@codemcp/ade 0.2.4 → 0.2.6

package/packages/cli/package.json

@@ -25,9 +25,10 @@
     "typecheck": "tsc --noEmit"
   },
   "dependencies": {
+    "@clack/prompts": "^1.1.0",
     "@codemcp/ade-core": "workspace:*",
     "@codemcp/ade-harnesses": "workspace:*",
-    "@clack/prompts": "^1.1.0"
+    "yaml": "^2.8.2"
   },
   "devDependencies": {
     "@codemcp/knowledge": "2.1.0",
@@ -38,5 +39,5 @@
     "typescript": "catalog:",
     "vitest": "catalog:"
   },
-  "version": "0.2.4"
+  "version": "0.2.6"
 }

package/packages/cli/tsup.config.ts

@@ -7,5 +7,10 @@ export default defineConfig({
   tsconfig: "tsconfig.build.json",
   target: "node22",
   clean: true,
-  noExternal: [/^@clack\//, /^@codemcp\//]
+  noExternal: ["@clack/prompts", "@codemcp/ade-core", "@codemcp/ade-harnesses"],
+  esbuildOptions(options) {
+    options.banner = {
+      js: `import { createRequire } from 'module'; const require = createRequire(import.meta.url);`
+    };
+  }
 });

package/packages/core/package.json

@@ -38,5 +38,5 @@
     "typescript": "catalog:",
     "vitest": "catalog:"
   },
-  "version": "0.2.4"
+  "version": "0.2.6"
 }

package/packages/core/src/catalog/catalog.spec.ts

@@ -486,16 +486,7 @@ describe("catalog", () => {
 
       expect(provision).toBeDefined();
       expect(provision!.config).toEqual({
-        profile: "sensible-defaults",
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
+        profile: "sensible-defaults"
       });
     });
   });

package/packages/core/src/catalog/facets/autonomy.ts

@@ -1,62 +1,4 @@
-import type {
-  AutonomyCapability,
-  Facet,
-  PermissionDecision,
-  PermissionPolicy
-} from "../../types.js";
-
-const ALL_CAPABILITIES: AutonomyCapability[] = [
-  "read",
-  "edit_write",
-  "search_list",
-  "bash_safe",
-  "bash_unsafe",
-  "web",
-  "task_agent"
-];
-
-function capabilityMap(
-  defaultDecision: PermissionDecision,
-  overrides: Partial<Record<AutonomyCapability, PermissionDecision>> = {}
-): Record<AutonomyCapability, PermissionDecision> {
-  return Object.fromEntries(
-    ALL_CAPABILITIES.map((capability) => [
-      capability,
-      overrides[capability] ?? defaultDecision
-    ])
-  ) as Record<AutonomyCapability, PermissionDecision>;
-}
-
-function autonomyPolicy(
-  profile: PermissionPolicy["profile"]
-): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: capabilityMap("ask")
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: capabilityMap("ask", {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          task_agent: "allow",
-          web: "ask"
-        })
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: capabilityMap("allow", {
-          web: "ask"
-        })
-      };
-  }
-}
+import type { Facet } from "../../types.js";
 
 export const autonomyFacet: Facet = {
   id: "autonomy",
@@ -74,7 +16,7 @@ export const autonomyFacet: Facet = {
       recipe: [
         {
           writer: "permission-policy",
-          config: autonomyPolicy("rigid")
+          config: { profile: "rigid" }
         }
       ]
     },
@@ -86,7 +28,7 @@ export const autonomyFacet: Facet = {
       recipe: [
         {
           writer: "permission-policy",
-          config: autonomyPolicy("sensible-defaults")
+          config: { profile: "sensible-defaults" }
         }
       ]
     },
@@ -98,7 +40,7 @@ export const autonomyFacet: Facet = {
       recipe: [
         {
           writer: "permission-policy",
-          config: autonomyPolicy("max-autonomy")
+          config: { profile: "max-autonomy" }
         }
       ]
     }

package/packages/core/src/index.ts

@@ -15,10 +15,7 @@ export {
   type ExternalSkill,
   type GitHook,
   type PermissionPolicy,
-  type AutonomyProfile,
-  type AutonomyCapability,
-  type PermissionDecision,
-  type PermissionRule
+  type AutonomyProfile
 } from "./types.js";
 export { type ResolutionContext, type ResolvedFacet } from "./types.js";
 export { type UserConfig, type LockFile } from "./types.js";

package/packages/core/src/resolver.spec.ts

@@ -580,7 +580,7 @@ describe("resolve", () => {
   });
 
   describe("autonomy permission policy", () => {
-    it("adds a capability-based permission policy to LogicalConfig and keeps web access on ask", async () => {
+    it("adds a profile-based permission policy to LogicalConfig", async () => {
       const userConfig: UserConfig = {
         choices: { autonomy: "rigid" }
       };
@@ -589,20 +589,11 @@ describe("resolve", () => {
 
       expect(result).toHaveProperty("permission_policy");
       expect((result as Record<string, unknown>).permission_policy).toEqual({
-        profile: "rigid",
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
+        profile: "rigid"
       });
     });
 
-    it("uses curated built-in defaults for the sensible-defaults autonomy profile", async () => {
+    it("uses the sensible-defaults autonomy profile", async () => {
       const userConfig: UserConfig = {
         choices: { autonomy: "sensible-defaults" }
       };
@@ -610,16 +601,7 @@ describe("resolve", () => {
       const result = await resolve(userConfig, catalog, registry);
 
       expect(result.permission_policy).toEqual({
-        profile: "sensible-defaults",
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
+        profile: "sensible-defaults"
       });
     });
   });

package/packages/core/src/resolver.ts

@@ -179,11 +179,7 @@ function mergePermissionPolicy(
 
   return {
     ...existing,
-    ...incoming,
-    capabilities: {
-      ...existing.capabilities,
-      ...incoming.capabilities
-    }
+    ...incoming
   };
 }
 

package/packages/core/src/types.ts

@@ -68,28 +68,8 @@ export interface GitHook {
 
 export type AutonomyProfile = "rigid" | "sensible-defaults" | "max-autonomy";
 
-export type PermissionDecision = "ask" | "allow" | "deny";
-
-export type AutonomyCapability =
-  | "read"
-  | "edit_write"
-  | "search_list"
-  | "bash_safe"
-  | "bash_unsafe"
-  | "web"
-  | "task_agent";
-
-/**
- * @deprecated Harness-specific tool-level rules are no longer produced by core.
- * Kept temporarily as a compatibility type for downstream packages.
- */
-export type PermissionRule =
-  | PermissionDecision
-  | Record<string, PermissionDecision>;
-
 export interface PermissionPolicy extends Record<string, unknown> {
   profile: AutonomyProfile;
-  capabilities: Record<AutonomyCapability, PermissionDecision>;
 }
 
 export interface LogicalConfig extends Record<string, unknown> {

package/packages/harnesses/package.json

@@ -39,5 +39,5 @@
     "typescript": "catalog:",
     "vitest": "catalog:"
   },
-  "version": "0.2.4"
+  "version": "0.2.6"
 }

package/packages/harnesses/src/permission-policy.ts

@@ -1,121 +1,4 @@
-import type {
-  AutonomyCapability,
-  LogicalConfig,
-  PermissionDecision,
-  PermissionRule
-} from "@codemcp/ade-core";
-
-const SENSIBLE_DEFAULTS_RULES: Record<string, PermissionRule> = {
-  read: {
-    "*": "allow",
-    "*.env": "deny",
-    "*.env.*": "deny",
-    "*.env.example": "allow"
-  },
-  edit: "allow",
-  glob: "allow",
-  grep: "allow",
-  list: "allow",
-  lsp: "allow",
-  task: "allow",
-  todoread: "deny",
-  todowrite: "deny",
-  skill: "deny",
-  webfetch: "ask",
-  websearch: "ask",
-  codesearch: "ask",
-  bash: {
-    "*": "deny",
-    "grep *": "allow",
-    "rg *": "allow",
-    "find *": "allow",
-    "fd *": "allow",
-    ls: "allow",
-    "ls *": "allow",
-    "cat *": "allow",
-    "head *": "allow",
-    "tail *": "allow",
-    "wc *": "allow",
-    "sort *": "allow",
-    "uniq *": "allow",
-    "diff *": "allow",
-    "echo *": "allow",
-    "printf *": "allow",
-    pwd: "allow",
-    "which *": "allow",
-    "type *": "allow",
-    whoami: "allow",
-    date: "allow",
-    "date *": "allow",
-    env: "allow",
-    "tree *": "allow",
-    "file *": "allow",
-    "stat *": "allow",
-    "readlink *": "allow",
-    "realpath *": "allow",
-    "dirname *": "allow",
-    "basename *": "allow",
-    "sed *": "allow",
-    "awk *": "allow",
-    "cut *": "allow",
-    "tr *": "allow",
-    "tee *": "allow",
-    "xargs *": "allow",
-    "jq *": "allow",
-    "yq *": "allow",
-    "mkdir *": "allow",
-    "touch *": "allow",
-    "cp *": "ask",
-    "mv *": "ask",
-    "ln *": "ask",
-    "npm *": "ask",
-    "node *": "ask",
-    "pip *": "ask",
-    "python *": "ask",
-    "python3 *": "ask",
-    "rm *": "deny",
-    "rmdir *": "deny",
-    "curl *": "deny",
-    "wget *": "deny",
-    "chmod *": "deny",
-    "chown *": "deny",
-    "sudo *": "deny",
-    "su *": "deny",
-    "sh *": "deny",
-    "bash *": "deny",
-    "zsh *": "deny",
-    "eval *": "deny",
-    "exec *": "deny",
-    "source *": "deny",
-    ". *": "deny",
-    "nohup *": "deny",
-    "dd *": "deny",
-    "mkfs *": "deny",
-    "mount *": "deny",
-    "umount *": "deny",
-    "kill *": "deny",
-    "killall *": "deny",
-    "pkill *": "deny",
-    "nc *": "deny",
-    "ncat *": "deny",
-    "ssh *": "deny",
-    "scp *": "deny",
-    "rsync *": "deny",
-    "docker *": "deny",
-    "kubectl *": "deny",
-    "systemctl *": "deny",
-    "service *": "deny",
-    "crontab *": "deny",
-    reboot: "deny",
-    "shutdown *": "deny",
-    "passwd *": "deny",
-    "useradd *": "deny",
-    "userdel *": "deny",
-    "iptables *": "deny"
-  },
-  external_directory: "deny",
-  doom_loop: "deny"
-};
+import type { LogicalConfig } from "@codemcp/ade-core";
 
 export function getAutonomyProfile(config: LogicalConfig) {
   return config.permission_policy?.profile;
@@ -124,50 +7,3 @@ export function getAutonomyProfile(config: LogicalConfig) {
 export function hasPermissionPolicy(config: LogicalConfig): boolean {
   return config.permission_policy !== undefined;
 }
-
-export function getCapabilityDecision(
-  config: LogicalConfig,
-  capability: AutonomyCapability
-): PermissionDecision | undefined {
-  return config.permission_policy?.capabilities?.[capability];
-}
-
-export function allowsCapability(
-  config: LogicalConfig,
-  capability: AutonomyCapability
-): boolean {
-  return getCapabilityDecision(config, capability) === "allow";
-}
-
-export function keepsWebOnAsk(config: LogicalConfig): boolean {
-  return getCapabilityDecision(config, "web") === "ask";
-}
-
-export function getHarnessPermissionRules(
-  config: LogicalConfig
-): Record<string, PermissionRule> | undefined {
-  switch (config.permission_policy?.profile) {
-    case "rigid":
-      return {
-        "*": "ask",
-        webfetch: "ask",
-        websearch: "ask",
-        codesearch: "ask",
-        external_directory: "deny",
-        doom_loop: "deny"
-      };
-    case "sensible-defaults":
-      return SENSIBLE_DEFAULTS_RULES;
-    case "max-autonomy":
-      return {
-        "*": "allow",
-        webfetch: "ask",
-        websearch: "ask",
-        codesearch: "ask",
-        external_directory: "deny",
-        doom_loop: "deny"
-      };
-    default:
-      return undefined;
-  }
-}

package/packages/harnesses/src/util.ts

@@ -219,3 +219,14 @@ export async function writeInlineSkills(
 
   return modified;
 }
+
+// ---------------------------------------------------------------------------
+// YAML helpers
+// ---------------------------------------------------------------------------
+
+/** Quote a YAML key only when it contains characters that require quoting. */
+export function formatYamlKey(value: string): string {
+  return /^[A-Za-z_][A-Za-z0-9_-]*$/.test(value)
+    ? value
+    : JSON.stringify(value);
+}

package/packages/harnesses/src/writers/claude-code.spec.ts

@@ -11,47 +11,7 @@ import { claudeCodeWriter } from "./claude-code.js";
 import { writeInlineSkills } from "../util.js";
 
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 
 describe("claudeCodeWriter", () => {
@@ -160,7 +120,7 @@ describe("claudeCodeWriter", () => {
     );
   });
 
-  it("does not invent wildcard MCP permission rules", async () => {
+  it("forwards wildcard MCP permission rules for servers without explicit allowedTools", async () => {
     const config: LogicalConfig = {
       mcp_servers: [
         {
@@ -182,10 +142,10 @@ describe("claudeCodeWriter", () => {
 
     const raw = await readFile(join(dir, ".claude", "settings.json"), "utf-8");
     const settings = JSON.parse(raw);
-    expect(settings.permissions.allow ?? []).toEqual([]);
+    expect(settings.permissions.allow).toContain("mcp__workflows__*");
   });
 
-  it("keeps web on ask for rigid autonomy without broad built-in allows", async () => {
+  it("allows only Read for rigid autonomy while asking for everything else", async () => {
     const config: LogicalConfig = {
       mcp_servers: [],
       instructions: [],
@@ -201,9 +161,17 @@ describe("claudeCodeWriter", () => {
 
     const raw = await readFile(join(dir, ".claude", "settings.json"), "utf-8");
     const settings = JSON.parse(raw);
-    expect(settings.permissions.allow ?? []).toEqual([]);
+    expect(settings.permissions.allow).toEqual(["Read"]);
     expect(settings.permissions.ask).toEqual(
-      expect.arrayContaining(["WebFetch", "WebSearch"])
+      expect.arrayContaining([
+        "Edit",
+        "Glob",
+        "Grep",
+        "Bash",
+        "WebFetch",
+        "WebSearch",
+        "TodoWrite"
+      ])
     );
   });
 

package/packages/harnesses/src/writers/claude-code.ts

@@ -1,5 +1,5 @@
 import { join } from "node:path";
-import type { LogicalConfig } from "@codemcp/ade-core";
+import type { AutonomyProfile, LogicalConfig } from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import {
   readJsonOrEmpty,
@@ -8,7 +8,7 @@ import {
   writeAgentMd,
   writeGitHooks
 } from "../util.js";
-import { allowsCapability, keepsWebOnAsk } from "../permission-policy.js";
+import { getAutonomyProfile } from "../permission-policy.js";
 
 export const claudeCodeWriter: HarnessWriter = {
   id: "claude-code",
@@ -40,7 +40,7 @@ async function writeClaudeSettings(
   const existingAllow = asStringArray(existingPerms.allow);
   const existingAsk = asStringArray(existingPerms.ask);
 
-  const autonomyRules = getClaudeAutonomyRules(config);
+  const autonomyRules = getClaudeAutonomyRules(getAutonomyProfile(config));
   const mcpRules = getClaudeMcpAllowRules(config);
   const allowRules = [
     ...new Set([...existingAllow, ...autonomyRules.allow, ...mcpRules])
@@ -77,6 +77,7 @@ function getClaudeMcpAllowRules(config: LogicalConfig): string[] {
   for (const server of config.mcp_servers) {
     const allowedTools = server.allowedTools;
     if (!allowedTools || allowedTools.includes("*")) {
+      allowRules.push(`mcp__${server.ref}__*`);
       continue;
     }
 
@@ -88,20 +89,36 @@ function getClaudeMcpAllowRules(config: LogicalConfig): string[] {
   return allowRules;
 }
 
-function getClaudeAutonomyRules(config: LogicalConfig): {
+function getClaudeAutonomyRules(profile: AutonomyProfile | undefined): {
   allow: string[];
   ask: string[];
 } {
-  const ask = keepsWebOnAsk(config) ? ["WebFetch", "WebSearch"] : [];
-
-  return {
-    allow: [
-      ...(allowsCapability(config, "read") ? ["Read"] : []),
-      ...(allowsCapability(config, "edit_write") ? ["Edit"] : []),
-      ...(allowsCapability(config, "search_list") ? ["Glob", "Grep"] : []),
-      ...(allowsCapability(config, "bash_unsafe") ? ["Bash"] : []),
-      ...(allowsCapability(config, "task_agent") ? ["TodoWrite"] : [])
-    ],
-    ask
-  };
+  switch (profile) {
+    case "rigid":
+      return {
+        allow: ["Read"],
+        ask: [
+          "Edit",
+          "Write",
+          "Glob",
+          "Grep",
+          "Bash",
+          "WebFetch",
+          "WebSearch",
+          "TodoWrite"
+        ]
+      };
+    case "sensible-defaults":
+      return {
+        allow: ["Read", "Edit", "Write", "Glob", "Grep", "TodoWrite"],
+        ask: ["WebFetch", "WebSearch"]
+      };
+    case "max-autonomy":
+      return {
+        allow: ["Read", "Edit", "Write", "Glob", "Grep", "Bash", "TodoWrite"],
+        ask: ["WebFetch", "WebSearch"]
+      };
+    default:
+      return { allow: [], ask: [] };
+  }
 }

package/packages/harnesses/src/writers/cline.spec.ts

@@ -10,47 +10,7 @@ import type {
 import { clineWriter } from "./cline.js";
 
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 
 describe("clineWriter", () => {