fix: permission config deny rules not working with wildcard ask (#15664)#15736
Open
zoe531 wants to merge 1 commit intoanomalyco:devfrom
Open
fix: permission config deny rules not working with wildcard ask (#15664)#15736zoe531 wants to merge 1 commit intoanomalyco:devfrom
zoe531 wants to merge 1 commit intoanomalyco:devfrom
Conversation
…alyco#15664) Fixed by changing merge order in config.ts. Previously mergeDeep(perms, result.permission) placed tool deny rules BEFORE user config rules, causing findLast in disabled() to return the catch-all ask rule instead of tool-specific deny rules. Changed to mergeDeep(result.permission ?? {}, perms) so user config comes first, and tool deny rules come last for correct findLast behavior.
Contributor
|
The following comment was made by an LLM, it may be inaccurate: Based on my search results, I found one potentially related PR: Related PR:
This appears related as it also addresses permission config issues. However, the current PR (#15736) is specifically about deny rules being overridden by wildcard ask rules due to merge order in config.ts, while #14070 concerns root-level permission config not being respected - these are distinct issues even though both involve permission configuration. No exact duplicate PRs were found that address the same wildcard ask/deny rules merge order problem. |
Author
|
Friendly bump! This fix is ready. Please review. Thank you! |
zoe531
commented
Mar 3, 2026
Author
zoe531
left a comment
zoe531
left a comment
There was a problem hiding this comment.
This fix is ready. Please review.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue for this PR
Closes #15664
Type of change
What does this PR do?
Fixes issue where tools config deny rules are silently overridden by wildcard ask rule in permission config.
The fix changes the merge order in config.ts. Previously mergeDeep(perms, result.permission) placed tool deny rules BEFORE user config rules. Changed to mergeDeep(result.permission ?? {}, perms) so user config comes first.
How did you verify your code works?
Analyzed the code and confirmed the merge order issue.
Local tests pass:
test/permission/next.test.ts: 62 pass
Screenshots / recordings
N/A - This is a backend fix, no UI changes.
Checklist