Skip to content

feat: Allow/Denylist Provenance Command (#34)#36

Open
nhuelstng wants to merge 11 commits into
mainfrom
feat/provenance-command
Open

feat: Allow/Denylist Provenance Command (#34)#36
nhuelstng wants to merge 11 commits into
mainfrom
feat/provenance-command

Conversation

@nhuelstng

Copy link
Copy Markdown
Contributor

Closes #34

Summary

Adds omac provenance — a read-only command that dumps every effective allow/deny entry across all four subsystems (network, filesystem, environment, skills), each row annotated with the config layer it came from.

omac provenance [--profile <ref>] [--json]

What it does

  • Network: learned decisions (pages.json), allow_domain, deny_domain, hard-deny metadata hosts, mode/prompt/on_unavailable summary
  • Filesystem: profile grants (allow/read/write/deny/override_deny/allow_unix_dir), platform baseline read/write, effective protected paths
  • Environment: always-drop blocklist (exact + prefix families), allow_vars allowlist
  • Skills: registered skills (workdir + global merge, workdir-wins)

Each row carries a SOURCE column: workdir, global, builtin, learned, or blocklist.

Design + Plan

  • Spec: docs/superpowers/specs/2026-07-02-allow-denylist-provenance-command-design.md
  • Plan: docs/superpowers/plans/2026-07-02-allow-denylist-provenance-command.md

Testing

  • Unit tests: internal/cli/provenance_test.go (gatherer, text formatter, JSON formatter, CLI wiring)
  • E2e test: internal/e2e/provenance_test.go (//go:build e2e) — cross-checks provenance output against actual sandbox behavior via the self-audit skill
  • go build ./..., go vet, gofmt all clean

Commits

TDD throughout, 8 tasks with spec + code-quality review after each. Two bugs caught in review:

  • Source attribution hardcoded to builtin in fs/env views (fixed)
  • Byte-based truncation corrupting multi-byte UTF-8 paths (fixed: rune-based)

Manual testing

go build -o /tmp/omac ./cmd/omac
/tmp/omac provenance                    # tables
/tmp/omac provenance --json             # JSON
/tmp/omac provenance --profile default   # explicit profile

Not merging yet — pending manual testing.

🤖 Generated with opencode

nhuelstng added 11 commits July 3, 2026 11:20
Signed-off-by: Niclas Hülsmann <niclas.huelsmann@tngtech.com>
…nance display

Signed-off-by: Niclas Hülsmann <niclas.huelsmann@tngtech.com>
Signed-off-by: Niclas Hülsmann <niclas.huelsmann@tngtech.com>
Signed-off-by: Niclas Hülsmann <niclas.huelsmann@tngtech.com>
…vironmentView

Signed-off-by: Niclas Hülsmann <niclas.huelsmann@tngtech.com>
Signed-off-by: Niclas Hülsmann <niclas.huelsmann@tngtech.com>
Signed-off-by: Niclas Hülsmann <niclas.huelsmann@tngtech.com>
Signed-off-by: Niclas Hülsmann <niclas.huelsmann@tngtech.com>
Signed-off-by: Niclas Hülsmann <niclas.huelsmann@tngtech.com>
Signed-off-by: Niclas Hülsmann <niclas.huelsmann@tngtech.com>
Signed-off-by: Niclas Hülsmann <niclas.huelsmann@tngtech.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Allow/Denylist Provenance Command

1 participant