@ebowwa/coder 0.7.63 → 0.7.64

package/dist/core/__tests__/permissions.test.js

@@ -0,0 +1,851 @@
+/**
+ * Comprehensive tests for the Permission System
+ *
+ * Tests cover:
+ * - All permission modes (default, acceptEdits, bypassPermissions, dontAsk, plan, interactive)
+ * - Risk level assessment (low, medium, high, critical)
+ * - Tool categorization (readOnly, fileEdit, system)
+ * - Permission caching and callbacks
+ * - Security-critical paths
+ */
+import { describe, test, it, expect, beforeEach, afterEach, mock, spyOn, } from "bun:test";
+import { PermissionManager, assessRiskLevel, generateDescription, isReadOnlyTool, isFileEditTool, isSystemTool, TOOL_CATEGORIES, } from "../permissions.js";
+// ============================================
+// MOCKS AND HELPERS
+// ============================================
+/**
+ * Create a mock prompt callback that returns a specific decision
+ */
+function createMockPrompt(decision) {
+    return async (_request) => ({
+        decision,
+        reason: `Mocked decision: ${decision}`,
+    });
+}
+/**
+ * Create a delayed mock prompt for testing async behavior
+ */
+function createDelayedMockPrompt(decision, delayMs = 10) {
+    return async (_request) => {
+        await new Promise((resolve) => setTimeout(resolve, delayMs));
+        return { decision, reason: `Delayed mock: ${decision}` };
+    };
+}
+/**
+ * Sample tool inputs for testing
+ */
+const SAMPLE_INPUTS = {
+    readFile: { file_path: "/path/to/file.ts" },
+    writeFile: { file_path: "/path/to/output.ts", content: "console.log('hello')" },
+    editFile: { file_path: "/path/to/edit.ts", old_string: "old", new_string: "new" },
+    glob: { pattern: "**/*.ts" },
+    grep: { pattern: "function", path: "./src" },
+    task: { subagent_type: "Explore" },
+    bashSafe: { command: "ls -la" },
+    bashCritical: { command: "rm -rf /" },
+    bashSudo: { command: "sudo apt update" },
+    bashGit: { command: "git status" },
+    bashForcePush: { command: "git push --force origin main" },
+    bashResetHard: { command: "git reset --hard HEAD~1" },
+    envFile: { file_path: "/path/to/.env", content: "SECRET=abc123" },
+    sshKey: { file_path: "/home/user/.ssh/id_rsa", content: "PRIVATE KEY" },
+    gpgKey: { file_path: "/home/user/.gnupg/private.key", content: "GPG KEY" },
+};
+// ============================================
+// RISK LEVEL ASSESSMENT TESTS
+// ============================================
+describe("assessRiskLevel", () => {
+    describe("low risk operations", () => {
+        test("Read tool is low risk", () => {
+            expect(assessRiskLevel("Read", SAMPLE_INPUTS.readFile)).toBe("low");
+        });
+        test("Glob tool is low risk", () => {
+            expect(assessRiskLevel("Glob", SAMPLE_INPUTS.glob)).toBe("low");
+        });
+        test("Grep tool is low risk", () => {
+            expect(assessRiskLevel("Grep", SAMPLE_INPUTS.grep)).toBe("low");
+        });
+        test("Task tool is low risk", () => {
+            expect(assessRiskLevel("Task", SAMPLE_INPUTS.task)).toBe("low");
+        });
+        test("Unknown tools default to medium risk", () => {
+            expect(assessRiskLevel("UnknownTool", {})).toBe("medium");
+        });
+    });
+    describe("medium risk operations", () => {
+        test("Write tool is medium risk", () => {
+            expect(assessRiskLevel("Write", SAMPLE_INPUTS.writeFile)).toBe("medium");
+        });
+        test("Edit tool is medium risk", () => {
+            expect(assessRiskLevel("Edit", SAMPLE_INPUTS.editFile)).toBe("medium");
+        });
+        test("NotebookEdit tool is medium risk", () => {
+            expect(assessRiskLevel("NotebookEdit", { cell_id: "1" })).toBe("medium");
+        });
+        test("Bash with safe commands is medium risk (default)", () => {
+            expect(assessRiskLevel("Bash", SAMPLE_INPUTS.bashSafe)).toBe("medium");
+        });
+    });
+    describe("high risk operations", () => {
+        test("Bash with sudo is high risk", () => {
+            expect(assessRiskLevel("Bash", SAMPLE_INPUTS.bashSudo)).toBe("high");
+        });
+        test("Bash with chmod is high risk", () => {
+            expect(assessRiskLevel("Bash", { command: "chmod 777 file" })).toBe("high");
+        });
+        test("Write to .env file is high risk", () => {
+            expect(assessRiskLevel("Write", SAMPLE_INPUTS.envFile)).toBe("high");
+        });
+        test("Write to .pem file is high risk", () => {
+            expect(assessRiskLevel("Write", { file_path: "/cert.pem", content: "cert" })).toBe("high");
+        });
+        test("Write to .key file is high risk", () => {
+            expect(assessRiskLevel("Write", { file_path: "/secret.key", content: "key" })).toBe("high");
+        });
+        test("Write to .secret file is high risk", () => {
+            expect(assessRiskLevel("Write", { file_path: "/app.secret", content: "secret" })).toBe("high");
+        });
+        test("Write to .credentials file is high risk", () => {
+            expect(assessRiskLevel("Write", { file_path: "/.credentials", content: "creds" })).toBe("high");
+        });
+        test("Edit to .env file is high risk", () => {
+            expect(assessRiskLevel("Edit", { ...SAMPLE_INPUTS.envFile, old_string: "", new_string: "" })).toBe("high");
+        });
+    });
+    describe("critical risk operations", () => {
+        test("Bash with 'rm -rf' is critical", () => {
+            expect(assessRiskLevel("Bash", SAMPLE_INPUTS.bashCritical)).toBe("critical");
+        });
+        test("Bash with 'rm -r' is critical", () => {
+            expect(assessRiskLevel("Bash", { command: "rm -r folder" })).toBe("critical");
+        });
+        test("Bash with plain 'rm' is critical", () => {
+            expect(assessRiskLevel("Bash", { command: "rm file.txt" })).toBe("critical");
+        });
+        test("Bash with 'git push --force' is critical", () => {
+            expect(assessRiskLevel("Bash", SAMPLE_INPUTS.bashForcePush)).toBe("critical");
+        });
+        test("Bash with 'git reset --hard' is critical", () => {
+            expect(assessRiskLevel("Bash", SAMPLE_INPUTS.bashResetHard)).toBe("critical");
+        });
+        test("Bash with 'git clean -fd' is critical", () => {
+            expect(assessRiskLevel("Bash", { command: "git clean -fd" })).toBe("critical");
+        });
+        test("Bash with 'drop' keyword is critical", () => {
+            expect(assessRiskLevel("Bash", { command: "echo drop table" })).toBe("critical");
+        });
+        test("Bash with 'delete' keyword is critical", () => {
+            expect(assessRiskLevel("Bash", { command: "echo delete from" })).toBe("critical");
+        });
+        test("Bash with 'truncate' keyword is critical", () => {
+            expect(assessRiskLevel("Bash", { command: "truncate -s 0 file" })).toBe("critical");
+        });
+        test("Bash with 'format' keyword is critical", () => {
+            expect(assessRiskLevel("Bash", { command: "format drive" })).toBe("critical");
+        });
+        test("Bash with 'dd if=' is critical", () => {
+            expect(assessRiskLevel("Bash", { command: "dd if=/dev/zero of=/dev/sda" })).toBe("critical");
+        });
+        test("Bash with 'shred' is critical", () => {
+            expect(assessRiskLevel("Bash", { command: "shred -u file" })).toBe("critical");
+        });
+        test("Bash with fork bomb pattern is critical", () => {
+            // Note: The regex in permissions.ts is /\b:\(\)\{\s*:\|:\s*&\s*\};\s*:\b/
+            // BUG: The \b word boundary won't match before : (non-word char)
+            // This pattern currently does NOT detect fork bombs - security gap
+            const result = assessRiskLevel("Bash", { command: ":(){ :|:& };:" });
+            // CURRENT BEHAVIOR: medium (not detected due to regex bug)
+            // SHOULD BE: critical
+            expect(result).toBe("medium");
+        });
+        test("Bash with fork bomb variant - also not detected", () => {
+            // Test with spaces - also won't match due to word boundary issue
+            const result = assessRiskLevel("Bash", { command: ":(){ :|:& }; :" });
+            // CURRENT BEHAVIOR: medium (not detected)
+            expect(result).toBe("medium");
+        });
+        test("Write to .ssh directory is critical", () => {
+            expect(assessRiskLevel("Write", SAMPLE_INPUTS.sshKey)).toBe("critical");
+        });
+        test("Write to .gnupg directory is critical", () => {
+            expect(assessRiskLevel("Write", SAMPLE_INPUTS.gpgKey)).toBe("critical");
+        });
+        test("Edit to .ssh directory is critical", () => {
+            expect(assessRiskLevel("Edit", { ...SAMPLE_INPUTS.sshKey, old_string: "", new_string: "" })).toBe("critical");
+        });
+        test("Edit to .gnupg directory is critical", () => {
+            expect(assessRiskLevel("Edit", { ...SAMPLE_INPUTS.gpgKey, old_string: "", new_string: "" })).toBe("critical");
+        });
+    });
+    describe("edge cases", () => {
+        test("empty tool input handles gracefully", () => {
+            expect(assessRiskLevel("Read", {})).toBe("low");
+            expect(assessRiskLevel("Bash", {})).toBe("medium");
+        });
+        test("null command in Bash defaults to medium", () => {
+            expect(assessRiskLevel("Bash", { command: null })).toBe("medium");
+        });
+        test("undefined command in Bash defaults to medium", () => {
+            expect(assessRiskLevel("Bash", { command: undefined })).toBe("medium");
+        });
+        test("case sensitivity in critical patterns", () => {
+            expect(assessRiskLevel("Bash", { command: "DROP TABLE users" })).toBe("critical");
+            expect(assessRiskLevel("Bash", { command: "DELETE FROM table" })).toBe("critical");
+        });
+    });
+});
+// ============================================
+// DESCRIPTION GENERATION TESTS
+// ============================================
+describe("generateDescription", () => {
+    test("Read tool description", () => {
+        const desc = generateDescription("Read", SAMPLE_INPUTS.readFile);
+        expect(desc).toContain("Read file:");
+        expect(desc).toContain("/path/to/file.ts");
+    });
+    test("Write tool description includes content length", () => {
+        const desc = generateDescription("Write", SAMPLE_INPUTS.writeFile);
+        expect(desc).toContain("Write file:");
+        expect(desc).toContain("chars");
+    });
+    test("Edit tool description", () => {
+        const desc = generateDescription("Edit", SAMPLE_INPUTS.editFile);
+        expect(desc).toContain("Edit file:");
+        expect(desc).toContain("/path/to/edit.ts");
+    });
+    test("Bash tool description truncates long commands", () => {
+        const longCommand = "a".repeat(150);
+        const desc = generateDescription("Bash", { command: longCommand });
+        expect(desc).toContain("Execute:");
+        expect(desc).toContain("...");
+        expect(desc.length).toBeLessThan(200);
+    });
+    test("Bash tool description shows short commands fully", () => {
+        const desc = generateDescription("Bash", SAMPLE_INPUTS.bashSafe);
+        expect(desc).toContain("Execute:");
+        expect(desc).toContain("ls -la");
+        expect(desc).not.toContain("...");
+    });
+    test("Glob tool description", () => {
+        const desc = generateDescription("Glob", SAMPLE_INPUTS.glob);
+        expect(desc).toContain("Find files:");
+        expect(desc).toContain("**/*.ts");
+    });
+    test("Grep tool description", () => {
+        const desc = generateDescription("Grep", SAMPLE_INPUTS.grep);
+        expect(desc).toContain("Search:");
+        expect(desc).toContain("function");
+        expect(desc).toContain("./src");
+    });
+    test("Task tool description", () => {
+        const desc = generateDescription("Task", SAMPLE_INPUTS.task);
+        expect(desc).toContain("Spawn agent:");
+        expect(desc).toContain("Explore");
+    });
+    test("Unknown tool fallback description", () => {
+        const desc = generateDescription("CustomTool", { param: "value" });
+        expect(desc).toContain("Use tool:");
+        expect(desc).toContain("CustomTool");
+    });
+    test("handles missing parameters gracefully", () => {
+        expect(generateDescription("Read", {})).toContain("unknown");
+        expect(generateDescription("Write", {})).toContain("unknown");
+        expect(generateDescription("Glob", {})).toContain("*");
+        expect(generateDescription("Grep", {})).toContain(".");
+    });
+});
+// ============================================
+// TOOL CATEGORIZATION TESTS
+// ============================================
+describe("Tool Categorization", () => {
+    describe("TOOL_CATEGORIES constant", () => {
+        test("contains expected readOnly tools", () => {
+            expect(TOOL_CATEGORIES.readOnly).toContain("Read");
+            expect(TOOL_CATEGORIES.readOnly).toContain("Glob");
+            expect(TOOL_CATEGORIES.readOnly).toContain("Grep");
+            expect(TOOL_CATEGORIES.readOnly).toContain("Task");
+        });
+        test("contains expected fileEdit tools", () => {
+            expect(TOOL_CATEGORIES.fileEdit).toContain("Write");
+            expect(TOOL_CATEGORIES.fileEdit).toContain("Edit");
+            expect(TOOL_CATEGORIES.fileEdit).toContain("NotebookEdit");
+        });
+        test("contains expected system tools", () => {
+            expect(TOOL_CATEGORIES.system).toContain("Bash");
+        });
+    });
+    describe("isReadOnlyTool", () => {
+        test("returns true for readOnly tools", () => {
+            expect(isReadOnlyTool("Read")).toBe(true);
+            expect(isReadOnlyTool("Glob")).toBe(true);
+            expect(isReadOnlyTool("Grep")).toBe(true);
+            expect(isReadOnlyTool("Task")).toBe(true);
+        });
+        test("returns false for non-readOnly tools", () => {
+            expect(isReadOnlyTool("Write")).toBe(false);
+            expect(isReadOnlyTool("Edit")).toBe(false);
+            expect(isReadOnlyTool("Bash")).toBe(false);
+        });
+        test("returns false for unknown tools", () => {
+            expect(isReadOnlyTool("Unknown")).toBe(false);
+        });
+    });
+    describe("isFileEditTool", () => {
+        test("returns true for fileEdit tools", () => {
+            expect(isFileEditTool("Write")).toBe(true);
+            expect(isFileEditTool("Edit")).toBe(true);
+            expect(isFileEditTool("NotebookEdit")).toBe(true);
+        });
+        test("returns false for non-fileEdit tools", () => {
+            expect(isFileEditTool("Read")).toBe(false);
+            expect(isFileEditTool("Bash")).toBe(false);
+            expect(isFileEditTool("Grep")).toBe(false);
+        });
+        test("returns false for unknown tools", () => {
+            expect(isFileEditTool("Unknown")).toBe(false);
+        });
+    });
+    describe("isSystemTool", () => {
+        test("returns true for system tools", () => {
+            expect(isSystemTool("Bash")).toBe(true);
+        });
+        test("returns false for non-system tools", () => {
+            expect(isSystemTool("Read")).toBe(false);
+            expect(isSystemTool("Write")).toBe(false);
+            expect(isSystemTool("Edit")).toBe(false);
+        });
+        test("returns false for unknown tools", () => {
+            expect(isSystemTool("Unknown")).toBe(false);
+        });
+    });
+});
+// ============================================
+// PERMISSION MODE TESTS
+// ============================================
+describe("PermissionManager Modes", () => {
+    describe("bypassPermissions mode", () => {
+        let manager;
+        beforeEach(() => {
+            manager = new PermissionManager("bypassPermissions");
+        });
+        test("allows all Read operations", async () => {
+            const result = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+            expect(result.decision).toBe("allow");
+        });
+        test("allows all Write operations", async () => {
+            const result = await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+            expect(result.decision).toBe("allow");
+        });
+        test("allows critical Bash commands", async () => {
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashCritical);
+            expect(result.decision).toBe("allow");
+        });
+        test("allows sensitive file operations", async () => {
+            const result = await manager.checkPermission("Write", SAMPLE_INPUTS.sshKey);
+            expect(result.decision).toBe("allow");
+        });
+        test("no reason provided in bypass mode", async () => {
+            const result = await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+            expect(result.reason).toBeUndefined();
+        });
+    });
+    describe("dontAsk mode", () => {
+        let manager;
+        beforeEach(() => {
+            manager = new PermissionManager("dontAsk");
+        });
+        test("denies all Read operations", async () => {
+            const result = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+            expect(result.decision).toBe("deny");
+        });
+        test("denies all Write operations", async () => {
+            const result = await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+            expect(result.decision).toBe("deny");
+        });
+        test("denies critical Bash commands", async () => {
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashCritical);
+            expect(result.decision).toBe("deny");
+        });
+        test("provides reason for denial", async () => {
+            const result = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+            expect(result.reason).toContain("dontAsk");
+        });
+        test("denies even safe operations", async () => {
+            const result = await manager.checkPermission("Glob", SAMPLE_INPUTS.glob);
+            expect(result.decision).toBe("deny");
+        });
+    });
+    describe("acceptEdits mode", () => {
+        let manager;
+        beforeEach(() => {
+            manager = new PermissionManager("acceptEdits");
+        });
+        test("allows Read operations", async () => {
+            const result = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+            expect(result.decision).toBe("allow");
+        });
+        test("allows Write operations", async () => {
+            const result = await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+            expect(result.decision).toBe("allow");
+        });
+        test("allows Edit operations", async () => {
+            const result = await manager.checkPermission("Edit", SAMPLE_INPUTS.editFile);
+            expect(result.decision).toBe("allow");
+        });
+        test("allows Glob operations", async () => {
+            const result = await manager.checkPermission("Glob", SAMPLE_INPUTS.glob);
+            expect(result.decision).toBe("allow");
+        });
+        test("allows Grep operations", async () => {
+            const result = await manager.checkPermission("Grep", SAMPLE_INPUTS.grep);
+            expect(result.decision).toBe("allow");
+        });
+        test("allows low/medium risk Bash commands", async () => {
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashSafe);
+            expect(result.decision).toBe("allow");
+        });
+        test("allows git status command (low risk read-only)", async () => {
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashGit);
+            expect(result.decision).toBe("allow");
+        });
+        test("SECURITY GAP: high risk Bash commands (sudo) are NOT prompted - falls through to default allow", async () => {
+            // BUG DOCUMENTATION: acceptEdits mode only checks for low/medium risk
+            // High/critical risk commands fall through to line 293 which defaults to allow
+            // This is a security gap that should be fixed in the implementation
+            const mockPrompt = createMockPrompt("deny");
+            manager = new PermissionManager("acceptEdits", mockPrompt);
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashSudo);
+            // CURRENT BEHAVIOR: Falls through to default allow (bug)
+            expect(result.decision).toBe("allow");
+        });
+        test("SECURITY GAP: critical Bash commands (rm -rf) are NOT prompted - falls through to default allow", async () => {
+            // BUG DOCUMENTATION: Same issue - critical commands should prompt but don't
+            const mockPrompt = createMockPrompt("deny");
+            manager = new PermissionManager("acceptEdits", mockPrompt);
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashCritical);
+            // CURRENT BEHAVIOR: Falls through to default allow (bug)
+            expect(result.decision).toBe("allow");
+        });
+        test("SECURITY GAP: critical Bash commands (git push --force) are NOT prompted - falls through to default allow", async () => {
+            // BUG DOCUMENTATION: Same issue - critical commands should prompt but don't
+            const mockPrompt = createMockPrompt("deny");
+            manager = new PermissionManager("acceptEdits", mockPrompt);
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashForcePush);
+            // CURRENT BEHAVIOR: Falls through to default allow (bug)
+            expect(result.decision).toBe("allow");
+        });
+    });
+    describe("plan mode", () => {
+        let manager;
+        beforeEach(() => {
+            manager = new PermissionManager("plan");
+        });
+        test("allows Read operations", async () => {
+            const result = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+            expect(result.decision).toBe("allow");
+        });
+        test("allows Glob operations", async () => {
+            const result = await manager.checkPermission("Glob", SAMPLE_INPUTS.glob);
+            expect(result.decision).toBe("allow");
+        });
+        test("allows Grep operations", async () => {
+            const result = await manager.checkPermission("Grep", SAMPLE_INPUTS.grep);
+            expect(result.decision).toBe("allow");
+        });
+        test("allows Task operations", async () => {
+            const result = await manager.checkPermission("Task", SAMPLE_INPUTS.task);
+            expect(result.decision).toBe("allow");
+        });
+        test("denies Write operations", async () => {
+            const result = await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+            expect(result.decision).toBe("deny");
+            expect(result.reason).toContain("Plan mode");
+        });
+        test("denies Edit operations", async () => {
+            const result = await manager.checkPermission("Edit", SAMPLE_INPUTS.editFile);
+            expect(result.decision).toBe("deny");
+            expect(result.reason).toContain("write operations disabled");
+        });
+        test("denies Bash operations (even safe ones)", async () => {
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashSafe);
+            expect(result.decision).toBe("deny");
+        });
+        test("denies NotebookEdit operations", async () => {
+            const result = await manager.checkPermission("NotebookEdit", { cell_id: "1" });
+            expect(result.decision).toBe("deny");
+        });
+    });
+    describe("default mode (interactive)", () => {
+        test("prompts for Write operations", async () => {
+            const mockPrompt = createMockPrompt("allow");
+            const manager = new PermissionManager("default", mockPrompt);
+            const result = await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+            expect(result.decision).toBe("allow");
+        });
+        test("prompts for Bash commands", async () => {
+            const mockPrompt = createMockPrompt("deny");
+            const manager = new PermissionManager("default", mockPrompt);
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashSafe);
+            expect(result.decision).toBe("deny");
+        });
+        test("caches allowAlways decision", async () => {
+            const mockPrompt = createMockPrompt("allowAlways");
+            const manager = new PermissionManager("default", mockPrompt);
+            // First call should trigger prompt
+            const result1 = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+            expect(result1.decision).toBe("allowAlways");
+            // Second call should use cache
+            const result2 = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+            expect(result2.decision).toBe("allow");
+            expect(result2.reason).toContain("Previously approved");
+        });
+        test("caches denyAlways decision", async () => {
+            const mockPrompt = createMockPrompt("denyAlways");
+            const manager = new PermissionManager("default", mockPrompt);
+            // First call should trigger prompt
+            const result1 = await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+            expect(result1.decision).toBe("denyAlways");
+            // Second call should use cache
+            const result2 = await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+            expect(result2.decision).toBe("deny");
+            expect(result2.reason).toContain("Previously denied");
+        });
+    });
+    describe("interactive mode", () => {
+        test("behaves same as default mode for prompting", async () => {
+            const mockPrompt = createMockPrompt("allow");
+            const manager = new PermissionManager("interactive", mockPrompt);
+            const result = await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+            expect(result.decision).toBe("allow");
+        });
+        test("prompts for all operations", async () => {
+            const callOrder = [];
+            const trackingPrompt = async (req) => {
+                callOrder.push(req.toolName);
+                return { decision: "allow" };
+            };
+            const manager = new PermissionManager("interactive", trackingPrompt);
+            await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+            await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+            await manager.checkPermission("Bash", SAMPLE_INPUTS.bashSafe);
+            expect(callOrder).toEqual(["Read", "Write", "Bash"]);
+        });
+    });
+});
+// ============================================
+// PERMISSION CACHING TESTS
+// ============================================
+describe("Permission Caching", () => {
+    let manager;
+    let promptCallCount;
+    let trackingPrompt;
+    beforeEach(() => {
+        promptCallCount = 0;
+        trackingPrompt = async (req) => {
+            promptCallCount++;
+            return { decision: "allowAlways" };
+        };
+        manager = new PermissionManager("default", trackingPrompt);
+    });
+    test("cache prevents repeated prompts for same file", async () => {
+        await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        expect(promptCallCount).toBe(1);
+    });
+    test("different files trigger different prompts", async () => {
+        await manager.checkPermission("Read", { file_path: "/file1.ts" });
+        await manager.checkPermission("Read", { file_path: "/file2.ts" });
+        expect(promptCallCount).toBe(2);
+    });
+    test("cache key includes tool name", async () => {
+        await manager.checkPermission("Read", { file_path: "/file.ts" });
+        await manager.checkPermission("Write", { file_path: "/file.ts", content: "" });
+        expect(promptCallCount).toBe(2);
+    });
+    test("Bash cache key is based on command", async () => {
+        await manager.checkPermission("Bash", { command: "ls -la" });
+        await manager.checkPermission("Bash", { command: "ls -la" });
+        await manager.checkPermission("Bash", { command: "pwd" });
+        expect(promptCallCount).toBe(2);
+    });
+    test("clearCache removes all cached decisions", async () => {
+        await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        expect(promptCallCount).toBe(1);
+        manager.clearCache();
+        await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        expect(promptCallCount).toBe(2);
+    });
+    test("setMode clears cache", async () => {
+        await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        expect(promptCallCount).toBe(1);
+        manager.setMode("default");
+        await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        expect(promptCallCount).toBe(2);
+    });
+    test("cache timeout expires old decisions", async () => {
+        // This test verifies the cache timeout mechanism
+        // We create a manager with a very short timeout
+        const shortTimeoutManager = new PermissionManager("default", trackingPrompt);
+        // Access private cacheTimeout for testing (via any)
+        shortTimeoutManager.cacheTimeout = 10; // 10ms
+        await shortTimeoutManager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        expect(promptCallCount).toBe(1);
+        // Wait for cache to expire
+        await new Promise((resolve) => setTimeout(resolve, 50));
+        await shortTimeoutManager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        expect(promptCallCount).toBe(2);
+    });
+    test("allowAlways is cached, allow is not", async () => {
+        let decision = "allow";
+        const variablePrompt = async () => ({
+            decision,
+        });
+        manager = new PermissionManager("default", variablePrompt);
+        // First call with "allow"
+        await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        decision = "deny";
+        // "allow" is not cached, so it prompts again
+        const result = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        expect(result.decision).toBe("deny");
+    });
+});
+// ============================================
+// PERMISSION PROMPT CALLBACK TESTS
+// ============================================
+describe("Permission Prompt Callbacks", () => {
+    test("custom callback receives correct request structure", async () => {
+        let receivedRequest = null;
+        const inspectingPrompt = async (req) => {
+            receivedRequest = req;
+            return { decision: "allow" };
+        };
+        const manager = new PermissionManager("default", inspectingPrompt);
+        await manager.checkPermission("Bash", { command: "echo test" });
+        expect(receivedRequest).not.toBeNull();
+        expect(receivedRequest.toolName).toBe("Bash");
+        expect(receivedRequest.toolInput).toEqual({ command: "echo test" });
+        expect(receivedRequest.riskLevel).toBeDefined();
+        expect(receivedRequest.description).toContain("Execute:");
+        expect(receivedRequest.command).toBe("echo test");
+    });
+    test("callback receives file path in request", async () => {
+        let receivedRequest = null;
+        const inspectingPrompt = async (req) => {
+            receivedRequest = req;
+            return { decision: "allow" };
+        };
+        const manager = new PermissionManager("default", inspectingPrompt);
+        await manager.checkPermission("Write", { file_path: "/test.ts", content: "x" });
+        expect(receivedRequest.file).toBe("/test.ts");
+    });
+    test("callback can return allowAlways", async () => {
+        const manager = new PermissionManager("default", createMockPrompt("allowAlways"));
+        const result = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        expect(result.decision).toBe("allowAlways");
+    });
+    test("callback can return denyAlways", async () => {
+        const manager = new PermissionManager("default", createMockPrompt("denyAlways"));
+        const result = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        expect(result.decision).toBe("denyAlways");
+    });
+    test("async callbacks work correctly", async () => {
+        const manager = new PermissionManager("default", createDelayedMockPrompt("allow", 50));
+        const start = Date.now();
+        const result = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        const elapsed = Date.now() - start;
+        expect(result.decision).toBe("allow");
+        expect(elapsed).toBeGreaterThanOrEqual(40); // Allow some timing variance
+    });
+    test("callback reason is preserved in result", async () => {
+        const reasonPrompt = async () => ({
+            decision: "deny",
+            reason: "Custom denial reason",
+        });
+        const manager = new PermissionManager("default", reasonPrompt);
+        const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashSafe);
+        expect(result.decision).toBe("deny");
+        expect(result.reason).toBe("Custom denial reason");
+    });
+});
+// ============================================
+// SECURITY-CRITICAL PATHS TESTS
+// ============================================
+describe("Security-Critical Paths", () => {
+    describe("sensitive file protection", () => {
+        test("Write to .env requires prompt in default mode", async () => {
+            const mockPrompt = createMockPrompt("deny");
+            const manager = new PermissionManager("default", mockPrompt);
+            const result = await manager.checkPermission("Write", SAMPLE_INPUTS.envFile);
+            expect(result.decision).toBe("deny");
+        });
+        test("Write to .ssh directory requires prompt in acceptEdits mode", async () => {
+            const mockPrompt = createMockPrompt("deny");
+            const manager = new PermissionManager("acceptEdits", mockPrompt);
+            // acceptEdits allows Write, but we want to verify sensitive files are flagged
+            // Note: Current implementation allows this in acceptEdits - this test documents behavior
+            const result = await manager.checkPermission("Write", SAMPLE_INPUTS.sshKey);
+            // In acceptEdits, file writes are auto-allowed regardless of risk
+            expect(result.decision).toBe("allow");
+        });
+    });
+    describe("destructive command protection", () => {
+        test("SECURITY GAP: rm -rf does NOT require prompt in acceptEdits mode", async () => {
+            // BUG DOCUMENTATION: Critical commands fall through to default allow
+            const mockPrompt = createMockPrompt("deny");
+            const manager = new PermissionManager("acceptEdits", mockPrompt);
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashCritical);
+            // CURRENT BEHAVIOR: allow (falls through) - should be deny or prompt
+            expect(result.decision).toBe("allow");
+        });
+        test("SECURITY GAP: git push --force does NOT require prompt in acceptEdits mode", async () => {
+            // BUG DOCUMENTATION: Critical commands fall through to default allow
+            const mockPrompt = createMockPrompt("deny");
+            const manager = new PermissionManager("acceptEdits", mockPrompt);
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashForcePush);
+            // CURRENT BEHAVIOR: allow (falls through) - should be deny or prompt
+            expect(result.decision).toBe("allow");
+        });
+        test("SECURITY GAP: git reset --hard does NOT require prompt in acceptEdits mode", async () => {
+            // BUG DOCUMENTATION: Critical commands fall through to default allow
+            const mockPrompt = createMockPrompt("deny");
+            const manager = new PermissionManager("acceptEdits", mockPrompt);
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashResetHard);
+            // CURRENT BEHAVIOR: allow (falls through) - should be deny or prompt
+            expect(result.decision).toBe("allow");
+        });
+    });
+    describe("privilege escalation protection", () => {
+        test("SECURITY GAP: sudo commands do NOT require prompt in acceptEdits mode", async () => {
+            // BUG DOCUMENTATION: High risk commands fall through to default allow
+            const mockPrompt = createMockPrompt("deny");
+            const manager = new PermissionManager("acceptEdits", mockPrompt);
+            const result = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashSudo);
+            // CURRENT BEHAVIOR: allow (falls through) - should be deny or prompt
+            expect(result.decision).toBe("allow");
+        });
+        test("chmod commands are correctly identified as high risk", () => {
+            const riskLevel = assessRiskLevel("Bash", { command: "chmod 777 file" });
+            expect(riskLevel).toBe("high");
+        });
+    });
+    describe("mode transition security", () => {
+        test("switching to bypassPermissions clears cache", async () => {
+            const manager = new PermissionManager("default", createMockPrompt("allowAlways"));
+            // Cache a decision
+            await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+            // Switch mode
+            manager.setMode("bypassPermissions");
+            // Cache should be cleared - verify by checking internal state
+            const cache = manager.cache;
+            expect(Object.keys(cache).length).toBe(0);
+        });
+        test("switching from bypassPermissions to default re-enables prompts", async () => {
+            let promptCalled = false;
+            const trackingPrompt = async () => {
+                promptCalled = true;
+                return { decision: "allow" };
+            };
+            const manager = new PermissionManager("bypassPermissions", trackingPrompt);
+            // No prompt in bypass mode
+            await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+            expect(promptCalled).toBe(false);
+            // Switch to default
+            manager.setMode("default");
+            // Prompt should be called now
+            await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+            expect(promptCalled).toBe(true);
+        });
+    });
+    describe("edge case security", () => {
+        test("empty command in Bash doesn't bypass security", async () => {
+            const riskLevel = assessRiskLevel("Bash", { command: "" });
+            expect(riskLevel).toBe("medium");
+        });
+        test("null file path doesn't cause error", async () => {
+            const manager = new PermissionManager("default", createMockPrompt("allow"));
+            const result = await manager.checkPermission("Write", { file_path: null, content: "x" });
+            expect(result.decision).toBe("allow");
+        });
+        test("undefined input doesn't bypass security", async () => {
+            const riskLevel = assessRiskLevel("Bash", { command: undefined });
+            expect(riskLevel).toBe("medium");
+        });
+        test("very long commands are handled safely", async () => {
+            const veryLongCommand = "echo " + "a".repeat(10000);
+            const desc = generateDescription("Bash", { command: veryLongCommand });
+            expect(desc.length).toBeLessThan(200);
+            expect(desc).toContain("...");
+        });
+    });
+});
+// ============================================
+// CONCURRENCY TESTS
+// ============================================
+describe("Concurrency", () => {
+    test("handles concurrent permission checks", async () => {
+        const manager = new PermissionManager("default", createMockPrompt("allow"));
+        const checks = await Promise.all([
+            manager.checkPermission("Read", { file_path: "/file1.ts" }),
+            manager.checkPermission("Read", { file_path: "/file2.ts" }),
+            manager.checkPermission("Read", { file_path: "/file3.ts" }),
+        ]);
+        expect(checks.every((r) => r.decision === "allow")).toBe(true);
+    });
+    test("cache is thread-safe for concurrent access", async () => {
+        let promptCount = 0;
+        const countingPrompt = async () => {
+            promptCount++;
+            await new Promise((r) => setTimeout(r, 10));
+            return { decision: "allowAlways" };
+        };
+        const manager = new PermissionManager("default", countingPrompt);
+        // All these should trigger prompts (no caching yet)
+        await Promise.all([
+            manager.checkPermission("Read", { file_path: "/same.ts" }),
+            manager.checkPermission("Read", { file_path: "/same.ts" }),
+            manager.checkPermission("Read", { file_path: "/same.ts" }),
+        ]);
+        // Without proper locking, all three might prompt
+        // With caching, only the first should prompt
+        // Note: This test documents current behavior - actual thread safety
+        // depends on JavaScript's single-threaded nature
+        expect(promptCount).toBeGreaterThanOrEqual(1);
+    });
+});
+// ============================================
+// INTEGRATION TESTS
+// ============================================
+describe("Integration Tests", () => {
+    test("full workflow: read, edit, write in acceptEdits mode", async () => {
+        const manager = new PermissionManager("acceptEdits");
+        const readResult = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        expect(readResult.decision).toBe("allow");
+        const editResult = await manager.checkPermission("Edit", SAMPLE_INPUTS.editFile);
+        expect(editResult.decision).toBe("allow");
+        const writeResult = await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+        expect(writeResult.decision).toBe("allow");
+    });
+    test("full workflow: plan mode allows read-only only", async () => {
+        const manager = new PermissionManager("plan");
+        const readResult = await manager.checkPermission("Read", SAMPLE_INPUTS.readFile);
+        expect(readResult.decision).toBe("allow");
+        const globResult = await manager.checkPermission("Glob", SAMPLE_INPUTS.glob);
+        expect(globResult.decision).toBe("allow");
+        const grepResult = await manager.checkPermission("Grep", SAMPLE_INPUTS.grep);
+        expect(grepResult.decision).toBe("allow");
+        const writeResult = await manager.checkPermission("Write", SAMPLE_INPUTS.writeFile);
+        expect(writeResult.decision).toBe("deny");
+    });
+    test("SECURITY GAP: full workflow - critical commands do NOT require prompt in acceptEdits", async () => {
+        const mockPrompt = createMockPrompt("deny");
+        const manager = new PermissionManager("acceptEdits", mockPrompt);
+        // Safe commands allowed
+        const safeResult = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashSafe);
+        expect(safeResult.decision).toBe("allow");
+        // BUG: Critical commands should require prompt but fall through to allow
+        const criticalResult = await manager.checkPermission("Bash", SAMPLE_INPUTS.bashCritical);
+        // CURRENT BEHAVIOR: allow (falls through) - should be deny or prompt
+        expect(criticalResult.decision).toBe("allow");
+    });
+});