checkPermissions method
Future<PermissionDecision>
checkPermissions(
- Map<
String, dynamic> input, - ToolPermissionContext permContext
override
Check if this tool use is permitted. Returns a PermissionDecision. Override in subclasses for tool-specific permission logic.
Implementation
@override
Future<PermissionDecision> checkPermissions(
Map<String, dynamic> input,
ToolPermissionContext permContext,
) async {
final skill = (input['skill'] as String).trim();
final commandName = skill.startsWith('/') ? skill.substring(1) : skill;
// Check deny rules from permission context.
for (final rules in permContext.rulesBySource.values) {
for (final rule in rules) {
if (rule.behavior == PermissionBehavior.deny) {
final ruleStr = rule.value.ruleContent ?? '';
if (_ruleMatches(ruleStr, commandName)) {
return DenyDecision(
PermissionDenyDecision(
reason: 'Skill execution blocked by permission rules',
),
);
}
}
}
}
// Check allow rules from permission context.
for (final rules in permContext.rulesBySource.values) {
for (final rule in rules) {
if (rule.behavior == PermissionBehavior.allow) {
final ruleStr = rule.value.ruleContent ?? '';
if (_ruleMatches(ruleStr, commandName)) {
return AllowDecision(PermissionAllowDecision(matchedRule: rule));
}
}
}
}
// Auto-allow skills with only safe properties.
final command = _registry.findCommand(commandName);
if (command != null && command.type == 'prompt') {
final commandData = command.toJson();
if (skillHasOnlySafeProperties(commandData)) {
return const AllowDecision(PermissionAllowDecision());
}
}
// Default: ask user for permission.
return AskDecision(
PermissionAskDecision(message: 'Execute skill: $commandName'),
);
}