Security Strategy Pattern + Rule Engine See in Code Tour

Permission Systems

Five-tier permission model combining glob rule matching, ML classification, and interactive prompting.

Permission Systems — Architecture Diagram

flowchart TD
    A[Tool Call] --> B{Permission Mode?}
    B -->|bypass| C[Allow Always]
    B -->|deny| D[Deny Always]
    B -->|default| E[Allow w/ Rules]
    B -->|ask| F[Always Prompt User]
    B -->|auto| G{ML Classifier}
    G -->|high confidence| H[Auto Allow]
    G -->|low confidence| F
    E --> I{Rule Match?}
    I -->|allow rule| C
    I -->|deny rule| D
    I -->|no match| F

Mermaid diagram definition

Deep Dive

The permission system is a layered rule engine. Before any tool runs, the system evaluates: mode → managed rules → user rules → ML classifier → interactive prompt. Each layer can grant or deny independently.

🔑Key Insight

Managed rules (from org policy) are checked first and cannot be overridden by user settings. This allows enterprises to enforce security policies without users being able to bypass them.

ℹ️Info

The ML classifier scores bash commands for safety on a 0-1 scale. High-confidence safe commands (like `ls`, `cat`) auto-approve in `auto` mode. Ambiguous commands fall back to prompting.

KEY TAKEAWAYS

→Managed policy always wins over user settings
→ML classifiers enable auto-approval without sacrificing security
→Glob rules compose from three sources with defined precedence
→The permission decision is always separate from tool execution

Source Code

ML classifier integration and managed-rules enforcement at the top of the permission check.

/* eslint-disable @typescript-eslint/no-require-imports */
const classifierDecisionModule = feature('TRANSCRIPT_CLASSIFIER')
  ? (require('./classifierDecision.js') as typeof import('./classifierDecision.js'))
  : null
const autoModeStateModule = feature('TRANSCRIPT_CLASSIFIER')
  ? (require('./autoModeState.js') as typeof import('./autoModeState.js'))
  : null

import {
  addToTurnClassifierDuration,
  getTotalCacheCreationInputTokens,
  getTotalCacheReadInputTokens,
  getTotalInputTokens,
  getTotalOutputTokens,
} from '../../bootstrap/state.js'
import { getFeatureValue_CACHED_WITH_REFRESH } from '../../services/analytics/growthbook.js'
import {
  type AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
  logEvent,
} from '../../services/analytics/index.js'
import { sanitizeToolNameForAnalytics } from '../../services/analytics/metadata.js'
import {
  clearClassifierChecking,

AI Assistant

Ask anything about Permission Systems