feat: add global-level permissions from user config

Allow users to define permission patterns in ~/.config/cagent/config.yaml
that apply across all sessions and agents as user-wide defaults.

The permission cascade is now: YOLO > Session > Team > Global > ReadOnlyHint > Ask.

Author: trungutt

cmd/root/run.go

@@ -20,6 +20,7 @@ import (
 	"github.com/docker/docker-agent/pkg/cli"
 	"github.com/docker/docker-agent/pkg/config"
 	"github.com/docker/docker-agent/pkg/paths"
+	"github.com/docker/docker-agent/pkg/permissions"
 	"github.com/docker/docker-agent/pkg/profiling"
 	"github.com/docker/docker-agent/pkg/runtime"
 	"github.com/docker/docker-agent/pkg/session"
@@ -59,6 +60,10 @@ type runExecFlags struct {
 
 	// Run only
 	hideToolResults bool
+
+	// globalPermsOpt is a runtime option that injects user-level global permissions.
+	// Nil when no global permissions are configured.
+	globalPermsOpt runtime.Opt
 }
 
 func newRunCmd() *cobra.Command {
@@ -187,6 +192,11 @@ func (f *runExecFlags) runOrExec(ctx context.Context, out *cli.Printer, args []s
 		}
 	}
 
+	// Build global permissions checker from user config settings.
+	if userSettings.Permissions != nil {
+		f.globalPermsOpt = runtime.WithGlobalPermissions(permissions.NewChecker(userSettings.Permissions))
+	}
+
 	// Start fake proxy if --fake is specified
 	fakeCleanup, err := setupFakeProxy(f.fakeResponses, f.fakeStreamDelay, &f.runConfig)
 	if err != nil {
@@ -333,12 +343,17 @@ func (f *runExecFlags) createLocalRuntimeAndSession(ctx context.Context, loadRes
 		AgentDefaultModels: loadResult.AgentDefaultModels,
 	}
 
-	localRt, err := runtime.New(t,
+	rtOpts := []runtime.Opt{
 		runtime.WithSessionStore(sessStore),
 		runtime.WithCurrentAgent(f.agentName),
 		runtime.WithTracer(otel.Tracer(AppName)),
 		runtime.WithModelSwitcherConfig(modelSwitcherCfg),
-	)
+	}
+	if f.globalPermsOpt != nil {
+		rtOpts = append(rtOpts, f.globalPermsOpt)
+	}
+
+	localRt, err := runtime.New(t, rtOpts...)
 	if err != nil {
 		return nil, nil, fmt.Errorf("creating runtime: %w", err)
 	}
@@ -506,12 +521,17 @@ func (f *runExecFlags) createSessionSpawner(agentSource config.Source, sessStore
 		}
 
 		// Create the local runtime
-		localRt, err := runtime.New(team,
+		rtOpts := []runtime.Opt{
 			runtime.WithSessionStore(sessStore),
 			runtime.WithCurrentAgent(f.agentName),
 			runtime.WithTracer(otel.Tracer(AppName)),
 			runtime.WithModelSwitcherConfig(modelSwitcherCfg),
-		)
+		}
+		if f.globalPermsOpt != nil {
+			rtOpts = append(rtOpts, f.globalPermsOpt)
+		}
+
+		localRt, err := runtime.New(team, rtOpts...)
 		if err != nil {
 			return nil, nil, nil, err
 		}

pkg/runtime/runtime.go

@@ -17,6 +17,7 @@ import (
 	"github.com/docker/docker-agent/pkg/config/types"
 	"github.com/docker/docker-agent/pkg/hooks"
 	"github.com/docker/docker-agent/pkg/modelsdev"
+	"github.com/docker/docker-agent/pkg/permissions"
 	"github.com/docker/docker-agent/pkg/session"
 	"github.com/docker/docker-agent/pkg/sessiontitle"
 	"github.com/docker/docker-agent/pkg/team"
@@ -117,7 +118,7 @@ type Runtime interface {
 	// Summarize generates a summary for the session
 	Summarize(ctx context.Context, sess *session.Session, additionalPrompt string, events chan Event)
 
-	// PermissionsInfo returns the team-level permission patterns (allow/ask/deny).
+	// PermissionsInfo returns the team-level and global permission patterns (allow/ask/deny).
 	// Returns nil if no permissions are configured.
 	PermissionsInfo() *PermissionsInfo
 
@@ -188,6 +189,11 @@ type LocalRuntime struct {
 	env                         []string // Environment variables for hooks execution
 	modelSwitcherCfg            *ModelSwitcherConfig
 
+	// globalPermissions holds user-level permission patterns loaded from the
+	// user config (~/.config/cagent/config.yaml). These are evaluated after
+	// session and team permissions in the approval cascade.
+	globalPermissions *permissions.Checker
+
 	// retryOnRateLimit enables retry-with-backoff for HTTP 429 (rate limit) errors
 	// when no fallback models are configured. When false (default), 429 errors are
 	// treated as non-retryable and immediately fail or skip to the next model.
@@ -259,6 +265,15 @@ func WithEnv(env []string) Opt {
 	}
 }
 
+// WithGlobalPermissions sets user-level permission patterns loaded from the
+// user config (~/.config/cagent/config.yaml). These are evaluated after session
+// and team permissions in the approval cascade, acting as user-wide defaults.
+func WithGlobalPermissions(checker *permissions.Checker) Opt {
+	return func(r *LocalRuntime) {
+		r.globalPermissions = checker
+	}
+}
+
 // WithRetryOnRateLimit enables automatic retry with backoff for HTTP 429 (rate limit)
 // errors when no fallback models are available. When enabled, the runtime will honor
 // the Retry-After header from the provider's response to determine wait time before
@@ -759,18 +774,29 @@ func (r *LocalRuntime) UpdateSessionTitle(ctx context.Context, sess *session.Ses
 	return nil
 }
 
-// PermissionsInfo returns the team-level permission patterns.
-// Returns nil if no permissions are configured.
+// PermissionsInfo returns the merged team-level and global permission patterns.
+// Returns nil if no permissions are configured at either level.
 func (r *LocalRuntime) PermissionsInfo() *PermissionsInfo {
-	permChecker := r.team.Permissions()
-	if permChecker == nil || permChecker.IsEmpty() {
+	teamChecker := r.team.Permissions()
+	teamEmpty := teamChecker == nil || teamChecker.IsEmpty()
+	globalEmpty := r.globalPermissions == nil || r.globalPermissions.IsEmpty()
+
+	if teamEmpty && globalEmpty {
 		return nil
 	}
-	return &PermissionsInfo{
-		Allow: permChecker.AllowPatterns(),
-		Ask:   permChecker.AskPatterns(),
-		Deny:  permChecker.DenyPatterns(),
+
+	result := &PermissionsInfo{}
+	if !teamEmpty {
+		result.Allow = append(result.Allow, teamChecker.AllowPatterns()...)
+		result.Ask = append(result.Ask, teamChecker.AskPatterns()...)
+		result.Deny = append(result.Deny, teamChecker.DenyPatterns()...)
+	}
+	if !globalEmpty {
+		result.Allow = append(result.Allow, r.globalPermissions.AllowPatterns()...)
+		result.Ask = append(result.Ask, r.globalPermissions.AskPatterns()...)
+		result.Deny = append(result.Deny, r.globalPermissions.DenyPatterns()...)
 	}
+	return result
 }
 
 // ResetStartupInfo resets the startup info emission flag.