Audit Permissions Analyze permission audit logs and recommend allow-list changes. Wraps the TypeScript analyzer in ai-env. Args Routing - No args / empty : run report (default) - Args contain "reset" or "clear" : archive log and start fresh Report Mode (default) 1. Generate Report Present the full markdown output to the user. 2. Recommended Allow Rules If the section has entries: 1. Read , extract (default ) 2. Compute new patterns not already present (case-sensitive exact match) 3. Show before/after diff of ONLY 4. Ask: "Apply these N safe rules to settings.json?" (plain text y/n — works on…