ai-fs-permissions 0.1.0

package/README.md

@@ -0,0 +1,223 @@
+# ai-fs-permissions
+
+A platform-agnostic security tool that enforces file system permissions for AI agents. Designed to protect sensitive files and folders from unauthorized access by AI coding assistants.
+
+## Why?
+
+When using AI coding assistants like Claude Code, Gemini CLI, or Cursor, you might want to:
+- Protect configuration folders (`.centy`, `.claude`, `.github`)
+- Make certain files read-only (lock files, configs)
+- Block access to sensitive files (`.env`, secrets, keys)
+- Allow read but block write to specific paths
+
+This package provides a CLI that can enforce these permissions, working with any AI tool that supports command hooks.
+
+## Installation
+
+```bash
+pnpm add -g ai-fs-permissions
+```
+
+Or use without installation via `pnpm dlx ai-fs-permissions` or `npx ai-fs-permissions`.
+
+## Quick Start
+
+```bash
+# Check if writing to .centy is allowed
+ai-fs-permissions --op write --path ".centy/config.json"
+# Exit code: 2 (blocked if configured)
+
+# Check if reading is allowed
+ai-fs-permissions --op read --path "src/index.ts"
+# Exit code: 0 (allowed)
+
+# Show current configuration
+ai-fs-permissions --show-config
+```
+
+## Configuration
+
+Create `.ai-fs-permissions.yaml` in your project root:
+
+```yaml
+version: 1
+
+rules:
+  # Protect centy configuration (read-only)
+  - path: ".centy/**"
+    access: read
+    reason: "Configuration folder - modifications may break tooling"
+
+  # Protect AI agent settings
+  - path: ".claude/**"
+    access: read
+    reason: "AI agent settings - must be modified by user only"
+
+  # Block all access to env files
+  - path: "**/.env*"
+    access: none
+    reason: "Environment secrets - sensitive data"
+
+  # Block key files using regex
+  - path: "^.*\\.key$"
+    type: regex
+    access: none
+    reason: "Key files contain sensitive credentials"
+
+  # Allow specific file within protected folder (negation)
+  - path: "!.centy/user-config.yaml"
+    access: readwrite
+    reason: "User-editable config"
+```
+
+### Access Levels
+
+| Level | Read | Write | Description |
+|-------|------|-------|-------------|
+| `none` | Blocked | Blocked | Fully blocked |
+| `read` | Allowed | Blocked | Read-only |
+| `write` | Blocked | Allowed | Write-only (rare) |
+| `readwrite` | Allowed | Allowed | Full access |
+
+### Config Discovery
+
+Configs are discovered gitignore-style and merged:
+
+1. `~/.config/ai-fs-permissions/config.yaml` (user defaults)
+2. Walk up from cwd to find `.ai-fs-permissions.yaml` (project)
+3. `./.ai-fs-permissions.yaml` (current directory, highest priority)
+
+Set `extends: false` in project config to ignore user defaults.
+
+## Platform Integration
+
+### Claude Code
+
+Add to your `.claude/settings.json`:
+
+```json
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Read|Glob|Grep",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx ai-fs-permissions --op read"
+          }
+        ]
+      },
+      {
+        "matcher": "Edit|Write|NotebookEdit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx ai-fs-permissions --op write"
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+
+### Gemini CLI
+
+Add to your `.gemini/settings.json`:
+
+```json
+{
+  "hooks": {
+    "BeforeTool": [
+      {
+        "matcher": "read_file",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx ai-fs-permissions --op read"
+          }
+        ]
+      },
+      {
+        "matcher": "write_file|edit_file",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx ai-fs-permissions --op write"
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+
+### Cursor
+
+Create `.cursor/hooks.json`:
+
+```json
+{
+  "version": 1,
+  "hooks": {
+    "beforeShellExecution": [
+      {
+        "command": "npx ai-fs-permissions --op write"
+      }
+    ]
+  }
+}
+```
+
+## CLI Options
+
+```
+ai-fs-permissions [options] [path]
+
+Options:
+  --op <type>       Operation to check: read, write (required)
+  --path <path>     File path to check
+  --config <path>   Use specific config file (skip discovery)
+  --show-config     Show merged configuration and exit
+  --validate        Validate config file and exit
+  --help, -h        Show help message
+  --version, -v     Show version
+
+Input Methods:
+  1. Command line:  ai-fs-permissions --op write --path ".centy/config.json"
+  2. Stdin (JSON):  echo '{"tool_input":{"file_path":"..."}}' | ai-fs-permissions --op write
+  3. Stdin (plain): echo ".centy/config.json" | ai-fs-permissions --op write
+```
+
+## Exit Codes
+
+- `0` - Operation allowed
+- `2` - Operation blocked
+- `1` - Error occurred
+
+## Blocked Message
+
+When an operation is blocked, a clear message is output to guide the AI agent:
+
+```
+PERMISSION DENIED: Writing to '.centy/settings.json' is blocked.
+
+Reason: Configuration folder - modifications may break tooling
+
+This rule is configured by the project owner and cannot be overridden.
+Do NOT attempt to:
+- Use Bash commands to bypass this restriction
+- Suggest workarounds that modify this path
+- Ask the user to disable this protection
+
+If this file must be modified, ask the user to do it manually.
+```
+
+## License
+
+MIT
+
+## Related Projects
+
+- [block-no-verify](https://github.com/tupe12334/block-no-verify) - Block `--no-verify` flag in git commands

package/dist/checker.d.ts

@@ -0,0 +1,6 @@
+import type { Config, Operation, CheckResult } from './types.js';
+/**
+ * Checks if an operation on a path is allowed
+ */
+export declare function checkPermission(config: Config, filePath: string, operation: Operation): CheckResult;
+//# sourceMappingURL=checker.d.ts.map

package/dist/checker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"checker.d.ts","sourceRoot":"","sources":["../src/checker.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,MAAM,EAEN,SAAS,EAET,WAAW,EACZ,MAAM,YAAY,CAAA;AA8CnB;;GAEG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,SAAS,GACnB,WAAW,CAsDb"}

package/dist/checker.js

@@ -0,0 +1,86 @@
+import { matchPath } from './matcher/index.js';
+import { formatBlockedMessage, formatAllowedMessage } from './output.js';
+/**
+ * Checks if an access level allows the given operation
+ */
+function isOperationAllowed(access, operation) {
+    switch (access) {
+        case 'none':
+            return false;
+        case 'read':
+            return operation === 'read';
+        case 'write':
+            return operation === 'write';
+        case 'readwrite':
+            return true;
+        default:
+            return true;
+    }
+}
+/**
+ * Finds the matching rule for a path
+ * Rules are evaluated in order, with later rules overriding earlier ones
+ * Negation rules (!) grant access back
+ */
+function findMatchingRule(rules, filePath) {
+    let lastMatch = null;
+    for (let i = 0; i < rules.length; i++) {
+        const rule = rules[i];
+        if (matchPath(rule.path, rule.type, filePath)) {
+            lastMatch = { rule, index: i };
+        }
+    }
+    return lastMatch;
+}
+/**
+ * Checks if an operation on a path is allowed
+ */
+export function checkPermission(config, filePath, operation) {
+    // Normalize path (remove leading ./ if present)
+    const normalizedPath = filePath.replace(/^\.\//, '');
+    // Find matching rule
+    const match = findMatchingRule(config.rules, normalizedPath);
+    // No matching rule = passthrough (allowed)
+    if (match === null) {
+        return {
+            allowed: true,
+            path: normalizedPath,
+            operation,
+            message: formatAllowedMessage(normalizedPath, operation),
+        };
+    }
+    const { rule } = match;
+    // Negation rules grant access back
+    if (rule.negated) {
+        return {
+            allowed: true,
+            path: normalizedPath,
+            operation,
+            rule: `!${rule.path}`,
+            access: rule.access,
+            message: formatAllowedMessage(normalizedPath, operation),
+        };
+    }
+    // Check if operation is allowed by the access level
+    const allowed = isOperationAllowed(rule.access, operation);
+    if (allowed) {
+        return {
+            allowed: true,
+            path: normalizedPath,
+            operation,
+            rule: rule.path,
+            access: rule.access,
+            message: formatAllowedMessage(normalizedPath, operation),
+        };
+    }
+    // Operation is blocked
+    return {
+        allowed: false,
+        path: normalizedPath,
+        operation,
+        rule: rule.path,
+        access: rule.access,
+        message: formatBlockedMessage(normalizedPath, operation, rule),
+    };
+}
+//# sourceMappingURL=checker.js.map

package/dist/checker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checker.js","sourceRoot":"","sources":["../src/checker.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAA;AAC9C,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAA;AAExE;;GAEG;AACH,SAAS,kBAAkB,CACzB,MAAmB,EACnB,SAAoB;IAEpB,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,MAAM;YACT,OAAO,KAAK,CAAA;QACd,KAAK,MAAM;YACT,OAAO,SAAS,KAAK,MAAM,CAAA;QAC7B,KAAK,OAAO;YACV,OAAO,SAAS,KAAK,OAAO,CAAA;QAC9B,KAAK,WAAW;YACd,OAAO,IAAI,CAAA;QACb;YACE,OAAO,IAAI,CAAA;IACf,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB,CACvB,KAAa,EACb,QAAgB;IAEhB,IAAI,SAAS,GAAyC,IAAI,CAAA;IAE1D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC9C,SAAS,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAA;QAChC,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAc,EACd,QAAgB,EAChB,SAAoB;IAEpB,gDAAgD;IAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;IAEpD,qBAAqB;IACrB,MAAM,KAAK,GAAG,gBAAgB,CAAC,MAAM,CAAC,KAAK,EAAE,cAAc,CAAC,CAAA;IAE5D,2CAA2C;IAC3C,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,cAAc;YACpB,SAAS;YACT,OAAO,EAAE,oBAAoB,CAAC,cAAc,EAAE,SAAS,CAAC;SACzD,CAAA;IACH,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,KAAK,CAAA;IAEtB,mCAAmC;IACnC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,cAAc;YACpB,SAAS;YACT,IAAI,EAAE,IAAI,IAAI,CAAC,IAAI,EAAE;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,oBAAoB,CAAC,cAAc,EAAE,SAAS,CAAC;SACzD,CAAA;IACH,CAAC;IAED,oDAAoD;IACpD,MAAM,OAAO,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;IAE1D,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,cAAc;YACpB,SAAS;YACT,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,oBAAoB,CAAC,cAAc,EAAE,SAAS,CAAC;SACzD,CAAA;IACH,CAAC;IAED,uBAAuB;IACvB,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE,cAAc;QACpB,SAAS;QACT,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,OAAO,EAAE,oBAAoB,CAAC,cAAc,EAAE,SAAS,EAAE,IAAI,CAAC;KAC/D,CAAA;AACH,CAAC"}

package/dist/cli-args.d.ts

@@ -0,0 +1,25 @@
+import type { Operation } from './types.js';
+/**
+ * Parsed CLI arguments
+ */
+export interface CliArgs {
+    /** Operation to check (read/write) */
+    operation: Operation | null;
+    /** File path to check */
+    path: string | null;
+    /** Custom config file path */
+    configPath: string | null;
+    /** Show help */
+    showHelp: boolean;
+    /** Show version */
+    showVersion: boolean;
+    /** Show merged config (debug) */
+    showConfig: boolean;
+    /** Validate config file */
+    validate: boolean;
+}
+/**
+ * Parses command line arguments
+ */
+export declare function parseArgs(args: string[], onError: (message: string) => never): CliArgs;
+//# sourceMappingURL=cli-args.d.ts.map

package/dist/cli-args.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-args.d.ts","sourceRoot":"","sources":["../src/cli-args.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAA;AAE3C;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,sCAAsC;IACtC,SAAS,EAAE,SAAS,GAAG,IAAI,CAAA;IAC3B,yBAAyB;IACzB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IACnB,8BAA8B;IAC9B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,gBAAgB;IAChB,QAAQ,EAAE,OAAO,CAAA;IACjB,mBAAmB;IACnB,WAAW,EAAE,OAAO,CAAA;IACpB,iCAAiC;IACjC,UAAU,EAAE,OAAO,CAAA;IACnB,2BAA2B;IAC3B,QAAQ,EAAE,OAAO,CAAA;CAClB;AAED;;GAEG;AACH,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,KAAK,GAClC,OAAO,CAqFT"}

package/dist/cli-args.js

@@ -0,0 +1,79 @@
+/**
+ * Parses command line arguments
+ */
+export function parseArgs(args, onError) {
+    const result = {
+        operation: null,
+        path: null,
+        configPath: null,
+        showHelp: false,
+        showVersion: false,
+        showConfig: false,
+        validate: false,
+    };
+    let i = 0;
+    while (i < args.length) {
+        const arg = args[i];
+        if (arg === '--help' || arg === '-h') {
+            result.showHelp = true;
+            i++;
+            continue;
+        }
+        if (arg === '--version' || arg === '-v') {
+            result.showVersion = true;
+            i++;
+            continue;
+        }
+        if (arg === '--show-config') {
+            result.showConfig = true;
+            i++;
+            continue;
+        }
+        if (arg === '--validate') {
+            result.validate = true;
+            i++;
+            continue;
+        }
+        if (arg === '--op') {
+            const value = args[i + 1];
+            if (!value || value.startsWith('-')) {
+                onError('--op requires a value (read or write)');
+            }
+            if (value !== 'read' && value !== 'write') {
+                onError(`Invalid operation: ${value}. Must be 'read' or 'write'`);
+            }
+            result.operation = value;
+            i += 2;
+            continue;
+        }
+        if (arg === '--path') {
+            const value = args[i + 1];
+            if (!value || value.startsWith('-')) {
+                onError('--path requires a value');
+            }
+            result.path = value;
+            i += 2;
+            continue;
+        }
+        if (arg === '--config') {
+            const value = args[i + 1];
+            if (!value || value.startsWith('-')) {
+                onError('--config requires a value');
+            }
+            result.configPath = value;
+            i += 2;
+            continue;
+        }
+        // Unknown argument
+        if (arg.startsWith('-')) {
+            onError(`Unknown option: ${arg}`);
+        }
+        // Positional argument (treat as path if not set)
+        if (result.path === null) {
+            result.path = arg;
+        }
+        i++;
+    }
+    return result;
+}
+//# sourceMappingURL=cli-args.js.map

package/dist/cli-args.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-args.js","sourceRoot":"","sources":["../src/cli-args.ts"],"names":[],"mappings":"AAsBA;;GAEG;AACH,MAAM,UAAU,SAAS,CACvB,IAAc,EACd,OAAmC;IAEnC,MAAM,MAAM,GAAY;QACtB,SAAS,EAAE,IAAI;QACf,IAAI,EAAE,IAAI;QACV,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,KAAK;QAClB,UAAU,EAAE,KAAK;QACjB,QAAQ,EAAE,KAAK;KAChB,CAAA;IAED,IAAI,CAAC,GAAG,CAAC,CAAA;IACT,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QAEnB,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACrC,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAA;YACtB,CAAC,EAAE,CAAA;YACH,SAAQ;QACV,CAAC;QAED,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACxC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAA;YACzB,CAAC,EAAE,CAAA;YACH,SAAQ;QACV,CAAC;QAED,IAAI,GAAG,KAAK,eAAe,EAAE,CAAC;YAC5B,MAAM,CAAC,UAAU,GAAG,IAAI,CAAA;YACxB,CAAC,EAAE,CAAA;YACH,SAAQ;QACV,CAAC;QAED,IAAI,GAAG,KAAK,YAAY,EAAE,CAAC;YACzB,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAA;YACtB,CAAC,EAAE,CAAA;YACH,SAAQ;QACV,CAAC;QAED,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;YACnB,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;YACzB,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpC,OAAO,CAAC,uCAAuC,CAAC,CAAA;YAClD,CAAC;YACD,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;gBAC1C,OAAO,CAAC,sBAAsB,KAAK,6BAA6B,CAAC,CAAA;YACnE,CAAC;YACD,MAAM,CAAC,SAAS,GAAG,KAAkB,CAAA;YACrC,CAAC,IAAI,CAAC,CAAA;YACN,SAAQ;QACV,CAAC;QAED,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;YACzB,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpC,OAAO,CAAC,yBAAyB,CAAC,CAAA;YACpC,CAAC;YACD,MAAM,CAAC,IAAI,GAAG,KAAK,CAAA;YACnB,CAAC,IAAI,CAAC,CAAA;YACN,SAAQ;QACV,CAAC;QAED,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;YACzB,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpC,OAAO,CAAC,2BAA2B,CAAC,CAAA;YACtC,CAAC;YACD,MAAM,CAAC,UAAU,GAAG,KAAK,CAAA;YACzB,CAAC,IAAI,CAAC,CAAA;YACN,SAAQ;QACV,CAAC;QAED,mBAAmB;QACnB,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,mBAAmB,GAAG,EAAE,CAAC,CAAA;QACnC,CAAC;QAED,iDAAiD;QACjD,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,GAAG,GAAG,CAAA;QACnB,CAAC;QACD,CAAC,EAAE,CAAA;IACL,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/cli-help.d.ts

@@ -0,0 +1,2 @@
+export declare const HELP_TEXT = "ai-fs-permissions - File system permissions for AI agents\n\nUSAGE\n  ai-fs-permissions [options] [path]\n\nOPTIONS\n  --op <type>       Operation to check: read, write (required unless using stdin)\n  --path <path>     File path to check (can also be positional argument)\n  --config <path>   Use specific config file (skip discovery)\n  --show-config     Show merged configuration and exit\n  --validate        Validate config file and exit\n  --help, -h        Show this help message\n  --version, -v     Show version\n\nINPUT METHODS\n  1. Command line:    ai-fs-permissions --op write --path \".centy/config.json\"\n  2. Stdin (JSON):    echo '{\"tool_input\":{\"file_path\":\".centy/x\"}}' | ai-fs-permissions --op write\n  3. Stdin (plain):   echo \".centy/config.json\" | ai-fs-permissions --op write\n\nCONFIG FILE (.ai-fs-permissions.yaml)\n  version: 1\n  rules:\n    - path: \".centy/**\"\n      access: read\n      reason: \"Configuration folder\"\n    - path: \"**/.env*\"\n      access: none\n      reason: \"Environment secrets\"\n\nACCESS LEVELS\n  none       Block all access (read and write)\n  read       Allow read, block write\n  write      Allow write, block read\n  readwrite  Allow both read and write\n\nEXIT CODES\n  0          Operation allowed\n  2          Operation blocked\n  1          Error (invalid config, missing arguments, etc.)\n\nEXAMPLES\n  # Check if writing to .centy is allowed\n  ai-fs-permissions --op write --path \".centy/settings.json\"\n\n  # Use with Claude Code hooks (stdin JSON)\n  echo '{\"tool_input\":{\"file_path\":\"src/index.ts\"}}' | ai-fs-permissions --op write\n\n  # Show merged config for debugging\n  ai-fs-permissions --show-config\n\n  # Validate config file\n  ai-fs-permissions --validate\n";
+//# sourceMappingURL=cli-help.d.ts.map

package/dist/cli-help.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-help.d.ts","sourceRoot":"","sources":["../src/cli-help.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,SAAS,quDAoDrB,CAAA"}

package/dist/cli-help.js

@@ -0,0 +1,54 @@
+export const HELP_TEXT = `ai-fs-permissions - File system permissions for AI agents
+
+USAGE
+  ai-fs-permissions [options] [path]
+
+OPTIONS
+  --op <type>       Operation to check: read, write (required unless using stdin)
+  --path <path>     File path to check (can also be positional argument)
+  --config <path>   Use specific config file (skip discovery)
+  --show-config     Show merged configuration and exit
+  --validate        Validate config file and exit
+  --help, -h        Show this help message
+  --version, -v     Show version
+
+INPUT METHODS
+  1. Command line:    ai-fs-permissions --op write --path ".centy/config.json"
+  2. Stdin (JSON):    echo '{"tool_input":{"file_path":".centy/x"}}' | ai-fs-permissions --op write
+  3. Stdin (plain):   echo ".centy/config.json" | ai-fs-permissions --op write
+
+CONFIG FILE (.ai-fs-permissions.yaml)
+  version: 1
+  rules:
+    - path: ".centy/**"
+      access: read
+      reason: "Configuration folder"
+    - path: "**/.env*"
+      access: none
+      reason: "Environment secrets"
+
+ACCESS LEVELS
+  none       Block all access (read and write)
+  read       Allow read, block write
+  write      Allow write, block read
+  readwrite  Allow both read and write
+
+EXIT CODES
+  0          Operation allowed
+  2          Operation blocked
+  1          Error (invalid config, missing arguments, etc.)
+
+EXAMPLES
+  # Check if writing to .centy is allowed
+  ai-fs-permissions --op write --path ".centy/settings.json"
+
+  # Use with Claude Code hooks (stdin JSON)
+  echo '{"tool_input":{"file_path":"src/index.ts"}}' | ai-fs-permissions --op write
+
+  # Show merged config for debugging
+  ai-fs-permissions --show-config
+
+  # Validate config file
+  ai-fs-permissions --validate
+`;
+//# sourceMappingURL=cli-help.js.map

package/dist/cli-help.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-help.js","sourceRoot":"","sources":["../src/cli-help.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,SAAS,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoDxB,CAAA"}

package/dist/cli.d.ts

@@ -0,0 +1,9 @@
+#!/usr/bin/env node
+/**
+ * ai-fs-permissions CLI
+ *
+ * A platform-agnostic tool to enforce file system permissions for AI agents.
+ * Works with Claude Code, Gemini CLI, Cursor, and other AI coding tools.
+ */
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;GAKG"}

package/dist/cli.js

@@ -0,0 +1,83 @@
+#!/usr/bin/env node
+/**
+ * ai-fs-permissions CLI
+ *
+ * A platform-agnostic tool to enforce file system permissions for AI agents.
+ * Works with Claude Code, Gemini CLI, Cursor, and other AI coding tools.
+ */
+import { parseArgs } from './cli-args.js';
+import { HELP_TEXT } from './cli-help.js';
+import { loadConfig } from './config/loader.js';
+import { checkPermission } from './checker.js';
+import { outputResult } from './output.js';
+import { parseStdin, readStdin } from './stdin.js';
+import { EXIT_CODES } from './exit-codes.js';
+const VERSION = '0.1.0';
+function handleError(message) {
+    console.error(`Error: ${message}`);
+    console.error('Use --help for usage information');
+    process.exit(EXIT_CODES.ERROR);
+}
+async function main() {
+    try {
+        const args = parseArgs(process.argv.slice(2), handleError);
+        if (args.showHelp) {
+            console.log(HELP_TEXT);
+            process.exit(EXIT_CODES.ALLOWED);
+        }
+        if (args.showVersion) {
+            console.log(VERSION);
+            process.exit(EXIT_CODES.ALLOWED);
+        }
+        const cwd = process.cwd();
+        const config = loadConfig(cwd, args.configPath ?? undefined);
+        if (args.showConfig) {
+            console.log(JSON.stringify(config, null, 2));
+            process.exit(EXIT_CODES.ALLOWED);
+        }
+        if (args.validate) {
+            if (config.rules.length === 0) {
+                console.log('No config file found or config has no rules');
+            }
+            else {
+                console.log(`Config valid: ${config.rules.length} rule(s) loaded`);
+            }
+            process.exit(EXIT_CODES.ALLOWED);
+        }
+        // Get path and operation from args or stdin
+        let filePath = args.path;
+        let operation = args.operation;
+        // If no path from args, try stdin
+        if (filePath === null) {
+            const stdinInput = await readStdin();
+            if (stdinInput.trim()) {
+                const parsed = parseStdin(stdinInput);
+                filePath = parsed.path;
+                // Infer operation from tool if not provided
+                if (operation === null && parsed.inferredOperation) {
+                    operation = parsed.inferredOperation;
+                }
+            }
+        }
+        // Validate required arguments
+        if (filePath === null || filePath.trim() === '') {
+            // No path provided and no stdin - this is OK, just allow
+            // This handles cases where hooks are called but no file is involved
+            process.exit(EXIT_CODES.ALLOWED);
+        }
+        if (operation === null) {
+            handleError('Operation required. Use --op read or --op write');
+        }
+        // Check permission
+        const result = checkPermission(config, filePath, operation);
+        outputResult(result);
+        process.exit(result.allowed ? EXIT_CODES.ALLOWED : EXIT_CODES.BLOCKED);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        console.error('Error:', message);
+        process.exit(EXIT_CODES.ERROR);
+    }
+}
+main();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAA;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,YAAY,CAAA;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAG5C,MAAM,OAAO,GAAG,OAAO,CAAA;AAEvB,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAA;IAClC,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAA;IACjD,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;AAChC,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QAE1D,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;YACtB,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;QAClC,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;YACpB,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;QAClC,CAAC;QAED,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAA;QACzB,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,IAAI,SAAS,CAAC,CAAA;QAE5D,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YAC5C,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;QAClC,CAAC;QAED,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAA;YAC5D,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,KAAK,CAAC,MAAM,iBAAiB,CAAC,CAAA;YACpE,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;QAClC,CAAC;QAED,4CAA4C;QAC5C,IAAI,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAA;QACxB,IAAI,SAAS,GAAqB,IAAI,CAAC,SAAS,CAAA;QAEhD,kCAAkC;QAClC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,MAAM,UAAU,GAAG,MAAM,SAAS,EAAE,CAAA;YACpC,IAAI,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC;gBACtB,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAA;gBACrC,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAA;gBAEtB,4CAA4C;gBAC5C,IAAI,SAAS,KAAK,IAAI,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;oBACnD,SAAS,GAAG,MAAM,CAAC,iBAAiB,CAAA;gBACtC,CAAC;YACH,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,QAAQ,KAAK,IAAI,IAAI,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAChD,yDAAyD;YACzD,oEAAoE;YACpE,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;QAClC,CAAC;QAED,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACvB,WAAW,CAAC,iDAAiD,CAAC,CAAA;QAChE,CAAC;QAED,mBAAmB;QACnB,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAA;QAC3D,YAAY,CAAC,MAAM,CAAC,CAAA;QAEpB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;IACxE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QACtE,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAChC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IAChC,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAA"}

package/dist/config/loader.d.ts

@@ -0,0 +1,22 @@
+import type { Config } from '../types.js';
+/**
+ * Loads a config file from a path
+ */
+export declare function loadConfigFile(filePath: string): Config | null;
+/**
+ * Finds config file by walking up the directory tree (gitignore-style)
+ */
+export declare function findConfigFile(startDir: string): string | null;
+/**
+ * Gets the user config file path
+ */
+export declare function getUserConfigPath(): string | null;
+/**
+ * Merges multiple configs (later configs override earlier ones)
+ */
+export declare function mergeConfigs(...configs: (Config | null)[]): Config;
+/**
+ * Loads and merges all applicable configs
+ */
+export declare function loadConfig(cwd: string, explicitPath?: string): Config;
+//# sourceMappingURL=loader.d.ts.map

package/dist/config/loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,MAAM,EAAqB,MAAM,aAAa,CAAA;AAuC5D;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAuB9D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAe9D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,GAAG,IAAI,CAejD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,GAAG,OAAO,EAAE,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,GAAG,MAAM,CAgBlE;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,CAwBrE"}