axconfig 3.6.0 → 3.6.2

package/README.md

@@ -1,6 +1,6 @@
 # axconfig
 
-Unified configuration management for AI coding agents — common API for permissions, settings, and config across Claude Code, Codex, Gemini CLI, and OpenCode.
+Unified configuration management for AI coding agents — common API for permissions, settings, and config across Claude Code, Codex, Gemini CLI, GitHub Copilot CLI, and OpenCode.
 
 ## Overview
 
@@ -26,11 +26,11 @@ Unified syntax for all agents:
 
 ```bash
 # Tool permissions
-read, write, edit, bash, glob, grep, web
+read, write, bash, glob, grep, webfetch
 
 # Bash command patterns
 bash:git *
-bash:npm run build
+bash:npm run build*
 
 # Path restrictions (agent-dependent)
 read:src/**
@@ -45,19 +45,27 @@ Translates unified permissions to agent-specific formats:
 | -------- | --------------------------------------------------------- |
 | claude   | JSON `settings.json` with `permissions.allow/deny` arrays |
 | codex    | TOML `config.toml` + Starlark `.rules` files              |
-| gemini   | TOML policy files with `[[rule]]` entries                 |
+| copilot  | JSON `config.json` (no pre-configured permissions)        |
+| gemini   | JSON `settings.json` + TOML policy files in `policies/`   |
 | opencode | JSON with `permission.{edit,bash,webfetch}`               |
 
 ### Capability Validation
 
 Each agent has different capabilities:
 
-| Agent    | Tool Perms  | Bash Patterns | Path Restrictions | Can Deny Read |
-| -------- | ----------- | ------------- | ----------------- | ------------- |
-| claude   | ✓           | ✓             | ✓                 | ✓             |
-| codex    | ✗ (sandbox) | ✓             | ✗                 | ✗             |
-| gemini   | ✓           | ✓             | ✗                 | ✓             |
-| opencode | ✓           | ✓             | ✗                 | ✓             |
+| Agent    | Tool Perms  | Bash Patterns | Path Restrictions | Can Deny Read | Notes                                        |
+| -------- | ----------- | ------------- | ----------------- | ------------- | -------------------------------------------- |
+| claude   | ✓           | ✓             | ✓                 | ✓             | Permissions + OS-level sandbox               |
+| codex    | ✗ (sandbox) | ✓             | ✗                 | ✗             | OS-level sandbox (Landlock+seccomp/Seatbelt) |
+| copilot  | ✗           | ✗             | ✗                 | ✗             | Runtime prompts only (no pre-config)         |
+| gemini   | ✓           | ✓             | ✗                 | ✓             | Permissions only (no sandbox)                |
+| opencode | ✓           | ✓             | ✓                 | ✓             | UX-only permissions (no sandbox)             |
+
+**Security notes:**
+
+- **Claude Code** manages application-level permissions; OS-level sandbox settings (network filtering, filesystem isolation) are configured separately
+- **Copilot CLI** does not support pre-configured permissions; all actions require runtime approval prompts
+- **OpenCode** permissions are UX-only to keep users informed; they do not provide security isolation
 
 axconfig validates permissions against agent capabilities:
 
@@ -217,6 +225,7 @@ src/
 └── agents/
     ├── claude.ts           # Claude Code config builder + reader
     ├── codex.ts            # Codex config builder + reader
+    ├── copilot.ts          # GitHub Copilot CLI config builder + reader
     ├── gemini.ts           # Gemini CLI config builder + reader
     └── opencode.ts         # OpenCode config builder + reader
 ```
@@ -232,7 +241,7 @@ Run `npx -y axconfig --help` to learn available options.
 
 Use `axconfig` to manage AI agent configurations with unified permission syntax.
 It translates `--allow` and `--deny` rules to agent-specific formats (Claude Code,
-Codex, Gemini CLI, OpenCode).
+Codex, Gemini CLI, GitHub Copilot CLI, OpenCode).
 ```
 
 ## License

package/dist/agents/claude-reader.js

@@ -13,15 +13,15 @@ import { createJsonConfigOperations, readJsonConfig, } from "../read-write-json-
 const REVERSE_TOOL_MAP = {
     Read: "read",
     Write: "write",
-    Edit: "edit",
+    Edit: "write", // Claude's Edit tool maps to canonical "write"
     Bash: "bash",
     Glob: "glob",
     Grep: "grep",
-    WebFetch: "web",
-    WebSearch: "web",
+    WebFetch: "webfetch",
+    WebSearch: "webfetch",
 };
 /** Path-restricted tools (lowercase) */
-const PATH_TOOLS = new Set(["read", "write", "edit"]);
+const PATH_TOOLS = new Set(["read", "write"]);
 /**
  * Get the settings.json path for a config directory.
  */

package/dist/agents/claude.js

@@ -17,12 +17,11 @@ export { claudeCodeConfigReader } from "./claude-reader.js";
 /** Claude Code tool name mapping */
 const TOOL_MAP = {
     read: "Read",
-    write: "Write",
-    edit: "Edit",
+    write: ["Write", "Edit"], // Canonical "write" maps to both Claude's Write and Edit tools
     bash: "Bash",
     glob: "Glob",
     grep: "Grep",
-    web: "WebFetch",
+    webfetch: "WebFetch",
 };
 /** Claude Code capabilities */
 const CAPABILITIES = {
@@ -33,11 +32,13 @@ const CAPABILITIES = {
 };
 /**
  * Translate a permission rule to Claude Code format.
+ * Returns an array since some canonical tools map to multiple Claude tools.
  */
 function translateRule(rule) {
     switch (rule.type) {
         case "tool": {
-            return TOOL_MAP[rule.name];
+            const mapped = TOOL_MAP[rule.name];
+            return Array.isArray(mapped) ? mapped : [mapped];
         }
         case "bash": {
             // User provides pattern with explicit trailing *
@@ -46,14 +47,18 @@ function translateRule(rule) {
             // bash:* (all commands) → Bash (without parentheses)
             // bash:git* → Bash(git:*)
             if (prefix === "" || prefix.trim() === "") {
-                return "Bash";
+                return ["Bash"];
             }
-            return `Bash(${prefix}:*)`;
+            return [`Bash(${prefix}:*)`];
         }
         case "path": {
             // Claude Code uses "Tool(path/**)" for path patterns
+            // write:pattern maps to both Write(pattern) and Edit(pattern)
+            if (rule.tool === "write") {
+                return [`Write(${rule.pattern})`, `Edit(${rule.pattern})`];
+            }
             const toolName = rule.tool.charAt(0).toUpperCase() + rule.tool.slice(1);
-            return `${toolName}(${rule.pattern})`;
+            return [`${toolName}(${rule.pattern})`];
         }
     }
 }
@@ -103,9 +108,9 @@ function build(config, output) {
         };
     }
     // Claude Code supports all permission types, so no warnings/errors needed
-    // All rules can be translated directly
-    const allowRules = permissions.allow.map((rule) => translateRule(rule));
-    const denyRules = permissions.deny.map((rule) => translateRule(rule));
+    // All rules can be translated directly (flatMap since translateRule returns arrays)
+    const allowRules = permissions.allow.flatMap((rule) => translateRule(rule));
+    const denyRules = permissions.deny.flatMap((rule) => translateRule(rule));
     const settings = {
         ...existingSettings,
         permissions: {

package/dist/agents/codex-reader.js

@@ -85,7 +85,7 @@ function readPermissions(configDirectory) {
         const sandboxMode = config.sandbox_mode;
         if (sandboxMode === "workspace-write" ||
             sandboxMode === "danger-full-access") {
-            allowRules.push({ type: "tool", name: "write" }, { type: "tool", name: "edit" });
+            allowRules.push({ type: "tool", name: "write" });
         }
         // Read is always allowed in Codex sandbox
         allowRules.push({ type: "tool", name: "read" });

package/dist/agents/codex.js

@@ -26,11 +26,11 @@ const CAPABILITIES = {
 /**
  * Infer sandbox mode from permissions.
  *
- * - If write or edit is allowed → workspace-write
+ * - If write is allowed → workspace-write
  * - Otherwise → read-only
  */
 function inferSandboxMode(permissions) {
-    const allowsWrite = permissions.allow.some((r) => r.type === "tool" && (r.name === "write" || r.name === "edit"));
+    const allowsWrite = permissions.allow.some((r) => r.type === "tool" && r.name === "write");
     return allowsWrite ? "workspace-write" : "read-only";
 }
 /**
@@ -98,9 +98,8 @@ function build(config, output) {
                 });
             }
         }
-        // Tool permissions other than read/write/edit - warn as Codex uses sandbox
-        const nonFileTools = permissions.allow.filter((r) => r.type === "tool" &&
-            !["read", "write", "edit", "bash"].includes(r.name));
+        // Tool permissions other than read/write - warn as Codex uses sandbox
+        const nonFileTools = permissions.allow.filter((r) => r.type === "tool" && !["read", "write", "bash"].includes(r.name));
         for (const rule of nonFileTools) {
             if (rule.type === "tool") {
                 warnings.push({

package/dist/agents/gemini-reader.js

@@ -14,11 +14,11 @@ import { createJsonConfigOperations, readJsonConfig, } from "../read-write-json-
 const REVERSE_TOOL_MAP = {
     read_file: "read",
     write_file: "write",
-    edit_file: "edit",
+    edit_file: "write", // Gemini's edit_file maps to canonical "write"
     run_shell_command: "bash",
     glob: "glob",
     grep: "grep",
-    web_fetch: "web",
+    web_fetch: "webfetch",
 };
 /**
  * Get the settings.json path for a config directory.
@@ -111,7 +111,7 @@ function readModel(configDirectory) {
     try {
         const settings = readSettings(configDirectory);
         const modelObject = settings.model;
-        if (!modelObject || modelObject.name === undefined) {
+        if (modelObject?.name === undefined) {
             return { ok: true, value: undefined };
         }
         if (typeof modelObject.name !== "string") {

package/dist/agents/gemini.js

@@ -18,12 +18,11 @@ import { readExistingSettings } from "./gemini-settings.js";
 /** Gemini CLI tool name mapping */
 const TOOL_MAP = {
     read: "read_file",
-    write: "write_file",
-    edit: "edit_file",
+    write: ["write_file", "edit_file"], // Canonical "write" maps to both Gemini's write_file and edit_file
     bash: "run_shell_command",
     glob: "glob",
     grep: "grep",
-    web: "web_fetch",
+    webfetch: "web_fetch",
 };
 /** Gemini CLI capabilities */
 const CAPABILITIES = {
@@ -106,12 +105,19 @@ function build(config, output) {
     const rules = [];
     if (permissions) {
         // Collect tool permissions (excluding path rules which were warned about)
+        // Use flatMap since canonical "write" maps to both write_file and edit_file
         const allowTools = permissions.allow
             .filter((r) => r.type === "tool")
-            .map((r) => TOOL_MAP[r.name]);
+            .flatMap((r) => {
+            const mapped = TOOL_MAP[r.name];
+            return Array.isArray(mapped) ? mapped : [mapped];
+        });
         const denyTools = permissions.deny
             .filter((r) => r.type === "tool")
-            .map((r) => TOOL_MAP[r.name]);
+            .flatMap((r) => {
+            const mapped = TOOL_MAP[r.name];
+            return Array.isArray(mapped) ? mapped : [mapped];
+        });
         // Collect bash patterns, stripping trailing * since Gemini does prefix matching natively
         // bash:* (empty prefix after strip) → allow run_shell_command tool entirely
         // bash:git* → commandPrefix = "git"
@@ -129,7 +135,7 @@ function build(config, output) {
         // Generate allow rules (high priority)
         // Include run_shell_command if bash:* is in allow list
         const effectiveAllowTools = allowAllBash
-            ? [...allowTools, TOOL_MAP.bash]
+            ? [...allowTools, "run_shell_command"]
             : allowTools;
         if (effectiveAllowTools.length > 0) {
             rules.push(generateToolRule(effectiveAllowTools, "allow", 999));
@@ -140,7 +146,7 @@ function build(config, output) {
         // Generate deny rules (medium priority)
         // Include run_shell_command if bash:* is in deny list
         const effectiveDenyTools = denyAllBash
-            ? [...denyTools, TOOL_MAP.bash]
+            ? [...denyTools, "run_shell_command"]
             : denyTools;
         if (effectiveDenyTools.length > 0) {
             rules.push(generateToolRule(effectiveDenyTools, "deny", 500));

package/dist/agents/opencode-permission-builder.d.ts

@@ -32,9 +32,9 @@ export declare const BASE_PERMISSION_OVERRIDES: Record<string, OpenCodePermissio
 /**
  * Collect path patterns from permission rules, grouped by OpenCode permission name.
  *
- * Note: Only read/write/edit rules can have path patterns per the PathPatternRule type.
+ * Note: Only read/write rules can have path patterns per the PathPatternRule type.
  * The TOOL_TO_OPENCODE mapping includes glob/grep for tool-level permissions, but these
- * will never appear here since PathRestrictedTool is limited to read/write/edit.
+ * will never appear here since PathRestrictedTool is limited to read/write.
  */
 export declare function collectPathPatterns(rules: PermissionRule[]): Map<string, string[]>;
 /**

package/dist/agents/opencode-permission-builder.js

@@ -8,11 +8,10 @@
  */
 const TOOL_TO_OPENCODE = {
     read: "read",
-    edit: "edit",
-    write: "edit", // OpenCode uses single "edit" for both
+    write: "edit", // OpenCode uses single "edit" for write operations
     glob: "glob",
     grep: "grep",
-    web: "webfetch",
+    webfetch: "webfetch",
     bash: "bash",
 };
 /**
@@ -42,9 +41,9 @@ export const BASE_PERMISSION_OVERRIDES = {
 /**
  * Collect path patterns from permission rules, grouped by OpenCode permission name.
  *
- * Note: Only read/write/edit rules can have path patterns per the PathPatternRule type.
+ * Note: Only read/write rules can have path patterns per the PathPatternRule type.
  * The TOOL_TO_OPENCODE mapping includes glob/grep for tool-level permissions, but these
- * will never appear here since PathRestrictedTool is limited to read/write/edit.
+ * will never appear here since PathRestrictedTool is limited to read/write.
  */
 export function collectPathPatterns(rules) {
     const patterns = new Map();
@@ -120,14 +119,8 @@ export function buildBashPermission(allowPatterns, denyPatterns, bashAllowed, ba
 export function buildToolPermission(canonicalName, opencodeName, allowedTools, deniedTools, allowPathPatterns, denyPathPatterns) {
     const hasAllowPatterns = allowPathPatterns.has(opencodeName);
     const hasDenyPatterns = denyPathPatterns.has(opencodeName);
-    // Handle write -> edit mapping (both map to same OpenCode permission)
-    const isEditOrWrite = canonicalName === "edit" || canonicalName === "write";
-    const effectiveAllowed = isEditOrWrite
-        ? allowedTools.has("edit") || allowedTools.has("write")
-        : allowedTools.has(canonicalName);
-    const effectiveDenied = isEditOrWrite
-        ? deniedTools.has("edit") || deniedTools.has("write")
-        : deniedTools.has(canonicalName);
+    const effectiveAllowed = allowedTools.has(canonicalName);
+    const effectiveDenied = deniedTools.has(canonicalName);
     if (effectiveDenied && !hasDenyPatterns && !hasAllowPatterns) {
         return "deny";
     }

package/dist/agents/opencode-reader.js

@@ -23,10 +23,10 @@ import { createJsonConfigOperations, readJsonConfig, } from "../read-write-json-
  */
 const OPENCODE_TO_TOOL = {
     read: "read",
-    edit: ["edit", "write"], // OpenCode's "edit" maps to both canonical tools
+    edit: "write", // OpenCode's "edit" maps to canonical "write"
     glob: "glob",
     grep: "grep",
-    webfetch: "web",
+    webfetch: "webfetch",
     bash: "bash",
 };
 /**
@@ -55,18 +55,13 @@ function isAllowAction(action) {
  * Parse a permission value (simple or object-based) and add rules to the arrays.
  */
 function parsePermissionValue(opencodeName, value, allowRules, denyRules) {
-    const canonicalTools = OPENCODE_TO_TOOL[opencodeName];
-    if (!canonicalTools)
+    const canonicalTool = OPENCODE_TO_TOOL[opencodeName];
+    if (!canonicalTool)
         return; // Unknown permission, skip
-    const tools = Array.isArray(canonicalTools)
-        ? canonicalTools
-        : [canonicalTools];
     if (typeof value === "string") {
         // Simple value: "allow", "deny", or "ask"
         const rules = isAllowAction(value) ? allowRules : denyRules;
-        for (const tool of tools) {
-            rules.push({ type: "tool", name: tool });
-        }
+        rules.push({ type: "tool", name: canonicalTool });
     }
     else if (typeof value === "object") {
         // Object with patterns
@@ -74,9 +69,7 @@ function parsePermissionValue(opencodeName, value, allowRules, denyRules) {
             const rules = isAllowAction(action) ? allowRules : denyRules;
             if (pattern === "*") {
                 // Catch-all represents tool-level permission
-                for (const tool of tools) {
-                    rules.push({ type: "tool", name: tool });
-                }
+                rules.push({ type: "tool", name: canonicalTool });
                 continue;
             }
             if (opencodeName === "bash") {
@@ -84,13 +77,11 @@ function parsePermissionValue(opencodeName, value, allowRules, denyRules) {
                 rules.push({ type: "bash", pattern });
             }
             else {
-                // Only read/write/edit support path patterns in axconfig's type system.
+                // Only read/write support path patterns in axconfig's type system.
                 // OpenCode's glob/grep patterns match against glob patterns or regexes,
                 // not file paths, so they're intentionally excluded here.
-                for (const tool of tools) {
-                    if (tool === "read" || tool === "write" || tool === "edit") {
-                        rules.push({ type: "path", tool, pattern });
-                    }
+                if (canonicalTool === "read" || canonicalTool === "write") {
+                    rules.push({ type: "path", tool: canonicalTool, pattern });
                 }
             }
         }

package/dist/agents/opencode.js

@@ -40,10 +40,10 @@ function buildPermissionConfig(permissions) {
     // Set permissions for standard tools
     const tools = [
         { canonical: "read", opencode: "read" },
-        { canonical: "edit", opencode: "edit" },
+        { canonical: "write", opencode: "edit" }, // OpenCode uses "edit" for write operations
         { canonical: "glob", opencode: "glob" },
         { canonical: "grep", opencode: "grep" },
-        { canonical: "web", opencode: "webfetch" },
+        { canonical: "webfetch", opencode: "webfetch" },
     ];
     for (const { canonical, opencode } of tools) {
         permissionConfig[opencode] = buildToolPermission(canonical, opencode, allowedTools, deniedTools, allowPathPatterns, denyPathPatterns);
@@ -85,7 +85,7 @@ function build(config, output) {
     };
     atomicWriteFileSync(configPath, JSON.stringify(openCodeConfig, undefined, 2));
     // Build environment variables:
-    // - OPENCODE_CONFIG_DIR: axpoint convention for config directory
+    // - OPENCODE_CONFIG_DIR: axkit convention for config directory
     // - XDG_DATA_HOME/XDG_CONFIG_HOME: OpenCode uses these for auth and other XDG-based paths
     const runtimeEnvironment = buildAgentRuntimeEnvironment("opencode", output);
     return {

package/dist/parse-permissions.js

@@ -27,14 +27,13 @@
 const CANONICAL_TOOLS = new Set([
     "read",
     "write",
-    "edit",
     "bash",
     "glob",
     "grep",
-    "web",
+    "webfetch",
 ]);
 /** Tools that support path restrictions */
-const PATH_TOOLS = new Set(["read", "write", "edit"]);
+const PATH_TOOLS = new Set(["read", "write"]);
 /**
  * Parse a single permission rule string.
  *

package/dist/types.d.ts

@@ -5,9 +5,9 @@
  */
 import type { AgentCli } from "axshared";
 /** Canonical tool names used in axrun permissions */
-type CanonicalTool = "read" | "write" | "edit" | "bash" | "glob" | "grep" | "web";
+type CanonicalTool = "read" | "write" | "bash" | "glob" | "grep" | "webfetch";
 /** Tools that support path restrictions */
-type PathRestrictedTool = "read" | "write" | "edit";
+type PathRestrictedTool = "read" | "write";
 /** Permission rule for a tool (e.g., "read", "bash") */
 interface ToolPermissionRule {
     type: "tool";

package/package.json

@@ -2,8 +2,8 @@
   "name": "axconfig",
   "author": "Łukasz Jerciński",
   "license": "MIT",
-  "version": "3.6.0",
-  "description": "Unified configuration management for AI coding agents - common API for permissions, settings, and config across Claude Code, Codex, Gemini CLI, and OpenCode",
+  "version": "3.6.2",
+  "description": "Unified configuration management for AI coding agents - common API for permissions, settings, and config across Claude Code, Codex, Gemini CLI, GitHub Copilot CLI, and OpenCode",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/Jercik/axconfig.git"
@@ -55,35 +55,36 @@
     "configuration",
     "claude-code",
     "codex",
+    "copilot-cli",
     "gemini",
     "opencode",
     "llm",
     "automation",
     "coding-assistant"
   ],
-  "packageManager": "pnpm@10.26.1",
+  "packageManager": "pnpm@10.28.0",
   "engines": {
     "node": ">=22.14.0"
   },
   "dependencies": {
     "@commander-js/extra-typings": "^14.0.0",
     "@iarna/toml": "^2.2.5",
-    "axshared": "^1.7.1",
+    "axshared": "^4.0.0",
     "commander": "^14.0.2"
   },
   "devDependencies": {
     "@total-typescript/ts-reset": "^0.6.1",
     "@types/iarna__toml": "^2.0.5",
-    "@types/node": "^25.0.3",
-    "@vitest/coverage-v8": "^4.0.16",
+    "@types/node": "^25.0.9",
+    "@vitest/coverage-v8": "^4.0.17",
     "eslint": "^9.39.2",
-    "eslint-config-axpoint": "^1.0.0",
+    "eslint-config-axkit": "^1.1.0",
     "fta-check": "^1.5.1",
     "fta-cli": "^3.0.0",
-    "knip": "^5.79.0",
-    "prettier": "3.7.4",
+    "knip": "^5.82.0",
+    "prettier": "3.8.0",
     "semantic-release": "^25.0.2",
     "typescript": "^5.9.3",
-    "vitest": "^4.0.16"
+    "vitest": "^4.0.17"
   }
 }