feat(permissions): prototype per-API (capability) permissions
Add an experimental per-API permission gate that treats each JS API entry
point (Deno.connect, fetch, node:net.listen, WebSocket, ...) as a discrete
permission, checked in addition to the existing coarse resource flags. Every
permission check site already threads an api_name string that today is only
used for prompt/error text; this makes the engine match on it.
The gate is consulted before the resource fast-path, so an individual API
verb can be denied even when --allow-net would otherwise permit the
operation. Entries may be narrowed by a host filter, e.g.
fetch('*.openai.com'). When no allowlist is configured the gate is a no-op,
so existing behavior is unchanged.
This first pass is intentionally minimal to showcase the model:
- delivery is the DENO_ALLOW_API env var (comma separated) rather than the
deno.json permissions schema or CLI flags
- enforcement is wired into the net check surface only (check_net,
check_net_url, check_net_vsock, check_net_unix_socket); the same one-line
call extends to check_open / check_run / etc.