(
{ skill, args },
context,
)
| 430 | }, |
| 431 | |
| 432 | async checkPermissions( |
| 433 | { skill, args }, |
| 434 | context, |
| 435 | ): Promise<PermissionDecision> { |
| 436 | // Skills are just skill names, no arguments |
| 437 | const trimmed = skill.trim() |
| 438 | |
| 439 | // Remove leading slash if present (for compatibility) |
| 440 | const commandName = trimmed.startsWith('/') ? trimmed.substring(1) : trimmed |
| 441 | |
| 442 | const appState = context.getAppState() |
| 443 | const permissionContext = appState.toolPermissionContext |
| 444 | |
| 445 | // Look up the command object to pass as metadata |
| 446 | const commands = await getAllCommands(context) |
| 447 | const commandObj = findCommand(commandName, commands) |
| 448 | |
| 449 | // Helper function to check if a rule matches the skill |
| 450 | // Normalizes both inputs by stripping leading slashes for consistent matching |
| 451 | const ruleMatches = (ruleContent: string): boolean => { |
| 452 | // Normalize rule content by stripping leading slash |
| 453 | const normalizedRule = ruleContent.startsWith('/') |
| 454 | ? ruleContent.substring(1) |
| 455 | : ruleContent |
| 456 | |
| 457 | // Check exact match (using normalized commandName) |
| 458 | if (normalizedRule === commandName) { |
| 459 | return true |
| 460 | } |
| 461 | // Check prefix match (e.g., "review:*" matches "review-pr 123") |
| 462 | if (normalizedRule.endsWith(':*')) { |
| 463 | const prefix = normalizedRule.slice(0, -2) // Remove ':*' |
| 464 | return commandName.startsWith(prefix) |
| 465 | } |
| 466 | return false |
| 467 | } |
| 468 | |
| 469 | // Check for deny rules |
| 470 | const denyRules = getRuleByContentsForTool( |
| 471 | permissionContext, |
| 472 | SkillTool as Tool, |
| 473 | 'deny', |
| 474 | ) |
| 475 | for (const [ruleContent, rule] of denyRules.entries()) { |
| 476 | if (ruleMatches(ruleContent)) { |
| 477 | return { |
| 478 | behavior: 'deny', |
| 479 | message: `Skill execution blocked by permission rules`, |
| 480 | decisionReason: { |
| 481 | type: 'rule', |
| 482 | rule, |
| 483 | }, |
| 484 | } |
| 485 | } |
| 486 | } |
| 487 | |
| 488 | // Remote canonical skills are ant-only experimental — auto-grant. |
| 489 | // Placed AFTER the deny loop so a user-configured Skill(_canonical_:*) |
nothing calls this directly
no test coverage detected