@codemcp/ade-harnesses 0.0.2 → 0.1.0

package/.turbo/turbo-build.log

@@ -1,4 +1,4 @@
 
-> @codemcp/ade-harnesses@0.0.2 build /home/runner/work/ade/ade/packages/harnesses
+> @codemcp/ade-harnesses@0.1.0 build /home/runner/work/ade/ade/packages/harnesses
 > tsc -p tsconfig.build.json
 

package/.turbo/turbo-format.log

@@ -1,5 +1,5 @@
 
-> @codemcp/ade-harnesses@0.0.2 format /home/runner/work/ade/ade/packages/harnesses
+> @codemcp/ade-harnesses@0.1.0 format /home/runner/work/ade/ade/packages/harnesses
 > prettier --check .
 
 Checking formatting...

package/.turbo/turbo-lint.log

@@ -1,4 +1,4 @@
 
-> @codemcp/ade-harnesses@0.0.2 lint /home/runner/work/ade/ade/packages/harnesses
+> @codemcp/ade-harnesses@0.1.0 lint /home/runner/work/ade/ade/packages/harnesses
 > eslint .
 

package/.turbo/turbo-test.log

@@ -1,20 +1,23 @@
 
-> @codemcp/ade-harnesses@0.0.2 test /home/runner/work/ade/ade/packages/harnesses
+> @codemcp/ade-harnesses@0.1.0 test /home/runner/work/ade/ade/packages/harnesses
 > vitest --run
 
 
  RUN  v3.2.4 /home/runner/work/ade/ade/packages/harnesses
 
- ✓ src/writers/copilot.spec.ts (4 tests) 55ms
- ✓ src/writers/cursor.spec.ts (5 tests) 82ms
- ✓ src/writers/claude-code.spec.ts (6 tests) 107ms
- ✓ src/writers/roo-code.spec.ts (3 tests) 31ms
- ✓ src/writers/windsurf.spec.ts (3 tests) 82ms
- ✓ src/writers/cline.spec.ts (3 tests) 82ms
- ✓ src/index.spec.ts (4 tests) 9ms
+ ✓ src/writers/copilot.spec.ts (5 tests) 99ms
+ ✓ src/writers/claude-code.spec.ts (10 tests) 129ms
+ ✓ src/writers/opencode.spec.ts (2 tests) 68ms
+ ✓ src/writers/cursor.spec.ts (6 tests) 68ms
+ ✓ src/writers/kiro.spec.ts (4 tests) 84ms
+ ✓ src/writers/cline.spec.ts (5 tests) 68ms
+ ✓ src/writers/windsurf.spec.ts (4 tests) 79ms
+ ✓ src/writers/roo-code.spec.ts (4 tests) 92ms
+ ✓ src/writers/universal.spec.ts (3 tests) 89ms
+ ✓ src/index.spec.ts (4 tests) 6ms
 
- Test Files  7 passed (7)
-      Tests  28 passed (28)
-   Start at  06:53:29
-   Duration  3.26s (transform 457ms, setup 0ms, collect 1.32s, tests 448ms, environment 4ms, prepare 2.22s)
+ Test Files  10 passed (10)
+      Tests  47 passed (47)
+   Start at  12:11:20
+   Duration  3.69s (transform 606ms, setup 0ms, collect 1.55s, tests 781ms, environment 2ms, prepare 2.86s)
 

package/.turbo/turbo-typecheck.log

@@ -1,4 +1,4 @@
 
-> @codemcp/ade-harnesses@0.0.2 typecheck /home/runner/work/ade/ade/packages/harnesses
+> @codemcp/ade-harnesses@0.1.0 typecheck /home/runner/work/ade/ade/packages/harnesses
 > tsc
 

package/dist/permission-policy.d.ts

@@ -0,0 +1,7 @@
+import type { AutonomyCapability, LogicalConfig, PermissionDecision, PermissionRule } from "@codemcp/ade-core";
+export declare function getAutonomyProfile(config: LogicalConfig): import("@codemcp/ade-core").AutonomyProfile | undefined;
+export declare function hasPermissionPolicy(config: LogicalConfig): boolean;
+export declare function getCapabilityDecision(config: LogicalConfig, capability: AutonomyCapability): PermissionDecision | undefined;
+export declare function allowsCapability(config: LogicalConfig, capability: AutonomyCapability): boolean;
+export declare function keepsWebOnAsk(config: LogicalConfig): boolean;
+export declare function getHarnessPermissionRules(config: LogicalConfig): Record<string, PermissionRule> | undefined;

package/dist/permission-policy.js

@@ -0,0 +1,152 @@
+const SENSIBLE_DEFAULTS_RULES = {
+    read: {
+        "*": "allow",
+        "*.env": "deny",
+        "*.env.*": "deny",
+        "*.env.example": "allow"
+    },
+    edit: "allow",
+    glob: "allow",
+    grep: "allow",
+    list: "allow",
+    lsp: "allow",
+    task: "allow",
+    todoread: "deny",
+    todowrite: "deny",
+    skill: "deny",
+    webfetch: "ask",
+    websearch: "ask",
+    codesearch: "ask",
+    bash: {
+        "*": "deny",
+        "grep *": "allow",
+        "rg *": "allow",
+        "find *": "allow",
+        "fd *": "allow",
+        ls: "allow",
+        "ls *": "allow",
+        "cat *": "allow",
+        "head *": "allow",
+        "tail *": "allow",
+        "wc *": "allow",
+        "sort *": "allow",
+        "uniq *": "allow",
+        "diff *": "allow",
+        "echo *": "allow",
+        "printf *": "allow",
+        pwd: "allow",
+        "which *": "allow",
+        "type *": "allow",
+        whoami: "allow",
+        date: "allow",
+        "date *": "allow",
+        env: "allow",
+        "tree *": "allow",
+        "file *": "allow",
+        "stat *": "allow",
+        "readlink *": "allow",
+        "realpath *": "allow",
+        "dirname *": "allow",
+        "basename *": "allow",
+        "sed *": "allow",
+        "awk *": "allow",
+        "cut *": "allow",
+        "tr *": "allow",
+        "tee *": "allow",
+        "xargs *": "allow",
+        "jq *": "allow",
+        "yq *": "allow",
+        "mkdir *": "allow",
+        "touch *": "allow",
+        "cp *": "ask",
+        "mv *": "ask",
+        "ln *": "ask",
+        "npm *": "ask",
+        "node *": "ask",
+        "pip *": "ask",
+        "python *": "ask",
+        "python3 *": "ask",
+        "rm *": "deny",
+        "rmdir *": "deny",
+        "curl *": "deny",
+        "wget *": "deny",
+        "chmod *": "deny",
+        "chown *": "deny",
+        "sudo *": "deny",
+        "su *": "deny",
+        "sh *": "deny",
+        "bash *": "deny",
+        "zsh *": "deny",
+        "eval *": "deny",
+        "exec *": "deny",
+        "source *": "deny",
+        ". *": "deny",
+        "nohup *": "deny",
+        "dd *": "deny",
+        "mkfs *": "deny",
+        "mount *": "deny",
+        "umount *": "deny",
+        "kill *": "deny",
+        "killall *": "deny",
+        "pkill *": "deny",
+        "nc *": "deny",
+        "ncat *": "deny",
+        "ssh *": "deny",
+        "scp *": "deny",
+        "rsync *": "deny",
+        "docker *": "deny",
+        "kubectl *": "deny",
+        "systemctl *": "deny",
+        "service *": "deny",
+        "crontab *": "deny",
+        reboot: "deny",
+        "shutdown *": "deny",
+        "passwd *": "deny",
+        "useradd *": "deny",
+        "userdel *": "deny",
+        "iptables *": "deny"
+    },
+    external_directory: "deny",
+    doom_loop: "deny"
+};
+export function getAutonomyProfile(config) {
+    return config.permission_policy?.profile;
+}
+export function hasPermissionPolicy(config) {
+    return config.permission_policy !== undefined;
+}
+export function getCapabilityDecision(config, capability) {
+    return config.permission_policy?.capabilities?.[capability];
+}
+export function allowsCapability(config, capability) {
+    return getCapabilityDecision(config, capability) === "allow";
+}
+export function keepsWebOnAsk(config) {
+    return getCapabilityDecision(config, "web") === "ask";
+}
+export function getHarnessPermissionRules(config) {
+    switch (config.permission_policy?.profile) {
+        case "rigid":
+            return {
+                "*": "ask",
+                webfetch: "ask",
+                websearch: "ask",
+                codesearch: "ask",
+                external_directory: "deny",
+                doom_loop: "deny"
+            };
+        case "sensible-defaults":
+            return SENSIBLE_DEFAULTS_RULES;
+        case "max-autonomy":
+            return {
+                "*": "allow",
+                webfetch: "ask",
+                websearch: "ask",
+                codesearch: "ask",
+                external_directory: "deny",
+                doom_loop: "deny"
+            };
+        default:
+            return undefined;
+    }
+}

package/dist/writers/claude-code.js

@@ -1,5 +1,6 @@
 import { join } from "node:path";
 import { readJsonOrEmpty, writeJson, writeMcpServers, writeAgentMd, writeInlineSkills, writeGitHooks } from "../util.js";
+import { allowsCapability, keepsWebOnAsk } from "../permission-policy.js";
 export const claudeCodeWriter = {
     id: "claude-code",
     label: "Claude Code",
@@ -18,28 +19,59 @@ export const claudeCodeWriter = {
     }
 };
 async function writeClaudeSettings(config, projectRoot) {
-    const servers = config.mcp_servers;
-    if (servers.length === 0)
-        return;
     const settingsPath = join(projectRoot, ".claude", "settings.json");
     const existing = await readJsonOrEmpty(settingsPath);
-    const allowRules = [];
-    for (const server of servers) {
-        const allowed = server.allowedTools ?? ["*"];
-        if (allowed.includes("*")) {
-            allowRules.push(`MCP(${server.ref}:*)`);
-        }
-        else {
-            for (const tool of allowed) {
-                allowRules.push(`MCP(${server.ref}:${tool})`);
-            }
-        }
-    }
     const existingPerms = existing.permissions ?? {};
-    const existingAllow = existingPerms.allow ?? [];
-    const mergedAllow = [...new Set([...existingAllow, ...allowRules])];
+    const existingAllow = asStringArray(existingPerms.allow);
+    const existingAsk = asStringArray(existingPerms.ask);
+    const autonomyRules = getClaudeAutonomyRules(config);
+    const mcpRules = getClaudeMcpAllowRules(config);
+    const allowRules = [
+        ...new Set([...existingAllow, ...autonomyRules.allow, ...mcpRules])
+    ];
+    const askRules = [...new Set([...existingAsk, ...autonomyRules.ask])];
+    if (allowRules.length === 0 &&
+        askRules.length === 0 &&
+        config.mcp_servers.length === 0) {
+        return;
+    }
     await writeJson(settingsPath, {
         ...existing,
-        permissions: { ...existingPerms, allow: mergedAllow }
+        permissions: {
+            ...existingPerms,
+            ...(allowRules.length > 0 ? { allow: allowRules } : {}),
+            ...(askRules.length > 0 ? { ask: askRules } : {})
+        }
     });
 }
+function asStringArray(value) {
+    return Array.isArray(value)
+        ? value.filter((entry) => typeof entry === "string")
+        : [];
+}
+function getClaudeMcpAllowRules(config) {
+    const allowRules = [];
+    for (const server of config.mcp_servers) {
+        const allowedTools = server.allowedTools;
+        if (!allowedTools || allowedTools.includes("*")) {
+            continue;
+        }
+        for (const tool of allowedTools) {
+            allowRules.push(`mcp__${server.ref}__${tool}`);
+        }
+    }
+    return allowRules;
+}
+function getClaudeAutonomyRules(config) {
+    const ask = keepsWebOnAsk(config) ? ["WebFetch", "WebSearch"] : [];
+    return {
+        allow: [
+            ...(allowsCapability(config, "read") ? ["Read"] : []),
+            ...(allowsCapability(config, "edit_write") ? ["Edit"] : []),
+            ...(allowsCapability(config, "search_list") ? ["Glob", "Grep"] : []),
+            ...(allowsCapability(config, "bash_unsafe") ? ["Bash"] : []),
+            ...(allowsCapability(config, "task_agent") ? ["TodoWrite"] : [])
+        ],
+        ask
+    };
+}

package/dist/writers/cline.js

@@ -3,10 +3,10 @@ import { writeMcpServers, alwaysAllowEntry, writeRulesFile, writeGitHooks } from
 export const clineWriter = {
     id: "cline",
     label: "Cline",
-    description: "VS Code AI agent — .cline/mcp.json + .clinerules",
+    description: "VS Code AI agent — cline_mcp_settings.json + .clinerules",
     async install(config, projectRoot) {
         await writeMcpServers(config.mcp_servers, {
-            path: join(projectRoot, ".cline", "mcp.json"),
+            path: join(projectRoot, "cline_mcp_settings.json"),
             transform: alwaysAllowEntry
         });
         await writeRulesFile(config.instructions, join(projectRoot, ".clinerules"));

package/dist/writers/copilot.js

@@ -1,5 +1,6 @@
 import { join } from "node:path";
 import { writeMcpServers, stdioEntry, writeAgentMd, writeGitHooks } from "../util.js";
+import { allowsCapability, hasPermissionPolicy, keepsWebOnAsk } from "../permission-policy.js";
 export const copilotWriter = {
     id: "copilot",
     label: "GitHub Copilot",
@@ -11,18 +12,70 @@ export const copilotWriter = {
             transform: stdioEntry
         });
         const tools = [
-            "edit",
-            "search",
-            "runCommands",
-            "runTasks",
-            "fetch",
-            "githubRepo",
-            ...config.mcp_servers.map((s) => `${s.ref}/*`)
+            ...getBuiltInTools(config),
+            ...getForwardedMcpTools(config.mcp_servers)
         ];
         await writeAgentMd(config, {
             path: join(projectRoot, ".github", "agents", "ade.agent.md"),
-            extraFrontmatter: ["tools:", ...tools.map((t) => `  - ${t}`)]
+            extraFrontmatter: [
+                "tools:",
+                ...tools.map((t) => `  - ${t}`),
+                ...renderCopilotAgentMcpServers(config.mcp_servers)
+            ]
         });
         await writeGitHooks(config.git_hooks, projectRoot);
     }
 };
+function getBuiltInTools(config) {
+    if (!hasPermissionPolicy(config)) {
+        return ["read", "edit", "search", "execute", "agent", "web"];
+    }
+    return [
+        ...(allowsCapability(config, "read") ? ["read"] : []),
+        ...(allowsCapability(config, "edit_write") ? ["edit"] : []),
+        ...(allowsCapability(config, "search_list") ? ["search"] : []),
+        ...(allowsCapability(config, "bash_unsafe") ? ["execute"] : []),
+        ...(allowsCapability(config, "task_agent") ? ["agent"] : []),
+        ...(allowsCapability(config, "task_agent") &&
+            allowsCapability(config, "bash_unsafe")
+            ? ["todo"]
+            : []),
+        ...(!keepsWebOnAsk(config) && allowsCapability(config, "web")
+            ? ["web"]
+            : [])
+    ];
+}
+function getForwardedMcpTools(servers) {
+    return servers.flatMap((server) => {
+        const allowedTools = server.allowedTools ?? ["*"];
+        if (allowedTools.includes("*")) {
+            return [`${server.ref}/*`];
+        }
+        return allowedTools.map((tool) => `${server.ref}/${tool}`);
+    });
+}
+function renderCopilotAgentMcpServers(servers) {
+    if (servers.length === 0) {
+        return [];
+    }
+    const lines = ["mcp-servers:"];
+    for (const server of servers) {
+        lines.push(`  ${formatYamlKey(server.ref)}:`);
+        lines.push("    type: stdio");
+        lines.push(`    command: ${JSON.stringify(server.command)}`);
+        lines.push(`    args: ${JSON.stringify(server.args)}`);
+        lines.push(`    tools: ${JSON.stringify(server.allowedTools ?? ["*"])}`);
+        if (Object.keys(server.env).length > 0) {
+            lines.push("    env:");
+            for (const [key, value] of Object.entries(server.env)) {
+                lines.push(`      ${formatYamlKey(key)}: ${JSON.stringify(value)}`);
+            }
+        }
+    }
+    return lines;
+}
+function formatYamlKey(value) {
+    return /^[A-Za-z_][A-Za-z0-9_-]*$/.test(value)
+        ? value
+        : JSON.stringify(value);
+}

package/dist/writers/cursor.js

@@ -1,6 +1,25 @@
 import { mkdir, writeFile } from "node:fs/promises";
 import { join } from "node:path";
 import { writeMcpServers, writeGitHooks } from "../util.js";
+import { getAutonomyProfile, getCapabilityDecision, hasPermissionPolicy } from "../permission-policy.js";
+const CURSOR_CAPABILITY_ORDER = [
+    "read",
+    "edit_write",
+    "search_list",
+    "bash_safe",
+    "bash_unsafe",
+    "web",
+    "task_agent"
+];
+const CURSOR_CAPABILITY_LABELS = {
+    read: "read project files",
+    edit_write: "edit and write project files",
+    search_list: "search and list project contents",
+    bash_safe: "run safe local shell commands",
+    bash_unsafe: "run high-impact shell commands",
+    web: "use web or network access",
+    task_agent: "delegate or decompose work into agent tasks"
+};
 export const cursorWriter = {
     id: "cursor",
     label: "Cursor",
@@ -9,7 +28,8 @@ export const cursorWriter = {
         await writeMcpServers(config.mcp_servers, {
             path: join(projectRoot, ".cursor", "mcp.json")
         });
-        if (config.instructions.length > 0) {
+        const rulesBody = getCursorRulesBody(config);
+        if (rulesBody.length > 0) {
             const rulesDir = join(projectRoot, ".cursor", "rules");
             await mkdir(rulesDir, { recursive: true });
             const content = [
@@ -18,10 +38,36 @@ export const cursorWriter = {
                 "globs: *",
                 "---",
                 "",
-                ...config.instructions.flatMap((i) => [i, ""])
+                ...rulesBody.flatMap((line) => [line, ""])
             ].join("\n");
             await writeFile(join(rulesDir, "ade.mdc"), content, "utf-8");
         }
         await writeGitHooks(config.git_hooks, projectRoot);
     }
 };
+function getCursorRulesBody(config) {
+    return [...config.instructions, ...getCursorAutonomyNotes(config)];
+}
+function getCursorAutonomyNotes(config) {
+    if (!hasPermissionPolicy(config)) {
+        return [];
+    }
+    const allowedCapabilities = CURSOR_CAPABILITY_ORDER.filter((capability) => getCapabilityDecision(config, capability) === "allow").map((capability) => CURSOR_CAPABILITY_LABELS[capability]);
+    const approvalGatedCapabilities = CURSOR_CAPABILITY_ORDER.filter((capability) => getCapabilityDecision(config, capability) === "ask").map((capability) => CURSOR_CAPABILITY_LABELS[capability]);
+    return [
+        `Cursor autonomy note (documented, not enforced): ${getAutonomyProfile(config) ?? "custom"}.`,
+        "Cursor has no verified committed project-local built-in ask/allow/deny config surface, so ADE documents autonomy intent here instead of writing unsupported permission config.",
+        ...(allowedCapabilities.length > 0
+            ? [
+                `Prefer handling these built-in capabilities without extra approval when Cursor permits it: ${allowedCapabilities.join(", ")}.`
+            ]
+            : []),
+        ...(approvalGatedCapabilities.length > 0
+            ? [
+                `Request approval before these capabilities: ${approvalGatedCapabilities.join(", ")}.`
+            ]
+            : []),
+        "Web and network access must remain approval-gated.",
+        "MCP server registration stays in .cursor/mcp.json; MCP tool approvals remain owned by provisioning and are not enforced or re-modeled in this rules file."
+    ];
+}

package/dist/writers/kiro.js

@@ -1,46 +1,62 @@
 import { join } from "node:path";
-import { standardEntry, writeJson, writeGitHooks } from "../util.js";
+import { standardEntry, writeGitHooks, writeJson, writeMcpServers } from "../util.js";
+import { allowsCapability, getCapabilityDecision, hasPermissionPolicy } from "../permission-policy.js";
 export const kiroWriter = {
     id: "kiro",
     label: "Kiro",
-    description: "AWS AI IDE — .kiro/agents/ade.json",
+    description: "AWS AI IDE — .kiro/agents/ade.json + .kiro/settings/mcp.json",
     async install(config, projectRoot) {
-        const servers = config.mcp_servers;
-        if (servers.length > 0 || config.instructions.length > 0) {
-            const mcpServers = {};
-            for (const s of servers) {
-                mcpServers[s.ref] = standardEntry(s);
-            }
-            const tools = [
-                "execute_bash",
-                "fs_read",
-                "fs_write",
-                "knowledge",
-                "thinking",
-                ...Object.keys(mcpServers).map((n) => `@${n}`)
-            ];
-            const allowedTools = [];
-            for (const s of servers) {
-                const explicit = s.allowedTools;
-                if (explicit && !explicit.includes("*")) {
-                    for (const tool of explicit) {
-                        allowedTools.push(`@${s.ref}/${tool}`);
-                    }
-                }
-                else {
-                    allowedTools.push(`@${s.ref}/*`);
-                }
-            }
-            await writeJson(join(projectRoot, ".kiro", "agents", "ade.json"), {
-                name: "ade",
-                prompt: config.instructions.length > 0
-                    ? config.instructions.join("\n\n")
-                    : "ADE — Agentic Development Environment agent",
-                mcpServers,
-                tools,
-                allowedTools
-            });
-        }
+        await writeMcpServers(config.mcp_servers, {
+            path: join(projectRoot, ".kiro", "settings", "mcp.json"),
+            transform: (server) => ({
+                ...standardEntry(server),
+                autoApprove: server.allowedTools ?? ["*"]
+            })
+        });
+        await writeJson(join(projectRoot, ".kiro", "agents", "ade.json"), {
+            name: "ade",
+            description: "ADE — Agentic Development Environment agent with project conventions and tools.",
+            prompt: config.instructions.join("\n\n") ||
+                "ADE — Agentic Development Environment agent.",
+            mcpServers: getKiroAgentMcpServers(config.mcp_servers),
+            tools: getKiroTools(config),
+            allowedTools: getKiroAllowedTools(config),
+            useLegacyMcpJson: true
+        });
         await writeGitHooks(config.git_hooks, projectRoot);
     }
 };
+function getKiroTools(config) {
+    const mcpTools = getKiroForwardedMcpTools(config.mcp_servers);
+    if (!hasPermissionPolicy(config)) {
+        return ["read", "write", "shell", "spec", ...mcpTools];
+    }
+    return [
+        ...(getCapabilityDecision(config, "read") !== "deny" ? ["read"] : []),
+        ...(allowsCapability(config, "edit_write") ? ["write"] : []),
+        ...(allowsCapability(config, "bash_unsafe") ? ["shell"] : []),
+        "spec",
+        ...mcpTools
+    ];
+}
+function getKiroAllowedTools(config) {
+    return getKiroTools(config);
+}
+function getKiroForwardedMcpTools(servers) {
+    return servers.flatMap((server) => {
+        const allowedTools = server.allowedTools ?? ["*"];
+        if (allowedTools.includes("*")) {
+            return [`@${server.ref}/*`];
+        }
+        return allowedTools.map((tool) => `@${server.ref}/${tool}`);
+    });
+}
+function getKiroAgentMcpServers(servers) {
+    return Object.fromEntries(servers.map((server) => [
+        server.ref,
+        {
+            ...standardEntry(server),
+            autoApprove: server.allowedTools ?? ["*"]
+        }
+    ]));
+}

package/dist/writers/opencode.js

@@ -1,5 +1,6 @@
 import { join } from "node:path";
-import { writeMcpServers, writeAgentMd, writeGitHooks } from "../util.js";
+import { writeAgentMd, writeGitHooks, writeMcpServers } from "../util.js";
+import { getHarnessPermissionRules } from "../permission-policy.js";
 export const opencodeWriter = {
     id: "opencode",
     label: "OpenCode",
@@ -11,35 +12,37 @@ export const opencodeWriter = {
             transform: (s) => ({
                 type: "local",
                 command: [s.command, ...s.args],
-                ...(Object.keys(s.env).length > 0 ? { env: s.env } : {})
+                ...(Object.keys(s.env).length > 0 ? { environment: s.env } : {})
             }),
             defaults: { $schema: "https://opencode.ai/config.json" }
         });
-        const servers = config.mcp_servers;
-        const extraFm = [
-            "tools:",
-            "  read: true",
-            "  edit: approve",
-            "  bash: approve"
-        ];
-        if (servers.length > 0) {
-            extraFm.push("mcp_servers:");
-            for (const s of servers) {
-                extraFm.push(`  ${s.ref}:`);
-                extraFm.push(`    command: [${[s.command, ...s.args].map((a) => `"${a}"`).join(", ")}]`);
-                if (Object.keys(s.env).length > 0) {
-                    extraFm.push("    env:");
-                    for (const [k, v] of Object.entries(s.env)) {
-                        extraFm.push(`      ${k}: "${v}"`);
-                    }
-                }
-            }
-        }
+        const permission = getHarnessPermissionRules(config);
         await writeAgentMd(config, {
             path: join(projectRoot, ".opencode", "agents", "ade.md"),
-            extraFrontmatter: extraFm,
+            extraFrontmatter: permission
+                ? renderYamlMapping("permission", permission)
+                : undefined,
             fallbackBody: "ADE — Agentic Development Environment agent with project conventions and tools."
         });
         await writeGitHooks(config.git_hooks, projectRoot);
     }
 };
+function renderYamlMapping(key, value, indent = 0) {
+    const prefix = " ".repeat(indent);
+    const lines = [`${prefix}${formatYamlKey(key)}:`];
+    for (const [childKey, childValue] of Object.entries(value)) {
+        if (typeof childValue === "object" &&
+            childValue !== null &&
+            !Array.isArray(childValue)) {
+            lines.push(...renderYamlMapping(childKey, childValue, indent + 2));
+            continue;
+        }
+        lines.push(`${" ".repeat(indent + 2)}${formatYamlKey(childKey)}: ${JSON.stringify(childValue)}`);
+    }
+    return lines;
+}
+function formatYamlKey(value) {
+    return /^[A-Za-z_][A-Za-z0-9_-]*$/.test(value)
+        ? value
+        : JSON.stringify(value);
+}