npm - chad-code - Versions diffs - 1.3.1 - Mend

chad-code 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (338) hide show

package/AGENTS.md +27 -0
package/Dockerfile +18 -0
package/README.md +15 -0
package/README.npm.md +64 -0
package/bin/chad-code +84 -0
package/bunfig.toml +7 -0
package/eslint.config.js +29 -0
package/package.json +107 -0
package/parsers-config.ts +253 -0
package/script/build.ts +167 -0
package/script/postinstall.mjs +122 -0
package/script/publish-registries.ts +187 -0
package/script/publish.ts +93 -0
package/script/schema.ts +47 -0
package/src/acp/README.md +164 -0
package/src/acp/agent.ts +1086 -0
package/src/acp/session.ts +101 -0
package/src/acp/types.ts +22 -0
package/src/agent/agent.ts +253 -0
package/src/agent/generate.txt +75 -0
package/src/agent/prompt/compaction.txt +12 -0
package/src/agent/prompt/explore.txt +18 -0
package/src/agent/prompt/summary.txt +11 -0
package/src/agent/prompt/title.txt +36 -0
package/src/auth/index.ts +70 -0
package/src/bun/index.ts +130 -0
package/src/bus/bus-event.ts +43 -0
package/src/bus/global.ts +10 -0
package/src/bus/index.ts +105 -0
package/src/cli/bootstrap.ts +17 -0
package/src/cli/cmd/acp.ts +69 -0
package/src/cli/cmd/agent.ts +257 -0
package/src/cli/cmd/auth.ts +132 -0
package/src/cli/cmd/cmd.ts +7 -0
package/src/cli/cmd/debug/agent.ts +28 -0
package/src/cli/cmd/debug/config.ts +15 -0
package/src/cli/cmd/debug/file.ts +91 -0
package/src/cli/cmd/debug/index.ts +45 -0
package/src/cli/cmd/debug/lsp.ts +48 -0
package/src/cli/cmd/debug/ripgrep.ts +83 -0
package/src/cli/cmd/debug/scrap.ts +15 -0
package/src/cli/cmd/debug/skill.ts +15 -0
package/src/cli/cmd/debug/snapshot.ts +48 -0
package/src/cli/cmd/export.ts +88 -0
package/src/cli/cmd/generate.ts +38 -0
package/src/cli/cmd/github.ts +32 -0
package/src/cli/cmd/import.ts +98 -0
package/src/cli/cmd/mcp.ts +670 -0
package/src/cli/cmd/models.ts +42 -0
package/src/cli/cmd/pr.ts +112 -0
package/src/cli/cmd/run.ts +374 -0
package/src/cli/cmd/serve.ts +16 -0
package/src/cli/cmd/session.ts +135 -0
package/src/cli/cmd/stats.ts +402 -0
package/src/cli/cmd/tui/app.tsx +705 -0
package/src/cli/cmd/tui/attach.ts +32 -0
package/src/cli/cmd/tui/component/border.tsx +21 -0
package/src/cli/cmd/tui/component/dialog-agent.tsx +31 -0
package/src/cli/cmd/tui/component/dialog-command.tsx +124 -0
package/src/cli/cmd/tui/component/dialog-mcp.tsx +86 -0
package/src/cli/cmd/tui/component/dialog-model.tsx +232 -0
package/src/cli/cmd/tui/component/dialog-provider.tsx +228 -0
package/src/cli/cmd/tui/component/dialog-session-list.tsx +115 -0
package/src/cli/cmd/tui/component/dialog-session-rename.tsx +31 -0
package/src/cli/cmd/tui/component/dialog-stash.tsx +86 -0
package/src/cli/cmd/tui/component/dialog-status.tsx +162 -0
package/src/cli/cmd/tui/component/dialog-tag.tsx +44 -0
package/src/cli/cmd/tui/component/dialog-theme-list.tsx +50 -0
package/src/cli/cmd/tui/component/did-you-know.tsx +85 -0
package/src/cli/cmd/tui/component/logo.tsx +43 -0
package/src/cli/cmd/tui/component/prompt/autocomplete.tsx +654 -0
package/src/cli/cmd/tui/component/prompt/history.tsx +108 -0
package/src/cli/cmd/tui/component/prompt/index.tsx +1078 -0
package/src/cli/cmd/tui/component/prompt/stash.tsx +101 -0
package/src/cli/cmd/tui/component/textarea-keybindings.ts +73 -0
package/src/cli/cmd/tui/component/tips.ts +92 -0
package/src/cli/cmd/tui/component/todo-item.tsx +32 -0
package/src/cli/cmd/tui/context/args.tsx +14 -0
package/src/cli/cmd/tui/context/directory.ts +13 -0
package/src/cli/cmd/tui/context/exit.tsx +23 -0
package/src/cli/cmd/tui/context/helper.tsx +25 -0
package/src/cli/cmd/tui/context/keybind.tsx +101 -0
package/src/cli/cmd/tui/context/kv.tsx +49 -0
package/src/cli/cmd/tui/context/local.tsx +392 -0
package/src/cli/cmd/tui/context/prompt.tsx +18 -0
package/src/cli/cmd/tui/context/route.tsx +46 -0
package/src/cli/cmd/tui/context/sdk.tsx +75 -0
package/src/cli/cmd/tui/context/sync.tsx +384 -0
package/src/cli/cmd/tui/context/theme/aura.json +69 -0
package/src/cli/cmd/tui/context/theme/ayu.json +80 -0
package/src/cli/cmd/tui/context/theme/catppuccin-frappe.json +233 -0
package/src/cli/cmd/tui/context/theme/catppuccin-macchiato.json +233 -0
package/src/cli/cmd/tui/context/theme/catppuccin.json +112 -0
package/src/cli/cmd/tui/context/theme/chad.json +245 -0
package/src/cli/cmd/tui/context/theme/cobalt2.json +228 -0
package/src/cli/cmd/tui/context/theme/cursor.json +249 -0
package/src/cli/cmd/tui/context/theme/dracula.json +219 -0
package/src/cli/cmd/tui/context/theme/everforest.json +241 -0
package/src/cli/cmd/tui/context/theme/flexoki.json +237 -0
package/src/cli/cmd/tui/context/theme/github.json +233 -0
package/src/cli/cmd/tui/context/theme/gruvbox.json +95 -0
package/src/cli/cmd/tui/context/theme/kanagawa.json +77 -0
package/src/cli/cmd/tui/context/theme/lucent-orng.json +227 -0
package/src/cli/cmd/tui/context/theme/material.json +235 -0
package/src/cli/cmd/tui/context/theme/matrix.json +77 -0
package/src/cli/cmd/tui/context/theme/mercury.json +252 -0
package/src/cli/cmd/tui/context/theme/monokai.json +221 -0
package/src/cli/cmd/tui/context/theme/nightowl.json +221 -0
package/src/cli/cmd/tui/context/theme/nord.json +223 -0
package/src/cli/cmd/tui/context/theme/one-dark.json +84 -0
package/src/cli/cmd/tui/context/theme/orng.json +245 -0
package/src/cli/cmd/tui/context/theme/osaka-jade.json +93 -0
package/src/cli/cmd/tui/context/theme/palenight.json +222 -0
package/src/cli/cmd/tui/context/theme/rosepine.json +234 -0
package/src/cli/cmd/tui/context/theme/solarized.json +223 -0
package/src/cli/cmd/tui/context/theme/synthwave84.json +226 -0
package/src/cli/cmd/tui/context/theme/tokyonight.json +243 -0
package/src/cli/cmd/tui/context/theme/vercel.json +245 -0
package/src/cli/cmd/tui/context/theme/vesper.json +218 -0
package/src/cli/cmd/tui/context/theme/zenburn.json +223 -0
package/src/cli/cmd/tui/context/theme.tsx +1137 -0
package/src/cli/cmd/tui/event.ts +46 -0
package/src/cli/cmd/tui/routes/home.tsx +138 -0
package/src/cli/cmd/tui/routes/session/dialog-fork-from-timeline.tsx +64 -0
package/src/cli/cmd/tui/routes/session/dialog-message.tsx +109 -0
package/src/cli/cmd/tui/routes/session/dialog-subagent.tsx +26 -0
package/src/cli/cmd/tui/routes/session/dialog-timeline.tsx +47 -0
package/src/cli/cmd/tui/routes/session/footer.tsx +88 -0
package/src/cli/cmd/tui/routes/session/header.tsx +125 -0
package/src/cli/cmd/tui/routes/session/index.tsx +1814 -0
package/src/cli/cmd/tui/routes/session/permission.tsx +416 -0
package/src/cli/cmd/tui/routes/session/sidebar.tsx +318 -0
package/src/cli/cmd/tui/spawn.ts +48 -0
package/src/cli/cmd/tui/thread.ts +111 -0
package/src/cli/cmd/tui/ui/dialog-alert.tsx +57 -0
package/src/cli/cmd/tui/ui/dialog-confirm.tsx +83 -0
package/src/cli/cmd/tui/ui/dialog-export-options.tsx +204 -0
package/src/cli/cmd/tui/ui/dialog-help.tsx +38 -0
package/src/cli/cmd/tui/ui/dialog-prompt.tsx +77 -0
package/src/cli/cmd/tui/ui/dialog-select.tsx +345 -0
package/src/cli/cmd/tui/ui/dialog.tsx +171 -0
package/src/cli/cmd/tui/ui/link.tsx +28 -0
package/src/cli/cmd/tui/ui/spinner.ts +368 -0
package/src/cli/cmd/tui/ui/toast.tsx +100 -0
package/src/cli/cmd/tui/util/clipboard.ts +127 -0
package/src/cli/cmd/tui/util/editor.ts +32 -0
package/src/cli/cmd/tui/util/signal.ts +7 -0
package/src/cli/cmd/tui/util/terminal.ts +114 -0
package/src/cli/cmd/tui/util/transcript.ts +98 -0
package/src/cli/cmd/tui/worker.ts +68 -0
package/src/cli/cmd/uninstall.ts +344 -0
package/src/cli/cmd/upgrade.ts +67 -0
package/src/cli/cmd/web.ts +73 -0
package/src/cli/error.ts +56 -0
package/src/cli/network.ts +53 -0
package/src/cli/ui.ts +87 -0
package/src/cli/upgrade.ts +25 -0
package/src/command/index.ts +131 -0
package/src/command/template/initialize.txt +10 -0
package/src/command/template/review.txt +97 -0
package/src/config/config.ts +1124 -0
package/src/config/markdown.ts +41 -0
package/src/env/index.ts +26 -0
package/src/file/ignore.ts +83 -0
package/src/file/index.ts +411 -0
package/src/file/ripgrep.ts +402 -0
package/src/file/time.ts +64 -0
package/src/file/watcher.ts +117 -0
package/src/flag/flag.ts +52 -0
package/src/format/formatter.ts +359 -0
package/src/format/index.ts +137 -0
package/src/global/index.ts +55 -0
package/src/id/id.ts +73 -0
package/src/ide/index.ts +77 -0
package/src/index.ts +159 -0
package/src/installation/index.ts +198 -0
package/src/lsp/client.ts +252 -0
package/src/lsp/index.ts +485 -0
package/src/lsp/language.ts +119 -0
package/src/lsp/server.ts +2023 -0
package/src/mcp/auth.ts +135 -0
package/src/mcp/index.ts +874 -0
package/src/mcp/oauth-callback.ts +200 -0
package/src/mcp/oauth-provider.ts +154 -0
package/src/patch/index.ts +622 -0
package/src/permission/arity.ts +163 -0
package/src/permission/index.ts +210 -0
package/src/permission/next.ts +268 -0
package/src/plugin/index.ts +106 -0
package/src/project/bootstrap.ts +31 -0
package/src/project/instance.ts +78 -0
package/src/project/project.ts +263 -0
package/src/project/state.ts +65 -0
package/src/project/vcs.ts +76 -0
package/src/provider/auth.ts +143 -0
package/src/provider/models-macro.ts +4 -0
package/src/provider/models.ts +77 -0
package/src/provider/provider.ts +516 -0
package/src/provider/transform.ts +114 -0
package/src/pty/index.ts +212 -0
package/src/server/error.ts +36 -0
package/src/server/mdns.ts +57 -0
package/src/server/project.ts +79 -0
package/src/server/server.ts +2866 -0
package/src/server/tui.ts +71 -0
package/src/session/compaction.ts +225 -0
package/src/session/index.ts +469 -0
package/src/session/llm.ts +213 -0
package/src/session/message-v2.ts +742 -0
package/src/session/message.ts +189 -0
package/src/session/processor.ts +402 -0
package/src/session/prompt/anthropic-20250930.txt +166 -0
package/src/session/prompt/anthropic.txt +105 -0
package/src/session/prompt/anthropic_spoof.txt +1 -0
package/src/session/prompt/beast.txt +147 -0
package/src/session/prompt/build-switch.txt +5 -0
package/src/session/prompt/codex.txt +318 -0
package/src/session/prompt/copilot-gpt-5.txt +143 -0
package/src/session/prompt/gemini.txt +155 -0
package/src/session/prompt/max-steps.txt +16 -0
package/src/session/prompt/plan-reminder-anthropic.txt +67 -0
package/src/session/prompt/plan.txt +26 -0
package/src/session/prompt/qwen.txt +109 -0
package/src/session/prompt.ts +1621 -0
package/src/session/retry.ts +90 -0
package/src/session/revert.ts +108 -0
package/src/session/status.ts +76 -0
package/src/session/summary.ts +194 -0
package/src/session/system.ts +108 -0
package/src/session/todo.ts +37 -0
package/src/share/share-next.ts +194 -0
package/src/share/share.ts +23 -0
package/src/shell/shell.ts +67 -0
package/src/skill/index.ts +1 -0
package/src/skill/skill.ts +124 -0
package/src/snapshot/index.ts +197 -0
package/src/storage/storage.ts +226 -0
package/src/tool/bash.ts +262 -0
package/src/tool/bash.txt +116 -0
package/src/tool/batch.ts +175 -0
package/src/tool/batch.txt +24 -0
package/src/tool/codesearch.ts +132 -0
package/src/tool/codesearch.txt +12 -0
package/src/tool/edit.ts +655 -0
package/src/tool/edit.txt +10 -0
package/src/tool/glob.ts +75 -0
package/src/tool/glob.txt +6 -0
package/src/tool/grep.ts +132 -0
package/src/tool/grep.txt +8 -0
package/src/tool/invalid.ts +17 -0
package/src/tool/ls.ts +119 -0
package/src/tool/ls.txt +1 -0
package/src/tool/lsp.ts +94 -0
package/src/tool/lsp.txt +19 -0
package/src/tool/multiedit.ts +46 -0
package/src/tool/multiedit.txt +41 -0
package/src/tool/patch.ts +210 -0
package/src/tool/patch.txt +1 -0
package/src/tool/read.ts +191 -0
package/src/tool/read.txt +12 -0
package/src/tool/registry.ts +137 -0
package/src/tool/skill.ts +77 -0
package/src/tool/task.ts +167 -0
package/src/tool/task.txt +60 -0
package/src/tool/todo.ts +53 -0
package/src/tool/todoread.txt +14 -0
package/src/tool/todowrite.txt +167 -0
package/src/tool/tool.ts +73 -0
package/src/tool/webfetch.ts +182 -0
package/src/tool/webfetch.txt +13 -0
package/src/tool/websearch.ts +144 -0
package/src/tool/websearch.txt +11 -0
package/src/tool/write.ts +84 -0
package/src/tool/write.txt +8 -0
package/src/util/archive.ts +16 -0
package/src/util/color.ts +19 -0
package/src/util/context.ts +25 -0
package/src/util/defer.ts +12 -0
package/src/util/eventloop.ts +20 -0
package/src/util/filesystem.ts +83 -0
package/src/util/fn.ts +11 -0
package/src/util/iife.ts +3 -0
package/src/util/keybind.ts +102 -0
package/src/util/lazy.ts +18 -0
package/src/util/locale.ts +81 -0
package/src/util/lock.ts +98 -0
package/src/util/log.ts +180 -0
package/src/util/queue.ts +32 -0
package/src/util/rpc.ts +42 -0
package/src/util/scrap.ts +10 -0
package/src/util/signal.ts +12 -0
package/src/util/timeout.ts +14 -0
package/src/util/token.ts +7 -0
package/src/util/wildcard.ts +54 -0
package/src/worktree/index.ts +217 -0
package/sst-env.d.ts +9 -0
package/test/agent/agent.test.ts +448 -0
package/test/bun.test.ts +53 -0
package/test/cli/github-action.test.ts +129 -0
package/test/cli/github-remote.test.ts +80 -0
package/test/cli/tui/transcript.test.ts +297 -0
package/test/config/agent-color.test.ts +66 -0
package/test/config/config.test.ts +870 -0
package/test/config/markdown.test.ts +89 -0
package/test/file/ignore.test.ts +10 -0
package/test/file/path-traversal.test.ts +115 -0
package/test/fixture/fixture.ts +45 -0
package/test/fixture/lsp/fake-lsp-server.js +77 -0
package/test/ide/ide.test.ts +82 -0
package/test/keybind.test.ts +421 -0
package/test/lsp/client.test.ts +95 -0
package/test/mcp/headers.test.ts +153 -0
package/test/patch/patch.test.ts +348 -0
package/test/permission/arity.test.ts +33 -0
package/test/permission/next.test.ts +652 -0
package/test/preload.ts +63 -0
package/test/project/project.test.ts +120 -0
package/test/provider/amazon-bedrock.test.ts +236 -0
package/test/provider/provider.test.ts +2127 -0
package/test/provider/transform.test.ts +980 -0
package/test/server/session-select.test.ts +78 -0
package/test/session/compaction.test.ts +251 -0
package/test/session/message-v2.test.ts +570 -0
package/test/session/retry.test.ts +131 -0
package/test/session/revert-compact.test.ts +285 -0
package/test/session/session.test.ts +71 -0
package/test/skill/skill.test.ts +185 -0
package/test/snapshot/snapshot.test.ts +939 -0
package/test/tool/__snapshots__/tool.test.ts.snap +9 -0
package/test/tool/bash.test.ts +232 -0
package/test/tool/grep.test.ts +109 -0
package/test/tool/patch.test.ts +261 -0
package/test/tool/read.test.ts +167 -0
package/test/util/iife.test.ts +36 -0
package/test/util/lazy.test.ts +50 -0
package/test/util/timeout.test.ts +21 -0
package/test/util/wildcard.test.ts +55 -0
package/tsconfig.json +16 -0

package/test/permission/next.test.ts ADDED Viewed

@@ -0,0 +1,652 @@
+import { test, expect } from "bun:test"
+import { PermissionNext } from "../../src/permission/next"
+import { Instance } from "../../src/project/instance"
+import { Storage } from "../../src/storage/storage"
+import { tmpdir } from "../fixture/fixture"
+// fromConfig tests
+test("fromConfig - string value becomes wildcard rule", () => {
+  const result = PermissionNext.fromConfig({ bash: "allow" })
+  expect(result).toEqual([{ permission: "bash", pattern: "*", action: "allow" }])
+})
+test("fromConfig - object value converts to rules array", () => {
+  const result = PermissionNext.fromConfig({ bash: { "*": "allow", rm: "deny" } })
+  expect(result).toEqual([
+    { permission: "bash", pattern: "*", action: "allow" },
+    { permission: "bash", pattern: "rm", action: "deny" },
+  ])
+})
+test("fromConfig - mixed string and object values", () => {
+  const result = PermissionNext.fromConfig({
+    bash: { "*": "allow", rm: "deny" },
+    edit: "allow",
+    webfetch: "ask",
+  })
+  expect(result).toEqual([
+    { permission: "bash", pattern: "*", action: "allow" },
+    { permission: "bash", pattern: "rm", action: "deny" },
+    { permission: "edit", pattern: "*", action: "allow" },
+    { permission: "webfetch", pattern: "*", action: "ask" },
+  ])
+})
+test("fromConfig - empty object", () => {
+  const result = PermissionNext.fromConfig({})
+  expect(result).toEqual([])
+})
+// merge tests
+test("merge - simple concatenation", () => {
+  const result = PermissionNext.merge(
+    [{ permission: "bash", pattern: "*", action: "allow" }],
+    [{ permission: "bash", pattern: "*", action: "deny" }],
+  )
+  expect(result).toEqual([
+    { permission: "bash", pattern: "*", action: "allow" },
+    { permission: "bash", pattern: "*", action: "deny" },
+  ])
+})
+test("merge - adds new permission", () => {
+  const result = PermissionNext.merge(
+    [{ permission: "bash", pattern: "*", action: "allow" }],
+    [{ permission: "edit", pattern: "*", action: "deny" }],
+  )
+  expect(result).toEqual([
+    { permission: "bash", pattern: "*", action: "allow" },
+    { permission: "edit", pattern: "*", action: "deny" },
+  ])
+})
+test("merge - concatenates rules for same permission", () => {
+  const result = PermissionNext.merge(
+    [{ permission: "bash", pattern: "foo", action: "ask" }],
+    [{ permission: "bash", pattern: "*", action: "deny" }],
+  )
+  expect(result).toEqual([
+    { permission: "bash", pattern: "foo", action: "ask" },
+    { permission: "bash", pattern: "*", action: "deny" },
+  ])
+})
+test("merge - multiple rulesets", () => {
+  const result = PermissionNext.merge(
+    [{ permission: "bash", pattern: "*", action: "allow" }],
+    [{ permission: "bash", pattern: "rm", action: "ask" }],
+    [{ permission: "edit", pattern: "*", action: "allow" }],
+  )
+  expect(result).toEqual([
+    { permission: "bash", pattern: "*", action: "allow" },
+    { permission: "bash", pattern: "rm", action: "ask" },
+    { permission: "edit", pattern: "*", action: "allow" },
+  ])
+})
+test("merge - empty ruleset does nothing", () => {
+  const result = PermissionNext.merge([{ permission: "bash", pattern: "*", action: "allow" }], [])
+  expect(result).toEqual([{ permission: "bash", pattern: "*", action: "allow" }])
+})
+test("merge - preserves rule order", () => {
+  const result = PermissionNext.merge(
+    [
+      { permission: "edit", pattern: "src/*", action: "allow" },
+      { permission: "edit", pattern: "src/secret/*", action: "deny" },
+    ],
+    [{ permission: "edit", pattern: "src/secret/ok.ts", action: "allow" }],
+  )
+  expect(result).toEqual([
+    { permission: "edit", pattern: "src/*", action: "allow" },
+    { permission: "edit", pattern: "src/secret/*", action: "deny" },
+    { permission: "edit", pattern: "src/secret/ok.ts", action: "allow" },
+  ])
+})
+test("merge - config permission overrides default ask", () => {
+  // Simulates: defaults have "*": "ask", config sets bash: "allow"
+  const defaults: PermissionNext.Ruleset = [{ permission: "*", pattern: "*", action: "ask" }]
+  const config: PermissionNext.Ruleset = [{ permission: "bash", pattern: "*", action: "allow" }]
+  const merged = PermissionNext.merge(defaults, config)
+  // Config's bash allow should override default ask
+  expect(PermissionNext.evaluate("bash", "ls", merged).action).toBe("allow")
+  // Other permissions should still be ask (from defaults)
+  expect(PermissionNext.evaluate("edit", "foo.ts", merged).action).toBe("ask")
+})
+test("merge - config ask overrides default allow", () => {
+  // Simulates: defaults have bash: "allow", config sets bash: "ask"
+  const defaults: PermissionNext.Ruleset = [{ permission: "bash", pattern: "*", action: "allow" }]
+  const config: PermissionNext.Ruleset = [{ permission: "bash", pattern: "*", action: "ask" }]
+  const merged = PermissionNext.merge(defaults, config)
+  // Config's ask should override default allow
+  expect(PermissionNext.evaluate("bash", "ls", merged).action).toBe("ask")
+})
+// evaluate tests
+test("evaluate - exact pattern match", () => {
+  const result = PermissionNext.evaluate("bash", "rm", [{ permission: "bash", pattern: "rm", action: "deny" }])
+  expect(result.action).toBe("deny")
+})
+test("evaluate - wildcard pattern match", () => {
+  const result = PermissionNext.evaluate("bash", "rm", [{ permission: "bash", pattern: "*", action: "allow" }])
+  expect(result.action).toBe("allow")
+})
+test("evaluate - last matching rule wins", () => {
+  const result = PermissionNext.evaluate("bash", "rm", [
+    { permission: "bash", pattern: "*", action: "allow" },
+    { permission: "bash", pattern: "rm", action: "deny" },
+  ])
+  expect(result.action).toBe("deny")
+})
+test("evaluate - last matching rule wins (wildcard after specific)", () => {
+  const result = PermissionNext.evaluate("bash", "rm", [
+    { permission: "bash", pattern: "rm", action: "deny" },
+    { permission: "bash", pattern: "*", action: "allow" },
+  ])
+  expect(result.action).toBe("allow")
+})
+test("evaluate - glob pattern match", () => {
+  const result = PermissionNext.evaluate("edit", "src/foo.ts", [
+    { permission: "edit", pattern: "src/*", action: "allow" },
+  ])
+  expect(result.action).toBe("allow")
+})
+test("evaluate - last matching glob wins", () => {
+  const result = PermissionNext.evaluate("edit", "src/components/Button.tsx", [
+    { permission: "edit", pattern: "src/*", action: "deny" },
+    { permission: "edit", pattern: "src/components/*", action: "allow" },
+  ])
+  expect(result.action).toBe("allow")
+})
+test("evaluate - order matters for specificity", () => {
+  // If more specific rule comes first, later wildcard overrides it
+  const result = PermissionNext.evaluate("edit", "src/components/Button.tsx", [
+    { permission: "edit", pattern: "src/components/*", action: "allow" },
+    { permission: "edit", pattern: "src/*", action: "deny" },
+  ])
+  expect(result.action).toBe("deny")
+})
+test("evaluate - unknown permission returns ask", () => {
+  const result = PermissionNext.evaluate("unknown_tool", "anything", [
+    { permission: "bash", pattern: "*", action: "allow" },
+  ])
+  expect(result.action).toBe("ask")
+})
+test("evaluate - empty ruleset returns ask", () => {
+  const result = PermissionNext.evaluate("bash", "rm", [])
+  expect(result.action).toBe("ask")
+})
+test("evaluate - no matching pattern returns ask", () => {
+  const result = PermissionNext.evaluate("edit", "etc/passwd", [
+    { permission: "edit", pattern: "src/*", action: "allow" },
+  ])
+  expect(result.action).toBe("ask")
+})
+test("evaluate - empty rules array returns ask", () => {
+  const result = PermissionNext.evaluate("bash", "rm", [])
+  expect(result.action).toBe("ask")
+})
+test("evaluate - multiple matching patterns, last wins", () => {
+  const result = PermissionNext.evaluate("edit", "src/secret.ts", [
+    { permission: "edit", pattern: "*", action: "ask" },
+    { permission: "edit", pattern: "src/*", action: "allow" },
+    { permission: "edit", pattern: "src/secret.ts", action: "deny" },
+  ])
+  expect(result.action).toBe("deny")
+})
+test("evaluate - non-matching patterns are skipped", () => {
+  const result = PermissionNext.evaluate("edit", "src/foo.ts", [
+    { permission: "edit", pattern: "*", action: "ask" },
+    { permission: "edit", pattern: "test/*", action: "deny" },
+    { permission: "edit", pattern: "src/*", action: "allow" },
+  ])
+  expect(result.action).toBe("allow")
+})
+test("evaluate - exact match at end wins over earlier wildcard", () => {
+  const result = PermissionNext.evaluate("bash", "/bin/rm", [
+    { permission: "bash", pattern: "*", action: "allow" },
+    { permission: "bash", pattern: "/bin/rm", action: "deny" },
+  ])
+  expect(result.action).toBe("deny")
+})
+test("evaluate - wildcard at end overrides earlier exact match", () => {
+  const result = PermissionNext.evaluate("bash", "/bin/rm", [
+    { permission: "bash", pattern: "/bin/rm", action: "deny" },
+    { permission: "bash", pattern: "*", action: "allow" },
+  ])
+  expect(result.action).toBe("allow")
+})
+// wildcard permission tests
+test("evaluate - wildcard permission matches any permission", () => {
+  const result = PermissionNext.evaluate("bash", "rm", [{ permission: "*", pattern: "*", action: "deny" }])
+  expect(result.action).toBe("deny")
+})
+test("evaluate - wildcard permission with specific pattern", () => {
+  const result = PermissionNext.evaluate("bash", "rm", [{ permission: "*", pattern: "rm", action: "deny" }])
+  expect(result.action).toBe("deny")
+})
+test("evaluate - glob permission pattern", () => {
+  const result = PermissionNext.evaluate("mcp_server_tool", "anything", [
+    { permission: "mcp_*", pattern: "*", action: "allow" },
+  ])
+  expect(result.action).toBe("allow")
+})
+test("evaluate - specific permission and wildcard permission combined", () => {
+  const result = PermissionNext.evaluate("bash", "rm", [
+    { permission: "*", pattern: "*", action: "deny" },
+    { permission: "bash", pattern: "*", action: "allow" },
+  ])
+  expect(result.action).toBe("allow")
+})
+test("evaluate - wildcard permission does not match when specific exists", () => {
+  const result = PermissionNext.evaluate("edit", "src/foo.ts", [
+    { permission: "*", pattern: "*", action: "deny" },
+    { permission: "edit", pattern: "src/*", action: "allow" },
+  ])
+  expect(result.action).toBe("allow")
+})
+test("evaluate - multiple matching permission patterns combine rules", () => {
+  const result = PermissionNext.evaluate("mcp_dangerous", "anything", [
+    { permission: "*", pattern: "*", action: "ask" },
+    { permission: "mcp_*", pattern: "*", action: "allow" },
+    { permission: "mcp_dangerous", pattern: "*", action: "deny" },
+  ])
+  expect(result.action).toBe("deny")
+})
+test("evaluate - wildcard permission fallback for unknown tool", () => {
+  const result = PermissionNext.evaluate("unknown_tool", "anything", [
+    { permission: "*", pattern: "*", action: "ask" },
+    { permission: "bash", pattern: "*", action: "allow" },
+  ])
+  expect(result.action).toBe("ask")
+})
+test("evaluate - permission patterns sorted by length regardless of object order", () => {
+  // specific permission listed before wildcard, but specific should still win
+  const result = PermissionNext.evaluate("bash", "rm", [
+    { permission: "bash", pattern: "*", action: "allow" },
+    { permission: "*", pattern: "*", action: "deny" },
+  ])
+  // With flat list, last matching rule wins - so "*" matches bash and wins
+  expect(result.action).toBe("deny")
+})
+test("evaluate - merges multiple rulesets", () => {
+  const config: PermissionNext.Ruleset = [{ permission: "bash", pattern: "*", action: "allow" }]
+  const approved: PermissionNext.Ruleset = [{ permission: "bash", pattern: "rm", action: "deny" }]
+  // approved comes after config, so rm should be denied
+  const result = PermissionNext.evaluate("bash", "rm", config, approved)
+  expect(result.action).toBe("deny")
+})
+// disabled tests
+test("disabled - returns empty set when all tools allowed", () => {
+  const result = PermissionNext.disabled(["bash", "edit", "read"], [{ permission: "*", pattern: "*", action: "allow" }])
+  expect(result.size).toBe(0)
+})
+test("disabled - disables tool when denied", () => {
+  const result = PermissionNext.disabled(
+    ["bash", "edit", "read"],
+    [
+      { permission: "*", pattern: "*", action: "allow" },
+      { permission: "bash", pattern: "*", action: "deny" },
+    ],
+  )
+  expect(result.has("bash")).toBe(true)
+  expect(result.has("edit")).toBe(false)
+  expect(result.has("read")).toBe(false)
+})
+test("disabled - disables edit/write/patch/multiedit when edit denied", () => {
+  const result = PermissionNext.disabled(
+    ["edit", "write", "patch", "multiedit", "bash"],
+    [
+      { permission: "*", pattern: "*", action: "allow" },
+      { permission: "edit", pattern: "*", action: "deny" },
+    ],
+  )
+  expect(result.has("edit")).toBe(true)
+  expect(result.has("write")).toBe(true)
+  expect(result.has("patch")).toBe(true)
+  expect(result.has("multiedit")).toBe(true)
+  expect(result.has("bash")).toBe(false)
+})
+test("disabled - does not disable when partially denied", () => {
+  const result = PermissionNext.disabled(
+    ["bash"],
+    [
+      { permission: "bash", pattern: "*", action: "allow" },
+      { permission: "bash", pattern: "rm *", action: "deny" },
+    ],
+  )
+  expect(result.has("bash")).toBe(false)
+})
+test("disabled - does not disable when action is ask", () => {
+  const result = PermissionNext.disabled(["bash", "edit"], [{ permission: "*", pattern: "*", action: "ask" }])
+  expect(result.size).toBe(0)
+})
+test("disabled - disables when wildcard deny even with specific allow", () => {
+  // Tool is disabled because evaluate("bash", "*", ...) returns "deny"
+  // The "echo *" allow rule doesn't match the "*" pattern we're checking
+  const result = PermissionNext.disabled(
+    ["bash"],
+    [
+      { permission: "bash", pattern: "*", action: "deny" },
+      { permission: "bash", pattern: "echo *", action: "allow" },
+    ],
+  )
+  expect(result.has("bash")).toBe(true)
+})
+test("disabled - does not disable when wildcard allow after deny", () => {
+  const result = PermissionNext.disabled(
+    ["bash"],
+    [
+      { permission: "bash", pattern: "rm *", action: "deny" },
+      { permission: "bash", pattern: "*", action: "allow" },
+    ],
+  )
+  expect(result.has("bash")).toBe(false)
+})
+test("disabled - disables multiple tools", () => {
+  const result = PermissionNext.disabled(
+    ["bash", "edit", "webfetch"],
+    [
+      { permission: "bash", pattern: "*", action: "deny" },
+      { permission: "edit", pattern: "*", action: "deny" },
+      { permission: "webfetch", pattern: "*", action: "deny" },
+    ],
+  )
+  expect(result.has("bash")).toBe(true)
+  expect(result.has("edit")).toBe(true)
+  expect(result.has("webfetch")).toBe(true)
+})
+test("disabled - wildcard permission denies all tools", () => {
+  const result = PermissionNext.disabled(["bash", "edit", "read"], [{ permission: "*", pattern: "*", action: "deny" }])
+  expect(result.has("bash")).toBe(true)
+  expect(result.has("edit")).toBe(true)
+  expect(result.has("read")).toBe(true)
+})
+test("disabled - specific allow overrides wildcard deny", () => {
+  const result = PermissionNext.disabled(
+    ["bash", "edit", "read"],
+    [
+      { permission: "*", pattern: "*", action: "deny" },
+      { permission: "bash", pattern: "*", action: "allow" },
+    ],
+  )
+  expect(result.has("bash")).toBe(false)
+  expect(result.has("edit")).toBe(true)
+  expect(result.has("read")).toBe(true)
+})
+// ask tests
+test("ask - resolves immediately when action is allow", async () => {
+  await using tmp = await tmpdir({ git: true })
+  await Instance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      const result = await PermissionNext.ask({
+        sessionID: "session_test",
+        permission: "bash",
+        patterns: ["ls"],
+        metadata: {},
+        always: [],
+        ruleset: [{ permission: "bash", pattern: "*", action: "allow" }],
+      })
+      expect(result).toBeUndefined()
+    },
+  })
+})
+test("ask - throws RejectedError when action is deny", async () => {
+  await using tmp = await tmpdir({ git: true })
+  await Instance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      await expect(
+        PermissionNext.ask({
+          sessionID: "session_test",
+          permission: "bash",
+          patterns: ["rm -rf /"],
+          metadata: {},
+          always: [],
+          ruleset: [{ permission: "bash", pattern: "*", action: "deny" }],
+        }),
+      ).rejects.toBeInstanceOf(PermissionNext.DeniedError)
+    },
+  })
+})
+test("ask - returns pending promise when action is ask", async () => {
+  await using tmp = await tmpdir({ git: true })
+  await Instance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      const promise = PermissionNext.ask({
+        sessionID: "session_test",
+        permission: "bash",
+        patterns: ["ls"],
+        metadata: {},
+        always: [],
+        ruleset: [{ permission: "bash", pattern: "*", action: "ask" }],
+      })
+      // Promise should be pending, not resolved
+      expect(promise).toBeInstanceOf(Promise)
+      // Don't await - just verify it returns a promise
+    },
+  })
+})
+// reply tests
+test("reply - once resolves the pending ask", async () => {
+  await using tmp = await tmpdir({ git: true })
+  await Instance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      const askPromise = PermissionNext.ask({
+        id: "permission_test1",
+        sessionID: "session_test",
+        permission: "bash",
+        patterns: ["ls"],
+        metadata: {},
+        always: [],
+        ruleset: [],
+      })
+      await PermissionNext.reply({
+        requestID: "permission_test1",
+        reply: "once",
+      })
+      await expect(askPromise).resolves.toBeUndefined()
+    },
+  })
+})
+test("reply - reject throws RejectedError", async () => {
+  await using tmp = await tmpdir({ git: true })
+  await Instance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      const askPromise = PermissionNext.ask({
+        id: "permission_test2",
+        sessionID: "session_test",
+        permission: "bash",
+        patterns: ["ls"],
+        metadata: {},
+        always: [],
+        ruleset: [],
+      })
+      await PermissionNext.reply({
+        requestID: "permission_test2",
+        reply: "reject",
+      })
+      await expect(askPromise).rejects.toBeInstanceOf(PermissionNext.RejectedError)
+    },
+  })
+})
+test("reply - always persists approval and resolves", async () => {
+  await using tmp = await tmpdir({ git: true })
+  await Instance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      const askPromise = PermissionNext.ask({
+        id: "permission_test3",
+        sessionID: "session_test",
+        permission: "bash",
+        patterns: ["ls"],
+        metadata: {},
+        always: ["ls"],
+        ruleset: [],
+      })
+      await PermissionNext.reply({
+        requestID: "permission_test3",
+        reply: "always",
+      })
+      await expect(askPromise).resolves.toBeUndefined()
+    },
+  })
+  // Re-provide to reload state with stored permissions
+  await Instance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      // Stored approval should allow without asking
+      const result = await PermissionNext.ask({
+        sessionID: "session_test2",
+        permission: "bash",
+        patterns: ["ls"],
+        metadata: {},
+        always: [],
+        ruleset: [],
+      })
+      expect(result).toBeUndefined()
+    },
+  })
+})
+test("reply - reject cancels all pending for same session", async () => {
+  await using tmp = await tmpdir({ git: true })
+  await Instance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      const askPromise1 = PermissionNext.ask({
+        id: "permission_test4a",
+        sessionID: "session_same",
+        permission: "bash",
+        patterns: ["ls"],
+        metadata: {},
+        always: [],
+        ruleset: [],
+      })
+      const askPromise2 = PermissionNext.ask({
+        id: "permission_test4b",
+        sessionID: "session_same",
+        permission: "edit",
+        patterns: ["foo.ts"],
+        metadata: {},
+        always: [],
+        ruleset: [],
+      })
+      // Catch rejections before they become unhandled
+      const result1 = askPromise1.catch((e) => e)
+      const result2 = askPromise2.catch((e) => e)
+      // Reject the first one
+      await PermissionNext.reply({
+        requestID: "permission_test4a",
+        reply: "reject",
+      })
+      // Both should be rejected
+      expect(await result1).toBeInstanceOf(PermissionNext.RejectedError)
+      expect(await result2).toBeInstanceOf(PermissionNext.RejectedError)
+    },
+  })
+})
+test("ask - checks all patterns and stops on first deny", async () => {
+  await using tmp = await tmpdir({ git: true })
+  await Instance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      await expect(
+        PermissionNext.ask({
+          sessionID: "session_test",
+          permission: "bash",
+          patterns: ["echo hello", "rm -rf /"],
+          metadata: {},
+          always: [],
+          ruleset: [
+            { permission: "bash", pattern: "*", action: "allow" },
+            { permission: "bash", pattern: "rm *", action: "deny" },
+          ],
+        }),
+      ).rejects.toBeInstanceOf(PermissionNext.DeniedError)
+    },
+  })
+})
+test("ask - allows all patterns when all match allow rules", async () => {
+  await using tmp = await tmpdir({ git: true })
+  await Instance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      const result = await PermissionNext.ask({
+        sessionID: "session_test",
+        permission: "bash",
+        patterns: ["echo hello", "ls -la", "pwd"],
+        metadata: {},
+        always: [],
+        ruleset: [{ permission: "bash", pattern: "*", action: "allow" }],
+      })
+      expect(result).toBeUndefined()
+    },
+  })
+})