diff options
| author | Adam Malczewski <[email protected]> | 2026-06-03 16:33:50 +0900 |
|---|---|---|
| committer | Adam Malczewski <[email protected]> | 2026-06-03 16:33:50 +0900 |
| commit | 24bdaa6ca0333b91369ac50b23e929f83af01c3a (patch) | |
| tree | 110f8a32c16daa01bfce8b412e687cf241cd8b6f /packaging/[email protected] | |
| parent | ebd68da7dfd6d4f2ef6c6b29a62ec848bbf15cef (diff) | |
| download | dispatch-24bdaa6ca0333b91369ac50b23e929f83af01c3a.tar.gz dispatch-24bdaa6ca0333b91369ac50b23e929f83af01c3a.zip | |
fix(config): emit local permission patterns after global ones in merge
Gemini review caught a precedence-inversion bug in mergePermissions: when a
nested permission group exists in BOTH global and local configs, the previous
`{ ...existing, ...value }` spread updated an overridden pattern IN PLACE,
leaving its original (global) insertion slot. Since configToRuleset flattens
patterns in iteration order and evaluate() uses findLast (last match wins), a
more-general global pattern declared lower (e.g. "*") would sit AFTER the
local override and silently shadow it.
Example: global bash { "npm test"=allow, "*"=ask } + local bash
{ "npm test"=deny } resolved "npm test" to "ask" instead of "deny".
Fix: drop global patterns the local block also defines, keep remaining global
patterns in order, then append ALL local patterns last — reproducing a clean
"global rules then local rules" concatenation so local always wins. Adds a
regression test asserting order and evaluation outcome.
Diffstat (limited to 'packaging/[email protected]')
0 files changed, 0 insertions, 0 deletions
