feat: flag wildcard-pattern tool allowlists in AW-007

[brandonwise]

Summary

AW-007 now treats wildcard-pattern allowedTools entries (for example github:*, mcp__github__*) as effectively unrestricted instead of safe allowlists.

Why this change

Least-privilege pressure for MCP/agent tool access is climbing across sources, and teams are increasingly using broad wildcard patterns that still over-expose tool surfaces.

What changed

• src/config.rs
  • Added has_pattern_wildcard_allowed_tools.
  • Updated has_effective_allowed_tools to reject wildcard-pattern allowlists (not just global */all).
• src/rules/allowlist.rs
  • AW-007 now distinguishes:
    • global wildcard allowlists
    • wildcard-pattern allowlists
    • missing allowlist
  • Added targeted titles/messages/fixes for wildcard-pattern cases.
• tests/integration_tests.rs
  • Added test_detects_pattern_wildcard_allowlist.
• testdata/allowlist-pattern-wildcard.json
  • New fixture for CLI/integration validation.

Validation evidence

1) Repo-level/full test suite

• cargo test
  • ✅ pass
  • 206 unit tests passed
  • 35 integration tests passed

2) Targeted tests for changed modules

• cargo test pattern_wildcard
  • ✅ pass
  • 4 unit tests passed
  • 1 integration test passed

3) Lint/type/build checks

• cargo clippy --all-targets -- -D warnings
  • ✅ pass (no warnings)
• cargo build --release
  • ✅ pass

4) Smoke/integration check for changed behavior

• ./target/release/agentwise scan testdata/allowlist-pattern-wildcard.json --format json | jq -r '.findings[] | select(.rule_id=="AW-007") | .title'
  • ✅ output: Wildcard-pattern tool allowlist on high-risk server

Risk

Low. Scoped to AW-007 allowlist effectiveness logic and related tests/fixture only.