cc-permissions 0.1.2

package/templates/rust.jsonc

@@ -0,0 +1,97 @@
+{
+  "$schema": "../template.schema.json",
+  "name": "rust",
+  "description": "Cargo, rustc, and rustup",
+  "category": "Languages & Runtimes",
+  "detection": {
+    "files": ["Cargo.toml", "Cargo.lock"]
+  },
+  "levels": {
+    "restrictive": [
+      // rust info
+      { "command": "rustc --version", "description": "Check rustc version" },
+      { "command": "rustc -V", "description": "Check rustc version" },
+      { "command": "rustc --print", "description": "Print compiler info" },
+      // cargo info
+      { "command": "cargo --version", "description": "Check Cargo version" },
+      { "command": "cargo -V", "description": "Check Cargo version" },
+      { "command": "cargo version", "description": "Check Cargo version" },
+      { "command": "cargo help", "description": "Cargo help" },
+      // cargo read-only
+      { "command": "cargo tree", "description": "Show dependency tree" },
+      { "command": "cargo metadata", "description": "Show package metadata" },
+      { "command": "cargo search", "description": "Search crates.io" },
+      { "command": "cargo locate-project", "description": "Locate Cargo.toml" },
+      { "command": "cargo read-manifest", "description": "Read package manifest" },
+      { "command": "cargo pkgid", "description": "Show package ID" },
+      // cargo audit
+      { "command": "cargo audit", "description": "Audit dependencies" },
+      { "command": "cargo outdated", "description": "Check outdated dependencies" },
+      { "command": "cargo deny check", "description": "Check dependency policies" },
+      // rustup info
+      { "command": "rustup --version", "description": "Check rustup version" },
+      { "command": "rustup show", "description": "Show installed toolchains" },
+      { "command": "rustup which", "description": "Show which binary will run" },
+      { "command": "rustup target list", "description": "List available targets" },
+      { "command": "rustup component list", "description": "List available components" }
+    ],
+    "standard": [
+      // cargo build (no install)
+      { "command": "cargo build", "description": "Build package" },
+      { "command": "cargo build --release", "description": "Build release" },
+      { "command": "cargo build --target", "description": "Build for target" },
+      // cargo check
+      { "command": "cargo check", "description": "Check package" },
+      { "command": "cargo check --all-targets", "description": "Check all targets" },
+      // cargo test
+      { "command": "cargo test", "description": "Run tests" },
+      { "command": "cargo test --release", "description": "Run release tests" },
+      { "command": "cargo test --doc", "description": "Run doc tests" },
+      { "command": "cargo bench", "description": "Run benchmarks" },
+      // cargo run
+      { "command": "cargo run", "description": "Run package" },
+      { "command": "cargo run --release", "description": "Run release build" },
+      { "command": "cargo run --example", "description": "Run example" },
+      // cargo formatting
+      { "command": "cargo fmt", "description": "Format code" },
+      { "command": "cargo fmt --check", "description": "Check formatting" },
+      // cargo linting
+      { "command": "cargo clippy", "description": "Run Clippy linter" },
+      { "command": "cargo clippy --fix", "description": "Apply Clippy fixes" },
+      // cargo doc
+      { "command": "cargo doc", "description": "Build documentation" },
+      { "command": "cargo doc --open", "description": "Build and open docs" },
+      // cargo fix
+      { "command": "cargo fix", "description": "Apply compiler fixes" }
+    ],
+    "permissive": [
+      // cargo install
+      { "command": "cargo install", "description": "Install binary" },
+      { "command": "cargo uninstall", "description": "Uninstall binary" },
+      // cargo publish
+      { "command": "cargo publish", "description": "Publish to crates.io" },
+      { "command": "cargo package", "description": "Package crate" },
+      { "command": "cargo yank", "description": "Yank published version" },
+      // cargo update
+      { "command": "cargo update", "description": "Update dependencies" },
+      { "command": "cargo add", "description": "Add dependency" },
+      { "command": "cargo remove", "description": "Remove dependency" },
+      // cargo clean
+      { "command": "cargo clean", "description": "Clean target directory" },
+      // cargo vendor
+      { "command": "cargo vendor", "description": "Vendor dependencies" },
+      // cargo new/init
+      { "command": "cargo new", "description": "Create new package" },
+      { "command": "cargo init", "description": "Initialize package" },
+      // rustup management
+      { "command": "rustup update", "description": "Update toolchains" },
+      { "command": "rustup default", "description": "Set default toolchain" },
+      { "command": "rustup toolchain install", "description": "Install toolchain" },
+      { "command": "rustup toolchain uninstall", "description": "Uninstall toolchain" },
+      { "command": "rustup target add", "description": "Add target" },
+      { "command": "rustup target remove", "description": "Remove target" },
+      { "command": "rustup component add", "description": "Add component" },
+      { "command": "rustup component remove", "description": "Remove component" }
+    ]
+  }
+}

package/templates/shell.jsonc

@@ -0,0 +1,73 @@
+{
+  "$schema": "../template.schema.json",
+  "name": "shell",
+  "description": "Basic shell and filesystem commands",
+  "category": "General",
+  "detection": {
+    "always": true
+  },
+  "levels": {
+    "restrictive": [
+      { "command": "ls", "description": "List directory contents" },
+      { "command": "cat", "description": "View file contents" },
+      { "command": "head", "description": "View file beginning" },
+      { "command": "tail", "description": "View file end" },
+      { "command": "less", "description": "Page through file" },
+      { "command": "more", "description": "Page through file" },
+      { "command": "grep", "description": "Search file contents" },
+      { "command": "find", "description": "Find files" },
+      { "command": "wc", "description": "Count lines/words/chars" },
+      { "command": "tree", "description": "Display directory tree" },
+      { "command": "pwd", "description": "Print working directory" },
+      { "command": "which", "description": "Locate a command" },
+      { "command": "whereis", "description": "Locate binary/source/manual" },
+      { "command": "type", "description": "Describe command type" },
+      { "command": "file", "description": "Determine file type" },
+      { "command": "stat", "description": "Display file status" },
+      { "command": "du", "description": "Disk usage" },
+      { "command": "df", "description": "Disk free space" },
+      { "command": "echo", "description": "Print text" },
+      { "command": "printf", "description": "Format and print" },
+      { "command": "env", "description": "View environment variables" },
+      { "command": "printenv", "description": "Print environment variables" },
+      { "command": "date", "description": "Display date/time" },
+      { "command": "whoami", "description": "Print current user" },
+      { "command": "uname", "description": "System information" },
+      { "command": "hostname", "description": "Show hostname" }
+    ],
+    "standard": [
+      { "command": "mkdir", "description": "Create directories" },
+      { "command": "touch", "description": "Create empty files" },
+      { "command": "cp", "description": "Copy files" },
+      { "command": "mv", "description": "Move/rename files" },
+      { "command": "ln", "description": "Create links" },
+      { "command": "chmod", "description": "Change file permissions" },
+      { "command": "chown", "description": "Change file owner" },
+      { "command": "tar", "description": "Archive files" },
+      { "command": "zip", "description": "Compress files" },
+      { "command": "unzip", "description": "Extract zip files" },
+      { "command": "gzip", "description": "Compress files" },
+      { "command": "gunzip", "description": "Decompress files" },
+      { "command": "curl", "description": "Transfer data from URLs" },
+      { "command": "wget", "description": "Download files" },
+      { "command": "diff", "description": "Compare files" },
+      { "command": "sort", "description": "Sort lines" },
+      { "command": "uniq", "description": "Filter duplicate lines" },
+      { "command": "cut", "description": "Cut sections from lines" },
+      { "command": "awk", "description": "Pattern processing" },
+      { "command": "sed", "description": "Stream editor" },
+      { "command": "xargs", "description": "Build command lines" },
+      { "command": "tee", "description": "Read and write to files" }
+    ],
+    "permissive": [
+      { "command": "rm", "description": "Remove files" },
+      { "command": "rmdir", "description": "Remove directories" },
+      { "command": "rm -r", "description": "Remove recursively" },
+      { "command": "rm -rf", "description": "Force remove recursively" },
+      { "command": "sudo", "description": "Execute as superuser" },
+      { "command": "kill", "description": "Terminate processes" },
+      { "command": "pkill", "description": "Kill processes by name" },
+      { "command": "killall", "description": "Kill processes by name" }
+    ]
+  }
+}

package/templates/template.schema.json

@@ -0,0 +1,102 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://github.com/DanielCarmingham/cc-permissions/blob/main/templates/template.schema.json",
+  "title": "CC-Permissions Template",
+  "description": "Schema for permission templates in cc-permissions",
+  "type": "object",
+  "required": ["name", "description", "levels"],
+  "additionalProperties": false,
+  "properties": {
+    "$schema": {
+      "type": "string",
+      "description": "JSON Schema reference"
+    },
+    "name": {
+      "type": "string",
+      "description": "Template identifier (lowercase, no spaces)",
+      "pattern": "^[a-z][a-z0-9-]*$"
+    },
+    "description": {
+      "type": "string",
+      "description": "Brief description of what this template covers"
+    },
+    "category": {
+      "type": "string",
+      "description": "Category for grouping templates in list output"
+    },
+    "detection": {
+      "type": "object",
+      "description": "Optional rules for auto-detecting when this template should be recommended",
+      "additionalProperties": false,
+      "properties": {
+        "files": {
+          "type": "array",
+          "description": "File patterns that indicate this template (supports globs like *.csproj)",
+          "items": { "type": "string" }
+        },
+        "directories": {
+          "type": "array",
+          "description": "Directory patterns that indicate this template (e.g., .git/, .github/workflows/)",
+          "items": { "type": "string" }
+        },
+        "contentPatterns": {
+          "type": "array",
+          "description": "File + content patterns for ambiguous detection",
+          "items": {
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+              "file": { "type": "string", "description": "File to check" },
+              "contains": { "type": "string", "description": "Text that must be present in the file" }
+            },
+            "required": ["file", "contains"]
+          }
+        },
+        "always": {
+          "type": "boolean",
+          "description": "If true, this template is always recommended (e.g., shell baseline)"
+        }
+      }
+    },
+    "levels": {
+      "type": "object",
+      "description": "Permission levels (cumulative: standard includes restrictive, permissive includes standard)",
+      "required": ["restrictive", "standard", "permissive"],
+      "additionalProperties": false,
+      "properties": {
+        "restrictive": {
+          "type": "array",
+          "description": "Read-only operations (exploration, status checks)",
+          "items": { "$ref": "#/$defs/permission" }
+        },
+        "standard": {
+          "type": "array",
+          "description": "Dev workflow commands (builds, tests, commits)",
+          "items": { "$ref": "#/$defs/permission" }
+        },
+        "permissive": {
+          "type": "array",
+          "description": "Commands with broader access (installs, publishes)",
+          "items": { "$ref": "#/$defs/permission" }
+        }
+      }
+    }
+  },
+  "$defs": {
+    "permission": {
+      "type": "object",
+      "required": ["command"],
+      "additionalProperties": false,
+      "properties": {
+        "command": {
+          "type": "string",
+          "description": "The command or pattern to allow"
+        },
+        "description": {
+          "type": "string",
+          "description": "Optional description for documentation"
+        }
+      }
+    }
+  }
+}

package/templates/terraform.jsonc

@@ -0,0 +1,96 @@
+{
+  "$schema": "../template.schema.json",
+  "name": "terraform",
+  "description": "Terraform, Terragrunt, and tflint",
+  "category": "Container & Infrastructure",
+  "detection": {
+    "files": ["*.tf", ".terraform.lock.hcl", "terragrunt.hcl"]
+  },
+  "levels": {
+    "restrictive": [
+      // terraform info
+      { "command": "terraform version", "description": "Check Terraform version" },
+      { "command": "terraform -version", "description": "Check Terraform version" },
+      { "command": "terraform providers", "description": "List providers" },
+      { "command": "terraform providers schema", "description": "Show provider schema" },
+      // terraform read-only
+      { "command": "terraform fmt -check", "description": "Check formatting" },
+      { "command": "terraform fmt -diff", "description": "Show format diff" },
+      { "command": "terraform validate", "description": "Validate configuration" },
+      { "command": "terraform show", "description": "Show state or plan" },
+      { "command": "terraform output", "description": "Show outputs" },
+      { "command": "terraform graph", "description": "Generate graph" },
+      { "command": "terraform state list", "description": "List state resources" },
+      { "command": "terraform state show", "description": "Show state resource" },
+      // terraform workspace read
+      { "command": "terraform workspace list", "description": "List workspaces" },
+      { "command": "terraform workspace show", "description": "Show current workspace" },
+      // terragrunt info
+      { "command": "terragrunt --version", "description": "Check Terragrunt version" },
+      { "command": "terragrunt graph-dependencies", "description": "Show dependency graph" },
+      { "command": "terragrunt output", "description": "Show Terragrunt outputs" },
+      { "command": "terragrunt validate", "description": "Validate Terragrunt config" },
+      // tflint info
+      { "command": "tflint --version", "description": "Check tflint version" }
+    ],
+    "standard": [
+      // terraform format
+      { "command": "terraform fmt", "description": "Format configuration" },
+      // terraform init (downloads providers, no changes)
+      { "command": "terraform init", "description": "Initialize configuration" },
+      { "command": "terraform init -upgrade", "description": "Upgrade providers" },
+      { "command": "terraform get", "description": "Download modules" },
+      // terraform plan (no changes)
+      { "command": "terraform plan", "description": "Create execution plan" },
+      { "command": "terraform plan -out", "description": "Save plan to file" },
+      { "command": "terraform plan -target", "description": "Plan specific resource" },
+      // terraform workspace management
+      { "command": "terraform workspace select", "description": "Select workspace" },
+      { "command": "terraform workspace new", "description": "Create workspace" },
+      // terraform console
+      { "command": "terraform console", "description": "Interactive console" },
+      // terragrunt commands (no apply/destroy)
+      { "command": "terragrunt init", "description": "Initialize Terragrunt" },
+      { "command": "terragrunt plan", "description": "Plan with Terragrunt" },
+      { "command": "terragrunt plan-all", "description": "Plan all modules" },
+      { "command": "terragrunt run-all plan", "description": "Plan all modules" },
+      { "command": "terragrunt fmt", "description": "Format Terragrunt config" },
+      // tflint
+      { "command": "tflint", "description": "Run tflint" },
+      { "command": "tflint --init", "description": "Initialize tflint plugins" },
+      { "command": "tflint --fix", "description": "Fix tflint issues" }
+    ],
+    "permissive": [
+      // terraform apply
+      { "command": "terraform apply", "description": "Apply changes" },
+      { "command": "terraform apply -auto-approve", "description": "Apply without prompt" },
+      { "command": "terraform apply -target", "description": "Apply specific resource" },
+      // terraform destroy
+      { "command": "terraform destroy", "description": "Destroy infrastructure" },
+      { "command": "terraform destroy -auto-approve", "description": "Destroy without prompt" },
+      { "command": "terraform destroy -target", "description": "Destroy specific resource" },
+      // terraform state management
+      { "command": "terraform state mv", "description": "Move state resource" },
+      { "command": "terraform state rm", "description": "Remove from state" },
+      { "command": "terraform state pull", "description": "Pull remote state" },
+      { "command": "terraform state push", "description": "Push state" },
+      { "command": "terraform state replace-provider", "description": "Replace provider" },
+      // terraform import
+      { "command": "terraform import", "description": "Import resource" },
+      // terraform taint/untaint
+      { "command": "terraform taint", "description": "Mark resource for recreation" },
+      { "command": "terraform untaint", "description": "Unmark resource" },
+      // terraform workspace delete
+      { "command": "terraform workspace delete", "description": "Delete workspace" },
+      // terraform refresh
+      { "command": "terraform refresh", "description": "Refresh state" },
+      // terragrunt apply/destroy
+      { "command": "terragrunt apply", "description": "Apply with Terragrunt" },
+      { "command": "terragrunt destroy", "description": "Destroy with Terragrunt" },
+      { "command": "terragrunt apply-all", "description": "Apply all modules" },
+      { "command": "terragrunt destroy-all", "description": "Destroy all modules" },
+      { "command": "terragrunt run-all apply", "description": "Apply all modules" },
+      { "command": "terragrunt run-all destroy", "description": "Destroy all modules" }
+    ]
+  }
+}