@gotgenes/pi-permission-system 10.0.0 → 10.2.0

package/test/handlers/gates/skill-input-gate-pipeline.test.ts

@@ -0,0 +1,176 @@
+import { describe, expect, it } from "vitest";
+
+import {
+  createSkillInputRequestId,
+  formatSkillDenyNotice,
+  SkillInputGatePipeline,
+} from "#src/handlers/gates/skill-input-gate-pipeline";
+
+import {
+  makeGateRunner,
+  makeNotifier,
+  makeSkillInputInputs,
+} from "#test/helpers/gate-fixtures";
+import { makeCheckResult } from "#test/helpers/handler-fixtures";
+
+// ── createSkillInputRequestId ─────────────────────────────────────────────
+
+describe("createSkillInputRequestId", () => {
+  it("starts with 'skill-input-'", () => {
+    expect(createSkillInputRequestId().startsWith("skill-input-")).toBe(true);
+  });
+
+  it("returns a unique id on each call", () => {
+    const id1 = createSkillInputRequestId();
+    const id2 = createSkillInputRequestId();
+    expect(id1).not.toBe(id2);
+  });
+});
+
+// ── formatSkillDenyNotice ─────────────────────────────────────────────────
+
+describe("formatSkillDenyNotice", () => {
+  it("includes the skill name in the message (no agent)", () => {
+    const msg = formatSkillDenyNotice("librarian", null);
+    expect(msg).toContain("librarian");
+  });
+
+  it("includes the skill name and agent name when agent is present", () => {
+    const msg = formatSkillDenyNotice("librarian", "code-agent");
+    expect(msg).toContain("librarian");
+    expect(msg).toContain("code-agent");
+  });
+});
+
+// ── SkillInputGatePipeline.evaluate ───────────────────────────────────────
+
+describe("SkillInputGatePipeline.evaluate", () => {
+  // ── notifier behaviour ──────────────────────────────────────────────────
+
+  it("calls notifier.warn when the skill is denied", async () => {
+    const inputs = makeSkillInputInputs({
+      checkPermission: () => makeCheckResult({ state: "deny" }),
+    });
+    const notifier = makeNotifier();
+    const { runner } = makeGateRunner();
+    const pipeline = new SkillInputGatePipeline(inputs);
+
+    await pipeline.evaluate("librarian", null, notifier, runner);
+
+    expect(notifier.warn).toHaveBeenCalledOnce();
+    expect(notifier.warn).toHaveBeenCalledWith(
+      expect.stringContaining("librarian"),
+    );
+  });
+
+  it("does not call notifier.warn when the skill is allowed", async () => {
+    const inputs = makeSkillInputInputs({
+      checkPermission: () => makeCheckResult({ state: "allow" }),
+    });
+    const notifier = makeNotifier();
+    const { runner } = makeGateRunner();
+    const pipeline = new SkillInputGatePipeline(inputs);
+
+    await pipeline.evaluate("librarian", null, notifier, runner);
+
+    expect(notifier.warn).not.toHaveBeenCalled();
+  });
+
+  it("does not call notifier.warn when the skill requires approval (ask)", async () => {
+    const inputs = makeSkillInputInputs({
+      checkPermission: () => makeCheckResult({ state: "ask" }),
+    });
+    const notifier = makeNotifier();
+    const { runner } = makeGateRunner();
+    const pipeline = new SkillInputGatePipeline(inputs);
+
+    await pipeline.evaluate("librarian", null, notifier, runner);
+
+    expect(notifier.warn).not.toHaveBeenCalled();
+  });
+
+  it("includes agent name in the deny notice when agent is present", async () => {
+    const inputs = makeSkillInputInputs({
+      checkPermission: () => makeCheckResult({ state: "deny" }),
+    });
+    const notifier = makeNotifier();
+    const { runner } = makeGateRunner();
+    const pipeline = new SkillInputGatePipeline(inputs);
+
+    await pipeline.evaluate("librarian", "code-agent", notifier, runner);
+
+    expect(notifier.warn).toHaveBeenCalledWith(
+      expect.stringContaining("code-agent"),
+    );
+  });
+
+  // ── outcome mapping ─────────────────────────────────────────────────────
+
+  it("returns allow when the gate passes", async () => {
+    const inputs = makeSkillInputInputs({
+      checkPermission: () => makeCheckResult({ state: "allow" }),
+    });
+    const { runner } = makeGateRunner();
+    const pipeline = new SkillInputGatePipeline(inputs);
+
+    const result = await pipeline.evaluate(
+      "librarian",
+      null,
+      makeNotifier(),
+      runner,
+    );
+
+    expect(result).toEqual({ action: "allow" });
+  });
+
+  it("returns block when the gate denies", async () => {
+    const inputs = makeSkillInputInputs({
+      checkPermission: () =>
+        makeCheckResult({ state: "deny", matchedPattern: "*" }),
+    });
+    const { runner } = makeGateRunner();
+    const pipeline = new SkillInputGatePipeline(inputs);
+
+    const result = await pipeline.evaluate(
+      "librarian",
+      null,
+      makeNotifier(),
+      runner,
+    );
+
+    expect(result).toEqual({
+      action: "block",
+      reason: expect.stringContaining("librarian"),
+    });
+  });
+
+  // ── checkPermission call ────────────────────────────────────────────────
+
+  it("calls checkPermission with the skill surface, skill name, and agent name", async () => {
+    const inputs = makeSkillInputInputs();
+    const { runner } = makeGateRunner();
+    const pipeline = new SkillInputGatePipeline(inputs);
+
+    await pipeline.evaluate("explorer", "code-agent", makeNotifier(), runner);
+
+    expect(inputs.checkPermission).toHaveBeenCalledWith(
+      "skill",
+      { name: "explorer" },
+      "code-agent",
+    );
+  });
+
+  it("calls checkPermission with undefined agentName when agentName is null", async () => {
+    const inputs = makeSkillInputInputs();
+    const { runner } = makeGateRunner();
+    const pipeline = new SkillInputGatePipeline(inputs);
+
+    await pipeline.evaluate("explorer", null, makeNotifier(), runner);
+
+    expect(inputs.checkPermission).toHaveBeenCalledWith(
+      "skill",
+      { name: "explorer" },
+      undefined,
+    );
+  });
+});

package/test/handlers/gates/skill-input.test.ts

@@ -0,0 +1,128 @@
+import { describe, expect, it } from "vitest";
+
+import { describeSkillInputGate } from "#src/handlers/gates/skill-input";
+import { makeCheckResult } from "#test/helpers/handler-fixtures";
+
+// ── helpers ────────────────────────────────────────────────────────────────
+
+function makeSkillCheck(state: "allow" | "deny" | "ask") {
+  return makeCheckResult({
+    state,
+    toolName: "skill",
+    source: "skill",
+    origin: "global",
+    matchedPattern: "*",
+  });
+}
+
+// ── describeSkillInputGate ─────────────────────────────────────────────────
+
+describe("describeSkillInputGate", () => {
+  it("sets surface to 'skill'", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      null,
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.surface).toBe("skill");
+  });
+
+  it("sets input.name to the skill name", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      null,
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.input).toEqual({ name: "librarian" });
+  });
+
+  it("passes preCheck through verbatim", () => {
+    const check = makeSkillCheck("deny");
+    const descriptor = describeSkillInputGate("librarian", null, check);
+    expect(descriptor.preCheck).toBe(check);
+  });
+
+  it("sets denialContext with kind skill_input and skill name", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      null,
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.denialContext).toEqual({
+      kind: "skill_input",
+      skillName: "librarian",
+      agentName: undefined,
+    });
+  });
+
+  it("includes agentName in denialContext when provided", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      "code-agent",
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.denialContext).toEqual({
+      kind: "skill_input",
+      skillName: "librarian",
+      agentName: "code-agent",
+    });
+  });
+
+  it("sets promptDetails source to 'skill_input' with skill name and agent", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      "code-agent",
+      makeSkillCheck("ask"),
+    );
+    expect(descriptor.promptDetails).toMatchObject({
+      source: "skill_input",
+      agentName: "code-agent",
+      skillName: "librarian",
+    });
+  });
+
+  it("includes a non-empty message in promptDetails", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      null,
+      makeSkillCheck("ask"),
+    );
+    expect(typeof descriptor.promptDetails.message).toBe("string");
+    expect(descriptor.promptDetails.message.length).toBeGreaterThan(0);
+  });
+
+  it("sets logContext source to 'skill_input' with skill name and agent", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      "code-agent",
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.logContext).toMatchObject({
+      source: "skill_input",
+      skillName: "librarian",
+      agentName: "code-agent",
+    });
+  });
+
+  it("sets decision surface to 'skill' and value to the skill name", () => {
+    const descriptor = describeSkillInputGate(
+      "my-skill",
+      null,
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.decision).toEqual({
+      surface: "skill",
+      value: "my-skill",
+    });
+  });
+
+  it("does not set preResolved or sessionApproval", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      null,
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.preResolved).toBeUndefined();
+    expect(descriptor.sessionApproval).toBeUndefined();
+  });
+});

package/test/handlers/gates/tool-call-gate-pipeline.test.ts

@@ -0,0 +1,180 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+
+import { ToolCallGatePipeline } from "#src/handlers/gates/tool-call-gate-pipeline";
+
+import {
+  makeGateInputs,
+  makeGateRunner,
+  makeResolver,
+  makeTcc,
+} from "#test/helpers/gate-fixtures";
+import { makeCheckResult } from "#test/helpers/handler-fixtures";
+
+// ── BashProgram.parse mock ─────────────────────────────────────────────────
+
+const { mockBashProgramParse } = vi.hoisted(() => ({
+  mockBashProgramParse: vi.fn(),
+}));
+
+vi.mock("#src/handlers/gates/bash-program", () => ({
+  BashProgram: { parse: mockBashProgramParse },
+}));
+
+function makeMockBashProgram() {
+  return {
+    commands: vi.fn<() => []>(() => []),
+    pathTokens: vi.fn<() => []>(() => []),
+    externalPaths: vi.fn<() => []>(() => []),
+  };
+}
+
+// ── ToolCallGatePipeline ───────────────────────────────────────────────────
+
+describe("ToolCallGatePipeline", () => {
+  beforeEach(() => {
+    mockBashProgramParse.mockReset();
+    mockBashProgramParse.mockResolvedValue(makeMockBashProgram());
+  });
+
+  // ── non-bash tools ───────────────────────────────────────────────────────
+
+  describe("evaluate — non-bash tool", () => {
+    it("returns allow when all gates pass", async () => {
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner({ resolve: inputs.resolve });
+      const pipeline = new ToolCallGatePipeline(inputs);
+
+      const result = await pipeline.evaluate(
+        makeTcc({ toolName: "read", input: {} }),
+        runner,
+      );
+
+      expect(result).toEqual({ action: "allow" });
+    });
+
+    it("returns block when the tool gate denies", async () => {
+      const { resolve } = makeResolver(
+        makeCheckResult({ state: "deny", matchedPattern: "*" }),
+      );
+      const inputs = makeGateInputs({ resolve });
+      const { runner } = makeGateRunner({ resolve });
+      const pipeline = new ToolCallGatePipeline(inputs);
+
+      const result = await pipeline.evaluate(
+        makeTcc({ toolName: "read", input: {} }),
+        runner,
+      );
+
+      expect(result).toMatchObject({ action: "block" });
+    });
+
+    it("short-circuits after the first blocking gate without evaluating later ones", async () => {
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner();
+      const runSpy = vi
+        .spyOn(runner, "run")
+        .mockResolvedValue({ action: "block", reason: "first gate blocked" });
+
+      const pipeline = new ToolCallGatePipeline(inputs);
+      const result = await pipeline.evaluate(
+        makeTcc({ toolName: "read", input: {} }),
+        runner,
+      );
+
+      expect(result).toEqual({ action: "block", reason: "first gate blocked" });
+      // Pipeline looped to the first gate, got block, and stopped — not all 6 gates.
+      expect(runSpy).toHaveBeenCalledTimes(1);
+    });
+
+    it("calls getToolPreviewLimits() during evaluate", async () => {
+      const getToolPreviewLimits = vi.fn(() => ({
+        toolInputPreviewMaxLength: 500,
+        toolTextSummaryMaxLength: 100,
+        toolInputLogPreviewMaxLength: 200,
+      }));
+      const inputs = makeGateInputs({ getToolPreviewLimits });
+      const { runner } = makeGateRunner({ resolve: inputs.resolve });
+      const pipeline = new ToolCallGatePipeline(inputs);
+
+      await pipeline.evaluate(makeTcc({ toolName: "read", input: {} }), runner);
+
+      expect(getToolPreviewLimits).toHaveBeenCalled();
+    });
+
+    it("calls getInfrastructureReadDirs() during evaluate", async () => {
+      const getInfrastructureReadDirs = vi.fn<() => string[]>(() => []);
+      const inputs = makeGateInputs({ getInfrastructureReadDirs });
+      const { runner } = makeGateRunner({ resolve: inputs.resolve });
+      const pipeline = new ToolCallGatePipeline(inputs);
+
+      await pipeline.evaluate(makeTcc({ toolName: "read", input: {} }), runner);
+
+      expect(getInfrastructureReadDirs).toHaveBeenCalled();
+    });
+
+    it("calls getActiveSkillEntries() during evaluate", async () => {
+      const getActiveSkillEntries = vi.fn<() => []>(() => []);
+      const inputs = makeGateInputs({ getActiveSkillEntries });
+      const { runner } = makeGateRunner({ resolve: inputs.resolve });
+      const pipeline = new ToolCallGatePipeline(inputs);
+
+      await pipeline.evaluate(makeTcc({ toolName: "read", input: {} }), runner);
+
+      expect(getActiveSkillEntries).toHaveBeenCalled();
+    });
+
+    it("does not call BashProgram.parse for non-bash tools", async () => {
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner({ resolve: inputs.resolve });
+      const pipeline = new ToolCallGatePipeline(inputs);
+
+      await pipeline.evaluate(makeTcc({ toolName: "read", input: {} }), runner);
+
+      expect(mockBashProgramParse).not.toHaveBeenCalled();
+    });
+  });
+
+  // ── bash tool ────────────────────────────────────────────────────────────
+
+  describe("evaluate — bash tool", () => {
+    it("returns allow when the bash command is permitted", async () => {
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner({ resolve: inputs.resolve });
+      const pipeline = new ToolCallGatePipeline(inputs);
+
+      const result = await pipeline.evaluate(
+        makeTcc({ toolName: "bash", input: { command: "echo hello" } }),
+        runner,
+      );
+
+      expect(result).toEqual({ action: "allow" });
+    });
+
+    it("parses BashProgram exactly once per evaluate for bash tools with a command", async () => {
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner({ resolve: inputs.resolve });
+      const pipeline = new ToolCallGatePipeline(inputs);
+
+      await pipeline.evaluate(
+        makeTcc({ toolName: "bash", input: { command: "echo hello" } }),
+        runner,
+      );
+
+      expect(mockBashProgramParse).toHaveBeenCalledTimes(1);
+      expect(mockBashProgramParse).toHaveBeenCalledWith("echo hello");
+    });
+
+    it("does not parse BashProgram when the bash command is empty", async () => {
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner({ resolve: inputs.resolve });
+      const pipeline = new ToolCallGatePipeline(inputs);
+
+      await pipeline.evaluate(
+        makeTcc({ toolName: "bash", input: { command: "" } }),
+        runner,
+      );
+
+      expect(mockBashProgramParse).not.toHaveBeenCalled();
+    });
+  });
+});

package/test/handlers/input.test.ts

@@ -172,8 +172,7 @@ describe("handleInput", () => {
       },
     });
     await handler.handleInput(makeInputEvent("/skill:librarian"), makeCtx());
-    expect(session.prompt).toHaveBeenCalledWith(
-      expect.anything(),
+    expect(session.promptPermission).toHaveBeenCalledWith(
       expect.objectContaining({
         agentName: "code-agent",
         skillName: "librarian",

package/test/handlers/lifecycle.test.ts

@@ -1,7 +1,8 @@
 import { describe, expect, it, vi } from "vitest";
 
 import { SessionLifecycleHandler } from "#src/handlers/lifecycle";
-import type { PermissionSession } from "#src/permission-session";
+import type { ServiceLifecycle } from "#src/service-lifecycle";
+import type { SessionLifecycleSession } from "#src/session-lifecycle-session";
 
 import { makeCtx } from "#test/helpers/handler-fixtures";
 
@@ -15,39 +16,54 @@ vi.mock("../../src/status", () => ({
 // ── helpers ────────────────────────────────────────────────────────────────
 
 function makeSession(
-  overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
-): PermissionSession {
+  overrides: Partial<SessionLifecycleSession> = {},
+): SessionLifecycleSession {
   return {
-    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    refreshConfig: vi.fn(),
-    resetForNewSession: vi.fn(),
-    logResolvedConfigPaths: vi.fn(),
-    resolveAgentName: vi.fn().mockReturnValue(null),
-    getConfigIssues: vi.fn().mockReturnValue([]),
-    reload: vi.fn(),
-    getRuntimeContext: vi.fn().mockReturnValue(null),
-    shutdown: vi.fn(),
-    ...overrides,
-  } as unknown as PermissionSession;
+    logger: overrides.logger ?? {
+      debug: vi.fn<SessionLifecycleSession["logger"]["debug"]>(),
+      review: vi.fn<SessionLifecycleSession["logger"]["review"]>(),
+      warn: vi.fn<SessionLifecycleSession["logger"]["warn"]>(),
+    },
+    refreshConfig:
+      overrides.refreshConfig ??
+      vi.fn<SessionLifecycleSession["refreshConfig"]>(),
+    resetForNewSession:
+      overrides.resetForNewSession ??
+      vi.fn<SessionLifecycleSession["resetForNewSession"]>(),
+    logResolvedConfigPaths:
+      overrides.logResolvedConfigPaths ??
+      vi.fn<SessionLifecycleSession["logResolvedConfigPaths"]>(),
+    resolveAgentName:
+      overrides.resolveAgentName ??
+      vi
+        .fn<SessionLifecycleSession["resolveAgentName"]>()
+        .mockReturnValue(null),
+    getConfigIssues:
+      overrides.getConfigIssues ??
+      vi.fn<SessionLifecycleSession["getConfigIssues"]>().mockReturnValue([]),
+    reload: overrides.reload ?? vi.fn<SessionLifecycleSession["reload"]>(),
+    getRuntimeContext:
+      overrides.getRuntimeContext ??
+      vi
+        .fn<SessionLifecycleSession["getRuntimeContext"]>()
+        .mockReturnValue(null),
+    shutdown:
+      overrides.shutdown ?? vi.fn<SessionLifecycleSession["shutdown"]>(),
+  };
 }
 
-function makeHandler(
-  overrides?: Partial<Record<keyof PermissionSession, unknown>>,
-): {
+function makeHandler(overrides?: Partial<SessionLifecycleSession>): {
   handler: SessionLifecycleHandler;
-  session: PermissionSession;
-  activateService: ReturnType<typeof vi.fn>;
-  cleanupRpc: ReturnType<typeof vi.fn>;
+  session: SessionLifecycleSession;
+  serviceLifecycle: ServiceLifecycle;
 } {
   const session = makeSession(overrides);
-  const activateService = vi.fn();
-  const cleanupRpc = vi.fn();
-  const handler = new SessionLifecycleHandler(
-    session,
-    activateService,
-    cleanupRpc,
-  );
-  return { handler, session, activateService, cleanupRpc };
+  const serviceLifecycle: ServiceLifecycle = {
+    activate: vi.fn<ServiceLifecycle["activate"]>(),
+    teardown: vi.fn<ServiceLifecycle["teardown"]>(),
+  };
+  const handler = new SessionLifecycleHandler(session, serviceLifecycle);
+  return { handler, session, serviceLifecycle };
 }
 
 // ── handleSessionStart ─────────────────────────────────────────────────────
@@ -114,9 +130,9 @@ describe("handleSessionStart", () => {
 
   it("activates the service for the session with ctx", async () => {
     const ctx = makeCtx();
-    const { handler, activateService } = makeHandler();
+    const { handler, serviceLifecycle } = makeHandler();
     await handler.handleSessionStart({ reason: "startup" }, ctx);
-    expect(activateService).toHaveBeenCalledWith(ctx);
+    expect(serviceLifecycle.activate).toHaveBeenCalledWith(ctx);
   });
 
   it("calls refreshConfig before resetForNewSession", async () => {
@@ -195,9 +211,9 @@ describe("handleSessionShutdown", () => {
     expect(session.shutdown).toHaveBeenCalledOnce();
   });
 
-  it("calls cleanupRpc", async () => {
-    const { handler, cleanupRpc } = makeHandler();
+  it("calls serviceLifecycle.teardown", async () => {
+    const { handler, serviceLifecycle } = makeHandler();
     await handler.handleSessionShutdown();
-    expect(cleanupRpc).toHaveBeenCalledOnce();
+    expect(serviceLifecycle.teardown).toHaveBeenCalledOnce();
   });
 });

package/test/handlers/tool-call-events.test.ts

@@ -209,7 +209,7 @@ describe("handleToolCall decision events — infrastructure_auto_allowed", () =>
     const { handler, events } = makeHandler({
       session: {
         checkPermission: vi.fn().mockReturnValue(makeCheckResult()),
-        getInfrastructureDirs: vi.fn().mockReturnValue([infraDir]),
+        getInfrastructureReadDirs: vi.fn().mockReturnValue([infraDir]),
       },
     });