15 lines
726 B
Markdown
15 lines
726 B
Markdown
# Implementation Plan
|
|
|
|
## Phase 3: Tool Execution
|
|
- `Tool` trait, `ToolRegistry`, core tools (`read_file`, `write_file`, `shell_exec`)
|
|
- Tool definitions in API requests, parse tool-use responses
|
|
- Approval gate: core -> TUI pending event -> user approve/deny -> result back
|
|
- Working directory confinement + path validation (no Landlock yet)
|
|
- **Done when:** Claude can read, modify files, and run commands with user approval
|
|
|
|
## Phase 4: Sandboxing
|
|
- Landlock: read-only system, read-write project dir, network blocked
|
|
- Tools execute through `Sandbox`, never directly
|
|
- `:net on/off` toggle, state in status bar
|
|
- Graceful degradation on older kernels
|
|
- **Done when:** Writes outside project dir fail; network toggle works
|