Skip to content

feat(adapter): add CheckAdapter for generic check interface#53

Merged
fohte merged 2 commits intomainfrom
fohte/impl-runok-init-check-adapter
Feb 19, 2026
Merged

feat(adapter): add CheckAdapter for generic check interface#53
fohte merged 2 commits intomainfrom
fohte/impl-runok-init-check-adapter

Conversation

@fohte
Copy link
Owner

@fohte fohte commented Feb 19, 2026
edited by devin-ai-integration bot
Loading

Why

  • Any LLM agent should be able to query command permissions via runok check --command "..."
    • Leverage the common evaluation flow by implementing the existing Endpoint trait

What

  • Add CheckAdapter as an Endpoint trait implementation that returns permission decisions as JSON
    • Provide two constructors: from_command() (CLI argument) and from_stdin() (stdin JSON)
    • handle_action converts Action to CheckOutput JSON (decision, reason, fix_suggestion, sandbox) on stdout (exit 0)
    • handle_no_match returns a decision based on defaults.action (exit 0)
    • handle_error writes to stderr (exit 2)
    • Sandbox information is included as informational data: preset name or merged policy details
Open with Devin

@fohte @claude
adapter: add CheckAdapter implementing Endpoint trait for generic che…
84ef5a7 
…ck interface

CheckAdapter provides a protocol-agnostic check interface that any LLM
agent can use to query command permissions. It accepts commands via
`from_command()` (for --command CLI arg) or `from_stdin()` (for JSON
input), evaluates them through the common Endpoint flow, and outputs
CheckOutput JSON to stdout with decision/reason/fix_suggestion/sandbox.

- extract_command: returns the stored command string
- handle_action: converts Action to CheckOutput JSON, exit 0
- handle_no_match: maps defaults.action to decision string, exit 0
- handle_error: writes to stderr, exit 2
- Sandbox info is included as informational data (preset name or
  merged policy details)

Co-Authored-By: Claude Opus 4.6 <[email protected]>
@gemini-code-assist
Copy link

gemini-code-assist bot commented Feb 19, 2026

Summary of Changes

Hello @fohte, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new CheckAdapter to facilitate a standardized way for LLM agents and other tools to query command permissions using the runok check command. By implementing the Endpoint trait, it provides a consistent JSON output for permission decisions, including detailed sandbox information, making it easier to integrate with automated systems. The change enhances the runok tool's ability to provide programmatic access to its rule evaluation capabilities.

Highlights

  • New CheckAdapter for runok check: A new CheckAdapter struct was introduced to provide a generic interface for checking command permissions via the runok check command.
  • JSON Output for Permission Decisions: The CheckAdapter implements the Endpoint trait to output permission decisions (allow, deny, ask) and associated details (reason, fix suggestion, sandbox info) as JSON to stdout.
  • Flexible Command Input: The CheckAdapter supports two ways to receive the command to be checked: directly from a CLI argument using from_command() or from JSON input via stdin using from_stdin().
  • Comprehensive Error and No-Match Handling: The adapter includes dedicated handlers for processing rule engine actions (handle_action), cases where no rule matches (handle_no_match based on default actions), and errors (handle_error), ensuring consistent exit codes and output.
  • Detailed Sandbox Information: Sandbox policy details, including preset names, writable roots, and network allowance, are now included in the JSON output for informational purposes.
Changelog
  • src/adapter/check_adapter.rs
    • Added CheckAdapter struct and its associated logic for handling command checks.
    • Defined CheckInput, CheckOutput, and CheckSandboxInfo structs for JSON serialization/deserialization.
    • Implemented the Endpoint trait for CheckAdapter, including extract_command, handle_action, handle_no_match, and handle_error methods.
    • Included helper functions build_sandbox_info and merged_policy_to_sandbox_info to format sandbox data for output.
    • Added comprehensive unit tests for CheckAdapter construction, action handling, no-match scenarios, error handling, and sandbox info building.
  • src/adapter/mod.rs
    • Added pub mod check_adapter; to expose the new check_adapter module.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@codecov
Copy link

codecov bot commented Feb 19, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 98.76543% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 90.38%. Comparing base (0aee28c) to head (f98bef4).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
src/adapter/check_adapter.rs 98.76% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main      #53      +/-   ##
==========================================
+ Coverage   90.17%   90.38%   +0.20%     
==========================================
  Files          19       20       +1     
  Lines        4234     4315      +81     
==========================================
+ Hits         3818     3900      +82     
+ Misses        416      415       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

devin-ai-integration[bot]
devin-ai-integration bot reviewed Feb 19, 2026
View reviewed changes
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.

Open in Devin Review

gemini-code-assist[bot]

This comment was marked as resolved.

Sign in to view

@fohte @claude
adapter/check_adapter: extract build_check_output and fix tautologica…
f98bef4 
…l tests

Tests for handle_action and handle_no_match were duplicating the
production logic in test bodies, making assertions tautological
(comparing a value against itself). Also, the for-loop test pattern
and misleading case names needed cleanup per review feedback.

Extract build_check_output() and build_no_match_output() from the
Endpoint methods so tests can verify the mapping logic directly.
Refactor handle_action_always_returns_exit_0 to use rstest
parameterization, and fix constructor test naming.

Co-Authored-By: Claude Opus 4.6 <[email protected]>
@fohte fohte merged commit cb6dc15 into main Feb 19, 2026
5 checks passed
@fohte fohte deleted the fohte/impl-runok-init-check-adapter branch February 19, 2026 15:38
@fohte-bot fohte-bot bot mentioned this pull request Feb 19, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fohte