npm - ccperm - Versions diffs - 1.16.0 → 1.17.0 - Mend

ccperm 1.16.0 → 1.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.ko.md CHANGED Viewed

@@ -86,16 +86,29 @@ ccperm은 Claude Code 설정을 세 단계로 구분합니다:
 권한은 합산 방식 — global + shared + local이 런타임에 병합됩니다.
-## Allow vs Deny
+## Allow vs Deny vs Ask
-Claude Code 설정은 `permissions.allow`와 `permissions.deny`를 모두 지원합니다. ccperm은 이를 명확히 분리합니다:
+Claude Code 설정은 `permissions.allow`, `permissions.deny`, `permissions.ask`를 모두 지원합니다. ccperm은 이를 명확히 분리합니다:
 - **Allow** 권한은 메인 목록에 표시되며, 삭제(`[d]`)나 글로벌 복사(`[g]`)가 가능합니다
 - **Deny** 룰은 상세 뷰에서 접이식 **Deny** 섹션에 `DENY` 태그와 함께 표시됩니다
-- Deny 룰은 **삭제/복사 불가** — 보안 가드레일입니다 (예: `Bash(rm -rf)`, `Write:.env*`)
-- `--verbose` 출력에서 프로젝트별 Deny 섹션이 분리 표시됩니다
+- **Ask** 룰은 접이식 **Ask** 섹션에 표시됩니다 — 매번 확인을 요청하는 권한입니다
+- Deny와 Ask 룰은 **삭제/복사 불가** — 의도적으로 설정한 제어 규칙입니다
+- `--verbose` 출력에서 프로젝트별 Deny, Ask 섹션이 분리 표시됩니다
 - `--hey-claude-witness-me`에서 deny 룰이 "Protected rules"로 나열됩니다
-- Allow 카운트에 deny 룰은 포함되지 않습니다
+- Allow 카운트에 deny, ask 룰은 포함되지 않습니다
+## 추가 설정
+ccperm은 다음 최상위 설정도 스캔하여 표시합니다:
+| 필드 | 설명 |
+|------|------|
+| `allowedTools` | 사용이 허용된 도구 (예: `Bash`, `Read`, `Write`) |
+| `deniedTools` | 사용이 차단된 도구 (예: `WebSearch`) |
+| `additionalDirectories` | 프로젝트 루트 외 Claude Code가 접근할 수 있는 추가 디렉토리 |
+TUI 상세 뷰에서 접이식 섹션으로, `--verbose` 출력에서 별도 섹션으로 표시됩니다. Deny 룰과 마찬가지로 삭제/복사가 불가합니다.
 ## 위험도 분류

package/README.md CHANGED Viewed

@@ -86,16 +86,29 @@ ccperm distinguishes three levels of Claude Code settings:
 Permissions are additive — global + shared + local are merged at runtime.
-## Allow vs Deny
+## Allow vs Deny vs Ask
-Claude Code settings support both `permissions.allow` and `permissions.deny`. ccperm separates them clearly:
+Claude Code settings support `permissions.allow`, `permissions.deny`, and `permissions.ask`. ccperm separates them clearly:
 - **Allow** permissions are shown in the main list and can be deleted (`[d]`) or copied to global (`[g]`)
 - **Deny** rules appear in a collapsible **Deny** section in detail view, tagged with `DENY` and dimmed
-- Deny rules **cannot be deleted or copied** — they are security guardrails (e.g. `Bash(rm -rf)`, `Write:.env*`)
-- `--verbose` output shows a separate Deny section per project
+- **Ask** rules appear in a collapsible **Ask** section — these are permissions that prompt for confirmation each time
+- Deny and Ask rules **cannot be deleted or copied** — they are intentional controls
+- `--verbose` output shows separate Deny and Ask sections per project
 - `--hey-claude-witness-me` lists deny rules under "Protected rules"
-- Allow counts never include deny rules
+- Allow counts never include deny or ask rules
+## Additional Settings
+ccperm also scans and displays these top-level settings when present:
+| Field | Description |
+|-------|-------------|
+| `allowedTools` | Tools explicitly allowed for use (e.g. `Bash`, `Read`, `Write`) |
+| `deniedTools` | Tools explicitly denied (e.g. `WebSearch`) |
+| `additionalDirectories` | Extra directories Claude Code can access beyond the project root |
+These appear as collapsible sections in the TUI detail view and in `--verbose` output. Like deny rules, they cannot be deleted or copied.
 ## Risk Classification

package/dist/aggregator.js CHANGED Viewed

@@ -20,7 +20,7 @@ function toFileEntries(results) {
         }
         const fileType = r.isGlobal ? 'global' : r.display.includes('settings.local.json') ? 'local' : 'shared';
         const name = r.isGlobal ? '~/.claude' : shortPath(r.display);
-        return { display: r.display, shortName: name, totalCount: r.totalCount, denyCount: r.denyCount, groups, isGlobal: r.isGlobal, fileType };
+        return { display: r.display, shortName: name, totalCount: r.totalCount, denyCount: r.denyCount, askCount: r.askCount, groups, isGlobal: r.isGlobal, fileType };
     });
 }
 function summarize(results) {
@@ -35,12 +35,14 @@ function summarize(results) {
     const projectsEmpty = results.filter((r) => r.totalCount === 0).length;
     const totalPerms = [...categoryTotals.values()].reduce((a, b) => a + b, 0);
     const totalDeny = results.reduce((sum, r) => sum + r.denyCount, 0);
+    const totalAsk = results.reduce((sum, r) => sum + r.askCount, 0);
     return {
         totalProjects: dirs.size,
         projectsWithPerms,
         projectsEmpty,
         totalPerms,
         totalDeny,
+        totalAsk,
         categoryTotals,
     };
 }

package/dist/interactive.js CHANGED Viewed

@@ -79,6 +79,7 @@ function refreshProject(results, withPerms, idx, filePath) {
             const entry = withPerms[idx];
             entry.totalCount = updated.totalCount;
             entry.denyCount = updated.denyCount;
+            entry.askCount = updated.askCount;
             entry.groups = new Map();
             for (const g of updated.groups)
                 entry.groups.set(g.category, g.items.length);
@@ -594,6 +595,65 @@ function renderDetail(state, withPerms, results, dupMap) {
             }
         }
     }
+    // Ask section
+    if (fileResult.askCount > 0) {
+        const askKey = `${fileResult.path}:__ask__`;
+        const askOpen = state.expanded.has(askKey);
+        const askArrow = askOpen ? '▾' : '▸';
+        allNavRows.push({ text: `${colors_js_1.YELLOW}${askArrow} Ask${colors_js_1.NC} ${colors_js_1.DIM}(${fileResult.askCount})${colors_js_1.NC}`, key: askKey, isDeny: true });
+        if (askOpen) {
+            for (const group of fileResult.askGroups) {
+                for (const item of group.items) {
+                    const clean = cleanLabel(item.name);
+                    const maxLen = w - 16;
+                    const name = clean.length > maxLen ? clean.slice(0, maxLen - 1) + '…' : clean;
+                    allNavRows.push({ text: `  ${colors_js_1.DIM}ASK   ${name}${colors_js_1.NC}`, isDeny: true });
+                }
+            }
+        }
+    }
+    // AllowedTools section
+    if (fileResult.allowedTools.length > 0) {
+        const atKey = `${fileResult.path}:__allowedTools__`;
+        const atOpen = state.expanded.has(atKey);
+        const atArrow = atOpen ? '▾' : '▸';
+        allNavRows.push({ text: `${colors_js_1.CYAN}${atArrow} AllowedTools${colors_js_1.NC} ${colors_js_1.DIM}(${fileResult.allowedTools.length})${colors_js_1.NC}`, key: atKey, isDeny: true });
+        if (atOpen) {
+            for (const t of fileResult.allowedTools) {
+                const maxLen = w - 10;
+                const name = t.length > maxLen ? t.slice(0, maxLen - 1) + '…' : t;
+                allNavRows.push({ text: `  ${colors_js_1.DIM}${name}${colors_js_1.NC}`, isDeny: true });
+            }
+        }
+    }
+    // DeniedTools section
+    if (fileResult.deniedTools.length > 0) {
+        const dtKey = `${fileResult.path}:__deniedTools__`;
+        const dtOpen = state.expanded.has(dtKey);
+        const dtArrow = dtOpen ? '▾' : '▸';
+        allNavRows.push({ text: `${colors_js_1.RED}${dtArrow} DeniedTools${colors_js_1.NC} ${colors_js_1.DIM}(${fileResult.deniedTools.length})${colors_js_1.NC}`, key: dtKey, isDeny: true });
+        if (dtOpen) {
+            for (const t of fileResult.deniedTools) {
+                const maxLen = w - 10;
+                const name = t.length > maxLen ? t.slice(0, maxLen - 1) + '…' : t;
+                allNavRows.push({ text: `  ${colors_js_1.DIM}${name}${colors_js_1.NC}`, isDeny: true });
+            }
+        }
+    }
+    // AdditionalDirectories section
+    if (fileResult.additionalDirectories.length > 0) {
+        const adKey = `${fileResult.path}:__additionalDirs__`;
+        const adOpen = state.expanded.has(adKey);
+        const adArrow = adOpen ? '▾' : '▸';
+        allNavRows.push({ text: `${colors_js_1.DIM}${adArrow} AdditionalDirectories${colors_js_1.NC} ${colors_js_1.DIM}(${fileResult.additionalDirectories.length})${colors_js_1.NC}`, key: adKey, isDeny: true });
+        if (adOpen) {
+            for (const d of fileResult.additionalDirectories) {
+                const maxLen = w - 10;
+                const name = d.length > maxLen ? d.slice(0, maxLen - 1) + '…' : d;
+                allNavRows.push({ text: `  ${colors_js_1.DIM}${name}${colors_js_1.NC}`, isDeny: true });
+            }
+        }
+    }
     const navRows = allNavRows;
     // handle toggle
     if (state._toggle) {

package/dist/renderer.js CHANGED Viewed

@@ -67,6 +67,32 @@ function printVerbose(results, summary) {
                 }
             }
         }
+        if (result.askCount > 0) {
+            console.log(`    ${colors_js_1.YELLOW}Ask${colors_js_1.NC} ${colors_js_1.DIM}(${result.askCount})${colors_js_1.NC}`);
+            for (const group of result.askGroups) {
+                for (const item of group.items) {
+                    console.log(`      ${colors_js_1.DIM}ASK   ${item.name}${colors_js_1.NC}`);
+                }
+            }
+        }
+        if (result.allowedTools.length > 0) {
+            console.log(`    ${colors_js_1.CYAN}AllowedTools${colors_js_1.NC} ${colors_js_1.DIM}(${result.allowedTools.length})${colors_js_1.NC}`);
+            for (const t of result.allowedTools) {
+                console.log(`      ${colors_js_1.DIM}${t}${colors_js_1.NC}`);
+            }
+        }
+        if (result.deniedTools.length > 0) {
+            console.log(`    ${colors_js_1.RED}DeniedTools${colors_js_1.NC} ${colors_js_1.DIM}(${result.deniedTools.length})${colors_js_1.NC}`);
+            for (const t of result.deniedTools) {
+                console.log(`      ${colors_js_1.DIM}${t}${colors_js_1.NC}`);
+            }
+        }
+        if (result.additionalDirectories.length > 0) {
+            console.log(`    ${colors_js_1.DIM}AdditionalDirectories${colors_js_1.NC} ${colors_js_1.DIM}(${result.additionalDirectories.length})${colors_js_1.NC}`);
+            for (const d of result.additionalDirectories) {
+                console.log(`      ${colors_js_1.DIM}${d}${colors_js_1.NC}`);
+            }
+        }
         console.log('');
     }
     if (projectsEmpty.length > 0) {
@@ -76,6 +102,7 @@ function printVerbose(results, summary) {
 function printFooter(summary) {
     console.log(`\n  ${colors_js_1.DIM}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${colors_js_1.NC}`);
     const catSummary = [...summary.categoryTotals.entries()].map(([k, v]) => `${k}: ${colors_js_1.BOLD}${v}${colors_js_1.NC}${colors_js_1.DIM}`).join('  ');
-    const denySuffix = summary.totalDeny > 0 ? `  ${colors_js_1.BOLD}${summary.totalDeny}${colors_js_1.NC} deny rules` : '';
-    console.log(`  ${colors_js_1.BOLD}${summary.totalProjects}${colors_js_1.NC} projects  ${colors_js_1.BOLD}${summary.totalPerms}${colors_js_1.NC} permissions${denySuffix}  ${colors_js_1.DIM}(${catSummary})${colors_js_1.NC}\n`);
+    const denySuffix = summary.totalDeny > 0 ? `  ${colors_js_1.BOLD}${summary.totalDeny}${colors_js_1.NC} deny` : '';
+    const askSuffix = summary.totalAsk > 0 ? `  ${colors_js_1.BOLD}${summary.totalAsk}${colors_js_1.NC} ask` : '';
+    console.log(`  ${colors_js_1.BOLD}${summary.totalProjects}${colors_js_1.NC} projects  ${colors_js_1.BOLD}${summary.totalPerms}${colors_js_1.NC} permissions${denySuffix}${askSuffix}  ${colors_js_1.DIM}(${catSummary})${colors_js_1.NC}\n`);
 }

package/dist/scanner.js CHANGED Viewed

@@ -210,11 +210,17 @@ function scanFile(filePath) {
     }
     const allowArr = Array.isArray(json?.permissions?.allow) ? json.permissions.allow : [];
     const denyArr = Array.isArray(json?.permissions?.deny) ? json.permissions.deny : [];
+    const askArr = Array.isArray(json?.permissions?.ask) ? json.permissions.ask : [];
     const perms = [...new Set(allowArr)].sort();
     const denyPerms = [...new Set(denyArr)].sort();
+    const askPerms = [...new Set(askArr)].sort();
     const groups = groupPermissions(perms);
     const denyGroups = groupPermissions(denyPerms);
-    return { path: filePath, display, permissions: perms, groups, totalCount: perms.length, denyPermissions: denyPerms, denyGroups, denyCount: denyPerms.length, isGlobal };
+    const askGroups = groupPermissions(askPerms);
+    const allowedTools = Array.isArray(json?.allowedTools) ? [...new Set(json.allowedTools)].sort() : [];
+    const deniedTools = Array.isArray(json?.deniedTools) ? [...new Set(json.deniedTools)].sort() : [];
+    const additionalDirectories = Array.isArray(json?.additionalDirectories) ? [...new Set(json.additionalDirectories)].sort() : [];
+    return { path: filePath, display, permissions: perms, groups, totalCount: perms.length, denyPermissions: denyPerms, denyGroups, denyCount: denyPerms.length, askPermissions: askPerms, askGroups, askCount: askPerms.length, allowedTools, deniedTools, additionalDirectories, isGlobal };
 }
 function categorize(perm) {
     if (perm.startsWith('Bash')) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ccperm",
-  "version": "1.16.0",
+  "version": "1.17.0",
   "description": "Audit Claude Code permissions across all your projects",
   "bin": {
     "ccperm": "bin/ccperm.js"