smelt.permissions¶
Tier: UiHost - Requires a terminal UI; calling these from headless mode raises.
Visibility: Public - Stable Lua API intended for user config and plugins.
List, sync, and extend permission policy state. UiHost-only.
smelt.permissions.check¶
Decide a tool-specific pattern bucket (e.g. ("normal", "bash", "git status")) against the current policy. Returns "allow", "ask", or "deny"; defaults to "ask" when no app context is available.
smelt.permissions.check_tool¶
Decision primitives for tool decide callbacks. Returns "allow"/"ask"/"deny".
smelt.permissions.extend¶
Types: smelt.permissions.PolicySpec
Extend the generated permission policy with user rules. Supports tools, effects, and patterns sections under default or any mode name.
smelt.permissions.grant_session¶
Types: smelt.permissions.SessionPathGrant
Add one session-scoped grant. Currently supports { kind = "path", mode?, tool, access = "read"|"write", path_prefix } for tool-specific path access. Omit mode for mode-independent path trust; set mode to scope the grant to one mode.
smelt.permissions.list¶
Types: smelt.permissions.ListResult
Return current permission rules as { session = { { tool, pattern } }, path_grants = { { kind = "path", mode?, tool, access, path_prefix } }, workspace = { { tool, patterns } } }. Session entries and path grants come from runtime approvals; workspace entries come from the on-disk store rooted at the current cwd.
smelt.permissions.sync¶
Types: smelt.permissions.SyncSpec
Replace runtime + workspace permission entries with spec.session, spec.path_grants, and spec.workspace. Persists workspace rules to disk; session rules apply for this run only.