feat: Allowed Tools management (issue #24)

[Copilot]

Adds read/write management of ~/.copilot/permissions-config.json — the file Copilot CLI uses to persist "don't ask again" tool decisions per project.

IPC surface (electron/main.ts)

• tools:get-permissions — reads permissions-config.json, returns ProjectToolPermissions[] grouped by project path (10s cache)
• tools:allow-tool(projectPath, toolSpec) — appends a tool to a project's allowed list
• tools:remove-tool(projectPath, toolSpec) — removes a tool; deletes the project key when its list empties

Input validation via isValidToolSpec() — restricts to identifier or identifier(arg) form, disallows parentheses inside args to prevent nesting. Project paths go through the existing isValidDirPath() + prototype pollution guards.

Settings page — Allowed Tools panel

New panel below Trusted Directories showing per-project tool chips with type-distinct colouring:

• shell(…) → orange (highest risk)
• write → blue
• mcp-server(tool) → cyan
• unknown → neutral

Each chip has an inline remove button. A form (project path + tool spec) allows adding new entries.

Sessions page — tool badge integration

Tool badges in the TOOLS USED section are now interactive:

• Badges for tools already in the allowed list render with a cyan fill + ✓ and are disabled
• Clicking an unlisted badge opens an inline confirmation: "Allow {tool} for this project? Copilot will use it without asking in future sessions."
• After allowing, a 5-second undo toast appears with a one-click reversal

Allowed tools for the selected session are fetched from tools:get-permissions on session selection, matched by session.cwd.

Original prompt

#24 implement this issue.

[Chronological Review] 1. User asked where `/list-dirs` command data is stored in Copilot CLI 2. Initial investigation: grepped codebase (no matches), checked Copilot CLI docs, explored ~/.copilot directory structure 3. Discovered config.json, settings.json, session-state files - initially couldn't find where dirs were stored 4. User pushed back on incorrect answers multiple times 5. Fetched official GitHub docs from docs.github.com - found `trustedFolders` in `config.json` 6. Confirmed user's config.json had no `trustedFolders` key initially 7. User added a directory via /add-dir but config.json didn't change - learned /add-dir is session-only 8. Added gridwatch and onyx directories to `trustedFolders` in config.json manually 9. Discovered `/list-dirs` shows session sandbox (cwd + temp), NOT trustedFolders - they're different concepts 10. User requested: remove DIRS from sidebar, add trusted dirs section to Settings page, read from config.json 11. Implemented full refactoring: changed electron/main.ts to read/write config.json trustedFolders, removed DirsPage from sidebar, added section to SettingsPage 12. Built, committed, merged to main, tagged v0.31.0, pushed 13. Closed stale draft PR #23, updated and closed issue #21 14. User asked to create new issues for other permission types from the configure-copilot-cli docs 15. Fetched and read full configure-copilot-cli docs and cli-config-dir-reference docs 16. Discovered `permissions-config.json` stores tool and directory permissions per project 17. Created issues #24 (Allowed Tools), #25 (URL Permissions), #26 (Path Permissions) 18. Clarified difference between Trusted Directories and Path Permissions for user 19. User chose to keep all 3 issues open

[Intent Mapping]

• Find where /list-dirs stores data
• Add gridwatch and onyx to trusted directories permanently
• Move DIRS page from sidebar to Settings page section
• Read from config.json trustedFolders instead of separate file
• Commit, merge, tag v0.31.0
• Close draft PR feat: Allowed Directories management panel #23
• Update and close issue Feature: Allowed directories management panel #21
• Create separate issues for tools, URLs, and path permissions

[Technical Inventory]

• Copilot CLI config: ~/.copilot/config.json (trustedFolders), permissions-config.json, settings.json
• /list-dirs = session sandbox (in-memory), trustedFolders = startup trust prompt (persistent)
• Electron app: GridWatch (Tron-themed desktop app for Copilot CLI session management)
• Stack: React + TypeScript + Electron + Vite
• Version: bumped from 0.30.0 to 0.31.0

[Code Archaeology]

• electron/main.ts: Refactored from gridwatch-allowed-dirs.json to config.json trustedFolders
• src/App.tsx: Removed DirsPage import, removed 'dirs' nav item, removed dirs case from switch
• src/pages/SettingsPage.tsx: Added trusted directories section with add/remove
• src/pages/SettingsPage.module.css: Added dir* CSS classes
• src/types/global.d.ts: Re-added 'dirs' to openItemFolder union type
• src/pages/DirsPage.tsx: Orphaned (no longer imported but still exists on disk)

[Progress Assessment]

• DONE: Trusted directories in Settings page reading from config.json
• DONE: v0.31.0 tagged and pushed
• DONE: PR feat: Allowed Directories management panel #23 closed, Issue Feature: Allowed directories management panel #21 closed
• DONE: Issues Feature: Allowed Tools management in Settings #24, Feature: URL Permissions management in Settings #25, Feature: Path Permissions management in Settings #26 created
• PENDING: Issues Feature: Allowed Tools management in Settings #24 (tools), Feature: URL Permissions management in Settings #25 (URLs), Feature: Path Permissions management in Settings #26 (paths) implementation
• CLEANUP: DirsPage.tsx and DirsPage.module.css still on disk (orphaned)

[Recent Commands Analysis]

• Last commands: Created GitHub issues Feature: Allowed Tools management in Settings #24, Feature: URL Permissions management in Settings #25, Feature: Path Permissions management in Settings #26 via gh issue create
• Discussed difference between Trusted Directories and Path Permissions
• User chose to keep all 3 issues open

1. Conversation Overview: - Primary Objectives: User wanted to understand where Copilot CLI's `/list-dirs` data is stored, then move the DIRS page functionality into the Settings page reading from `~/.copilot/config.json`'s `trustedFolders` array, then commit/merge/tag v0.31.0, then create issues for remaining permission types (tools, URLs, paths). - Session Context: Started as investigation into Copilot CLI internals, evolved into a feature refactor, release, and planning for future permission management features. User corrected several incorrect assumptions along the way. - User Intent Evolution: Investigation → manual config edit → UI refactor → release workflow → issue creation for future work

2. Technical Foundation:
   • Copilot CLI Config Structure:
     • ~/.copilot/config.json — stores trustedFolders array (startup trust prompts, persistent across sessions)
     • ~/.copilot/permissions-config.json — stores tool and directory permissions per project (does NOT yet exist on user's machine)
     • ~/.copilot/settings.json — user preferences (model, theme, footer settings)
     • /list-dirs shows session sandbox (cwd + temp dir) — in-memory only, NOT trustedFolders
   • Key Distinction Discovered: trustedFolders = "skip startup trust prompt for this dir"; Path Permissions in...

Created from Copilot CLI via the copilot delegate command.