rulesync 8.15.0 → 8.16.0

package/dist/{chunk-UMJWBQ2X.js → chunk-DOWXY74I.js}

@@ -473,7 +473,8 @@ function validateOutputRoot(outputRoot) {
     throw new Error("outputRoot cannot be an empty string");
   }
   if (isAbsolute(outputRoot)) {
-    const segments = outputRoot.split(/[/\\]/);
+    const separatorRegex = process.platform === "win32" ? /[/\\]/ : /\//;
+    const segments = outputRoot.split(separatorRegex);
     if (segments.includes("..")) {
       throw new Error(`Path traversal detected: ${outputRoot}`);
     }
@@ -4825,7 +4826,9 @@ async function buildCodexConfigTomlContent({
   if (typeof configToml.features !== "object" || configToml.features === null) {
     configToml.features = {};
   }
-  configToml.features.codex_hooks = true;
+  const features = configToml.features;
+  delete features.codex_hooks;
+  features.hooks = true;
   return smolToml2.stringify(configToml);
 }
 var CodexcliConfigToml = class _CodexcliConfigToml extends ToolFile {
@@ -10092,6 +10095,7 @@ var ToolPermissions = class extends ToolFile {
 };
 
 // src/features/permissions/augmentcode-permissions.ts
+var moduleLogger = new ConsoleLogger();
 var AugmentPermissionTypeSchema = z30.enum(["allow", "deny", "ask-user"]);
 var AugmentToolPermissionSchema = z30.looseObject({
   toolName: z30.string(),
@@ -10183,6 +10187,33 @@ function shellRegexToGlob(regex) {
   }
   return glob;
 }
+function isShellRegexRoundtrippable(regex) {
+  if (!regex.startsWith("^") || !regex.endsWith("$")) {
+    return false;
+  }
+  const body = regex.slice(1, -1);
+  let i = 0;
+  while (i < body.length) {
+    const ch = body[i];
+    if (ch === "\\" && i + 1 < body.length) {
+      i += 2;
+      continue;
+    }
+    if (ch === "." && body[i + 1] === "*") {
+      i += 2;
+      continue;
+    }
+    if (ch === ".") {
+      i += 1;
+      continue;
+    }
+    if (/[$^|+?*(){}[\]]/.test(ch ?? "")) {
+      return false;
+    }
+    i += 1;
+  }
+  return true;
+}
 var MANAGED_AUGMENT_TOOL_NAMES = new Set(Object.values(CANONICAL_TO_AUGMENT_TOOL_NAMES));
 var AugmentcodePermissions = class _AugmentcodePermissions extends ToolPermissions {
   constructor(params) {
@@ -10190,6 +10221,12 @@ var AugmentcodePermissions = class _AugmentcodePermissions extends ToolPermissio
       ...params,
       fileContent: params.fileContent ?? "{}"
     });
+    if (params.validate) {
+      const result = this.validate();
+      if (!result.success) {
+        throw result.error;
+      }
+    }
   }
   isDeletable() {
     return false;
@@ -10283,14 +10320,27 @@ var AugmentcodePermissions = class _AugmentcodePermissions extends ToolPermissio
       );
     }
     const config = convertAugmentToRulesyncPermissions({
-      entries: settings.toolPermissions ?? []
+      entries: settings.toolPermissions ?? [],
+      logger: moduleLogger
     });
     return this.toRulesyncPermissionsDefault({
       fileContent: JSON.stringify(config, null, 2)
     });
   }
   validate() {
-    return { success: true, error: null };
+    try {
+      const parsed = JSON.parse(this.fileContent || "{}");
+      const result = AugmentSettingsSchema.safeParse(parsed);
+      if (!result.success) {
+        return { success: false, error: result.error };
+      }
+      return { success: true, error: null };
+    } catch (error) {
+      return {
+        success: false,
+        error: new Error(`Failed to parse AugmentCode permissions JSON: ${formatError(error)}`)
+      };
+    }
   }
   static forDeletion({
     outputRoot = process.cwd(),
@@ -10388,7 +10438,8 @@ function sortAugmentEntries(entries) {
   return decorated.map((d) => d.entry);
 }
 function convertAugmentToRulesyncPermissions({
-  entries
+  entries,
+  logger
 }) {
   const actionPriority = {
     deny: 2,
@@ -10399,7 +10450,27 @@ function convertAugmentToRulesyncPermissions({
   for (const entry of entries) {
     const canonical = toCanonicalToolName(entry.toolName);
     const action = augmentTypeToAction(entry.permission.type);
-    const pattern = entry.toolName === "launch-process" && entry.shellInputRegex ? shellRegexToGlob(entry.shellInputRegex) : "*";
+    let pattern;
+    if (entry.toolName === "launch-process" && entry.shellInputRegex) {
+      const regex = entry.shellInputRegex;
+      if (isShellRegexRoundtrippable(regex)) {
+        pattern = shellRegexToGlob(regex);
+      } else {
+        if (action === "deny") {
+          logger?.warn(
+            `AugmentCode permissions: shellInputRegex '${regex}' on tool '${entry.toolName}' is not faithfully roundtrippable to a glob. Importing as the catch-all '*' pattern (fail-closed) so the deny rule cannot be silently narrowed on regenerate.`
+          );
+          pattern = "*";
+        } else {
+          pattern = shellRegexToGlob(regex);
+          logger?.warn(
+            `AugmentCode permissions: shellInputRegex '${regex}' on tool '${entry.toolName}' is not faithfully roundtrippable to a glob. Importing as glob '${pattern}'; the rule may match a different set of inputs after regenerate.`
+          );
+        }
+      }
+    } else {
+      pattern = "*";
+    }
     if (!permission[canonical]) {
       permission[canonical] = {};
     }
@@ -10654,6 +10725,12 @@ var ClinePermissions = class _ClinePermissions extends ToolPermissions {
       ...params,
       fileContent: params.fileContent ?? "{}"
     });
+    if (params.validate) {
+      const result = this.validate();
+      if (!result.success) {
+        throw result.error;
+      }
+    }
   }
   isDeletable() {
     return false;
@@ -10792,7 +10869,19 @@ var ClinePermissions = class _ClinePermissions extends ToolPermissions {
     });
   }
   validate() {
-    return { success: true, error: null };
+    try {
+      const parsed = JSON.parse(this.fileContent || "{}");
+      const result = ClineCommandPermissionsSchema.safeParse(parsed);
+      if (!result.success) {
+        return { success: false, error: result.error };
+      }
+      return { success: true, error: null };
+    } catch (error) {
+      return {
+        success: false,
+        error: new Error(`Failed to parse Cline permissions JSON: ${formatError(error)}`)
+      };
+    }
   }
   static forDeletion({
     outputRoot = process.cwd(),
@@ -10810,10 +10899,12 @@ var ClinePermissions = class _ClinePermissions extends ToolPermissions {
 };
 
 // src/features/permissions/codexcli-permissions.ts
-import { join as join68 } from "path";
+import { isAbsolute as isAbsolute3, join as join68 } from "path";
 import * as smolToml4 from "smol-toml";
 var RULESYNC_PROFILE_NAME = "rulesync";
 var RULESYNC_BASH_RULES_FILE_NAME = "rulesync.rules";
+var CODEX_PROJECT_ROOTS_KEY = ":project_roots";
+var CODEX_GLOB_SCAN_MAX_DEPTH = 8;
 var CodexcliPermissions = class _CodexcliPermissions extends ToolPermissions {
   static getSettablePaths(_options = {}) {
     return {
@@ -10924,17 +11015,28 @@ function convertRulesyncToCodexProfile({
   logger
 }) {
   const filesystem = {};
+  const projectRootFilesystem = {};
   const domains = {};
   for (const [toolName, rules] of Object.entries(config.permission)) {
     if (toolName === "read") {
       for (const [pattern, action] of Object.entries(rules)) {
-        filesystem[pattern] = mapReadAction(action);
+        addFilesystemRule({
+          filesystem,
+          projectRootFilesystem,
+          pattern,
+          access: mapReadAction(action)
+        });
       }
       continue;
     }
     if (toolName === "edit" || toolName === "write") {
       for (const [pattern, action] of Object.entries(rules)) {
-        filesystem[pattern] = mapWriteAction(action);
+        addFilesystemRule({
+          filesystem,
+          projectRootFilesystem,
+          pattern,
+          access: mapWriteAction(action)
+        });
       }
       continue;
     }
@@ -10954,6 +11056,12 @@ function convertRulesyncToCodexProfile({
       `Codex CLI permissions support only read/edit/write/webfetch categories. Skipping: ${toolName}`
     );
   }
+  if (Object.keys(projectRootFilesystem).length > 0) {
+    if (Object.keys(projectRootFilesystem).some((pattern) => pattern.includes("**"))) {
+      filesystem.glob_scan_max_depth = CODEX_GLOB_SCAN_MAX_DEPTH;
+    }
+    filesystem[CODEX_PROJECT_ROOTS_KEY] = projectRootFilesystem;
+  }
   return {
     ...Object.keys(filesystem).length > 0 ? { filesystem } : {},
     ...Object.keys(domains).length > 0 ? { network: { domains } } : {}
@@ -10965,13 +11073,14 @@ function convertCodexProfileToRulesync(profile) {
     permission.read = {};
     permission.edit = {};
     for (const [pattern, access] of Object.entries(profile.filesystem)) {
-      if (access === "none") {
-        permission.read[pattern] = "deny";
-        permission.edit[pattern] = "deny";
-      } else if (access === "read") {
-        permission.read[pattern] = "allow";
-      } else {
-        permission.edit[pattern] = "allow";
+      if (isCodexFilesystemAccess(access)) {
+        addRulesyncFilesystemRule(permission, pattern, access);
+        continue;
+      }
+      if (isCodexFilesystemRuleTable(access)) {
+        for (const [nestedPattern, nestedAccess] of Object.entries(access)) {
+          addRulesyncFilesystemRule(permission, nestedPattern, nestedAccess);
+        }
       }
     }
   }
@@ -10994,6 +11103,35 @@ function toCodexProfile(value) {
     ...domains ? { network: { domains } } : {}
   };
 }
+function addFilesystemRule({
+  filesystem,
+  projectRootFilesystem,
+  pattern,
+  access
+}) {
+  if (canBeCodexFilesystemRoot(pattern)) {
+    filesystem[pattern] = access;
+    return;
+  }
+  projectRootFilesystem[pattern] = access;
+}
+function canBeCodexFilesystemRoot(pattern) {
+  return isAbsolute3(pattern) || /^[A-Za-z]:[\\/]/.test(pattern) || pattern.startsWith("~/") || pattern === "~" || pattern.startsWith(":");
+}
+function addRulesyncFilesystemRule(permission, pattern, access) {
+  if (access === "none") {
+    permission.read ??= {};
+    permission.edit ??= {};
+    permission.read[pattern] = "deny";
+    permission.edit[pattern] = "deny";
+  } else if (access === "read") {
+    permission.read ??= {};
+    permission.read[pattern] = "allow";
+  } else {
+    permission.edit ??= {};
+    permission.edit[pattern] = "allow";
+  }
+}
 function toMutableTable(value) {
   if (!value || typeof value !== "object" || Array.isArray(value)) {
     return {};
@@ -11004,8 +11142,33 @@ function toFilesystemRecord(value) {
   if (!value || typeof value !== "object" || Array.isArray(value)) return void 0;
   const result = {};
   for (const [key, raw] of Object.entries(value)) {
-    if (typeof raw !== "string") continue;
-    if (raw === "read" || raw === "write" || raw === "none") {
+    if (isCodexFilesystemAccess(raw)) {
+      result[key] = raw;
+      continue;
+    }
+    if (key === "glob_scan_max_depth" && typeof raw === "number") {
+      result[key] = raw;
+      continue;
+    }
+    const nested = toCodexFilesystemRuleTable(raw);
+    if (nested) {
+      result[key] = nested;
+    }
+  }
+  return Object.keys(result).length > 0 ? result : void 0;
+}
+function isCodexFilesystemAccess(value) {
+  return value === "read" || value === "write" || value === "none";
+}
+function isCodexFilesystemRuleTable(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) return false;
+  return Object.values(value).every(isCodexFilesystemAccess);
+}
+function toCodexFilesystemRuleTable(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) return void 0;
+  const result = {};
+  for (const [key, raw] of Object.entries(value)) {
+    if (isCodexFilesystemAccess(raw)) {
       result[key] = raw;
     }
   }
@@ -11385,7 +11548,7 @@ var RESERVED_OBJECT_KEYS = /* @__PURE__ */ new Set([
   "constructor",
   "prototype"
 ]);
-var moduleLogger = new ConsoleLogger();
+var moduleLogger2 = new ConsoleLogger();
 var GeminicliPermissions = class _GeminicliPermissions extends ToolPermissions {
   static getSettablePaths(_options = {}) {
     return {
@@ -11414,7 +11577,7 @@ var GeminicliPermissions = class _GeminicliPermissions extends ToolPermissions {
     rulesyncPermissions,
     validate = true,
     global = false,
-    logger = moduleLogger
+    logger = moduleLogger2
   }) {
     const paths = this.getSettablePaths({ global });
     const fileContent = buildGeminicliPolicyContent(rulesyncPermissions.getJson(), logger);
@@ -11439,31 +11602,31 @@ var GeminicliPermissions = class _GeminicliPermissions extends ToolPermissions {
           { cause: error }
         );
       }
-      const rules = extractRules(parsed, moduleLogger);
+      const rules = extractRules(parsed, moduleLogger2);
       for (const [index, rule] of rules.entries()) {
         const mappedCategory = Object.hasOwn(GEMINICLI_TO_RULESYNC_TOOL_NAME, rule.toolName) ? GEMINICLI_TO_RULESYNC_TOOL_NAME[rule.toolName] : void 0;
         const category = mappedCategory ?? rule.toolName;
         if (RESERVED_OBJECT_KEYS.has(category)) {
-          moduleLogger.warn(
+          moduleLogger2.warn(
             `Skipping rule #${index} in ${this.getRelativeFilePath()}: toolName "${rule.toolName}" maps to a reserved object key ("${category}") and would risk prototype pollution.`
           );
           continue;
         }
         const action = mapFromGeminicliDecision(rule.decision);
         if (!action) {
-          moduleLogger.warn(
+          moduleLogger2.warn(
             `Skipping rule #${index} (toolName="${rule.toolName}", commandPrefix=${JSON.stringify(rule.commandPrefix)}, argsPattern=${JSON.stringify(rule.argsPattern)}) in ${this.getRelativeFilePath()}: unknown decision ${JSON.stringify(rule.decision)}`
           );
           continue;
         }
         if (rule.toolName === "run_shell_command" && rule.commandPrefix !== void 0 && rule.argsPattern !== void 0) {
-          moduleLogger.warn(
+          moduleLogger2.warn(
             `Rule #${index} in ${this.getRelativeFilePath()} sets both commandPrefix and argsPattern; rulesync will honor argsPattern and ignore commandPrefix=${JSON.stringify(rule.commandPrefix)}.`
           );
         }
         const pattern = extractPattern(rule);
         if (RESERVED_OBJECT_KEYS.has(pattern)) {
-          moduleLogger.warn(
+          moduleLogger2.warn(
             `Skipping rule #${index} in ${this.getRelativeFilePath()}: pattern "${pattern}" is a reserved object key.`
           );
           continue;
@@ -12232,7 +12395,7 @@ var QwenSettingsPermissionsSchema = z36.looseObject({
 var QwenSettingsSchema = z36.looseObject({
   permissions: z36.optional(QwenSettingsPermissionsSchema)
 });
-var moduleLogger2 = new ConsoleLogger();
+var moduleLogger3 = new ConsoleLogger();
 var CANONICAL_TO_QWEN_TOOL_NAMES = {
   bash: "Bash",
   read: "Read",
@@ -12287,6 +12450,12 @@ var QwencodePermissions = class _QwencodePermissions extends ToolPermissions {
       ...params,
       fileContent: params.fileContent ?? "{}"
     });
+    if (params.validate) {
+      const result = this.validate();
+      if (!result.success) {
+        throw result.error;
+      }
+    }
   }
   isDeletable() {
     return false;
@@ -12408,7 +12577,19 @@ var QwencodePermissions = class _QwencodePermissions extends ToolPermissions {
     });
   }
   validate() {
-    return { success: true, error: null };
+    try {
+      const parsed = JSON.parse(this.fileContent || "{}");
+      const result = QwenSettingsSchema.safeParse(parsed);
+      if (!result.success) {
+        return { success: false, error: result.error };
+      }
+      return { success: true, error: null };
+    } catch (error) {
+      return {
+        success: false,
+        error: new Error(`Failed to parse Qwen permissions JSON: ${formatError(error)}`)
+      };
+    }
   }
   static forDeletion({
     outputRoot = process.cwd(),
@@ -12449,7 +12630,7 @@ function convertRulesyncToQwenPermissions(config) {
 }
 function convertQwenToRulesyncPermissions(params) {
   const permission = {};
-  const logger = params.logger ?? moduleLogger2;
+  const logger = params.logger ?? moduleLogger3;
   const processEntries = (entries, action) => {
     for (const entry of entries) {
       const parsed = parseQwenPermissionEntry(entry, { logger });
@@ -13201,7 +13382,8 @@ var RulesyncSkillFrontmatterSchemaInternal = z39.looseObject({
       "allowed-tools": z39.optional(z39.array(z39.string())),
       model: z39.optional(z39.string()),
       "disable-model-invocation": z39.optional(z39.boolean()),
-      "scheduled-task": z39.optional(z39.boolean())
+      "scheduled-task": z39.optional(z39.boolean()),
+      paths: z39.optional(z39.union([z39.string(), z39.array(z39.string())]))
     })
   ),
   codexcli: z39.optional(
@@ -13976,7 +14158,8 @@ var ClaudecodeSkillFrontmatterSchema = z43.looseObject({
   description: z43.string(),
   "allowed-tools": z43.optional(z43.array(z43.string())),
   model: z43.optional(z43.string()),
-  "disable-model-invocation": z43.optional(z43.boolean())
+  "disable-model-invocation": z43.optional(z43.boolean()),
+  paths: z43.optional(z43.union([z43.string(), z43.array(z43.string())]))
 });
 var ClaudecodeSkill = class _ClaudecodeSkill extends ToolSkill {
   constructor({
@@ -14049,6 +14232,7 @@ var ClaudecodeSkill = class _ClaudecodeSkill extends ToolSkill {
       ...frontmatter["disable-model-invocation"] !== void 0 && {
         "disable-model-invocation": frontmatter["disable-model-invocation"]
       },
+      ...frontmatter.paths !== void 0 && { paths: frontmatter.paths },
       ...this.relativeDirPath === CLAUDE_SCHEDULED_TASKS_DIR_PATH && { "scheduled-task": true }
     };
     const rulesyncFrontmatter = {
@@ -14086,6 +14270,9 @@ var ClaudecodeSkill = class _ClaudecodeSkill extends ToolSkill {
       },
       ...rulesyncFrontmatter.claudecode?.["disable-model-invocation"] !== void 0 && {
         "disable-model-invocation": rulesyncFrontmatter.claudecode["disable-model-invocation"]
+      },
+      ...rulesyncFrontmatter.claudecode?.paths !== void 0 && {
+        paths: rulesyncFrontmatter.claudecode.paths
       }
     };
     const settablePaths = _ClaudecodeSkill.getSettablePaths({ global });
@@ -21030,6 +21217,8 @@ var CopilotRuleFrontmatterSchema = z77.object({
   applyTo: z77.optional(z77.string()),
   excludeAgent: z77.optional(z77.union([z77.literal("code-review"), z77.literal("coding-agent")]))
 });
+var normalizeRelativePath = (path4) => path4.replace(/\\/g, "/").replace(/\/+/g, "/");
+var sameRelativePath = (leftDir, leftFile, rightDir, rightFile) => normalizeRelativePath(join133(leftDir, leftFile)) === normalizeRelativePath(join133(rightDir, rightFile));
 var CopilotRule = class _CopilotRule extends ToolRule {
   frontmatter;
   body;
@@ -21147,7 +21336,12 @@ var CopilotRule = class _CopilotRule extends ToolRule {
     global = false
   }) {
     const paths = this.getSettablePaths({ global });
-    const isRoot = relativeDirPath ? join133(relativeDirPath, relativeFilePath) === join133(paths.root.relativeDirPath, paths.root.relativeFilePath) : relativeFilePath === paths.root.relativeFilePath;
+    const isRoot = relativeDirPath ? sameRelativePath(
+      relativeDirPath,
+      relativeFilePath,
+      paths.root.relativeDirPath,
+      paths.root.relativeFilePath
+    ) : relativeFilePath === paths.root.relativeFilePath;
     const resolvedRelativeDirPath = relativeDirPath ?? (isRoot ? paths.root.relativeDirPath : paths.nonRoot?.relativeDirPath ?? paths.root.relativeDirPath);
     if (isRoot) {
       const relativePath2 = join133(paths.root.relativeDirPath, paths.root.relativeFilePath);
@@ -21191,7 +21385,12 @@ var CopilotRule = class _CopilotRule extends ToolRule {
     global = false
   }) {
     const paths = this.getSettablePaths({ global });
-    const isRoot = join133(relativeDirPath, relativeFilePath) === join133(paths.root.relativeDirPath, paths.root.relativeFilePath);
+    const isRoot = sameRelativePath(
+      relativeDirPath,
+      relativeFilePath,
+      paths.root.relativeDirPath,
+      paths.root.relativeFilePath
+    );
     return new _CopilotRule({
       outputRoot,
       relativeDirPath,