Openplan-Agent cannot run openspec commands #9
Description
When the openspec-plan agent attempts to run an openspec command, it fails with a permission errors:
Let's run:
openspec new change "s-01-download-catalog-info"
We'll use bash tool.
$ openspec new change "s-01-download-catalog-info"
PermissionDeniedError({"ruleset":[{"permission":"*","pattern":"*","action":"allow"},{"permission":"bash","pattern":"*","action":"ask"},{"permission":"bash","pattern":"cat *","action":"allow"},{"permission":"bash","pattern":"env *","action":"deny"},{"permission":"bash","pattern":"find * -delete *","action":"deny"},{"permission":"bash","pattern":"find * -delete","action":"deny"},{"permission":"bash","pattern":"find * -exec *","action":"deny"},{"permission":"bash","pattern":"find * -execdir *","action":"deny"},{"permission":"bash","pattern":"head *","action":"allow"},{"permission":"bash","pattern":"ls *","action":"allow"},{"permission":"bash","pattern":"xargs *","action":"deny"},{"permission":"bash","pattern":"*","action":"deny"},{"permission":"bash","pattern":"grep *","action":"allow"},{"permission":"bash","pattern":"ls","action":"allow"},{"permission":"bash","pattern":"ls *","action":"allow"},{"permission":"bash","pattern":"cat *","action":"allow"},{"permission":"bash","pattern":"find *","action":"allow"},{"permission":"bash","pattern":"echo","action":"allow"},{"permission":"bash","pattern":"echo *","action":"allow"},{"permission":"bash","pattern":"pwd","action":"allow"},{"permission":"bash","pattern":"which *","action":"allow"},{"permission":"bash","pattern":"env","action":"allow"},{"permission":"bash","pattern":"printenv *","action":"allow"},{"permission":"bash","pattern":"git status*","action":"allow"},{"permission":"bash","pattern":"git log*","action":"allow"},{"permission":"bash","pattern":"git diff*","action":"allow"},{"permission":"bash","pattern":"git show*","action":"allow"}],"_tag":"PermissionDeniedError"})I think this is due to 75e6320 which denies bash commands by default (a very good choice), but now openspec cannot be run because it's not in the list. I think openspec * should be added to it.