simplifies overridden warning message printing logic

Author: dingfeli

crates/chat-cli/src/cli/agent/mod.rs

@@ -54,10 +54,6 @@ pub use wrapper_types::{
     tool_settings_schema,
 };
 
-use super::chat::tools::execute::ExecuteCommand;
-use super::chat::tools::fs_read::FsRead;
-use super::chat::tools::fs_write::FsWrite;
-use super::chat::tools::use_aws::UseAws;
 use super::chat::tools::{
     DEFAULT_APPROVE,
     NATIVE_TOOLS,
@@ -247,49 +243,22 @@ impl Agent {
         Ok(())
     }
 
-    pub fn validate_tool_settings(&self, output: &mut impl Write) -> Result<(), AgentConfigError> {
+    pub fn print_overridden_permissions(&self, output: &mut impl Write) -> Result<(), AgentConfigError> {
         let execute_name = if cfg!(windows) { "execute_cmd" } else { "execute_bash" };
         for allowed_tool in &self.allowed_tools {
             if let Some(settings) = self.tools_settings.get(allowed_tool.as_str()) {
                 // currently we only have four native tools that offers tool settings
-                match allowed_tool.as_str() {
-                    "fs_read" => {
-                        if let Some(overridden_settings) = FsRead::allowable_field_to_be_overridden(settings) {
-                            queue_permission_override_warning(
-                                allowed_tool.as_str(),
-                                overridden_settings.as_str(),
-                                output,
-                            )?;
-                        }
-                    },
-                    "fs_write" => {
-                        if let Some(overridden_settings) = FsWrite::allowable_field_to_be_overridden(settings) {
-                            queue_permission_override_warning(
-                                allowed_tool.as_str(),
-                                overridden_settings.as_str(),
-                                output,
-                            )?;
-                        }
-                    },
-                    "use_aws" => {
-                        if let Some(overridden_settings) = UseAws::allowable_field_to_be_overridden(settings) {
-                            queue_permission_override_warning(
-                                allowed_tool.as_str(),
-                                overridden_settings.as_str(),
-                                output,
-                            )?;
-                        }
-                    },
-                    name if name == execute_name => {
-                        if let Some(overridden_settings) = ExecuteCommand::allowable_field_to_be_overridden(settings) {
-                            queue_permission_override_warning(
-                                allowed_tool.as_str(),
-                                overridden_settings.as_str(),
-                                output,
-                            )?;
-                        }
-                    },
-                    _ => {},
+                let overridden_settings_key = match allowed_tool.as_str() {
+                    "fs_read" | "fs_write" => Some("allowedPaths"),
+                    "use_aws" => Some("allowedServices"),
+                    name if name == execute_name => Some("allowedCommands"),
+                    _ => None,
+                };
+
+                if let Some(key) = overridden_settings_key {
+                    if let Some(ref override_settings) = settings.get(key).map(|value| format!("{key}: {value}")) {
+                        queue_permission_override_warning(allowed_tool.as_str(), override_settings, output)?;
+                    }
                 }
             }
         }

crates/chat-cli/src/cli/chat/mod.rs

@@ -1177,7 +1177,7 @@ impl ChatSession {
         }
 
         if let Some(agent) = self.conversation.agents.get_active() {
-            agent.validate_tool_settings(&mut self.stderr)?;
+            agent.print_overridden_permissions(&mut self.stderr)?;
         }
 
         self.stderr.flush()?;
@@ -1750,7 +1750,7 @@ impl ChatSession {
 
                         if let Some(agent) = self.conversation.agents.get_active() {
                             agent
-                                .validate_tool_settings(&mut self.stderr)
+                                .print_overridden_permissions(&mut self.stderr)
                                 .map_err(|_e| ChatError::Custom("Failed to validate agent tool settings".into()))?;
                         }
                     }
@@ -1820,7 +1820,7 @@ impl ChatSession {
                 self.conversation
                     .agents
                     .get_active()
-                    .is_some_and(|a| match tool.tool.requires_acceptance(a) {
+                    .is_some_and(|a| match tool.tool.requires_acceptance(os, a) {
                         PermissionEvalResult::Allow => true,
                         PermissionEvalResult::Ask => false,
                         PermissionEvalResult::Deny(matches) => {

crates/chat-cli/src/cli/chat/tools/custom_tool.rs

@@ -287,7 +287,7 @@ impl CustomTool {
             + TokenCounter::count_tokens(self.params.as_ref().map_or("", |p| p.as_str().unwrap_or_default()))
     }
 
-    pub fn eval_perm(&self, agent: &Agent) -> PermissionEvalResult {
+    pub fn eval_perm(&self, _os: &Os, agent: &Agent) -> PermissionEvalResult {
         use crate::util::MCP_SERVER_TOOL_DELIMITER;
         let Self {
             name: tool_name,

crates/chat-cli/src/cli/chat/tools/execute/mod.rs

@@ -186,13 +186,7 @@ impl ExecuteCommand {
         Ok(())
     }
 
-    pub fn allowable_field_to_be_overridden(settings: &serde_json::Value) -> Option<String> {
-        settings
-            .get("allowedCommands")
-            .map(|value| format!("allowedCommands: {}", value))
-    }
-
-    pub fn eval_perm(&self, agent: &Agent) -> PermissionEvalResult {
+    pub fn eval_perm(&self, _os: &Os, agent: &Agent) -> PermissionEvalResult {
         #[derive(Debug, Deserialize)]
         #[serde(rename_all = "camelCase")]
         struct Settings {
@@ -426,8 +420,8 @@ mod tests {
         }
     }
 
-    #[test]
-    fn test_eval_perm() {
+    #[tokio::test]
+    async fn test_eval_perm() {
         let tool_name = if cfg!(windows) { "execute_cmd" } else { "execute_bash" };
         let mut agent = Agent {
             name: "test_agent".to_string(),
@@ -444,51 +438,52 @@ mod tests {
             },
             ..Default::default()
         };
+        let os = Os::new().await.unwrap();
 
         let tool_one = serde_json::from_value::<ExecuteCommand>(serde_json::json!({
             "command": "git status",
         }))
         .unwrap();
 
-        let res = tool_one.eval_perm(&agent);
+        let res = tool_one.eval_perm(&os, &agent);
         assert!(matches!(res, PermissionEvalResult::Deny(ref rules) if rules.contains(&"\\Agit .*\\z".to_string())));
 
         let tool_two = serde_json::from_value::<ExecuteCommand>(serde_json::json!({
             "command": "this_is_not_a_read_only_command",
         }))
         .unwrap();
 
-        let res = tool_two.eval_perm(&agent);
+        let res = tool_two.eval_perm(&os, &agent);
         assert!(matches!(res, PermissionEvalResult::Ask));
 
         let tool_allow_wild_card = serde_json::from_value::<ExecuteCommand>(serde_json::json!({
             "command": "allow_wild_card some_arg",
         }))
         .unwrap();
-        let res = tool_allow_wild_card.eval_perm(&agent);
+        let res = tool_allow_wild_card.eval_perm(&os, &agent);
         assert!(matches!(res, PermissionEvalResult::Allow));
 
         let tool_allow_exact_should_ask = serde_json::from_value::<ExecuteCommand>(serde_json::json!({
             "command": "allow_exact some_arg",
         }))
         .unwrap();
-        let res = tool_allow_exact_should_ask.eval_perm(&agent);
+        let res = tool_allow_exact_should_ask.eval_perm(&os, &agent);
         assert!(matches!(res, PermissionEvalResult::Ask));
 
         let tool_allow_exact_should_allow = serde_json::from_value::<ExecuteCommand>(serde_json::json!({
             "command": "allow_exact",
         }))
         .unwrap();
-        let res = tool_allow_exact_should_allow.eval_perm(&agent);
+        let res = tool_allow_exact_should_allow.eval_perm(&os, &agent);
         assert!(matches!(res, PermissionEvalResult::Allow));
 
         agent.allowed_tools.insert(tool_name.to_string());
 
-        let res = tool_two.eval_perm(&agent);
+        let res = tool_two.eval_perm(&os, &agent);
         assert!(matches!(res, PermissionEvalResult::Allow));
 
         // Denied list should remain denied
-        let res = tool_one.eval_perm(&agent);
+        let res = tool_one.eval_perm(&os, &agent);
         assert!(matches!(res, PermissionEvalResult::Deny(ref rules) if rules.contains(&"\\Agit .*\\z".to_string())));
     }
 

crates/chat-cli/src/cli/chat/tools/fs_read.rs

@@ -11,10 +11,7 @@ use eyre::{
     Result,
     bail,
 };
-use globset::{
-    Glob,
-    GlobSetBuilder,
-};
+use globset::GlobSetBuilder;
 use serde::{
     Deserialize,
     Serialize,
@@ -48,6 +45,7 @@ use crate::cli::chat::{
     sanitize_unicode_tags,
 };
 use crate::os::Os;
+use crate::util::directories;
 
 #[derive(Debug, Clone, Deserialize)]
 pub struct FsRead {
@@ -102,13 +100,7 @@ impl FsRead {
         }
     }
 
-    pub fn allowable_field_to_be_overridden(settings: &serde_json::Value) -> Option<String> {
-        settings
-            .get("allowedPaths")
-            .map(|value| format!("allowedPaths: {}", value))
-    }
-
-    pub fn eval_perm(&self, agent: &Agent) -> PermissionEvalResult {
+    pub fn eval_perm(&self, os: &Os, agent: &Agent) -> PermissionEvalResult {
         #[derive(Debug, Deserialize)]
         #[serde(rename_all = "camelCase")]
         struct Settings {
@@ -141,14 +133,11 @@ impl FsRead {
                 let allow_set = {
                     let mut builder = GlobSetBuilder::new();
                     for path in &allowed_paths {
-                        let path = path.strip_suffix('/').unwrap_or(path.as_str());
-                        let Ok(path) = shellexpand::full(path) else {
+                        let Ok(path) = directories::canonicalizes_path(os, path) else {
                             continue;
                         };
-                        if let Ok(glob) = Glob::new(path.as_ref() as &str) {
-                            builder.add(glob);
-                        } else {
-                            warn!("Failed to create glob from path given: {path}. Ignoring.");
+                        if let Err(e) = directories::add_gitignore_globs(&mut builder, path.as_str()) {
+                            warn!("Failed to create glob from path given: {path}: {e}. Ignoring.");
                         }
                     }
                     builder.build()
@@ -158,15 +147,17 @@ impl FsRead {
                 let deny_set = {
                     let mut builder = GlobSetBuilder::new();
                     for path in &denied_paths {
-                        let processed_path = path.strip_suffix('/').unwrap_or(path.as_str());
-                        let Ok(processed_path) = shellexpand::full(processed_path) else {
+                        let Ok(processed_path) = directories::canonicalizes_path(os, path) else {
                             continue;
                         };
-                        if let Ok(glob) = Glob::new(processed_path.as_ref() as &str) {
-                            sanitized_deny_list.push(path);
-                            builder.add(glob);
-                        } else {
-                            warn!("Failed to create glob from path given: {path}. Ignoring.");
+                        match directories::add_gitignore_globs(&mut builder, processed_path.as_str()) {
+                            Ok(_) => {
+                                // Note that we need to push twice here because for each rule we
+                                // are creating two globs (one for file and one for directory)
+                                sanitized_deny_list.push(path);
+                                sanitized_deny_list.push(path);
+                            },
+                            Err(e) => warn!("Failed to create glob from path given: {path}: {e}. Ignoring."),
                         }
                     }
                     builder.build()
@@ -182,8 +173,7 @@ impl FsRead {
                                 FsReadOperation::Line(FsLine { path, .. })
                                 | FsReadOperation::Directory(FsDirectory { path, .. })
                                 | FsReadOperation::Search(FsSearch { path, .. }) => {
-                                    let path = path.strip_suffix('/').unwrap_or(path.as_str());
-                                    let Ok(path) = shellexpand::full(path) else {
+                                    let Ok(path) = directories::canonicalizes_path(os, path) else {
                                         ask = true;
                                         continue;
                                     };
@@ -213,8 +203,7 @@ impl FsRead {
                                     let denied_match_set = paths
                                         .iter()
                                         .flat_map(|path| {
-                                            let path = path.strip_suffix('/').unwrap_or(path.as_str());
-                                            let Ok(path) = shellexpand::full(path) else {
+                                            let Ok(path) = directories::canonicalizes_path(os, path) else {
                                                 return vec![];
                                             };
                                             deny_set.matches(path.as_ref() as &str)
@@ -1406,12 +1395,10 @@ mod tests {
         );
     }
 
-    #[test]
-    fn test_eval_perm() {
-        const DENIED_PATH_ONE: &str = "/some/denied/path";
-        const DENIED_PATH_GLOB: &str = "/denied/glob/**/path";
-        const ALLOW_PATH_ONE: &str = "/some/allow/path/**";
-        const ALLOW_PATH_GLOB: &str = "/allowed/glob/**/path/**";
+    #[tokio::test]
+    async fn test_eval_perm() {
+        const DENIED_PATH_OR_FILE: &str = "/some/denied/path";
+        const DENIED_PATH_OR_FILE_GLOB: &str = "/denied/glob/**/path";
 
         let mut agent = Agent {
             name: "test_agent".to_string(),
@@ -1420,44 +1407,43 @@ mod tests {
                 map.insert(
                     ToolSettingTarget("fs_read".to_string()),
                     serde_json::json!({
-                        "allowedPaths": [ALLOW_PATH_ONE, ALLOW_PATH_GLOB],
-                        "deniedPaths": [DENIED_PATH_ONE, DENIED_PATH_GLOB]
+                        "deniedPaths": [DENIED_PATH_OR_FILE, DENIED_PATH_OR_FILE_GLOB]
                     }),
                 );
                 map
             },
             ..Default::default()
         };
 
+        let os = Os::new().await.unwrap();
+
         let tool_one = serde_json::from_value::<FsRead>(serde_json::json!({
             "operations": [
-                { "path": DENIED_PATH_ONE, "mode": "Line", "start_line": 1, "end_line": 2 },
-                { "path": format!("{DENIED_PATH_ONE}/"), "mode": "Line", "start_line": 1, "end_line": 2 },
-                { "path": "/denied/glob", "mode": "Directory" },
-                { "path": "/denied/glob/child_one/path", "mode": "Directory" },
-                { "path": "/denied/glob/child_one/grand_child_one/path", "mode": "Directory" },
-                { "path": TEST_FILE_PATH, "mode": "Search", "pattern": "hello" }
+                { "path": DENIED_PATH_OR_FILE, "mode": "Line", "start_line": 1, "end_line": 2 },
+                { "path": format!("{DENIED_PATH_OR_FILE}/child"), "mode": "Line", "start_line": 1, "end_line": 2 },
+                { "path": "/denied/glob/middle_one/middle_two/path", "mode": "Line", "start_line": 1, "end_line": 2 },
+                { "path": "/denied/glob/middle_one/middle_two/path/child", "mode": "Line", "start_line": 1, "end_line": 2 },
             ],
         }))
         .unwrap();
 
-        let res = tool_one.eval_perm(&agent);
+        let res = tool_one.eval_perm(&os, &agent);
         assert!(matches!(
             res,
             PermissionEvalResult::Deny(ref deny_list)
-                if deny_list.iter().filter(|p| *p == DENIED_PATH_GLOB).collect::<Vec<_>>().len() == 2
-                && deny_list.iter().filter(|p| *p == DENIED_PATH_ONE).collect::<Vec<_>>().len() == 2
+                if deny_list.iter().filter(|p| *p == DENIED_PATH_OR_FILE_GLOB).collect::<Vec<_>>().len() == 2
+                && deny_list.iter().filter(|p| *p == DENIED_PATH_OR_FILE).collect::<Vec<_>>().len() == 2
         ));
 
         agent.allowed_tools.insert("fs_read".to_string());
 
         // Denied set should remain denied
-        let res = tool_one.eval_perm(&agent);
+        let res = tool_one.eval_perm(&os, &agent);
         assert!(matches!(
             res,
             PermissionEvalResult::Deny(ref deny_list)
-                if deny_list.iter().filter(|p| *p == DENIED_PATH_GLOB).collect::<Vec<_>>().len() == 2
-                && deny_list.iter().filter(|p| *p == DENIED_PATH_ONE).collect::<Vec<_>>().len() == 2
+                if deny_list.iter().filter(|p| *p == DENIED_PATH_OR_FILE_GLOB).collect::<Vec<_>>().len() == 2
+                && deny_list.iter().filter(|p| *p == DENIED_PATH_OR_FILE).collect::<Vec<_>>().len() == 2
         ));
     }
 }