/** * Core types for axconfig. * * Defines the unified permission model and config builder interfaces. */ import type { AgentCli } from "axshared"; /** Canonical tool names used in axrun permissions */ type CanonicalTool = "read" | "write" | "bash" | "glob" | "grep" | "webfetch"; /** Tools that support path restrictions */ type PathRestrictedTool = "read" | "write"; /** Permission rule for a tool (e.g., "read", "bash") */ interface ToolPermissionRule { type: "tool"; name: CanonicalTool; } /** Permission rule for a bash command pattern (e.g., "git *") */ interface BashPatternRule { type: "bash"; pattern: string; } /** Permission rule for a path pattern (e.g., "src/**") */ interface PathPatternRule { type: "path"; tool: PathRestrictedTool; pattern: string; } /** Union of all permission rule types */ type PermissionRule = ToolPermissionRule | BashPatternRule | PathPatternRule; /** Parsed permission configuration */ interface PermissionConfig { allow: PermissionRule[]; deny: PermissionRule[]; } /** Full axrun configuration */ interface AxrunConfig { permissions?: PermissionConfig; } /** Describes what permission features an agent supports */ interface AgentCapabilities { /** Whether the agent supports per-tool permissions (read, write, etc.) */ toolPermissions: boolean; /** Whether the agent supports bash command patterns */ bashPatterns: boolean; /** Whether the agent supports path restrictions (read:src/**) */ pathRestrictions: boolean; /** Whether the agent can deny read access (some use sandboxes that always allow reads) */ canDenyRead: boolean; } /** Issue with a permission rule (warning or error) */ interface PermissionIssue { rule: PermissionRule; reason: string; suggestions: string[]; } /** Successful build result */ interface BuildSuccess { ok: true; /** Environment variables to pass to the agent */ env: Record; /** CLI arguments to pass to the agent */ args?: string[]; /** Warnings about dropped rules (for --allow) */ warnings: PermissionIssue[]; } /** Failed build result */ interface BuildFailure { ok: false; /** Errors that prevent running (for --deny) */ errors: PermissionIssue[]; } /** Result of building agent-specific config */ type BuildResult = BuildSuccess | BuildFailure; /** Interface for agent-specific config builders */ interface ConfigBuilder { /** Agent this builder is for */ agentId: AgentCli; /** What this agent supports */ capabilities: AgentCapabilities; /** Build agent-specific config from axrun config */ build: (config: AxrunConfig, output: string) => BuildResult; } /** Result of reading permissions from agent config */ type ReadPermissionsResult = { ok: true; value: PermissionConfig | undefined; } | { ok: false; error: string; }; /** Result of reading model from agent config */ type ReadModelResult = { ok: true; value: string | undefined; } | { ok: false; error: string; }; /** Result of writing model to agent config */ type WriteModelResult = { ok: true; } | { ok: false; error: string; }; /** Result of reading a raw config value */ type ReadRawResult = { ok: true; value: unknown; } | { ok: false; error: string; }; /** Result of writing a raw config value */ type WriteRawResult = { ok: true; } | { ok: false; error: string; }; /** Result of deleting a raw config value */ type DeleteRawResult = { ok: true; deleted: boolean; } | { ok: false; error: string; }; /** Interface for reading and writing agent-specific configs */ interface ConfigReader { /** Agent this reader is for */ agentId: AgentCli; /** Default config directory for this agent */ defaultConfigDir: () => string; /** Environment variable that overrides the config directory */ envVar: string; /** * Subdirectory name within the base path for agents where the env var * points to a parent directory (e.g., ".gemini" for HOME, "opencode" for XDG_DATA_HOME). * Undefined if env var points directly to the config directory. */ subdirectory: string | undefined; /** * Build environment variables for running this agent with custom directories. * * For agents that support separate config and data directories (OpenCode), * both paths can differ. For agents that don't support separation, both * paths will typically be the same. * * @param configBasePath - The base path for configuration * @param dataBasePath - The base path for data * @returns Environment variables to set for the agent */ buildRuntimeEnvironment: (configBasePath: string, dataBasePath: string) => Record; /** Read permissions from agent config and translate to unified format */ readPermissions: (configDirectory: string) => ReadPermissionsResult; /** Read model from agent config */ readModel: (configDirectory: string) => ReadModelResult; /** Write model to agent config */ writeModel: (configDirectory: string, model: string) => WriteModelResult; /** Read a raw value from agent config by dotted path */ readRaw: (configDirectory: string, key: string) => ReadRawResult; /** Write a raw value to agent config by dotted path */ writeRaw: (configDirectory: string, key: string, value: unknown) => WriteRawResult; /** Delete a raw value from agent config by dotted path */ deleteRaw: (configDirectory: string, key: string) => DeleteRawResult; } export type { AgentCapabilities, AxrunConfig, BuildResult, CanonicalTool, ConfigBuilder, ConfigReader, DeleteRawResult, PermissionConfig, PermissionIssue, PermissionRule, ReadModelResult, ReadPermissionsResult, ReadRawResult, WriteModelResult, WriteRawResult, };