Skip to content

Add first-class exclusion support to permissions#3

Open
samkim wants to merge 20 commits intomainfrom
exclusion
Open

Add first-class exclusion support to permissions#3
samkim wants to merge 20 commits intomainfrom
exclusion

Conversation

@samkim
Copy link
Copy Markdown
Member

@samkim samkim commented Apr 22, 2026

Summary

  • Adds exclusions to file, bash, web, and MCP permissions as hard denials (translated into *_excluded relations that subtract from granted in SpiceDB).
  • Adds filename-prefix inclusion (basename_prefix) and a snapshot_existing directive that walks the filesystem at apply time to distinguish existing vs newly-created files.
  • Fixes the hook server so blanket file_read/file_write/bash/web_fetch/mcp categories now flow through the resource check (exclusions were previously bypassed by the blanket shortcut).

Notable changes

  • Schema: new file_path_and_basename_prefix_match and file_path_equals caveats; bare-session grants allowed on every rule type; read_excluded / write_excluded / execute_excluded / fetch_excluded / invoke_excluded relations subtract from both check and *_needs_approval.
  • Translator: new FileExclusion/BashExclusion/WebExclusion/MCPExclusion types; Materialize step expands snapshot_existing: true into a paths-kind exclusion; relationship emission handles bare-session grants and every exclusion shape.
  • Hook server: categoryHasResource gate on blanket shortcut; grant flow calls Materialize at confirm time so "existing files" means "when the grant was applied".
  • Prompt, Describe/Summarize, TUI review screen (nested ↳ except …), and README updated.

Test Plan

  • go test ./... — all packages pass (schema, translator, hookserver, tui included)
  • go build ./cmd/spicebox — binary builds
  • Schema-level coverage for every new caveat, bare-session grant, and subtraction path
  • Translator emission tests (basename-prefix inclusion, bare-session blanket, file pattern/paths exclusions, bash/web/MCP exclusions, blanket→resource backfill)
  • Materialize unit tests (walks, MaxFiles bound abandon semantics, suffix/basename-prefix filters, no-op)
  • Describe tests verifying nested exclusions render + survive FilterPermissions
  • Hook-server tests: blanket-with-exclusion honored; grant-time snapshot materialization
  • End-to-end integration tests for all 5 exclusion shapes (file basename-prefix, file snapshot, bash prefix, web contains, MCP tool prefix)
  • TUI rendering test for ↳ except indented exclusions with collapsed path counts
  • Manual TUI smoke test with spicebox claude on a prompt like "read and write Go files under $(pwd) except .env* files"

🤖 Generated with Claude Code

samkim and others added 20 commits April 21, 2026 22:26
@samkim @claude
Add design spec for permission exclusions
86119f2 
Covers exclusion support across file/bash/web/MCP permissions, including
the "existing vs newly created files" snapshot case. Schema changes route
through SpiceDB permission subtraction (granted - excluded); translator
gains a materialize step for snapshot expansion.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@samkim @claude
Add implementation plan for permission exclusions
aeb5f11 
Nineteen tasks covering schema extensions, translator types/prompt/relationships,
materialize step for snapshot exclusions, hook-server routing, TUI nesting,
grant-flow integration, and README updates. Each task is TDD with exact code
and verification commands.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@samkim
schema: add file_path_and_basename_prefix_match caveat
3c6ddf0
@samkim
schema: add file_path_equals caveat
d387e35
@samkim
schema: allow bare-session grants on all rule types
865be39
@samkim
schema: add *_excluded relations and subtraction on resources
95575e0
@samkim
translator: add exclusion/basename-prefix/snapshot fields to permissi…
abdb88d 
…on types
@samkim
translator: emit basename-prefix and bare-session inclusions
b86e005
@samkim
translator: test file pattern exclusion relationships
cbf3431
@samkim
translator: test snapshot-paths exclusion emission
880cacb
@samkim
translator: test bash, web, and MCP exclusion relationships
bbb199a
@samkim
translator: add Materialize for snapshot-existing file expansion
f9f824b
@samkim
translator: describe nests exclusions under parent inclusion
d9d685f
@samkim
hookserver: skip blanket shortcut for categories with resource routing
8b5f75f
@samkim
translator: teach prompt about exclusions, basename-prefix, and snaps…
bd1c48e 
…hots
@samkim
cmd/spicebox: materialize snapshot exclusions before enforcement
7226985
@samkim
hookserver: materialize snapshot exclusions during grant flow
3910491
@samkim
tui: nest exclusions under parent inclusion in review screen
2c06f57
@samkim
hookserver: end-to-end exclusion integration tests
21640c5
@samkim
docs: document exclusion support and remove outdated limitation
2491f3f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@samkim