fix: improve permission prompt interaction

Stabilize permission menu navigation, add input-idea flow for revising blocked actions,
and persist permission rules through user settings when needed.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: 王璨

src/core/config.ts

@@ -18,7 +18,7 @@ function userConfigPath(): string {
   return join(dsConfigHome(), "config.json");
 }
 
-function userSettingsPath(): string {
+export function userSettingsPath(): string {
   return join(dsConfigHome(), "settings.json");
 }
 
@@ -54,6 +54,16 @@ function loadScopedSettings(settingsPath: string): Record<string, unknown> {
   return loadJsonSafe(settingsPath);
 }
 
+export function loadUserSettings(): Record<string, unknown> {
+  return loadScopedSettings(userSettingsPath());
+}
+
+export function saveUserSettings(partial: Record<string, unknown>): void {
+  const path = userSettingsPath();
+  const existing = loadUserSettings();
+  saveJsonSafe(path, { ...existing, ...partial });
+}
+
 export function saveUserConfig(partial: Record<string, unknown>): void {
   const path = userConfigPath();
   const existing = loadUserCommandConfig();
@@ -106,6 +116,8 @@ export function loadConfig(): HarnessConfig {
   // API key: env var > user config (never project config for security)
   const apiKey = process.env.DEEPSEEK_API_KEY ?? (userConfig.apiKey as string | undefined);
 
+  const userPermissionRules = ((userSettings.permissions as any)?.rules as Record<string, unknown>[]) ?? [];
+  const projectPermissionRules = ((projectSettings.permissions as any)?.rules as Record<string, unknown>[]) ?? [];
   const userDeny = ((userSettings.permissions as any)?.deny as string[]) ?? [];
   const projectDeny = ((projectSettings.permissions as any)?.deny as string[]) ?? [];
   const denyPatterns = [...new Set([...userDeny, ...projectDeny])];
@@ -182,7 +194,7 @@ export function loadConfig(): HarnessConfig {
     },
     permissions: {
       defaultDecision: "ask",
-      rules: [],
+      rules: [...userPermissionRules, ...projectPermissionRules] as any,
       denyPatterns,
     },
     skills,

src/core/harness.ts

@@ -40,7 +40,7 @@ export class Harness {
     this.skillManager = new SkillManager(config.userSkillsDir, config.projectSkillsDir);
     this.permissionManager = new PermissionManager(
       config.permissions,
-      (toolName, preview) => this.tui.getPromptPermission()(toolName, preview),
+      (toolName, preview, args) => this.tui.getPromptPermission()(toolName, preview, args),
       () => {},
     );
   }

src/core/types.ts

@@ -125,7 +125,15 @@ export interface SkillManifest {
 
 // --- UI ---
 
-export type PromptUserFn = (toolName: string, preview: string) => Promise<{
+export interface PermissionPromptResult {
   decision: "allow" | "deny";
-  rememberForSession: boolean;
-}>;
+  rememberForSession?: boolean;
+  persistRule?: PermissionRuleConfig;
+  denyReason?: string;
+}
+
+export type PromptUserFn = (
+  toolName: string,
+  preview: string,
+  args: unknown,
+) => Promise<PermissionPromptResult>;

src/permissions/manager.ts

@@ -1,4 +1,5 @@
-import type { PermissionDecision, PermissionRule, PermissionsConfig, PromptUserFn } from "../core/types.js";
+import type { PermissionDecision, PermissionRule, PermissionRuleConfig, PermissionsConfig, PromptUserFn } from "../core/types.js";
+import { loadUserSettings, saveUserSettings } from "../core/config.js";
 import { DEFAULT_RULES } from "./rules.js";
 
 function globToRegex(pattern: string): RegExp {
@@ -70,12 +71,23 @@ export class PermissionManager {
       case "ask": {
         this.onBeforePrompt?.();
         const preview = this.formatPreview(toolName, context.args);
-        const result = await this.promptUser(toolName, preview);
+        const result = await this.promptUser(toolName, preview, context.args);
+        if (result.persistRule) {
+          this.persistRule(result.persistRule);
+          this.rules.push({
+            tool: result.persistRule.tool,
+            argPattern: result.persistRule.argPattern ? new RegExp(result.persistRule.argPattern) : undefined,
+            decision: result.persistRule.decision,
+            reason: result.persistRule.reason,
+            priority: result.persistRule.priority ?? 5,
+          });
+          this.rules.sort((a, b) => b.priority - a.priority);
+        }
         if (result.rememberForSession) {
           this.sessionGrants.add(toolName);
         }
         if (result.decision === "deny") {
-          return { block: true, reason: "Denied by user" };
+          return { block: true, reason: result.denyReason ?? "Denied by user" };
         }
         return undefined;
       }
@@ -94,6 +106,20 @@ export class PermissionManager {
     return Array.from(this.sessionGrants);
   }
 
+  private persistRule(rule: PermissionRuleConfig): void {
+    const settings = loadUserSettings();
+    const permissions = ((settings.permissions as Record<string, unknown> | undefined) ?? {});
+    const rules = Array.isArray(permissions.rules) ? [...permissions.rules] : [];
+    rules.push(rule);
+    saveUserSettings({
+      ...settings,
+      permissions: {
+        ...permissions,
+        rules,
+      },
+    });
+  }
+
   private evaluate(toolName: string, argsStr: string): { decision: PermissionDecision; reason?: string } {
     for (const rule of this.rules) {
       if (rule.tool !== "*" && rule.tool !== toolName) continue;

src/ui/conversation.ts

@@ -40,19 +40,30 @@ function toolResultPreview(result: unknown): string {
   }
 }
 
-interface PermOption {
-  value: "allow" | "always_allow" | "deny";
+export type PermOptionValue = "allow" | "always_allow" | "explain" | "deny";
+
+export interface PermOption {
+  value: PermOptionValue;
   label: string;
   key: string;
   color: (s: string) => string;
 }
 
-const PERM_OPTIONS: PermOption[] = [
+export const PERM_OPTIONS: PermOption[] = [
   { value: "allow", label: "Allow", key: "enter", color: c.green },
-  { value: "deny", label: "Deny", key: "esc", color: c.red },
   { value: "always_allow", label: "Always Allow", key: "a", color: c.cyan },
+  { value: "explain", label: "Input Idea", key: "i", color: c.yellow },
+  { value: "deny", label: "Deny", key: "esc", color: c.red },
 ];
 
+export function navigatePermSelection(current: number, direction: -1 | 1): number {
+  return (current + direction + PERM_OPTIONS.length) % PERM_OPTIONS.length;
+}
+
+export function findPermOptionByKey(input: string): PermOption | undefined {
+  return PERM_OPTIONS.find((option) => option.key.length === 1 && option.key.toLowerCase() === input.toLowerCase());
+}
+
 export class ConversationView {
   private box: Box;
   private textComponent: Text;
@@ -205,8 +216,7 @@ export class ConversationView {
   }
 
   permNavigate(direction: -1 | 1): void {
-    const max = PERM_OPTIONS.length - 1;
-    this.permSelected = Math.max(0, Math.min(max, this.permSelected + direction));
+    this.permSelected = navigatePermSelection(this.permSelected, direction);
     this.render();
   }
 
@@ -242,7 +252,7 @@ export class ConversationView {
       lines.push(`${prefix} ${label}  ${hint}`);
     }
     lines.push(c.dim(" ──────────────────────────────────────────────────"));
-    lines.push(c.dim(" ↑↓ to navigate  Enter to confirm  Esc to deny"));
+    lines.push(c.dim(" ↑↓ to navigate  Enter to confirm  A/I shortcuts  Esc to deny"));
     return lines;
   }