test: capture env var prefix permission bypass (#16075)

[fazzledev]

Issue for this PR

Fixes #16075

Note: This PR does not fix the bug — it only adds a test case capturing the current (buggy) behavior. The fix requires a design decision on how to strip variable_assignment AST nodes from commandText without losing redirect info. See the issue for options.

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

Adds a test case that captures the env var prefix permission bypass bug. Commands like CI=true git commit produce a permission pattern of "CI=true git commit -m \"test\"" instead of "git commit -m \"test\"", so a rule like "git *": "ask" won't match and the command runs without a dialog.

The test currently asserts the buggy behavior with a TODO to flip the assertions once the fix lands.

How did you verify your code works?

Ran bun test test/tool/bash.test.ts test/permission/arity.test.ts test/permission/next.test.ts — 84 pass, 0 fail.

Screenshots / recordings

N/A — no UI change.

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

[github-actions]

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

1. Open an issue describing the bug/feature (if one doesn't exist)
2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

[github-actions]

Thanks for updating your PR! It now meets our contributing guidelines. 👍