Merge pull request #11149 from gitbutlerapp/permissions

Add option to have wildcard permissions

Author: Caleb-T-Owens

apps/desktop/src/components/codegen/CodegenClaudeMessage.svelte

@@ -12,7 +12,11 @@
 	type Props = {
 		projectId: string;
 		message: Message;
-		onPermissionDecision?: (id: string, decision: PermissionDecision) => Promise<void>;
+		onPermissionDecision?: (
+			id: string,
+			decision: PermissionDecision,
+			useWildcard: boolean
+		) => Promise<void>;
 		toolCallsExpandedState?: Map<string, boolean>;
 	};
 	const { projectId, message, onPermissionDecision, toolCallsExpandedState }: Props = $props();
@@ -51,7 +55,8 @@
 					style="standalone"
 					{toolCall}
 					requiresApproval={{
-						onPermissionDecision: async (id, decision) => await onPermissionDecision?.(id, decision)
+						onPermissionDecision: async (id, decision, useWildcard) =>
+							await onPermissionDecision?.(id, decision, useWildcard)
 					}}
 				/>
 			{/each}

apps/desktop/src/components/codegen/CodegenMessages.svelte

@@ -186,8 +186,17 @@
 		}
 	}
 
-	async function onPermissionDecision(id: string, decision: PermissionDecision) {
-		await claudeCodeService.updatePermissionRequest({ projectId, requestId: id, decision });
+	async function onPermissionDecision(
+		id: string,
+		decision: PermissionDecision,
+		useWildcard: boolean
+	) {
+		await claudeCodeService.updatePermissionRequest({
+			projectId,
+			requestId: id,
+			decision,
+			useWildcard
+		});
 	}
 	async function onAbort() {
 		await claudeCodeService.cancelSession({ projectId, stackId });

apps/desktop/src/components/codegen/CodegenToolCall.svelte

@@ -1,11 +1,15 @@
 <script lang="ts">
 	import { toolCallLoading, type ToolCall } from '$lib/codegen/messages';
 	import { formatToolCall, getToolIcon } from '$lib/utils/codegenTools';
-	import { DropdownButton, ContextMenuItem, Icon } from '@gitbutler/ui';
+	import { DropdownButton, ContextMenuItem, Icon, Select, SelectItem } from '@gitbutler/ui';
 	import type { PermissionDecision } from '$lib/codegen/types';
 
 	export type RequiresApproval = {
-		onPermissionDecision: (id: string, decision: PermissionDecision) => Promise<void>;
+		onPermissionDecision: (
+			id: string,
+			decision: PermissionDecision,
+			useWildcard: boolean
+		) => Promise<void>;
 	};
 
 	type Props = {
@@ -21,14 +25,14 @@
 	let allowDropdownButton = $state<ReturnType<typeof DropdownButton>>();
 	let denyDropdownButton = $state<ReturnType<typeof DropdownButton>>();
 
-	// Persisted state for selected permission scopes
 	type AllowDecision = 'allowOnce' | 'allowSession' | 'allowProject' | 'allowAlways';
 	type DenyDecision = 'denyOnce' | 'denySession' | 'denyProject' | 'denyAlways';
+	type WildcardDecision = 'precise' | 'wild';
 
 	let selectedAllowDecision = $state<AllowDecision>('allowSession');
 	let selectedDenyDecision = $state<DenyDecision>('denySession');
+	let selectedWildcardDecision = $state<WildcardDecision>('precise');
 
-	// Labels for each decision type
 	const allowLabels: Record<AllowDecision, string> = {
 		allowOnce: 'Allow once',
 		allowProject: 'Allow this project',
@@ -42,6 +46,31 @@
 		denyProject: 'Deny this project',
 		denyAlways: 'Deny always'
 	};
+
+	// The wildcard selector only shows up for certain tool calls
+	const wildcardSelector = $derived.by<
+		{ show: false } | { show: true; options: { label: string; value: WildcardDecision }[] }
+	>(() => {
+		if (toolCall.name === 'Edit' || toolCall.name === 'Write') {
+			return {
+				show: true,
+				options: [
+					{ value: 'precise', label: 'This file' },
+					{ value: 'wild', label: 'Any files in the same folder' }
+				]
+			};
+		} else if (toolCall.name === 'Bash') {
+			return {
+				show: true,
+				options: [
+					{ value: 'precise', label: 'This command' },
+					{ value: 'wild', label: 'Any subcommands or flags' }
+				]
+			};
+		} else {
+			return { show: false };
+		}
+	});
 </script>
 
 <div class="tool-call {style}" class:full-width={fullWidth}>
@@ -55,93 +84,118 @@
 		<span class="tool-name text-12">{toolCall.name}</span>
 
 		<span class="summary truncate grow clr-text-2">{formatToolCall(toolCall)}</span>
+	</div>
 
-		{#if requiresApproval}
-			<div class="flex gap-4 m-l-8">
-				<DropdownButton
-					bind:this={denyDropdownButton}
-					style="error"
-					kind="outline"
-					onclick={async () => {
-						await requiresApproval.onPermissionDecision(toolCall.id, selectedDenyDecision);
-						denyDropdownButton?.close();
+	{#if requiresApproval}
+		<div class="flex gap-4">
+			{#if wildcardSelector.show}
+				<Select
+					value={selectedWildcardDecision}
+					options={wildcardSelector.options}
+					wide
+					onselect={(value) => {
+						selectedWildcardDecision = value as WildcardDecision;
 					}}
 				>
-					{denyLabels[selectedDenyDecision]}
-					{#snippet contextMenuSlot()}
-						<ContextMenuItem
-							label="Deny once"
-							onclick={() => {
-								selectedDenyDecision = 'denyOnce';
-								denyDropdownButton?.close();
-							}}
-						/>
-						<ContextMenuItem
-							label="Deny in this session"
-							onclick={() => {
-								selectedDenyDecision = 'denySession';
-								denyDropdownButton?.close();
-							}}
-						/>
-						<ContextMenuItem
-							label="Deny in this project"
-							onclick={() => {
-								selectedDenyDecision = 'denyProject';
-								denyDropdownButton?.close();
-							}}
-						/>
-						<ContextMenuItem
-							label="Deny always"
-							onclick={() => {
-								selectedDenyDecision = 'denyAlways';
-								denyDropdownButton?.close();
-							}}
-						/>
+					{#snippet itemSnippet({ item, highlighted })}
+						<SelectItem selected={item.value === selectedWildcardDecision} {highlighted}>
+							{item.label}
+						</SelectItem>
 					{/snippet}
-				</DropdownButton>
-				<DropdownButton
-					bind:this={allowDropdownButton}
-					style="pop"
-					onclick={async () => {
-						await requiresApproval.onPermissionDecision(toolCall.id, selectedAllowDecision);
-						allowDropdownButton?.close();
-					}}
-				>
-					{allowLabels[selectedAllowDecision]}
-					{#snippet contextMenuSlot()}
-						<ContextMenuItem
-							label="Allow once"
-							onclick={() => {
-								selectedAllowDecision = 'allowOnce';
-								allowDropdownButton?.close();
-							}}
-						/>
-						<ContextMenuItem
-							label="Allow in this session"
-							onclick={() => {
-								selectedAllowDecision = 'allowSession';
-								allowDropdownButton?.close();
-							}}
-						/>
-						<ContextMenuItem
-							label="Allow in this project"
-							onclick={() => {
-								selectedAllowDecision = 'allowProject';
-								allowDropdownButton?.close();
-							}}
-						/>
-						<ContextMenuItem
-							label="Allow always"
-							onclick={() => {
-								selectedAllowDecision = 'allowAlways';
-								allowDropdownButton?.close();
-							}}
-						/>
-					{/snippet}
-				</DropdownButton>
-			</div>
-		{/if}
-	</div>
+				</Select>
+			{/if}
+
+			<DropdownButton
+				bind:this={denyDropdownButton}
+				style="error"
+				kind="outline"
+				onclick={async () => {
+					await requiresApproval.onPermissionDecision(
+						toolCall.id,
+						selectedDenyDecision,
+						selectedWildcardDecision === 'wild'
+					);
+					denyDropdownButton?.close();
+				}}
+			>
+				{denyLabels[selectedDenyDecision]}
+				{#snippet contextMenuSlot()}
+					<ContextMenuItem
+						label="Deny once"
+						onclick={() => {
+							selectedDenyDecision = 'denyOnce';
+							denyDropdownButton?.close();
+						}}
+					/>
+					<ContextMenuItem
+						label="Deny in this session"
+						onclick={() => {
+							selectedDenyDecision = 'denySession';
+							denyDropdownButton?.close();
+						}}
+					/>
+					<ContextMenuItem
+						label="Deny in this project"
+						onclick={() => {
+							selectedDenyDecision = 'denyProject';
+							denyDropdownButton?.close();
+						}}
+					/>
+					<ContextMenuItem
+						label="Deny always"
+						onclick={() => {
+							selectedDenyDecision = 'denyAlways';
+							denyDropdownButton?.close();
+						}}
+					/>
+				{/snippet}
+			</DropdownButton>
+			<DropdownButton
+				bind:this={allowDropdownButton}
+				style="pop"
+				onclick={async () => {
+					await requiresApproval.onPermissionDecision(
+						toolCall.id,
+						selectedAllowDecision,
+						selectedWildcardDecision === 'wild'
+					);
+					allowDropdownButton?.close();
+				}}
+			>
+				{allowLabels[selectedAllowDecision]}
+				{#snippet contextMenuSlot()}
+					<ContextMenuItem
+						label="Allow once"
+						onclick={() => {
+							selectedAllowDecision = 'allowOnce';
+							allowDropdownButton?.close();
+						}}
+					/>
+					<ContextMenuItem
+						label="Allow in this session"
+						onclick={() => {
+							selectedAllowDecision = 'allowSession';
+							allowDropdownButton?.close();
+						}}
+					/>
+					<ContextMenuItem
+						label="Allow in this project"
+						onclick={() => {
+							selectedAllowDecision = 'allowProject';
+							allowDropdownButton?.close();
+						}}
+					/>
+					<ContextMenuItem
+						label="Allow always"
+						onclick={() => {
+							selectedAllowDecision = 'allowAlways';
+							allowDropdownButton?.close();
+						}}
+					/>
+				{/snippet}
+			</DropdownButton>
+		</div>
+	{/if}
 </div>
 
 <style lang="postcss">
@@ -153,6 +207,8 @@
 
 		padding: 1px 32px 1px 12px;
 		overflow: hidden;
+
+		gap: 12px;
 		user-select: text;
 
 		&:not(.full-width) {

apps/desktop/src/lib/codegen/claude.ts

@@ -233,6 +233,7 @@ function injectEndpoints(api: ClientState['backendApi']) {
 					projectId: string;
 					requestId: string;
 					decision: PermissionDecision;
+					useWildcard: boolean;
 				}
 			>({
 				extraOptions: {

apps/desktop/src/lib/codegen/types.ts

@@ -210,6 +210,8 @@ export type ClaudePermissionRequest = {
 	input: unknown;
 	/** The permission decision or null if not yet handled */
 	decision?: PermissionDecision;
+	/** Whether to use wildcard permissions (optional, for backward compatibility) */
+	useWildcard?: boolean;
 };
 
 export type ClaudeTodo = {

crates/but-api/src/commands/claude.rs

@@ -121,13 +121,15 @@ pub fn claude_update_permission_request(
     project_id: ProjectId,
     request_id: String,
     decision: but_claude::PermissionDecision,
+    use_wildcard: bool,
 ) -> Result<(), Error> {
     let project = gitbutler_project::get(project_id)?;
     let mut ctx = CommandContext::open(&project, AppSettings::load_from_default_path_creating()?)?;
     Ok(but_claude::db::update_permission_request(
         &mut ctx,
         &request_id,
         decision,
+        use_wildcard,
     )?)
 }
 

crates/but-claude/src/db.rs

@@ -197,11 +197,12 @@ pub fn update_permission_request(
     ctx: &mut CommandContext,
     id: &str,
     decision: crate::PermissionDecision,
+    use_wildcard: bool,
 ) -> anyhow::Result<()> {
     let decision_str = serde_json::to_string(&decision)?;
     ctx.db()?
         .claude_permission_requests()
-        .set_decision(id, Some(decision_str))?;
+        .set_decision_and_wildcard(id, Some(decision_str), use_wildcard)?;
     Ok(())
 }
 
@@ -348,6 +349,7 @@ impl TryFrom<but_db::ClaudePermissionRequest> for crate::ClaudePermissionRequest
             tool_name: value.tool_name,
             input: serde_json::from_str(&value.input)?,
             decision,
+            use_wildcard: value.use_wildcard,
         })
     }
 }
@@ -366,6 +368,7 @@ impl TryFrom<crate::ClaudePermissionRequest> for but_db::ClaudePermissionRequest
             tool_name: value.tool_name,
             input: serde_json::to_string(&value.input)?,
             decision,
+            use_wildcard: value.use_wildcard,
         })
     }
 }

crates/but-claude/src/lib.rs

@@ -404,6 +404,8 @@ pub struct ClaudePermissionRequest {
     pub input: serde_json::Value,
     /// The permission decision or None if not yet handled
     pub decision: Option<PermissionDecision>,
+    /// Whether to use wildcard permissions for this request
+    pub use_wildcard: bool,
 }
 
 /// Represents the thinking level for Claude Code.