338
"Read",
324339
"Write",
325340
"Edit",
@@ -363,6 +378,7 @@ export class ClaudeAcpAgent implements Agent {
363378
input: input,
364379
cancelled: false,
365380
permissionMode,
381+
settingsManager,
366382
};
367383

368384
const availableCommands = await getAvailableSlashCommands(q);

src/lib.ts

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,22 @@ export {
1515
Pushable,
1616
unreachable,
1717
} from "./utils.js";
18-
export { createMcpServer, toolNames } from "./mcp-server.js";
19-
export { toolInfoFromToolUse, planEntries, toolUpdateFromToolResult } from "./tools.js";
18+
export { createMcpServer } from "./mcp-server.js";
19+
export {
20+
toolInfoFromToolUse,
21+
planEntries,
22+
toolUpdateFromToolResult,
23+
createPreToolUseHook,
24+
acpToolNames as toolNames,
25+
} from "./tools.js";
26+
export {
27+
SettingsManager,
28+
type ClaudeCodeSettings,
29+
type PermissionSettings,
30+
type PermissionDecision,
31+
type PermissionCheckResult,
32+
type SettingsManagerOptions,
33+
} from "./settings.js";
2034

2135
// Export types
2236
export type { ClaudePlanEntry } from "./tools.js";

0 commit comments

Comments
 (0)