FilesystemPermission(
self,
operations: list[FilesystemOperation],
paths: list[str],| Name | Type |
|---|---|
| operations | list[FilesystemOperation] |
| paths | list[str] |
| mode | Literal['allow', 'deny', 'interrupt'] |
A single access rule for filesystem operations.
Effect when a tool call matches this rule:
"allow" (default): the call proceeds.
"deny": the tool returns a permission-denied error.
"interrupt": the call is paused for human approval via
HumanInTheLoopMiddleware.
Best paired with patterns that have a literal leading anchor (e.g.,
/secrets/**, /projects/*/secrets/**). Bulk tools
(ls/glob/grep) fire the interrupt based on whether their
search subtree could overlap the rule's anchored prefix, so a fully
unanchored pattern (/**/secrets) collapses to / and
conservatively over-fires for any bulk call.