On this page
Core logic for managing profile permission rules.
#claudewheel.permission
#claudewheel.permission
Core logic for managing profile permission rules.
#validate_rule
def validate_rule(rule: str) -> NoneRaise ValueError if rule is not a valid permission rule string.
Rules are either bare tool names (Bash) or tool-with-pattern (Bash(git diff:*)). Empty, whitespace-only, and malformed strings are rejected.
#load_settings
def load_settings(settings_path: Path) -> dictRead and parse a profile's settings.json.
Raises FileNotFoundError if the file does not exist and json.JSONDecodeError if the content is not valid JSON.
#save_settings
def save_settings(settings_path: Path, data: dict) -> NoneAtomic-write data as JSON to settings_path.
Writes to a temporary sibling file first, then renames over the original to avoid partial writes.
#add_rule
def add_rule(data: dict, category: str, rule: str) -> strAppend rule to data["permissions"][category].
Returns "added" on success or "already present" if the rule already exists in the list. The list is never sorted -- append only.
#remove_rule
def remove_rule(data: dict, category: str, rule: str) -> strRemove rule from data["permissions"][category].
Returns "removed" on success or "not found" if the rule is not in the list.
#resolve_profiles
def resolve_profiles(profile: str | None, all_profiles: bool) -> list[tuple[str, Path]]Map the mutex flag values to a list of (name, settings_path) pairs.
Exactly one of profile or all_profiles must be truthy (enforced by the caller's MutexGroup). Prints to stderr and exits on error.