Commit ·
2b12475
1
Parent(s): 891669b
Add QB_DISPATCHED env var bypass for mesh gating — QB's hooks are the enforcement layer
Browse files- policy_engine.py +10 -3
policy_engine.py
CHANGED
|
@@ -233,12 +233,19 @@ _GATED_TOOLS: frozenset[str] = frozenset({
|
|
| 233 |
})
|
| 234 |
|
| 235 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 236 |
def should_gate_for_review(tool_name: str, args: dict) -> bool: # noqa: ARG001
|
| 237 |
-
"""Return ``True`` if *tool_name* should be held for
|
| 238 |
|
| 239 |
-
|
| 240 |
-
|
| 241 |
"""
|
|
|
|
|
|
|
| 242 |
return tool_name in _GATED_TOOLS
|
| 243 |
|
| 244 |
|
|
|
|
| 233 |
})
|
| 234 |
|
| 235 |
|
| 236 |
+
# QB_DISPATCHED — when True, mesh gating is bypassed because QB's hooks
|
| 237 |
+
# are the enforcement layer. Set via environment variable by QB's cron.
|
| 238 |
+
_QB_DISPATCHED = os.getenv("QB_DISPATCHED", "").lower() in ("1", "true", "yes")
|
| 239 |
+
|
| 240 |
+
|
| 241 |
def should_gate_for_review(tool_name: str, args: dict) -> bool: # noqa: ARG001
|
| 242 |
+
"""Return ``True`` if *tool_name* should be held for review.
|
| 243 |
|
| 244 |
+
Under QB authority: auto-execute everything (QB's hooks enforce).
|
| 245 |
+
Standalone: mutating tools are staged for human review.
|
| 246 |
"""
|
| 247 |
+
if _QB_DISPATCHED:
|
| 248 |
+
return False
|
| 249 |
return tool_name in _GATED_TOOLS
|
| 250 |
|
| 251 |
|