bonecode 1.0.0

package/src/engine/permission/arity.ts

@@ -0,0 +1,163 @@
+export function prefix(tokens: string[]) {
+  for (let len = tokens.length; len > 0; len--) {
+    const prefix = tokens.slice(0, len).join(" ")
+    const arity = ARITY[prefix]
+    if (arity !== undefined) return tokens.slice(0, arity)
+  }
+  if (tokens.length === 0) return []
+  return tokens.slice(0, 1)
+}
+
+/* Generated with following prompt:
+You are generating a dictionary of command-prefix arities for bash-style commands.
+This dictionary is used to identify the "human-understandable command" from an input shell command.### **RULES (follow strictly)**1. Each entry maps a **command prefix string → number**, representing how many **tokens** define the command.
+2. **Flags NEVER count as tokens**. Only subcommands count.
+3. **Longest matching prefix wins**.
+4. **Only include a longer prefix if its arity is different from what the shorter prefix already implies**.   * Example: If `git` is 2, then do **not** include `git checkout`, `git commit`, etc. unless they require *different* arity.
+5. The output must be a **single JSON object**. Each entry should have a comment with an example real world matching command. DO NOT MAKE ANY OTHER COMMENTS. Should be alphabetical
+6. Include the **most commonly used commands** across many stacks and languages. More is better.### **Semantics examples*** `touch foo.txt` → `touch` (arity 1, explicitly listed)
+* `git checkout main` → `git checkout` (because `git` has arity 2)
+* `npm install` → `npm install` (because `npm` has arity 2)
+* `npm run dev` → `npm run dev` (because `npm run` has arity 3)
+* `python script.py` → `python script.py` (default: whole input, not in dictionary)### **Now generate the dictionary.**
+*/
+const ARITY: Record<string, number> = {
+  cat: 1, // cat file.txt
+  cd: 1, // cd /path/to/dir
+  chmod: 1, // chmod 755 script.sh
+  chown: 1, // chown user:group file.txt
+  cp: 1, // cp source.txt dest.txt
+  echo: 1, // echo "hello world"
+  env: 1, // env
+  export: 1, // export PATH=/usr/bin
+  grep: 1, // grep pattern file.txt
+  kill: 1, // kill 1234
+  killall: 1, // killall process
+  ln: 1, // ln -s source target
+  ls: 1, // ls -la
+  mkdir: 1, // mkdir new-dir
+  mv: 1, // mv old.txt new.txt
+  ps: 1, // ps aux
+  pwd: 1, // pwd
+  rm: 1, // rm file.txt
+  rmdir: 1, // rmdir empty-dir
+  sleep: 1, // sleep 5
+  source: 1, // source ~/.bashrc
+  tail: 1, // tail -f log.txt
+  touch: 1, // touch file.txt
+  unset: 1, // unset VAR
+  which: 1, // which node
+  aws: 3, // aws s3 ls
+  az: 3, // az storage blob list
+  bazel: 2, // bazel build
+  brew: 2, // brew install node
+  bun: 2, // bun install
+  "bun run": 3, // bun run dev
+  "bun x": 3, // bun x vite
+  cargo: 2, // cargo build
+  "cargo add": 3, // cargo add tokio
+  "cargo run": 3, // cargo run main
+  cdk: 2, // cdk deploy
+  cf: 2, // cf push app
+  cmake: 2, // cmake build
+  composer: 2, // composer require laravel
+  consul: 2, // consul members
+  "consul kv": 3, // consul kv get config/app
+  crictl: 2, // crictl ps
+  deno: 2, // deno run server.ts
+  "deno task": 3, // deno task dev
+  doctl: 3, // doctl kubernetes cluster list
+  docker: 2, // docker run nginx
+  "docker builder": 3, // docker builder prune
+  "docker compose": 3, // docker compose up
+  "docker container": 3, // docker container ls
+  "docker image": 3, // docker image prune
+  "docker network": 3, // docker network inspect
+  "docker volume": 3, // docker volume ls
+  eksctl: 2, // eksctl get clusters
+  "eksctl create": 3, // eksctl create cluster
+  firebase: 2, // firebase deploy
+  flyctl: 2, // flyctl deploy
+  gcloud: 3, // gcloud compute instances list
+  gh: 3, // gh pr list
+  git: 2, // git checkout main
+  "git config": 3, // git config user.name
+  "git remote": 3, // git remote add origin
+  "git stash": 3, // git stash pop
+  go: 2, // go build
+  gradle: 2, // gradle build
+  helm: 2, // helm install mychart
+  heroku: 2, // heroku logs
+  hugo: 2, // hugo new site blog
+  ip: 2, // ip link show
+  "ip addr": 3, // ip addr show
+  "ip link": 3, // ip link set eth0 up
+  "ip netns": 3, // ip netns exec foo bash
+  "ip route": 3, // ip route add default via 1.1.1.1
+  kind: 2, // kind delete cluster
+  "kind create": 3, // kind create cluster
+  kubectl: 2, // kubectl get pods
+  "kubectl kustomize": 3, // kubectl kustomize overlays/dev
+  "kubectl rollout": 3, // kubectl rollout restart deploy/api
+  kustomize: 2, // kustomize build .
+  make: 2, // make build
+  mc: 2, // mc ls myminio
+  "mc admin": 3, // mc admin info myminio
+  minikube: 2, // minikube start
+  mongosh: 2, // mongosh test
+  mysql: 2, // mysql -u root
+  mvn: 2, // mvn compile
+  ng: 2, // ng generate component home
+  npm: 2, // npm install
+  "npm exec": 3, // npm exec vite
+  "npm init": 3, // npm init vue
+  "npm run": 3, // npm run dev
+  "npm view": 3, // npm view react version
+  nvm: 2, // nvm use 18
+  nx: 2, // nx build
+  openssl: 2, // openssl genrsa 2048
+  "openssl req": 3, // openssl req -new -key key.pem
+  "openssl x509": 3, // openssl x509 -in cert.pem
+  pip: 2, // pip install numpy
+  pipenv: 2, // pipenv install flask
+  pnpm: 2, // pnpm install
+  "pnpm dlx": 3, // pnpm dlx create-next-app
+  "pnpm exec": 3, // pnpm exec vite
+  "pnpm run": 3, // pnpm run dev
+  poetry: 2, // poetry add requests
+  podman: 2, // podman run alpine
+  "podman container": 3, // podman container ls
+  "podman image": 3, // podman image prune
+  psql: 2, // psql -d mydb
+  pulumi: 2, // pulumi up
+  "pulumi stack": 3, // pulumi stack output
+  pyenv: 2, // pyenv install 3.11
+  python: 2, // python -m venv env
+  rake: 2, // rake db:migrate
+  rbenv: 2, // rbenv install 3.2.0
+  "redis-cli": 2, // redis-cli ping
+  rustup: 2, // rustup update
+  serverless: 2, // serverless invoke
+  sfdx: 3, // sfdx force:org:list
+  skaffold: 2, // skaffold dev
+  sls: 2, // sls deploy
+  sst: 2, // sst deploy
+  swift: 2, // swift build
+  systemctl: 2, // systemctl restart nginx
+  terraform: 2, // terraform apply
+  "terraform workspace": 3, // terraform workspace select prod
+  tmux: 2, // tmux new -s dev
+  turbo: 2, // turbo run build
+  ufw: 2, // ufw allow 22
+  vault: 2, // vault login
+  "vault auth": 3, // vault auth list
+  "vault kv": 3, // vault kv get secret/api
+  vercel: 2, // vercel deploy
+  volta: 2, // volta install node
+  wp: 2, // wp plugin install
+  yarn: 2, // yarn add react
+  "yarn dlx": 3, // yarn dlx create-react-app
+  "yarn run": 3, // yarn run dev
+}
+
+export * as BashArity from "./arity"

package/src/engine/permission/evaluate.ts

@@ -0,0 +1,15 @@
+import { Wildcard } from "@/util/wildcard"
+
+type Rule = {
+  permission: string
+  pattern: string
+  action: "allow" | "deny" | "ask"
+}
+
+export function evaluate(permission: string, pattern: string, ...rulesets: Rule[][]): Rule {
+  const rules = rulesets.flat()
+  const match = rules.findLast(
+    (rule) => Wildcard.match(permission, rule.permission) && Wildcard.match(pattern, rule.pattern),
+  )
+  return match ?? { action: "ask", permission, pattern: "*" }
+}

package/src/engine/permission/index.ts

@@ -0,0 +1,306 @@
+import { Bus } from "@/bus"
+import { BusEvent } from "@/bus/bus-event"
+import { ConfigPermission } from "@/config/permission"
+import { InstanceState } from "@/effect/instance-state"
+import { ProjectID } from "@/project/schema"
+import { MessageID, SessionID } from "@/session/schema"
+import { PermissionTable } from "@/session/session.sql"
+import { Database } from "@/storage/db"
+import { eq } from "drizzle-orm"
+import * as Log from "@opencode-ai/core/util/log"
+import { Wildcard } from "@/util/wildcard"
+import { Deferred, Effect, Layer, Schema, Context } from "effect"
+import os from "os"
+import { evaluate as evalRule } from "./evaluate"
+import { PermissionID } from "./schema"
+
+const log = Log.create({ service: "permission" })
+
+export const Action = Schema.Literals(["allow", "deny", "ask"]).annotate({ identifier: "PermissionAction" })
+export type Action = Schema.Schema.Type<typeof Action>
+
+export const Rule = Schema.Struct({
+  permission: Schema.String,
+  pattern: Schema.String,
+  action: Action,
+}).annotate({ identifier: "PermissionRule" })
+export type Rule = Schema.Schema.Type<typeof Rule>
+
+export const Ruleset = Schema.mutable(Schema.Array(Rule)).annotate({ identifier: "PermissionRuleset" })
+export type Ruleset = Schema.Schema.Type<typeof Ruleset>
+
+export class Request extends Schema.Class<Request>("PermissionRequest")({
+  id: PermissionID,
+  sessionID: SessionID,
+  permission: Schema.String,
+  patterns: Schema.Array(Schema.String),
+  metadata: Schema.Record(Schema.String, Schema.Unknown),
+  always: Schema.Array(Schema.String),
+  tool: Schema.optional(
+    Schema.Struct({
+      messageID: MessageID,
+      callID: Schema.String,
+    }),
+  ),
+}) {}
+
+export const Reply = Schema.Literals(["once", "always", "reject"])
+export type Reply = Schema.Schema.Type<typeof Reply>
+
+const reply = {
+  reply: Reply,
+  message: Schema.optional(Schema.String),
+}
+
+export const ReplyBody = Schema.Struct(reply).annotate({ identifier: "PermissionReplyBody" })
+export type ReplyBody = Schema.Schema.Type<typeof ReplyBody>
+
+export class Approval extends Schema.Class<Approval>("PermissionApproval")({
+  projectID: ProjectID,
+  patterns: Schema.Array(Schema.String),
+}) {}
+
+export const Event = {
+  Asked: BusEvent.define("permission.asked", Request),
+  Replied: BusEvent.define(
+    "permission.replied",
+    Schema.Struct({
+      sessionID: SessionID,
+      requestID: PermissionID,
+      reply: Reply,
+    }),
+  ),
+}
+
+export class RejectedError extends Schema.TaggedErrorClass<RejectedError>()("PermissionRejectedError", {}) {
+  override get message() {
+    return "The user rejected permission to use this specific tool call."
+  }
+}
+
+export class CorrectedError extends Schema.TaggedErrorClass<CorrectedError>()("PermissionCorrectedError", {
+  feedback: Schema.String,
+}) {
+  override get message() {
+    return `The user rejected permission to use this specific tool call with the following feedback: ${this.feedback}`
+  }
+}
+
+export class DeniedError extends Schema.TaggedErrorClass<DeniedError>()("PermissionDeniedError", {
+  ruleset: Schema.Any,
+}) {
+  override get message() {
+    return `The user has specified a rule which prevents you from using this specific tool call. Here are some of the relevant rules ${JSON.stringify(this.ruleset)}`
+  }
+}
+
+export type Error = DeniedError | RejectedError | CorrectedError
+
+export const AskInput = Schema.Struct({
+  ...Request.fields,
+  id: Schema.optional(PermissionID),
+  ruleset: Ruleset,
+}).annotate({ identifier: "PermissionAskInput" })
+export type AskInput = Schema.Schema.Type<typeof AskInput>
+
+export const ReplyInput = Schema.Struct({
+  requestID: PermissionID,
+  ...reply,
+}).annotate({ identifier: "PermissionReplyInput" })
+export type ReplyInput = Schema.Schema.Type<typeof ReplyInput>
+
+export interface Interface {
+  readonly ask: (input: AskInput) => Effect.Effect<void, Error>
+  readonly reply: (input: ReplyInput) => Effect.Effect<void>
+  readonly list: () => Effect.Effect<ReadonlyArray<Request>>
+}
+
+interface PendingEntry {
+  info: Request
+  deferred: Deferred.Deferred<void, RejectedError | CorrectedError>
+}
+
+interface State {
+  pending: Map<PermissionID, PendingEntry>
+  approved: Ruleset
+}
+
+export function evaluate(permission: string, pattern: string, ...rulesets: Ruleset[]): Rule {
+  return evalRule(permission, pattern, ...rulesets)
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/Permission") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const bus = yield* Bus.Service
+    const state = yield* InstanceState.make<State>(
+      Effect.fn("Permission.state")(function* (ctx) {
+        const row = Database.use((db) =>
+          db.select().from(PermissionTable).where(eq(PermissionTable.project_id, ctx.project.id)).get(),
+        )
+        const state = {
+          pending: new Map<PermissionID, PendingEntry>(),
+          approved: row?.data ?? [],
+        }
+
+        yield* Effect.addFinalizer(() =>
+          Effect.gen(function* () {
+            for (const item of state.pending.values()) {
+              yield* Deferred.fail(item.deferred, new RejectedError())
+            }
+            state.pending.clear()
+          }),
+        )
+
+        return state
+      }),
+    )
+
+    const ask = Effect.fn("Permission.ask")(function* (input: AskInput) {
+      const { approved, pending } = yield* InstanceState.get(state)
+      const { ruleset, ...request } = input
+      let needsAsk = false
+
+      for (const pattern of request.patterns) {
+        const rule = evaluate(request.permission, pattern, ruleset, approved)
+        log.info("evaluated", { permission: request.permission, pattern, action: rule })
+        if (rule.action === "deny") {
+          return yield* new DeniedError({
+            ruleset: ruleset.filter((rule) => Wildcard.match(request.permission, rule.permission)),
+          })
+        }
+        if (rule.action === "allow") continue
+        needsAsk = true
+      }
+
+      if (!needsAsk) return
+
+      const id = request.id ?? PermissionID.ascending()
+      const info = Schema.decodeUnknownSync(Request)({
+        id,
+        ...request,
+      })
+      log.info("asking", { id, permission: info.permission, patterns: info.patterns })
+
+      const deferred = yield* Deferred.make<void, RejectedError | CorrectedError>()
+      pending.set(id, { info, deferred })
+      yield* bus.publish(Event.Asked, info)
+      return yield* Effect.ensuring(
+        Deferred.await(deferred),
+        Effect.sync(() => {
+          pending.delete(id)
+        }),
+      )
+    })
+
+    const reply = Effect.fn("Permission.reply")(function* (input: ReplyInput) {
+      const { approved, pending } = yield* InstanceState.get(state)
+      const existing = pending.get(input.requestID)
+      if (!existing) return
+
+      pending.delete(input.requestID)
+      yield* bus.publish(Event.Replied, {
+        sessionID: existing.info.sessionID,
+        requestID: existing.info.id,
+        reply: input.reply,
+      })
+
+      if (input.reply === "reject") {
+        yield* Deferred.fail(
+          existing.deferred,
+          input.message ? new CorrectedError({ feedback: input.message }) : new RejectedError(),
+        )
+
+        for (const [id, item] of pending.entries()) {
+          if (item.info.sessionID !== existing.info.sessionID) continue
+          pending.delete(id)
+          yield* bus.publish(Event.Replied, {
+            sessionID: item.info.sessionID,
+            requestID: item.info.id,
+            reply: "reject",
+          })
+          yield* Deferred.fail(item.deferred, new RejectedError())
+        }
+        return
+      }
+
+      yield* Deferred.succeed(existing.deferred, undefined)
+      if (input.reply === "once") return
+
+      for (const pattern of existing.info.always) {
+        approved.push({
+          permission: existing.info.permission,
+          pattern,
+          action: "allow",
+        })
+      }
+
+      for (const [id, item] of pending.entries()) {
+        if (item.info.sessionID !== existing.info.sessionID) continue
+        const ok = item.info.patterns.every(
+          (pattern) => evaluate(item.info.permission, pattern, approved).action === "allow",
+        )
+        if (!ok) continue
+        pending.delete(id)
+        yield* bus.publish(Event.Replied, {
+          sessionID: item.info.sessionID,
+          requestID: item.info.id,
+          reply: "always",
+        })
+        yield* Deferred.succeed(item.deferred, undefined)
+      }
+    })
+
+    const list = Effect.fn("Permission.list")(function* () {
+      const pending = (yield* InstanceState.get(state)).pending
+      return Array.from(pending.values(), (item) => item.info)
+    })
+
+    return Service.of({ ask, reply, list })
+  }),
+)
+
+function expand(pattern: string): string {
+  if (pattern.startsWith("~/")) return os.homedir() + pattern.slice(1)
+  if (pattern === "~") return os.homedir()
+  if (pattern.startsWith("$HOME/")) return os.homedir() + pattern.slice(5)
+  if (pattern.startsWith("$HOME")) return os.homedir() + pattern.slice(5)
+  return pattern
+}
+
+export function fromConfig(permission: ConfigPermission.Info) {
+  const ruleset: Ruleset = []
+  for (const [key, value] of Object.entries(permission)) {
+    if (typeof value === "string") {
+      ruleset.push({ permission: key, action: value, pattern: "*" })
+      continue
+    }
+    ruleset.push(
+      ...Object.entries(value).map(([pattern, action]) => ({ permission: key, pattern: expand(pattern), action })),
+    )
+  }
+  return ruleset
+}
+
+export function merge(...rulesets: Ruleset[]): Ruleset {
+  return rulesets.flat()
+}
+
+const EDIT_TOOLS = ["edit", "write", "apply_patch"]
+
+export function disabled(tools: string[], ruleset: Ruleset): Set<string> {
+  const result = new Set<string>()
+  for (const tool of tools) {
+    const permission = EDIT_TOOLS.includes(tool) ? "edit" : tool
+    const rule = ruleset.findLast((rule) => Wildcard.match(permission, rule.permission))
+    if (!rule) continue
+    if (rule.pattern === "*" && rule.action === "deny") result.add(tool)
+  }
+  return result
+}
+
+export const defaultLayer = layer.pipe(Layer.provide(Bus.layer))
+
+export * as Permission from "."

package/src/engine/permission/permission/arity.ts

@@ -0,0 +1,163 @@
+export function prefix(tokens: string[]) {
+  for (let len = tokens.length; len > 0; len--) {
+    const prefix = tokens.slice(0, len).join(" ")
+    const arity = ARITY[prefix]
+    if (arity !== undefined) return tokens.slice(0, arity)
+  }
+  if (tokens.length === 0) return []
+  return tokens.slice(0, 1)
+}
+
+/* Generated with following prompt:
+You are generating a dictionary of command-prefix arities for bash-style commands.
+This dictionary is used to identify the "human-understandable command" from an input shell command.### **RULES (follow strictly)**1. Each entry maps a **command prefix string → number**, representing how many **tokens** define the command.
+2. **Flags NEVER count as tokens**. Only subcommands count.
+3. **Longest matching prefix wins**.
+4. **Only include a longer prefix if its arity is different from what the shorter prefix already implies**.   * Example: If `git` is 2, then do **not** include `git checkout`, `git commit`, etc. unless they require *different* arity.
+5. The output must be a **single JSON object**. Each entry should have a comment with an example real world matching command. DO NOT MAKE ANY OTHER COMMENTS. Should be alphabetical
+6. Include the **most commonly used commands** across many stacks and languages. More is better.### **Semantics examples*** `touch foo.txt` → `touch` (arity 1, explicitly listed)
+* `git checkout main` → `git checkout` (because `git` has arity 2)
+* `npm install` → `npm install` (because `npm` has arity 2)
+* `npm run dev` → `npm run dev` (because `npm run` has arity 3)
+* `python script.py` → `python script.py` (default: whole input, not in dictionary)### **Now generate the dictionary.**
+*/
+const ARITY: Record<string, number> = {
+  cat: 1, // cat file.txt
+  cd: 1, // cd /path/to/dir
+  chmod: 1, // chmod 755 script.sh
+  chown: 1, // chown user:group file.txt
+  cp: 1, // cp source.txt dest.txt
+  echo: 1, // echo "hello world"
+  env: 1, // env
+  export: 1, // export PATH=/usr/bin
+  grep: 1, // grep pattern file.txt
+  kill: 1, // kill 1234
+  killall: 1, // killall process
+  ln: 1, // ln -s source target
+  ls: 1, // ls -la
+  mkdir: 1, // mkdir new-dir
+  mv: 1, // mv old.txt new.txt
+  ps: 1, // ps aux
+  pwd: 1, // pwd
+  rm: 1, // rm file.txt
+  rmdir: 1, // rmdir empty-dir
+  sleep: 1, // sleep 5
+  source: 1, // source ~/.bashrc
+  tail: 1, // tail -f log.txt
+  touch: 1, // touch file.txt
+  unset: 1, // unset VAR
+  which: 1, // which node
+  aws: 3, // aws s3 ls
+  az: 3, // az storage blob list
+  bazel: 2, // bazel build
+  brew: 2, // brew install node
+  bun: 2, // bun install
+  "bun run": 3, // bun run dev
+  "bun x": 3, // bun x vite
+  cargo: 2, // cargo build
+  "cargo add": 3, // cargo add tokio
+  "cargo run": 3, // cargo run main
+  cdk: 2, // cdk deploy
+  cf: 2, // cf push app
+  cmake: 2, // cmake build
+  composer: 2, // composer require laravel
+  consul: 2, // consul members
+  "consul kv": 3, // consul kv get config/app
+  crictl: 2, // crictl ps
+  deno: 2, // deno run server.ts
+  "deno task": 3, // deno task dev
+  doctl: 3, // doctl kubernetes cluster list
+  docker: 2, // docker run nginx
+  "docker builder": 3, // docker builder prune
+  "docker compose": 3, // docker compose up
+  "docker container": 3, // docker container ls
+  "docker image": 3, // docker image prune
+  "docker network": 3, // docker network inspect
+  "docker volume": 3, // docker volume ls
+  eksctl: 2, // eksctl get clusters
+  "eksctl create": 3, // eksctl create cluster
+  firebase: 2, // firebase deploy
+  flyctl: 2, // flyctl deploy
+  gcloud: 3, // gcloud compute instances list
+  gh: 3, // gh pr list
+  git: 2, // git checkout main
+  "git config": 3, // git config user.name
+  "git remote": 3, // git remote add origin
+  "git stash": 3, // git stash pop
+  go: 2, // go build
+  gradle: 2, // gradle build
+  helm: 2, // helm install mychart
+  heroku: 2, // heroku logs
+  hugo: 2, // hugo new site blog
+  ip: 2, // ip link show
+  "ip addr": 3, // ip addr show
+  "ip link": 3, // ip link set eth0 up
+  "ip netns": 3, // ip netns exec foo bash
+  "ip route": 3, // ip route add default via 1.1.1.1
+  kind: 2, // kind delete cluster
+  "kind create": 3, // kind create cluster
+  kubectl: 2, // kubectl get pods
+  "kubectl kustomize": 3, // kubectl kustomize overlays/dev
+  "kubectl rollout": 3, // kubectl rollout restart deploy/api
+  kustomize: 2, // kustomize build .
+  make: 2, // make build
+  mc: 2, // mc ls myminio
+  "mc admin": 3, // mc admin info myminio
+  minikube: 2, // minikube start
+  mongosh: 2, // mongosh test
+  mysql: 2, // mysql -u root
+  mvn: 2, // mvn compile
+  ng: 2, // ng generate component home
+  npm: 2, // npm install
+  "npm exec": 3, // npm exec vite
+  "npm init": 3, // npm init vue
+  "npm run": 3, // npm run dev
+  "npm view": 3, // npm view react version
+  nvm: 2, // nvm use 18
+  nx: 2, // nx build
+  openssl: 2, // openssl genrsa 2048
+  "openssl req": 3, // openssl req -new -key key.pem
+  "openssl x509": 3, // openssl x509 -in cert.pem
+  pip: 2, // pip install numpy
+  pipenv: 2, // pipenv install flask
+  pnpm: 2, // pnpm install
+  "pnpm dlx": 3, // pnpm dlx create-next-app
+  "pnpm exec": 3, // pnpm exec vite
+  "pnpm run": 3, // pnpm run dev
+  poetry: 2, // poetry add requests
+  podman: 2, // podman run alpine
+  "podman container": 3, // podman container ls
+  "podman image": 3, // podman image prune
+  psql: 2, // psql -d mydb
+  pulumi: 2, // pulumi up
+  "pulumi stack": 3, // pulumi stack output
+  pyenv: 2, // pyenv install 3.11
+  python: 2, // python -m venv env
+  rake: 2, // rake db:migrate
+  rbenv: 2, // rbenv install 3.2.0
+  "redis-cli": 2, // redis-cli ping
+  rustup: 2, // rustup update
+  serverless: 2, // serverless invoke
+  sfdx: 3, // sfdx force:org:list
+  skaffold: 2, // skaffold dev
+  sls: 2, // sls deploy
+  sst: 2, // sst deploy
+  swift: 2, // swift build
+  systemctl: 2, // systemctl restart nginx
+  terraform: 2, // terraform apply
+  "terraform workspace": 3, // terraform workspace select prod
+  tmux: 2, // tmux new -s dev
+  turbo: 2, // turbo run build
+  ufw: 2, // ufw allow 22
+  vault: 2, // vault login
+  "vault auth": 3, // vault auth list
+  "vault kv": 3, // vault kv get secret/api
+  vercel: 2, // vercel deploy
+  volta: 2, // volta install node
+  wp: 2, // wp plugin install
+  yarn: 2, // yarn add react
+  "yarn dlx": 3, // yarn dlx create-react-app
+  "yarn run": 3, // yarn run dev
+}
+
+export * as BashArity from "./arity"

package/src/engine/permission/permission/evaluate.ts

@@ -0,0 +1,15 @@
+import { Wildcard } from "@/util/wildcard"
+
+type Rule = {
+  permission: string
+  pattern: string
+  action: "allow" | "deny" | "ask"
+}
+
+export function evaluate(permission: string, pattern: string, ...rulesets: Rule[][]): Rule {
+  const rules = rulesets.flat()
+  const match = rules.findLast(
+    (rule) => Wildcard.match(permission, rule.permission) && Wildcard.match(pattern, rule.pattern),
+  )
+  return match ?? { action: "ask", permission, pattern: "*" }
+}