feat(execpolicy): add typed permission rules and config schema#1189
feat(execpolicy): add typed permission rules and config schema#1189greyfreedom wants to merge 7 commits into
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a granular tool permission system, replacing the legacy command allow-list with a more flexible ruleset. It adds support for typed permission rules (e.g., exec_shell, file_edit) with decisions including allow, deny, and ask. The ExecPolicyEngine has been refactored to support layered rulesets with priority and specificity matching for tool names, command prefixes, and workspace-relative path globs. Feedback highlights a bug in absolute path normalization and suggests using a standard crate for glob matching to improve security and maintainability.
greyfreedom
changed the title
|
Thanks. I am not merging this as-is because the PR body says this is only the first slice and that TUI approval persistence is still follow-up work, but it also uses Fixes #1186. That would close the issue before the user-facing permission workflow exists. Please change the closing keyword to Related/Part of, or split the issue so this PR closes only an execpolicy/config foundation issue. I would also want a closer pass on the config surface before this goes into a patch release, since permission rules affect tool execution policy. |
Thanks, that makes sense. I updated the PR body to replace I’m also happy to narrow or adjust the config surface before merge. The intended scope for this PR is only the typed rule model, config parsing, matching behavior, precedence, and legacy |
greyfreedom
force-pushed
the
feat/execpolicy-typed-rules
branch
4 times, most recently
from
a4a1c57 to
a706ecd
Compare
greyfreedom
force-pushed
the
feat/execpolicy-typed-rules
branch
3 times, most recently
from
c42082a to
4926d86
Compare
greyfreedom
force-pushed
the
feat/execpolicy-typed-rules
branch
from
ab0c80e to
c9860bc
Compare
|
This PR was opened before the v0.8.41 rebrand and is now stale. Feel free to rebase onto current |
Since I cannot reopen the current PR, I created a new PR #2046 . |
3 participants
Summary
This PR adds the first slice of persistent permission rule support at the
execpolicyand config layers.It introduces typed permission rules scoped by tool name, optional command prefix, and optional workspace-relative path pattern, with
allow,deny, andaskdecisions.This intentionally does not add TUI approval modal persistence yet. It provides the policy/config foundation for that follow-up work.
Changes
PermissionDecision:allowdenyaskToolPermissionRulewith:tooldecisioncommandpathRulesetto carry typed permission rules.ExecPolicyEngine::check_tool_permission.auto_allow/auto_denycompatibility by converting them intoexec_shelltyped rules../..normalization.Precedence
When multiple rules match, the engine resolves them by:
deny > ask > allowThis keeps deny rules conservative while allowing narrower
askrules to force approval over broader allow rules.Compatibility
Existing
auto_allowandauto_denyconfig entries continue to work. They are treated as legacy shell rules and mapped into typedexec_shellpermission rules internally.Tests
Added coverage for:
auto_allowcompatibilityOnFailure./..permissions.rulesVerification
cargo fmt --all cargo test -p deepseek-execpolicy -p deepseek-config -p deepseek-app-server -p deepseek-tui-cli cargo clippy -p deepseek-execpolicy -p deepseek-config -p deepseek-app-server -p deepseek-tui-cli --all-targets -- -D warnings git diff --checkFollow-up Work
Related Issue
Part of #1186
This is the first PR in the proposed permission-rules implementation plan. It only adds the execpolicy/config typed rule model, matching behavior, precedence tests, and legacy
auto_allow/auto_denycompatibility.