core: fix permission evaluation to use rule-based matching instead of wildcard patterns

2026-02-01 22:48:16 +00:00 · 2026-01-05 01:06:59 -05:00
parent 7324b2260a
commit 9f38af44db
1 changed files with 3 additions and 3 deletions
--- a/packages/opencode/src/permission/next.ts
+++ b/packages/opencode/src/permission/next.ts
@@ -232,9 +232,9 @@ export namespace PermissionNext {
    const result = new Set<string>()
    for (const tool of tools) {
      const permission = EDIT_TOOLS.includes(tool) ? "edit" : tool
-      if (evaluate(permission, "*", ruleset).action === "deny") {
-        result.add(tool)
-      }
+      const rule = ruleset.findLast((r) => Wildcard.match(permission, r.pattern))
+      if (!rule) continue
+      if (rule.pattern === "*" && rule.action === "deny") result.add(tool)
    }
    return result
  }