core: fix permission evaluation to use rule-based matching instead of wildcard patterns

2026-03-30 05:43:55 +00:00 · 2026-01-05 01:06:59 -05:00 · 2026-01-05 01:06:59 -05:00 · 9f38af44db
commit 9f38af44db
parent 7324b2260a
1 changed files with 3 additions and 3 deletions
--- a/packages/opencode/src/permission/next.ts
+++ b/packages/opencode/src/permission/next.ts
@ -232,9 +232,9 @@ export namespace PermissionNext {
    const result = new Set<string>()
    for (const tool of tools) {
      const permission = EDIT_TOOLS.includes(tool) ? "edit" : tool
-      if (evaluate(permission, "*", ruleset).action === "deny") {
-        result.add(tool)
-      }
+      const rule = ruleset.findLast((r) => Wildcard.match(permission, r.pattern))
+      if (!rule) continue
+      if (rule.pattern === "*" && rule.action === "deny") result.add(tool)
    }
    return result
  }