summaryrefslogtreecommitdiffhomepage
path: root/packaging/[email protected]
diff options
context:
space:
mode:
authorAdam Malczewski <[email protected]>2026-06-03 16:33:50 +0900
committerAdam Malczewski <[email protected]>2026-06-03 16:33:50 +0900
commit24bdaa6ca0333b91369ac50b23e929f83af01c3a (patch)
tree110f8a32c16daa01bfce8b412e687cf241cd8b6f /packaging/[email protected]
parentebd68da7dfd6d4f2ef6c6b29a62ec848bbf15cef (diff)
downloaddispatch-24bdaa6ca0333b91369ac50b23e929f83af01c3a.tar.gz
dispatch-24bdaa6ca0333b91369ac50b23e929f83af01c3a.zip
fix(config): emit local permission patterns after global ones in merge
Gemini review caught a precedence-inversion bug in mergePermissions: when a nested permission group exists in BOTH global and local configs, the previous `{ ...existing, ...value }` spread updated an overridden pattern IN PLACE, leaving its original (global) insertion slot. Since configToRuleset flattens patterns in iteration order and evaluate() uses findLast (last match wins), a more-general global pattern declared lower (e.g. "*") would sit AFTER the local override and silently shadow it. Example: global bash { "npm test"=allow, "*"=ask } + local bash { "npm test"=deny } resolved "npm test" to "ask" instead of "deny". Fix: drop global patterns the local block also defines, keep remaining global patterns in order, then append ALL local patterns last — reproducing a clean "global rules then local rules" concatenation so local always wins. Adds a regression test asserting order and evaluation outcome.
Diffstat (limited to 'packaging/[email protected]')
0 files changed, 0 insertions, 0 deletions