Jobdori 66283f4dc9 feat(runtime+tools): PermissionEnforcer — permission mode enforcement layer ... Add PermissionEnforcer in crates/runtime/src/permission_enforcer.rs and wire enforce_permission_check() into crates/tools/src/lib.rs. Runtime additions: - PermissionEnforcer: wraps PermissionPolicy with enforcement API - check(tool, input): validates tool against active mode via policy.authorize() - check_file_write(path, workspace_root): workspace boundary enforcement - ReadOnly: deny all writes - WorkspaceWrite: allow within workspace, deny outside - DangerFullAccess/Allow: permit all - Prompt: deny (no prompter available) - check_bash(command): read-only command heuristic (60+ safe commands) - Detects -i/--in-place/redirect operators as non-read-only - is_within_workspace(): string-prefix boundary check - is_read_only_command(): conservative allowlist of safe CLI commands Tool wiring: - enforce_permission_check() public API for gating execute_tool() calls - Maps EnforcementResult::Denied to Err(reason) for tool dispatch 9 new tests covering all permission modes + workspace boundary + bash heuristic.		2026-04-03 17:55:04 +09:00
..
api	Preserve usage accounting on OpenAI SSE streams	2026-04-02 10:04:14 +00:00
commands	feat: add 40 slash commands — command surface 67/141	2026-04-03 08:09:14 +09:00
compat-harness	wip: plugins progress	2026-04-01 07:09:06 +00:00
mock-anthropic-service	Expand parity harness coverage before behavioral drift lands	2026-04-03 04:00:33 +00:00
plugins	Merge branch 'dori/hooks-parity' into main	2026-04-02 18:36:37 +09:00
runtime	feat(runtime+tools): PermissionEnforcer — permission mode enforcement layer	2026-04-03 17:55:04 +09:00
rusty-claude-cli	Expand parity harness coverage before behavioral drift lands	2026-04-03 04:00:33 +00:00
telemetry	feat: anthropic SDK header matching + request profile	2026-04-01 05:55:25 +00:00
tools	feat(runtime+tools): PermissionEnforcer — permission mode enforcement layer	2026-04-03 17:55:04 +09:00