mikael-lovqvists-claude-agent/claude-code-conduit
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dd7743501a6c931ecf8fd3aca283de4665291472
claude-code-conduit/server/actions.mjs
mikael-lovqvists-claude-agent dd7743501a Add runtime policy overrides and TUI policy management view 
- server/policy_overrides.mjs: persistent group/action override store
- Group toggle: disabling a group forces all its actions to auto-deny without
  touching individual overrides; re-enabling restores them intact
- Action overrides: cycle auto-accept/queue/auto-deny/clear per action
- Effective policy resolution in index.mjs: group > action override > hardcoded default
- auth.mjs: add check_can_manage_policies (requires canApprove.length > 0)
- Three new endpoints: GET /policies, POST /policies/group/:group, POST /policies/action/:action
- client/conduit.mjs: get_policies, set_group_policy, set_action_policy
- ccc-queue.mjs: policy view (Tab to switch); group/action panel with space/e/←/→
- actions.mjs: group fields on desktop/email/calendar actions; list-actions includes group
- config.example.json: add policy_overrides key
- Bump version to 1.3.0

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-21 16:01:45 +00:00

197 lines
6.5 KiB
JavaScript
Raw Blame History

// Action registry — defines all available actions, their parameters, and policies.
// policy: "auto-accept" | "auto-deny" | "queue"
import { resolve_path } from './helpers.mjs';
import { check_can_approve } from './auth.mjs';
export const actions = {
"list-actions": {
description: "List all available actions and their definitions",
params: [],
policy: "auto-accept",
handler: () => {
return Object.entries(actions).map(([name, def]) => ({
action: name,
description: def.description,
params: def.params,
policy: def.policy,
group: def.group ?? null,
}));
},
},
"edit-file": {
description: "Open a file in the editor",
params: [{ name: "filename", required: true, type: "path" }],
policy: "auto-accept",
group: "desktop",
handler: ({ filename }, { exec }) => {
const resolved = resolve_path(filename);
exec('subl3', [resolved]);
return { opened: resolved };
},
},
/*
"open-directory": {
description: "Open a directory in the file manager",
params: [{ name: "path", required: true, type: "path" }],
policy: 'queue',
handler: ({ path }) => {
const resolved = resolve_path(path);
// exec( ... );
return { opened: resolved };
},
},
*/
"open-browser": {
description: "Open a URL in the web browser",
params: [{ name: "url", required: true, type: "string" }],
policy: "queue",
group: "desktop",
handler: ({ url }, { exec }) => {
const parsed = new URL(url);
if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
throw new Error(`Disallowed protocol: ${parsed.protocol}`);
}
exec('xdg-open', [parsed.href]);
return { opened: parsed.href };
},
},
"open-terminal": {
description: "Open a terminal in a given directory",
params: [{ name: "path", required: false, type: "path" }],
policy: 'queue',
group: "desktop",
handler: ({ path }, { exec }) => {
const resolved = resolve_path(path ?? 'workspace');
exec('konsole', ['--workdir', resolved, '-e', 'bash']);
return { opened: resolved };
},
},
'send-email': {
description: 'Send an email to a permitted recipient',
params: [
{ name: 'to', required: true, type: 'string' },
{ name: 'subject', required: true, type: 'string' },
{ name: 'body', required: true, type: 'string' },
{ name: 'topic', required: true, type: 'string' },
],
policy: 'auto-accept',
group: 'email',
handler: async ({ to, subject, body, topic }, { caller, mail_perm_store, mailer_send }) => {
if (!mail_perm_store.check(caller, to, topic)) {
throw new Error(`Mail permission denied: ${caller}${to} [${topic}]`);
}
await mailer_send(to, subject, body);
return { sent: true, to, topic };
},
},
'set-mail-permission': {
description: 'Grant or revoke permission for a user to send email to a recipient/topic',
params: [
{ name: 'target_user', required: true, type: 'string' },
{ name: 'to', required: true, type: 'string' },
{ name: 'topic', required: false, type: 'string' },
{ name: 'allow', required: true, type: 'boolean' },
],
policy: 'auto-accept',
handler: ({ target_user, to, topic = null, allow }, { caller, users, mail_perm_store }) => {
if (!check_can_approve(users, caller, target_user)) {
throw new Error(`Not authorized to set mail permissions for '${target_user}'`);
}
if (allow) {
mail_perm_store.add(target_user, to, topic);
} else {
mail_perm_store.remove(target_user, to, topic);
}
return { target_user, to, topic, allow, permissions: mail_perm_store.list() };
},
},
'get-mail-permissions': {
description: 'List current mail permissions, optionally filtered by user',
params: [
{ name: 'target_user', required: false, type: 'string' },
],
policy: 'auto-accept',
handler: ({ target_user }, { mail_perm_store }) => {
const all = mail_perm_store.list();
return { permissions: target_user ? all.filter(e => e.user === target_user) : all };
},
},
'calendar-list-events': {
description: 'List upcoming calendar events',
group: 'calendar',
params: [
{ name: 'calendar_id', required: false, type: 'string' },
{ name: 'time_min', required: false, type: 'string' },
{ name: 'time_max', required: false, type: 'string' },
{ name: 'max_results', required: false, type: 'number' },
],
policy: 'auto-accept',
handler: async ({ calendar_id, time_min, time_max, max_results }, { calendar }) => {
if (!calendar) { throw new Error('Google Calendar not configured'); }
const events = await calendar.list_events({ calendar_id, time_min, time_max, max_results });
return { events };
},
},
'calendar-create-event': {
description: 'Create a new calendar event',
group: 'calendar',
params: [
{ name: 'summary', required: true, type: 'string' },
{ name: 'start', required: true, type: 'string' },
{ name: 'end', required: true, type: 'string' },
{ name: 'description', required: false, type: 'string' },
{ name: 'calendar_id', required: false, type: 'string' },
],
policy: 'queue',
handler: async ({ summary, start, end, description, calendar_id }, { calendar }) => {
if (!calendar) { throw new Error('Google Calendar not configured'); }
const event = await calendar.create_event({ calendar_id, summary, start, end, description });
return { event };
},
},
'calendar-update-event': {
description: 'Update fields on an existing calendar event',
group: 'calendar',
params: [
{ name: 'event_id', required: true, type: 'string' },
{ name: 'calendar_id', required: false, type: 'string' },
{ name: 'summary', required: false, type: 'string' },
{ name: 'start', required: false, type: 'string' },
{ name: 'end', required: false, type: 'string' },
{ name: 'description', required: false, type: 'string' },
],
policy: 'queue',
handler: async ({ event_id, calendar_id, summary, start, end, description }, { calendar }) => {
if (!calendar) { throw new Error('Google Calendar not configured'); }
const event = await calendar.update_event({ calendar_id, event_id, summary, start, end, description });
return { event };
},
},
'calendar-delete-event': {
description: 'Delete a calendar event',
group: 'calendar',
params: [
{ name: 'event_id', required: true, type: 'string' },
{ name: 'calendar_id', required: false, type: 'string' },
],
policy: 'queue',
handler: async ({ event_id, calendar_id }, { calendar }) => {
if (!calendar) { throw new Error('Google Calendar not configured'); }
return calendar.delete_event({ calendar_id, event_id });
},
},
};
Reference in New Issue View Git Blame Copy Permalink