Problem
Currently, the modes field in policy rules and safety checkers defined in TOML files is optional. Rules that omit this field apply to all approval modes by default. This can lead to unintended tool behavior in specific modes (like Plan Mode) if the user/admin isn't careful.
Proposed Solution
Make the modes field mandatory for all rules and safety checkers defined in TOML policy files.
Key Changes:
- Schema Enforcement: Update the Zod validation schema in
toml-loader.ts to require the modes array.
- Type Safety: Update the
PolicyRule and SafetyCheckerRule interfaces in types.ts to make modes a required property.
- Documentation: Update the policy engine documentation to reflect that
modes is now required.
- Migration: Update all existing test policies and default policies to include explicit
modes.
- Legacy Support: The policy engine (
policy-engine.ts) will still match rules without modes to all modes to ensure backward compatibility for rules injected programmatically, but the loader will enforce it for TOML files.
Problem
Currently, the
modesfield in policy rules and safety checkers defined in TOML files is optional. Rules that omit this field apply to all approval modes by default. This can lead to unintended tool behavior in specific modes (like Plan Mode) if the user/admin isn't careful.Proposed Solution
Make the
modesfield mandatory for all rules and safety checkers defined in TOML policy files.Key Changes:
toml-loader.tsto require themodesarray.PolicyRuleandSafetyCheckerRuleinterfaces intypes.tsto makemodesa required property.modesis now required.modes.policy-engine.ts) will still match rules withoutmodesto all modes to ensure backward compatibility for rules injected programmatically, but the loader will enforce it for TOML files.