@matheuskrumenauer/tanya 0.5.0-beta.0 → 0.6.0-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +39 -2
- package/dist/cli.js +1347 -314
- package/dist/cli.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -114,6 +114,43 @@ The workspace state directory remains `.tania/` for historical compatibility.
|
|
|
114
114
|
Existing run logs, context files, artifact materialization, and memory files are
|
|
115
115
|
not moved or renamed.
|
|
116
116
|
|
|
117
|
+
## Permissions
|
|
118
|
+
|
|
119
|
+
Tanya has an opt-in pre-execution permission layer for native tools and
|
|
120
|
+
project-local slash commands. The default mode in v0.x is `bypass` so existing
|
|
121
|
+
automation keeps full access until a workspace opts in.
|
|
122
|
+
|
|
123
|
+
Modes:
|
|
124
|
+
|
|
125
|
+
- `bypass` skips gating and logs decisions for audit.
|
|
126
|
+
- `default` applies configured rules; unmatched calls are allowed.
|
|
127
|
+
- `ask` applies configured rules; unmatched calls prompt the host.
|
|
128
|
+
- `plan` denies all tool execution so the model must respond with text only.
|
|
129
|
+
|
|
130
|
+
Rules live in `~/.tanya/permissions.json` for user scope and
|
|
131
|
+
`.tania/permissions.json` for project scope. Project rules merge over user
|
|
132
|
+
rules. A minimal deny rule:
|
|
133
|
+
|
|
134
|
+
```json
|
|
135
|
+
{
|
|
136
|
+
"version": 1,
|
|
137
|
+
"mode": "default",
|
|
138
|
+
"alwaysDeny": ["run_shell:.*rm -rf.*"]
|
|
139
|
+
}
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
Generate a starter config from recent runs:
|
|
143
|
+
|
|
144
|
+
```bash
|
|
145
|
+
tanya permissions migrate --cwd . > .tania/permissions.suggested.json
|
|
146
|
+
```
|
|
147
|
+
|
|
148
|
+
Spend rules can gate projected token or USD budgets before a tool runs. For
|
|
149
|
+
example, `/cost --enforce --max-usd 0.50` writes a session-scoped rule.
|
|
150
|
+
|
|
151
|
+
See [docs/permissions.md](./docs/permissions.md) for the full schema,
|
|
152
|
+
precedence, audit log, and worked examples.
|
|
153
|
+
|
|
117
154
|
## Commands
|
|
118
155
|
|
|
119
156
|
```bash
|
|
@@ -158,8 +195,8 @@ Project-local commands live in `.tania/commands/*.{js,ts,sh}` and appear in
|
|
|
158
195
|
run directly; JavaScript and TypeScript commands export a default
|
|
159
196
|
`CommandDefinition`.
|
|
160
197
|
|
|
161
|
-
Project-local commands are arbitrary code execution
|
|
162
|
-
|
|
198
|
+
Project-local commands are arbitrary code execution and are gated by the same
|
|
199
|
+
permission engine as native tools.
|
|
163
200
|
|
|
164
201
|
`--verify` adds required verification commands to the run context. Tanya must run and report each exact command before finishing the coding task.
|
|
165
202
|
|