fix(permission): **/.env* deny rule now blocks root-level .env files (issue #29674)#29717
fix(permission): **/.env* deny rule now blocks root-level .env files (issue #29674)#29717Qingzhou-Joshua wants to merge 6 commits into
Conversation
`**/` now correctly matches root-level files (e.g. `**/.env*` matches `.env`). The placeholder is expanded after `*` and `?` substitution to avoid those passes corrupting the already-expanded regex fragment. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds a new `evaluate()` method to Tool.Context that silently checks a permission rule against the merged agent+session ruleset without triggering the ask UI. This enables glob and grep tools to filter out denied file paths from their results in a future change. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…co#29674) After ripgrep collects glob results, filter out any file whose path relative to the worktree matches a "read" deny rule via ctx.evaluate(). This prevents denied files (e.g. .env) from leaking into glob output even when the global glob permission is allowed. Also adds a test file and updates the glob test mock context with the evaluate() method. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…co#29674) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…y rule enforcement Appends a new describe block with three integration tests that verify: 1. User config deny rule blocks .env at root for read 2. User config deny rule blocks .env in subfolders for read 3. Default agent rules handle .env files via pattern matching These tests exercise the complete fix for issue anomalyco#29674, which includes: - Wildcard fix for **/ to match root-level files - glob tool filtering against read deny rules - grep tool filtering against read deny rules Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ntegration tests
github-actions
Bot
added
the
needs:compliance
|
This PR doesn't fully meet our contributing guidelines and PR template. What needs to be fixed:
Please edit this PR description to address the above within 2 hours, or it will be automatically closed. If you believe this was flagged incorrectly, please let a maintainer know. |
|
The following comment was made by an LLM, it may be inaccurate: Based on the search results, I found one potentially related PR: Related PR:
Why it's related: PR #28689 also addresses wildcard pattern matching in permissions, specifically the No exact duplicate PRs found addressing the same issue #29674. |
|
This pull request has been automatically closed because it was not updated to meet our contributing guidelines within the 2-hour window. Feel free to open a new pull request that follows our guidelines. |
github-actions
Bot
removed
the
needs:compliance
1 participant
Summary
Fixes #29674 — configuring
{ "read": { "**/.env*": "deny" } }inopencode.jsonchad no effect because of three independent bugs:**/wildcard bug:**/was compiled to(.*/)+(one-or-more) insteadof
(.*/)?(zero-or-more), so**/.env*never matched.envat theproject root
without checking
readdeny rulesgreptool not filtering results: ripgrep content matches were returnedwithout checking
readdeny rulesChanges
packages/core/src/util/wildcard.ts— fix**/expansion orderpackages/opencode/src/tool/tool.ts— addevaluate()toTool.Contextfor silent permission checks
packages/opencode/src/session/tools.ts— implementevaluate()in contextfactory
packages/opencode/src/tool/glob.ts— filter results againstreaddenyrules
packages/opencode/src/tool/grep.ts— filter results againstreaddenyrules
Tests