[Bug]: Tool Permission Allow-Deny Pattern is Contradictory

[maxs909]

Bug Description

The documentation's example permissions.yaml configuration for "allowing writes to one kind of file" doesn't work as described. The evaluation order documented leads to the opposite of the intended behavior.

The documentation describes an evaluation model where:

• allow = remember and continue
• deny = stop immediately

This means any deny or confirm rule matching an operation takes precedence over any allow rule that also matches that operation. The example has allow write: "**/*.rs" (matches .rs files) and deny write: "**/*" (also matches .rs files). The deny rule wins by design, making the allow rule ineffective for .rs files.

The documentation is internally contradictory:

1. It says the example "allows writes to one kind of file" (the .rs rule)
2. It describes deny always stopping allow (the evaluation logic)
3. These two statements cannot both be true

Steps to Reproduce

1. Set permissions.yaml to the documented example (see Configuration below)
2. Attempt to write a .rs file
3. Observe that permission is denied
4. Remove the deny rule and observe that the write is allowed as expected

Expected Behavior

Writes to .rs files should be allowed.

Actual Behavior

When tracing through the documented evaluation logic with a write operation to test.rs:

1. Policy 1 (allow read "**/*"): No match (rule type mismatch - write vs read)
2. Policy 2 (allow write "**/*.rs"): MATCHES → "remember it and keep going"
3. Policy 3 (deny write "**/*"): MATCHES → "stop and reject"

Forge Version

forge 2.11.4

Operating System & Version

Linux Mint 22.3

AI Provider

OpenRouter

Model

minimax 2.7

Installation Method

npx forgecode@latest

Configuration

policies:
  - permission: allow
    rule:
      read: "**/*"

  - permission: allow
    rule:
      write: "**/*.rs"

  - permission: deny
    rule:
      write: "**/*"