gencode-ai 0.1.0 → 0.1.2

package/dist/permissions/audit.js

@@ -0,0 +1,229 @@
+/**
+ * Permission Audit - Log permission decisions for transparency
+ *
+ * Maintains an in-memory audit log with optional file persistence.
+ * Useful for debugging, security review, and compliance.
+ */
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import * as os from 'os';
+const AUDIT_FILE = 'permission-audit.json';
+const MAX_MEMORY_ENTRIES = 1000;
+const MAX_FILE_ENTRIES = 10000;
+const GLOBAL_DIR = path.join(os.homedir(), '.gencode');
+/**
+ * Summarize tool input for audit (avoid storing sensitive data)
+ */
+function summarizeInput(tool, input) {
+    if (input === null || input === undefined)
+        return '';
+    if (typeof input === 'string') {
+        return input.slice(0, 100);
+    }
+    if (typeof input !== 'object') {
+        return String(input).slice(0, 100);
+    }
+    const obj = input;
+    // Tool-specific summaries
+    switch (tool) {
+        case 'Bash':
+            return obj.command?.slice(0, 100) ?? '';
+        case 'Read':
+        case 'Write':
+        case 'Edit':
+        case 'Glob':
+            return obj.file_path ?? obj.path ?? '';
+        case 'Grep':
+            return `${obj.pattern ?? ''} in ${obj.path ?? '.'}`;
+        case 'WebFetch':
+            return obj.url?.slice(0, 100) ?? '';
+        case 'WebSearch':
+            return obj.query?.slice(0, 100) ?? '';
+        default:
+            // Generic summary
+            const keys = Object.keys(obj).slice(0, 3);
+            return keys.map((k) => `${k}:${String(obj[k]).slice(0, 20)}`).join(', ');
+    }
+}
+/**
+ * Permission Audit Logger
+ */
+export class PermissionAudit {
+    entries = [];
+    persistToFile;
+    filePath;
+    constructor(options = {}) {
+        this.persistToFile = options.persistToFile ?? false;
+        const dir = options.auditDir ?? GLOBAL_DIR;
+        this.filePath = path.join(dir, AUDIT_FILE);
+    }
+    /**
+     * Log a permission decision
+     */
+    async log(tool, input, decision, reason, options = {}) {
+        const entry = {
+            timestamp: new Date(),
+            tool,
+            inputSummary: summarizeInput(tool, input),
+            decision,
+            reason,
+            matchedRule: options.matchedRule,
+            sessionId: options.sessionId,
+        };
+        // Add to memory
+        this.entries.push(entry);
+        // Trim if too large
+        if (this.entries.length > MAX_MEMORY_ENTRIES) {
+            this.entries = this.entries.slice(-MAX_MEMORY_ENTRIES);
+        }
+        // Persist if enabled
+        if (this.persistToFile) {
+            await this.appendToFile(entry);
+        }
+    }
+    /**
+     * Append entry to file
+     */
+    async appendToFile(entry) {
+        try {
+            // Ensure directory exists
+            const dir = path.dirname(this.filePath);
+            await fs.mkdir(dir, { recursive: true });
+            // Load existing entries
+            let fileEntries = [];
+            try {
+                const content = await fs.readFile(this.filePath, 'utf-8');
+                fileEntries = JSON.parse(content);
+            }
+            catch {
+                // File doesn't exist
+            }
+            // Add new entry
+            fileEntries.push(entry);
+            // Trim if too large
+            if (fileEntries.length > MAX_FILE_ENTRIES) {
+                fileEntries = fileEntries.slice(-MAX_FILE_ENTRIES);
+            }
+            // Write back
+            await fs.writeFile(this.filePath, JSON.stringify(fileEntries, null, 2), 'utf-8');
+        }
+        catch {
+            // Silently fail - audit should not break the app
+        }
+    }
+    /**
+     * Get recent audit entries
+     */
+    getRecent(count = 50) {
+        return this.entries.slice(-count);
+    }
+    /**
+     * Get all entries in memory
+     */
+    getAll() {
+        return [...this.entries];
+    }
+    /**
+     * Get entries by tool
+     */
+    getByTool(tool) {
+        return this.entries.filter((e) => e.tool === tool);
+    }
+    /**
+     * Get entries by decision
+     */
+    getByDecision(decision) {
+        return this.entries.filter((e) => e.decision === decision);
+    }
+    /**
+     * Get entries by session
+     */
+    getBySession(sessionId) {
+        return this.entries.filter((e) => e.sessionId === sessionId);
+    }
+    /**
+     * Get statistics
+     */
+    getStats() {
+        const stats = {
+            total: this.entries.length,
+            allowed: 0,
+            denied: 0,
+            confirmed: 0,
+            rejected: 0,
+            byTool: {},
+        };
+        for (const entry of this.entries) {
+            // Count by decision
+            switch (entry.decision) {
+                case 'allowed':
+                    stats.allowed++;
+                    break;
+                case 'denied':
+                    stats.denied++;
+                    break;
+                case 'confirmed':
+                    stats.confirmed++;
+                    break;
+                case 'rejected':
+                    stats.rejected++;
+                    break;
+            }
+            // Count by tool
+            stats.byTool[entry.tool] = (stats.byTool[entry.tool] ?? 0) + 1;
+        }
+        return stats;
+    }
+    /**
+     * Clear in-memory entries
+     */
+    clear() {
+        this.entries = [];
+    }
+    /**
+     * Load entries from file
+     */
+    async loadFromFile() {
+        try {
+            const content = await fs.readFile(this.filePath, 'utf-8');
+            return JSON.parse(content);
+        }
+        catch {
+            return [];
+        }
+    }
+    /**
+     * Clear file entries
+     */
+    async clearFile() {
+        try {
+            await fs.writeFile(this.filePath, '[]', 'utf-8');
+        }
+        catch {
+            // Silently fail
+        }
+    }
+    /**
+     * Format entry for display
+     */
+    formatEntry(entry) {
+        const time = entry.timestamp.toLocaleTimeString('en-US', {
+            hour: '2-digit',
+            minute: '2-digit',
+        });
+        const decision = entry.decision.toUpperCase().padEnd(9);
+        const tool = entry.tool.padEnd(10);
+        const input = entry.inputSummary.slice(0, 40).padEnd(40);
+        return `${time}  ${decision}  ${tool}  ${input}`;
+    }
+    /**
+     * Format entries as table
+     */
+    formatTable(entries) {
+        const header = 'Time      Decision   Tool        Input';
+        const separator = '─'.repeat(header.length);
+        const rows = entries.map((e) => this.formatEntry(e));
+        return [header, separator, ...rows].join('\n');
+    }
+}
+//# sourceMappingURL=audit.js.map

package/dist/permissions/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/permissions/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AAGzB,MAAM,UAAU,GAAG,uBAAuB,CAAC;AAC3C,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAChC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AAEvD;;GAEG;AACH,SAAS,cAAc,CAAC,IAAY,EAAE,KAAc;IAClD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IAErD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,GAAG,GAAG,KAAgC,CAAC;IAE7C,0BAA0B;IAC1B,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,MAAM;YACT,OAAQ,GAAG,CAAC,OAAkB,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC;QAEtD,KAAK,MAAM,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,MAAM,CAAC;QACZ,KAAK,MAAM;YACT,OAAQ,GAAG,CAAC,SAAoB,IAAK,GAAG,CAAC,IAAe,IAAI,EAAE,CAAC;QAEjE,KAAK,MAAM;YACT,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,EAAE,OAAO,GAAG,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;QAEtD,KAAK,UAAU;YACb,OAAQ,GAAG,CAAC,GAAc,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC;QAElD,KAAK,WAAW;YACd,OAAQ,GAAG,CAAC,KAAgB,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC;QAEpD;YACE,kBAAkB;YAClB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,eAAe;IAClB,OAAO,GAA2B,EAAE,CAAC;IACrC,aAAa,CAAU;IACvB,QAAQ,CAAS;IAEzB,YAAY,UAA0D,EAAE;QACtE,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,KAAK,CAAC;QACpD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,IAAI,UAAU,CAAC;QAC3C,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CACP,IAAY,EACZ,KAAc,EACd,QAAuB,EACvB,MAAc,EACd,UAGI,EAAE;QAEN,MAAM,KAAK,GAAyB;YAClC,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,IAAI;YACJ,YAAY,EAAE,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC;YACzC,QAAQ;YACR,MAAM;YACN,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B,CAAC;QAEF,gBAAgB;QAChB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEzB,oBAAoB;QACpB,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,kBAAkB,EAAE,CAAC;YAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,kBAAkB,CAAC,CAAC;QACzD,CAAC;QAED,qBAAqB;QACrB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY,CAAC,KAA2B;QACpD,IAAI,CAAC;YACH,0BAA0B;YAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACxC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAEzC,wBAAwB;YACxB,IAAI,WAAW,GAA2B,EAAE,CAAC;YAC7C,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAC1D,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,qBAAqB;YACvB,CAAC;YAED,gBAAgB;YAChB,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAExB,oBAAoB;YACpB,IAAI,WAAW,CAAC,MAAM,GAAG,gBAAgB,EAAE,CAAC;gBAC1C,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,gBAAgB,CAAC,CAAC;YACrD,CAAC;YAED,aAAa;YACb,MAAM,EAAE,CAAC,SAAS,CAChB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,EACpC,OAAO,CACR,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,iDAAiD;QACnD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,QAAgB,EAAE;QAC1B,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,IAAY;QACpB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,QAAuB;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,SAAiB;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,QAAQ;QAQN,MAAM,KAAK,GAAG;YACZ,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;YAC1B,OAAO,EAAE,CAAC;YACV,MAAM,EAAE,CAAC;YACT,SAAS,EAAE,CAAC;YACZ,QAAQ,EAAE,CAAC;YACX,MAAM,EAAE,EAA4B;SACrC,CAAC;QAEF,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,oBAAoB;YACpB,QAAQ,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACvB,KAAK,SAAS;oBACZ,KAAK,CAAC,OAAO,EAAE,CAAC;oBAChB,MAAM;gBACR,KAAK,QAAQ;oBACX,KAAK,CAAC,MAAM,EAAE,CAAC;oBACf,MAAM;gBACR,KAAK,WAAW;oBACd,KAAK,CAAC,SAAS,EAAE,CAAC;oBAClB,MAAM;gBACR,KAAK,UAAU;oBACb,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACjB,MAAM;YACV,CAAC;YAED,gBAAgB;YAChB,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS;QACb,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,gBAAgB;QAClB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,KAA2B;QACrC,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,kBAAkB,CAAC,OAAO,EAAE;YACvD,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,SAAS;SAClB,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAEzD,OAAO,GAAG,IAAI,KAAK,QAAQ,KAAK,IAAI,KAAK,KAAK,EAAE,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,OAA+B;QACzC,MAAM,MAAM,GAAG,wCAAwC,CAAC;QACxD,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;QAErD,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC;CACF"}

package/dist/permissions/index.d.ts

@@ -1,7 +1,17 @@
 /**
  * Permission System
+ *
+ * Enhanced permission management with:
+ * - Pattern-based rules (Claude Code style: "Bash(git add:*)")
+ * - Prompt-based permissions (ExitPlanMode style)
+ * - Session/project/global scopes
+ * - Persistent allowlists
+ * - Audit trail
  */
 export * from './types.js';
 export { PermissionManager } from './manager.js';
-export type { ConfirmCallback } from './manager.js';
+export type { ConfirmCallback, SimpleConfirmCallback } from './manager.js';
+export { PromptMatcher, parsePatternString, matchesPatternString } from './prompt-matcher.js';
+export { PermissionPersistence } from './persistence.js';
+export { PermissionAudit } from './audit.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/permissions/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/permissions/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,YAAY,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/permissions/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,cAAc,YAAY,CAAC;AAG3B,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,YAAY,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAG3E,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG9F,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAGzD,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC"}

package/dist/permissions/index.js

@@ -1,6 +1,21 @@
 /**
  * Permission System
+ *
+ * Enhanced permission management with:
+ * - Pattern-based rules (Claude Code style: "Bash(git add:*)")
+ * - Prompt-based permissions (ExitPlanMode style)
+ * - Session/project/global scopes
+ * - Persistent allowlists
+ * - Audit trail
  */
+// Types
 export * from './types.js';
+// Core Manager
 export { PermissionManager } from './manager.js';
+// Prompt Matching
+export { PromptMatcher, parsePatternString, matchesPatternString } from './prompt-matcher.js';
+// Persistence
+export { PermissionPersistence } from './persistence.js';
+// Audit
+export { PermissionAudit } from './audit.js';
 //# sourceMappingURL=index.js.map

package/dist/permissions/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/permissions/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/permissions/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,eAAe;AACf,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAGjD,kBAAkB;AAClB,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAE9F,cAAc;AACd,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAEzD,QAAQ;AACR,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC"}

package/dist/permissions/manager.d.ts

@@ -1,32 +1,168 @@
 /**
- * Permission Manager - Controls tool execution permissions
+ * Permission Manager - Enhanced permission control with pattern matching,
+ * prompt-based approvals, persistence, and audit logging.
+ *
+ * Claude Code compatible design with:
+ * - Pattern-based rules (e.g., "Bash(git add:*)")
+ * - Prompt-based permissions (e.g., { tool: "Bash", prompt: "run tests" })
+ * - Session/project/global scopes
+ * - Persistent allowlists
+ * - Audit trail
+ */
+import type { PermissionConfig, PermissionContext, PermissionDecision, PermissionMode, PermissionRule, PromptPermission, ConfirmCallback, SimpleConfirmCallback, PermissionSettings } from './types.js';
+import { PermissionPersistence } from './persistence.js';
+import { PermissionAudit } from './audit.js';
+/**
+ * Enhanced Permission Manager
  */
-import type { PermissionConfig, PermissionMode } from './types.js';
-export type ConfirmCallback = (tool: string, input: unknown) => Promise<boolean>;
 export declare class PermissionManager {
     private config;
+    private promptMatcher;
+    private persistence;
+    private audit;
+    private sessionApprovals;
+    private sessionRejections;
     private confirmCallback?;
-    private approvedTools;
-    constructor(config?: Partial<PermissionConfig>);
+    private simpleConfirmCallback?;
+    private saveRuleCallback?;
+    private sessionId?;
+    private projectPath?;
+    constructor(options?: {
+        config?: Partial<PermissionConfig>;
+        projectPath?: string;
+        enableAudit?: boolean;
+    });
+    /**
+     * Initialize - load persisted rules and settings
+     */
+    initialize(settings?: PermissionSettings): Promise<void>;
     /**
-     * Set the confirmation callback
+     * Set session ID for tracking
+     */
+    setSessionId(sessionId: string): void;
+    /**
+     * Set enhanced confirmation callback
      */
     setConfirmCallback(callback: ConfirmCallback): void;
     /**
-     * Get the permission mode for a tool
+     * Set simple yes/no confirmation callback (backward compatible)
      */
-    getModeForTool(tool: string): PermissionMode;
+    setSimpleConfirmCallback(callback: SimpleConfirmCallback): void;
+    /**
+     * Set callback to save permission rules to settings
+     * This allows integration with SettingsManager for settings.local.json persistence
+     */
+    setSaveRuleCallback(callback: (tool: string, pattern?: string) => Promise<void>): void;
+    /**
+     * Add prompt-based permissions (Claude Code ExitPlanMode style)
+     */
+    addAllowedPrompts(prompts: PromptPermission[]): void;
+    /**
+     * Clear prompt-based permissions
+     */
+    clearAllowedPrompts(): void;
+    /**
+     * Get current allowed prompts
+     */
+    getAllowedPrompts(): PromptPermission[];
+    /**
+     * Get all rules
+     */
+    getRules(): PermissionRule[];
+    /**
+     * Check permission (without prompting user)
+     *
+     * Flow matches Claude Code official design:
+     * 1. DENY rules → block immediately
+     * 2. ALLOW rules → auto-approve (includes prompt-based & session cache)
+     * 3. ASK rules → force prompt
+     * 4. Default behavior (read-only → auto, write → prompt)
+     */
+    checkPermission(context: PermissionContext): Promise<PermissionDecision>;
+    /**
+     * Request permission (prompts user if needed)
+     */
+    requestPermission(tool: string, input: unknown): Promise<boolean>;
     /**
-     * Check if a tool can be executed
+     * Backward-compatible check method
      */
-    checkPermission(tool: string, input: unknown): Promise<boolean>;
+    check(tool: string, input: unknown): Promise<boolean>;
+    /**
+     * Get permission mode for a tool (for simple queries)
+     */
+    getModeForTool(tool: string): PermissionMode;
     /**
      * Approve a tool for this session
      */
-    approveToolForSession(tool: string): void;
+    approveForSession(tool: string, pattern?: string): void;
+    /**
+     * Add a persistent allow rule
+     */
+    addAllowRule(tool: string, pattern?: string, scope?: 'project' | 'global'): Promise<void>;
+    /**
+     * Add a persistent deny rule
+     */
+    addDenyRule(tool: string, pattern?: string, scope?: 'project' | 'global'): Promise<void>;
+    /**
+     * Clear session approvals
+     */
+    clearSessionApprovals(): void;
+    /**
+     * Get audit log
+     */
+    getAuditLog(count?: number): ReturnType<PermissionAudit['getRecent']>;
+    /**
+     * Get audit statistics
+     */
+    getAuditStats(): ReturnType<PermissionAudit['getStats']>;
+    /**
+     * Get persistence manager (for direct access)
+     */
+    getPersistence(): PermissionPersistence;
+    /**
+     * Find a matching rule for the given context and mode
+     */
+    private findMatchingRule;
+    /**
+     * Check if tool matches rule
+     */
+    private matchesTool;
+    /**
+     * Check if input matches pattern
+     */
+    private matchesPattern;
+    /**
+     * Match against prompt-based permissions
+     */
+    private matchPrompt;
+    /**
+     * Generate cache key for session approvals
+     */
+    private getCacheKey;
+    /**
+     * Get approval suggestions for a context
+     */
+    private getSuggestions;
+    /**
+     * Prompt user for approval
+     */
+    private promptUser;
+    /**
+     * Handle the user's approval action
+     */
+    private handleApprovalAction;
+    /**
+     * Extract a pattern from tool input for persistent rules
+     */
+    private extractPattern;
+    /**
+     * Describe a rule for logging
+     */
+    private describeRule;
     /**
-     * Clear all session approvals
+     * Log audit entry
      */
-    clearApprovals(): void;
+    private logAudit;
 }
+export type { ConfirmCallback, SimpleConfirmCallback };
 //# sourceMappingURL=manager.d.ts.map

package/dist/permissions/manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/permissions/manager.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAGnE,MAAM,MAAM,eAAe,GAAG,CAC5B,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,OAAO,KACX,OAAO,CAAC,OAAO,CAAC,CAAC;AAEtB,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,eAAe,CAAC,CAAkB;IAC1C,OAAO,CAAC,aAAa,CAA0B;gBAEnC,MAAM,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC;IAO9C;;OAEG;IACH,kBAAkB,CAAC,QAAQ,EAAE,eAAe,GAAG,IAAI;IAInD;;OAEG;IACH,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc;IAa5C;;OAEG;IACG,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAiCrE;;OAEG;IACH,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAIzC;;OAEG;IACH,cAAc,IAAI,IAAI;CAGvB"}
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/permissions/manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,gBAAgB,EAGhB,eAAe,EACf,qBAAqB,EACrB,kBAAkB,EAEnB,MAAM,YAAY,CAAC;AAMpB,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAW7C;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,WAAW,CAAwB;IAC3C,OAAO,CAAC,KAAK,CAAkB;IAG/B,OAAO,CAAC,gBAAgB,CAA2C;IACnE,OAAO,CAAC,iBAAiB,CAA0B;IAGnD,OAAO,CAAC,eAAe,CAAC,CAAkB;IAC1C,OAAO,CAAC,qBAAqB,CAAC,CAAwB;IACtD,OAAO,CAAC,gBAAgB,CAAC,CAAoD;IAG7E,OAAO,CAAC,SAAS,CAAC,CAAS;IAC3B,OAAO,CAAC,WAAW,CAAC,CAAS;gBAEjB,OAAO,GAAE;QACnB,MAAM,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACnC,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,OAAO,CAAC;KAClB;IAkBN;;OAEG;IACG,UAAU,CAAC,QAAQ,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAa9D;;OAEG;IACH,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAIrC;;OAEG;IACH,kBAAkB,CAAC,QAAQ,EAAE,eAAe,GAAG,IAAI;IAInD;;OAEG;IACH,wBAAwB,CAAC,QAAQ,EAAE,qBAAqB,GAAG,IAAI;IAI/D;;;OAGG;IACH,mBAAmB,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI;IAItF;;OAEG;IACH,iBAAiB,CAAC,OAAO,EAAE,gBAAgB,EAAE,GAAG,IAAI;IAIpD;;OAEG;IACH,mBAAmB,IAAI,IAAI;IAI3B;;OAEG;IACH,iBAAiB,IAAI,gBAAgB,EAAE;IAIvC;;OAEG;IACH,QAAQ,IAAI,cAAc,EAAE;IAI5B;;;;;;;;OAQG;IACG,eAAe,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IA+F9E;;OAEG;IACG,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAwBvE;;OAEG;IACG,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAI3D;;OAEG;IACH,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc;IAa5C;;OAEG;IACH,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI;IASvD;;OAEG;IACG,YAAY,CAChB,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,MAAM,EAChB,KAAK,GAAE,SAAS,GAAG,QAAmB,GACrC,OAAO,CAAC,IAAI,CAAC;IAgBhB;;OAEG;IACG,WAAW,CACf,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,MAAM,EAChB,KAAK,GAAE,SAAS,GAAG,QAAmB,GACrC,OAAO,CAAC,IAAI,CAAC;IAgBhB;;OAEG;IACH,qBAAqB,IAAI,IAAI;IAK7B;;OAEG;IACH,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;IAIrE;;OAEG;IACH,aAAa,IAAI,UAAU,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;IAIxD;;OAEG;IACH,cAAc,IAAI,qBAAqB;IAQvC;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA0BxB;;OAEG;IACH,OAAO,CAAC,WAAW;IAOnB;;OAEG;IACH,OAAO,CAAC,cAAc;IAYtB;;OAEG;IACH,OAAO,CAAC,WAAW;IAWnB;;OAEG;IACH,OAAO,CAAC,WAAW;IA0BnB;;OAEG;IACH,OAAO,CAAC,cAAc;IAoBtB;;OAEG;YACW,UAAU;IAsBxB;;OAEG;YACW,oBAAoB;IAkDlC;;OAEG;IACH,OAAO,CAAC,cAAc;IAatB;;OAEG;IACH,OAAO,CAAC,YAAY;IAWpB;;OAEG;YACW,QAAQ;CASvB;AAGD,YAAY,EAAE,eAAe,EAAE,qBAAqB,EAAE,CAAC"}