From 6fc6230976ff22719e39a746617da7c1ad901d61 Mon Sep 17 00:00:00 2001
From: Exidex <16986685+Exidex@users.noreply.github.com>
Date: Sat, 21 Sep 2024 17:29:18 +0200
Subject: [PATCH] Rework permissions

---
 src/config.ts | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/src/config.ts b/src/config.ts
index be3d42e..979241f 100644
--- a/src/config.ts
+++ b/src/config.ts
@@ -217,14 +217,31 @@ const Manifest = z.strictObject({
         { message: "Only single 'inline-view' entrypoint is allowed" }
     ),
     permissions: z.strictObject({
-        environment: z.array(z.string()).default([]),
-        high_resolution_time: z.boolean().default(false),
-        network: z.array(z.string()).default([]),
-        ffi: z.array(z.string()).default([]),
-        fs_read_access: z.array(z.string()).default([]),
-        fs_write_access: z.array(z.string()).default([]),
-        run_subprocess: z.array(z.string()).default([]),
-        system: z.array(z.string()).default([]),
+        environment: z.array(
+            z.string().min(1)
+        ).default([]),
+        network: z.array(
+            z.string().min(1)
+        ).default([]),
+        filesystem: z.strictObject({
+            read: z.array(
+                z.string().min(1)
+            ).default([]),
+            write: z.array(
+                z.string().min(1)
+            ).default([]),
+        }).default({}),
+        exec: z.strictObject({
+            command: z.array(
+                z.string().min(1)
+            ).default([]),
+            executable: z.array(
+                z.string().min(1)
+            ).default([]),
+        }).default({}),
+        system: z.array(
+            z.string().min(1)
+        ).default([]),
         clipboard: z.array(z.enum(["read", "write", "clear"])).default([]),
         main_search_bar: z.array(z.enum(["read"])).default([]),
     }).default({}),