autohand-cli 0.8.3 → 0.9.1

package/dist/chunk-W5QLA6WP.cjs

@@ -0,0 +1,866 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } async function _asyncNullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return await rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; } var _class;
+
+
+
+
+var _chunkP6SLT2F4cjs = require('./chunk-P6SLT2F4.cjs');
+
+
+var _chunkKASXKDF2cjs = require('./chunk-KASXKDF2.cjs');
+
+// src/permissions/PermissionManager.ts
+var _path = require('path'); var _path2 = _interopRequireDefault(_path);
+
+// src/permissions/toolPatterns.ts
+var _minimatch = require('minimatch');
+function matchesToolPattern(pattern, call) {
+  if (pattern.kind !== call.kind) return false;
+  if (!pattern.argument) return true;
+  const arg = pattern.argument;
+  if (arg.endsWith(":*")) {
+    const stem = arg.slice(0, -2);
+    return call.target === stem || call.target.startsWith(stem + " ");
+  }
+  if (pattern.kind === "url") {
+    try {
+      const url = new URL(call.target);
+      const domain = url.hostname;
+      if (arg.startsWith("*.")) {
+        return domain.endsWith(arg.slice(1));
+      }
+      return domain === arg || domain.endsWith("." + arg);
+    } catch (e) {
+      return call.target.includes(arg);
+    }
+  }
+  if (arg === call.target) return true;
+  if (arg.includes("*") || arg.includes("?")) {
+    return _minimatch.minimatch.call(void 0, call.target, arg);
+  }
+  return false;
+}
+
+// src/permissions/sessionProjectPermissions.ts
+var _fsextra = require('fs-extra'); var _fsextra2 = _interopRequireDefault(_fsextra);
+
+var SESSION_PERMISSIONS_FILE = "session-permissions.json";
+function getSessionPermissionsPath(workspaceRoot) {
+  return _path2.default.join(workspaceRoot, _chunkKASXKDF2cjs.PROJECT_DIR_NAME, SESSION_PERMISSIONS_FILE);
+}
+async function loadSessionProjectPermissions(workspaceRoot) {
+  const filePath = getSessionPermissionsPath(workspaceRoot);
+  if (!await _fsextra2.default.pathExists(filePath)) {
+    return null;
+  }
+  const contents = await _fsextra2.default.readFile(filePath, "utf8");
+  return JSON.parse(contents);
+}
+async function saveSessionProjectPermissions(workspaceRoot, permissions) {
+  const filePath = getSessionPermissionsPath(workspaceRoot);
+  await _fsextra2.default.ensureDir(_path2.default.dirname(filePath));
+  await _fsextra2.default.writeJson(filePath, { ...permissions, version: 1 }, { spaces: 2 });
+}
+async function addToSessionAllowList(workspaceRoot, pattern) {
+  const current = await _asyncNullishCoalesce(await loadSessionProjectPermissions(workspaceRoot), async () => ( {}));
+  const allowList = _nullishCoalesce(current.allowList, () => ( []));
+  if (!allowList.includes(pattern)) {
+    allowList.push(pattern);
+  }
+  await saveSessionProjectPermissions(workspaceRoot, {
+    ...current,
+    allowList
+  });
+}
+async function addToSessionDenyList(workspaceRoot, pattern) {
+  const current = await _asyncNullishCoalesce(await loadSessionProjectPermissions(workspaceRoot), async () => ( {}));
+  const denyList = _nullishCoalesce(current.denyList, () => ( []));
+  if (!denyList.includes(pattern)) {
+    denyList.push(pattern);
+  }
+  await saveSessionProjectPermissions(workspaceRoot, {
+    ...current,
+    denyList
+  });
+}
+
+// src/permissions/PermissionManager.ts
+var DEFAULT_SECURITY_BLACKLIST = [
+  // === Sensitive Files (read/write blocked) ===
+  // Environment files with secrets
+  "read_file:.env",
+  "read_file:.env.*",
+  "read_file:*.env",
+  "write_file:.env",
+  "write_file:.env.*",
+  "write_file:*.env",
+  // Git credentials and config
+  "read_file:.git/config",
+  "write_file:.git/config",
+  "read_file:.git/credentials",
+  "write_file:.git/credentials",
+  "read_file:.gitconfig",
+  "write_file:.gitconfig",
+  // SSH keys
+  "read_file:*/.ssh/*",
+  "write_file:*/.ssh/*",
+  "read_file:*/id_rsa*",
+  "read_file:*/id_ed25519*",
+  "read_file:*/id_ecdsa*",
+  "write_file:*/id_rsa*",
+  "write_file:*/id_ed25519*",
+  // Cloud credentials
+  "read_file:*/.aws/credentials",
+  "read_file:*/.aws/config",
+  "write_file:*/.aws/*",
+  "read_file:*/.azure/*",
+  "write_file:*/.azure/*",
+  "read_file:*/.gcloud/*",
+  "write_file:*/.gcloud/*",
+  // Private keys and certificates
+  "read_file:*.pem",
+  "read_file:*.key",
+  "read_file:*.p12",
+  "read_file:*.pfx",
+  "write_file:*.pem",
+  "write_file:*.key",
+  // GPG keys
+  "read_file:*/.gnupg/*",
+  "write_file:*/.gnupg/*",
+  // NPM tokens
+  "read_file:.npmrc",
+  "write_file:.npmrc",
+  // Docker credentials
+  "read_file:*/.docker/config.json",
+  "write_file:*/.docker/config.json",
+  // Kubernetes credentials
+  "read_file:*/.kube/config",
+  "write_file:*/.kube/config",
+  // === Dangerous Commands ===
+  // Environment exposure
+  "run_command:printenv",
+  "run_command:printenv *",
+  "run_command:env",
+  "run_command:export",
+  "run_command:set",
+  "shell:printenv",
+  "shell:printenv *",
+  "shell:env",
+  "shell:export",
+  "shell:set",
+  // System information
+  "run_command:cat /etc/passwd",
+  "run_command:cat /etc/shadow",
+  "run_command:cat /etc/sudoers",
+  "shell:cat /etc/passwd",
+  "shell:cat /etc/shadow",
+  "shell:cat /etc/sudoers",
+  // Privilege escalation
+  "run_command:sudo *",
+  "run_command:su *",
+  "run_command:doas *",
+  "shell:sudo *",
+  "shell:su *",
+  "shell:doas *",
+  // Destructive operations
+  "run_command:rm -rf /",
+  "run_command:rm -rf /*",
+  "run_command:rm -rf ~",
+  "run_command:rm -rf ~/*",
+  "run_command:dd if=* of=/dev/*",
+  "run_command:mkfs*",
+  "run_command:wipefs*",
+  "run_command:shred*",
+  "shell:rm -rf /",
+  "shell:rm -rf /*",
+  "shell:rm -rf ~",
+  "shell:rm -rf ~/*",
+  "shell:dd if=* of=/dev/*",
+  "shell:mkfs*",
+  "shell:wipefs*",
+  "shell:shred*",
+  // Remote code execution
+  "run_command:curl * | *sh",
+  "run_command:wget * | *sh",
+  "run_command:curl *|*sh",
+  "run_command:wget *|*sh",
+  "shell:curl * | *sh",
+  "shell:wget * | *sh",
+  "shell:curl *|*sh",
+  "shell:wget *|*sh",
+  // Network tools that can exfiltrate
+  "run_command:nc -e*",
+  "run_command:ncat -e*",
+  "run_command:netcat -e*",
+  "shell:nc -e*",
+  "shell:ncat -e*",
+  "shell:netcat -e*",
+  // Credential theft
+  "run_command:cat */.ssh/*",
+  "run_command:cat */.aws/*",
+  "run_command:cat *.pem",
+  "run_command:cat *.key",
+  "shell:cat */.ssh/*",
+  "shell:cat */.aws/*",
+  "shell:cat *.pem",
+  "shell:cat *.key"
+];
+var PermissionManager = (_class = class _PermissionManager {
+  
+  
+  
+  __init() {this.sessionCache = /* @__PURE__ */ new Map()}
+  
+  
+  
+  __init2() {this.localSettingsLoaded = false}
+  normalizeSettings(settings) {
+    return {
+      mode: _nullishCoalesce(_optionalChain([settings, 'optionalAccess', _ => _.mode]), () => ( "interactive")),
+      allowList: [..._nullishCoalesce(_nullishCoalesce(_optionalChain([settings, 'optionalAccess', _2 => _2.allowList]), () => ( _optionalChain([settings, 'optionalAccess', _3 => _3.whitelist]))), () => ( []))],
+      denyList: [..._nullishCoalesce(_nullishCoalesce(_optionalChain([settings, 'optionalAccess', _4 => _4.denyList]), () => ( _optionalChain([settings, 'optionalAccess', _5 => _5.blacklist]))), () => ( []))],
+      rules: [..._nullishCoalesce(_optionalChain([settings, 'optionalAccess', _6 => _6.rules]), () => ( []))],
+      rememberSession: _nullishCoalesce(_optionalChain([settings, 'optionalAccess', _7 => _7.rememberSession]), () => ( true)),
+      allowPatterns: [..._nullishCoalesce(_optionalChain([settings, 'optionalAccess', _8 => _8.allowPatterns]), () => ( []))],
+      denyPatterns: [..._nullishCoalesce(_optionalChain([settings, 'optionalAccess', _9 => _9.denyPatterns]), () => ( []))],
+      availableTools: [..._nullishCoalesce(_optionalChain([settings, 'optionalAccess', _10 => _10.availableTools]), () => ( []))],
+      excludedTools: [..._nullishCoalesce(_optionalChain([settings, 'optionalAccess', _11 => _11.excludedTools]), () => ( []))],
+      allPathsAllowed: _optionalChain([settings, 'optionalAccess', _12 => _12.allPathsAllowed]),
+      allUrlsAllowed: _optionalChain([settings, 'optionalAccess', _13 => _13.allUrlsAllowed])
+    };
+  }
+  constructor(options = {}) {;_class.prototype.__init.call(this);_class.prototype.__init2.call(this);
+    const isOptions = "settings" in options || "onPersist" in options || "workspaceRoot" in options;
+    const settings = isOptions ? _nullishCoalesce(options.settings, () => ( {})) : options;
+    this.onPersist = isOptions ? options.onPersist : void 0;
+    this.workspaceRoot = isOptions ? options.workspaceRoot : void 0;
+    this.settings = this.normalizeSettings(settings);
+    this.mode = this.settings.mode || "interactive";
+  }
+  /**
+   * Initialize local project settings (async)
+   * Call this after construction to load local .autohand/settings.local.json
+   */
+  async initLocalSettings() {
+    if (!this.workspaceRoot || this.localSettingsLoaded) return;
+    try {
+      const localSettings = await _chunkP6SLT2F4cjs.loadLocalProjectSettings.call(void 0, this.workspaceRoot);
+      if (_optionalChain([localSettings, 'optionalAccess', _14 => _14.permissions])) {
+        this.localSettings = this.normalizeSettings(localSettings.permissions);
+      }
+      const sessionSettings = await loadSessionProjectPermissions(this.workspaceRoot);
+      if (sessionSettings) {
+        this.sessionProjectSettings = {
+          allowList: [..._nullishCoalesce(sessionSettings.allowList, () => ( []))],
+          denyList: [..._nullishCoalesce(sessionSettings.denyList, () => ( []))],
+          version: sessionSettings.version
+        };
+      }
+      this.localSettingsLoaded = true;
+    } catch (e2) {
+    }
+  }
+  /**
+   * Get merged settings (global + local)
+   */
+  getMergedSettings() {
+    return _chunkP6SLT2F4cjs.mergePermissions.call(void 0, this.settings, this.localSettings);
+  }
+  /**
+   * Set permission mode (can be overridden by CLI flags)
+   */
+  setMode(mode) {
+    this.mode = mode;
+  }
+  /**
+   * Get current mode
+   */
+  getMode() {
+    return this.mode;
+  }
+  /**
+   * Check if an action should be allowed, denied, or prompted
+   */
+  checkPermission(context) {
+    if (this.isSecurityBlacklisted(context)) {
+      return { allowed: false, reason: "blacklisted" };
+    }
+    const patternDecision = this.checkPatterns(context);
+    if (patternDecision) {
+      return patternDecision;
+    }
+    const cacheKey = this.getCacheKey(context);
+    if (this.settings.rememberSession && this.sessionCache.has(cacheKey)) {
+      return {
+        allowed: this.sessionCache.get(cacheKey),
+        reason: this.sessionCache.get(cacheKey) ? "user_approved" : "user_denied",
+        cached: true
+      };
+    }
+    if (this.mode === "unrestricted") {
+      return { allowed: true, reason: "mode_unrestricted" };
+    }
+    if (this.mode === "restricted") {
+      return { allowed: false, reason: "mode_restricted" };
+    }
+    const sessionDecision = this.checkScopedLists(
+      context,
+      _optionalChain([this, 'access', _15 => _15.sessionProjectSettings, 'optionalAccess', _16 => _16.allowList]),
+      _optionalChain([this, 'access', _17 => _17.sessionProjectSettings, 'optionalAccess', _18 => _18.denyList]),
+      "session"
+    );
+    if (sessionDecision) {
+      return sessionDecision;
+    }
+    const projectDecision = this.checkScopedLists(
+      context,
+      _optionalChain([this, 'access', _19 => _19.localSettings, 'optionalAccess', _20 => _20.allowList]),
+      _optionalChain([this, 'access', _21 => _21.localSettings, 'optionalAccess', _22 => _22.denyList]),
+      "project"
+    );
+    if (projectDecision) {
+      return projectDecision;
+    }
+    const userDecision = this.checkScopedLists(
+      context,
+      this.settings.allowList,
+      this.settings.denyList,
+      "user"
+    );
+    if (userDecision) {
+      return userDecision;
+    }
+    const ruleDecision = this.checkRules(context);
+    if (ruleDecision) {
+      return ruleDecision;
+    }
+    return { allowed: false, reason: "default" };
+  }
+  /**
+   * Record a user's decision using the legacy boolean API.
+   * Approved permissions are saved to the project allowList when possible.
+   */
+  async recordDecision(context, allowed) {
+    const merged = this.getMergedSettings();
+    if (merged.rememberSession) {
+      const cacheKey = this.getCacheKey(context);
+      this.sessionCache.set(cacheKey, allowed);
+    }
+    const pattern = this.contextToPattern(context);
+    const dirPattern = allowed && context.path ? this.buildDirectoryWildcard(context) : null;
+    if (allowed && this.workspaceRoot) {
+      try {
+        const patterns = dirPattern ? [pattern, dirPattern] : [pattern];
+        for (const p of patterns) {
+          await _chunkP6SLT2F4cjs.addToLocalAllowList.call(void 0, this.workspaceRoot, p);
+        }
+        if (!this.localSettings) {
+          this.localSettings = { allowList: [] };
+        }
+        if (!this.localSettings.allowList) {
+          this.localSettings.allowList = [];
+        }
+        for (const p of patterns) {
+          if (!this.localSettings.allowList.includes(p)) {
+            this.localSettings.allowList.push(p);
+          }
+        }
+      } catch (e3) {
+        this.addToAllowList(pattern);
+        if (dirPattern) this.addToAllowList(dirPattern);
+      }
+    } else if (allowed) {
+      this.addToAllowList(pattern);
+      if (dirPattern) this.addToAllowList(dirPattern);
+    } else {
+      this.addToDenyList(pattern);
+    }
+    if (this.onPersist) {
+      await this.onPersist(this.settings);
+    }
+  }
+  async applyPromptDecision(context, result) {
+    const pattern = this.contextToPattern(context);
+    const dirPattern = this.buildDirectoryWildcard(context);
+    const allowPatterns = dirPattern ? [pattern, dirPattern] : [pattern];
+    switch (result.decision) {
+      case "allow_once":
+      case "deny_once":
+      case "alternative":
+        return;
+      case "allow_session": {
+        if (!this.workspaceRoot) {
+          return;
+        }
+        for (const entry of allowPatterns) {
+          await addToSessionAllowList(this.workspaceRoot, entry);
+        }
+        this.sessionProjectSettings = {
+          ..._nullishCoalesce(this.sessionProjectSettings, () => ( {})),
+          allowList: Array.from(/* @__PURE__ */ new Set([..._nullishCoalesce(_optionalChain([this, 'access', _23 => _23.sessionProjectSettings, 'optionalAccess', _24 => _24.allowList]), () => ( [])), ...allowPatterns])),
+          denyList: [..._nullishCoalesce(_optionalChain([this, 'access', _25 => _25.sessionProjectSettings, 'optionalAccess', _26 => _26.denyList]), () => ( []))]
+        };
+        return;
+      }
+      case "deny_session": {
+        if (!this.workspaceRoot) {
+          return;
+        }
+        await addToSessionDenyList(this.workspaceRoot, pattern);
+        this.sessionProjectSettings = {
+          ..._nullishCoalesce(this.sessionProjectSettings, () => ( {})),
+          allowList: [..._nullishCoalesce(_optionalChain([this, 'access', _27 => _27.sessionProjectSettings, 'optionalAccess', _28 => _28.allowList]), () => ( []))],
+          denyList: Array.from(/* @__PURE__ */ new Set([..._nullishCoalesce(_optionalChain([this, 'access', _29 => _29.sessionProjectSettings, 'optionalAccess', _30 => _30.denyList]), () => ( [])), pattern]))
+        };
+        return;
+      }
+      case "allow_always_project": {
+        if (!this.workspaceRoot) {
+          this.addToAllowList(pattern);
+          if (dirPattern) this.addToAllowList(dirPattern);
+          if (this.onPersist) {
+            await this.onPersist(this.settings);
+          }
+          return;
+        }
+        for (const entry of allowPatterns) {
+          await _chunkP6SLT2F4cjs.addToLocalAllowList.call(void 0, this.workspaceRoot, entry);
+        }
+        if (!this.localSettings) {
+          this.localSettings = this.normalizeSettings({});
+        }
+        this.localSettings.allowList = Array.from(/* @__PURE__ */ new Set([..._nullishCoalesce(this.localSettings.allowList, () => ( [])), ...allowPatterns]));
+        return;
+      }
+      case "deny_always_project": {
+        if (!this.workspaceRoot) {
+          this.addToDenyList(pattern);
+          if (this.onPersist) {
+            await this.onPersist(this.settings);
+          }
+          return;
+        }
+        await _chunkP6SLT2F4cjs.addToLocalDenyList.call(void 0, this.workspaceRoot, pattern);
+        if (!this.localSettings) {
+          this.localSettings = this.normalizeSettings({});
+        }
+        this.localSettings.denyList = Array.from(/* @__PURE__ */ new Set([..._nullishCoalesce(this.localSettings.denyList, () => ( [])), pattern]));
+        return;
+      }
+      case "allow_always_user":
+        this.addToAllowList(pattern);
+        if (dirPattern) this.addToAllowList(dirPattern);
+        if (this.onPersist) {
+          await this.onPersist(this.settings);
+        }
+        return;
+      case "deny_always_user":
+        this.addToDenyList(pattern);
+        if (this.onPersist) {
+          await this.onPersist(this.settings);
+        }
+        return;
+    }
+  }
+  /**
+   * Convert context to a pattern string for whitelist/blacklist
+   */
+  contextToPattern(context) {
+    const tool = context.tool;
+    let value;
+    if (context.command) {
+      const args = _optionalChain([context, 'access', _31 => _31.args, 'optionalAccess', _32 => _32.join, 'call', _33 => _33(" ")]) || "";
+      value = args ? `${context.command} ${args}` : context.command;
+    } else if (context.path) {
+      value = context.path;
+    } else {
+      return `${tool}:*`;
+    }
+    return `${tool}:${value}`;
+  }
+  /**
+   * Build a directory-level wildcard pattern for path-based approvals.
+   * E.g., write_file:/project/tests/foo.ts → write_file:/project/tests/*
+   * This allows future writes in the same directory to be auto-approved.
+   */
+  buildDirectoryWildcard(context) {
+    if (!context.path) return null;
+    const dir = _path2.default.dirname(context.path);
+    if (dir === "." || dir === "/") return null;
+    return `${context.tool}:${dir}/*`;
+  }
+  /**
+   * Convert a PermissionContext to the { kind, target } shape used by matchesToolPattern.
+   */
+  contextToCall(context) {
+    return { kind: context.tool, target: this.getFullCommand(context) };
+  }
+  /**
+   * Check pattern-based allow/deny rules (denyPatterns, availableTools, excludedTools,
+   * allowPatterns, allPathsAllowed, allUrlsAllowed).
+   * Returns a decision when a pattern fires, or null to continue with normal flow.
+   */
+  checkPatterns(context) {
+    const settings = this.getMergedSettings();
+    const call = this.contextToCall(context);
+    if (_optionalChain([settings, 'access', _34 => _34.denyPatterns, 'optionalAccess', _35 => _35.length])) {
+      for (const p of settings.denyPatterns) {
+        if (matchesToolPattern(p, call)) {
+          return { allowed: false, reason: "pattern_denied" };
+        }
+      }
+    }
+    if (_optionalChain([settings, 'access', _36 => _36.availableTools, 'optionalAccess', _37 => _37.length])) {
+      const inAvailable = settings.availableTools.some((p) => matchesToolPattern(p, call));
+      if (!inAvailable) {
+        return { allowed: false, reason: "not_in_available" };
+      }
+    }
+    if (_optionalChain([settings, 'access', _38 => _38.excludedTools, 'optionalAccess', _39 => _39.length])) {
+      for (const p of settings.excludedTools) {
+        if (matchesToolPattern(p, call)) {
+          return { allowed: false, reason: "excluded" };
+        }
+      }
+    }
+    if (_optionalChain([settings, 'access', _40 => _40.allowPatterns, 'optionalAccess', _41 => _41.length])) {
+      for (const p of settings.allowPatterns) {
+        if (matchesToolPattern(p, call)) {
+          return { allowed: true, reason: "pattern_allowed" };
+        }
+      }
+    }
+    const fileTools = /* @__PURE__ */ new Set(["read_file", "write_file", "list_dir", "delete_path", "move_path", "copy_path"]);
+    if (settings.allPathsAllowed && fileTools.has(context.tool)) {
+      return { allowed: true, reason: "all_paths_allowed" };
+    }
+    if (settings.allUrlsAllowed && context.tool === "url") {
+      return { allowed: true, reason: "all_urls_allowed" };
+    }
+    return null;
+  }
+  /**
+   * Check if context matches the immutable security blacklist
+   * This check CANNOT be bypassed by any mode, allowList, or user setting
+   */
+  isSecurityBlacklisted(context) {
+    return DEFAULT_SECURITY_BLACKLIST.some((pattern) => this.matchesPattern(context, pattern));
+  }
+  /**
+   * Check scoped allow/deny lists, returning a source-specific decision if matched.
+   */
+  checkScopedLists(context, allowList, denyList, scope) {
+    const normalizedAllowList = _nullishCoalesce(allowList, () => ( []));
+    const normalizedDenyList = _nullishCoalesce(denyList, () => ( []));
+    if (normalizedDenyList.some((pattern) => this.matchesPattern(context, pattern))) {
+      return {
+        allowed: false,
+        reason: scope === "user" ? "deny_list" : `${scope}_deny_list`
+      };
+    }
+    if (normalizedAllowList.some((pattern) => this.matchesPattern(context, pattern))) {
+      return {
+        allowed: true,
+        reason: scope === "user" ? "allow_list" : `${scope}_allow_list`
+      };
+    }
+    return null;
+  }
+  /**
+   * Check custom rules (uses merged global + local settings)
+   */
+  checkRules(context) {
+    const merged = this.getMergedSettings();
+    const rules = merged.rules || [];
+    for (const rule of rules) {
+      if (this.ruleMatches(context, rule)) {
+        if (rule.action === "allow") {
+          return { allowed: true, reason: "rule_match" };
+        }
+        if (rule.action === "deny") {
+          return { allowed: false, reason: "rule_match" };
+        }
+      }
+    }
+    return null;
+  }
+  /**
+   * Check if a rule matches the context
+   */
+  ruleMatches(context, rule) {
+    if (rule.tool !== "*" && rule.tool !== context.tool) {
+      return false;
+    }
+    if (rule.pattern) {
+      const fullCommand = this.getFullCommand(context);
+      return this.globMatch(fullCommand, rule.pattern);
+    }
+    return true;
+  }
+  /**
+   * Match context against a pattern string
+   * Format: "tool:pattern" or just "pattern" for run_command
+   * Supports prefix patterns like "write_file:*" and directory-specific patterns
+   */
+  matchesPattern(context, pattern) {
+    const colonIndex = pattern.indexOf(":");
+    let toolPattern;
+    let commandPattern;
+    if (colonIndex !== -1) {
+      toolPattern = pattern.substring(0, colonIndex);
+      commandPattern = pattern.substring(colonIndex + 1);
+    } else {
+      toolPattern = "run_command";
+      commandPattern = pattern;
+    }
+    if (toolPattern !== "*" && toolPattern !== context.tool) {
+      return false;
+    }
+    if (commandPattern === "*") {
+      return true;
+    }
+    if (commandPattern.endsWith(":*")) {
+      const prefix = commandPattern.slice(0, -2);
+      const fullCommand2 = this.getFullCommand(context);
+      if (fullCommand2.startsWith(prefix)) {
+        return fullCommand2 === prefix || fullCommand2.startsWith(prefix + " ") || fullCommand2.startsWith(prefix + "/") || fullCommand2.startsWith(prefix + _path2.default.sep);
+      }
+      return false;
+    }
+    if (this.workspaceRoot && commandPattern.includes("/*")) {
+      if (context.path) {
+        const workspacePattern = _path2.default.join(this.workspaceRoot, commandPattern);
+        const resolvedPath = _path2.default.resolve(this.workspaceRoot, context.path);
+        return this.globMatch(resolvedPath, workspacePattern);
+      }
+    }
+    const fullCommand = this.getFullCommand(context);
+    return this.globMatch(fullCommand, commandPattern);
+  }
+  /**
+   * Get full command string from context
+   */
+  getFullCommand(context) {
+    if (context.command) {
+      const args = _optionalChain([context, 'access', _42 => _42.args, 'optionalAccess', _43 => _43.join, 'call', _44 => _44(" ")]) || "";
+      return args ? `${context.command} ${args}` : context.command;
+    }
+    if (context.path) {
+      return context.path;
+    }
+    return context.tool;
+  }
+  /**
+   * Simple glob matching (* for wildcards)
+   */
+  globMatch(text, pattern) {
+    const regexPattern = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*").replace(/\?/g, ".");
+    const regex = new RegExp(`^${regexPattern}$`, "i");
+    return regex.test(text);
+  }
+  /**
+   * Generate cache key from context
+   */
+  getCacheKey(context) {
+    const parts = [context.tool];
+    if (context.command) parts.push(context.command);
+    if (_optionalChain([context, 'access', _45 => _45.args, 'optionalAccess', _46 => _46.length])) parts.push(context.args.join(" "));
+    if (context.path) parts.push(context.path);
+    return parts.join("::");
+  }
+  /**
+   * Clear session cache
+   */
+  clearCache() {
+    this.sessionCache.clear();
+  }
+  /**
+   * Get session cache stats
+   */
+  getCacheStats() {
+    return {
+      size: this.sessionCache.size,
+      entries: Array.from(this.sessionCache.keys())
+    };
+  }
+  /**
+   * Add to allowList dynamically
+   */
+  addToAllowList(pattern) {
+    if (!this.settings.allowList) {
+      this.settings.allowList = [];
+    }
+    if (!this.settings.allowList.includes(pattern)) {
+      this.settings.allowList.push(pattern);
+    }
+  }
+  /**
+   * Add to denyList dynamically
+   */
+  addToDenyList(pattern) {
+    if (!this.settings.denyList) {
+      this.settings.denyList = [];
+    }
+    if (!this.settings.denyList.includes(pattern)) {
+      this.settings.denyList.push(pattern);
+    }
+  }
+  /**
+   * Remove from allowList
+   */
+  async removeFromAllowList(pattern) {
+    if (!this.settings.allowList) return false;
+    const index = this.settings.allowList.indexOf(pattern);
+    if (index !== -1) {
+      this.settings.allowList.splice(index, 1);
+      if (this.onPersist) {
+        await this.onPersist(this.settings);
+      }
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Remove from denyList
+   */
+  async removeFromDenyList(pattern) {
+    if (!this.settings.denyList) return false;
+    const index = this.settings.denyList.indexOf(pattern);
+    if (index !== -1) {
+      this.settings.denyList.splice(index, 1);
+      if (this.onPersist) {
+        await this.onPersist(this.settings);
+      }
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Get current allowList
+   */
+  getAllowList() {
+    return [...this.settings.allowList || []];
+  }
+  /**
+   * Get current denyList
+   */
+  getDenyList() {
+    return [...this.settings.denyList || []];
+  }
+  /**
+   * Get current settings (for display)
+   */
+  getSettings() {
+    return {
+      ...this.settings,
+      allowList: [...this.settings.allowList || []],
+      denyList: [...this.settings.denyList || []],
+      rules: [...this.settings.rules || []],
+      allowPatterns: [...this.settings.allowPatterns || []],
+      denyPatterns: [...this.settings.denyPatterns || []],
+      availableTools: [...this.settings.availableTools || []],
+      excludedTools: [...this.settings.excludedTools || []]
+    };
+  }
+  /**
+   * Create a prefix pattern for a tool (e.g., write_file:src:*)
+   */
+  static createPrefixPattern(tool, prefix) {
+    return `${tool}:${prefix}:*`;
+  }
+  /**
+   * Create a workspace-relative pattern (e.g., write_file:src/*)
+   */
+  static createWorkspacePattern(tool, workspaceDir) {
+    return `${tool}:${workspaceDir}/*`;
+  }
+  /**
+   * Create a tool wildcard pattern (e.g., write_file:*)
+   */
+  static createToolWildcardPattern(tool) {
+    return `${tool}:*`;
+  }
+  /**
+   * Add a prefix pattern to allowList
+   */
+  addPrefixPattern(tool, prefix) {
+    const pattern = _PermissionManager.createPrefixPattern(tool, prefix);
+    this.addToAllowList(pattern);
+  }
+  /**
+   * Add a workspace-relative pattern to allowList
+   */
+  addWorkspacePattern(tool, workspaceDir) {
+    const pattern = _PermissionManager.createWorkspacePattern(tool, workspaceDir);
+    this.addToAllowList(pattern);
+  }
+  /**
+   * Add a tool wildcard pattern to allowList
+   */
+  addToolWildcardPattern(tool) {
+    const pattern = _PermissionManager.createToolWildcardPattern(tool);
+    this.addToAllowList(pattern);
+  }
+  getWhitelist() {
+    return this.getAllowList();
+  }
+  getBlacklist() {
+    return this.getDenyList();
+  }
+  async removeFromWhitelist(pattern) {
+    return this.removeFromAllowList(pattern);
+  }
+  async removeFromBlacklist(pattern) {
+    return this.removeFromDenyList(pattern);
+  }
+  addToWhitelist(pattern) {
+    this.addToAllowList(pattern);
+  }
+  addToBlacklist(pattern) {
+    this.addToDenyList(pattern);
+  }
+  getPermissionSnapshot(userConfigPath) {
+    const effective = this.getMergedSettings();
+    const effectiveAllowList = Array.from(/* @__PURE__ */ new Set([
+      ..._nullishCoalesce(effective.allowList, () => ( [])),
+      ..._nullishCoalesce(_optionalChain([this, 'access', _47 => _47.sessionProjectSettings, 'optionalAccess', _48 => _48.allowList]), () => ( []))
+    ]));
+    const effectiveDenyList = Array.from(/* @__PURE__ */ new Set([
+      ..._nullishCoalesce(effective.denyList, () => ( [])),
+      ..._nullishCoalesce(_optionalChain([this, 'access', _49 => _49.sessionProjectSettings, 'optionalAccess', _50 => _50.denyList]), () => ( []))
+    ]));
+    return {
+      mode: this.mode,
+      rememberSession: effective.rememberSession !== false,
+      session: {
+        path: this.workspaceRoot ? getSessionPermissionsPath(this.workspaceRoot) : "(project session unavailable)",
+        allowList: [..._nullishCoalesce(_optionalChain([this, 'access', _51 => _51.sessionProjectSettings, 'optionalAccess', _52 => _52.allowList]), () => ( []))],
+        denyList: [..._nullishCoalesce(_optionalChain([this, 'access', _53 => _53.sessionProjectSettings, 'optionalAccess', _54 => _54.denyList]), () => ( []))]
+      },
+      project: {
+        path: this.workspaceRoot ? _path2.default.join(this.workspaceRoot, ".autohand", "settings.local.json") : "(project unavailable)",
+        allowList: [..._nullishCoalesce(_optionalChain([this, 'access', _55 => _55.localSettings, 'optionalAccess', _56 => _56.allowList]), () => ( []))],
+        denyList: [..._nullishCoalesce(_optionalChain([this, 'access', _57 => _57.localSettings, 'optionalAccess', _58 => _58.denyList]), () => ( []))]
+      },
+      user: {
+        path: userConfigPath,
+        allowList: [..._nullishCoalesce(this.settings.allowList, () => ( []))],
+        denyList: [..._nullishCoalesce(this.settings.denyList, () => ( []))]
+      },
+      effective: {
+        path: "merged",
+        allowList: effectiveAllowList,
+        denyList: effectiveDenyList
+      }
+    };
+  }
+}, _class);
+
+
+
+
+
+exports.addToSessionAllowList = addToSessionAllowList; exports.DEFAULT_SECURITY_BLACKLIST = DEFAULT_SECURITY_BLACKLIST; exports.PermissionManager = PermissionManager;
+/**
+ * Permission Manager - Handles tool/command approval with allow/deny lists
+ * @license Apache-2.0
+ */