feat: add granular external_directory permission configuration #5905
+1,179
−40
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…st#5395) - Support simple string and object-based permission configs - Enable read/write operation split with directory rules - Maintain backward compatibility with existing configs
…es (sst#5395) - Create ExternalPermission.resolve() for polymorphic permission handling - Support read/write split with directory-specific rules - Implement tilde expansion for home directory patterns - Update all tools to use operation-specific permission checks - Add comprehensive test coverage (21 tests)
…ls (sst#5395) - Add permission checks to ls, glob, and grep tools - Check Filesystem.contains() before accessing external paths - Use ExternalPermission.resolve() with 'read' operation - Prompt or deny access consistently with read.ts behavior
…st#5395) - Add Wildcard.pathMatch() where * doesn't cross directory boundaries - Add Wildcard.pathAll() for file path pattern matching - ** now correctly matches across directories, * matches within - Update ExternalPermission to use pathAll() for directory rules - Add comprehensive tests for new path matching behavior
…t#5395) - Use path.join() instead of string concat for Windows compatibility - Correctly handles path separators on all platforms
…sst#5395) Patterns like /path/**/subdir now correctly match files inside subdir by automatically appending /** unless pattern already ends with *
Changed from 'is not in the current working directory' to 'is denied by external_directory permission' for clarity
Document read/write split, directory rules, glob patterns, and limitations
**/ now uses (?:.*/)? regex to ensure path segment boundaries. /a/**/docs no longer incorrectly matches /a/xdocs
- Correct bash behavior (best-effort detection, not unrestricted) - Add patch to the list of covered tools - Add symlink limitation warning
- Make Wildcard.pathAll generic to avoid 'any' type - Replace 'let' with 'const' in glob.ts and grep.ts
Author
|
@thdxr Can I do anything to get this accepted? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #5395
Summary
Adds polymorphic configuration for
external_directorypermission, allowing users to:~) for home directory pathsExample Configuration
{ "permission": { "external_directory": { "read": { "directories": { "~/projects/docs": "allow", "~/.ssh": "deny" }, "default": "ask" }, "write": "deny" } } }Changes
external_directoryconfig (string OR read/write split OR directory rules)ExternalPermission.resolve()utility for path-based permission resolutionread,write,edit,patch,ls,glob,grep*matches within directory,**matches across directoriesScreenshot
The screenshot shows:
Known Limitations
bashtool uses best-effort detection (documented)Testing
ExternalPermission.resolve()