@codemcp/ade 0.2.5 → 0.3.0

package/packages/harnesses/src/writers/claude-code.spec.ts

@@ -11,47 +11,7 @@ import { claudeCodeWriter } from "./claude-code.js";
 import { writeInlineSkills } from "../util.js";
 
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 
 describe("claudeCodeWriter", () => {
@@ -160,7 +120,7 @@ describe("claudeCodeWriter", () => {
     );
   });
 
-  it("does not invent wildcard MCP permission rules", async () => {
+  it("forwards wildcard MCP permission rules for servers without explicit allowedTools", async () => {
     const config: LogicalConfig = {
       mcp_servers: [
         {
@@ -182,10 +142,10 @@ describe("claudeCodeWriter", () => {
 
     const raw = await readFile(join(dir, ".claude", "settings.json"), "utf-8");
     const settings = JSON.parse(raw);
-    expect(settings.permissions.allow ?? []).toEqual([]);
+    expect(settings.permissions.allow).toContain("mcp__workflows__*");
   });
 
-  it("keeps web on ask for rigid autonomy without broad built-in allows", async () => {
+  it("allows only Read for rigid autonomy while asking for everything else", async () => {
     const config: LogicalConfig = {
       mcp_servers: [],
       instructions: [],
@@ -201,9 +161,17 @@ describe("claudeCodeWriter", () => {
 
     const raw = await readFile(join(dir, ".claude", "settings.json"), "utf-8");
     const settings = JSON.parse(raw);
-    expect(settings.permissions.allow ?? []).toEqual([]);
+    expect(settings.permissions.allow).toEqual(["Read"]);
     expect(settings.permissions.ask).toEqual(
-      expect.arrayContaining(["WebFetch", "WebSearch"])
+      expect.arrayContaining([
+        "Edit",
+        "Glob",
+        "Grep",
+        "Bash",
+        "WebFetch",
+        "WebSearch",
+        "TodoWrite"
+      ])
     );
   });
 

package/packages/harnesses/src/writers/claude-code.ts

@@ -1,5 +1,5 @@
 import { join } from "node:path";
-import type { LogicalConfig } from "@codemcp/ade-core";
+import type { AutonomyProfile, LogicalConfig } from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import {
   readJsonOrEmpty,
@@ -8,7 +8,7 @@ import {
   writeAgentMd,
   writeGitHooks
 } from "../util.js";
-import { allowsCapability, keepsWebOnAsk } from "../permission-policy.js";
+import { getAutonomyProfile } from "../permission-policy.js";
 
 export const claudeCodeWriter: HarnessWriter = {
   id: "claude-code",
@@ -40,7 +40,7 @@ async function writeClaudeSettings(
   const existingAllow = asStringArray(existingPerms.allow);
   const existingAsk = asStringArray(existingPerms.ask);
 
-  const autonomyRules = getClaudeAutonomyRules(config);
+  const autonomyRules = getClaudeAutonomyRules(getAutonomyProfile(config));
   const mcpRules = getClaudeMcpAllowRules(config);
   const allowRules = [
     ...new Set([...existingAllow, ...autonomyRules.allow, ...mcpRules])
@@ -77,6 +77,7 @@ function getClaudeMcpAllowRules(config: LogicalConfig): string[] {
   for (const server of config.mcp_servers) {
     const allowedTools = server.allowedTools;
     if (!allowedTools || allowedTools.includes("*")) {
+      allowRules.push(`mcp__${server.ref}__*`);
       continue;
     }
 
@@ -88,20 +89,36 @@ function getClaudeMcpAllowRules(config: LogicalConfig): string[] {
   return allowRules;
 }
 
-function getClaudeAutonomyRules(config: LogicalConfig): {
+function getClaudeAutonomyRules(profile: AutonomyProfile | undefined): {
   allow: string[];
   ask: string[];
 } {
-  const ask = keepsWebOnAsk(config) ? ["WebFetch", "WebSearch"] : [];
-
-  return {
-    allow: [
-      ...(allowsCapability(config, "read") ? ["Read"] : []),
-      ...(allowsCapability(config, "edit_write") ? ["Edit"] : []),
-      ...(allowsCapability(config, "search_list") ? ["Glob", "Grep"] : []),
-      ...(allowsCapability(config, "bash_unsafe") ? ["Bash"] : []),
-      ...(allowsCapability(config, "task_agent") ? ["TodoWrite"] : [])
-    ],
-    ask
-  };
+  switch (profile) {
+    case "rigid":
+      return {
+        allow: ["Read"],
+        ask: [
+          "Edit",
+          "Write",
+          "Glob",
+          "Grep",
+          "Bash",
+          "WebFetch",
+          "WebSearch",
+          "TodoWrite"
+        ]
+      };
+    case "sensible-defaults":
+      return {
+        allow: ["Read", "Edit", "Write", "Glob", "Grep", "TodoWrite"],
+        ask: ["WebFetch", "WebSearch"]
+      };
+    case "max-autonomy":
+      return {
+        allow: ["Read", "Edit", "Write", "Glob", "Grep", "Bash", "TodoWrite"],
+        ask: ["WebFetch", "WebSearch"]
+      };
+    default:
+      return { allow: [], ask: [] };
+  }
 }

package/packages/harnesses/src/writers/cline.spec.ts

@@ -10,47 +10,7 @@ import type {
 import { clineWriter } from "./cline.js";
 
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 
 describe("clineWriter", () => {

package/packages/harnesses/src/writers/copilot.spec.ts

@@ -10,47 +10,7 @@ import type {
 import { copilotWriter } from "./copilot.js";
 
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 
 describe("copilotWriter", () => {
@@ -224,7 +184,7 @@ describe("copilotWriter", () => {
 
     expect(rigidAgent).not.toContain("  - server/workflows/*");
     expect(rigidAgent).toContain("  - workflows/*");
-    expect(rigidAgent).not.toContain("  - read");
+    expect(rigidAgent).toContain("  - read");
     expect(rigidAgent).not.toContain("  - edit");
     expect(rigidAgent).not.toContain("  - search");
     expect(rigidAgent).not.toContain("  - execute");

package/packages/harnesses/src/writers/copilot.ts

@@ -1,17 +1,18 @@
 import { join } from "node:path";
-import type { LogicalConfig, McpServerEntry } from "@codemcp/ade-core";
+import type {
+  AutonomyProfile,
+  LogicalConfig,
+  McpServerEntry
+} from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import {
   writeMcpServers,
   stdioEntry,
   writeAgentMd,
-  writeGitHooks
+  writeGitHooks,
+  formatYamlKey
 } from "../util.js";
-import {
-  allowsCapability,
-  hasPermissionPolicy,
-  keepsWebOnAsk
-} from "../permission-policy.js";
+import { getAutonomyProfile } from "../permission-policy.js";
 
 export const copilotWriter: HarnessWriter = {
   id: "copilot",
@@ -25,7 +26,7 @@ export const copilotWriter: HarnessWriter = {
     });
 
     const tools = [
-      ...getBuiltInTools(config),
+      ...getBuiltInTools(getAutonomyProfile(config)),
       ...getForwardedMcpTools(config.mcp_servers)
     ];
 
@@ -41,25 +42,17 @@ export const copilotWriter: HarnessWriter = {
   }
 };
 
-function getBuiltInTools(config: LogicalConfig): string[] {
-  if (!hasPermissionPolicy(config)) {
-    return ["read", "edit", "search", "execute", "agent", "web"];
+function getBuiltInTools(profile: AutonomyProfile | undefined): string[] {
+  switch (profile) {
+    case "rigid":
+      return ["read"];
+    case "sensible-defaults":
+      return ["read", "edit", "search", "agent"];
+    case "max-autonomy":
+      return ["read", "edit", "search", "execute", "agent", "todo"];
+    default:
+      return ["read", "edit", "search", "execute", "agent", "web"];
   }
-
-  return [
-    ...(allowsCapability(config, "read") ? ["read"] : []),
-    ...(allowsCapability(config, "edit_write") ? ["edit"] : []),
-    ...(allowsCapability(config, "search_list") ? ["search"] : []),
-    ...(allowsCapability(config, "bash_unsafe") ? ["execute"] : []),
-    ...(allowsCapability(config, "task_agent") ? ["agent"] : []),
-    ...(allowsCapability(config, "task_agent") &&
-    allowsCapability(config, "bash_unsafe")
-      ? ["todo"]
-      : []),
-    ...(!keepsWebOnAsk(config) && allowsCapability(config, "web")
-      ? ["web"]
-      : [])
-  ];
 }
 
 function getForwardedMcpTools(servers: McpServerEntry[]): string[] {
@@ -97,9 +90,3 @@ function renderCopilotAgentMcpServers(servers: McpServerEntry[]): string[] {
 
   return lines;
 }
-
-function formatYamlKey(value: string): string {
-  return /^[A-Za-z_][A-Za-z0-9_-]*$/.test(value)
-    ? value
-    : JSON.stringify(value);
-}

package/packages/harnesses/src/writers/cursor.spec.ts

@@ -10,47 +10,7 @@ import type {
 import { cursorWriter } from "./cursor.js";
 
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 
 describe("cursorWriter", () => {

package/packages/harnesses/src/writers/cursor.ts

@@ -1,34 +1,13 @@
 import { mkdir, writeFile } from "node:fs/promises";
 import { join } from "node:path";
-import type { AutonomyCapability, LogicalConfig } from "@codemcp/ade-core";
+import type { AutonomyProfile, LogicalConfig } from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import { writeMcpServers, writeGitHooks } from "../util.js";
 import {
   getAutonomyProfile,
-  getCapabilityDecision,
   hasPermissionPolicy
 } from "../permission-policy.js";
 
-const CURSOR_CAPABILITY_ORDER: AutonomyCapability[] = [
-  "read",
-  "edit_write",
-  "search_list",
-  "bash_safe",
-  "bash_unsafe",
-  "web",
-  "task_agent"
-];
-
-const CURSOR_CAPABILITY_LABELS: Record<AutonomyCapability, string> = {
-  read: "read project files",
-  edit_write: "edit and write project files",
-  search_list: "search and list project contents",
-  bash_safe: "run safe local shell commands",
-  bash_unsafe: "run high-impact shell commands",
-  web: "use web or network access",
-  task_agent: "delegate or decompose work into agent tasks"
-};
-
 export const cursorWriter: HarnessWriter = {
   id: "cursor",
   label: "Cursor",
@@ -68,28 +47,37 @@ function getCursorAutonomyNotes(config: LogicalConfig): string[] {
     return [];
   }
 
-  const allowedCapabilities = CURSOR_CAPABILITY_ORDER.filter(
-    (capability) => getCapabilityDecision(config, capability) === "allow"
-  ).map((capability) => CURSOR_CAPABILITY_LABELS[capability]);
-
-  const approvalGatedCapabilities = CURSOR_CAPABILITY_ORDER.filter(
-    (capability) => getCapabilityDecision(config, capability) === "ask"
-  ).map((capability) => CURSOR_CAPABILITY_LABELS[capability]);
+  const profile = getAutonomyProfile(config);
 
   return [
-    `Cursor autonomy note (documented, not enforced): ${getAutonomyProfile(config) ?? "custom"}.`,
+    `Cursor autonomy note (documented, not enforced): ${profile ?? "custom"}.`,
     "Cursor has no verified committed project-local built-in ask/allow/deny config surface, so ADE documents autonomy intent here instead of writing unsupported permission config.",
-    ...(allowedCapabilities.length > 0
-      ? [
-          `Prefer handling these built-in capabilities without extra approval when Cursor permits it: ${allowedCapabilities.join(", ")}.`
-        ]
-      : []),
-    ...(approvalGatedCapabilities.length > 0
-      ? [
-          `Request approval before these capabilities: ${approvalGatedCapabilities.join(", ")}.`
-        ]
-      : []),
+    ...getCursorProfileGuidance(profile),
     "Web and network access must remain approval-gated.",
     "MCP server registration stays in .cursor/mcp.json; MCP tool approvals remain owned by provisioning and are not enforced or re-modeled in this rules file."
   ];
 }
+
+function getCursorProfileGuidance(
+  profile: AutonomyProfile | undefined
+): string[] {
+  switch (profile) {
+    case "rigid":
+      return [
+        "Prefer handling these built-in capabilities without extra approval when Cursor permits it: read project files.",
+        "Request approval before these capabilities: edit and write project files, search and list project contents, run safe local shell commands, run high-impact shell commands, use web or network access, delegate or decompose work into agent tasks."
+      ];
+    case "sensible-defaults":
+      return [
+        "Prefer handling these built-in capabilities without extra approval when Cursor permits it: read project files, edit and write project files, search and list project contents, run safe local shell commands, delegate or decompose work into agent tasks.",
+        "Request approval before these capabilities: run high-impact shell commands, use web or network access."
+      ];
+    case "max-autonomy":
+      return [
+        "Prefer handling these built-in capabilities without extra approval when Cursor permits it: read project files, edit and write project files, search and list project contents, run safe local shell commands, run high-impact shell commands, delegate or decompose work into agent tasks.",
+        "Request approval before these capabilities: use web or network access."
+      ];
+    default:
+      return [];
+  }
+}

package/packages/harnesses/src/writers/kiro.spec.ts

@@ -10,47 +10,7 @@ import type {
 import { kiroWriter } from "./kiro.js";
 
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 
 describe("kiroWriter", () => {

package/packages/harnesses/src/writers/kiro.ts

@@ -1,5 +1,9 @@
 import { join } from "node:path";
-import type { LogicalConfig, McpServerEntry } from "@codemcp/ade-core";
+import type {
+  AutonomyProfile,
+  LogicalConfig,
+  McpServerEntry
+} from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import {
   standardEntry,
@@ -7,11 +11,7 @@ import {
   writeJson,
   writeMcpServers
 } from "../util.js";
-import {
-  allowsCapability,
-  getCapabilityDecision,
-  hasPermissionPolicy
-} from "../permission-policy.js";
+import { getAutonomyProfile } from "../permission-policy.js";
 
 export const kiroWriter: HarnessWriter = {
   id: "kiro",
@@ -26,6 +26,7 @@ export const kiroWriter: HarnessWriter = {
       })
     });
 
+    const tools = getKiroTools(getAutonomyProfile(config), config.mcp_servers);
     await writeJson(join(projectRoot, ".kiro", "agents", "ade.json"), {
       name: "ade",
       description:
@@ -34,8 +35,8 @@ export const kiroWriter: HarnessWriter = {
         config.instructions.join("\n\n") ||
         "ADE — Agentic Development Environment agent.",
       mcpServers: getKiroAgentMcpServers(config.mcp_servers),
-      tools: getKiroTools(config),
-      allowedTools: getKiroAllowedTools(config),
+      tools,
+      allowedTools: tools,
       useLegacyMcpJson: true
     });
 
@@ -43,24 +44,22 @@ export const kiroWriter: HarnessWriter = {
   }
 };
 
-function getKiroTools(config: LogicalConfig): string[] {
-  const mcpTools = getKiroForwardedMcpTools(config.mcp_servers);
+function getKiroTools(
+  profile: AutonomyProfile | undefined,
+  servers: McpServerEntry[]
+): string[] {
+  const mcpTools = getKiroForwardedMcpTools(servers);
 
-  if (!hasPermissionPolicy(config)) {
-    return ["read", "write", "shell", "spec", ...mcpTools];
+  switch (profile) {
+    case "rigid":
+      return ["read", "shell", "spec", ...mcpTools];
+    case "sensible-defaults":
+      return ["read", "write", "shell", "spec", ...mcpTools];
+    case "max-autonomy":
+      return ["read", "write", "shell(*)", "spec", ...mcpTools];
+    default:
+      return ["read", "write", "shell", "spec", ...mcpTools];
   }
-
-  return [
-    ...(getCapabilityDecision(config, "read") !== "deny" ? ["read"] : []),
-    ...(allowsCapability(config, "edit_write") ? ["write"] : []),
-    ...(allowsCapability(config, "bash_unsafe") ? ["shell(*)"] : ["shell"]),
-    "spec",
-    ...mcpTools
-  ];
-}
-
-function getKiroAllowedTools(config: LogicalConfig): string[] {
-  return getKiroTools(config);
 }
 
 function getKiroForwardedMcpTools(servers: McpServerEntry[]): string[] {