core: fix permission evaluation to use rule-based matching instead of wildcard patterns

author: Dax Raad <[email protected]> 2026-01-05 01:06:59 -0500
committer: Dax Raad <[email protected]> 2026-01-05 01:07:03 -0500
commit: 9f38af44db91966e331ce95f1d50194e8403be1e (patch)
tree: 8d9cd1451aea3706e717723860e8ce5783adcf11
parent: 7324b2260ab66c4b61c2e578482501bef26ade38 (diff)
download: opencode-9f38af44db91966e331ce95f1d50194e8403be1e.tar.gz
opencode-9f38af44db91966e331ce95f1d50194e8403be1e.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/packages/opencode/src/permission/next.ts b/packages/opencode/src/permission/next.ts
index 6d18caefb..3f8e7c648 100644
--- a/packages/opencode/src/permission/next.ts
+++ b/packages/opencode/src/permission/next.ts
@@ -232,9 +232,9 @@ export namespace PermissionNext {
     const result = new Set<string>()
     for (const tool of tools) {
       const permission = EDIT_TOOLS.includes(tool) ? "edit" : tool
-      if (evaluate(permission, "*", ruleset).action === "deny") {
-        result.add(tool)
-      }
+      const rule = ruleset.findLast((r) => Wildcard.match(permission, r.pattern))
+      if (!rule) continue
+      if (rule.pattern === "*" && rule.action === "deny") result.add(tool)
     }
     return result
   }
author	Dax Raad <[email protected]>	2026-01-05 01:06:59 -0500
committer	Dax Raad <[email protected]>	2026-01-05 01:07:03 -0500
commit	9f38af44db91966e331ce95f1d50194e8403be1e (patch)
tree	8d9cd1451aea3706e717723860e8ce5783adcf11
parent	7324b2260ab66c4b61c2e578482501bef26ade38 (diff)
download	opencode-9f38af44db91966e331ce95f1d50194e8403be1e.tar.gz opencode-9f38af44db91966e331ce95f1d50194e8403be1e.zip