ccjk 3.7.3 → 3.8.0

package/dist/chunks/permissions.mjs

@@ -1,428 +1,250 @@
 import process__default from 'node:process';
-import chalk from 'chalk';
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
-import { homedir } from 'node:os';
-import { join } from 'pathe';
-
-class PermissionManager {
-  permissions = [];
-  configPath;
-  constructor(configPath) {
-    this.configPath = configPath || join(homedir(), ".ccjk", "config.json");
-    this.loadPermissions();
-  }
-  /**
-   * Load permissions from config file
-   */
-  loadPermissions() {
-    try {
-      if (!existsSync(this.configPath)) {
-        this.permissions = [];
-        return;
-      }
-      const configContent = readFileSync(this.configPath, "utf-8");
-      const config = JSON.parse(configContent);
-      if (config.permissions) {
-        this.permissions = [];
-        if (Array.isArray(config.permissions.allow)) {
-          config.permissions.allow.forEach((pattern) => {
-            this.permissions.push({
-              type: "allow",
-              pattern,
-              scope: "global"
-            });
-          });
-        }
-        if (Array.isArray(config.permissions.deny)) {
-          config.permissions.deny.forEach((pattern) => {
-            this.permissions.push({
-              type: "deny",
-              pattern,
-              scope: "global"
-            });
-          });
-        }
-      }
-    } catch (_error) {
-      this.permissions = [];
-    }
-  }
-  /**
-   * Save permissions to config file
-   */
-  savePermissions() {
-    try {
-      let config = {};
-      if (existsSync(this.configPath)) {
-        const configContent = readFileSync(this.configPath, "utf-8");
-        config = JSON.parse(configContent);
-      }
-      config.permissions = {
-        allow: this.permissions.filter((p) => p.type === "allow").map((p) => p.pattern),
-        deny: this.permissions.filter((p) => p.type === "deny").map((p) => p.pattern)
-      };
-      writeFileSync(this.configPath, JSON.stringify(config, null, 2), "utf-8");
-    } catch (error) {
-      throw new Error(`Failed to save permissions: ${error instanceof Error ? error.message : String(error)}`);
-    }
-  }
-  /**
-   * Check if an action on a resource is permitted
-   * @param action - The action to check (e.g., "read", "write", "admin")
-   * @param resource - The resource identifier (e.g., "Provider(302ai)", "Model(claude-opus)")
-   * @returns Permission check result
-   */
-  checkPermission(action, resource) {
-    const target = `${resource}:${action}`;
-    for (const permission of this.permissions) {
-      if (permission.type === "deny" && this.matchPattern(permission.pattern, target)) {
-        return {
-          allowed: false,
-          matchedRule: permission,
-          reason: `Denied by rule: ${permission.pattern}`
-        };
-      }
-    }
-    for (const permission of this.permissions) {
-      if (permission.type === "allow" && this.matchPattern(permission.pattern, target)) {
-        return {
-          allowed: true,
-          matchedRule: permission,
-          reason: `Allowed by rule: ${permission.pattern}`
-        };
-      }
-    }
-    return {
-      allowed: false,
-      reason: "No matching permission rule found (default deny)"
-    };
-  }
-  /**
-   * Match a pattern against a target string
-   * Supports wildcards: * (any characters), ? (single character)
-   * @param pattern - Pattern with wildcards
-   * @param target - Target string to match
-   * @returns True if pattern matches target
-   */
-  matchPattern(pattern, target) {
-    const regexPattern = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*").replace(/\?/g, ".");
-    const regex = new RegExp(`^${regexPattern}$`, "i");
-    return regex.test(target);
-  }
-  /**
-   * Add a permission rule
-   * @param permission - Permission to add
-   */
-  addPermission(permission) {
-    const existingIndex = this.permissions.findIndex(
-      (p) => p.pattern === permission.pattern && p.type === permission.type
-    );
-    if (existingIndex >= 0) {
-      this.permissions[existingIndex] = {
-        ...permission,
-        createdAt: this.permissions[existingIndex].createdAt || (/* @__PURE__ */ new Date()).toISOString()
-      };
-    } else {
-      this.permissions.push({
-        ...permission,
-        createdAt: (/* @__PURE__ */ new Date()).toISOString()
-      });
-    }
-    this.savePermissions();
-  }
-  /**
-   * Remove a permission rule by pattern
-   * @param pattern - Pattern to remove
-   * @param type - Optional type filter
-   * @returns Number of rules removed
-   */
-  removePermission(pattern, type) {
-    const initialLength = this.permissions.length;
-    this.permissions = this.permissions.filter((p) => {
-      if (type) {
-        return !(p.pattern === pattern && p.type === type);
-      }
-      return p.pattern !== pattern;
-    });
-    const removedCount = initialLength - this.permissions.length;
-    if (removedCount > 0) {
-      this.savePermissions();
-    }
-    return removedCount;
-  }
-  /**
-   * List all permissions
-   * @param type - Optional filter by type
-   * @param scope - Optional filter by scope
-   * @returns Array of permissions
-   */
-  listPermissions(type, scope) {
-    let filtered = [...this.permissions];
-    if (type) {
-      filtered = filtered.filter((p) => p.type === type);
-    }
-    if (scope) {
-      filtered = filtered.filter((p) => p.scope === scope);
-    }
-    return filtered;
-  }
-  /**
-   * Clear all permissions
-   * @param type - Optional type to clear (if not specified, clears all)
-   */
-  clearPermissions(type) {
-    if (type) {
-      this.permissions = this.permissions.filter((p) => p.type !== type);
-    } else {
-      this.permissions = [];
-    }
-    this.savePermissions();
-  }
-  /**
-   * Get permission statistics
-   */
-  getStats() {
-    return {
-      total: this.permissions.length,
-      allow: this.permissions.filter((p) => p.type === "allow").length,
-      deny: this.permissions.filter((p) => p.type === "deny").length
-    };
-  }
-  /**
-   * Export permissions to JSON
-   */
-  exportPermissions() {
-    return {
-      allow: this.permissions.filter((p) => p.type === "allow").map((p) => p.pattern),
-      deny: this.permissions.filter((p) => p.type === "deny").map((p) => p.pattern)
-    };
-  }
-  /**
-   * Import permissions from JSON
-   * @param config - Permission configuration to import
-   * @param merge - If true, merge with existing permissions; if false, replace
-   */
-  importPermissions(config, merge = false) {
-    if (!merge) {
-      this.permissions = [];
-    }
-    if (Array.isArray(config.allow)) {
-      config.allow.forEach((pattern) => {
-        this.addPermission({
-          type: "allow",
-          pattern,
-          scope: "global"
-        });
-      });
-    }
-    if (Array.isArray(config.deny)) {
-      config.deny.forEach((pattern) => {
-        this.addPermission({
-          type: "deny",
-          pattern,
-          scope: "global"
-        });
-      });
-    }
-  }
-}
-let instance = null;
-function getPermissionManager(configPath) {
-  if (!instance) {
-    instance = new PermissionManager(configPath);
-  }
-  return instance;
-}
+import ansis from 'ansis';
+import inquirer from 'inquirer';
+import 'tinyexec';
+import { i18n } from './index.mjs';
+import { g as getPermissionManager } from '../shared/ccjk.pi0nsyn3.mjs';
+import 'node:fs';
+import 'node:url';
+import 'i18next';
+import 'i18next-fs-backend';
+import 'pathe';
+import 'node:os';
 
 const permissionManager = getPermissionManager();
 async function listPermissions(options) {
   const format = options.format || "table";
   const verbose = options.verbose || false;
-  const permissions = permissionManager.listPermissions();
+  const category = options.category;
+  const type = options.type;
+  let rules = permissionManager.getAllRules();
+  if (type) {
+    rules = rules.filter((r) => r.type === type);
+  }
+  if (category) {
+    rules = rules.filter((r) => r.category === category);
+  }
   if (format === "json") {
-    console.log(JSON.stringify(permissions, null, 2));
+    console.log(JSON.stringify(rules, null, 2));
     return;
   }
-  console.log(chalk.bold("\n\u{1F4CB} CCJK Permissions\n"));
-  if (permissions.length === 0) {
-    console.log(chalk.yellow("No permissions configured."));
+  console.log("");
+  console.log(ansis.bold("\u{1F4CB} CCJK Permissions\n"));
+  const stats = permissionManager.getStats();
+  console.log(ansis.dim(`Total: ${stats.total} | Allow: ${stats.allow} | Deny: ${stats.deny}
+`));
+  if (rules.length === 0) {
+    console.log(ansis.yellow("No permissions configured."));
     return;
   }
   if (format === "list") {
-    for (const perm of permissions) {
-      const typeColor = getTypeColor(perm.type);
-      console.log(`${chalk.cyan(perm.pattern)}: ${typeColor(perm.type)}`);
-      if (verbose && perm.description) {
-        console.log(chalk.gray(`  Description: ${perm.description}`));
+    for (const rule of rules) {
+      const typeColor = rule.type === "allow" ? ansis.green : ansis.red;
+      console.log(`${typeColor(rule.type.padEnd(6))} ${ansis.cyan(rule.pattern)} (${rule.category})`);
+      if (verbose) {
+        if (rule.description) {
+          console.log(ansis.gray(`    Description: ${rule.description}`));
+        }
+        console.log(ansis.gray(`    Source: ${rule.source}`));
+        if (rule.priority !== void 0) {
+          console.log(ansis.gray(`    Priority: ${rule.priority}`));
+        }
       }
     }
   } else {
-    console.log(chalk.bold("Pattern".padEnd(40)) + chalk.bold("Type".padEnd(15)) + chalk.bold("Scope"));
-    console.log("\u2500".repeat(70));
-    for (const perm of permissions) {
-      const typeColor = getTypeColor(perm.type);
-      const pattern = perm.pattern.padEnd(40);
-      const type = typeColor(perm.type.padEnd(15));
-      const scope = perm.scope;
-      console.log(`${pattern}${type}${scope}`);
-      if (verbose && perm.description) {
-        console.log(chalk.gray(`  Description: ${perm.description}`));
+    console.log(
+      ansis.bold("Type".padEnd(8)) + ansis.bold("Pattern".padEnd(40)) + ansis.bold("Category".padEnd(12)) + ansis.bold("Source")
+    );
+    console.log(ansis.dim("\u2500".repeat(80)));
+    for (const rule of rules) {
+      const typeColor = rule.type === "allow" ? ansis.green : ansis.red;
+      const type2 = typeColor(rule.type.padEnd(8));
+      const pattern = ansis.cyan(rule.pattern.padEnd(40));
+      const category2 = ansis.yellow(rule.category.padEnd(12));
+      const source = ansis.dim(rule.source);
+      console.log(`${type2}${pattern}${category2}${source}`);
+      if (verbose && rule.description) {
+        console.log(ansis.gray(`  \u2514\u2500 ${rule.description}`));
       }
     }
   }
-  console.log();
+  console.log("");
 }
 async function checkPermission(resource, options) {
+  const isZh = i18n.language === "zh-CN";
   if (!resource) {
-    console.error(chalk.red("Error: Resource is required"));
-    console.log("Usage: ccjk permissions check <resource>");
+    console.error(ansis.red(isZh ? "\u9519\u8BEF\uFF1A\u9700\u8981\u6307\u5B9A\u8D44\u6E90" : "Error: Resource is required"));
+    console.log(isZh ? "\u7528\u6CD5: ccjk permissions check <resource>" : "Usage: ccjk permissions check <resource>");
     process__default.exit(1);
   }
-  const action = options.action || "read";
+  const action = options.action || "execute";
   const verbose = options.verbose || false;
-  console.log(chalk.bold(`
-\u{1F50D} Checking permission for: ${chalk.cyan(resource)}
+  console.log("");
+  console.log(ansis.bold(`${ansis.cyan("\u{1F50D}")} ${isZh ? "\u68C0\u67E5\u6743\u9650" : "Checking Permission"}: ${ansis.cyan(resource)}
 `));
-  const result = permissionManager.checkPermission(action, resource);
+  const result = await permissionManager.checkPermission(action, resource);
   if (result.allowed) {
-    console.log(chalk.green("\u2713 Permission granted"));
-    console.log(`  Reason: ${result.reason}`);
+    console.log(ansis.green(`\u2713 ${isZh ? "\u5141\u8BB8" : "ALLOWED"}`));
+    console.log(`  ${ansis.dim("Reason:")} ${result.reason}`);
     if (verbose && result.matchedRule) {
-      console.log(`  Matched rule: ${result.matchedRule.pattern}`);
-      console.log(`  Rule type: ${result.matchedRule.type}`);
+      console.log(`  ${ansis.dim("Matched rule:")} ${ansis.cyan(result.matchedRule.pattern)}`);
+      console.log(`  ${ansis.dim("Rule type:")} ${result.matchedRule.type}`);
+      console.log(`  ${ansis.dim("Source:")} ${result.matchedRule.source}`);
     }
   } else {
-    console.log(chalk.red("\u2717 Permission denied"));
-    console.log(`  Reason: ${result.reason}`);
-    console.log(chalk.yellow('  Use "ccjk permissions grant" to grant permission'));
+    console.log(ansis.red(`\u2717 ${isZh ? "\u62D2\u7EDD" : "DENIED"}`));
+    console.log(`  ${ansis.dim("Reason:")} ${result.reason}`);
+    console.log(ansis.yellow(isZh ? '  \u63D0\u793A\uFF1A\u4F7F\u7528 "ccjk permissions add" \u6DFB\u52A0\u6743\u9650' : '  Tip: Use "ccjk permissions add" to grant permission'));
   }
-  console.log();
+  console.log("");
 }
-async function grantPermission(resource, _options) {
+async function grantPermission(resource, options) {
+  const isZh = i18n.language === "zh-CN";
   if (!resource) {
-    console.error(chalk.red("Error: Resource is required"));
-    console.log("Usage: ccjk permissions grant <resource>");
+    console.error(ansis.red(isZh ? "\u9519\u8BEF\uFF1A\u9700\u8981\u6307\u5B9A\u8D44\u6E90" : "Error: Resource is required"));
+    console.log(isZh ? "\u7528\u6CD5: ccjk permissions grant <pattern>" : "Usage: ccjk permissions grant <pattern>");
+    process__default.exit(1);
+  }
+  const validation = permissionManager.validatePattern(resource);
+  if (!validation.valid) {
+    console.error(ansis.red(`${isZh ? "\u9519\u8BEF" : "Error"}: ${validation.error}`));
     process__default.exit(1);
   }
-  console.log(chalk.bold(`
-\u2713 Granting permission for: ${chalk.cyan(resource)}
+  console.log("");
+  console.log(ansis.bold(`${ansis.cyan("\u2713")} ${isZh ? "\u6388\u4E88\u6743\u9650" : "Granting Permission"}: ${ansis.cyan(resource)}
 `));
   const permission = {
     type: "allow",
     pattern: resource,
     scope: "global",
-    description: "Granted via CLI"
+    description: options.description || "Granted via CLI"
   };
   permissionManager.addPermission(permission);
-  console.log(chalk.green("Permission granted successfully!"));
-  console.log();
+  console.log(ansis.green(isZh ? "\u6743\u9650\u5DF2\u6210\u529F\u6388\u4E88\uFF01" : "Permission granted successfully!"));
+  console.log("");
 }
 async function revokePermission(resource, _options) {
+  const isZh = i18n.language === "zh-CN";
   if (!resource) {
-    console.error(chalk.red("Error: Resource is required"));
-    console.log("Usage: ccjk permissions revoke <resource>");
+    console.error(ansis.red(isZh ? "\u9519\u8BEF\uFF1A\u9700\u8981\u6307\u5B9A\u8D44\u6E90" : "Error: Resource is required"));
+    console.log(isZh ? "\u7528\u6CD5: ccjk permissions revoke <pattern>" : "Usage: ccjk permissions revoke <pattern>");
     process__default.exit(1);
   }
-  console.log(chalk.bold(`
-\u2717 Revoking permission for: ${chalk.cyan(resource)}
+  console.log("");
+  console.log(ansis.bold(`${ansis.red("\u2717")} ${isZh ? "\u64A4\u9500\u6743\u9650" : "Revoking Permission"}: ${ansis.cyan(resource)}
 `));
   const removed = permissionManager.removePermission(resource);
-  if (removed > 0) {
-    console.log(chalk.green(`Permission revoked successfully! (${removed} rule(s) removed)`));
+  if (removed) {
+    console.log(ansis.green(isZh ? "\u6743\u9650\u5DF2\u6210\u529F\u64A4\u9500\uFF01" : "Permission revoked successfully!"));
   } else {
-    console.log(chalk.yellow("No matching permission found."));
+    console.log(ansis.yellow(isZh ? "\u672A\u627E\u5230\u5339\u914D\u7684\u6743\u9650\u89C4\u5219" : "No matching permission found"));
   }
-  console.log();
+  console.log("");
 }
 async function resetPermissions(_options) {
-  console.log(chalk.bold("\n\u26A0\uFE0F  Resetting all permissions\n"));
-  const readline = await import('node:readline');
-  const rl = readline.createInterface({
-    input: process__default.stdin,
-    output: process__default.stdout
-  });
-  const answer = await new Promise((resolve) => {
-    rl.question(chalk.yellow("Are you sure you want to reset all permissions? (yes/no): "), resolve);
+  const isZh = i18n.language === "zh-CN";
+  console.log("");
+  console.log(ansis.bold.yellow(`${ansis.yellow("\u26A0\uFE0F")} ${isZh ? "\u91CD\u7F6E\u6240\u6709\u6743\u9650" : "Resetting All Permissions"}
+`));
+  const { confirm } = await inquirer.prompt({
+    type: "confirm",
+    name: "confirm",
+    message: isZh ? "\u786E\u5B9A\u8981\u6E05\u9664\u6240\u6709\u6743\u9650\u89C4\u5219\u5417\uFF1F" : "Are you sure you want to reset all permissions?",
+    default: false
   });
-  rl.close();
-  if (answer.toLowerCase() !== "yes") {
-    console.log(chalk.gray("Operation cancelled."));
+  if (!confirm) {
+    console.log(ansis.gray(isZh ? "\u64CD\u4F5C\u5DF2\u53D6\u6D88" : "Operation cancelled"));
     return;
   }
   permissionManager.clearPermissions();
-  console.log(chalk.green("All permissions have been reset!"));
-  console.log();
+  console.log(ansis.green(isZh ? "\u6240\u6709\u6743\u9650\u5DF2\u6E05\u9664\uFF01" : "All permissions have been reset!"));
+  console.log("");
 }
 async function exportPermissions(filePath, _options) {
   const fs = await import('node:fs/promises');
   const path = await import('node:path');
   const outputPath = filePath || path.join(process__default.cwd(), "permissions.json");
-  console.log(chalk.bold(`
-\u{1F4E4} Exporting permissions to: ${chalk.cyan(outputPath)}
+  console.log("");
+  console.log(ansis.bold(`\u{1F4E4} ${ansis.cyan("Exporting Permissions")} ${ansis.dim("to")} ${ansis.cyan(outputPath)}
 `));
   const permissions = permissionManager.exportPermissions();
   await fs.writeFile(outputPath, JSON.stringify(permissions, null, 2), "utf-8");
-  const totalCount = permissions.allow.length + permissions.deny.length;
-  console.log(chalk.green(`Exported ${totalCount} permissions successfully!`));
-  console.log();
+  const totalCount = (permissions.allow?.length || 0) + (permissions.deny?.length || 0);
+  console.log(ansis.green(`\u2713 Exported ${totalCount} permission(s) successfully!`));
+  console.log("");
 }
-async function importPermissions(filePath, _options) {
+async function importPermissions(filePath, options) {
+  const isZh = i18n.language === "zh-CN";
   if (!filePath) {
-    console.error(chalk.red("Error: File path is required"));
-    console.log("Usage: ccjk permissions import <file>");
+    console.error(ansis.red(isZh ? "\u9519\u8BEF\uFF1A\u9700\u8981\u6307\u5B9A\u6587\u4EF6\u8DEF\u5F84" : "Error: File path is required"));
+    console.log(isZh ? "\u7528\u6CD5: ccjk permissions import <file>" : "Usage: ccjk permissions import <file>");
     process__default.exit(1);
   }
   const fs = await import('node:fs/promises');
-  console.log(chalk.bold(`
-\u{1F4E5} Importing permissions from: ${chalk.cyan(filePath)}
+  console.log("");
+  console.log(ansis.bold(`\u{1F4E5} ${ansis.cyan("Importing Permissions")} ${ansis.dim("from")} ${ansis.cyan(filePath)}
 `));
   try {
     const content = await fs.readFile(filePath, "utf-8");
     const config = JSON.parse(content);
     if (!config.allow && !config.deny) {
-      throw new TypeError("Invalid permissions file format. Expected { allow: [], deny: [] }");
+      throw new TypeError(isZh ? "\u65E0\u6548\u7684\u6743\u9650\u6587\u4EF6\u683C\u5F0F\u3002\u671F\u671B { allow: [], deny: [] }" : "Invalid permissions file format. Expected { allow: [], deny: [] }");
     }
-    permissionManager.importPermissions(config, false);
+    const merge = options.merge ?? false;
+    permissionManager.importPermissions(config, merge);
     const totalCount = (config.allow?.length || 0) + (config.deny?.length || 0);
-    console.log(chalk.green(`Imported ${totalCount} permissions successfully!`));
+    console.log(ansis.green(`\u2713 Imported ${totalCount} permission(s) successfully!`));
   } catch (error) {
-    console.error(chalk.red("Error importing permissions:"), error);
+    console.error(ansis.red(`${isZh ? "\u5BFC\u5165\u6743\u9650\u65F6\u51FA\u9519" : "Error importing permissions"}:`), error);
     process__default.exit(1);
   }
-  console.log();
+  console.log("");
 }
 function permissionsHelp(_options) {
-  console.log(chalk.bold("\n\u{1F4CB} CCJK Permissions Management\n"));
-  console.log(chalk.bold("Usage:"));
+  const isZh = i18n.language === "zh-CN";
+  console.log("");
+  console.log(ansis.bold.cyan(`\u{1F4CB} ${isZh ? "CCJK \u6743\u9650\u7BA1\u7406" : "CCJK Permissions Management"}
+`));
+  console.log(ansis.bold(isZh ? "\u7528\u6CD5\uFF1A" : "Usage:"));
   console.log("  ccjk permissions [action] [...args]\n");
-  console.log(chalk.bold("Actions:"));
-  console.log("  list              List all permissions");
-  console.log("  check <resource>  Check permission for a resource");
-  console.log("  grant <resource>  Grant permission for a resource");
-  console.log("  revoke <resource> Revoke permission for a resource");
-  console.log("  reset             Reset all permissions");
-  console.log("  export [file]     Export permissions to a file");
-  console.log("  import <file>     Import permissions from a file\n");
-  console.log(chalk.bold("Options:"));
-  console.log("  --format, -f      Output format (table|json|list)");
-  console.log("  --verbose, -v     Verbose output");
-  console.log("  --action, -a      Action to check (read|write|admin)\n");
-  console.log(chalk.bold("Examples:"));
+  console.log(ansis.bold(isZh ? "\u64CD\u4F5C\uFF1A" : "Actions:"));
+  console.log(`  list              ${isZh ? "\u5217\u51FA\u6240\u6709\u6743\u9650" : "List all permissions"}`);
+  console.log(`  search [query]    ${isZh ? "\u4EA4\u4E92\u5F0F\u641C\u7D22\u6743\u9650" : "Interactive permission search"}`);
+  console.log(`  check <resource>  ${isZh ? "\u68C0\u67E5\u8D44\u6E90\u6743\u9650" : "Check permission for a resource"}`);
+  console.log(`  grant <pattern>   ${isZh ? "\u6388\u4E88\u6743\u9650" : "Grant permission for a pattern"}`);
+  console.log(`  revoke <pattern>  ${isZh ? "\u64A4\u9500\u6743\u9650" : "Revoke permission for a pattern"}`);
+  console.log(`  reset             ${isZh ? "\u91CD\u7F6E\u6240\u6709\u6743\u9650" : "Reset all permissions"}`);
+  console.log(`  test <pattern>    ${isZh ? "\u6D4B\u8BD5\u6A21\u5F0F\u5339\u914D" : "Test pattern matching"}`);
+  console.log(`  diagnose [pattern] ${isZh ? "\u663E\u793A\u89C4\u5219\u8BCA\u65AD" : "Show rule diagnostics"}`);
+  console.log(`  examples          ${isZh ? "\u663E\u793A\u6A21\u5F0F\u793A\u4F8B" : "Show pattern examples"}`);
+  console.log(`  export [file]     ${isZh ? "\u5BFC\u51FA\u6743\u9650\u5230\u6587\u4EF6" : "Export permissions to a file"}`);
+  console.log(`  import <file>     ${isZh ? "\u4ECE\u6587\u4EF6\u5BFC\u5165\u6743\u9650" : "Import permissions from a file"}
+`);
+  console.log(ansis.bold(isZh ? "\u9009\u9879\uFF1A" : "Options:"));
+  console.log(`  --format, -f      ${isZh ? "\u8F93\u51FA\u683C\u5F0F (table|json|list)" : "Output format (table|json|list)"}`);
+  console.log(`  --verbose, -v     ${isZh ? "\u8BE6\u7EC6\u8F93\u51FA" : "Verbose output"}`);
+  console.log(`  --type, -t        ${isZh ? "\u8FC7\u6EE4\u7C7B\u578B (allow|deny)" : "Filter by type (allow|deny)"}`);
+  console.log(`  --category, -c    ${isZh ? "\u8FC7\u6EE4\u5206\u7C7B" : "Filter by category"}`);
+  console.log(`  --action, -a      ${isZh ? "\u68C0\u67E5\u7684\u64CD\u4F5C" : "Action to check"}`);
+  console.log(`  --description, -d ${isZh ? "\u89C4\u5219\u63CF\u8FF0" : "Rule description"}`);
+  console.log(`  --merge           ${isZh ? "\u5408\u5E76\u5BFC\u5165\uFF08\u800C\u4E0D\u662F\u66FF\u6362\uFF09" : "Merge on import (not replace)"}
+`);
+  console.log(ansis.bold(isZh ? "\u793A\u4F8B\uFF1A" : "Examples:"));
   console.log("  ccjk permissions list");
-  console.log('  ccjk permissions check "Provider(302ai):*"');
-  console.log('  ccjk permissions grant "Provider(302ai):*"');
-  console.log("  ccjk permissions export permissions.json");
-  console.log("  ccjk permissions import permissions.json\n");
-}
-function getTypeColor(type) {
-  switch (type) {
-    case "allow":
-      return chalk.green;
-    case "deny":
-      return chalk.red;
-    default:
-      return chalk.gray;
-  }
+  console.log("  ccjk permissions search");
+  console.log('  ccjk permissions check "Bash(npm install)"');
+  console.log('  ccjk permissions grant "Bash(npm *)"');
+  console.log('  ccjk permissions test "mcp__server__*"');
+  console.log("  ccjk permissions diagnose");
+  console.log("  ccjk permissions examples\n");
+  console.log(ansis.bold(isZh ? "\u6A21\u5F0F\u683C\u5F0F\uFF1A" : "Pattern Formats:"));
+  console.log(`  Bash(npm install)  ${isZh ? "\u7CBE\u786E\u5339\u914D Bash \u547D\u4EE4" : "Exact Bash command match"}`);
+  console.log(`  Bash(npm *)        ${isZh ? "\u5339\u914D\u6240\u6709 npm \u547D\u4EE4" : "Match all npm commands"}`);
+  console.log(`  Bash(* install)    ${isZh ? '\u5339\u914D\u4EFB\u610F "* install" \u547D\u4EE4' : 'Match any "* install" command'}`);
+  console.log(`  mcp__server__*     ${isZh ? "\u5339\u914D MCP \u670D\u52A1\u5668\u5DE5\u5177" : "Match MCP server tools"}`);
+  console.log(`  /home/user/*       ${isZh ? "\u5339\u914D\u8DEF\u5F84\u6A21\u5F0F" : "Match path patterns"}`);
+  console.log(`  https://api.*      ${isZh ? "\u5339\u914D URL \u6A21\u5F0F" : "Match URL patterns"}
+`);
 }
 
 export { checkPermission, exportPermissions, grantPermission, importPermissions, listPermissions, permissionsHelp, resetPermissions, revokePermission };