Skip to content

fix(tool): use relative path for read permission patterns#23051

Open
kagura-agent wants to merge 1 commit intoanomalyco:devfrom
kagura-agent:fix/read-permission-relative-path
Open

fix(tool): use relative path for read permission patterns#23051
kagura-agent wants to merge 1 commit intoanomalyco:devfrom
kagura-agent:fix/read-permission-relative-path

Conversation

@kagura-agent
Copy link
Copy Markdown

@kagura-agent kagura-agent commented Apr 17, 2026
edited
Loading

Issue for this PR

Closes #23048
Related: #6892

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

The read tool passes absolute file paths to permission evaluation, but user-configured deny rules use relative paths. So exact path rules like "src/.../File.java": "deny" never match — Wildcard.match compares the absolute path against the relative pattern and fails.

Wildcards like *File.java still work because * matches the absolute prefix too.

The fix: use path.relative(Instance.worktree, filepath) for the permission pattern, same as write.ts (line 46) and edit.ts (line 78) already do. Instance.worktree is already imported and used in read.ts line 92 for the display title.

One-line change, no new imports needed.

How did you verify your code works?

Verified by code inspection:

  • write.ts line 46: patterns: [path.relative(Instance.worktree, filepath)]
  • edit.ts line 78: patterns: [path.relative(Instance.worktree, filePath)]
  • read.ts line 108 (before): patterns: [filepath] — absolute path ❌
  • read.ts line 108 (after): patterns: [path.relative(Instance.worktree, filepath)]

All CI checks pass.

Screenshots / recordings

N/A — not a UI change.

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

@kagura-agent
fix(tool): use relative path for read permission patterns
3edbdd1 
The read tool was passing absolute file paths to permission evaluation
while user-configured permission rules use relative paths. This caused
exact path deny rules (e.g., 'src/main/.../File.java': 'deny') to never
match, since Wildcard.match compared an absolute path against a relative
pattern.

Other tools (write, edit, apply_patch) already use
path.relative(Instance.worktree, filepath) for permission patterns. This
change makes the read tool consistent.

Fixes anomalyco#23048
Related: anomalyco#6892
@github-actions github-actions bot added the needs:compliance This means the issue will auto-close after 2 hours. label Apr 17, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 17, 2026

The following comment was made by an LLM, it may be inaccurate:

Based on my search, I found the following potentially related PRs:

  1. PR feat: Use proper globbing for "edit", "read" and "external_directory" permi… #22676 - "feat: Use proper globbing for 'edit', 'read' and 'external_directory' permi…"

    • This appears highly relevant as it addresses globbing/pattern matching for the read tool and permissions

  2. PR fix(permission): resolve path specificity using longest matching rule #14540 - "fix(permission): resolve path specificity using longest matching rule"

    • Related to permission path matching logic

  3. PR fix(permission): use absolute paths for external file permission matching #18628 - "fix(permission): use absolute paths for external file permission matching"

    • This is conceptually related to your PR (though addressing the opposite direction - using absolute paths rather than relative)

These PRs likely have overlapping concerns with path resolution and permission pattern matching for the read tool. I'd recommend checking PR #22676 first as it seems most directly relevant to fixing read tool permission patterns.

@github-actions github-actions bot removed the needs:compliance This means the issue will auto-close after 2 hours. label Apr 17, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 17, 2026

Thanks for updating your PR! It now meets our contributing guidelines. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Windows: permission.read exact path rules fail with / and require \ to match

1 participant

@kagura-agent