High ROI feature requests:
• Pattern-based permissions - Bash(git:) to allow git but not rm, Write(logs/.txt) for path scoping
• CLI permission flags - --allowedTools "Read,Bash(npm test)" --deniedTools "Write" for session overrides
• Allow/deny precedence rules - explicit deny should override general allow (security principle)
• Config file hierarchy - system → user → project precedence for policy enforcement
Medium ROI improvements:
• Command argument filtering - whitelist git commit but not git --exec-path=/bin/sh
• Multiple config formats - support both simple arrays and structured permission objects
• Runtime permission diagnostics - gemini permissions list to debug what's actually enabled
• Environment variable injection - top-level env config for OTEL endpoints, API keys, etc.
The permission engine is really the key piece - once you can express "allow X but not Y within X", it unlocks most advanced use cases. Keep up the great work!
