@phuetz/code-buddy 0.1.18 → 0.1.19

package/dist/security/permission-modes.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Permission Modes
+ *
+ * Five-tier permission system: default, plan, acceptEdits, dontAsk, bypassPermissions.
+ * With managed setting to disable bypass, subagent-specific modes, and pattern-based allowlists.
+ */
+export type PermissionMode = 'default' | 'plan' | 'acceptEdits' | 'dontAsk' | 'bypassPermissions';
+export interface PermissionModeConfig {
+    mode: PermissionMode;
+    disableBypass: boolean;
+    subagentMode?: PermissionMode;
+}
+export interface PermissionDecision {
+    allowed: boolean;
+    reason: string;
+    prompted: boolean;
+}
+export declare class PermissionModeManager {
+    private config;
+    private allowedPatterns;
+    constructor(config?: Partial<PermissionModeConfig>);
+    /**
+     * Set the permission mode
+     * Returns false if trying to set bypassPermissions when it's disabled
+     */
+    setMode(mode: PermissionMode): boolean;
+    getMode(): PermissionMode;
+    /**
+     * Check permission for an action
+     */
+    checkPermission(action: string, toolName: string): PermissionDecision;
+    /**
+     * Default mode: prompt for everything except read-only
+     */
+    private checkDefault;
+    /**
+     * Plan mode: only allow read-only tools, block edits and destructive
+     */
+    private checkPlan;
+    /**
+     * Accept edits mode: auto-approve read and edit tools, prompt for destructive
+     */
+    private checkAcceptEdits;
+    /**
+     * Don't ask mode: auto-approve everything except destructive
+     */
+    private checkDontAsk;
+    /**
+     * Bypass mode: auto-approve everything
+     */
+    private checkBypass;
+    /**
+     * Tool classification
+     */
+    isReadOnlyTool(toolName: string): boolean;
+    isEditTool(toolName: string): boolean;
+    isDestructiveTool(toolName: string): boolean;
+    /**
+     * Add an allowed pattern
+     */
+    addAllowedPattern(pattern: string): void;
+    /**
+     * Check if an action matches any allowed pattern
+     */
+    isPatternAllowed(action: string): boolean;
+    /**
+     * Set subagent mode
+     */
+    setSubagentMode(mode: PermissionMode): void;
+    getSubagentMode(): PermissionMode;
+    /**
+     * Set bypass disabled (managed setting)
+     */
+    setBypassDisabled(disabled: boolean): void;
+    isBypassDisabled(): boolean;
+}

package/dist/security/permission-modes.js

@@ -0,0 +1,195 @@
+/**
+ * Permission Modes
+ *
+ * Five-tier permission system: default, plan, acceptEdits, dontAsk, bypassPermissions.
+ * With managed setting to disable bypass, subagent-specific modes, and pattern-based allowlists.
+ */
+import { logger } from '../utils/logger.js';
+// ============================================================================
+// Tool Classifications
+// ============================================================================
+const READ_ONLY_TOOLS = new Set([
+    'view_file',
+    'read_file',
+    'search',
+    'list_files',
+    'grep',
+    'glob',
+    'git_log',
+    'git_status',
+    'git_diff',
+]);
+const EDIT_TOOLS = new Set([
+    'str_replace_editor',
+    'create_file',
+    'write_file',
+    'edit_file',
+    'apply_patch',
+    'multi_edit',
+]);
+const DESTRUCTIVE_TOOLS = new Set([
+    'bash',
+    'delete_file',
+    'rm',
+    'git_reset',
+    'git_checkout',
+]);
+// ============================================================================
+// Permission Mode Manager
+// ============================================================================
+export class PermissionModeManager {
+    config;
+    allowedPatterns = [];
+    constructor(config) {
+        this.config = {
+            mode: config?.mode || 'default',
+            disableBypass: config?.disableBypass ?? false,
+            subagentMode: config?.subagentMode,
+        };
+    }
+    /**
+     * Set the permission mode
+     * Returns false if trying to set bypassPermissions when it's disabled
+     */
+    setMode(mode) {
+        if (mode === 'bypassPermissions' && this.config.disableBypass) {
+            logger.warn('Cannot enable bypassPermissions: disabled by managed setting');
+            return false;
+        }
+        this.config.mode = mode;
+        logger.info(`Permission mode set to: ${mode}`);
+        return true;
+    }
+    getMode() {
+        return this.config.mode;
+    }
+    /**
+     * Check permission for an action
+     */
+    checkPermission(action, toolName) {
+        // Check pattern allowlist first
+        if (this.isPatternAllowed(action)) {
+            return { allowed: true, reason: 'Matched allowed pattern', prompted: false };
+        }
+        switch (this.config.mode) {
+            case 'default':
+                return this.checkDefault(action, toolName);
+            case 'plan':
+                return this.checkPlan(action, toolName);
+            case 'acceptEdits':
+                return this.checkAcceptEdits(action, toolName);
+            case 'dontAsk':
+                return this.checkDontAsk(action, toolName);
+            case 'bypassPermissions':
+                return this.checkBypass(action, toolName);
+            default:
+                return this.checkDefault(action, toolName);
+        }
+    }
+    /**
+     * Default mode: prompt for everything except read-only
+     */
+    checkDefault(_action, toolName) {
+        if (this.isReadOnlyTool(toolName)) {
+            return { allowed: true, reason: 'Read-only tool auto-approved', prompted: false };
+        }
+        return { allowed: true, reason: 'Requires user confirmation', prompted: true };
+    }
+    /**
+     * Plan mode: only allow read-only tools, block edits and destructive
+     */
+    checkPlan(_action, toolName) {
+        if (this.isReadOnlyTool(toolName)) {
+            return { allowed: true, reason: 'Read-only tool allowed in plan mode', prompted: false };
+        }
+        return { allowed: false, reason: 'Only read-only tools allowed in plan mode', prompted: false };
+    }
+    /**
+     * Accept edits mode: auto-approve read and edit tools, prompt for destructive
+     */
+    checkAcceptEdits(_action, toolName) {
+        if (this.isReadOnlyTool(toolName)) {
+            return { allowed: true, reason: 'Read-only tool auto-approved', prompted: false };
+        }
+        if (this.isEditTool(toolName)) {
+            return { allowed: true, reason: 'Edit tool auto-approved in acceptEdits mode', prompted: false };
+        }
+        if (this.isDestructiveTool(toolName)) {
+            return { allowed: true, reason: 'Destructive tool requires confirmation', prompted: true };
+        }
+        return { allowed: true, reason: 'Requires confirmation', prompted: true };
+    }
+    /**
+     * Don't ask mode: auto-approve everything except destructive
+     */
+    checkDontAsk(_action, toolName) {
+        if (this.isDestructiveTool(toolName)) {
+            return { allowed: true, reason: 'Destructive tool requires confirmation in dontAsk mode', prompted: true };
+        }
+        return { allowed: true, reason: 'Auto-approved in dontAsk mode', prompted: false };
+    }
+    /**
+     * Bypass mode: auto-approve everything
+     */
+    checkBypass(_action, _toolName) {
+        return { allowed: true, reason: 'All operations auto-approved in bypass mode', prompted: false };
+    }
+    /**
+     * Tool classification
+     */
+    isReadOnlyTool(toolName) {
+        return READ_ONLY_TOOLS.has(toolName);
+    }
+    isEditTool(toolName) {
+        return EDIT_TOOLS.has(toolName);
+    }
+    isDestructiveTool(toolName) {
+        return DESTRUCTIVE_TOOLS.has(toolName);
+    }
+    /**
+     * Add an allowed pattern
+     */
+    addAllowedPattern(pattern) {
+        if (!this.allowedPatterns.includes(pattern)) {
+            this.allowedPatterns.push(pattern);
+        }
+    }
+    /**
+     * Check if an action matches any allowed pattern
+     */
+    isPatternAllowed(action) {
+        return this.allowedPatterns.some(pattern => {
+            // Convert glob-like pattern to regex
+            const regex = pattern
+                .replace(/[.+^${}()|[\]\\]/g, '\\$&')
+                .replace(/\*/g, '.*');
+            return new RegExp(`^${regex}$`).test(action);
+        });
+    }
+    /**
+     * Set subagent mode
+     */
+    setSubagentMode(mode) {
+        this.config.subagentMode = mode;
+        logger.info(`Subagent permission mode set to: ${mode}`);
+    }
+    getSubagentMode() {
+        return this.config.subagentMode || this.config.mode;
+    }
+    /**
+     * Set bypass disabled (managed setting)
+     */
+    setBypassDisabled(disabled) {
+        this.config.disableBypass = disabled;
+        // If bypass was active and we're disabling it, revert to default
+        if (disabled && this.config.mode === 'bypassPermissions') {
+            this.config.mode = 'default';
+            logger.warn('Bypass was active but has been disabled, reverting to default mode');
+        }
+        logger.info(`Bypass disabled: ${disabled}`);
+    }
+    isBypassDisabled() {
+        return this.config.disableBypass;
+    }
+}
+//# sourceMappingURL=permission-modes.js.map

package/dist/security/permission-modes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-modes.js","sourceRoot":"","sources":["../../src/security/permission-modes.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAoB5C,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,WAAW;IACX,WAAW;IACX,QAAQ;IACR,YAAY;IACZ,MAAM;IACN,MAAM;IACN,SAAS;IACT,YAAY;IACZ,UAAU;CACX,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;IACzB,oBAAoB;IACpB,aAAa;IACb,YAAY;IACZ,WAAW;IACX,aAAa;IACb,YAAY;CACb,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,MAAM;IACN,aAAa;IACb,IAAI;IACJ,WAAW;IACX,cAAc;CACf,CAAC,CAAC;AAEH,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E,MAAM,OAAO,qBAAqB;IACxB,MAAM,CAAuB;IAC7B,eAAe,GAAa,EAAE,CAAC;IAEvC,YAAY,MAAsC;QAChD,IAAI,CAAC,MAAM,GAAG;YACZ,IAAI,EAAE,MAAM,EAAE,IAAI,IAAI,SAAS;YAC/B,aAAa,EAAE,MAAM,EAAE,aAAa,IAAI,KAAK;YAC7C,YAAY,EAAE,MAAM,EAAE,YAAY;SACnC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,OAAO,CAAC,IAAoB;QAC1B,IAAI,IAAI,KAAK,mBAAmB,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC9D,MAAM,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC;YAC5E,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,MAAc,EAAE,QAAgB;QAC9C,gCAAgC;QAChC,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,yBAAyB,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC/E,CAAC;QAED,QAAQ,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACzB,KAAK,SAAS;gBACZ,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC7C,KAAK,MAAM;gBACT,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC1C,KAAK,aAAa;gBAChB,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACjD,KAAK,SAAS;gBACZ,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC7C,KAAK,mBAAmB;gBACtB,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC5C;gBACE,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,OAAe,EAAE,QAAgB;QACpD,IAAI,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,8BAA8B,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QACpF,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,4BAA4B,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IACjF,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,OAAe,EAAE,QAAgB;QACjD,IAAI,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,qCAAqC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC3F,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,2CAA2C,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAClG,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,OAAe,EAAE,QAAgB;QACxD,IAAI,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,8BAA8B,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QACpF,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,6CAA6C,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QACnG,CAAC;QACD,IAAI,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,wCAAwC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC7F,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,uBAAuB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5E,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,OAAe,EAAE,QAAgB;QACpD,IAAI,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,wDAAwD,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC7G,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,+BAA+B,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IACrF,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,OAAe,EAAE,SAAiB;QACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,6CAA6C,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IACnG,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,QAAgB;QAC7B,OAAO,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,UAAU,CAAC,QAAgB;QACzB,OAAO,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAED,iBAAiB,CAAC,QAAgB;QAChC,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,OAAe;QAC/B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,MAAc;QAC7B,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;YACzC,qCAAqC;YACrC,MAAM,KAAK,GAAG,OAAO;iBAClB,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC;iBACpC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YACxB,OAAO,IAAI,MAAM,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,IAAoB;QAClC,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,IAAI,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,oCAAoC,IAAI,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,eAAe;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,QAAiB;QACjC,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,QAAQ,CAAC;QACrC,iEAAiE;QACjE,IAAI,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACzD,IAAI,CAAC,MAAM,CAAC,IAAI,GAAG,SAAS,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,oBAAoB,QAAQ,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,gBAAgB;QACd,OAAO,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;IACnC,CAAC;CACF"}

package/dist/security/permission-patterns.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Pattern-based Permissions
+ *
+ * Provides fine-grained permission control for tool executions using
+ * glob-pattern matching. Rules are evaluated in order; first match wins.
+ *
+ * Tool specifier format:
+ *   Bash(npm run *)     → matches Bash tool with commands starting "npm run "
+ *   Edit(./src/**)      → matches Edit tool with paths under ./src/
+ *   Read(./.env)        → matches Read tool on exactly ./.env
+ *   WebFetch(domain:example.com) → matches WebFetch for a specific domain
+ *   Bash                → matches all Bash invocations (no pattern)
+ *
+ * Pattern rules:
+ *   *  → matches any characters except /
+ *   ** → matches anything including /
+ */
+export type PermissionAction = 'allow' | 'ask' | 'deny';
+export interface PermissionRule {
+    tool: string;
+    pattern?: string;
+    action: PermissionAction;
+}
+export interface ParsedToolSpecifier {
+    tool: string;
+    pattern?: string;
+}
+export declare class PermissionPatternMatcher {
+    private rules;
+    /**
+     * Add a permission rule.
+     */
+    addRule(rule: PermissionRule): void;
+    /**
+     * Check permission for a tool call. Evaluates rules in order; first match wins.
+     * If no rule matches, returns 'ask' as default.
+     */
+    checkPermission(tool: string, input: string): PermissionAction;
+    /**
+     * Parse a tool specifier string like "Bash(npm run *)" into components.
+     */
+    parseToolSpecifier(spec: string): ParsedToolSpecifier;
+    /**
+     * Load rules from an array of strings like "allow:Bash(npm run *)".
+     */
+    loadRules(ruleStrings: string[]): void;
+    /**
+     * Get all current rules.
+     */
+    getRules(): PermissionRule[];
+    /**
+     * Clear all rules.
+     */
+    clearRules(): void;
+    /**
+     * Remove a rule by index.
+     */
+    removeRule(index: number): void;
+}
+export declare function getPermissionMatcher(): PermissionPatternMatcher;
+export declare function resetPermissionMatcher(): void;

package/dist/security/permission-patterns.js

@@ -0,0 +1,171 @@
+/**
+ * Pattern-based Permissions
+ *
+ * Provides fine-grained permission control for tool executions using
+ * glob-pattern matching. Rules are evaluated in order; first match wins.
+ *
+ * Tool specifier format:
+ *   Bash(npm run *)     → matches Bash tool with commands starting "npm run "
+ *   Edit(./src/**)      → matches Edit tool with paths under ./src/
+ *   Read(./.env)        → matches Read tool on exactly ./.env
+ *   WebFetch(domain:example.com) → matches WebFetch for a specific domain
+ *   Bash                → matches all Bash invocations (no pattern)
+ *
+ * Pattern rules:
+ *   *  → matches any characters except /
+ *   ** → matches anything including /
+ */
+import { logger } from '../utils/logger.js';
+// ============================================================================
+// Pattern Matching
+// ============================================================================
+/**
+ * Convert a glob pattern to a RegExp.
+ *   ** → matches anything (including /)
+ *   *  → matches anything except /
+ */
+function globToRegex(pattern) {
+    let result = '';
+    let i = 0;
+    while (i < pattern.length) {
+        const char = pattern[i];
+        if (char === '*' && pattern[i + 1] === '*') {
+            // ** matches anything including /
+            result += '.*';
+            i += 2;
+            // skip trailing / after **
+            if (pattern[i] === '/') {
+                i++;
+            }
+        }
+        else if (char === '*') {
+            // * matches anything except /
+            result += '[^/]*';
+            i++;
+        }
+        else if (char === '?') {
+            result += '[^/]';
+            i++;
+        }
+        else {
+            // Escape regex special characters
+            result += char.replace(/[.+^${}()|[\]\\]/g, '\\$&');
+            i++;
+        }
+    }
+    return new RegExp('^' + result + '$');
+}
+// ============================================================================
+// PermissionPatternMatcher
+// ============================================================================
+export class PermissionPatternMatcher {
+    rules = [];
+    /**
+     * Add a permission rule.
+     */
+    addRule(rule) {
+        this.rules.push(rule);
+    }
+    /**
+     * Check permission for a tool call. Evaluates rules in order; first match wins.
+     * If no rule matches, returns 'ask' as default.
+     */
+    checkPermission(tool, input) {
+        for (const rule of this.rules) {
+            if (rule.tool !== tool) {
+                continue;
+            }
+            // If rule has no pattern, it matches all invocations of this tool
+            if (!rule.pattern) {
+                return rule.action;
+            }
+            // Domain-based matching for WebFetch
+            if (rule.pattern.startsWith('domain:')) {
+                const domain = rule.pattern.slice('domain:'.length);
+                if (input.includes(domain)) {
+                    return rule.action;
+                }
+                continue;
+            }
+            // Glob pattern matching
+            const regex = globToRegex(rule.pattern);
+            if (regex.test(input)) {
+                return rule.action;
+            }
+        }
+        // Default: ask
+        return 'ask';
+    }
+    /**
+     * Parse a tool specifier string like "Bash(npm run *)" into components.
+     */
+    parseToolSpecifier(spec) {
+        const match = spec.match(/^([A-Za-z_]+)(?:\((.+)\))?$/);
+        if (!match) {
+            throw new Error(`Invalid tool specifier: ${spec}`);
+        }
+        return {
+            tool: match[1],
+            pattern: match[2] || undefined,
+        };
+    }
+    /**
+     * Load rules from an array of strings like "allow:Bash(npm run *)".
+     */
+    loadRules(ruleStrings) {
+        for (const ruleStr of ruleStrings) {
+            const colonIndex = ruleStr.indexOf(':');
+            if (colonIndex === -1) {
+                logger.warn('Invalid rule string (missing action prefix)', { rule: ruleStr });
+                continue;
+            }
+            const action = ruleStr.slice(0, colonIndex);
+            if (action !== 'allow' && action !== 'ask' && action !== 'deny') {
+                logger.warn('Invalid permission action', { action, rule: ruleStr });
+                continue;
+            }
+            const specStr = ruleStr.slice(colonIndex + 1);
+            const spec = this.parseToolSpecifier(specStr);
+            this.addRule({
+                tool: spec.tool,
+                pattern: spec.pattern,
+                action,
+            });
+        }
+    }
+    /**
+     * Get all current rules.
+     */
+    getRules() {
+        return [...this.rules];
+    }
+    /**
+     * Clear all rules.
+     */
+    clearRules() {
+        this.rules = [];
+    }
+    /**
+     * Remove a rule by index.
+     */
+    removeRule(index) {
+        if (index < 0 || index >= this.rules.length) {
+            throw new Error(`Rule index out of bounds: ${index}`);
+        }
+        this.rules.splice(index, 1);
+    }
+}
+// ============================================================================
+// Singleton
+// ============================================================================
+let instance = null;
+export function getPermissionMatcher() {
+    if (!instance) {
+        instance = new PermissionPatternMatcher();
+    }
+    return instance;
+}
+export function resetPermissionMatcher() {
+    instance = null;
+}
+//# sourceMappingURL=permission-patterns.js.map

package/dist/security/permission-patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-patterns.js","sourceRoot":"","sources":["../../src/security/permission-patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAmB5C,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;;;GAIG;AACH,SAAS,WAAW,CAAC,OAAe;IAClC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAExB,IAAI,IAAI,KAAK,GAAG,IAAI,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YAC3C,kCAAkC;YAClC,MAAM,IAAI,IAAI,CAAC;YACf,CAAC,IAAI,CAAC,CAAC;YACP,2BAA2B;YAC3B,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACvB,CAAC,EAAE,CAAC;YACN,CAAC;QACH,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACxB,8BAA8B;YAC9B,MAAM,IAAI,OAAO,CAAC;YAClB,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACxB,MAAM,IAAI,MAAM,CAAC;YACjB,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,CAAC;YACN,kCAAkC;YAClC,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;YACpD,CAAC,EAAE,CAAC;QACN,CAAC;IACH,CAAC;IAED,OAAO,IAAI,MAAM,CAAC,GAAG,GAAG,MAAM,GAAG,GAAG,CAAC,CAAC;AACxC,CAAC;AAED,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E,MAAM,OAAO,wBAAwB;IAC3B,KAAK,GAAqB,EAAE,CAAC;IAErC;;OAEG;IACH,OAAO,CAAC,IAAoB;QAC1B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxB,CAAC;IAED;;;OAGG;IACH,eAAe,CAAC,IAAY,EAAE,KAAa;QACzC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBACvB,SAAS;YACX,CAAC;YAED,kEAAkE;YAClE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClB,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;YAED,qCAAqC;YACrC,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBACpD,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC3B,OAAO,IAAI,CAAC,MAAM,CAAC;gBACrB,CAAC;gBACD,SAAS;YACX,CAAC;YAED,wBAAwB;YACxB,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxC,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;QACH,CAAC;QAED,eAAe;QACf,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,IAAY;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACxD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,OAAO;YACL,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YACd,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,SAAS;SAC/B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,WAAqB;QAC7B,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACxC,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;gBACtB,MAAM,CAAC,IAAI,CAAC,6CAA6C,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;gBAC9E,SAAS;YACX,CAAC;YAED,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAqB,CAAC;YAChE,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;gBAChE,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;gBACpE,SAAS;YACX,CAAC;YAED,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;YAC9C,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAE9C,IAAI,CAAC,OAAO,CAAC;gBACX,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM;aACP,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,KAAa;QACtB,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC9B,CAAC;CACF;AAED,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E,IAAI,QAAQ,GAAoC,IAAI,CAAC;AAErD,MAAM,UAAU,oBAAoB;IAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,IAAI,wBAAwB,EAAE,CAAC;IAC5C,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,sBAAsB;IACpC,QAAQ,GAAG,IAAI,CAAC;AAClB,CAAC"}

package/dist/security/safe-binaries.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Safe Binaries System
+ *
+ * Maintains a list of commands that are safe to execute without
+ * user approval. These are read-only or informational commands
+ * that cannot modify the filesystem or system state.
+ */
+export declare const SAFE_BINARIES: readonly string[];
+export declare class SafeBinariesChecker {
+    private static instance;
+    private safeBinaries;
+    private customized;
+    private constructor();
+    static getInstance(): SafeBinariesChecker;
+    static resetInstance(): void;
+    isSafe(command: string): boolean;
+    isSafeChain(command: string): boolean;
+    getSafeBinaries(): string[];
+    addSafeBinary(name: string): void;
+    removeSafeBinary(name: string): void;
+    isCustomized(): boolean;
+    private extractFirstWord;
+}

package/dist/security/safe-binaries.js

@@ -0,0 +1,96 @@
+/**
+ * Safe Binaries System
+ *
+ * Maintains a list of commands that are safe to execute without
+ * user approval. These are read-only or informational commands
+ * that cannot modify the filesystem or system state.
+ */
+import { logger } from '../utils/logger.js';
+// ============================================================================
+// Safe Binaries List
+// ============================================================================
+export const SAFE_BINARIES = [
+    'ls', 'cat', 'head', 'tail', 'wc', 'grep', 'rg', 'find',
+    'which', 'whoami', 'pwd', 'echo', 'date', 'uname', 'hostname',
+    'env', 'printenv', 'file', 'stat', 'du', 'df', 'free', 'uptime',
+    'id', 'groups', 'locale', 'tty', 'stty', 'basename', 'dirname',
+    'realpath', 'readlink', 'md5sum', 'sha256sum', 'sort', 'uniq',
+    'tr', 'cut', 'paste', 'diff', 'comm', 'tee', 'xargs', 'seq',
+    'yes', 'true', 'false', 'test', 'expr',
+];
+// ============================================================================
+// SafeBinariesChecker
+// ============================================================================
+export class SafeBinariesChecker {
+    static instance = null;
+    safeBinaries;
+    customized = false;
+    constructor() {
+        this.safeBinaries = new Set(SAFE_BINARIES);
+    }
+    static getInstance() {
+        if (!SafeBinariesChecker.instance) {
+            SafeBinariesChecker.instance = new SafeBinariesChecker();
+        }
+        return SafeBinariesChecker.instance;
+    }
+    static resetInstance() {
+        SafeBinariesChecker.instance = null;
+    }
+    isSafe(command) {
+        const trimmed = command.trim();
+        if (!trimmed)
+            return false;
+        const firstWord = this.extractFirstWord(trimmed);
+        return this.safeBinaries.has(firstWord);
+    }
+    isSafeChain(command) {
+        const trimmed = command.trim();
+        if (!trimmed)
+            return false;
+        // Split on pipes, &&, ||, and ;
+        const parts = trimmed.split(/\s*(?:\|{1,2}|&&|;)\s*/);
+        for (const part of parts) {
+            const cleaned = part.trim();
+            if (!cleaned)
+                continue;
+            if (!this.isSafe(cleaned)) {
+                return false;
+            }
+        }
+        return true;
+    }
+    getSafeBinaries() {
+        return Array.from(this.safeBinaries).sort();
+    }
+    addSafeBinary(name) {
+        this.safeBinaries.add(name);
+        this.customized = true;
+        logger.debug('Added safe binary', { name });
+    }
+    removeSafeBinary(name) {
+        this.safeBinaries.delete(name);
+        this.customized = true;
+        logger.debug('Removed safe binary', { name });
+    }
+    isCustomized() {
+        return this.customized;
+    }
+    extractFirstWord(command) {
+        // Handle env var prefixes like FOO=bar cmd
+        let cmd = command;
+        while (/^\w+=\S*\s+/.test(cmd)) {
+            cmd = cmd.replace(/^\w+=\S*\s+/, '');
+        }
+        // Handle sudo/command prefixes
+        const prefixes = ['sudo', 'command', 'builtin'];
+        let firstWord = cmd.split(/\s+/)[0];
+        if (prefixes.includes(firstWord) && cmd.split(/\s+/).length > 1) {
+            firstWord = cmd.split(/\s+/)[1];
+        }
+        // Strip path prefix (e.g., /usr/bin/ls -> ls)
+        const basename = firstWord.split('/').pop() || firstWord;
+        return basename;
+    }
+}
+//# sourceMappingURL=safe-binaries.js.map

package/dist/security/safe-binaries.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safe-binaries.js","sourceRoot":"","sources":["../../src/security/safe-binaries.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E,MAAM,CAAC,MAAM,aAAa,GAAsB;IAC9C,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM;IACvD,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU;IAC7D,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ;IAC/D,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS;IAC9D,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM;IAC7D,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK;IAC3D,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM;CAC9B,CAAC;AAEX,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E,MAAM,OAAO,mBAAmB;IACtB,MAAM,CAAC,QAAQ,GAA+B,IAAI,CAAC;IAEnD,YAAY,CAAc;IAC1B,UAAU,GAAG,KAAK,CAAC;IAE3B;QACE,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;IAC7C,CAAC;IAED,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,CAAC;YAClC,mBAAmB,CAAC,QAAQ,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAC3D,CAAC;QACD,OAAO,mBAAmB,CAAC,QAAQ,CAAC;IACtC,CAAC;IAED,MAAM,CAAC,aAAa;QAClB,mBAAmB,CAAC,QAAQ,GAAG,IAAI,CAAC;IACtC,CAAC;IAED,MAAM,CAAC,OAAe;QACpB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC/B,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC1C,CAAC;IAED,WAAW,CAAC,OAAe;QACzB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC/B,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,gCAAgC;QAChC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAEtD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO;gBAAE,SAAS;YACvB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,eAAe;QACb,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9C,CAAC;IAED,aAAa,CAAC,IAAY;QACxB,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC5B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,gBAAgB,CAAC,IAAY;QAC3B,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAEO,gBAAgB,CAAC,OAAe;QACtC,2CAA2C;QAC3C,IAAI,GAAG,GAAG,OAAO,CAAC;QAClB,OAAO,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvC,CAAC;QAED,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAChD,IAAI,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAEpC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChE,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;QAED,8CAA8C;QAC9C,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,SAAS,CAAC;QACzD,OAAO,QAAQ,CAAC;IAClB,CAAC"}