feat(permissions): persist rules to project settings, not user settings

王璨 · 王璨 · commit a402ff00ff5f · 2026-06-10T12:06:19.000+08:00
diff --git a/openspec/changes/archive/2026-05-27-permission-save-project-settings/.openspec.yaml b/openspec/changes/archive/2026-05-27-permission-save-project-settings/.openspec.yaml
@@ -0,0 +1,2 @@
+schema: spec-driven
+created: 2026-05-27
diff --git a/openspec/changes/archive/2026-05-27-permission-save-project-settings/design.md b/openspec/changes/archive/2026-05-27-permission-save-project-settings/design.md
@@ -0,0 +1,103 @@
+## Context
+
+当前权限持久化管线：
+
+```
+persistRule(rule)
+  → loadUserSettings()        // ~/.dscode/settings.json
+  → saveUserSettings(merged)  // ~/.dscode/settings.json
+```
+
+期望管线：
+
+```
+persistRule(rule)
+  → loadScopedSettings(projectSettingsPath(projectPath))  // $PROJECT/.dscode/settings.json
+  → saveJsonSafe(path, merged)                            // $PROJECT/.dscode/settings.json
+```
+
+基础设施已就绪：`projectSettingsPath()`、`loadScopedSettings()`、`saveJsonSafe()` 均已存在。仅缺 `saveProjectSettings()` 封装和 `PermissionManager` 拿到 `projectPath`。
+
+## Goals / Non-Goals
+
+**Goals:**
+- `persistRule` 写入工程级 settings
+- 无 `.dscode/` 目录时自动创建
+- 与现有加载合并逻辑兼容
+
+**Non-Goals:**
+- 不迁移已有用户级旧规则
+- 不改 UI 文案
+- 不新增用户选项（工程级 vs 用户级选择）
+
+## Decisions
+
+### 1. `PermissionManager` 持有 `projectPath`
+
+**决策**：`PermissionManager` 构造函数新增 `projectPath: string` 参数。
+
+```
+class PermissionManager {
+  private projectPath: string;
+  
+  constructor(
+    config: PermissionsConfig,
+    promptUser: PromptUserFn,
+    projectPath: string,        // ← 新增
+    onBeforePrompt?: () => void,
+  ) { ... }
+}
+```
+
+**理由**：最简侵入路径。`Harness` 已有 `config.projectPath`，直接透传即可。
+
+**替代方案**：通过回调注入 `(rule) => void` — 增加间接层，无必要。
+
+### 2. `saveProjectSettings()` 封装
+
+**决策**：在 `config.ts` 中新增函数，与 `saveUserSettings()` 对称。
+
+```typescript
+export function saveProjectSettings(
+  projectPath: string,
+  partial: Record<string, unknown>
+): void {
+  const path = projectSettingsPath(projectPath);
+  const existing = loadScopedSettings(path);
+  const merged = { ...existing, ...partial };
+  for (const [k, v] of Object.entries(partial)) {
+    if (v === null) delete merged[k];
+  }
+  saveJsonSafe(path, merged);
+}
+```
+
+**理由**：保持 API 一致性，`saveUserSettings` 和 `saveProjectSettings` 共享相同的 merge + null-delete 语义。
+
+### 3. 无工程目录时的行为
+
+**决策**：`saveJsonSafe` 已包含 `mkdirSync(dir, { recursive: true })`，`.dscode/` 不存在时自动创建。无需额外处理。
+
+**理由**：已有基础设施覆盖此 edge case，保持简单。
+
+### 4. persistRule 切换到工程级
+
+**决策**：`persistRule` 使用 `loadScopedSettings(projectSettingsPath(this.projectPath))` + `saveProjectSettings(this.projectPath, ...)` 替代原有的 `loadUserSettings()` + `saveUserSettings()`。
+
+```
+private persistRule(rule: PermissionRuleConfig): void {
+  const settings = loadScopedSettings(projectSettingsPath(this.projectPath));
+  // ... same logic, but use saveProjectSettings(this.projectPath, ...)
+}
+```
+
+**理由**：逻辑不变，仅目标路径变化。
+
+## Risks / Trade-offs
+
+- **风险**：纯 REPL 模式（无 project）下写入 `/dev/null` 或根目录 — 实际上 Harness 始终有 `projectPath`（来自 `cliCwd ?? process.cwd()`），这不是问题。
+- **风险**：团队协作中，工程师 A 的 allow 规则提交到 git 后影响工程师 B — 这是预期行为，工程级 settings 天然适用于团队共享。
+
+## Open Questions
+
+无。
diff --git a/openspec/changes/archive/2026-05-27-permission-save-project-settings/proposal.md b/openspec/changes/archive/2026-05-27-permission-save-project-settings/proposal.md
@@ -0,0 +1,30 @@
+## Why
+
+当前权限弹窗的 "Save to settings" 功能将规则持久化到用户级 `~/.dscode/settings.json`。这导致：
+
+- 权限规则与工程无关，无法随仓库共享给团队成员
+- 同一用户的不同工程无法拥有独立的权限策略
+- 工程级 `permissions.allow/deny` 已支持加载读取，但写入口仍缺失
+
+## What Changes
+
+- **`PermissionManager`**：`persistRule()` 改为写入工程级 `$PROJECT/.dscode/settings.json`
+- **`config.ts`**：新增 `saveProjectSettings(projectPath, partial)` 函数，与已有的 `saveUserSettings` 对称
+- **`harness.ts`**：构造 `PermissionManager` 时传入 `projectPath`
+- 无工程目录时自动创建 `.dscode/` 目录（`saveJsonSafe` 已有 `mkdirSync(recursive: true)`）
+
+## Capabilities
+
+### Modified Capabilities
+
+- `permission-persist-ui`：persistRule 的目标路径从用户级改为工程级
+
+### New Capabilities
+
+- `permission-project-persist`：工程级 settings 写入规范
+
+## Impact
+
+- UI 无需更改（按钮文案、"Save to settings" 弹窗逻辑不变）
+- 已有用户级 `~/.dscode/settings.json` 中的旧规则不动，不迁移
+- 加载时工程级优先于用户级（`config.ts:143` 已有合并逻辑），新规则生效无缝
diff --git a/openspec/changes/archive/2026-05-27-permission-save-project-settings/specs/permission-project-persist/spec.md b/openspec/changes/archive/2026-05-27-permission-save-project-settings/specs/permission-project-persist/spec.md
@@ -0,0 +1,34 @@
+## ADDED Requirements
+
+### Requirement: persistRule saves to project-level settings.json
+The `PermissionManager.persistRule()` method SHALL write permission rules to the project-level `.dscode/settings.json` (via `saveProjectSettings`), not to the user-level `~/.dscode/settings.json`.
+
+#### Scenario: Allow rule saved to project settings
+- **WHEN** user selects "Always Allow (save)" for tool `mcp__lsp__textDocument_definition` in project `/home/user/myproject`
+- **THEN** `/home/user/myproject/.dscode/settings.json` SHALL contain `permissions.allow` array including `"mcp__lsp__textDocument_definition"`
+- **AND** `~/.dscode/settings.json` SHALL NOT be modified
+
+#### Scenario: Deny rule saved to project settings
+- **WHEN** user selects "Always Deny (save)" for tool `bash` with pattern `rm -rf`
+- **THEN** project `.dscode/settings.json` SHALL contain `permissions.deny` array including `"bash"`
+
+### Requirement: saveProjectSettings merges with existing project settings
+The new `saveProjectSettings(projectPath, partial)` function SHALL merge `partial` with existing project settings at `<projectPath>/.dscode/settings.json`. Existing keys not present in `partial` SHALL be preserved. Keys with `null` values in `partial` SHALL be deleted.
+
+#### Scenario: Merge preserves existing keys
+- **WHEN** project settings already contains `{"modelId": "deepseek-v4-flash", "skills": ["test-echo"]}`
+- **AND** `saveProjectSettings` is called with `{permissions: {allow: ["read_file"]}}`
+- **THEN** resulting settings SHALL contain `modelId`, `skills`, AND `permissions`
+
+#### Scenario: Auto-create .dscode directory
+- **WHEN** project directory exists but `.dscode/` directory does not
+- **AND** `saveProjectSettings` is called
+- **THEN** `.dscode/` directory SHALL be created automatically
+- **AND** `settings.json` SHALL be written successfully
+
+### Requirement: PermissionManager accepts projectPath
+The `PermissionManager` constructor SHALL accept a `projectPath: string` parameter used by `persistRule` to determine the target settings file path.
+
+#### Scenario: Construction with projectPath
+- **WHEN** `new PermissionManager(config, promptUser, "/home/user/myproject", onBeforePrompt)` is called
+- **THEN** the instance SHALL store `projectPath` and use it in `persistRule` calls
diff --git a/openspec/changes/archive/2026-05-27-permission-save-project-settings/tasks.md b/openspec/changes/archive/2026-05-27-permission-save-project-settings/tasks.md
@@ -0,0 +1,17 @@
+## 1. config.ts — 新增 saveProjectSettings
+
+- [x] 1.1 在 `src/core/config.ts` 中新增 `saveProjectSettings(projectPath: string, partial: Record<string, unknown>): void`
+
+## 2. PermissionManager — 接入 projectPath
+
+- [x] 2.1 构造函数新增 `projectPath: string` 参数
+- [x] 2.2 `persistRule()` 改用 `loadScopedSettings(projectSettingsPath(this.projectPath))` + `saveProjectSettings(this.projectPath, ...)`
+
+## 3. Harness — 透传 projectPath
+
+- [x] 3.1 `src/core/harness.ts` 中 `new PermissionManager(...)` 调用传入 `config.projectPath`
+
+## 4. 验证
+
+- [x] 4.1 运行 `npm run typecheck` 确保无类型错误
+- [x] 4.2 运行 `npm test` 确保已有测试通过
diff --git a/openspec/specs/permission-project-persist/spec.md b/openspec/specs/permission-project-persist/spec.md
@@ -0,0 +1,34 @@
+## ADDED Requirements
+
+### Requirement: persistRule saves to project-level settings.json
+The `PermissionManager.persistRule()` method SHALL write permission rules to the project-level `.dscode/settings.json` (via `saveProjectSettings`), not to the user-level `~/.dscode/settings.json`.
+
+#### Scenario: Allow rule saved to project settings
+- **WHEN** user selects "Always Allow (save)" for tool `mcp__lsp__textDocument_definition` in project `/home/user/myproject`
+- **THEN** `/home/user/myproject/.dscode/settings.json` SHALL contain `permissions.allow` array including `"mcp__lsp__textDocument_definition"`
+- **AND** `~/.dscode/settings.json` SHALL NOT be modified
+
+#### Scenario: Deny rule saved to project settings
+- **WHEN** user selects "Always Deny (save)" for tool `bash` with pattern `rm -rf`
+- **THEN** project `.dscode/settings.json` SHALL contain `permissions.deny` array including `"bash"`
+
+### Requirement: saveProjectSettings merges with existing project settings
+The new `saveProjectSettings(projectPath, partial)` function SHALL merge `partial` with existing project settings at `<projectPath>/.dscode/settings.json`. Existing keys not present in `partial` SHALL be preserved. Keys with `null` values in `partial` SHALL be deleted.
+
+#### Scenario: Merge preserves existing keys
+- **WHEN** project settings already contains `{"modelId": "deepseek-v4-flash", "skills": ["test-echo"]}`
+- **AND** `saveProjectSettings` is called with `{permissions: {allow: ["read_file"]}}`
+- **THEN** resulting settings SHALL contain `modelId`, `skills`, AND `permissions`
+
+#### Scenario: Auto-create .dscode directory
+- **WHEN** project directory exists but `.dscode/` directory does not
+- **AND** `saveProjectSettings` is called
+- **THEN** `.dscode/` directory SHALL be created automatically
+- **AND** `settings.json` SHALL be written successfully
+
+### Requirement: PermissionManager accepts projectPath
+The `PermissionManager` constructor SHALL accept a `projectPath: string` parameter used by `persistRule` to determine the target settings file path.
+
+#### Scenario: Construction with projectPath
+- **WHEN** `new PermissionManager(config, promptUser, "/home/user/myproject", onBeforePrompt)` is called
+- **THEN** the instance SHALL store `projectPath` and use it in `persistRule` calls
diff --git a/src/core/config.ts b/src/core/config.ts
@@ -85,7 +85,19 @@ export function saveUserSettings(partial: Record<string, unknown>): void {
   saveJsonSafe(path, merged);
 }
 
+export function saveProjectSettings(projectPath: string, partial: Record<string, unknown>): void {
+  const path = projectSettingsPath(projectPath);
+  const existing = loadScopedSettings(path);
+  const merged = { ...existing, ...partial };
+  for (const [k, v] of Object.entries(partial)) {
+    if (v === null) delete merged[k];
+  }
+  saveJsonSafe(path, merged);
+}
+
+
 export function saveUserConfig(partial: Record<string, unknown>): void {
+
   const path = userConfigPath();
   const existing = loadUserCommandConfig();
   const merged = { ...existing, ...partial };
diff --git a/src/core/harness.ts b/src/core/harness.ts
@@ -67,6 +67,7 @@ export class Harness implements HarnessAPI {
     this.permissionManager = new PermissionManager(
       config.permissions,
       (toolName, preview, args) => this.ui.getPromptPermission()(toolName, preview, args),
+      config.projectPath,
       () => {},
     );
     this.imagePipeline = new ImagePipeline({
diff --git a/src/permissions/manager.ts b/src/permissions/manager.ts
@@ -1,5 +1,5 @@
 import type { PermissionDecision, PermissionRule, PermissionRuleConfig, PermissionsConfig, PromptUserFn } from "../core/types.js";
-import { loadUserSettings, saveUserSettings } from "../core/config.js";
+import { loadScopedSettings, projectSettingsPath, saveProjectSettings } from "../core/config.js";
 import { DEFAULT_RULES } from "./rules.js";
 
 function globToRegex(pattern: string): RegExp {
@@ -20,7 +20,10 @@ export class PermissionManager {
   private onBeforePrompt?: () => void;
   private toolPatternCache = new Map<string, RegExp | null>();
 
-  constructor(config: PermissionsConfig, promptUser: PromptUserFn, onBeforePrompt?: () => void) {
+  private projectPath: string;
+
+  constructor(config: PermissionsConfig, promptUser: PromptUserFn, projectPath: string, onBeforePrompt?: () => void) {
+    this.projectPath = projectPath;
     this.defaultDecision = config.defaultDecision;
     this.promptUser = promptUser;
     this.onBeforePrompt = onBeforePrompt;
@@ -108,15 +111,15 @@ export class PermissionManager {
   }
 
   private persistRule(rule: PermissionRuleConfig): void {
-    const settings = loadUserSettings();
+    const settings = loadScopedSettings(projectSettingsPath(this.projectPath));
     const permissions = ((settings.permissions as Record<string, unknown> | undefined) ?? {});
 
     if (rule.decision === "allow") {
       const allow = Array.isArray(permissions.allow) ? [...permissions.allow] : [];
       if (!allow.includes(rule.tool)) {
         allow.push(rule.tool);
       }
-      saveUserSettings({
+      saveProjectSettings(this.projectPath, {
         ...settings,
         permissions: {
           ...permissions,
@@ -128,7 +131,7 @@ export class PermissionManager {
       if (!deny.includes(rule.tool)) {
         deny.push(rule.tool);
       }
-      saveUserSettings({
+      saveProjectSettings(this.projectPath, {
         ...settings,
         permissions: {
           ...permissions,
diff --git a/tests/permissions/manager.test.ts b/tests/permissions/manager.test.ts
@@ -254,16 +254,18 @@ describe("PermissionManager", () => {
     const pm = new PermissionManager(defaultConfig, async () => ({
       decision: "allow",
       rememberForSession: false,
-    }), () => { called = true; });
+    }), "/tmp/test-project", () => { called = true; });
     await pm.check({
       toolCall: { name: "write_file" },
       args: { path: "/tmp/test.txt", content: "hello" },
     });
     expect(called).toBe(true);
   });
 
-  it("persists a saved allow rule to user settings", async () => {
+  it("persists a saved allow rule to project settings", async () => {
     const root = mkdtempSync(join(tmpdir(), "dscode-permissions-"));
+    const projectDir = join(root, "project");
+    mkdirSync(projectDir, { recursive: true });
     const configHome = join(root, "home");
     mkdirSync(configHome, { recursive: true });
     process.env.DSCODE_CONFIG_HOME = configHome;
@@ -278,15 +280,15 @@ describe("PermissionManager", () => {
         reason: "saved from permission prompt",
         priority: 20,
       },
-    }));
+    }), projectDir);
 
     const result = await pm.check({
       toolCall: { name: "bash" },
       args: { command: "npm test" },
     });
 
     expect(result).toBeUndefined();
-    const saved = JSON.parse(readFileSync(join(configHome, "settings.json"), "utf8"));
+    const saved = JSON.parse(readFileSync(join(projectDir, ".dscode", "settings.json"), "utf8"));
     expect(saved.permissions.allow).toHaveLength(1);
     expect(saved.permissions.allow[0]).toBe("bash");
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+schema: spec-driven`
	`2`	`+created: 2026-05-27`