vinzenz/damocles-daemon
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enable WebFetch/WebSearch via --settings permission grant

Browse source
This commit is contained in:
Damocles 2026-05-01 15:17:36 +02:00
parent 780f80615d
commit 1cd75ee857
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/shard.rs
View file

@ -21,6 +21,12 @@ use crate::paths;
/// Followed by SYSTEM.md content at runtime. Source: `prompts/shard_preamble.md`. /// Followed by SYSTEM.md content at runtime. Source: `prompts/shard_preamble.md`.
const SYSTEM_PROMPT_PREAMBLE: &str = include_str!("../prompts/shard_preamble.md"); const SYSTEM_PROMPT_PREAMBLE: &str = include_str!("../prompts/shard_preamble.md");
/// Permissions JSON passed via --settings. Without this, WebFetch and
/// WebSearch fall back to interactive permission prompts, which the daemon
/// has no way to answer (claude is a child process). Allowing them broadly
/// is fine: the lab is sandboxed, and the tools are read-only HTTP GET.
const SHARD_SETTINGS_JSON: &str = r#"{"permissions":{"allow":["WebFetch","WebSearch"]}}"#;
/// One stream-json event from claude's stdout. Only fields we care about. /// One stream-json event from claude's stdout. Only fields we care about.
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(tag = "type")] #[serde(tag = "type")]
@ -131,6 +137,8 @@ impl ShardSession {
&cfg.mcp_config_path.to_string_lossy(), &cfg.mcp_config_path.to_string_lossy(),
"--system-prompt", "--system-prompt",
&system_prompt, &system_prompt,
"--settings",
SHARD_SETTINGS_JSON,
]); ]);
cmd.current_dir(&identity_dir); cmd.current_dir(&identity_dir);
cmd.stdin(Stdio::piped()); cmd.stdin(Stdio::piped());