FilesystemPermission(
self,
operations: list[FilesystemOperation],
paths: list[str],| Name | Type | Description |
|---|---|---|
operations* | list[FilesystemOperation] | Operations this rule applies to. |
paths* | list[str] | Glob patterns for matching file paths
(e.g. |
mode | Literal['allow', 'deny'] | Default: 'allow' |
| Name | Type |
|---|---|
| operations | list[FilesystemOperation] |
| paths | list[str] |
| mode | Literal['allow', 'deny'] |
A single access rule for filesystem operations.
Rules are evaluated in declaration order. The first matching rule's
mode is applied. If no rule matches, the call is allowed (permissive
default).
Example:
from deepagents.middleware.permissions import FilesystemPermission
# Deny all writes anywhere
FilesystemPermission(operations=["write"], paths=["/**"], mode="deny")
# Allow reads only under /workspace
FilesystemPermission(operations=["read"], paths=["/workspace/**"])Whether to allow or deny matching calls.