@codemcp/ade 0.2.4 → 0.2.6

package/packages/harnesses/src/writers/copilot.spec.ts

@@ -10,47 +10,7 @@ import type {
 import { copilotWriter } from "./copilot.js";
 
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 
 describe("copilotWriter", () => {
@@ -224,7 +184,7 @@ describe("copilotWriter", () => {
 
     expect(rigidAgent).not.toContain("  - server/workflows/*");
     expect(rigidAgent).toContain("  - workflows/*");
-    expect(rigidAgent).not.toContain("  - read");
+    expect(rigidAgent).toContain("  - read");
     expect(rigidAgent).not.toContain("  - edit");
     expect(rigidAgent).not.toContain("  - search");
     expect(rigidAgent).not.toContain("  - execute");

package/packages/harnesses/src/writers/copilot.ts

@@ -1,17 +1,18 @@
 import { join } from "node:path";
-import type { LogicalConfig, McpServerEntry } from "@codemcp/ade-core";
+import type {
+  AutonomyProfile,
+  LogicalConfig,
+  McpServerEntry
+} from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import {
   writeMcpServers,
   stdioEntry,
   writeAgentMd,
-  writeGitHooks
+  writeGitHooks,
+  formatYamlKey
 } from "../util.js";
-import {
-  allowsCapability,
-  hasPermissionPolicy,
-  keepsWebOnAsk
-} from "../permission-policy.js";
+import { getAutonomyProfile } from "../permission-policy.js";
 
 export const copilotWriter: HarnessWriter = {
   id: "copilot",
@@ -25,7 +26,7 @@ export const copilotWriter: HarnessWriter = {
     });
 
     const tools = [
-      ...getBuiltInTools(config),
+      ...getBuiltInTools(getAutonomyProfile(config)),
       ...getForwardedMcpTools(config.mcp_servers)
     ];
 
@@ -41,25 +42,17 @@ export const copilotWriter: HarnessWriter = {
   }
 };
 
-function getBuiltInTools(config: LogicalConfig): string[] {
-  if (!hasPermissionPolicy(config)) {
-    return ["read", "edit", "search", "execute", "agent", "web"];
+function getBuiltInTools(profile: AutonomyProfile | undefined): string[] {
+  switch (profile) {
+    case "rigid":
+      return ["read"];
+    case "sensible-defaults":
+      return ["read", "edit", "search", "agent"];
+    case "max-autonomy":
+      return ["read", "edit", "search", "execute", "agent", "todo"];
+    default:
+      return ["read", "edit", "search", "execute", "agent", "web"];
   }
-
-  return [
-    ...(allowsCapability(config, "read") ? ["read"] : []),
-    ...(allowsCapability(config, "edit_write") ? ["edit"] : []),
-    ...(allowsCapability(config, "search_list") ? ["search"] : []),
-    ...(allowsCapability(config, "bash_unsafe") ? ["execute"] : []),
-    ...(allowsCapability(config, "task_agent") ? ["agent"] : []),
-    ...(allowsCapability(config, "task_agent") &&
-    allowsCapability(config, "bash_unsafe")
-      ? ["todo"]
-      : []),
-    ...(!keepsWebOnAsk(config) && allowsCapability(config, "web")
-      ? ["web"]
-      : [])
-  ];
 }
 
 function getForwardedMcpTools(servers: McpServerEntry[]): string[] {
@@ -97,9 +90,3 @@ function renderCopilotAgentMcpServers(servers: McpServerEntry[]): string[] {
 
   return lines;
 }
-
-function formatYamlKey(value: string): string {
-  return /^[A-Za-z_][A-Za-z0-9_-]*$/.test(value)
-    ? value
-    : JSON.stringify(value);
-}

package/packages/harnesses/src/writers/cursor.spec.ts

@@ -10,47 +10,7 @@ import type {
 import { cursorWriter } from "./cursor.js";
 
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 
 describe("cursorWriter", () => {

package/packages/harnesses/src/writers/cursor.ts

@@ -1,34 +1,13 @@
 import { mkdir, writeFile } from "node:fs/promises";
 import { join } from "node:path";
-import type { AutonomyCapability, LogicalConfig } from "@codemcp/ade-core";
+import type { AutonomyProfile, LogicalConfig } from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import { writeMcpServers, writeGitHooks } from "../util.js";
 import {
   getAutonomyProfile,
-  getCapabilityDecision,
   hasPermissionPolicy
 } from "../permission-policy.js";
 
-const CURSOR_CAPABILITY_ORDER: AutonomyCapability[] = [
-  "read",
-  "edit_write",
-  "search_list",
-  "bash_safe",
-  "bash_unsafe",
-  "web",
-  "task_agent"
-];
-
-const CURSOR_CAPABILITY_LABELS: Record<AutonomyCapability, string> = {
-  read: "read project files",
-  edit_write: "edit and write project files",
-  search_list: "search and list project contents",
-  bash_safe: "run safe local shell commands",
-  bash_unsafe: "run high-impact shell commands",
-  web: "use web or network access",
-  task_agent: "delegate or decompose work into agent tasks"
-};
-
 export const cursorWriter: HarnessWriter = {
   id: "cursor",
   label: "Cursor",
@@ -68,28 +47,37 @@ function getCursorAutonomyNotes(config: LogicalConfig): string[] {
     return [];
   }
 
-  const allowedCapabilities = CURSOR_CAPABILITY_ORDER.filter(
-    (capability) => getCapabilityDecision(config, capability) === "allow"
-  ).map((capability) => CURSOR_CAPABILITY_LABELS[capability]);
-
-  const approvalGatedCapabilities = CURSOR_CAPABILITY_ORDER.filter(
-    (capability) => getCapabilityDecision(config, capability) === "ask"
-  ).map((capability) => CURSOR_CAPABILITY_LABELS[capability]);
+  const profile = getAutonomyProfile(config);
 
   return [
-    `Cursor autonomy note (documented, not enforced): ${getAutonomyProfile(config) ?? "custom"}.`,
+    `Cursor autonomy note (documented, not enforced): ${profile ?? "custom"}.`,
     "Cursor has no verified committed project-local built-in ask/allow/deny config surface, so ADE documents autonomy intent here instead of writing unsupported permission config.",
-    ...(allowedCapabilities.length > 0
-      ? [
-          `Prefer handling these built-in capabilities without extra approval when Cursor permits it: ${allowedCapabilities.join(", ")}.`
-        ]
-      : []),
-    ...(approvalGatedCapabilities.length > 0
-      ? [
-          `Request approval before these capabilities: ${approvalGatedCapabilities.join(", ")}.`
-        ]
-      : []),
+    ...getCursorProfileGuidance(profile),
     "Web and network access must remain approval-gated.",
     "MCP server registration stays in .cursor/mcp.json; MCP tool approvals remain owned by provisioning and are not enforced or re-modeled in this rules file."
   ];
 }
+
+function getCursorProfileGuidance(
+  profile: AutonomyProfile | undefined
+): string[] {
+  switch (profile) {
+    case "rigid":
+      return [
+        "Prefer handling these built-in capabilities without extra approval when Cursor permits it: read project files.",
+        "Request approval before these capabilities: edit and write project files, search and list project contents, run safe local shell commands, run high-impact shell commands, use web or network access, delegate or decompose work into agent tasks."
+      ];
+    case "sensible-defaults":
+      return [
+        "Prefer handling these built-in capabilities without extra approval when Cursor permits it: read project files, edit and write project files, search and list project contents, run safe local shell commands, delegate or decompose work into agent tasks.",
+        "Request approval before these capabilities: run high-impact shell commands, use web or network access."
+      ];
+    case "max-autonomy":
+      return [
+        "Prefer handling these built-in capabilities without extra approval when Cursor permits it: read project files, edit and write project files, search and list project contents, run safe local shell commands, run high-impact shell commands, delegate or decompose work into agent tasks.",
+        "Request approval before these capabilities: use web or network access."
+      ];
+    default:
+      return [];
+  }
+}

package/packages/harnesses/src/writers/kiro.spec.ts

@@ -10,47 +10,7 @@ import type {
 import { kiroWriter } from "./kiro.js";
 
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 
 describe("kiroWriter", () => {

package/packages/harnesses/src/writers/kiro.ts

@@ -1,5 +1,9 @@
 import { join } from "node:path";
-import type { LogicalConfig, McpServerEntry } from "@codemcp/ade-core";
+import type {
+  AutonomyProfile,
+  LogicalConfig,
+  McpServerEntry
+} from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import {
   standardEntry,
@@ -7,11 +11,7 @@ import {
   writeJson,
   writeMcpServers
 } from "../util.js";
-import {
-  allowsCapability,
-  getCapabilityDecision,
-  hasPermissionPolicy
-} from "../permission-policy.js";
+import { getAutonomyProfile } from "../permission-policy.js";
 
 export const kiroWriter: HarnessWriter = {
   id: "kiro",
@@ -26,6 +26,7 @@ export const kiroWriter: HarnessWriter = {
       })
     });
 
+    const tools = getKiroTools(getAutonomyProfile(config), config.mcp_servers);
     await writeJson(join(projectRoot, ".kiro", "agents", "ade.json"), {
       name: "ade",
       description:
@@ -34,8 +35,8 @@ export const kiroWriter: HarnessWriter = {
         config.instructions.join("\n\n") ||
         "ADE — Agentic Development Environment agent.",
       mcpServers: getKiroAgentMcpServers(config.mcp_servers),
-      tools: getKiroTools(config),
-      allowedTools: getKiroAllowedTools(config),
+      tools,
+      allowedTools: tools,
       useLegacyMcpJson: true
     });
 
@@ -43,24 +44,22 @@ export const kiroWriter: HarnessWriter = {
   }
 };
 
-function getKiroTools(config: LogicalConfig): string[] {
-  const mcpTools = getKiroForwardedMcpTools(config.mcp_servers);
+function getKiroTools(
+  profile: AutonomyProfile | undefined,
+  servers: McpServerEntry[]
+): string[] {
+  const mcpTools = getKiroForwardedMcpTools(servers);
 
-  if (!hasPermissionPolicy(config)) {
-    return ["read", "write", "shell", "spec", ...mcpTools];
+  switch (profile) {
+    case "rigid":
+      return ["read", "shell", "spec", ...mcpTools];
+    case "sensible-defaults":
+      return ["read", "write", "shell", "spec", ...mcpTools];
+    case "max-autonomy":
+      return ["read", "write", "shell(*)", "spec", ...mcpTools];
+    default:
+      return ["read", "write", "shell", "spec", ...mcpTools];
   }
-
-  return [
-    ...(getCapabilityDecision(config, "read") !== "deny" ? ["read"] : []),
-    ...(allowsCapability(config, "edit_write") ? ["write"] : []),
-    ...(allowsCapability(config, "bash_unsafe") ? ["shell(*)"] : ["shell"]),
-    "spec",
-    ...mcpTools
-  ];
-}
-
-function getKiroAllowedTools(config: LogicalConfig): string[] {
-  return getKiroTools(config);
 }
 
 function getKiroForwardedMcpTools(servers: McpServerEntry[]): string[] {

package/packages/harnesses/src/writers/opencode.spec.ts

@@ -11,47 +11,7 @@ import { parse as parseYaml } from "yaml";
 import { opencodeWriter } from "./opencode.js";
 
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 
 describe("opencodeWriter", () => {

package/packages/harnesses/src/writers/opencode.ts

@@ -1,8 +1,161 @@
 import { join } from "node:path";
-import type { LogicalConfig, PermissionRule } from "@codemcp/ade-core";
+import type { AutonomyProfile, LogicalConfig } from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
-import { writeAgentMd, writeGitHooks, writeMcpServers } from "../util.js";
-import { getHarnessPermissionRules } from "../permission-policy.js";
+import {
+  writeAgentMd,
+  writeGitHooks,
+  writeMcpServers,
+  formatYamlKey
+} from "../util.js";
+import { getAutonomyProfile } from "../permission-policy.js";
+
+type PermissionDecision = "ask" | "allow" | "deny";
+type PermissionRule = PermissionDecision | Record<string, PermissionDecision>;
+
+const RIGID_RULES: Record<string, PermissionRule> = {
+  "*": "ask",
+  webfetch: "ask",
+  websearch: "ask",
+  codesearch: "ask",
+  external_directory: "deny",
+  doom_loop: "deny"
+};
+
+const SENSIBLE_DEFAULTS_RULES: Record<string, PermissionRule> = {
+  read: {
+    "*": "allow",
+    "*.env": "deny",
+    "*.env.*": "deny",
+    "*.env.example": "allow"
+  },
+  edit: "allow",
+  glob: "allow",
+  grep: "allow",
+  list: "allow",
+  lsp: "allow",
+  task: "allow",
+  todoread: "deny",
+  todowrite: "deny",
+  skill: "deny",
+  webfetch: "ask",
+  websearch: "ask",
+  codesearch: "ask",
+  bash: {
+    "*": "deny",
+    "grep *": "allow",
+    "rg *": "allow",
+    "find *": "allow",
+    "fd *": "allow",
+    ls: "allow",
+    "ls *": "allow",
+    "cat *": "allow",
+    "head *": "allow",
+    "tail *": "allow",
+    "wc *": "allow",
+    "sort *": "allow",
+    "uniq *": "allow",
+    "diff *": "allow",
+    "echo *": "allow",
+    "printf *": "allow",
+    pwd: "allow",
+    "which *": "allow",
+    "type *": "allow",
+    whoami: "allow",
+    date: "allow",
+    "date *": "allow",
+    env: "allow",
+    "tree *": "allow",
+    "file *": "allow",
+    "stat *": "allow",
+    "readlink *": "allow",
+    "realpath *": "allow",
+    "dirname *": "allow",
+    "basename *": "allow",
+    "sed *": "allow",
+    "awk *": "allow",
+    "cut *": "allow",
+    "tr *": "allow",
+    "tee *": "allow",
+    "xargs *": "allow",
+    "jq *": "allow",
+    "yq *": "allow",
+    "mkdir *": "allow",
+    "touch *": "allow",
+    "cp *": "ask",
+    "mv *": "ask",
+    "ln *": "ask",
+    "npm *": "ask",
+    "node *": "ask",
+    "pip *": "ask",
+    "python *": "ask",
+    "python3 *": "ask",
+    "rm *": "deny",
+    "rmdir *": "deny",
+    "curl *": "deny",
+    "wget *": "deny",
+    "chmod *": "deny",
+    "chown *": "deny",
+    "sudo *": "deny",
+    "su *": "deny",
+    "sh *": "deny",
+    "bash *": "deny",
+    "zsh *": "deny",
+    "eval *": "deny",
+    "exec *": "deny",
+    "source *": "deny",
+    ". *": "deny",
+    "nohup *": "deny",
+    "dd *": "deny",
+    "mkfs *": "deny",
+    "mount *": "deny",
+    "umount *": "deny",
+    "kill *": "deny",
+    "killall *": "deny",
+    "pkill *": "deny",
+    "nc *": "deny",
+    "ncat *": "deny",
+    "ssh *": "deny",
+    "scp *": "deny",
+    "rsync *": "deny",
+    "docker *": "deny",
+    "kubectl *": "deny",
+    "systemctl *": "deny",
+    "service *": "deny",
+    "crontab *": "deny",
+    reboot: "deny",
+    "shutdown *": "deny",
+    "passwd *": "deny",
+    "useradd *": "deny",
+    "userdel *": "deny",
+    "iptables *": "deny"
+  },
+  external_directory: "deny",
+  doom_loop: "deny"
+};
+
+const MAX_AUTONOMY_RULES: Record<string, PermissionRule> = {
+  "*": "allow",
+  webfetch: "ask",
+  websearch: "ask",
+  codesearch: "ask",
+  external_directory: "deny",
+  doom_loop: "deny"
+};
+
+function getPermissionRules(
+  profile: AutonomyProfile | undefined
+): Record<string, PermissionRule> | undefined {
+  switch (profile) {
+    case "rigid":
+      return RIGID_RULES;
+    case "sensible-defaults":
+      return SENSIBLE_DEFAULTS_RULES;
+    case "max-autonomy":
+      return MAX_AUTONOMY_RULES;
+    default:
+      return undefined;
+  }
+}
 
 export const opencodeWriter: HarnessWriter = {
   id: "opencode",
@@ -20,7 +173,7 @@ export const opencodeWriter: HarnessWriter = {
       defaults: { $schema: "https://opencode.ai/config.json" }
     });
 
-    const permission = getHarnessPermissionRules(config);
+    const permission = getPermissionRules(getAutonomyProfile(config));
 
     await writeAgentMd(config, {
       path: join(projectRoot, ".opencode", "agents", "ade.md"),
@@ -59,9 +212,3 @@ function renderYamlMapping(
 
   return lines;
 }
-
-function formatYamlKey(value: string): string {
-  return /^[A-Za-z_][A-Za-z0-9_-]*$/.test(value)
-    ? value
-    : JSON.stringify(value);
-}