@gotgenes/pi-permission-system 0.7.0

package/src/tool-registry.ts

@@ -0,0 +1,139 @@
+import { getNonEmptyString, toRecord } from "./common.js";
+
+export type ToolRegistrationCheckResult =
+  | {
+      status: "missing-tool-name";
+    }
+  | {
+      status: "registered";
+      requestedToolName: string;
+      normalizedToolName: string;
+    }
+  | {
+      status: "unregistered";
+      requestedToolName: string;
+      normalizedToolName: string;
+      availableToolNames: string[];
+    };
+
+function normalizeToolName(
+  toolName: string,
+  aliases: Record<string, string>,
+): string {
+  return aliases[toolName] || toolName;
+}
+
+function buildReverseAliases(
+  aliases: Record<string, string>,
+): Map<string, string[]> {
+  const reverse = new Map<string, string[]>();
+
+  for (const [alias, canonical] of Object.entries(aliases)) {
+    const existing = reverse.get(canonical) || [];
+    if (!existing.includes(alias)) {
+      existing.push(alias);
+    }
+    reverse.set(canonical, existing);
+  }
+
+  return reverse;
+}
+
+function addToolNameVariants(
+  value: string,
+  names: Set<string>,
+  aliases: Record<string, string>,
+  reverseAliases: ReadonlyMap<string, readonly string[]>,
+): void {
+  names.add(value);
+
+  const normalized = normalizeToolName(value, aliases);
+  names.add(normalized);
+
+  const canonicalFromAlias = aliases[value];
+  if (canonicalFromAlias) {
+    names.add(canonicalFromAlias);
+  }
+
+  const aliasValues = reverseAliases.get(value);
+  if (aliasValues) {
+    for (const alias of aliasValues) {
+      names.add(alias);
+    }
+  }
+
+  const aliasValuesForNormalized = reverseAliases.get(normalized);
+  if (aliasValuesForNormalized) {
+    for (const alias of aliasValuesForNormalized) {
+      names.add(alias);
+    }
+  }
+}
+
+export function getToolNameFromValue(value: unknown): string | null {
+  const direct = getNonEmptyString(value);
+  if (direct) {
+    return direct;
+  }
+
+  const record = toRecord(value);
+  const candidates = [record.toolName, record.name, record.tool];
+
+  for (const candidate of candidates) {
+    const stringValue = getNonEmptyString(candidate);
+    if (stringValue) {
+      return stringValue;
+    }
+  }
+
+  return null;
+}
+
+export function checkRequestedToolRegistration(
+  requestedToolName: string | null,
+  registeredTools: readonly unknown[],
+  aliases: Record<string, string> = {},
+): ToolRegistrationCheckResult {
+  const requested = getNonEmptyString(requestedToolName);
+  if (!requested) {
+    return {
+      status: "missing-tool-name",
+    };
+  }
+
+  const normalizedToolName = normalizeToolName(requested, aliases);
+  const reverseAliases = buildReverseAliases(aliases);
+
+  const registeredLookup = new Set<string>();
+  const availableToolNames = new Set<string>();
+
+  for (const tool of registeredTools) {
+    const name = getToolNameFromValue(tool);
+    if (!name) {
+      continue;
+    }
+
+    availableToolNames.add(name);
+    addToolNameVariants(name, registeredLookup, aliases, reverseAliases);
+  }
+
+  const isRegistered =
+    registeredLookup.has(requested) || registeredLookup.has(normalizedToolName);
+
+  if (isRegistered) {
+    return {
+      status: "registered",
+      requestedToolName: requested,
+      normalizedToolName,
+    };
+  }
+
+  return {
+    status: "unregistered",
+    requestedToolName: requested,
+    normalizedToolName,
+    availableToolNames: [...availableToolNames].sort((a, b) =>
+      a.localeCompare(b),
+    ),
+  };
+}

package/src/types.ts

@@ -0,0 +1,50 @@
+export type PermissionState = "allow" | "deny" | "ask";
+
+export type BuiltInToolName =
+  | "bash"
+  | "read"
+  | "write"
+  | "edit"
+  | "grep"
+  | "find"
+  | "ls";
+
+export type ToolPermissions = Record<string, PermissionState>;
+
+export type BashPermissions = Record<string, PermissionState>;
+
+export type SkillPermissions = Record<string, PermissionState>;
+
+export type SpecialPermissionName = "doom_loop" | "external_directory";
+
+export type SpecialPermissions = Record<string, PermissionState>;
+
+export interface PermissionDefaultPolicy {
+  tools: PermissionState;
+  bash: PermissionState;
+  mcp: PermissionState;
+  skills: PermissionState;
+  special: PermissionState;
+}
+
+export interface AgentPermissions {
+  defaultPolicy?: Partial<PermissionDefaultPolicy>;
+  tools?: ToolPermissions;
+  bash?: BashPermissions;
+  mcp?: ToolPermissions;
+  skills?: SkillPermissions;
+  special?: SpecialPermissions;
+}
+
+export interface GlobalPermissionConfig extends AgentPermissions {
+  defaultPolicy: PermissionDefaultPolicy;
+}
+
+export interface PermissionCheckResult {
+  toolName: string;
+  state: PermissionState;
+  matchedPattern?: string;
+  command?: string;
+  target?: string;
+  source: "tool" | "bash" | "mcp" | "skill" | "special" | "default";
+}

package/src/wildcard-matcher.ts

@@ -0,0 +1,84 @@
+export type CompiledWildcardPattern<TState> = {
+  pattern: string;
+  state: TState;
+  regex: RegExp;
+};
+
+export type WildcardPatternMatch<TState> = {
+  state: TState;
+  matchedPattern: string;
+  matchedName: string;
+};
+
+function escapeRegExp(value: string): string {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
+export function compileWildcardPattern<TState>(
+  pattern: string,
+  state: TState,
+): CompiledWildcardPattern<TState> {
+  const escaped = pattern
+    .split("*")
+    .map((part) => escapeRegExp(part))
+    .join(".*");
+
+  return {
+    pattern,
+    state,
+    regex: new RegExp(`^${escaped}$`),
+  };
+}
+
+export function compileWildcardPatternEntries<TState>(
+  entries: Iterable<readonly [string, TState]>,
+): CompiledWildcardPattern<TState>[] {
+  return Array.from(entries, ([pattern, state]) =>
+    compileWildcardPattern(pattern, state),
+  );
+}
+
+export function compileWildcardPatterns<TState>(
+  patterns: Record<string, TState>,
+): CompiledWildcardPattern<TState>[] {
+  return compileWildcardPatternEntries(Object.entries(patterns));
+}
+
+export function findCompiledWildcardMatch<TState>(
+  patterns: readonly CompiledWildcardPattern<TState>[],
+  name: string,
+): WildcardPatternMatch<TState> | null {
+  for (let index = patterns.length - 1; index >= 0; index -= 1) {
+    const pattern = patterns[index];
+    if (pattern.regex.test(name)) {
+      return {
+        state: pattern.state,
+        matchedPattern: pattern.pattern,
+        matchedName: name,
+      };
+    }
+  }
+
+  return null;
+}
+
+export function findCompiledWildcardMatchForNames<TState>(
+  patterns: readonly CompiledWildcardPattern<TState>[],
+  names: readonly string[],
+): WildcardPatternMatch<TState> | null {
+  const normalizedNames = names
+    .map((value) => value.trim())
+    .filter((value) => value.length > 0);
+  if (normalizedNames.length === 0) {
+    return null;
+  }
+
+  for (const name of normalizedNames) {
+    const match = findCompiledWildcardMatch(patterns, name);
+    if (match) {
+      return match;
+    }
+  }
+
+  return null;
+}

package/src/yolo-mode.ts

@@ -0,0 +1,29 @@
+import type { PermissionSystemExtensionConfig } from "./extension-config.js";
+import type { PermissionState } from "./types.js";
+
+export interface AskPermissionResolutionOptions {
+  config: PermissionSystemExtensionConfig;
+  hasUI: boolean;
+  isSubagent: boolean;
+}
+
+export function isYoloModeEnabled(
+  config: PermissionSystemExtensionConfig,
+): boolean {
+  return config.yoloMode === true;
+}
+
+export function shouldAutoApprovePermissionState(
+  state: PermissionState,
+  config: PermissionSystemExtensionConfig,
+): boolean {
+  return state === "ask" && isYoloModeEnabled(config);
+}
+
+export function canResolveAskPermissionRequest(
+  options: AskPermissionResolutionOptions,
+): boolean {
+  return (
+    options.hasUI || options.isSubagent || isYoloModeEnabled(options.config)
+  );
+}