Bounded write policy for headless executor/delegate runs.
The policy is deliberately narrower than :auto: it only authorizes write and
edit against canonical workspace-relative paths, keeps unsafe shell disabled, and
fails closed when paths or rules are ambiguous. It is a runtime object carried in
context.permission.policy, not a replacement for the existing permission-mode atom.
Summary
Functions
Whether a policy explicitly allows the whole workspace.
Authorize one tool call under a bounded write policy.
Canonical workspace-relative target for policy checks.
Load and normalize a bounded write policy JSON file.
Rehydrate a runtime policy from safe metadata previously written to the Log.
Machine-readable policy metadata safe for CLI/delegate JSON output.
Return a policy narrowed to the given write set.
Normalize a bounded write policy map and compute stable metadata.
Validate that every write_set rule is within a parent policy allow rule.
Functions
Whether a policy explicitly allows the whole workspace.
@spec authorize_tool(map() | nil, String.t(), map(), String.t()) :: :allow | {:deny, map()} | {:error, map()}
Authorize one tool call under a bounded write policy.
Canonical workspace-relative target for policy checks.
Load and normalize a bounded write policy JSON file.
Rehydrate a runtime policy from safe metadata previously written to the Log.
The recorded metadata is intentionally enough for later diagnostics or live-handle reattachment without trusting a prompt or model-supplied override. It preserves the original hash instead of recomputing it from a lossy projection.
Machine-readable policy metadata safe for CLI/delegate JSON output.
Return a policy narrowed to the given write set.
Normalize a bounded write policy map and compute stable metadata.
Validate that every write_set rule is within a parent policy allow rule.