npm - @gotgenes/pi-permission-system - Versions diffs - 10.0.0 → 10.1.0 - Mend

@gotgenes/pi-permission-system 10.0.0 → 10.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/CHANGELOG.md +26 -0
package/README.md +1 -1
package/package.json +1 -1
package/src/agent-prep-session.ts +28 -0
package/src/decision-reporter.ts +41 -0
package/src/denial-messages.ts +11 -0
package/src/forwarded-permissions/permission-forwarder.ts +549 -0
package/src/forwarding-manager.ts +3 -7
package/src/gate-handler-session.ts +13 -0
package/src/gate-prompter.ts +14 -0
package/src/handlers/before-agent-start.ts +2 -3
package/src/handlers/gates/bash-command.ts +4 -18
package/src/handlers/gates/bash-external-directory.ts +3 -15
package/src/handlers/gates/bash-path.ts +3 -16
package/src/handlers/gates/descriptor.ts +0 -28
package/src/handlers/gates/path.ts +3 -15
package/src/handlers/gates/runner.ts +142 -105
package/src/handlers/gates/skill-input-gate-pipeline.ts +104 -0
package/src/handlers/gates/skill-input.ts +44 -0
package/src/handlers/gates/tool-call-gate-pipeline.ts +120 -0
package/src/handlers/lifecycle.ts +9 -9
package/src/handlers/permission-gate-handler.ts +34 -238
package/src/index.ts +49 -69
package/src/mcp-targets.ts +56 -46
package/src/permission-prompter.ts +7 -58
package/src/permission-resolver.ts +17 -0
package/src/permission-session.ts +77 -9
package/src/permissions-service.ts +53 -0
package/src/service-lifecycle.ts +49 -0
package/src/session-approval-recorder.ts +6 -0
package/src/session-lifecycle-session.ts +24 -0
package/src/tool-input-preview.ts +0 -62
package/src/tool-input-prompt-formatters.ts +63 -0
package/src/tool-preview-formatter.ts +6 -4
package/test/decision-reporter.test.ts +112 -0
package/test/denial-messages.test.ts +62 -0
package/test/forwarding-manager.test.ts +26 -44
package/test/handlers/before-agent-start.test.ts +45 -21
package/test/handlers/external-directory-integration.test.ts +86 -22
package/test/handlers/external-directory-session-dedup.test.ts +102 -55
package/test/handlers/gates/bash-command.test.ts +49 -90
package/test/handlers/gates/bash-external-directory.test.ts +54 -95
package/test/handlers/gates/bash-path.test.ts +63 -148
package/test/handlers/gates/path.test.ts +38 -105
package/test/handlers/gates/runner.test.ts +150 -93
package/test/handlers/gates/skill-input-gate-pipeline.test.ts +176 -0
package/test/handlers/gates/skill-input.test.ts +128 -0
package/test/handlers/gates/tool-call-gate-pipeline.test.ts +180 -0
package/test/handlers/input.test.ts +1 -2
package/test/handlers/lifecycle.test.ts +49 -33
package/test/handlers/tool-call-events.test.ts +1 -1
package/test/helpers/gate-fixtures.ts +147 -16
package/test/helpers/handler-fixtures.ts +143 -27
package/test/mcp-targets.test.ts +55 -0
package/test/permission-forwarder.test.ts +295 -0
package/test/permission-forwarding.test.ts +0 -282
package/test/permission-prompter.test.ts +33 -44
package/test/permission-session.test.ts +160 -27
package/test/permissions-service.test.ts +151 -0
package/test/runtime.test.ts +0 -4
package/test/service-lifecycle.test.ts +162 -0
package/test/tool-input-preview.test.ts +0 -111
package/test/tool-input-prompt-formatters.test.ts +115 -0
package/src/forwarded-permissions/polling.ts +0 -411

package/test/helpers/gate-fixtures.ts CHANGED Viewed

@@ -3,15 +3,35 @@
  */
 import { vi } from "vitest";
-import type {
-  GateDescriptor,
-  GateRunnerDeps,
-} from "#src/handlers/gates/descriptor";
+import type { DecisionReporter } from "#src/decision-reporter";
+import type { GatePrompter } from "#src/gate-prompter";
+import type { GateDescriptor } from "#src/handlers/gates/descriptor";
+import { GateRunner } from "#src/handlers/gates/runner";
+import type { SkillInputGateInputs } from "#src/handlers/gates/skill-input-gate-pipeline";
+import type { ToolCallGateInputs } from "#src/handlers/gates/tool-call-gate-pipeline";
 import type { ToolCallContext } from "#src/handlers/gates/types";
+import type { PermissionResolver } from "#src/permission-resolver";
+import type { SessionApprovalRecorder } from "#src/session-approval-recorder";
+import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
+import type { ToolPreviewFormatterOptions } from "#src/tool-preview-formatter";
 import type { PermissionCheckResult } from "#src/types";
 import { makeCheckResult } from "#test/helpers/handler-fixtures";
+/**
+ * Permission resolver mock with an optional default check result.
+ *
+ * Returns a plain object whose `resolve` is a `vi.fn` so callers retain full
+ * mock access (`mockReturnValue`, `mockImplementation`, `mock.calls`).
+ */
+export function makeResolver(defaultCheck?: PermissionCheckResult) {
+  const resolve = vi.fn<PermissionResolver["resolve"]>();
+  if (defaultCheck) {
+    resolve.mockReturnValue(defaultCheck);
+  }
+  return { resolve };
+}
 /**
  * Gate descriptor factory with runner-test defaults.
  *
@@ -48,25 +68,70 @@ export function makeDescriptor(
   };
 }
-export function makeRunnerDeps(
-  overrides: Partial<GateRunnerDeps> = {},
-): GateRunnerDeps {
+/**
+ * Reporter mock with independently inspectable vi.fn() stubs.
+ */
+export function makeReporter(
+  overrides: Partial<DecisionReporter> = {},
+): DecisionReporter {
   return {
-    checkPermission: vi
-      .fn()
-      .mockReturnValue(makeCheckResult({ matchedPattern: "*" })),
-    getSessionRuleset: vi.fn().mockReturnValue([]),
-    recordSessionApproval: vi.fn(),
     writeReviewLog: vi.fn(),
     emitDecision: vi.fn(),
-    canConfirm: vi.fn().mockReturnValue(true),
-    promptPermission: vi
-      .fn()
-      .mockResolvedValue({ approved: true, state: "approved" }),
     ...overrides,
   };
 }
+/**
+ * Gate runner factory for `GateRunner` unit tests.
+ *
+ * Builds one `GateRunner` from four role mocks and returns `{ runner, deps }`
+ * so tests can both invoke `runner.run(...)` and assert on the individual
+ * mock call records (`deps.reporter.*`, `deps.resolve`, etc.).
+ */
+export function makeGateRunner(
+  overrides: {
+    resolve?: PermissionResolver["resolve"];
+    recordSessionApproval?: SessionApprovalRecorder["recordSessionApproval"];
+    canConfirm?: GatePrompter["canConfirm"];
+    promptPermission?: GatePrompter["promptPermission"];
+    reporter?: Partial<DecisionReporter>;
+  } = {},
+) {
+  const reporter = makeReporter(overrides.reporter);
+  const resolve =
+    overrides.resolve ??
+    vi
+      .fn<PermissionResolver["resolve"]>()
+      .mockReturnValue(makeCheckResult({ matchedPattern: "*" }));
+  const recordSessionApproval =
+    overrides.recordSessionApproval ??
+    (vi.fn() as SessionApprovalRecorder["recordSessionApproval"]);
+  const canConfirm =
+    overrides.canConfirm ??
+    (vi.fn().mockReturnValue(true) as GatePrompter["canConfirm"]);
+  const promptPermission =
+    overrides.promptPermission ??
+    vi
+      .fn<GatePrompter["promptPermission"]>()
+      .mockResolvedValue({ approved: true, state: "approved" });
+  const runner = new GateRunner(
+    { resolve },
+    { recordSessionApproval },
+    { canConfirm, promptPermission },
+    reporter,
+  );
+  return {
+    runner,
+    deps: {
+      resolve,
+      recordSessionApproval,
+      canConfirm,
+      promptPermission,
+      reporter,
+    },
+  };
+}
 /**
  * Tool-call context factory with bash defaults.
  *
@@ -103,3 +168,69 @@ export function makeGateCheckResult(
     ...overrides,
   };
 }
+/**
+ * Mock of `ToolCallGateInputs` for `ToolCallGatePipeline` unit tests.
+ *
+ * Each method is a `vi.fn()` stub so callers retain full mock access
+ * (`mock.calls`, `mockReturnValue`, etc.) on the returned object.
+ * Pass `overrides` to replace individual stubs without rebuilding the whole
+ * mock from scratch.
+ */
+export function makeGateInputs(
+  overrides: {
+    resolve?: PermissionResolver["resolve"];
+    getActiveSkillEntries?: () => SkillPromptEntry[];
+    getInfrastructureReadDirs?: () => string[];
+    getToolPreviewLimits?: () => ToolPreviewFormatterOptions;
+  } = {},
+): ToolCallGateInputs {
+  return {
+    resolve:
+      overrides.resolve ??
+      vi.fn<PermissionResolver["resolve"]>().mockReturnValue(makeCheckResult()),
+    getActiveSkillEntries:
+      overrides.getActiveSkillEntries ??
+      vi.fn<() => SkillPromptEntry[]>(() => []),
+    getInfrastructureReadDirs:
+      overrides.getInfrastructureReadDirs ?? vi.fn<() => string[]>(() => []),
+    getToolPreviewLimits:
+      overrides.getToolPreviewLimits ??
+      vi.fn<() => ToolPreviewFormatterOptions>(() => ({
+        toolInputPreviewMaxLength: 500,
+        toolTextSummaryMaxLength: 100,
+        toolInputLogPreviewMaxLength: 200,
+      })),
+  };
+}
+/**
+ * Mock of `SkillInputGateInputs` for `SkillInputGatePipeline` unit tests.
+ *
+ * Returns a plain object with a `checkPermission` `vi.fn()` stub so callers
+ * retain full mock access (`mockReturnValue`, `mock.calls`, etc.).
+ */
+export function makeSkillInputInputs(
+  overrides: { checkPermission?: SkillInputGateInputs["checkPermission"] } = {},
+): SkillInputGateInputs {
+  return {
+    checkPermission:
+      overrides.checkPermission ??
+      vi
+        .fn<SkillInputGateInputs["checkPermission"]>()
+        .mockReturnValue(makeCheckResult()),
+  };
+}
+/**
+ * Mock `GateNotifier` for `SkillInputGatePipeline` unit tests.
+ *
+ * Return type is intentionally unannotated so callers retain full `vi.fn()`
+ * mock access (`mock.calls`, `toHaveBeenCalledWith`, etc.) — annotating with
+ * `GateNotifier` would erase `Mock<...>` methods from the inferred type.
+ */
+export function makeNotifier() {
+  return {
+    warn: vi.fn<(message: string) => void>(),
+  };
+}

package/test/helpers/handler-fixtures.ts CHANGED Viewed

@@ -7,14 +7,67 @@
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { vi } from "vitest";
+import { GateDecisionReporter } from "#src/decision-reporter";
 import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
+import type { GateHandlerSession } from "#src/gate-handler-session";
+import type { GatePrompter } from "#src/gate-prompter";
+import { GateRunner } from "#src/handlers/gates/runner";
+import {
+  type SkillInputGateInputs,
+  SkillInputGatePipeline,
+} from "#src/handlers/gates/skill-input-gate-pipeline";
+import {
+  type ToolCallGateInputs,
+  ToolCallGatePipeline,
+} from "#src/handlers/gates/tool-call-gate-pipeline";
 import { PermissionGateHandler } from "#src/handlers/permission-gate-handler";
+import type { PermissionPromptDecision } from "#src/permission-dialog";
 import type { PermissionDecisionEvent } from "#src/permission-events";
 import { PERMISSIONS_DECISION_CHANNEL } from "#src/permission-events";
-import type { PermissionSession } from "#src/permission-session";
+import type { PromptPermissionDetails } from "#src/permission-prompter";
+import type { Rule } from "#src/rule";
+import type { SessionApprovalRecorder } from "#src/session-approval-recorder";
+import type { SessionLogger } from "#src/session-logger";
+import { resolveToolPreviewLimits } from "#src/tool-preview-formatter";
 import type { ToolRegistry } from "#src/tool-registry";
 import type { PermissionCheckResult } from "#src/types";
+/**
+ * Precise mock boundary for PermissionGateHandler integration tests.
+ *
+ * Intersection of every role the handler and its collaborators require,
+ * plus the context-bound prompting helpers that GatePrompter delegates to.
+ * Without a cast, TypeScript enforces this at the call sites where the
+ * mock is passed to GateRunner / ToolCallGatePipeline / PermissionGateHandler.
+ *
+ * The 4-arg `checkPermission` overrides the 3-arg version from
+ * GateHandlerSession so the `resolve` delegation can forward session rules.
+ */
+export type MockGateHandlerSession = ToolCallGateInputs &
+  SkillInputGateInputs &
+  SessionApprovalRecorder &
+  GatePrompter &
+  GateHandlerSession & {
+    /** Logger source for the reporter the fixture builds. */
+    logger: SessionLogger;
+    /** Session-rule accessor — used by the resolve delegation. */
+    getSessionRuleset(): Rule[];
+    /** 4-arg form so the resolve delegation can pass rules. */
+    checkPermission(
+      surface: string,
+      input: unknown,
+      agentName?: string,
+      rules?: Rule[],
+    ): PermissionCheckResult;
+    /** Context-bound canPrompt — overriding this steers canConfirm. */
+    canPrompt(ctx: ExtensionContext): boolean;
+    /** Context-bound prompt — overriding this steers promptPermission. */
+    prompt(
+      ctx: ExtensionContext,
+      details: PromptPermissionDetails,
+    ): Promise<PermissionPromptDecision>;
+  };
 export function makeEvents() {
   return {
     emit: vi.fn(),
@@ -75,33 +128,86 @@ export function makeCheckResult(
 }
 /**
- * Full-union session stub.
+ * Full-intersection session stub.
  *
- * Includes every method mocked across handler test files so each file
- * only needs to override the fields that differ from the defaults.
+ * Uses per-field `??` selection (no spread) so TypeScript verifies every
+ * field against `MockGateHandlerSession` individually — a missing field fails
+ * `pnpm run check` instead of failing silently at runtime.
+ *
+ * The `resolve`, `canConfirm`, and `promptPermission` delegations are inlined
+ * as closures that read `session` at call time, so overriding `checkPermission`,
+ * `canPrompt`, or `prompt` automatically steers them without extra guards.
  */
 export function makeSession(
-  overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
-): PermissionSession {
-  return {
-    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    activate: vi.fn(),
-    resolveAgentName: vi.fn().mockReturnValue(null),
-    checkPermission: vi.fn().mockReturnValue(makeCheckResult()),
-    getToolPermission: vi.fn().mockReturnValue("allow"),
-    getSessionRuleset: vi.fn().mockReturnValue([]),
-    recordSessionApproval: vi.fn(),
-    getActiveSkillEntries: vi.fn().mockReturnValue([]),
-    getInfrastructureDirs: vi
-      .fn()
-      .mockReturnValue(["/test/agent", "/test/agent/git"]),
-    getInfrastructureReadPaths: vi.fn().mockReturnValue([]),
-    config: DEFAULT_EXTENSION_CONFIG,
-    canPrompt: vi.fn().mockReturnValue(true),
-    prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
-    createPermissionRequestId: vi.fn().mockReturnValue("req-id"),
-    ...overrides,
-  } as unknown as PermissionSession;
+  overrides: Partial<MockGateHandlerSession> = {},
+): MockGateHandlerSession {
+  const session: MockGateHandlerSession = {
+    logger: overrides.logger ?? {
+      debug: vi.fn(),
+      review: vi.fn(),
+      warn: vi.fn(),
+    },
+    activate: overrides.activate ?? vi.fn<MockGateHandlerSession["activate"]>(),
+    resolveAgentName:
+      overrides.resolveAgentName ??
+      vi.fn<MockGateHandlerSession["resolveAgentName"]>().mockReturnValue(null),
+    checkPermission:
+      overrides.checkPermission ??
+      vi
+        .fn<MockGateHandlerSession["checkPermission"]>()
+        .mockReturnValue(makeCheckResult()),
+    getSessionRuleset:
+      overrides.getSessionRuleset ??
+      vi.fn<MockGateHandlerSession["getSessionRuleset"]>().mockReturnValue([]),
+    recordSessionApproval:
+      overrides.recordSessionApproval ??
+      vi.fn<MockGateHandlerSession["recordSessionApproval"]>(),
+    getActiveSkillEntries:
+      overrides.getActiveSkillEntries ??
+      vi
+        .fn<MockGateHandlerSession["getActiveSkillEntries"]>()
+        .mockReturnValue([]),
+    getInfrastructureReadDirs:
+      overrides.getInfrastructureReadDirs ??
+      vi
+        .fn<MockGateHandlerSession["getInfrastructureReadDirs"]>()
+        .mockReturnValue(["/test/agent", "/test/agent/git"]),
+    getToolPreviewLimits:
+      overrides.getToolPreviewLimits ??
+      vi
+        .fn<MockGateHandlerSession["getToolPreviewLimits"]>()
+        .mockReturnValue(resolveToolPreviewLimits(DEFAULT_EXTENSION_CONFIG)),
+    canPrompt:
+      overrides.canPrompt ??
+      vi.fn<MockGateHandlerSession["canPrompt"]>().mockReturnValue(true),
+    prompt:
+      overrides.prompt ??
+      vi
+        .fn<MockGateHandlerSession["prompt"]>()
+        .mockResolvedValue({ approved: true, state: "approved" }),
+    // Delegations — closures read `session` at call time so overrides win.
+    resolve:
+      overrides.resolve ??
+      vi.fn<MockGateHandlerSession["resolve"]>((surface, input, agentName) =>
+        session.checkPermission(
+          surface,
+          input,
+          agentName,
+          session.getSessionRuleset(),
+        ),
+      ),
+    canConfirm:
+      overrides.canConfirm ??
+      vi.fn<MockGateHandlerSession["canConfirm"]>(() =>
+        session.canPrompt(undefined as unknown as ExtensionContext),
+      ),
+    promptPermission:
+      overrides.promptPermission ??
+      vi.fn<MockGateHandlerSession["promptPermission"]>((details) =>
+        session.prompt(undefined as unknown as ExtensionContext, details),
+      ),
+  };
+  return session;
 }
 export function makeToolRegistry(
@@ -121,13 +227,23 @@ export function makeToolRegistry(
  * it needs — handler, events, session, and toolRegistry are all available.
  */
 export function makeHandler(overrides?: {
-  session?: Partial<Record<keyof PermissionSession, unknown>>;
+  session?: Partial<MockGateHandlerSession>;
   toolRegistry?: Partial<ToolRegistry>;
 }) {
   const session = makeSession(overrides?.session);
   const events = makeEvents();
   const toolRegistry = makeToolRegistry(overrides?.toolRegistry);
-  const handler = new PermissionGateHandler(session, events, toolRegistry);
+  const pipeline = new ToolCallGatePipeline(session);
+  const skillInputPipeline = new SkillInputGatePipeline(session);
+  const reporter = new GateDecisionReporter(session.logger, events);
+  const runner = new GateRunner(session, session, session, reporter);
+  const handler = new PermissionGateHandler(
+    session,
+    toolRegistry,
+    pipeline,
+    skillInputPipeline,
+    runner,
+  );
   return { handler, events, session, toolRegistry };
 }

package/test/mcp-targets.test.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { describe, expect, it } from "vitest";
 import {
   createMcpPermissionTargets,
+  McpTargetList,
   parseQualifiedMcpToolName,
 } from "#src/mcp-targets";
@@ -176,3 +177,57 @@ describe("createMcpPermissionTargets", () => {
     });
   });
 });
+describe("McpTargetList", () => {
+  describe("add", () => {
+    it("ignores null", () => {
+      const list = new McpTargetList();
+      list.add(null);
+      expect(list.toArray()).toEqual([]);
+    });
+    it("ignores empty string", () => {
+      const list = new McpTargetList();
+      list.add("");
+      expect(list.toArray()).toEqual([]);
+    });
+    it("appends a new value", () => {
+      const list = new McpTargetList();
+      list.add("exa");
+      expect(list.toArray()).toEqual(["exa"]);
+    });
+    it("dedups repeated values", () => {
+      const list = new McpTargetList();
+      list.add("exa");
+      list.add("exa");
+      expect(list.toArray()).toEqual(["exa"]);
+    });
+    it("preserves first-insertion order across a mix of values", () => {
+      const list = new McpTargetList();
+      list.add("exa_search");
+      list.add("exa:search");
+      list.add("exa");
+      list.add("exa_search"); // duplicate — must not change order
+      list.add("mcp_call");
+      expect(list.toArray()).toEqual([
+        "exa_search",
+        "exa:search",
+        "exa",
+        "mcp_call",
+      ]);
+    });
+  });
+  describe("toArray", () => {
+    it("returns an independent copy that does not mutate the list", () => {
+      const list = new McpTargetList();
+      list.add("exa");
+      const first = list.toArray();
+      first.push("mutated");
+      expect(list.toArray()).toEqual(["exa"]);
+    });
+  });
+});