@codemcp/ade-harnesses 0.0.2 → 0.1.1

package/dist/writers/opencode.js

@@ -1,5 +1,6 @@
 import { join } from "node:path";
-import { writeMcpServers, writeAgentMd, writeGitHooks } from "../util.js";
+import { writeAgentMd, writeGitHooks, writeMcpServers } from "../util.js";
+import { getHarnessPermissionRules } from "../permission-policy.js";
 export const opencodeWriter = {
     id: "opencode",
     label: "OpenCode",
@@ -11,35 +12,37 @@ export const opencodeWriter = {
             transform: (s) => ({
                 type: "local",
                 command: [s.command, ...s.args],
-                ...(Object.keys(s.env).length > 0 ? { env: s.env } : {})
+                ...(Object.keys(s.env).length > 0 ? { environment: s.env } : {})
             }),
             defaults: { $schema: "https://opencode.ai/config.json" }
         });
-        const servers = config.mcp_servers;
-        const extraFm = [
-            "tools:",
-            "  read: true",
-            "  edit: approve",
-            "  bash: approve"
-        ];
-        if (servers.length > 0) {
-            extraFm.push("mcp_servers:");
-            for (const s of servers) {
-                extraFm.push(`  ${s.ref}:`);
-                extraFm.push(`    command: [${[s.command, ...s.args].map((a) => `"${a}"`).join(", ")}]`);
-                if (Object.keys(s.env).length > 0) {
-                    extraFm.push("    env:");
-                    for (const [k, v] of Object.entries(s.env)) {
-                        extraFm.push(`      ${k}: "${v}"`);
-                    }
-                }
-            }
-        }
+        const permission = getHarnessPermissionRules(config);
         await writeAgentMd(config, {
             path: join(projectRoot, ".opencode", "agents", "ade.md"),
-            extraFrontmatter: extraFm,
+            extraFrontmatter: permission
+                ? renderYamlMapping("permission", permission)
+                : undefined,
             fallbackBody: "ADE — Agentic Development Environment agent with project conventions and tools."
         });
         await writeGitHooks(config.git_hooks, projectRoot);
     }
 };
+function renderYamlMapping(key, value, indent = 0) {
+    const prefix = " ".repeat(indent);
+    const lines = [`${prefix}${formatYamlKey(key)}:`];
+    for (const [childKey, childValue] of Object.entries(value)) {
+        if (typeof childValue === "object" &&
+            childValue !== null &&
+            !Array.isArray(childValue)) {
+            lines.push(...renderYamlMapping(childKey, childValue, indent + 2));
+            continue;
+        }
+        lines.push(`${" ".repeat(indent + 2)}${formatYamlKey(childKey)}: ${JSON.stringify(childValue)}`);
+    }
+    return lines;
+}
+function formatYamlKey(value) {
+    return /^[A-Za-z_][A-Za-z0-9_-]*$/.test(value)
+        ? value
+        : JSON.stringify(value);
+}

package/dist/writers/roo-code.js

@@ -1,15 +1,51 @@
 import { join } from "node:path";
-import { writeMcpServers, alwaysAllowEntry, writeRulesFile, writeGitHooks } from "../util.js";
+import { readJsonOrEmpty, writeMcpServers, alwaysAllowEntry, writeRulesFile, writeGitHooks, writeJson } from "../util.js";
+import { allowsCapability, hasPermissionPolicy } from "../permission-policy.js";
 export const rooCodeWriter = {
     id: "roo-code",
     label: "Roo Code",
-    description: "AI coding agent — .roo/mcp.json + .roorules",
+    description: "AI coding agent — .roo/mcp.json + .roomodes + .roorules",
     async install(config, projectRoot) {
         await writeMcpServers(config.mcp_servers, {
             path: join(projectRoot, ".roo", "mcp.json"),
             transform: alwaysAllowEntry
         });
+        await writeRooModes(config, projectRoot);
         await writeRulesFile(config.instructions, join(projectRoot, ".roorules"));
         await writeGitHooks(config.git_hooks, projectRoot);
     }
 };
+async function writeRooModes(config, projectRoot) {
+    if (!hasPermissionPolicy(config)) {
+        return;
+    }
+    const roomodesPath = join(projectRoot, ".roomodes");
+    const existing = await readJsonOrEmpty(roomodesPath);
+    const existingCustomModes = asRecord(existing.customModes);
+    await writeJson(roomodesPath, {
+        ...existing,
+        customModes: {
+            ...existingCustomModes,
+            ade: {
+                slug: "ade",
+                name: "ADE",
+                roleDefinition: "ADE — Agentic Development Environment mode generated by ADE.",
+                groups: getRooModeGroups(config),
+                source: "project"
+            }
+        }
+    });
+}
+function asRecord(value) {
+    return value !== null && typeof value === "object" && !Array.isArray(value)
+        ? value
+        : {};
+}
+function getRooModeGroups(config) {
+    return [
+        ...(allowsCapability(config, "read") ? ["read"] : []),
+        ...(allowsCapability(config, "edit_write") ? ["edit"] : []),
+        ...(allowsCapability(config, "bash_unsafe") ? ["command"] : []),
+        ...(config.mcp_servers.length > 0 ? ["mcp"] : [])
+    ];
+}

package/dist/writers/universal.js

@@ -1,16 +1,54 @@
 import { join } from "node:path";
 import { writeFile } from "node:fs/promises";
 import { writeMcpServers, writeGitHooks } from "../util.js";
+const CAPABILITY_ORDER = [
+    "read",
+    "edit_write",
+    "search_list",
+    "bash_safe",
+    "bash_unsafe",
+    "web",
+    "task_agent"
+];
+function formatCapabilityGuidance(capability, decision) {
+    return `- \`${capability}\`: ${decision}`;
+}
+function renderAutonomyGuidance(config) {
+    const policy = config.permission_policy;
+    if (!policy) {
+        return undefined;
+    }
+    const capabilityLines = CAPABILITY_ORDER.map((capability) => formatCapabilityGuidance(capability, policy.capabilities[capability]));
+    return [
+        "## Autonomy",
+        "",
+        "Universal harness limitation: `AGENTS.md` + `.mcp.json` provide documentation and server registration only; there is no enforceable harness-level permission schema here.",
+        "",
+        "Treat this autonomy profile as documentation-only guidance for built-in/basic operations.",
+        "",
+        `Profile: \`${policy.profile}\``,
+        "",
+        "Built-in/basic capability guidance:",
+        ...capabilityLines,
+        "",
+        "MCP permissions are not re-modeled by autonomy here; any MCP approvals must come from provisioning-aware consuming harnesses rather than the Universal writer."
+    ].join("\n");
+}
 export const universalWriter = {
     id: "universal",
     label: "Universal (AGENTS.md + .mcp.json)",
-    description: "Cross-tool standard — AGENTS.md + .mcp.json (works with any agent)",
+    description: "Cross-tool standard — AGENTS.md + .mcp.json (portable instructions and MCP registration, not enforceable permissions)",
     async install(config, projectRoot) {
-        if (config.instructions.length > 0) {
+        const autonomyGuidance = renderAutonomyGuidance(config);
+        const instructionSections = [...config.instructions];
+        if (autonomyGuidance) {
+            instructionSections.push(autonomyGuidance);
+        }
+        if (instructionSections.length > 0) {
             const lines = [
                 "# AGENTS",
                 "",
-                ...config.instructions.flatMap((i) => [i, ""])
+                ...instructionSections.flatMap((instruction) => [instruction, ""])
             ];
             await writeFile(join(projectRoot, "AGENTS.md"), lines.join("\n"), "utf-8");
         }

package/dist/writers/windsurf.js

@@ -1,5 +1,6 @@
 import { join } from "node:path";
 import { writeMcpServers, alwaysAllowEntry, writeRulesFile, writeGitHooks } from "../util.js";
+import { hasPermissionPolicy } from "../permission-policy.js";
 export const windsurfWriter = {
     id: "windsurf",
     label: "Windsurf",
@@ -9,7 +10,48 @@ export const windsurfWriter = {
             path: join(projectRoot, ".windsurf", "mcp.json"),
             transform: alwaysAllowEntry
         });
-        await writeRulesFile(config.instructions, join(projectRoot, ".windsurfrules"));
+        await writeRulesFile(getWindsurfRules(config), join(projectRoot, ".windsurfrules"));
         await writeGitHooks(config.git_hooks, projectRoot);
     }
 };
+function getWindsurfRules(config) {
+    if (!hasPermissionPolicy(config)) {
+        return config.instructions;
+    }
+    const { capabilities } = config.permission_policy;
+    const allow = listCapabilities(capabilities, "allow");
+    const ask = listCapabilities(capabilities, "ask");
+    const deny = listCapabilities(capabilities, "deny");
+    const autonomyGuidance = [
+        "Windsurf limitation: ADE could not verify a stable committed project-local permission schema for Windsurf built-in tools, so this autonomy policy is advisory only and should be applied conservatively.",
+        formatGuidance(allow, ask, deny)
+    ];
+    return [...autonomyGuidance, ...config.instructions];
+}
+function listCapabilities(capabilities, decision) {
+    return Object.entries(capabilities)
+        .filter(([, value]) => value === decision)
+        .map(([capability]) => CAPABILITY_LABELS[capability]);
+}
+function formatGuidance(allow, ask, deny) {
+    const lines = ["Autonomy guidance for Windsurf built-in capabilities:"];
+    if (allow.length > 0) {
+        lines.push(`- May proceed without extra approval: ${allow.join(", ")}.`);
+    }
+    if (ask.length > 0) {
+        lines.push(`- Ask before: ${ask.join(", ")}.`);
+    }
+    if (deny.length > 0) {
+        lines.push(`- Do not use unless the user explicitly overrides: ${deny.join(", ")}.`);
+    }
+    return lines.join("\n");
+}
+const CAPABILITY_LABELS = {
+    read: "read files",
+    edit_write: "edit and write files",
+    search_list: "search and list files",
+    bash_safe: "safe local shell commands",
+    bash_unsafe: "unsafe local shell commands",
+    web: "web and network access",
+    task_agent: "task or agent delegation"
+};

package/package.json

@@ -8,7 +8,7 @@
   },
   "dependencies": {
     "@codemcp/skills": "^2.3.0",
-    "@codemcp/ade-core": "0.0.2"
+    "@codemcp/ade-core": "0.1.1"
   },
   "devDependencies": {
     "@typescript-eslint/eslint-plugin": "^8.21.0",
@@ -19,7 +19,7 @@
     "rimraf": "^6.0.1",
     "typescript": "^5.7.3"
   },
-  "version": "0.0.2",
+  "version": "0.1.1",
   "scripts": {
     "build": "tsc -p tsconfig.build.json",
     "clean:build": "rimraf ./dist",

package/src/index.ts

@@ -1,5 +1,6 @@
 export type { HarnessWriter } from "./types.js";
 export { installSkills } from "./skills-installer.js";
+export { writeInlineSkills } from "./util.js";
 
 export { universalWriter } from "./writers/universal.js";
 export { claudeCodeWriter } from "./writers/claude-code.js";

package/src/permission-policy.ts

@@ -0,0 +1,173 @@
+import type {
+  AutonomyCapability,
+  LogicalConfig,
+  PermissionDecision,
+  PermissionRule
+} from "@codemcp/ade-core";
+
+const SENSIBLE_DEFAULTS_RULES: Record<string, PermissionRule> = {
+  read: {
+    "*": "allow",
+    "*.env": "deny",
+    "*.env.*": "deny",
+    "*.env.example": "allow"
+  },
+  edit: "allow",
+  glob: "allow",
+  grep: "allow",
+  list: "allow",
+  lsp: "allow",
+  task: "allow",
+  todoread: "deny",
+  todowrite: "deny",
+  skill: "deny",
+  webfetch: "ask",
+  websearch: "ask",
+  codesearch: "ask",
+  bash: {
+    "*": "deny",
+    "grep *": "allow",
+    "rg *": "allow",
+    "find *": "allow",
+    "fd *": "allow",
+    ls: "allow",
+    "ls *": "allow",
+    "cat *": "allow",
+    "head *": "allow",
+    "tail *": "allow",
+    "wc *": "allow",
+    "sort *": "allow",
+    "uniq *": "allow",
+    "diff *": "allow",
+    "echo *": "allow",
+    "printf *": "allow",
+    pwd: "allow",
+    "which *": "allow",
+    "type *": "allow",
+    whoami: "allow",
+    date: "allow",
+    "date *": "allow",
+    env: "allow",
+    "tree *": "allow",
+    "file *": "allow",
+    "stat *": "allow",
+    "readlink *": "allow",
+    "realpath *": "allow",
+    "dirname *": "allow",
+    "basename *": "allow",
+    "sed *": "allow",
+    "awk *": "allow",
+    "cut *": "allow",
+    "tr *": "allow",
+    "tee *": "allow",
+    "xargs *": "allow",
+    "jq *": "allow",
+    "yq *": "allow",
+    "mkdir *": "allow",
+    "touch *": "allow",
+    "cp *": "ask",
+    "mv *": "ask",
+    "ln *": "ask",
+    "npm *": "ask",
+    "node *": "ask",
+    "pip *": "ask",
+    "python *": "ask",
+    "python3 *": "ask",
+    "rm *": "deny",
+    "rmdir *": "deny",
+    "curl *": "deny",
+    "wget *": "deny",
+    "chmod *": "deny",
+    "chown *": "deny",
+    "sudo *": "deny",
+    "su *": "deny",
+    "sh *": "deny",
+    "bash *": "deny",
+    "zsh *": "deny",
+    "eval *": "deny",
+    "exec *": "deny",
+    "source *": "deny",
+    ". *": "deny",
+    "nohup *": "deny",
+    "dd *": "deny",
+    "mkfs *": "deny",
+    "mount *": "deny",
+    "umount *": "deny",
+    "kill *": "deny",
+    "killall *": "deny",
+    "pkill *": "deny",
+    "nc *": "deny",
+    "ncat *": "deny",
+    "ssh *": "deny",
+    "scp *": "deny",
+    "rsync *": "deny",
+    "docker *": "deny",
+    "kubectl *": "deny",
+    "systemctl *": "deny",
+    "service *": "deny",
+    "crontab *": "deny",
+    reboot: "deny",
+    "shutdown *": "deny",
+    "passwd *": "deny",
+    "useradd *": "deny",
+    "userdel *": "deny",
+    "iptables *": "deny"
+  },
+  external_directory: "deny",
+  doom_loop: "deny"
+};
+
+export function getAutonomyProfile(config: LogicalConfig) {
+  return config.permission_policy?.profile;
+}
+
+export function hasPermissionPolicy(config: LogicalConfig): boolean {
+  return config.permission_policy !== undefined;
+}
+
+export function getCapabilityDecision(
+  config: LogicalConfig,
+  capability: AutonomyCapability
+): PermissionDecision | undefined {
+  return config.permission_policy?.capabilities?.[capability];
+}
+
+export function allowsCapability(
+  config: LogicalConfig,
+  capability: AutonomyCapability
+): boolean {
+  return getCapabilityDecision(config, capability) === "allow";
+}
+
+export function keepsWebOnAsk(config: LogicalConfig): boolean {
+  return getCapabilityDecision(config, "web") === "ask";
+}
+
+export function getHarnessPermissionRules(
+  config: LogicalConfig
+): Record<string, PermissionRule> | undefined {
+  switch (config.permission_policy?.profile) {
+    case "rigid":
+      return {
+        "*": "ask",
+        webfetch: "ask",
+        websearch: "ask",
+        codesearch: "ask",
+        external_directory: "deny",
+        doom_loop: "deny"
+      };
+    case "sensible-defaults":
+      return SENSIBLE_DEFAULTS_RULES;
+    case "max-autonomy":
+      return {
+        "*": "allow",
+        webfetch: "ask",
+        websearch: "ask",
+        codesearch: "ask",
+        external_directory: "deny",
+        doom_loop: "deny"
+      };
+    default:
+      return undefined;
+  }
+}

package/src/util.ts

@@ -185,12 +185,14 @@ export async function writeGitHooks(
 export async function writeInlineSkills(
   config: LogicalConfig,
   projectRoot: string
-): Promise<void> {
+): Promise<string[]> {
+  const modified: string[] = [];
+
   for (const skill of config.skills) {
     if (!("body" in skill)) continue;
 
     const skillDir = join(projectRoot, ".ade", "skills", skill.name);
-    await mkdir(skillDir, { recursive: true });
+    const skillPath = join(skillDir, "SKILL.md");
 
     const frontmatter = [
       "---",
@@ -199,10 +201,21 @@ export async function writeInlineSkills(
       "---"
     ].join("\n");
 
-    await writeFile(
-      join(skillDir, "SKILL.md"),
-      `${frontmatter}\n\n${skill.body}\n`,
-      "utf-8"
-    );
+    const expected = `${frontmatter}\n\n${skill.body}\n`;
+
+    try {
+      const existing = await readFile(skillPath, "utf-8");
+      if (existing !== expected) {
+        modified.push(skill.name);
+        continue;
+      }
+    } catch {
+      // File doesn't exist yet — fall through to write
+    }
+
+    await mkdir(skillDir, { recursive: true });
+    await writeFile(skillPath, expected, "utf-8");
   }
+
+  return modified;
 }

package/src/writers/claude-code.spec.ts

@@ -2,8 +2,57 @@ import { describe, it, expect, beforeEach, afterEach } from "vitest";
 import { mkdtemp, rm, readFile } from "node:fs/promises";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
-import type { LogicalConfig } from "@codemcp/ade-core";
+import type {
+  AutonomyProfile,
+  LogicalConfig,
+  PermissionPolicy
+} from "@codemcp/ade-core";
 import { claudeCodeWriter } from "./claude-code.js";
+import { writeInlineSkills } from "../util.js";
+
+function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
+  switch (profile) {
+    case "rigid":
+      return {
+        profile,
+        capabilities: {
+          read: "ask",
+          edit_write: "ask",
+          search_list: "ask",
+          bash_safe: "ask",
+          bash_unsafe: "ask",
+          web: "ask",
+          task_agent: "ask"
+        }
+      };
+    case "sensible-defaults":
+      return {
+        profile,
+        capabilities: {
+          read: "allow",
+          edit_write: "allow",
+          search_list: "allow",
+          bash_safe: "allow",
+          bash_unsafe: "ask",
+          web: "ask",
+          task_agent: "allow"
+        }
+      };
+    case "max-autonomy":
+      return {
+        profile,
+        capabilities: {
+          read: "allow",
+          edit_write: "allow",
+          search_list: "allow",
+          bash_safe: "allow",
+          bash_unsafe: "allow",
+          web: "ask",
+          task_agent: "allow"
+        }
+      };
+  }
+}
 
 describe("claudeCodeWriter", () => {
   let dir: string;
@@ -80,7 +129,38 @@ describe("claudeCodeWriter", () => {
     });
   });
 
-  it("writes .claude/settings.json with MCP tool permissions", async () => {
+  it("forwards explicit MCP tool permissions using Claude rule names", async () => {
+    const config: LogicalConfig = {
+      mcp_servers: [
+        {
+          ref: "workflows",
+          command: "npx",
+          args: ["-y", "@codemcp/workflows"],
+          env: {},
+          allowedTools: ["use_skill", "whats_next"]
+        }
+      ],
+      instructions: [],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: []
+    };
+
+    await claudeCodeWriter.install(config, dir);
+
+    const raw = await readFile(join(dir, ".claude", "settings.json"), "utf-8");
+    const settings = JSON.parse(raw);
+    expect(settings.permissions.allow).toEqual(
+      expect.arrayContaining([
+        "mcp__workflows__use_skill",
+        "mcp__workflows__whats_next"
+      ])
+    );
+  });
+
+  it("does not invent wildcard MCP permission rules", async () => {
     const config: LogicalConfig = {
       mcp_servers: [
         {
@@ -102,7 +182,85 @@ describe("claudeCodeWriter", () => {
 
     const raw = await readFile(join(dir, ".claude", "settings.json"), "utf-8");
     const settings = JSON.parse(raw);
-    expect(settings.permissions.allow).toContain("MCP(workflows:*)");
+    expect(settings.permissions.allow ?? []).toEqual([]);
+  });
+
+  it("keeps web on ask for rigid autonomy without broad built-in allows", async () => {
+    const config: LogicalConfig = {
+      mcp_servers: [],
+      instructions: [],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: [],
+      permission_policy: autonomyPolicy("rigid")
+    };
+
+    await claudeCodeWriter.install(config, dir);
+
+    const raw = await readFile(join(dir, ".claude", "settings.json"), "utf-8");
+    const settings = JSON.parse(raw);
+    expect(settings.permissions.allow ?? []).toEqual([]);
+    expect(settings.permissions.ask).toEqual(
+      expect.arrayContaining(["WebFetch", "WebSearch"])
+    );
+  });
+
+  it("maps sensible-defaults to Claude built-in permission rules", async () => {
+    const config: LogicalConfig = {
+      mcp_servers: [],
+      instructions: [],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: [],
+      permission_policy: autonomyPolicy("sensible-defaults")
+    };
+
+    await claudeCodeWriter.install(config, dir);
+
+    const raw = await readFile(join(dir, ".claude", "settings.json"), "utf-8");
+    const settings = JSON.parse(raw);
+    expect(settings.permissions.allow).toEqual(
+      expect.arrayContaining(["Read", "Edit", "Glob", "Grep", "TodoWrite"])
+    );
+    expect(settings.permissions.allow).not.toContain("Bash");
+    expect(settings.permissions.ask).toEqual(
+      expect.arrayContaining(["WebFetch", "WebSearch"])
+    );
+  });
+
+  it("maps max-autonomy to broad Claude built-in permission rules while preserving web ask", async () => {
+    const config: LogicalConfig = {
+      mcp_servers: [],
+      instructions: [],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: [],
+      permission_policy: autonomyPolicy("max-autonomy")
+    };
+
+    await claudeCodeWriter.install(config, dir);
+
+    const raw = await readFile(join(dir, ".claude", "settings.json"), "utf-8");
+    const settings = JSON.parse(raw);
+    expect(settings.permissions.allow).toEqual(
+      expect.arrayContaining([
+        "Read",
+        "Edit",
+        "Bash",
+        "Glob",
+        "Grep",
+        "TodoWrite"
+      ])
+    );
+    expect(settings.permissions.ask).toEqual(
+      expect.arrayContaining(["WebFetch", "WebSearch"])
+    );
   });
 
   it("includes agentskills server from mcp_servers", async () => {
@@ -133,7 +291,7 @@ describe("claudeCodeWriter", () => {
     });
   });
 
-  it("writes inline SKILL.md files", async () => {
+  it("writes inline SKILL.md files via writeInlineSkills", async () => {
     const config: LogicalConfig = {
       mcp_servers: [],
       instructions: [],
@@ -150,7 +308,7 @@ describe("claudeCodeWriter", () => {
       setup_notes: []
     };
 
-    await claudeCodeWriter.install(config, dir);
+    await writeInlineSkills(config, dir);
 
     const skillMd = await readFile(
       join(dir, ".ade", "skills", "tanstack-architecture", "SKILL.md"),