@codemcp/ade-cli 0.2.5 → 0.2.6

package/dist/index.js

@@ -12595,49 +12595,6 @@ var backpressureFacet = {
 };
 
 // ../core/dist/catalog/facets/autonomy.js
-var ALL_CAPABILITIES = [
-  "read",
-  "edit_write",
-  "search_list",
-  "bash_safe",
-  "bash_unsafe",
-  "web",
-  "task_agent"
-];
-function capabilityMap(defaultDecision, overrides = {}) {
-  return Object.fromEntries(ALL_CAPABILITIES.map((capability) => [
-    capability,
-    overrides[capability] ?? defaultDecision
-  ]));
-}
-function autonomyPolicy(profile) {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: capabilityMap("ask")
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: capabilityMap("ask", {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          task_agent: "allow",
-          web: "ask"
-        })
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: capabilityMap("allow", {
-          web: "ask"
-        })
-      };
-  }
-}
 var autonomyFacet = {
   id: "autonomy",
   label: "Autonomy",
@@ -12652,7 +12609,7 @@ var autonomyFacet = {
       recipe: [
         {
           writer: "permission-policy",
-          config: autonomyPolicy("rigid")
+          config: { profile: "rigid" }
         }
       ]
     },
@@ -12663,7 +12620,7 @@ var autonomyFacet = {
       recipe: [
         {
           writer: "permission-policy",
-          config: autonomyPolicy("sensible-defaults")
+          config: { profile: "sensible-defaults" }
         }
       ]
     },
@@ -12674,7 +12631,7 @@ var autonomyFacet = {
       recipe: [
         {
           writer: "permission-policy",
-          config: autonomyPolicy("max-autonomy")
+          config: { profile: "max-autonomy" }
         }
       ]
     }
@@ -12874,11 +12831,7 @@ function mergePermissionPolicy(existing, incoming) {
   }
   return {
     ...existing,
-    ...incoming,
-    capabilities: {
-      ...existing.capabilities,
-      ...incoming.capabilities
-    }
+    ...incoming
   };
 }
 function collectDocsets(choices, catalog) {
@@ -21975,28 +21928,28 @@ ${skill.body}
   }
   return modified;
 }
+function formatYamlKey(value) {
+  return /^[A-Za-z_][A-Za-z0-9_-]*$/.test(value) ? value : JSON.stringify(value);
+}
 
 // ../harnesses/dist/writers/universal.js
 import { join as join10 } from "path";
 import { writeFile as writeFile5 } from "fs/promises";
-var CAPABILITY_ORDER = [
-  "read",
-  "edit_write",
-  "search_list",
-  "bash_safe",
-  "bash_unsafe",
-  "web",
-  "task_agent"
-];
-function formatCapabilityGuidance(capability, decision) {
-  return `- \`${capability}\`: ${decision}`;
+
+// ../harnesses/dist/permission-policy.js
+function getAutonomyProfile(config) {
+  return config.permission_policy?.profile;
 }
+function hasPermissionPolicy(config) {
+  return config.permission_policy !== void 0;
+}
+
+// ../harnesses/dist/writers/universal.js
 function renderAutonomyGuidance(config) {
-  const policy = config.permission_policy;
-  if (!policy) {
+  const profile = getAutonomyProfile(config);
+  if (!profile) {
     return void 0;
   }
-  const capabilityLines = CAPABILITY_ORDER.map((capability) => formatCapabilityGuidance(capability, policy.capabilities[capability]));
   return [
     "## Autonomy",
     "",
@@ -22004,14 +21957,51 @@ function renderAutonomyGuidance(config) {
     "",
     "Treat this autonomy profile as documentation-only guidance for built-in/basic operations.",
     "",
-    `Profile: \`${policy.profile}\``,
+    `Profile: \`${profile}\``,
     "",
-    "Built-in/basic capability guidance:",
-    ...capabilityLines,
+    ...getUniversalProfileGuidance(profile),
     "",
     "MCP permissions are not re-modeled by autonomy here; any MCP approvals must come from provisioning-aware consuming harnesses rather than the Universal writer."
   ].join("\n");
 }
+function getUniversalProfileGuidance(profile) {
+  const header = "Built-in/basic capability guidance:";
+  switch (profile) {
+    case "rigid":
+      return [
+        header,
+        "- `read`: allow",
+        "- `edit_write`: ask",
+        "- `search_list`: ask",
+        "- `bash_safe`: ask",
+        "- `bash_unsafe`: ask",
+        "- `web`: ask",
+        "- `task_agent`: ask"
+      ];
+    case "sensible-defaults":
+      return [
+        header,
+        "- `read`: allow",
+        "- `edit_write`: allow",
+        "- `search_list`: allow",
+        "- `bash_safe`: allow",
+        "- `bash_unsafe`: ask",
+        "- `web`: ask",
+        "- `task_agent`: allow"
+      ];
+    case "max-autonomy":
+      return [
+        header,
+        "- `read`: allow",
+        "- `edit_write`: allow",
+        "- `search_list`: allow",
+        "- `bash_safe`: allow",
+        "- `bash_unsafe`: allow",
+        "- `web`: ask",
+        "- `task_agent`: allow"
+      ];
+  }
+}
 var universalWriter = {
   id: "universal",
   label: "Universal (AGENTS.md + .mcp.json)",
@@ -22039,162 +22029,6 @@ var universalWriter = {
 
 // ../harnesses/dist/writers/claude-code.js
 import { join as join11 } from "path";
-
-// ../harnesses/dist/permission-policy.js
-var SENSIBLE_DEFAULTS_RULES = {
-  read: {
-    "*": "allow",
-    "*.env": "deny",
-    "*.env.*": "deny",
-    "*.env.example": "allow"
-  },
-  edit: "allow",
-  glob: "allow",
-  grep: "allow",
-  list: "allow",
-  lsp: "allow",
-  task: "allow",
-  todoread: "deny",
-  todowrite: "deny",
-  skill: "deny",
-  webfetch: "ask",
-  websearch: "ask",
-  codesearch: "ask",
-  bash: {
-    "*": "deny",
-    "grep *": "allow",
-    "rg *": "allow",
-    "find *": "allow",
-    "fd *": "allow",
-    ls: "allow",
-    "ls *": "allow",
-    "cat *": "allow",
-    "head *": "allow",
-    "tail *": "allow",
-    "wc *": "allow",
-    "sort *": "allow",
-    "uniq *": "allow",
-    "diff *": "allow",
-    "echo *": "allow",
-    "printf *": "allow",
-    pwd: "allow",
-    "which *": "allow",
-    "type *": "allow",
-    whoami: "allow",
-    date: "allow",
-    "date *": "allow",
-    env: "allow",
-    "tree *": "allow",
-    "file *": "allow",
-    "stat *": "allow",
-    "readlink *": "allow",
-    "realpath *": "allow",
-    "dirname *": "allow",
-    "basename *": "allow",
-    "sed *": "allow",
-    "awk *": "allow",
-    "cut *": "allow",
-    "tr *": "allow",
-    "tee *": "allow",
-    "xargs *": "allow",
-    "jq *": "allow",
-    "yq *": "allow",
-    "mkdir *": "allow",
-    "touch *": "allow",
-    "cp *": "ask",
-    "mv *": "ask",
-    "ln *": "ask",
-    "npm *": "ask",
-    "node *": "ask",
-    "pip *": "ask",
-    "python *": "ask",
-    "python3 *": "ask",
-    "rm *": "deny",
-    "rmdir *": "deny",
-    "curl *": "deny",
-    "wget *": "deny",
-    "chmod *": "deny",
-    "chown *": "deny",
-    "sudo *": "deny",
-    "su *": "deny",
-    "sh *": "deny",
-    "bash *": "deny",
-    "zsh *": "deny",
-    "eval *": "deny",
-    "exec *": "deny",
-    "source *": "deny",
-    ". *": "deny",
-    "nohup *": "deny",
-    "dd *": "deny",
-    "mkfs *": "deny",
-    "mount *": "deny",
-    "umount *": "deny",
-    "kill *": "deny",
-    "killall *": "deny",
-    "pkill *": "deny",
-    "nc *": "deny",
-    "ncat *": "deny",
-    "ssh *": "deny",
-    "scp *": "deny",
-    "rsync *": "deny",
-    "docker *": "deny",
-    "kubectl *": "deny",
-    "systemctl *": "deny",
-    "service *": "deny",
-    "crontab *": "deny",
-    reboot: "deny",
-    "shutdown *": "deny",
-    "passwd *": "deny",
-    "useradd *": "deny",
-    "userdel *": "deny",
-    "iptables *": "deny"
-  },
-  external_directory: "deny",
-  doom_loop: "deny"
-};
-function getAutonomyProfile(config) {
-  return config.permission_policy?.profile;
-}
-function hasPermissionPolicy(config) {
-  return config.permission_policy !== void 0;
-}
-function getCapabilityDecision(config, capability) {
-  return config.permission_policy?.capabilities?.[capability];
-}
-function allowsCapability(config, capability) {
-  return getCapabilityDecision(config, capability) === "allow";
-}
-function keepsWebOnAsk(config) {
-  return getCapabilityDecision(config, "web") === "ask";
-}
-function getHarnessPermissionRules(config) {
-  switch (config.permission_policy?.profile) {
-    case "rigid":
-      return {
-        "*": "ask",
-        webfetch: "ask",
-        websearch: "ask",
-        codesearch: "ask",
-        external_directory: "deny",
-        doom_loop: "deny"
-      };
-    case "sensible-defaults":
-      return SENSIBLE_DEFAULTS_RULES;
-    case "max-autonomy":
-      return {
-        "*": "allow",
-        webfetch: "ask",
-        websearch: "ask",
-        codesearch: "ask",
-        external_directory: "deny",
-        doom_loop: "deny"
-      };
-    default:
-      return void 0;
-  }
-}
-
-// ../harnesses/dist/writers/claude-code.js
 var claudeCodeWriter = {
   id: "claude-code",
   label: "Claude Code",
@@ -22217,7 +22051,7 @@ async function writeClaudeSettings(config, projectRoot) {
   const existingPerms = existing.permissions ?? {};
   const existingAllow = asStringArray2(existingPerms.allow);
   const existingAsk = asStringArray2(existingPerms.ask);
-  const autonomyRules = getClaudeAutonomyRules(config);
+  const autonomyRules = getClaudeAutonomyRules(getAutonomyProfile(config));
   const mcpRules = getClaudeMcpAllowRules(config);
   const allowRules = [
     .../* @__PURE__ */ new Set([...existingAllow, ...autonomyRules.allow, ...mcpRules])
@@ -22243,6 +22077,7 @@ function getClaudeMcpAllowRules(config) {
   for (const server of config.mcp_servers) {
     const allowedTools = server.allowedTools;
     if (!allowedTools || allowedTools.includes("*")) {
+      allowRules.push(`mcp__${server.ref}__*`);
       continue;
     }
     for (const tool of allowedTools) {
@@ -22251,41 +22086,40 @@ function getClaudeMcpAllowRules(config) {
   }
   return allowRules;
 }
-function getClaudeAutonomyRules(config) {
-  const ask = keepsWebOnAsk(config) ? ["WebFetch", "WebSearch"] : [];
-  return {
-    allow: [
-      ...allowsCapability(config, "read") ? ["Read"] : [],
-      ...allowsCapability(config, "edit_write") ? ["Edit"] : [],
-      ...allowsCapability(config, "search_list") ? ["Glob", "Grep"] : [],
-      ...allowsCapability(config, "bash_unsafe") ? ["Bash"] : [],
-      ...allowsCapability(config, "task_agent") ? ["TodoWrite"] : []
-    ],
-    ask
-  };
+function getClaudeAutonomyRules(profile) {
+  switch (profile) {
+    case "rigid":
+      return {
+        allow: ["Read"],
+        ask: [
+          "Edit",
+          "Write",
+          "Glob",
+          "Grep",
+          "Bash",
+          "WebFetch",
+          "WebSearch",
+          "TodoWrite"
+        ]
+      };
+    case "sensible-defaults":
+      return {
+        allow: ["Read", "Edit", "Write", "Glob", "Grep", "TodoWrite"],
+        ask: ["WebFetch", "WebSearch"]
+      };
+    case "max-autonomy":
+      return {
+        allow: ["Read", "Edit", "Write", "Glob", "Grep", "Bash", "TodoWrite"],
+        ask: ["WebFetch", "WebSearch"]
+      };
+    default:
+      return { allow: [], ask: [] };
+  }
 }
 
 // ../harnesses/dist/writers/cursor.js
 import { mkdir as mkdir4, writeFile as writeFile6 } from "fs/promises";
 import { join as join12 } from "path";
-var CURSOR_CAPABILITY_ORDER = [
-  "read",
-  "edit_write",
-  "search_list",
-  "bash_safe",
-  "bash_unsafe",
-  "web",
-  "task_agent"
-];
-var CURSOR_CAPABILITY_LABELS = {
-  read: "read project files",
-  edit_write: "edit and write project files",
-  search_list: "search and list project contents",
-  bash_safe: "run safe local shell commands",
-  bash_unsafe: "run high-impact shell commands",
-  web: "use web or network access",
-  task_agent: "delegate or decompose work into agent tasks"
-};
 var cursorWriter = {
   id: "cursor",
   label: "Cursor",
@@ -22318,21 +22152,36 @@ function getCursorAutonomyNotes(config) {
   if (!hasPermissionPolicy(config)) {
     return [];
   }
-  const allowedCapabilities = CURSOR_CAPABILITY_ORDER.filter((capability) => getCapabilityDecision(config, capability) === "allow").map((capability) => CURSOR_CAPABILITY_LABELS[capability]);
-  const approvalGatedCapabilities = CURSOR_CAPABILITY_ORDER.filter((capability) => getCapabilityDecision(config, capability) === "ask").map((capability) => CURSOR_CAPABILITY_LABELS[capability]);
+  const profile = getAutonomyProfile(config);
   return [
-    `Cursor autonomy note (documented, not enforced): ${getAutonomyProfile(config) ?? "custom"}.`,
+    `Cursor autonomy note (documented, not enforced): ${profile ?? "custom"}.`,
     "Cursor has no verified committed project-local built-in ask/allow/deny config surface, so ADE documents autonomy intent here instead of writing unsupported permission config.",
-    ...allowedCapabilities.length > 0 ? [
-      `Prefer handling these built-in capabilities without extra approval when Cursor permits it: ${allowedCapabilities.join(", ")}.`
-    ] : [],
-    ...approvalGatedCapabilities.length > 0 ? [
-      `Request approval before these capabilities: ${approvalGatedCapabilities.join(", ")}.`
-    ] : [],
+    ...getCursorProfileGuidance(profile),
     "Web and network access must remain approval-gated.",
     "MCP server registration stays in .cursor/mcp.json; MCP tool approvals remain owned by provisioning and are not enforced or re-modeled in this rules file."
   ];
 }
+function getCursorProfileGuidance(profile) {
+  switch (profile) {
+    case "rigid":
+      return [
+        "Prefer handling these built-in capabilities without extra approval when Cursor permits it: read project files.",
+        "Request approval before these capabilities: edit and write project files, search and list project contents, run safe local shell commands, run high-impact shell commands, use web or network access, delegate or decompose work into agent tasks."
+      ];
+    case "sensible-defaults":
+      return [
+        "Prefer handling these built-in capabilities without extra approval when Cursor permits it: read project files, edit and write project files, search and list project contents, run safe local shell commands, delegate or decompose work into agent tasks.",
+        "Request approval before these capabilities: run high-impact shell commands, use web or network access."
+      ];
+    case "max-autonomy":
+      return [
+        "Prefer handling these built-in capabilities without extra approval when Cursor permits it: read project files, edit and write project files, search and list project contents, run safe local shell commands, run high-impact shell commands, delegate or decompose work into agent tasks.",
+        "Request approval before these capabilities: use web or network access."
+      ];
+    default:
+      return [];
+  }
+}
 
 // ../harnesses/dist/writers/copilot.js
 import { join as join13 } from "path";
@@ -22347,7 +22196,7 @@ var copilotWriter = {
       transform: stdioEntry
     });
     const tools = [
-      ...getBuiltInTools(config),
+      ...getBuiltInTools(getAutonomyProfile(config)),
       ...getForwardedMcpTools(config.mcp_servers)
     ];
     await writeAgentMd(config, {
@@ -22361,19 +22210,17 @@ var copilotWriter = {
     await writeGitHooks(config.git_hooks, projectRoot);
   }
 };
-function getBuiltInTools(config) {
-  if (!hasPermissionPolicy(config)) {
-    return ["read", "edit", "search", "execute", "agent", "web"];
+function getBuiltInTools(profile) {
+  switch (profile) {
+    case "rigid":
+      return ["read"];
+    case "sensible-defaults":
+      return ["read", "edit", "search", "agent"];
+    case "max-autonomy":
+      return ["read", "edit", "search", "execute", "agent", "todo"];
+    default:
+      return ["read", "edit", "search", "execute", "agent", "web"];
   }
-  return [
-    ...allowsCapability(config, "read") ? ["read"] : [],
-    ...allowsCapability(config, "edit_write") ? ["edit"] : [],
-    ...allowsCapability(config, "search_list") ? ["search"] : [],
-    ...allowsCapability(config, "bash_unsafe") ? ["execute"] : [],
-    ...allowsCapability(config, "task_agent") ? ["agent"] : [],
-    ...allowsCapability(config, "task_agent") && allowsCapability(config, "bash_unsafe") ? ["todo"] : [],
-    ...!keepsWebOnAsk(config) && allowsCapability(config, "web") ? ["web"] : []
-  ];
 }
 function getForwardedMcpTools(servers) {
   return servers.flatMap((server) => {
@@ -22404,9 +22251,6 @@ function renderCopilotAgentMcpServers(servers) {
   }
   return lines;
 }
-function formatYamlKey(value) {
-  return /^[A-Za-z_][A-Za-z0-9_-]*$/.test(value) ? value : JSON.stringify(value);
-}
 
 // ../harnesses/dist/writers/windsurf.js
 import { join as join14 } from "path";
@@ -22427,41 +22271,37 @@ function getWindsurfRules(config) {
   if (!hasPermissionPolicy(config)) {
     return config.instructions;
   }
-  const { capabilities } = config.permission_policy;
-  const allow = listCapabilities(capabilities, "allow");
-  const ask = listCapabilities(capabilities, "ask");
-  const deny = listCapabilities(capabilities, "deny");
   const autonomyGuidance = [
     "Windsurf limitation: ADE could not verify a stable committed project-local permission schema for Windsurf built-in tools, so this autonomy policy is advisory only and should be applied conservatively.",
-    formatGuidance(allow, ask, deny)
+    getWindsurfProfileGuidance(getAutonomyProfile(config))
   ];
   return [...autonomyGuidance, ...config.instructions];
 }
-function listCapabilities(capabilities, decision) {
-  return Object.entries(capabilities).filter(([, value]) => value === decision).map(([capability]) => CAPABILITY_LABELS[capability]);
-}
-function formatGuidance(allow, ask, deny) {
-  const lines = ["Autonomy guidance for Windsurf built-in capabilities:"];
-  if (allow.length > 0) {
-    lines.push(`- May proceed without extra approval: ${allow.join(", ")}.`);
-  }
-  if (ask.length > 0) {
-    lines.push(`- Ask before: ${ask.join(", ")}.`);
-  }
-  if (deny.length > 0) {
-    lines.push(`- Do not use unless the user explicitly overrides: ${deny.join(", ")}.`);
+function getWindsurfProfileGuidance(profile) {
+  const header = "Autonomy guidance for Windsurf built-in capabilities:";
+  switch (profile) {
+    case "rigid":
+      return [
+        header,
+        "- May proceed without extra approval: read files.",
+        "- Ask before: edit and write files, search and list files, safe local shell commands, unsafe local shell commands, web and network access, task or agent delegation."
+      ].join("\n");
+    case "sensible-defaults":
+      return [
+        header,
+        "- May proceed without extra approval: read files, edit and write files, search and list files, safe local shell commands, task or agent delegation.",
+        "- Ask before: unsafe local shell commands, web and network access."
+      ].join("\n");
+    case "max-autonomy":
+      return [
+        header,
+        "- May proceed without extra approval: read files, edit and write files, search and list files, safe local shell commands, unsafe local shell commands, task or agent delegation.",
+        "- Ask before: web and network access."
+      ].join("\n");
+    default:
+      return `${header} follow project conventions.`;
   }
-  return lines.join("\n");
 }
-var CAPABILITY_LABELS = {
-  read: "read files",
-  edit_write: "edit and write files",
-  search_list: "search and list files",
-  bash_safe: "safe local shell commands",
-  bash_unsafe: "unsafe local shell commands",
-  web: "web and network access",
-  task_agent: "task or agent delegation"
-};
 
 // ../harnesses/dist/writers/cline.js
 import { join as join15 } from "path";
@@ -22510,7 +22350,7 @@ async function writeRooModes(config, projectRoot) {
         slug: "ade",
         name: "ADE",
         roleDefinition: "ADE \u2014 Agentic Development Environment mode generated by ADE.",
-        groups: getRooModeGroups(config),
+        groups: getRooModeGroups(getAutonomyProfile(config), config.mcp_servers.length > 0),
         source: "project"
       }
     }
@@ -22519,13 +22359,18 @@ async function writeRooModes(config, projectRoot) {
 function asRecord(value) {
   return value !== null && typeof value === "object" && !Array.isArray(value) ? value : {};
 }
-function getRooModeGroups(config) {
-  return [
-    ...allowsCapability(config, "read") ? ["read"] : [],
-    ...allowsCapability(config, "edit_write") ? ["edit"] : [],
-    ...allowsCapability(config, "bash_unsafe") ? ["command"] : [],
-    ...config.mcp_servers.length > 0 ? ["mcp"] : []
-  ];
+function getRooModeGroups(profile, hasMcpServers) {
+  const mcpGroup = hasMcpServers ? ["mcp"] : [];
+  switch (profile) {
+    case "rigid":
+      return ["read", ...mcpGroup];
+    case "sensible-defaults":
+      return ["read", "edit", ...mcpGroup];
+    case "max-autonomy":
+      return ["read", "edit", "command", ...mcpGroup];
+    default:
+      return ["read", "edit", "command", ...mcpGroup];
+  }
 }
 
 // ../harnesses/dist/writers/kiro.js
@@ -22542,33 +22387,31 @@ var kiroWriter = {
         autoApprove: server.allowedTools ?? ["*"]
       })
     });
+    const tools = getKiroTools(getAutonomyProfile(config), config.mcp_servers);
     await writeJson(join17(projectRoot, ".kiro", "agents", "ade.json"), {
       name: "ade",
       description: "ADE \u2014 Agentic Development Environment agent with project conventions and tools.",
       prompt: config.instructions.join("\n\n") || "ADE \u2014 Agentic Development Environment agent.",
       mcpServers: getKiroAgentMcpServers(config.mcp_servers),
-      tools: getKiroTools(config),
-      allowedTools: getKiroAllowedTools(config),
+      tools,
+      allowedTools: tools,
       useLegacyMcpJson: true
     });
     await writeGitHooks(config.git_hooks, projectRoot);
   }
 };
-function getKiroTools(config) {
-  const mcpTools = getKiroForwardedMcpTools(config.mcp_servers);
-  if (!hasPermissionPolicy(config)) {
-    return ["read", "write", "shell", "spec", ...mcpTools];
+function getKiroTools(profile, servers) {
+  const mcpTools = getKiroForwardedMcpTools(servers);
+  switch (profile) {
+    case "rigid":
+      return ["read", "shell", "spec", ...mcpTools];
+    case "sensible-defaults":
+      return ["read", "write", "shell", "spec", ...mcpTools];
+    case "max-autonomy":
+      return ["read", "write", "shell(*)", "spec", ...mcpTools];
+    default:
+      return ["read", "write", "shell", "spec", ...mcpTools];
   }
-  return [
-    ...getCapabilityDecision(config, "read") !== "deny" ? ["read"] : [],
-    ...allowsCapability(config, "edit_write") ? ["write"] : [],
-    ...allowsCapability(config, "bash_unsafe") ? ["shell(*)"] : ["shell"],
-    "spec",
-    ...mcpTools
-  ];
-}
-function getKiroAllowedTools(config) {
-  return getKiroTools(config);
 }
 function getKiroForwardedMcpTools(servers) {
   return servers.flatMap((server) => {
@@ -22591,6 +22434,145 @@ function getKiroAgentMcpServers(servers) {
 
 // ../harnesses/dist/writers/opencode.js
 import { join as join18 } from "path";
+var RIGID_RULES = {
+  "*": "ask",
+  webfetch: "ask",
+  websearch: "ask",
+  codesearch: "ask",
+  external_directory: "deny",
+  doom_loop: "deny"
+};
+var SENSIBLE_DEFAULTS_RULES = {
+  read: {
+    "*": "allow",
+    "*.env": "deny",
+    "*.env.*": "deny",
+    "*.env.example": "allow"
+  },
+  edit: "allow",
+  glob: "allow",
+  grep: "allow",
+  list: "allow",
+  lsp: "allow",
+  task: "allow",
+  todoread: "deny",
+  todowrite: "deny",
+  skill: "deny",
+  webfetch: "ask",
+  websearch: "ask",
+  codesearch: "ask",
+  bash: {
+    "*": "deny",
+    "grep *": "allow",
+    "rg *": "allow",
+    "find *": "allow",
+    "fd *": "allow",
+    ls: "allow",
+    "ls *": "allow",
+    "cat *": "allow",
+    "head *": "allow",
+    "tail *": "allow",
+    "wc *": "allow",
+    "sort *": "allow",
+    "uniq *": "allow",
+    "diff *": "allow",
+    "echo *": "allow",
+    "printf *": "allow",
+    pwd: "allow",
+    "which *": "allow",
+    "type *": "allow",
+    whoami: "allow",
+    date: "allow",
+    "date *": "allow",
+    env: "allow",
+    "tree *": "allow",
+    "file *": "allow",
+    "stat *": "allow",
+    "readlink *": "allow",
+    "realpath *": "allow",
+    "dirname *": "allow",
+    "basename *": "allow",
+    "sed *": "allow",
+    "awk *": "allow",
+    "cut *": "allow",
+    "tr *": "allow",
+    "tee *": "allow",
+    "xargs *": "allow",
+    "jq *": "allow",
+    "yq *": "allow",
+    "mkdir *": "allow",
+    "touch *": "allow",
+    "cp *": "ask",
+    "mv *": "ask",
+    "ln *": "ask",
+    "npm *": "ask",
+    "node *": "ask",
+    "pip *": "ask",
+    "python *": "ask",
+    "python3 *": "ask",
+    "rm *": "deny",
+    "rmdir *": "deny",
+    "curl *": "deny",
+    "wget *": "deny",
+    "chmod *": "deny",
+    "chown *": "deny",
+    "sudo *": "deny",
+    "su *": "deny",
+    "sh *": "deny",
+    "bash *": "deny",
+    "zsh *": "deny",
+    "eval *": "deny",
+    "exec *": "deny",
+    "source *": "deny",
+    ". *": "deny",
+    "nohup *": "deny",
+    "dd *": "deny",
+    "mkfs *": "deny",
+    "mount *": "deny",
+    "umount *": "deny",
+    "kill *": "deny",
+    "killall *": "deny",
+    "pkill *": "deny",
+    "nc *": "deny",
+    "ncat *": "deny",
+    "ssh *": "deny",
+    "scp *": "deny",
+    "rsync *": "deny",
+    "docker *": "deny",
+    "kubectl *": "deny",
+    "systemctl *": "deny",
+    "service *": "deny",
+    "crontab *": "deny",
+    reboot: "deny",
+    "shutdown *": "deny",
+    "passwd *": "deny",
+    "useradd *": "deny",
+    "userdel *": "deny",
+    "iptables *": "deny"
+  },
+  external_directory: "deny",
+  doom_loop: "deny"
+};
+var MAX_AUTONOMY_RULES = {
+  "*": "allow",
+  webfetch: "ask",
+  websearch: "ask",
+  codesearch: "ask",
+  external_directory: "deny",
+  doom_loop: "deny"
+};
+function getPermissionRules(profile) {
+  switch (profile) {
+    case "rigid":
+      return RIGID_RULES;
+    case "sensible-defaults":
+      return SENSIBLE_DEFAULTS_RULES;
+    case "max-autonomy":
+      return MAX_AUTONOMY_RULES;
+    default:
+      return void 0;
+  }
+}
 var opencodeWriter = {
   id: "opencode",
   label: "OpenCode",
@@ -22606,7 +22588,7 @@ var opencodeWriter = {
       }),
       defaults: { $schema: "https://opencode.ai/config.json" }
     });
-    const permission = getHarnessPermissionRules(config);
+    const permission = getPermissionRules(getAutonomyProfile(config));
     await writeAgentMd(config, {
       path: join18(projectRoot, ".opencode", "agents", "ade.md"),
       extraFrontmatter: permission ? renderYamlMapping("permission", permission) : void 0,
@@ -22617,19 +22599,16 @@ var opencodeWriter = {
 };
 function renderYamlMapping(key, value, indent = 0) {
   const prefix = " ".repeat(indent);
-  const lines = [`${prefix}${formatYamlKey2(key)}:`];
+  const lines = [`${prefix}${formatYamlKey(key)}:`];
   for (const [childKey, childValue] of Object.entries(value)) {
     if (typeof childValue === "object" && childValue !== null && !Array.isArray(childValue)) {
       lines.push(...renderYamlMapping(childKey, childValue, indent + 2));
       continue;
     }
-    lines.push(`${" ".repeat(indent + 2)}${formatYamlKey2(childKey)}: ${JSON.stringify(childValue)}`);
+    lines.push(`${" ".repeat(indent + 2)}${formatYamlKey(childKey)}: ${JSON.stringify(childValue)}`);
   }
   return lines;
 }
-function formatYamlKey2(value) {
-  return /^[A-Za-z_][A-Za-z0-9_-]*$/.test(value) ? value : JSON.stringify(value);
-}
 
 // ../harnesses/dist/index.js
 var allHarnessWriters = [

package/package.json

@@ -15,8 +15,8 @@
   "dependencies": {
     "@clack/prompts": "^1.1.0",
     "yaml": "^2.8.2",
-    "@codemcp/ade-core": "0.2.5",
-    "@codemcp/ade-harnesses": "0.2.5"
+    "@codemcp/ade-core": "0.2.6",
+    "@codemcp/ade-harnesses": "0.2.6"
   },
   "devDependencies": {
     "@codemcp/knowledge": "2.1.0",
@@ -27,7 +27,7 @@
     "typescript": "^5.9.3",
     "vitest": "^3.2.4"
   },
-  "version": "0.2.5",
+  "version": "0.2.6",
   "scripts": {
     "build": "tsup",
     "clean:build": "rimraf ./dist",