@within-7/minto 0.1.7 → 0.3.0

package/dist/core/permissions/engine/permissionEngine.js

@@ -0,0 +1,106 @@
+class PermissionEngine {
+  rules = [];
+  rulesByName = /* @__PURE__ */ new Map();
+  /**
+   * Register a permission rule
+   */
+  registerRule(rule) {
+    this.unregisterRule(rule.name);
+    this.rules.push(rule);
+    this.rulesByName.set(rule.name, rule);
+    this.rules.sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+  }
+  /**
+   * Register multiple rules at once
+   */
+  registerRules(rules) {
+    for (const rule of rules) {
+      this.registerRule(rule);
+    }
+  }
+  /**
+   * Unregister a rule by name
+   */
+  unregisterRule(name) {
+    const index = this.rules.findIndex((r) => r.name === name);
+    if (index !== -1) {
+      this.rules.splice(index, 1);
+      this.rulesByName.delete(name);
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Get a rule by name
+   */
+  getRule(name) {
+    return this.rulesByName.get(name);
+  }
+  /**
+   * Get all registered rules
+   */
+  getRules() {
+    return [...this.rules];
+  }
+  /**
+   * Check permission for a tool operation
+   *
+   * Rules are evaluated in priority order. The first rule that
+   * returns a non-allowed result stops evaluation.
+   */
+  async checkPermission(context) {
+    const toolName = context.tool.name;
+    for (const rule of this.rules) {
+      if (rule.appliesTo && rule.appliesTo.length > 0) {
+        if (!rule.appliesTo.includes(toolName)) {
+          continue;
+        }
+      }
+      try {
+        const result = await Promise.resolve(rule.check(context));
+        if (!result.allowed) {
+          return {
+            ...result,
+            reason: result.reason || `Denied by rule: ${rule.name}`
+          };
+        }
+      } catch (error) {
+        console.warn(`Permission rule ${rule.name} threw error:`, error);
+      }
+    }
+    return { allowed: true };
+  }
+  /**
+   * Check if a specific rule would allow the operation
+   */
+  async checkRuleOnly(ruleName, context) {
+    const rule = this.rulesByName.get(ruleName);
+    if (!rule) {
+      return null;
+    }
+    return Promise.resolve(rule.check(context));
+  }
+  /**
+   * Clear all rules
+   */
+  clearRules() {
+    this.rules = [];
+    this.rulesByName.clear();
+  }
+}
+let globalEngine = null;
+function getPermissionEngine() {
+  if (!globalEngine) {
+    globalEngine = new PermissionEngine();
+  }
+  return globalEngine;
+}
+function resetPermissionEngine() {
+  globalEngine = null;
+}
+export {
+  PermissionEngine,
+  getPermissionEngine,
+  resetPermissionEngine
+};
+//# sourceMappingURL=permissionEngine.js.map

package/dist/core/permissions/engine/permissionEngine.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/core/permissions/engine/permissionEngine.ts"],
+  "sourcesContent": ["/**\n * Permission Engine\n *\n * Extensible rule-based permission system for tool access control.\n */\n\nimport type {\n  PermissionContext,\n  PermissionResult,\n  PermissionRule,\n} from './types'\n\n/**\n * Permission Engine\n *\n * Manages permission rules and evaluates tool access requests.\n */\nexport class PermissionEngine {\n  private rules: PermissionRule[] = []\n  private rulesByName: Map<string, PermissionRule> = new Map()\n\n  /**\n   * Register a permission rule\n   */\n  registerRule(rule: PermissionRule): void {\n    // Remove existing rule with same name\n    this.unregisterRule(rule.name)\n\n    this.rules.push(rule)\n    this.rulesByName.set(rule.name, rule)\n\n    // Sort by priority (descending)\n    this.rules.sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0))\n  }\n\n  /**\n   * Register multiple rules at once\n   */\n  registerRules(rules: PermissionRule[]): void {\n    for (const rule of rules) {\n      this.registerRule(rule)\n    }\n  }\n\n  /**\n   * Unregister a rule by name\n   */\n  unregisterRule(name: string): boolean {\n    const index = this.rules.findIndex(r => r.name === name)\n    if (index !== -1) {\n      this.rules.splice(index, 1)\n      this.rulesByName.delete(name)\n      return true\n    }\n    return false\n  }\n\n  /**\n   * Get a rule by name\n   */\n  getRule(name: string): PermissionRule | undefined {\n    return this.rulesByName.get(name)\n  }\n\n  /**\n   * Get all registered rules\n   */\n  getRules(): PermissionRule[] {\n    return [...this.rules]\n  }\n\n  /**\n   * Check permission for a tool operation\n   *\n   * Rules are evaluated in priority order. The first rule that\n   * returns a non-allowed result stops evaluation.\n   */\n  async checkPermission(context: PermissionContext): Promise<PermissionResult> {\n    const toolName = context.tool.name\n\n    for (const rule of this.rules) {\n      // Skip rules that don't apply to this tool\n      if (rule.appliesTo && rule.appliesTo.length > 0) {\n        if (!rule.appliesTo.includes(toolName)) {\n          continue\n        }\n      }\n\n      try {\n        const result = await Promise.resolve(rule.check(context))\n\n        // If not allowed, return immediately\n        if (!result.allowed) {\n          return {\n            ...result,\n            reason: result.reason || `Denied by rule: ${rule.name}`,\n          }\n        }\n      } catch (error) {\n        // Log error but continue to next rule\n        console.warn(`Permission rule ${rule.name} threw error:`, error)\n      }\n    }\n\n    // All rules passed\n    return { allowed: true }\n  }\n\n  /**\n   * Check if a specific rule would allow the operation\n   */\n  async checkRuleOnly(\n    ruleName: string,\n    context: PermissionContext,\n  ): Promise<PermissionResult | null> {\n    const rule = this.rulesByName.get(ruleName)\n    if (!rule) {\n      return null\n    }\n\n    return Promise.resolve(rule.check(context))\n  }\n\n  /**\n   * Clear all rules\n   */\n  clearRules(): void {\n    this.rules = []\n    this.rulesByName.clear()\n  }\n}\n\n// Global singleton instance\nlet globalEngine: PermissionEngine | null = null\n\n/**\n * Get the global permission engine instance\n */\nexport function getPermissionEngine(): PermissionEngine {\n  if (!globalEngine) {\n    globalEngine = new PermissionEngine()\n  }\n  return globalEngine\n}\n\n/**\n * Reset the global permission engine (for testing)\n */\nexport function resetPermissionEngine(): void {\n  globalEngine = null\n}\n"],
+  "mappings": "AAiBO,MAAM,iBAAiB;AAAA,EACpB,QAA0B,CAAC;AAAA,EAC3B,cAA2C,oBAAI,IAAI;AAAA;AAAA;AAAA;AAAA,EAK3D,aAAa,MAA4B;AAEvC,SAAK,eAAe,KAAK,IAAI;AAE7B,SAAK,MAAM,KAAK,IAAI;AACpB,SAAK,YAAY,IAAI,KAAK,MAAM,IAAI;AAGpC,SAAK,MAAM,KAAK,CAAC,GAAG,OAAO,EAAE,YAAY,MAAM,EAAE,YAAY,EAAE;AAAA,EACjE;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,OAA+B;AAC3C,eAAW,QAAQ,OAAO;AACxB,WAAK,aAAa,IAAI;AAAA,IACxB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,MAAuB;AACpC,UAAM,QAAQ,KAAK,MAAM,UAAU,OAAK,EAAE,SAAS,IAAI;AACvD,QAAI,UAAU,IAAI;AAChB,WAAK,MAAM,OAAO,OAAO,CAAC;AAC1B,WAAK,YAAY,OAAO,IAAI;AAC5B,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,QAAQ,MAA0C;AAChD,WAAO,KAAK,YAAY,IAAI,IAAI;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA,EAKA,WAA6B;AAC3B,WAAO,CAAC,GAAG,KAAK,KAAK;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,gBAAgB,SAAuD;AAC3E,UAAM,WAAW,QAAQ,KAAK;AAE9B,eAAW,QAAQ,KAAK,OAAO;AAE7B,UAAI,KAAK,aAAa,KAAK,UAAU,SAAS,GAAG;AAC/C,YAAI,CAAC,KAAK,UAAU,SAAS,QAAQ,GAAG;AACtC;AAAA,QACF;AAAA,MACF;AAEA,UAAI;AACF,cAAM,SAAS,MAAM,QAAQ,QAAQ,KAAK,MAAM,OAAO,CAAC;AAGxD,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO;AAAA,YACL,GAAG;AAAA,YACH,QAAQ,OAAO,UAAU,mBAAmB,KAAK,IAAI;AAAA,UACvD;AAAA,QACF;AAAA,MACF,SAAS,OAAO;AAEd,gBAAQ,KAAK,mBAAmB,KAAK,IAAI,iBAAiB,KAAK;AAAA,MACjE;AAAA,IACF;AAGA,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cACJ,UACA,SACkC;AAClC,UAAM,OAAO,KAAK,YAAY,IAAI,QAAQ;AAC1C,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAEA,WAAO,QAAQ,QAAQ,KAAK,MAAM,OAAO,CAAC;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA,EAKA,aAAmB;AACjB,SAAK,QAAQ,CAAC;AACd,SAAK,YAAY,MAAM;AAAA,EACzB;AACF;AAGA,IAAI,eAAwC;AAKrC,SAAS,sBAAwC;AACtD,MAAI,CAAC,cAAc;AACjB,mBAAe,IAAI,iBAAiB;AAAA,EACtC;AACA,SAAO;AACT;AAKO,SAAS,wBAA8B;AAC5C,iBAAe;AACjB;",
+  "names": []
+}

package/dist/core/permissions/engine/types.js

@@ -0,0 +1 @@
+//# sourceMappingURL=types.js.map

package/dist/core/permissions/engine/types.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": [],
+  "sourcesContent": [],
+  "mappings": "",
+  "names": []
+}

package/dist/core/permissions/index.js

@@ -0,0 +1,84 @@
+import {
+  DEFAULT_PERMISSION_RULES,
+  DEFAULT_PERMISSION_CONFIG
+} from "./types.js";
+import {
+  PermissionRuleEngine,
+  getPermissionRuleEngine,
+  resetPermissionRuleEngine
+} from "./ruleEngine.js";
+import {
+  PermissionEngine,
+  getPermissionEngine,
+  resetPermissionEngine
+} from "./engine/permissionEngine.js";
+export * from "./rules/index.js";
+import {
+  logSecurityEvent,
+  logPermissionGranted,
+  logPermissionDenied,
+  logOperationBlocked,
+  logSensitivePathAccess,
+  logExternalOperation,
+  logDangerousCommand,
+  getSessionLog,
+  getEntriesByType,
+  getEntriesByOutcome,
+  getSessionSecuritySummary,
+  getRecentSecurityEvents,
+  formatAuditEntry,
+  readAuditLog,
+  clearSessionLog,
+  resetSession
+} from "./auditLog.js";
+import {
+  SENSITIVE_PATHS,
+  isSensitivePath,
+  getSensitivePathInfo,
+  findMatchingSensitivePaths
+} from "./rules/sensitivePathsRule.js";
+import {
+  isOutsideProject,
+  getRelativeFromProject,
+  calculateExternalOperationRisk,
+  isExternalOperation
+} from "./rules/projectBoundaryRule.js";
+import {
+  shouldAutoEscalate
+} from "./rules/autoEscalationRule.js";
+export {
+  DEFAULT_PERMISSION_CONFIG,
+  DEFAULT_PERMISSION_RULES,
+  PermissionEngine,
+  PermissionRuleEngine,
+  SENSITIVE_PATHS,
+  calculateExternalOperationRisk,
+  clearSessionLog,
+  findMatchingSensitivePaths,
+  formatAuditEntry,
+  getEntriesByOutcome,
+  getEntriesByType,
+  getPermissionEngine,
+  getPermissionRuleEngine,
+  getRecentSecurityEvents,
+  getRelativeFromProject,
+  getSensitivePathInfo,
+  getSessionLog,
+  getSessionSecuritySummary,
+  isExternalOperation,
+  isOutsideProject,
+  isSensitivePath,
+  logDangerousCommand,
+  logExternalOperation,
+  logOperationBlocked,
+  logPermissionDenied,
+  logPermissionGranted,
+  logSecurityEvent,
+  logSensitivePathAccess,
+  readAuditLog,
+  resetPermissionEngine,
+  resetPermissionRuleEngine,
+  resetSession,
+  shouldAutoEscalate
+};
+//# sourceMappingURL=index.js.map

package/dist/core/permissions/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/core/permissions/index.ts"],
+  "sourcesContent": ["/**\n * Permission System\n *\n * Enhanced permission rules system with pattern matching and priorities.\n *\n * Security Features:\n * - Sensitive path protection (SSH keys, credentials, etc.)\n * - Project boundary enforcement (external operations require confirmation)\n * - Auto-escalation for high-risk operations\n * - Comprehensive audit logging\n * - Persistent and session-based permissions\n */\n\n// Pattern-based rule engine types (rule-based system)\nexport {\n  type PermissionDecision as RulePermissionDecision,\n  type PermissionScope,\n  type PermissionRule as PatternPermissionRule,\n  type PermissionEvaluationResult,\n  type PermissionRulesConfig,\n  DEFAULT_PERMISSION_RULES,\n  DEFAULT_PERMISSION_CONFIG,\n} from './types'\n\n// Pattern-based rule engine\nexport {\n  PermissionRuleEngine,\n  getPermissionRuleEngine,\n  resetPermissionRuleEngine,\n} from './ruleEngine'\n\n// Permission engine for tool access control (original engine types)\nexport {\n  type PermissionContext,\n  type PermissionResult,\n  type PermissionRule,\n  type PermissionDecision,\n  type HookPermissionOutput,\n} from './engine/types'\n\nexport {\n  PermissionEngine,\n  getPermissionEngine,\n  resetPermissionEngine,\n} from './engine/permissionEngine'\n\n// Built-in permission rules\nexport * from './rules'\n\n// Audit logging\nexport {\n  type AuditEventType,\n  type AuditLogEntry,\n  logSecurityEvent,\n  logPermissionGranted,\n  logPermissionDenied,\n  logOperationBlocked,\n  logSensitivePathAccess,\n  logExternalOperation,\n  logDangerousCommand,\n  getSessionLog,\n  getEntriesByType,\n  getEntriesByOutcome,\n  getSessionSecuritySummary,\n  getRecentSecurityEvents,\n  formatAuditEntry,\n  readAuditLog,\n  clearSessionLog,\n  resetSession,\n} from './auditLog'\n\n// Sensitive paths utilities\nexport {\n  type SensitivePathCategory,\n  type SensitivePath,\n  SENSITIVE_PATHS,\n  isSensitivePath,\n  getSensitivePathInfo,\n  findMatchingSensitivePaths,\n} from './rules/sensitivePathsRule'\n\n// Project boundary utilities\nexport {\n  type ExternalOperationRisk,\n  isOutsideProject,\n  getRelativeFromProject,\n  calculateExternalOperationRisk,\n  isExternalOperation,\n} from './rules/projectBoundaryRule'\n\n// Auto-escalation utilities\nexport {\n  type EscalationReason,\n  shouldAutoEscalate,\n} from './rules/autoEscalationRule'\n"],
+  "mappings": "AAcA;AAAA,EAME;AAAA,EACA;AAAA,OACK;AAGP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAWP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAGP,cAAc;AAGd;AAAA,EAGE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAGP;AAAA,EAGE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAGP;AAAA,EAEE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAGP;AAAA,EAEE;AAAA,OACK;",
+  "names": []
+}

package/dist/core/permissions/ruleEngine.js

@@ -0,0 +1,259 @@
+import { DEFAULT_PERMISSION_CONFIG } from "./types.js";
+class PermissionRuleEngine {
+  globalRules = [];
+  projectRules = [];
+  defaultDecision = "ask";
+  debug = false;
+  patternCache = /* @__PURE__ */ new Map();
+  constructor(config) {
+    const fullConfig = { ...DEFAULT_PERMISSION_CONFIG, ...config };
+    this.loadRules(fullConfig.rules);
+    this.defaultDecision = fullConfig.defaultDecision;
+    this.debug = fullConfig.debug ?? false;
+  }
+  /**
+   * Load rules from configuration
+   */
+  loadRules(rules) {
+    this.globalRules = [];
+    this.projectRules = [];
+    this.patternCache.clear();
+    for (const rule of rules) {
+      if (this.isRuleValid(rule)) {
+        if (rule.scope === "global") {
+          this.globalRules.push(rule);
+        } else {
+          this.projectRules.push(rule);
+        }
+      }
+    }
+    this.globalRules.sort((a, b) => a.priority - b.priority);
+    this.projectRules.sort((a, b) => a.priority - b.priority);
+  }
+  /**
+   * Add a new rule
+   */
+  addRule(rule) {
+    if (!this.isRuleValid(rule)) {
+      throw new Error(`Invalid rule: ${JSON.stringify(rule)}`);
+    }
+    if (rule.scope === "global") {
+      this.globalRules.push(rule);
+      this.globalRules.sort((a, b) => a.priority - b.priority);
+    } else {
+      this.projectRules.push(rule);
+      this.projectRules.sort((a, b) => a.priority - b.priority);
+    }
+  }
+  /**
+   * Remove a rule by ID
+   */
+  removeRule(ruleId) {
+    const globalIndex = this.globalRules.findIndex((r) => r.id === ruleId);
+    if (globalIndex >= 0) {
+      this.globalRules.splice(globalIndex, 1);
+      return true;
+    }
+    const projectIndex = this.projectRules.findIndex((r) => r.id === ruleId);
+    if (projectIndex >= 0) {
+      this.projectRules.splice(projectIndex, 1);
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Evaluate a tool use against permission rules
+   *
+   * Precedence: DENY > ALLOW > ASK
+   * Project rules take precedence over global rules within the same decision type.
+   */
+  evaluate(toolName, params) {
+    const toolUseString = this.formatToolUse(toolName, params);
+    const evaluationPath = [];
+    if (this.debug) {
+      evaluationPath.push(`Evaluating: ${toolUseString}`);
+    }
+    const now = Date.now();
+    const activeGlobalRules = this.globalRules.filter(
+      (r) => !r.expiresAt || r.expiresAt > now
+    );
+    const activeProjectRules = this.projectRules.filter(
+      (r) => !r.expiresAt || r.expiresAt > now
+    );
+    const allRules = [...activeProjectRules, ...activeGlobalRules];
+    const denyRules = allRules.filter((r) => r.decision === "deny");
+    for (const rule of denyRules) {
+      if (this.matchPattern(rule.pattern, toolUseString)) {
+        if (this.debug) {
+          evaluationPath.push(`DENY matched: ${rule.pattern} (${rule.id})`);
+        }
+        return {
+          decision: "deny",
+          matchedRule: rule,
+          evaluationPath: this.debug ? evaluationPath : void 0
+        };
+      }
+    }
+    const allowRules = allRules.filter((r) => r.decision === "allow");
+    for (const rule of allowRules) {
+      if (this.matchPattern(rule.pattern, toolUseString)) {
+        if (this.debug) {
+          evaluationPath.push(`ALLOW matched: ${rule.pattern} (${rule.id})`);
+        }
+        return {
+          decision: "allow",
+          matchedRule: rule,
+          evaluationPath: this.debug ? evaluationPath : void 0
+        };
+      }
+    }
+    const askRules = allRules.filter((r) => r.decision === "ask");
+    for (const rule of askRules) {
+      if (this.matchPattern(rule.pattern, toolUseString)) {
+        if (this.debug) {
+          evaluationPath.push(`ASK matched: ${rule.pattern} (${rule.id})`);
+        }
+        return {
+          decision: "ask",
+          matchedRule: rule,
+          evaluationPath: this.debug ? evaluationPath : void 0
+        };
+      }
+    }
+    if (this.debug) {
+      evaluationPath.push(
+        `No rule matched, using default: ${this.defaultDecision}`
+      );
+    }
+    return {
+      decision: this.defaultDecision,
+      matchedRule: null,
+      evaluationPath: this.debug ? evaluationPath : void 0
+    };
+  }
+  /**
+   * Get all rules
+   */
+  getRules(scope) {
+    if (scope === "global") return [...this.globalRules];
+    if (scope === "project") return [...this.projectRules];
+    return [...this.projectRules, ...this.globalRules];
+  }
+  /**
+   * Get the default decision
+   */
+  getDefaultDecision() {
+    return this.defaultDecision;
+  }
+  /**
+   * Set the default decision
+   */
+  setDefaultDecision(decision) {
+    this.defaultDecision = decision;
+  }
+  /**
+   * Export rules as configuration
+   */
+  exportConfig() {
+    return {
+      rules: [...this.projectRules, ...this.globalRules],
+      defaultDecision: this.defaultDecision,
+      debug: this.debug
+    };
+  }
+  /**
+   * Match a pattern against a tool use string
+   *
+   * Supports patterns:
+   * - "ToolName" - matches tool name (with any params)
+   * - "ToolName(*)" - matches any params
+   * - "ToolName(prefix:*)" - matches prefix with any suffix
+   * - "ToolName(exact)" - matches exact param
+   * - "*" - matches everything
+   */
+  matchPattern(pattern, toolUseString) {
+    if (!pattern.includes("(") && !pattern.includes("*")) {
+      if (toolUseString.startsWith(pattern + "(") || toolUseString === pattern) {
+        return true;
+      }
+    }
+    let regex = this.patternCache.get(pattern);
+    if (!regex) {
+      regex = this.patternToRegex(pattern);
+      this.patternCache.set(pattern, regex);
+    }
+    return regex.test(toolUseString);
+  }
+  /**
+   * Convert a pattern to a regular expression
+   */
+  patternToRegex(pattern) {
+    if (pattern === "*") {
+      return /^.*$/;
+    }
+    let regexStr = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*").replace(/\?/g, ".");
+    regexStr = `^${regexStr}$`;
+    try {
+      return new RegExp(regexStr, "i");
+    } catch {
+      return /^\0$/;
+    }
+  }
+  /**
+   * Format a tool use as a string for pattern matching
+   *
+   * Format: "ToolName(param_summary)"
+   * For Bash: "Bash(command_prefix)"
+   * For Read: "Read(file_path)"
+   * For Edit: "Edit(file_path)"
+   */
+  formatToolUse(toolName, params) {
+    if (!params || typeof params !== "object") {
+      return toolName;
+    }
+    const p = params;
+    if (toolName === "Bash" && typeof p.command === "string") {
+      const command = p.command.trim();
+      const parts = command.split(/\s+/);
+      const prefix = parts.slice(0, 2).join(" ");
+      return `Bash(${prefix})`;
+    }
+    if (typeof p.file_path === "string") {
+      return `${toolName}(${p.file_path})`;
+    }
+    if (typeof p.path === "string") {
+      return `${toolName}(${p.path})`;
+    }
+    if (typeof p.pattern === "string") {
+      return `${toolName}(${p.pattern})`;
+    }
+    return toolName;
+  }
+  /**
+   * Validate a rule
+   */
+  isRuleValid(rule) {
+    if (!rule.id || typeof rule.id !== "string") return false;
+    if (!rule.pattern || typeof rule.pattern !== "string") return false;
+    if (!["allow", "deny", "ask"].includes(rule.decision)) return false;
+    if (!["global", "project"].includes(rule.scope)) return false;
+    if (typeof rule.priority !== "number") return false;
+    return true;
+  }
+}
+let globalRuleEngine = null;
+function getPermissionRuleEngine() {
+  if (!globalRuleEngine) {
+    globalRuleEngine = new PermissionRuleEngine();
+  }
+  return globalRuleEngine;
+}
+function resetPermissionRuleEngine() {
+  globalRuleEngine = null;
+}
+export {
+  PermissionRuleEngine,
+  getPermissionRuleEngine,
+  resetPermissionRuleEngine
+};
+//# sourceMappingURL=ruleEngine.js.map

package/dist/core/permissions/ruleEngine.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/core/permissions/ruleEngine.ts"],
+  "sourcesContent": ["/**\n * Permission Rule Engine\n *\n * Evaluates permission rules with pattern matching and priority handling.\n * Implements DENY > ALLOW > ASK precedence for security.\n */\n\nimport type {\n  PermissionRule,\n  PermissionDecision,\n  PermissionEvaluationResult,\n  PermissionRulesConfig,\n  PermissionScope,\n} from './types'\nimport { DEFAULT_PERMISSION_CONFIG } from './types'\n\n/**\n * Permission Rule Engine\n *\n * Evaluates tool use requests against permission rules.\n */\nexport class PermissionRuleEngine {\n  private globalRules: PermissionRule[] = []\n  private projectRules: PermissionRule[] = []\n  private defaultDecision: PermissionDecision = 'ask'\n  private debug: boolean = false\n  private patternCache: Map<string, RegExp> = new Map()\n\n  constructor(config?: Partial<PermissionRulesConfig>) {\n    const fullConfig = { ...DEFAULT_PERMISSION_CONFIG, ...config }\n    this.loadRules(fullConfig.rules)\n    this.defaultDecision = fullConfig.defaultDecision\n    this.debug = fullConfig.debug ?? false\n  }\n\n  /**\n   * Load rules from configuration\n   */\n  loadRules(rules: PermissionRule[]): void {\n    this.globalRules = []\n    this.projectRules = []\n    this.patternCache.clear()\n\n    for (const rule of rules) {\n      if (this.isRuleValid(rule)) {\n        if (rule.scope === 'global') {\n          this.globalRules.push(rule)\n        } else {\n          this.projectRules.push(rule)\n        }\n      }\n    }\n\n    // Sort by priority (lower number = higher priority)\n    this.globalRules.sort((a, b) => a.priority - b.priority)\n    this.projectRules.sort((a, b) => a.priority - b.priority)\n  }\n\n  /**\n   * Add a new rule\n   */\n  addRule(rule: PermissionRule): void {\n    if (!this.isRuleValid(rule)) {\n      throw new Error(`Invalid rule: ${JSON.stringify(rule)}`)\n    }\n\n    if (rule.scope === 'global') {\n      this.globalRules.push(rule)\n      this.globalRules.sort((a, b) => a.priority - b.priority)\n    } else {\n      this.projectRules.push(rule)\n      this.projectRules.sort((a, b) => a.priority - b.priority)\n    }\n  }\n\n  /**\n   * Remove a rule by ID\n   */\n  removeRule(ruleId: string): boolean {\n    const globalIndex = this.globalRules.findIndex(r => r.id === ruleId)\n    if (globalIndex >= 0) {\n      this.globalRules.splice(globalIndex, 1)\n      return true\n    }\n\n    const projectIndex = this.projectRules.findIndex(r => r.id === ruleId)\n    if (projectIndex >= 0) {\n      this.projectRules.splice(projectIndex, 1)\n      return true\n    }\n\n    return false\n  }\n\n  /**\n   * Evaluate a tool use against permission rules\n   *\n   * Precedence: DENY > ALLOW > ASK\n   * Project rules take precedence over global rules within the same decision type.\n   */\n  evaluate(toolName: string, params: unknown): PermissionEvaluationResult {\n    const toolUseString = this.formatToolUse(toolName, params)\n    const evaluationPath: string[] = []\n\n    if (this.debug) {\n      evaluationPath.push(`Evaluating: ${toolUseString}`)\n    }\n\n    // Check for expired rules and filter them out\n    const now = Date.now()\n    const activeGlobalRules = this.globalRules.filter(\n      r => !r.expiresAt || r.expiresAt > now,\n    )\n    const activeProjectRules = this.projectRules.filter(\n      r => !r.expiresAt || r.expiresAt > now,\n    )\n\n    // Combine all rules for evaluation, project rules first\n    const allRules = [...activeProjectRules, ...activeGlobalRules]\n\n    // 1. Check DENY rules first (highest priority for security)\n    const denyRules = allRules.filter(r => r.decision === 'deny')\n    for (const rule of denyRules) {\n      if (this.matchPattern(rule.pattern, toolUseString)) {\n        if (this.debug) {\n          evaluationPath.push(`DENY matched: ${rule.pattern} (${rule.id})`)\n        }\n        return {\n          decision: 'deny',\n          matchedRule: rule,\n          evaluationPath: this.debug ? evaluationPath : undefined,\n        }\n      }\n    }\n\n    // 2. Check ALLOW rules next\n    const allowRules = allRules.filter(r => r.decision === 'allow')\n    for (const rule of allowRules) {\n      if (this.matchPattern(rule.pattern, toolUseString)) {\n        if (this.debug) {\n          evaluationPath.push(`ALLOW matched: ${rule.pattern} (${rule.id})`)\n        }\n        return {\n          decision: 'allow',\n          matchedRule: rule,\n          evaluationPath: this.debug ? evaluationPath : undefined,\n        }\n      }\n    }\n\n    // 3. Check ASK rules\n    const askRules = allRules.filter(r => r.decision === 'ask')\n    for (const rule of askRules) {\n      if (this.matchPattern(rule.pattern, toolUseString)) {\n        if (this.debug) {\n          evaluationPath.push(`ASK matched: ${rule.pattern} (${rule.id})`)\n        }\n        return {\n          decision: 'ask',\n          matchedRule: rule,\n          evaluationPath: this.debug ? evaluationPath : undefined,\n        }\n      }\n    }\n\n    // 4. No rule matched, use default\n    if (this.debug) {\n      evaluationPath.push(\n        `No rule matched, using default: ${this.defaultDecision}`,\n      )\n    }\n    return {\n      decision: this.defaultDecision,\n      matchedRule: null,\n      evaluationPath: this.debug ? evaluationPath : undefined,\n    }\n  }\n\n  /**\n   * Get all rules\n   */\n  getRules(scope?: PermissionScope): PermissionRule[] {\n    if (scope === 'global') return [...this.globalRules]\n    if (scope === 'project') return [...this.projectRules]\n    return [...this.projectRules, ...this.globalRules]\n  }\n\n  /**\n   * Get the default decision\n   */\n  getDefaultDecision(): PermissionDecision {\n    return this.defaultDecision\n  }\n\n  /**\n   * Set the default decision\n   */\n  setDefaultDecision(decision: PermissionDecision): void {\n    this.defaultDecision = decision\n  }\n\n  /**\n   * Export rules as configuration\n   */\n  exportConfig(): PermissionRulesConfig {\n    return {\n      rules: [...this.projectRules, ...this.globalRules],\n      defaultDecision: this.defaultDecision,\n      debug: this.debug,\n    }\n  }\n\n  /**\n   * Match a pattern against a tool use string\n   *\n   * Supports patterns:\n   * - \"ToolName\" - matches tool name (with any params)\n   * - \"ToolName(*)\" - matches any params\n   * - \"ToolName(prefix:*)\" - matches prefix with any suffix\n   * - \"ToolName(exact)\" - matches exact param\n   * - \"*\" - matches everything\n   */\n  private matchPattern(pattern: string, toolUseString: string): boolean {\n    // Special case: pattern without parens matches tool name with any params\n    // e.g., \"Read\" should match \"Read(/some/path)\"\n    if (!pattern.includes('(') && !pattern.includes('*')) {\n      // Check if tool use starts with the pattern tool name\n      if (\n        toolUseString.startsWith(pattern + '(') ||\n        toolUseString === pattern\n      ) {\n        return true\n      }\n    }\n\n    // Check cache first\n    let regex = this.patternCache.get(pattern)\n    if (!regex) {\n      regex = this.patternToRegex(pattern)\n      this.patternCache.set(pattern, regex)\n    }\n    return regex.test(toolUseString)\n  }\n\n  /**\n   * Convert a pattern to a regular expression\n   */\n  private patternToRegex(pattern: string): RegExp {\n    // Handle special case: \"*\" matches everything\n    if (pattern === '*') {\n      return /^.*$/\n    }\n\n    // Escape special regex characters except * and ?\n    let regexStr = pattern\n      .replace(/[.+^${}()|[\\]\\\\]/g, '\\\\$&')\n      // Handle wildcards: * matches anything, ? matches single char\n      .replace(/\\*/g, '.*')\n      .replace(/\\?/g, '.')\n\n    // Make it a full match\n    regexStr = `^${regexStr}$`\n\n    try {\n      return new RegExp(regexStr, 'i')\n    } catch {\n      // If regex creation fails, return a pattern that won't match\n      return /^\\0$/\n    }\n  }\n\n  /**\n   * Format a tool use as a string for pattern matching\n   *\n   * Format: \"ToolName(param_summary)\"\n   * For Bash: \"Bash(command_prefix)\"\n   * For Read: \"Read(file_path)\"\n   * For Edit: \"Edit(file_path)\"\n   */\n  private formatToolUse(toolName: string, params: unknown): string {\n    if (!params || typeof params !== 'object') {\n      return toolName\n    }\n\n    const p = params as Record<string, unknown>\n\n    // Handle Bash tool specially - extract command prefix\n    if (toolName === 'Bash' && typeof p.command === 'string') {\n      const command = p.command.trim()\n      // Extract the first word or first two words as prefix\n      const parts = command.split(/\\s+/)\n      const prefix = parts.slice(0, 2).join(' ')\n      return `Bash(${prefix})`\n    }\n\n    // Handle file-related tools\n    if (typeof p.file_path === 'string') {\n      return `${toolName}(${p.file_path})`\n    }\n    if (typeof p.path === 'string') {\n      return `${toolName}(${p.path})`\n    }\n\n    // Handle tools with patterns\n    if (typeof p.pattern === 'string') {\n      return `${toolName}(${p.pattern})`\n    }\n\n    // Default: just the tool name\n    return toolName\n  }\n\n  /**\n   * Validate a rule\n   */\n  private isRuleValid(rule: PermissionRule): boolean {\n    if (!rule.id || typeof rule.id !== 'string') return false\n    if (!rule.pattern || typeof rule.pattern !== 'string') return false\n    if (!['allow', 'deny', 'ask'].includes(rule.decision)) return false\n    if (!['global', 'project'].includes(rule.scope)) return false\n    if (typeof rule.priority !== 'number') return false\n    return true\n  }\n}\n\n// Global singleton instance\nlet globalRuleEngine: PermissionRuleEngine | null = null\n\n/**\n * Get the global permission rule engine instance\n */\nexport function getPermissionRuleEngine(): PermissionRuleEngine {\n  if (!globalRuleEngine) {\n    globalRuleEngine = new PermissionRuleEngine()\n  }\n  return globalRuleEngine\n}\n\n/**\n * Reset the global permission rule engine (for testing)\n */\nexport function resetPermissionRuleEngine(): void {\n  globalRuleEngine = null\n}\n"],
+  "mappings": "AAcA,SAAS,iCAAiC;AAOnC,MAAM,qBAAqB;AAAA,EACxB,cAAgC,CAAC;AAAA,EACjC,eAAiC,CAAC;AAAA,EAClC,kBAAsC;AAAA,EACtC,QAAiB;AAAA,EACjB,eAAoC,oBAAI,IAAI;AAAA,EAEpD,YAAY,QAAyC;AACnD,UAAM,aAAa,EAAE,GAAG,2BAA2B,GAAG,OAAO;AAC7D,SAAK,UAAU,WAAW,KAAK;AAC/B,SAAK,kBAAkB,WAAW;AAClC,SAAK,QAAQ,WAAW,SAAS;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,OAA+B;AACvC,SAAK,cAAc,CAAC;AACpB,SAAK,eAAe,CAAC;AACrB,SAAK,aAAa,MAAM;AAExB,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,YAAY,IAAI,GAAG;AAC1B,YAAI,KAAK,UAAU,UAAU;AAC3B,eAAK,YAAY,KAAK,IAAI;AAAA,QAC5B,OAAO;AACL,eAAK,aAAa,KAAK,IAAI;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAGA,SAAK,YAAY,KAAK,CAAC,GAAG,MAAM,EAAE,WAAW,EAAE,QAAQ;AACvD,SAAK,aAAa,KAAK,CAAC,GAAG,MAAM,EAAE,WAAW,EAAE,QAAQ;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA,EAKA,QAAQ,MAA4B;AAClC,QAAI,CAAC,KAAK,YAAY,IAAI,GAAG;AAC3B,YAAM,IAAI,MAAM,iBAAiB,KAAK,UAAU,IAAI,CAAC,EAAE;AAAA,IACzD;AAEA,QAAI,KAAK,UAAU,UAAU;AAC3B,WAAK,YAAY,KAAK,IAAI;AAC1B,WAAK,YAAY,KAAK,CAAC,GAAG,MAAM,EAAE,WAAW,EAAE,QAAQ;AAAA,IACzD,OAAO;AACL,WAAK,aAAa,KAAK,IAAI;AAC3B,WAAK,aAAa,KAAK,CAAC,GAAG,MAAM,EAAE,WAAW,EAAE,QAAQ;AAAA,IAC1D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW,QAAyB;AAClC,UAAM,cAAc,KAAK,YAAY,UAAU,OAAK,EAAE,OAAO,MAAM;AACnE,QAAI,eAAe,GAAG;AACpB,WAAK,YAAY,OAAO,aAAa,CAAC;AACtC,aAAO;AAAA,IACT;AAEA,UAAM,eAAe,KAAK,aAAa,UAAU,OAAK,EAAE,OAAO,MAAM;AACrE,QAAI,gBAAgB,GAAG;AACrB,WAAK,aAAa,OAAO,cAAc,CAAC;AACxC,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,SAAS,UAAkB,QAA6C;AACtE,UAAM,gBAAgB,KAAK,cAAc,UAAU,MAAM;AACzD,UAAM,iBAA2B,CAAC;AAElC,QAAI,KAAK,OAAO;AACd,qBAAe,KAAK,eAAe,aAAa,EAAE;AAAA,IACpD;AAGA,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,oBAAoB,KAAK,YAAY;AAAA,MACzC,OAAK,CAAC,EAAE,aAAa,EAAE,YAAY;AAAA,IACrC;AACA,UAAM,qBAAqB,KAAK,aAAa;AAAA,MAC3C,OAAK,CAAC,EAAE,aAAa,EAAE,YAAY;AAAA,IACrC;AAGA,UAAM,WAAW,CAAC,GAAG,oBAAoB,GAAG,iBAAiB;AAG7D,UAAM,YAAY,SAAS,OAAO,OAAK,EAAE,aAAa,MAAM;AAC5D,eAAW,QAAQ,WAAW;AAC5B,UAAI,KAAK,aAAa,KAAK,SAAS,aAAa,GAAG;AAClD,YAAI,KAAK,OAAO;AACd,yBAAe,KAAK,iBAAiB,KAAK,OAAO,KAAK,KAAK,EAAE,GAAG;AAAA,QAClE;AACA,eAAO;AAAA,UACL,UAAU;AAAA,UACV,aAAa;AAAA,UACb,gBAAgB,KAAK,QAAQ,iBAAiB;AAAA,QAChD;AAAA,MACF;AAAA,IACF;AAGA,UAAM,aAAa,SAAS,OAAO,OAAK,EAAE,aAAa,OAAO;AAC9D,eAAW,QAAQ,YAAY;AAC7B,UAAI,KAAK,aAAa,KAAK,SAAS,aAAa,GAAG;AAClD,YAAI,KAAK,OAAO;AACd,yBAAe,KAAK,kBAAkB,KAAK,OAAO,KAAK,KAAK,EAAE,GAAG;AAAA,QACnE;AACA,eAAO;AAAA,UACL,UAAU;AAAA,UACV,aAAa;AAAA,UACb,gBAAgB,KAAK,QAAQ,iBAAiB;AAAA,QAChD;AAAA,MACF;AAAA,IACF;AAGA,UAAM,WAAW,SAAS,OAAO,OAAK,EAAE,aAAa,KAAK;AAC1D,eAAW,QAAQ,UAAU;AAC3B,UAAI,KAAK,aAAa,KAAK,SAAS,aAAa,GAAG;AAClD,YAAI,KAAK,OAAO;AACd,yBAAe,KAAK,gBAAgB,KAAK,OAAO,KAAK,KAAK,EAAE,GAAG;AAAA,QACjE;AACA,eAAO;AAAA,UACL,UAAU;AAAA,UACV,aAAa;AAAA,UACb,gBAAgB,KAAK,QAAQ,iBAAiB;AAAA,QAChD;AAAA,MACF;AAAA,IACF;AAGA,QAAI,KAAK,OAAO;AACd,qBAAe;AAAA,QACb,mCAAmC,KAAK,eAAe;AAAA,MACzD;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU,KAAK;AAAA,MACf,aAAa;AAAA,MACb,gBAAgB,KAAK,QAAQ,iBAAiB;AAAA,IAChD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS,OAA2C;AAClD,QAAI,UAAU,SAAU,QAAO,CAAC,GAAG,KAAK,WAAW;AACnD,QAAI,UAAU,UAAW,QAAO,CAAC,GAAG,KAAK,YAAY;AACrD,WAAO,CAAC,GAAG,KAAK,cAAc,GAAG,KAAK,WAAW;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA,EAKA,qBAAyC;AACvC,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB,UAAoC;AACrD,SAAK,kBAAkB;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA,EAKA,eAAsC;AACpC,WAAO;AAAA,MACL,OAAO,CAAC,GAAG,KAAK,cAAc,GAAG,KAAK,WAAW;AAAA,MACjD,iBAAiB,KAAK;AAAA,MACtB,OAAO,KAAK;AAAA,IACd;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYQ,aAAa,SAAiB,eAAgC;AAGpE,QAAI,CAAC,QAAQ,SAAS,GAAG,KAAK,CAAC,QAAQ,SAAS,GAAG,GAAG;AAEpD,UACE,cAAc,WAAW,UAAU,GAAG,KACtC,kBAAkB,SAClB;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAGA,QAAI,QAAQ,KAAK,aAAa,IAAI,OAAO;AACzC,QAAI,CAAC,OAAO;AACV,cAAQ,KAAK,eAAe,OAAO;AACnC,WAAK,aAAa,IAAI,SAAS,KAAK;AAAA,IACtC;AACA,WAAO,MAAM,KAAK,aAAa;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKQ,eAAe,SAAyB;AAE9C,QAAI,YAAY,KAAK;AACnB,aAAO;AAAA,IACT;AAGA,QAAI,WAAW,QACZ,QAAQ,qBAAqB,MAAM,EAEnC,QAAQ,OAAO,IAAI,EACnB,QAAQ,OAAO,GAAG;AAGrB,eAAW,IAAI,QAAQ;AAEvB,QAAI;AACF,aAAO,IAAI,OAAO,UAAU,GAAG;AAAA,IACjC,QAAQ;AAEN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUQ,cAAc,UAAkB,QAAyB;AAC/D,QAAI,CAAC,UAAU,OAAO,WAAW,UAAU;AACzC,aAAO;AAAA,IACT;AAEA,UAAM,IAAI;AAGV,QAAI,aAAa,UAAU,OAAO,EAAE,YAAY,UAAU;AACxD,YAAM,UAAU,EAAE,QAAQ,KAAK;AAE/B,YAAM,QAAQ,QAAQ,MAAM,KAAK;AACjC,YAAM,SAAS,MAAM,MAAM,GAAG,CAAC,EAAE,KAAK,GAAG;AACzC,aAAO,QAAQ,MAAM;AAAA,IACvB;AAGA,QAAI,OAAO,EAAE,cAAc,UAAU;AACnC,aAAO,GAAG,QAAQ,IAAI,EAAE,SAAS;AAAA,IACnC;AACA,QAAI,OAAO,EAAE,SAAS,UAAU;AAC9B,aAAO,GAAG,QAAQ,IAAI,EAAE,IAAI;AAAA,IAC9B;AAGA,QAAI,OAAO,EAAE,YAAY,UAAU;AACjC,aAAO,GAAG,QAAQ,IAAI,EAAE,OAAO;AAAA,IACjC;AAGA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,YAAY,MAA+B;AACjD,QAAI,CAAC,KAAK,MAAM,OAAO,KAAK,OAAO,SAAU,QAAO;AACpD,QAAI,CAAC,KAAK,WAAW,OAAO,KAAK,YAAY,SAAU,QAAO;AAC9D,QAAI,CAAC,CAAC,SAAS,QAAQ,KAAK,EAAE,SAAS,KAAK,QAAQ,EAAG,QAAO;AAC9D,QAAI,CAAC,CAAC,UAAU,SAAS,EAAE,SAAS,KAAK,KAAK,EAAG,QAAO;AACxD,QAAI,OAAO,KAAK,aAAa,SAAU,QAAO;AAC9C,WAAO;AAAA,EACT;AACF;AAGA,IAAI,mBAAgD;AAK7C,SAAS,0BAAgD;AAC9D,MAAI,CAAC,kBAAkB;AACrB,uBAAmB,IAAI,qBAAqB;AAAA,EAC9C;AACA,SAAO;AACT;AAKO,SAAS,4BAAkC;AAChD,qBAAmB;AACrB;",
+  "names": []
+}

package/dist/core/permissions/rules/allowedToolsRule.js

@@ -0,0 +1,62 @@
+const ALWAYS_ALLOWED_TOOLS = /* @__PURE__ */ new Set([
+  "Read",
+  "Glob",
+  "Grep",
+  "LS",
+  "LSP",
+  "TodoWrite",
+  "AskUserQuestion",
+  "Think"
+]);
+function getPermissionKey(toolName, input, prefix) {
+  if (toolName === "Bash") {
+    const command = input.command;
+    if (prefix) {
+      return `Bash(${prefix}:*)`;
+    }
+    if (command) {
+      return `Bash(${command})`;
+    }
+  }
+  if (toolName === "Edit" || toolName === "Replace" || toolName === "Write" || toolName === "MultiEdit") {
+    const filePath = input.file_path;
+    if (filePath) {
+      return `${toolName}(${filePath})`;
+    }
+  }
+  return toolName;
+}
+const allowedToolsRule = {
+  name: "allowed-tools",
+  description: "Checks tool against allowed tools list",
+  priority: 50,
+  // Medium priority
+  check(context) {
+    const toolName = context.tool.name;
+    if (ALWAYS_ALLOWED_TOOLS.has(toolName)) {
+      return { allowed: true };
+    }
+    if (context.tool.needsPermissions && !context.tool.needsPermissions()) {
+      return { allowed: true };
+    }
+    const permissionKey = getPermissionKey(toolName, context.input, null);
+    if (context.allowedTools.includes(toolName)) {
+      return { allowed: true };
+    }
+    if (context.allowedTools.includes(permissionKey)) {
+      return { allowed: true };
+    }
+    return {
+      allowed: true,
+      // Allow but mark for prompting
+      promptUser: true,
+      permissionKey,
+      message: `Permission needed for ${toolName}`
+    };
+  }
+};
+export {
+  allowedToolsRule,
+  getPermissionKey
+};
+//# sourceMappingURL=allowedToolsRule.js.map

package/dist/core/permissions/rules/allowedToolsRule.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/core/permissions/rules/allowedToolsRule.ts"],
+  "sourcesContent": ["/**\n * Allowed Tools Permission Rule\n *\n * Checks if a tool is in the allowed tools list.\n */\n\nimport type {\n  PermissionRule,\n  PermissionContext,\n  PermissionResult,\n} from '../engine/types'\n\n/**\n * Tools that are always allowed (no permission needed)\n */\nconst ALWAYS_ALLOWED_TOOLS = new Set([\n  'Read',\n  'Glob',\n  'Grep',\n  'LS',\n  'LSP',\n  'TodoWrite',\n  'AskUserQuestion',\n  'Think',\n])\n\n/**\n * Generate permission key for a tool\n */\nexport function getPermissionKey(\n  toolName: string,\n  input: Record<string, unknown>,\n  prefix: string | null,\n): string {\n  if (toolName === 'Bash') {\n    const command = input.command as string | undefined\n    if (prefix) {\n      return `Bash(${prefix}:*)`\n    }\n    if (command) {\n      return `Bash(${command})`\n    }\n  }\n\n  // Note: 'Replace' is the actual API name for FileWriteTool (userFacingName is 'Write')\n  if (\n    toolName === 'Edit' ||\n    toolName === 'Replace' ||\n    toolName === 'Write' ||\n    toolName === 'MultiEdit'\n  ) {\n    const filePath = input.file_path as string | undefined\n    if (filePath) {\n      return `${toolName}(${filePath})`\n    }\n  }\n\n  return toolName\n}\n\n/**\n * Allowed Tools Rule\n *\n * Checks if a tool operation is in the allowed tools list.\n */\nexport const allowedToolsRule: PermissionRule = {\n  name: 'allowed-tools',\n  description: 'Checks tool against allowed tools list',\n  priority: 50, // Medium priority\n\n  check(context: PermissionContext): PermissionResult {\n    const toolName = context.tool.name\n\n    // Always allowed tools don't need permission\n    if (ALWAYS_ALLOWED_TOOLS.has(toolName)) {\n      return { allowed: true }\n    }\n\n    // Check if tool doesn't need permissions\n    if (context.tool.needsPermissions && !context.tool.needsPermissions()) {\n      return { allowed: true }\n    }\n\n    // Generate permission key\n    const permissionKey = getPermissionKey(toolName, context.input, null)\n\n    // Check if in allowed tools list\n    if (context.allowedTools.includes(toolName)) {\n      return { allowed: true }\n    }\n\n    if (context.allowedTools.includes(permissionKey)) {\n      return { allowed: true }\n    }\n\n    // Not in allowed list - prompt user\n    return {\n      allowed: true, // Allow but mark for prompting\n      promptUser: true,\n      permissionKey,\n      message: `Permission needed for ${toolName}`,\n    }\n  },\n}\n"],
+  "mappings": "AAeA,MAAM,uBAAuB,oBAAI,IAAI;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAKM,SAAS,iBACd,UACA,OACA,QACQ;AACR,MAAI,aAAa,QAAQ;AACvB,UAAM,UAAU,MAAM;AACtB,QAAI,QAAQ;AACV,aAAO,QAAQ,MAAM;AAAA,IACvB;AACA,QAAI,SAAS;AACX,aAAO,QAAQ,OAAO;AAAA,IACxB;AAAA,EACF;AAGA,MACE,aAAa,UACb,aAAa,aACb,aAAa,WACb,aAAa,aACb;AACA,UAAM,WAAW,MAAM;AACvB,QAAI,UAAU;AACZ,aAAO,GAAG,QAAQ,IAAI,QAAQ;AAAA,IAChC;AAAA,EACF;AAEA,SAAO;AACT;AAOO,MAAM,mBAAmC;AAAA,EAC9C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,UAAU;AAAA;AAAA,EAEV,MAAM,SAA8C;AAClD,UAAM,WAAW,QAAQ,KAAK;AAG9B,QAAI,qBAAqB,IAAI,QAAQ,GAAG;AACtC,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAGA,QAAI,QAAQ,KAAK,oBAAoB,CAAC,QAAQ,KAAK,iBAAiB,GAAG;AACrE,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAGA,UAAM,gBAAgB,iBAAiB,UAAU,QAAQ,OAAO,IAAI;AAGpE,QAAI,QAAQ,aAAa,SAAS,QAAQ,GAAG;AAC3C,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAEA,QAAI,QAAQ,aAAa,SAAS,aAAa,GAAG;AAChD,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAGA,WAAO;AAAA,MACL,SAAS;AAAA;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA,SAAS,yBAAyB,QAAQ;AAAA,IAC5C;AAAA,EACF;AACF;",
+  "names": []
+}