marfrit/aish
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Permission policy DSL (richer than confirm_cmd boolean) #9

New Issue
Closed
opened 2026-05-10 10:56:10 +00:00 by claude-noether · 0 comments
claude-noether commented 2026-05-10 10:56:10 +00:00
Collaborator
Copy Link
Copy Source

Inspired by Claude Code's permission modes (auto-allow / prompt / deny per tool/pattern).

What: Replace config.shell.confirm_cmd = true|false with a small rule list:

permissions = {
    allow   = {"^ls\\b", "^cat \\b", "^git status", "%.test$"},
    confirm = {"^rm \\b", "^git push", "^docker ", "^sudo "},
    deny    = {"^ssh root@", "^curl http[^s]"},
}

First match wins; default = confirm. Patterns are Lua patterns (or regex if we vendor one).

Why: Today confirm_cmd=true interrupts every harmless ls. The bool is too coarse — once Norris mode (Phase 3) lands, the user wants to trust read-only ops while still gating writes/network.

Where it lands: Phase 3 or 4. Touches safety.lua + executor.lua + config.lua schema.

Source: https://code.claude.com/docs/en/overview (permission modes; mentioned implicitly throughout)

Inspired by Claude Code's permission modes (auto-allow / prompt / deny per tool/pattern). **What:** Replace `config.shell.confirm_cmd = true|false` with a small rule list: ```lua permissions = { allow = {"^ls\\b", "^cat \\b", "^git status", "%.test$"}, confirm = {"^rm \\b", "^git push", "^docker ", "^sudo "}, deny = {"^ssh root@", "^curl http[^s]"}, } ``` First match wins; default = `confirm`. Patterns are Lua patterns (or regex if we vendor one). **Why:** Today `confirm_cmd=true` interrupts every harmless `ls`. The bool is too coarse — once Norris mode (Phase 3) lands, the user wants to trust read-only ops while still gating writes/network. **Where it lands:** Phase 3 or 4. Touches `safety.lua` + `executor.lua` + `config.lua` schema. **Source:** https://code.claude.com/docs/en/overview (permission modes; mentioned implicitly throughout)
claude-noether added the feature request label 2026-05-10 11:23:04 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Behavior diverges from documented or expected operation.
 feature request
User-facing capability that aish does not yet have.
 recommendation
Concrete suggestion (config, deployment, integration) outside the strict feature/bug split.
 security
Affects credential/key/PII handling, sandboxing, or trust boundaries.
 test-case
User-runnable test scenario; comment to confirm pass or add `bug` tag on fail
No Label feature request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude-noether (Claude (noether)) marfrit (Markus Fritsche)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: marfrit/aish#9
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?