Add global-level permissions from user config

[trungutt]

Summary

Closes #52

Adds a permissions field to the user config (~/.config/cagent/config.yaml) so users can define permission patterns that apply across all sessions and agents as user-wide defaults, without having to reconfigure each session.

Configuration

Add a permissions block under settings in your user config:

# ~/.config/cagent/config.yaml
version: v1
settings:
  permissions:
    allow:
      - "read_*"
      - "list_directory"
      - "shell:cmd=git*"
      - "shell:cmd=ls*"
      - "mcp:github:*"
    deny:
      - "shell:cmd=rm*"
      - "shell:cmd=sudo*"
    ask:
      - "shell:cmd=docker*"

This uses the same pattern syntax as agent-level permissions — globs, argument matching (shell:cmd=git*), and MCP-qualified names (mcp:server:tool) all work.

How it works

Global patterns are merged into the team's permission checker before the runtime is created (run.go), using permissions.Merge(). The runtime receives a single pre-merged checker and has no concept of "global" — it just sees team permissions as before.

The merged checker evaluates all deny patterns first (from both team and global), then all allow patterns, then all ask patterns. This means:

• A deny from either source blocks the tool (most secure)
• An allow from either source auto-approves the tool
• Session permissions still override everything (evaluated separately by the runtime)

Changes

• pkg/userconfig/userconfig.go — add Permissions *latest.PermissionsConfig to Settings
• pkg/permissions/permissions.go — add Merge() function to combine multiple checkers
• pkg/team/team.go — add SetPermissions() to allow post-construction updates
• cmd/root/run.go — load global permissions, merge into team, pass to runtime
• pkg/permissions/permissions_test.go — tests for Merge()
• pkg/userconfig/userconfig_test.go — YAML round-trip test

[trungutt]

/review

[rumpl]

I'm not sure the runtime needs to know that global permissions exist, the runtime should just get a permissions checker that is already merged

[trungutt]

Agreed — reworked. Global patterns are now merged into the team's checker in run.go before the runtime is created (permissions.Merge() + team.SetPermissions()). The runtime has no concept of "global" and receives a single pre-merged checker.

[docker-agent]

Assessment: 🟢 APPROVE

This PR correctly implements global-level permissions from user config. The code is well-structured with proper nil checks and comprehensive test coverage.

Key strengths:

• Proper permission cascade: Session → Team → Global → ReadOnlyHint → Ask
• Safe nil handling throughout (checks before creating options, checks before accessing fields)
• Comprehensive test coverage (7 new tests covering deny, allow, cascade priority, YOLO override, and merging)
• Clear documentation in comments

Verified:

• No nil pointer dereferences (all accesses properly guarded)
• Permission cascade logic is correct and matches documentation
• Global permissions are properly integrated into the runtime via options pattern
• Tests validate all priority scenarios

The implementation follows Go best practices and the project's existing patterns.

[trungutt]

/review

[docker-agent]

Assessment: 🟢 APPROVE

No bugs found in the changed code. The implementation correctly:

• Loads global permissions from user config
• Merges them with team permissions using the new Merge() function
• Handles nil checkers appropriately
• Creates fresh team instances for each runtime/session

The permission merge logic is sound and follows Go best practices.