@trops/dash-core 0.1.514 → 0.1.515

package/dist/electron/index.js

@@ -1934,12 +1934,24 @@ function sanitizePerms(perms) {
             ? raw.writePaths.filter((p) => typeof p === "string")
             : [],
         };
+        // Slice 4: per-action grant scoping. Persist `actions[]` only
+        // when explicitly provided; the gate's legacy migration treats
+        // its absence as "any action allowed" so pre-slice grants
+        // continue to work.
+        if (Array.isArray(raw.actions)) {
+          domains.fs.actions = raw.actions.filter((a) => typeof a === "string");
+        }
       } else if (name === "network") {
         domains.network = {
           hosts: Array.isArray(raw.hosts)
             ? raw.hosts.filter((h) => typeof h === "string")
             : [],
         };
+        if (Array.isArray(raw.actions)) {
+          domains.network.actions = raw.actions.filter(
+            (a) => typeof a === "string",
+          );
+        }
       }
       // Future domains plug in here. Unknown domain names are dropped.
     }
@@ -2426,12 +2438,6 @@ function isFsWriteAction(action) {
   return WRITE_ACTIONS.has(action);
 }
 
-function _isNoGrantDenial$1(reason) {
-  return (
-    typeof reason === "string" && /no fs permissions granted/i.test(reason)
-  );
-}
-
 function _filenameMatches(filename, allowedList) {
   if (!Array.isArray(allowedList) || allowedList.length === 0) return false;
   if (allowedList.includes("*")) return true;
@@ -2483,6 +2489,25 @@ function gateFsCall$1({ widgetId, token, action, args }) {
     };
   }
 
+  // Slice 4: per-action allowlist. When `actions[]` is present and
+  // non-empty, only listed actions are allowed (path scope still
+  // applies). When absent / empty, fall through to legacy behavior
+  // (any read/write-class action allowed against the path scope) so
+  // pre-slice grants keep working — Option A migration.
+  if (Array.isArray(fsPerms.actions) && fsPerms.actions.length > 0) {
+    if (!fsPerms.actions.includes(action)) {
+      return {
+        allow: false,
+        reason:
+          "fs gate: action '" +
+          action +
+          "' not in actions allowlist for widget '" +
+          widgetId +
+          "'",
+      };
+    }
+  }
+
   const isWrite = isFsWriteAction(action);
 
   if (isWrite) {
@@ -2543,7 +2568,7 @@ function _mergeFsGrant(current, addition) {
   const additionFs = addition?.domains?.fs;
   if (additionFs) {
     const existingFs = out.domains.fs || { readPaths: [], writePaths: [] };
-    out.domains.fs = {
+    const merged = {
       readPaths: [
         ...new Set([
           ...(existingFs.readPaths || []),
@@ -2559,30 +2584,80 @@ function _mergeFsGrant(current, addition) {
         ]),
       ],
     };
+    // Slice 4: union `actions[]`. Only emit the field when at least
+    // one side declared it — preserves Option A migration (a legacy
+    // grant being extended without an action allowlist on the
+    // addition still has none after merge).
+    const existingActions = Array.isArray(existingFs.actions)
+      ? existingFs.actions
+      : null;
+    const additionActions = Array.isArray(additionFs.actions)
+      ? additionFs.actions
+      : null;
+    if (existingActions || additionActions) {
+      merged.actions = [
+        ...new Set([...(existingActions || []), ...(additionActions || [])]),
+      ];
+    }
+    out.domains.fs = merged;
   }
   return out;
 }
 
 /**
- * Async gate that escalates "no fs grant" denials to a JIT consent
- * prompt when `opts.enableJit` is true. On approval, merges the
- * decision's grant blob into the persisted grant and re-evaluates.
+ * Async gate that escalates "missing in grant" fs denials to a JIT
+ * consent prompt when `opts.enableJit` is true. Escalation signal is
+ * STRUCTURAL, not message-based: if the requested action+filename
+ * isn't covered by the widget's grant (action absent from `actions[]`,
+ * or filename absent from the appropriate readPaths/writePaths), JIT
+ * fires. Identity-resolution failures and malformed-args denials short-
+ * circuit to the sync gate's verdict — those are abuse or caller bugs,
+ * not consent gaps. Once the request IS covered by the grant, the sync
+ * gate is authoritative (any denial it returns is structural).
  */
 async function gateFsCallWithJit$1(req, opts = {}) {
-  const initial = gateFsCall$1(req);
-  if (initial.allow) return initial;
-  if (!opts.enableJit) return initial;
-  if (!_isNoGrantDenial$1(initial.reason)) return initial;
-
-  // Resolve verified identity once (token wins over claimed widgetId).
-  // Re-using the same resolution as gateFsCall keeps the JIT prompt
-  // and grant write tied to the same identity the gate just denied.
+  if (!opts.enableJit) return gateFsCall$1(req);
+
+  // Identity must resolve to a concrete widgetId. Unknown tokens and
+  // missing widgetId are returned by the sync gate — those denials
+  // aren't recoverable via consent.
   const resolved = _resolveIdentity$2({
     token: req.token,
     widgetId: req.widgetId,
   });
+  if (resolved.source === "token-unknown" || !resolved.widgetId) {
+    return gateFsCall$1(req);
+  }
   const verifiedWidgetId = resolved.widgetId;
-  if (!verifiedWidgetId) return initial;
+
+  // Args must be well-formed enough to derive a filename — malformed
+  // calls are caller bugs, not consent gaps.
+  const filename =
+    req.args && typeof req.args === "object" ? req.args.filename : null;
+  if (typeof filename !== "string" || !filename) {
+    return gateFsCall$1(req);
+  }
+
+  // Structural escalation: when the existing grant covers this
+  // (action, filename) pair, the sync gate's verdict is authoritative.
+  // Otherwise the request is a consent gap; escalate. Mirrors
+  // permissionGate.gateToolCallWithJit's "tool in grant?" check.
+  const grant = getGrant$3(verifiedWidgetId);
+  const fsPerms = grant && grant.domains && grant.domains.fs;
+  if (fsPerms) {
+    const actionsAllow =
+      !Array.isArray(fsPerms.actions) ||
+      fsPerms.actions.length === 0 ||
+      fsPerms.actions.includes(req.action);
+    const isWrite = isFsWriteAction(req.action);
+    const allowedPaths = isWrite
+      ? fsPerms.writePaths || []
+      : [...(fsPerms.readPaths || []), ...(fsPerms.writePaths || [])];
+    const pathsAllow = _filenameMatches(filename, allowedPaths);
+    if (actionsAllow && pathsAllow) {
+      return gateFsCall$1(req);
+    }
+  }
 
   let decision;
   try {
@@ -2598,11 +2673,7 @@ async function gateFsCallWithJit$1(req, opts = {}) {
   } catch (e) {
     return {
       allow: false,
-      reason:
-        "JIT consent " +
-        (e && e.message ? e.message : "failed") +
-        "; original denial: " +
-        initial.reason,
+      reason: "JIT consent " + (e && e.message ? e.message : "failed"),
     };
   }
 
@@ -2618,8 +2689,8 @@ async function gateFsCallWithJit$1(req, opts = {}) {
     };
   }
 
-  const filename = req.args?.filename || "*";
-  const isWrite = isFsWriteAction(req.action);
+  const fallbackFilename = req.args?.filename || "*";
+  const fallbackIsWrite = isFsWriteAction(req.action);
   const addition =
     decision.granted && typeof decision.granted === "object"
       ? decision.granted
@@ -2627,8 +2698,9 @@ async function gateFsCallWithJit$1(req, opts = {}) {
           grantOrigin: "live",
           domains: {
             fs: {
-              readPaths: !isWrite ? [filename] : [],
-              writePaths: isWrite ? [filename] : [],
+              actions: [req.action],
+              readPaths: !fallbackIsWrite ? [fallbackFilename] : [],
+              writePaths: fallbackIsWrite ? [fallbackFilename] : [],
             },
           },
         };
@@ -2714,12 +2786,6 @@ function _resolveIdentity$1({ token, widgetId }) {
   return { widgetId: widgetId || null, source: "legacy" };
 }
 
-function _isNoGrantDenial(reason) {
-  return (
-    typeof reason === "string" && /no network permissions granted/i.test(reason)
-  );
-}
-
 function _hostMatches(host, allowedList) {
   if (!Array.isArray(allowedList) || allowedList.length === 0) return false;
   if (allowedList.includes("*")) return true;
@@ -2805,6 +2871,23 @@ function gateNetworkCall$2({ widgetId, token, action, args }) {
     };
   }
 
+  // Slice 4: per-action allowlist. Same Option A migration as fsGate —
+  // missing/empty `actions[]` falls through to the legacy "any action
+  // against allowed hosts" semantics so pre-slice grants keep working.
+  if (Array.isArray(netPerms.actions) && netPerms.actions.length > 0) {
+    if (!netPerms.actions.includes(action)) {
+      return {
+        allow: false,
+        reason:
+          "network gate: action '" +
+          action +
+          "' not in actions allowlist for widget '" +
+          widgetId +
+          "'",
+      };
+    }
+  }
+
   if (_hostMatches(host, netPerms.hosts)) {
     return { allow: true };
   }
@@ -2832,7 +2915,7 @@ function _mergeNetworkGrant(current, addition) {
   const additionNet = addition?.domains?.network;
   if (additionNet) {
     const existingNet = out.domains.network || { hosts: [] };
-    out.domains.network = {
+    const merged = {
       hosts: [
         ...new Set([
           ...(existingNet.hosts || []),
@@ -2840,30 +2923,73 @@ function _mergeNetworkGrant(current, addition) {
         ]),
       ],
     };
+    // Slice 4: union `actions[]`. Only emit when at least one side
+    // declared it — preserves Option A migration.
+    const existingActions = Array.isArray(existingNet.actions)
+      ? existingNet.actions
+      : null;
+    const additionActions = Array.isArray(additionNet.actions)
+      ? additionNet.actions
+      : null;
+    if (existingActions || additionActions) {
+      merged.actions = [
+        ...new Set([...(existingActions || []), ...(additionActions || [])]),
+      ];
+    }
+    out.domains.network = merged;
   }
   return out;
 }
 
 /**
- * Async gate that escalates "no network grant" denials to a JIT
- * consent prompt when `opts.enableJit` is true. On approval, merges
- * the decision's grant blob into the persisted grant and re-evaluates.
+ * Async gate that escalates "missing in grant" network denials to a
+ * JIT consent prompt when `opts.enableJit` is true. Escalation signal
+ * is STRUCTURAL: if the requested action+host isn't covered by the
+ * widget's grant (action absent from `actions[]`, or host absent from
+ * `hosts[]`), JIT fires. Identity-resolution failures and malformed-
+ * args / malformed-URL denials short-circuit to the sync verdict — not
+ * recoverable via consent. Once the request IS covered, the sync gate
+ * is authoritative.
  */
 async function gateNetworkCallWithJit$2(req, opts = {}) {
-  const initial = gateNetworkCall$2(req);
-  if (initial.allow) return initial;
-  if (!opts.enableJit) return initial;
-  if (!_isNoGrantDenial(initial.reason)) return initial;
-
-  // Same identity-resolution as the sync gate — the JIT prompt and
-  // grant write must use the verified widgetId, not whatever the
-  // renderer claimed.
+  if (!opts.enableJit) return gateNetworkCall$2(req);
+
+  // Identity must resolve. Unknown tokens / missing widgetId aren't
+  // consent gaps.
   const resolved = _resolveIdentity$1({
     token: req.token,
     widgetId: req.widgetId,
   });
+  if (resolved.source === "token-unknown" || !resolved.widgetId) {
+    return gateNetworkCall$2(req);
+  }
   const verifiedWidgetId = resolved.widgetId;
-  if (!verifiedWidgetId) return initial;
+
+  // Args must be well-formed enough to derive a host — malformed
+  // calls aren't consent gaps.
+  const url = req.args && typeof req.args === "object" ? req.args.url : null;
+  if (typeof url !== "string" || !url) {
+    return gateNetworkCall$2(req);
+  }
+  const host = _parseHost(url);
+  if (!host) {
+    return gateNetworkCall$2(req);
+  }
+
+  // Structural escalation: when the existing grant covers this
+  // (action, host) pair, the sync gate's verdict is authoritative.
+  const grant = getGrant$2(verifiedWidgetId);
+  const netPerms = grant && grant.domains && grant.domains.network;
+  if (netPerms) {
+    const actionsAllow =
+      !Array.isArray(netPerms.actions) ||
+      netPerms.actions.length === 0 ||
+      netPerms.actions.includes(req.action);
+    const hostsAllow = _hostMatches(host, netPerms.hosts || []);
+    if (actionsAllow && hostsAllow) {
+      return gateNetworkCall$2(req);
+    }
+  }
 
   let decision;
   try {
@@ -2879,11 +3005,7 @@ async function gateNetworkCallWithJit$2(req, opts = {}) {
   } catch (e) {
     return {
       allow: false,
-      reason:
-        "JIT consent " +
-        (e && e.message ? e.message : "failed") +
-        "; original denial: " +
-        initial.reason,
+      reason: "JIT consent " + (e && e.message ? e.message : "failed"),
     };
   }
 
@@ -2899,13 +3021,14 @@ async function gateNetworkCallWithJit$2(req, opts = {}) {
     };
   }
 
-  const host = _parseHost(req.args?.url) || "*";
   const addition =
     decision.granted && typeof decision.granted === "object"
       ? decision.granted
       : {
           grantOrigin: "live",
-          domains: { network: { hosts: [host] } },
+          domains: {
+            network: { actions: [req.action], hosts: [host] },
+          },
         };
   addition.grantOrigin = "live";