autohand-cli 0.8.2 → 0.9.0

package/dist/chunk-ZPD2AO3U.js

@@ -0,0 +1,866 @@
+import {
+  addToLocalAllowList,
+  addToLocalDenyList,
+  loadLocalProjectSettings,
+  mergePermissions
+} from "./chunk-HJIXWGQZ.js";
+import {
+  PROJECT_DIR_NAME
+} from "./chunk-TWQDAUZU.js";
+
+// src/permissions/PermissionManager.ts
+import path2 from "path";
+
+// src/permissions/toolPatterns.ts
+import { minimatch } from "minimatch";
+function matchesToolPattern(pattern, call) {
+  if (pattern.kind !== call.kind) return false;
+  if (!pattern.argument) return true;
+  const arg = pattern.argument;
+  if (arg.endsWith(":*")) {
+    const stem = arg.slice(0, -2);
+    return call.target === stem || call.target.startsWith(stem + " ");
+  }
+  if (pattern.kind === "url") {
+    try {
+      const url = new URL(call.target);
+      const domain = url.hostname;
+      if (arg.startsWith("*.")) {
+        return domain.endsWith(arg.slice(1));
+      }
+      return domain === arg || domain.endsWith("." + arg);
+    } catch {
+      return call.target.includes(arg);
+    }
+  }
+  if (arg === call.target) return true;
+  if (arg.includes("*") || arg.includes("?")) {
+    return minimatch(call.target, arg);
+  }
+  return false;
+}
+
+// src/permissions/sessionProjectPermissions.ts
+import fs from "fs-extra";
+import path from "path";
+var SESSION_PERMISSIONS_FILE = "session-permissions.json";
+function getSessionPermissionsPath(workspaceRoot) {
+  return path.join(workspaceRoot, PROJECT_DIR_NAME, SESSION_PERMISSIONS_FILE);
+}
+async function loadSessionProjectPermissions(workspaceRoot) {
+  const filePath = getSessionPermissionsPath(workspaceRoot);
+  if (!await fs.pathExists(filePath)) {
+    return null;
+  }
+  const contents = await fs.readFile(filePath, "utf8");
+  return JSON.parse(contents);
+}
+async function saveSessionProjectPermissions(workspaceRoot, permissions) {
+  const filePath = getSessionPermissionsPath(workspaceRoot);
+  await fs.ensureDir(path.dirname(filePath));
+  await fs.writeJson(filePath, { ...permissions, version: 1 }, { spaces: 2 });
+}
+async function addToSessionAllowList(workspaceRoot, pattern) {
+  const current = await loadSessionProjectPermissions(workspaceRoot) ?? {};
+  const allowList = current.allowList ?? [];
+  if (!allowList.includes(pattern)) {
+    allowList.push(pattern);
+  }
+  await saveSessionProjectPermissions(workspaceRoot, {
+    ...current,
+    allowList
+  });
+}
+async function addToSessionDenyList(workspaceRoot, pattern) {
+  const current = await loadSessionProjectPermissions(workspaceRoot) ?? {};
+  const denyList = current.denyList ?? [];
+  if (!denyList.includes(pattern)) {
+    denyList.push(pattern);
+  }
+  await saveSessionProjectPermissions(workspaceRoot, {
+    ...current,
+    denyList
+  });
+}
+
+// src/permissions/PermissionManager.ts
+var DEFAULT_SECURITY_BLACKLIST = [
+  // === Sensitive Files (read/write blocked) ===
+  // Environment files with secrets
+  "read_file:.env",
+  "read_file:.env.*",
+  "read_file:*.env",
+  "write_file:.env",
+  "write_file:.env.*",
+  "write_file:*.env",
+  // Git credentials and config
+  "read_file:.git/config",
+  "write_file:.git/config",
+  "read_file:.git/credentials",
+  "write_file:.git/credentials",
+  "read_file:.gitconfig",
+  "write_file:.gitconfig",
+  // SSH keys
+  "read_file:*/.ssh/*",
+  "write_file:*/.ssh/*",
+  "read_file:*/id_rsa*",
+  "read_file:*/id_ed25519*",
+  "read_file:*/id_ecdsa*",
+  "write_file:*/id_rsa*",
+  "write_file:*/id_ed25519*",
+  // Cloud credentials
+  "read_file:*/.aws/credentials",
+  "read_file:*/.aws/config",
+  "write_file:*/.aws/*",
+  "read_file:*/.azure/*",
+  "write_file:*/.azure/*",
+  "read_file:*/.gcloud/*",
+  "write_file:*/.gcloud/*",
+  // Private keys and certificates
+  "read_file:*.pem",
+  "read_file:*.key",
+  "read_file:*.p12",
+  "read_file:*.pfx",
+  "write_file:*.pem",
+  "write_file:*.key",
+  // GPG keys
+  "read_file:*/.gnupg/*",
+  "write_file:*/.gnupg/*",
+  // NPM tokens
+  "read_file:.npmrc",
+  "write_file:.npmrc",
+  // Docker credentials
+  "read_file:*/.docker/config.json",
+  "write_file:*/.docker/config.json",
+  // Kubernetes credentials
+  "read_file:*/.kube/config",
+  "write_file:*/.kube/config",
+  // === Dangerous Commands ===
+  // Environment exposure
+  "run_command:printenv",
+  "run_command:printenv *",
+  "run_command:env",
+  "run_command:export",
+  "run_command:set",
+  "shell:printenv",
+  "shell:printenv *",
+  "shell:env",
+  "shell:export",
+  "shell:set",
+  // System information
+  "run_command:cat /etc/passwd",
+  "run_command:cat /etc/shadow",
+  "run_command:cat /etc/sudoers",
+  "shell:cat /etc/passwd",
+  "shell:cat /etc/shadow",
+  "shell:cat /etc/sudoers",
+  // Privilege escalation
+  "run_command:sudo *",
+  "run_command:su *",
+  "run_command:doas *",
+  "shell:sudo *",
+  "shell:su *",
+  "shell:doas *",
+  // Destructive operations
+  "run_command:rm -rf /",
+  "run_command:rm -rf /*",
+  "run_command:rm -rf ~",
+  "run_command:rm -rf ~/*",
+  "run_command:dd if=* of=/dev/*",
+  "run_command:mkfs*",
+  "run_command:wipefs*",
+  "run_command:shred*",
+  "shell:rm -rf /",
+  "shell:rm -rf /*",
+  "shell:rm -rf ~",
+  "shell:rm -rf ~/*",
+  "shell:dd if=* of=/dev/*",
+  "shell:mkfs*",
+  "shell:wipefs*",
+  "shell:shred*",
+  // Remote code execution
+  "run_command:curl * | *sh",
+  "run_command:wget * | *sh",
+  "run_command:curl *|*sh",
+  "run_command:wget *|*sh",
+  "shell:curl * | *sh",
+  "shell:wget * | *sh",
+  "shell:curl *|*sh",
+  "shell:wget *|*sh",
+  // Network tools that can exfiltrate
+  "run_command:nc -e*",
+  "run_command:ncat -e*",
+  "run_command:netcat -e*",
+  "shell:nc -e*",
+  "shell:ncat -e*",
+  "shell:netcat -e*",
+  // Credential theft
+  "run_command:cat */.ssh/*",
+  "run_command:cat */.aws/*",
+  "run_command:cat *.pem",
+  "run_command:cat *.key",
+  "shell:cat */.ssh/*",
+  "shell:cat */.aws/*",
+  "shell:cat *.pem",
+  "shell:cat *.key"
+];
+var PermissionManager = class _PermissionManager {
+  settings;
+  localSettings;
+  sessionProjectSettings;
+  sessionCache = /* @__PURE__ */ new Map();
+  mode;
+  onPersist;
+  workspaceRoot;
+  localSettingsLoaded = false;
+  normalizeSettings(settings) {
+    return {
+      mode: settings?.mode ?? "interactive",
+      allowList: [...settings?.allowList ?? settings?.whitelist ?? []],
+      denyList: [...settings?.denyList ?? settings?.blacklist ?? []],
+      rules: [...settings?.rules ?? []],
+      rememberSession: settings?.rememberSession ?? true,
+      allowPatterns: [...settings?.allowPatterns ?? []],
+      denyPatterns: [...settings?.denyPatterns ?? []],
+      availableTools: [...settings?.availableTools ?? []],
+      excludedTools: [...settings?.excludedTools ?? []],
+      allPathsAllowed: settings?.allPathsAllowed,
+      allUrlsAllowed: settings?.allUrlsAllowed
+    };
+  }
+  constructor(options = {}) {
+    const isOptions = "settings" in options || "onPersist" in options || "workspaceRoot" in options;
+    const settings = isOptions ? options.settings ?? {} : options;
+    this.onPersist = isOptions ? options.onPersist : void 0;
+    this.workspaceRoot = isOptions ? options.workspaceRoot : void 0;
+    this.settings = this.normalizeSettings(settings);
+    this.mode = this.settings.mode || "interactive";
+  }
+  /**
+   * Initialize local project settings (async)
+   * Call this after construction to load local .autohand/settings.local.json
+   */
+  async initLocalSettings() {
+    if (!this.workspaceRoot || this.localSettingsLoaded) return;
+    try {
+      const localSettings = await loadLocalProjectSettings(this.workspaceRoot);
+      if (localSettings?.permissions) {
+        this.localSettings = this.normalizeSettings(localSettings.permissions);
+      }
+      const sessionSettings = await loadSessionProjectPermissions(this.workspaceRoot);
+      if (sessionSettings) {
+        this.sessionProjectSettings = {
+          allowList: [...sessionSettings.allowList ?? []],
+          denyList: [...sessionSettings.denyList ?? []],
+          version: sessionSettings.version
+        };
+      }
+      this.localSettingsLoaded = true;
+    } catch {
+    }
+  }
+  /**
+   * Get merged settings (global + local)
+   */
+  getMergedSettings() {
+    return mergePermissions(this.settings, this.localSettings);
+  }
+  /**
+   * Set permission mode (can be overridden by CLI flags)
+   */
+  setMode(mode) {
+    this.mode = mode;
+  }
+  /**
+   * Get current mode
+   */
+  getMode() {
+    return this.mode;
+  }
+  /**
+   * Check if an action should be allowed, denied, or prompted
+   */
+  checkPermission(context) {
+    if (this.isSecurityBlacklisted(context)) {
+      return { allowed: false, reason: "blacklisted" };
+    }
+    const patternDecision = this.checkPatterns(context);
+    if (patternDecision) {
+      return patternDecision;
+    }
+    const cacheKey = this.getCacheKey(context);
+    if (this.settings.rememberSession && this.sessionCache.has(cacheKey)) {
+      return {
+        allowed: this.sessionCache.get(cacheKey),
+        reason: this.sessionCache.get(cacheKey) ? "user_approved" : "user_denied",
+        cached: true
+      };
+    }
+    if (this.mode === "unrestricted") {
+      return { allowed: true, reason: "mode_unrestricted" };
+    }
+    if (this.mode === "restricted") {
+      return { allowed: false, reason: "mode_restricted" };
+    }
+    const sessionDecision = this.checkScopedLists(
+      context,
+      this.sessionProjectSettings?.allowList,
+      this.sessionProjectSettings?.denyList,
+      "session"
+    );
+    if (sessionDecision) {
+      return sessionDecision;
+    }
+    const projectDecision = this.checkScopedLists(
+      context,
+      this.localSettings?.allowList,
+      this.localSettings?.denyList,
+      "project"
+    );
+    if (projectDecision) {
+      return projectDecision;
+    }
+    const userDecision = this.checkScopedLists(
+      context,
+      this.settings.allowList,
+      this.settings.denyList,
+      "user"
+    );
+    if (userDecision) {
+      return userDecision;
+    }
+    const ruleDecision = this.checkRules(context);
+    if (ruleDecision) {
+      return ruleDecision;
+    }
+    return { allowed: false, reason: "default" };
+  }
+  /**
+   * Record a user's decision using the legacy boolean API.
+   * Approved permissions are saved to the project allowList when possible.
+   */
+  async recordDecision(context, allowed) {
+    const merged = this.getMergedSettings();
+    if (merged.rememberSession) {
+      const cacheKey = this.getCacheKey(context);
+      this.sessionCache.set(cacheKey, allowed);
+    }
+    const pattern = this.contextToPattern(context);
+    const dirPattern = allowed && context.path ? this.buildDirectoryWildcard(context) : null;
+    if (allowed && this.workspaceRoot) {
+      try {
+        const patterns = dirPattern ? [pattern, dirPattern] : [pattern];
+        for (const p of patterns) {
+          await addToLocalAllowList(this.workspaceRoot, p);
+        }
+        if (!this.localSettings) {
+          this.localSettings = { allowList: [] };
+        }
+        if (!this.localSettings.allowList) {
+          this.localSettings.allowList = [];
+        }
+        for (const p of patterns) {
+          if (!this.localSettings.allowList.includes(p)) {
+            this.localSettings.allowList.push(p);
+          }
+        }
+      } catch {
+        this.addToAllowList(pattern);
+        if (dirPattern) this.addToAllowList(dirPattern);
+      }
+    } else if (allowed) {
+      this.addToAllowList(pattern);
+      if (dirPattern) this.addToAllowList(dirPattern);
+    } else {
+      this.addToDenyList(pattern);
+    }
+    if (this.onPersist) {
+      await this.onPersist(this.settings);
+    }
+  }
+  async applyPromptDecision(context, result) {
+    const pattern = this.contextToPattern(context);
+    const dirPattern = this.buildDirectoryWildcard(context);
+    const allowPatterns = dirPattern ? [pattern, dirPattern] : [pattern];
+    switch (result.decision) {
+      case "allow_once":
+      case "deny_once":
+      case "alternative":
+        return;
+      case "allow_session": {
+        if (!this.workspaceRoot) {
+          return;
+        }
+        for (const entry of allowPatterns) {
+          await addToSessionAllowList(this.workspaceRoot, entry);
+        }
+        this.sessionProjectSettings = {
+          ...this.sessionProjectSettings ?? {},
+          allowList: Array.from(/* @__PURE__ */ new Set([...this.sessionProjectSettings?.allowList ?? [], ...allowPatterns])),
+          denyList: [...this.sessionProjectSettings?.denyList ?? []]
+        };
+        return;
+      }
+      case "deny_session": {
+        if (!this.workspaceRoot) {
+          return;
+        }
+        await addToSessionDenyList(this.workspaceRoot, pattern);
+        this.sessionProjectSettings = {
+          ...this.sessionProjectSettings ?? {},
+          allowList: [...this.sessionProjectSettings?.allowList ?? []],
+          denyList: Array.from(/* @__PURE__ */ new Set([...this.sessionProjectSettings?.denyList ?? [], pattern]))
+        };
+        return;
+      }
+      case "allow_always_project": {
+        if (!this.workspaceRoot) {
+          this.addToAllowList(pattern);
+          if (dirPattern) this.addToAllowList(dirPattern);
+          if (this.onPersist) {
+            await this.onPersist(this.settings);
+          }
+          return;
+        }
+        for (const entry of allowPatterns) {
+          await addToLocalAllowList(this.workspaceRoot, entry);
+        }
+        if (!this.localSettings) {
+          this.localSettings = this.normalizeSettings({});
+        }
+        this.localSettings.allowList = Array.from(/* @__PURE__ */ new Set([...this.localSettings.allowList ?? [], ...allowPatterns]));
+        return;
+      }
+      case "deny_always_project": {
+        if (!this.workspaceRoot) {
+          this.addToDenyList(pattern);
+          if (this.onPersist) {
+            await this.onPersist(this.settings);
+          }
+          return;
+        }
+        await addToLocalDenyList(this.workspaceRoot, pattern);
+        if (!this.localSettings) {
+          this.localSettings = this.normalizeSettings({});
+        }
+        this.localSettings.denyList = Array.from(/* @__PURE__ */ new Set([...this.localSettings.denyList ?? [], pattern]));
+        return;
+      }
+      case "allow_always_user":
+        this.addToAllowList(pattern);
+        if (dirPattern) this.addToAllowList(dirPattern);
+        if (this.onPersist) {
+          await this.onPersist(this.settings);
+        }
+        return;
+      case "deny_always_user":
+        this.addToDenyList(pattern);
+        if (this.onPersist) {
+          await this.onPersist(this.settings);
+        }
+        return;
+    }
+  }
+  /**
+   * Convert context to a pattern string for whitelist/blacklist
+   */
+  contextToPattern(context) {
+    const tool = context.tool;
+    let value;
+    if (context.command) {
+      const args = context.args?.join(" ") || "";
+      value = args ? `${context.command} ${args}` : context.command;
+    } else if (context.path) {
+      value = context.path;
+    } else {
+      return `${tool}:*`;
+    }
+    return `${tool}:${value}`;
+  }
+  /**
+   * Build a directory-level wildcard pattern for path-based approvals.
+   * E.g., write_file:/project/tests/foo.ts → write_file:/project/tests/*
+   * This allows future writes in the same directory to be auto-approved.
+   */
+  buildDirectoryWildcard(context) {
+    if (!context.path) return null;
+    const dir = path2.dirname(context.path);
+    if (dir === "." || dir === "/") return null;
+    return `${context.tool}:${dir}/*`;
+  }
+  /**
+   * Convert a PermissionContext to the { kind, target } shape used by matchesToolPattern.
+   */
+  contextToCall(context) {
+    return { kind: context.tool, target: this.getFullCommand(context) };
+  }
+  /**
+   * Check pattern-based allow/deny rules (denyPatterns, availableTools, excludedTools,
+   * allowPatterns, allPathsAllowed, allUrlsAllowed).
+   * Returns a decision when a pattern fires, or null to continue with normal flow.
+   */
+  checkPatterns(context) {
+    const settings = this.getMergedSettings();
+    const call = this.contextToCall(context);
+    if (settings.denyPatterns?.length) {
+      for (const p of settings.denyPatterns) {
+        if (matchesToolPattern(p, call)) {
+          return { allowed: false, reason: "pattern_denied" };
+        }
+      }
+    }
+    if (settings.availableTools?.length) {
+      const inAvailable = settings.availableTools.some((p) => matchesToolPattern(p, call));
+      if (!inAvailable) {
+        return { allowed: false, reason: "not_in_available" };
+      }
+    }
+    if (settings.excludedTools?.length) {
+      for (const p of settings.excludedTools) {
+        if (matchesToolPattern(p, call)) {
+          return { allowed: false, reason: "excluded" };
+        }
+      }
+    }
+    if (settings.allowPatterns?.length) {
+      for (const p of settings.allowPatterns) {
+        if (matchesToolPattern(p, call)) {
+          return { allowed: true, reason: "pattern_allowed" };
+        }
+      }
+    }
+    const fileTools = /* @__PURE__ */ new Set(["read_file", "write_file", "list_dir", "delete_path", "move_path", "copy_path"]);
+    if (settings.allPathsAllowed && fileTools.has(context.tool)) {
+      return { allowed: true, reason: "all_paths_allowed" };
+    }
+    if (settings.allUrlsAllowed && context.tool === "url") {
+      return { allowed: true, reason: "all_urls_allowed" };
+    }
+    return null;
+  }
+  /**
+   * Check if context matches the immutable security blacklist
+   * This check CANNOT be bypassed by any mode, allowList, or user setting
+   */
+  isSecurityBlacklisted(context) {
+    return DEFAULT_SECURITY_BLACKLIST.some((pattern) => this.matchesPattern(context, pattern));
+  }
+  /**
+   * Check scoped allow/deny lists, returning a source-specific decision if matched.
+   */
+  checkScopedLists(context, allowList, denyList, scope) {
+    const normalizedAllowList = allowList ?? [];
+    const normalizedDenyList = denyList ?? [];
+    if (normalizedDenyList.some((pattern) => this.matchesPattern(context, pattern))) {
+      return {
+        allowed: false,
+        reason: scope === "user" ? "deny_list" : `${scope}_deny_list`
+      };
+    }
+    if (normalizedAllowList.some((pattern) => this.matchesPattern(context, pattern))) {
+      return {
+        allowed: true,
+        reason: scope === "user" ? "allow_list" : `${scope}_allow_list`
+      };
+    }
+    return null;
+  }
+  /**
+   * Check custom rules (uses merged global + local settings)
+   */
+  checkRules(context) {
+    const merged = this.getMergedSettings();
+    const rules = merged.rules || [];
+    for (const rule of rules) {
+      if (this.ruleMatches(context, rule)) {
+        if (rule.action === "allow") {
+          return { allowed: true, reason: "rule_match" };
+        }
+        if (rule.action === "deny") {
+          return { allowed: false, reason: "rule_match" };
+        }
+      }
+    }
+    return null;
+  }
+  /**
+   * Check if a rule matches the context
+   */
+  ruleMatches(context, rule) {
+    if (rule.tool !== "*" && rule.tool !== context.tool) {
+      return false;
+    }
+    if (rule.pattern) {
+      const fullCommand = this.getFullCommand(context);
+      return this.globMatch(fullCommand, rule.pattern);
+    }
+    return true;
+  }
+  /**
+   * Match context against a pattern string
+   * Format: "tool:pattern" or just "pattern" for run_command
+   * Supports prefix patterns like "write_file:*" and directory-specific patterns
+   */
+  matchesPattern(context, pattern) {
+    const colonIndex = pattern.indexOf(":");
+    let toolPattern;
+    let commandPattern;
+    if (colonIndex !== -1) {
+      toolPattern = pattern.substring(0, colonIndex);
+      commandPattern = pattern.substring(colonIndex + 1);
+    } else {
+      toolPattern = "run_command";
+      commandPattern = pattern;
+    }
+    if (toolPattern !== "*" && toolPattern !== context.tool) {
+      return false;
+    }
+    if (commandPattern === "*") {
+      return true;
+    }
+    if (commandPattern.endsWith(":*")) {
+      const prefix = commandPattern.slice(0, -2);
+      const fullCommand2 = this.getFullCommand(context);
+      if (fullCommand2.startsWith(prefix)) {
+        return fullCommand2 === prefix || fullCommand2.startsWith(prefix + " ") || fullCommand2.startsWith(prefix + "/") || fullCommand2.startsWith(prefix + path2.sep);
+      }
+      return false;
+    }
+    if (this.workspaceRoot && commandPattern.includes("/*")) {
+      if (context.path) {
+        const workspacePattern = path2.join(this.workspaceRoot, commandPattern);
+        const resolvedPath = path2.resolve(this.workspaceRoot, context.path);
+        return this.globMatch(resolvedPath, workspacePattern);
+      }
+    }
+    const fullCommand = this.getFullCommand(context);
+    return this.globMatch(fullCommand, commandPattern);
+  }
+  /**
+   * Get full command string from context
+   */
+  getFullCommand(context) {
+    if (context.command) {
+      const args = context.args?.join(" ") || "";
+      return args ? `${context.command} ${args}` : context.command;
+    }
+    if (context.path) {
+      return context.path;
+    }
+    return context.tool;
+  }
+  /**
+   * Simple glob matching (* for wildcards)
+   */
+  globMatch(text, pattern) {
+    const regexPattern = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*").replace(/\?/g, ".");
+    const regex = new RegExp(`^${regexPattern}$`, "i");
+    return regex.test(text);
+  }
+  /**
+   * Generate cache key from context
+   */
+  getCacheKey(context) {
+    const parts = [context.tool];
+    if (context.command) parts.push(context.command);
+    if (context.args?.length) parts.push(context.args.join(" "));
+    if (context.path) parts.push(context.path);
+    return parts.join("::");
+  }
+  /**
+   * Clear session cache
+   */
+  clearCache() {
+    this.sessionCache.clear();
+  }
+  /**
+   * Get session cache stats
+   */
+  getCacheStats() {
+    return {
+      size: this.sessionCache.size,
+      entries: Array.from(this.sessionCache.keys())
+    };
+  }
+  /**
+   * Add to allowList dynamically
+   */
+  addToAllowList(pattern) {
+    if (!this.settings.allowList) {
+      this.settings.allowList = [];
+    }
+    if (!this.settings.allowList.includes(pattern)) {
+      this.settings.allowList.push(pattern);
+    }
+  }
+  /**
+   * Add to denyList dynamically
+   */
+  addToDenyList(pattern) {
+    if (!this.settings.denyList) {
+      this.settings.denyList = [];
+    }
+    if (!this.settings.denyList.includes(pattern)) {
+      this.settings.denyList.push(pattern);
+    }
+  }
+  /**
+   * Remove from allowList
+   */
+  async removeFromAllowList(pattern) {
+    if (!this.settings.allowList) return false;
+    const index = this.settings.allowList.indexOf(pattern);
+    if (index !== -1) {
+      this.settings.allowList.splice(index, 1);
+      if (this.onPersist) {
+        await this.onPersist(this.settings);
+      }
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Remove from denyList
+   */
+  async removeFromDenyList(pattern) {
+    if (!this.settings.denyList) return false;
+    const index = this.settings.denyList.indexOf(pattern);
+    if (index !== -1) {
+      this.settings.denyList.splice(index, 1);
+      if (this.onPersist) {
+        await this.onPersist(this.settings);
+      }
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Get current allowList
+   */
+  getAllowList() {
+    return [...this.settings.allowList || []];
+  }
+  /**
+   * Get current denyList
+   */
+  getDenyList() {
+    return [...this.settings.denyList || []];
+  }
+  /**
+   * Get current settings (for display)
+   */
+  getSettings() {
+    return {
+      ...this.settings,
+      allowList: [...this.settings.allowList || []],
+      denyList: [...this.settings.denyList || []],
+      rules: [...this.settings.rules || []],
+      allowPatterns: [...this.settings.allowPatterns || []],
+      denyPatterns: [...this.settings.denyPatterns || []],
+      availableTools: [...this.settings.availableTools || []],
+      excludedTools: [...this.settings.excludedTools || []]
+    };
+  }
+  /**
+   * Create a prefix pattern for a tool (e.g., write_file:src:*)
+   */
+  static createPrefixPattern(tool, prefix) {
+    return `${tool}:${prefix}:*`;
+  }
+  /**
+   * Create a workspace-relative pattern (e.g., write_file:src/*)
+   */
+  static createWorkspacePattern(tool, workspaceDir) {
+    return `${tool}:${workspaceDir}/*`;
+  }
+  /**
+   * Create a tool wildcard pattern (e.g., write_file:*)
+   */
+  static createToolWildcardPattern(tool) {
+    return `${tool}:*`;
+  }
+  /**
+   * Add a prefix pattern to allowList
+   */
+  addPrefixPattern(tool, prefix) {
+    const pattern = _PermissionManager.createPrefixPattern(tool, prefix);
+    this.addToAllowList(pattern);
+  }
+  /**
+   * Add a workspace-relative pattern to allowList
+   */
+  addWorkspacePattern(tool, workspaceDir) {
+    const pattern = _PermissionManager.createWorkspacePattern(tool, workspaceDir);
+    this.addToAllowList(pattern);
+  }
+  /**
+   * Add a tool wildcard pattern to allowList
+   */
+  addToolWildcardPattern(tool) {
+    const pattern = _PermissionManager.createToolWildcardPattern(tool);
+    this.addToAllowList(pattern);
+  }
+  getWhitelist() {
+    return this.getAllowList();
+  }
+  getBlacklist() {
+    return this.getDenyList();
+  }
+  async removeFromWhitelist(pattern) {
+    return this.removeFromAllowList(pattern);
+  }
+  async removeFromBlacklist(pattern) {
+    return this.removeFromDenyList(pattern);
+  }
+  addToWhitelist(pattern) {
+    this.addToAllowList(pattern);
+  }
+  addToBlacklist(pattern) {
+    this.addToDenyList(pattern);
+  }
+  getPermissionSnapshot(userConfigPath) {
+    const effective = this.getMergedSettings();
+    const effectiveAllowList = Array.from(/* @__PURE__ */ new Set([
+      ...effective.allowList ?? [],
+      ...this.sessionProjectSettings?.allowList ?? []
+    ]));
+    const effectiveDenyList = Array.from(/* @__PURE__ */ new Set([
+      ...effective.denyList ?? [],
+      ...this.sessionProjectSettings?.denyList ?? []
+    ]));
+    return {
+      mode: this.mode,
+      rememberSession: effective.rememberSession !== false,
+      session: {
+        path: this.workspaceRoot ? getSessionPermissionsPath(this.workspaceRoot) : "(project session unavailable)",
+        allowList: [...this.sessionProjectSettings?.allowList ?? []],
+        denyList: [...this.sessionProjectSettings?.denyList ?? []]
+      },
+      project: {
+        path: this.workspaceRoot ? path2.join(this.workspaceRoot, ".autohand", "settings.local.json") : "(project unavailable)",
+        allowList: [...this.localSettings?.allowList ?? []],
+        denyList: [...this.localSettings?.denyList ?? []]
+      },
+      user: {
+        path: userConfigPath,
+        allowList: [...this.settings.allowList ?? []],
+        denyList: [...this.settings.denyList ?? []]
+      },
+      effective: {
+        path: "merged",
+        allowList: effectiveAllowList,
+        denyList: effectiveDenyList
+      }
+    };
+  }
+};
+
+export {
+  addToSessionAllowList,
+  DEFAULT_SECURITY_BLACKLIST,
+  PermissionManager
+};
+/**
+ * Permission Manager - Handles tool/command approval with allow/deny lists
+ * @license Apache-2.0
+ */