| Thanks for building this! The tool shows a lot of promise. Coming from Claude Code, the core functionality
feels solid - just needs some permission refinements to match enterprise use cases. This is based upon quickly skimming the current code. High ROI feature requests: • Pattern-based permissions - Bash(git:) to allow git but not rm, Write(logs/.txt) for path scoping • CLI permission flags - --allowedTools "Read,Bash(npm test)" --deniedTools "Write" for session overrides • Allow/deny precedence rules - explicit deny should override general allow (security principle) • Config file hierarchy - system → user → project precedence for policy enforcement Medium ROI improvements: • Command argument filtering - whitelist git commit but not git --exec-path=/bin/sh • Multiple config formats - support both simple arrays and structured permission objects • Runtime permission diagnostics - gemini permissions list to debug what's actually enabled • Environment variable injection - top-level env config for OTEL endpoints, API keys, etc. The permission engine is really the key piece - once you can express "allow X but not Y within X", it unlocks
most advanced use cases. Keep up the great work! |