feat: add read permission exemption paths and apply to the scan paths for skills

qorzj · qorzj · commit 7799f5279340 · 2026-06-05T13:47:12.000+08:00
diff --git a/src/common/permissions.ts b/src/common/permissions.ts
@@ -60,6 +60,7 @@ export type ComputeToolCallPermissionsOptions = {
   projectRoot: string;
   toolCalls: unknown[];
   settings?: Required<PermissionSettings>;
+  readPermissionExemptPaths?: string[];
   resolveSnippetPath?: (sessionId: string, snippetId: string) => string | null | undefined;
 };
 
@@ -159,6 +160,7 @@ export function computeToolCallPermissions(options: ComputeToolCallPermissionsOp
       sessionId: options.sessionId,
       projectRoot: options.projectRoot,
       toolCall,
+      readPermissionExemptPaths: options.readPermissionExemptPaths,
       resolveSnippetPath: options.resolveSnippetPath,
     });
     const permission = evaluatePermissionScopes(request.scopes, options.settings);
@@ -182,6 +184,7 @@ export function describeToolPermissionRequest(options: {
   sessionId: string;
   projectRoot: string;
   toolCall: PermissionToolCall;
+  readPermissionExemptPaths?: string[];
   resolveSnippetPath?: (sessionId: string, snippetId: string) => string | null | undefined;
 }): AskPermissionRequest {
   const name = options.toolCall.function.name;
@@ -193,7 +196,10 @@ export function describeToolPermissionRequest(options: {
       toolCallId: options.toolCall.id,
       name,
       command: formatToolPathCommand("read", filePath),
-      scopes: filePath ? [isPathInProject(options.projectRoot, filePath) ? "read-in-cwd" : "read-out-cwd"] : [],
+      scopes:
+        filePath && !isPathInAnyDirectory(options.projectRoot, filePath, options.readPermissionExemptPaths)
+          ? [isPathInProject(options.projectRoot, filePath) ? "read-in-cwd" : "read-out-cwd"]
+          : [],
     };
   }
 
@@ -386,6 +392,30 @@ export function isPathInProject(projectRoot: string, filePath: string): boolean
   return relative === "" || (!relative.startsWith("..") && !path.isAbsolute(relative));
 }
 
+export function isPathInAnyDirectory(
+  projectRoot: string,
+  filePath: string,
+  directories: string[] | undefined
+): boolean {
+  if (!directories?.length) {
+    return false;
+  }
+
+  const normalized = normalizeFilePath(filePath);
+  const absolutePath = isAbsoluteFilePath(normalized) ? normalized : path.resolve(projectRoot, normalized);
+  for (const directory of directories) {
+    const normalizedDirectory = normalizeFilePath(directory);
+    const absoluteDirectory = isAbsoluteFilePath(normalizedDirectory)
+      ? normalizedDirectory
+      : path.resolve(projectRoot, normalizedDirectory);
+    const relative = path.relative(path.resolve(absoluteDirectory), path.resolve(absolutePath));
+    if (relative === "" || (!relative.startsWith("..") && !path.isAbsolute(relative))) {
+      return true;
+    }
+  }
+  return false;
+}
+
 export function hasUserPermissionReplies(value: { permissions?: unknown; alwaysAllows?: unknown }): boolean {
   return Boolean(
     (Array.isArray(value.permissions) && value.permissions.length > 0) ||
diff --git a/src/session.ts b/src/session.ts
@@ -796,14 +796,18 @@ ${agentInstructions}
     }
   }
 
-  async listSkills(sessionId?: string): Promise<SkillInfo[]> {
+  private getSkillScanRoots(): Array<{ root: string; displayRoot: string }> {
     const homeDir = os.homedir();
-    const skillRoots = [
+    return [
       { root: path.join(this.projectRoot, ".deepcode", "skills"), displayRoot: "./.deepcode/skills" },
       { root: path.join(this.projectRoot, ".agents", "skills"), displayRoot: "./.agents/skills" },
       { root: path.join(homeDir, ".deepcode", "skills"), displayRoot: "~/.deepcode/skills" },
       { root: path.join(homeDir, ".agents", "skills"), displayRoot: "~/.agents/skills" },
     ];
+  }
+
+  async listSkills(sessionId?: string): Promise<SkillInfo[]> {
+    const skillRoots = this.getSkillScanRoots();
     const skillsByName = new Map<string, SkillInfo>();
 
     const collectSkills = (root: string, displayRoot: string): SkillInfo[] => {
@@ -1354,6 +1358,7 @@ ${agentInstructions}
               projectRoot: this.projectRoot,
               toolCalls,
               settings: this.getResolvedSettings().permissions,
+              readPermissionExemptPaths: this.getSkillScanRoots().map((entry) => entry.root),
               resolveSnippetPath: (id, snippetId) => getSnippet(id, snippetId)?.filePath,
             })
           : null;
diff --git a/src/tests/permissions.test.ts b/src/tests/permissions.test.ts
@@ -8,6 +8,7 @@ import {
   computeToolCallPermissions,
   evaluatePermissionScopes,
   hasUserPermissionReplies,
+  isPathInAnyDirectory,
   parseBashSideEffects,
 } from "../common/permissions";
 
@@ -126,6 +127,77 @@ test("computeToolCallPermissions only asks for scopes not already allowed", () =
   );
 });
 
+test("computeToolCallPermissions allows read tool calls under skill scan paths", () => {
+  const projectRoot = createTempDir("deepcode-permissions-skill-read-workspace-");
+  const home = createTempDir("deepcode-permissions-skill-read-home-");
+  const skillRoot = path.join(home, ".agents", "skills");
+  const skillResourcePath = path.join(skillRoot, "pdf", "scripts", "extract.py");
+  const outsidePath = path.join(home, "notes.txt");
+  const plan = computeToolCallPermissions({
+    sessionId: "session-1",
+    projectRoot,
+    readPermissionExemptPaths: [skillRoot],
+    settings: {
+      allow: [],
+      deny: [],
+      ask: [],
+      defaultMode: "askAll",
+    },
+    toolCalls: [
+      {
+        id: "call-skill-read",
+        type: "function",
+        function: { name: "read", arguments: JSON.stringify({ file_path: skillResourcePath }) },
+      },
+      {
+        id: "call-outside-read",
+        type: "function",
+        function: { name: "read", arguments: JSON.stringify({ file_path: outsidePath }) },
+      },
+    ],
+  });
+
+  assert.deepEqual(plan.permissions, [
+    { toolCallId: "call-skill-read", permission: "allow" },
+    { toolCallId: "call-outside-read", permission: "ask" },
+  ]);
+  assert.deepEqual(
+    plan.askPermissions.map((item) => ({ id: item.toolCallId, scopes: item.scopes })),
+    [{ id: "call-outside-read", scopes: ["read-out-cwd"] }]
+  );
+});
+
+test("isPathInAnyDirectory matches absolute and project-relative directories without sibling leaks", () => {
+  const projectRoot = createTempDir("deepcode-permissions-directory-match-workspace-");
+  const home = createTempDir("deepcode-permissions-directory-match-home-");
+  const absoluteSkillRoot = path.join(home, ".agents", "skills");
+  const relativeSkillRoot = path.join(".deepcode", "skills");
+
+  assert.equal(
+    isPathInAnyDirectory(projectRoot, path.join(absoluteSkillRoot, "pdf", "scripts", "extract.py"), [
+      absoluteSkillRoot,
+    ]),
+    true
+  );
+  assert.equal(
+    isPathInAnyDirectory(projectRoot, path.join(projectRoot, relativeSkillRoot, "local", "SKILL.md"), [
+      relativeSkillRoot,
+    ]),
+    true
+  );
+  assert.equal(
+    isPathInAnyDirectory(projectRoot, path.join(`${absoluteSkillRoot}-backup`, "extract.py"), [absoluteSkillRoot]),
+    false
+  );
+  assert.equal(
+    isPathInAnyDirectory(projectRoot, path.join(projectRoot, ".deepcode", "skills-extra", "file.md"), [
+      relativeSkillRoot,
+    ]),
+    false
+  );
+  assert.equal(isPathInAnyDirectory(projectRoot, path.join(home, "notes.txt"), undefined), false);
+});
+
 test("appendProjectPermissionAllows writes unique project-level allow scopes", () => {
   const projectRoot = createTempDir("deepcode-permission-settings-");
   const settingsPath = path.join(projectRoot, ".deepcode", "settings.json");
