{
  "permissions": {
    "allow": [
      "Bash(find:*)",
      "Bash(mvn:*)",
      "Bash(node -e \"\ntry {\n  const tokenManager = require(''./src/@gold/utils/token-manager.js'');\n  console.log(''✅ Default import works:'', typeof tokenManager.getToken);\n  \n  const { getAccessToken, getDevToken } = require(''./src/@gold/utils/token-manager.js'');\n  console.log(''✅ Named import works:'', typeof getAccessToken, typeof getDevToken);\n} catch (e) {\n  console.error(''❌ Import failed:'', e.message);\n}\n\")",
      "Bash(cat:*)",
      "Bash(node -e:*)",
      "Bash(git add:*)",
      "Bash(git commit:*)",
      "Bash(git log:*)",
      "Bash(xargs:*)",
      "Bash(test:*)",
      "Bash(timeout 20 pnpm run dev:*)",
      "Bash(git checkout:*)",
      "Bash(tree:*)",
      "Bash(ls:*)",
      "Bash(mysql:*)",
      "Bash(npm run lint:*)",
      "Bash(npx vue-tsc:*)",
      "Bash(pnpm add:*)",
      "Bash(./mvnw compile:*)",
      "Bash(openspec list:*)",
      "Bash(openspec validate:*)",
      "Bash(../mvnw:*)",
      "Bash(openspec change show:*)",
      "Bash(openspec proposal:*)",
      "Bash(openspec --help)",
      "Bash(openspec:*)",
      "Bash(node -c /d/projects/sionrui/frontend/app/web-gold/src/views/system/task-management/digital-human-task/index.vue)",
      "Bash(echo \"=== Token 自动刷新功能验证 ===\n\n✅ 已实现的功能：\n1. 请求前检查 token 是否即将过期（5分钟缓冲）\n2. 如果即将过期，自动触发 refreshToken 刷新\n3. 并发请求时，只有一个请求触发刷新，其他请求等待\n4. 刷新完成后，所有等待的请求使用新 token\n5. 白名单接口（login、refresh-token等）跳过检查\n6. 401 错误：尝试刷新，失败则跳转登录页\n7. 403 错误：直接跳转登录页\n\n✅ 核心文件修改：\n- frontend/api/axios/client.js - 添加了预检查和刷新逻辑\n- frontend/app/web-gold/src/api/http.js - 保持原有的 401/403 处理\n\n✅ 兼容性：\n- 向后兼容：不影响现有认证流程\n- API 兼容：不改变后端接口契约\n- 用户透明：完全无感知的自动刷新\n\n=== 验证完成 ===\")",
      "Bash(node:*)",
      "Bash(dos2unix:*)",
      "Bash(python3:*)",
      "Skill(openspec:apply)",
      "Skill(openspec:apply:*)",
      "Bash(pnpm run lint)"
    ],
    "deny": [],
    "ask": []
  }
}