@gotgenes/pi-permission-system 10.0.0 → 10.2.0

package/test/helpers/handler-fixtures.ts

@@ -7,13 +7,66 @@
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { vi } from "vitest";
 
+import { GateDecisionReporter } from "#src/decision-reporter";
 import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
+import type { GateHandlerSession } from "#src/gate-handler-session";
+import type { GatePrompter } from "#src/gate-prompter";
+import { GateRunner } from "#src/handlers/gates/runner";
+import {
+  type SkillInputGateInputs,
+  SkillInputGatePipeline,
+} from "#src/handlers/gates/skill-input-gate-pipeline";
+import {
+  type ToolCallGateInputs,
+  ToolCallGatePipeline,
+} from "#src/handlers/gates/tool-call-gate-pipeline";
 import { PermissionGateHandler } from "#src/handlers/permission-gate-handler";
+import type { PermissionPromptDecision } from "#src/permission-dialog";
 import type { PermissionDecisionEvent } from "#src/permission-events";
 import { PERMISSIONS_DECISION_CHANNEL } from "#src/permission-events";
-import type { PermissionSession } from "#src/permission-session";
+import type { PromptPermissionDetails } from "#src/permission-prompter";
+import type { Rule } from "#src/rule";
+import type { SessionApprovalRecorder } from "#src/session-approval-recorder";
+import type { SessionLogger } from "#src/session-logger";
+import { resolveToolPreviewLimits } from "#src/tool-preview-formatter";
 import type { ToolRegistry } from "#src/tool-registry";
-import type { PermissionCheckResult } from "#src/types";
+import type { PermissionCheckResult, PermissionState } from "#src/types";
+
+/**
+ * Precise mock boundary for PermissionGateHandler integration tests.
+ *
+ * Intersection of every role the handler and its collaborators require,
+ * plus the context-bound prompting helpers that GatePrompter delegates to.
+ * Without a cast, TypeScript enforces this at the call sites where the
+ * mock is passed to GateRunner / ToolCallGatePipeline / PermissionGateHandler.
+ *
+ * The 4-arg `checkPermission` overrides the 3-arg version from
+ * GateHandlerSession so the `resolve` delegation can forward session rules.
+ */
+export type MockGateHandlerSession = ToolCallGateInputs &
+  SkillInputGateInputs &
+  SessionApprovalRecorder &
+  GatePrompter &
+  GateHandlerSession & {
+    /** Logger source for the reporter the fixture builds. */
+    logger: SessionLogger;
+    /** Session-rule accessor — used by the resolve delegation. */
+    getSessionRuleset(): Rule[];
+    /** 4-arg form so the resolve delegation can pass rules. */
+    checkPermission(
+      surface: string,
+      input: unknown,
+      agentName?: string,
+      rules?: Rule[],
+    ): PermissionCheckResult;
+    /** Context-bound canPrompt — overriding this steers canConfirm. */
+    canPrompt(ctx: ExtensionContext): boolean;
+    /** Context-bound prompt — overriding this steers promptPermission. */
+    prompt(
+      ctx: ExtensionContext,
+      details: PromptPermissionDetails,
+    ): Promise<PermissionPromptDecision>;
+  };
 
 export function makeEvents() {
   return {
@@ -75,33 +128,86 @@ export function makeCheckResult(
 }
 
 /**
- * Full-union session stub.
+ * Full-intersection session stub.
+ *
+ * Uses per-field `??` selection (no spread) so TypeScript verifies every
+ * field against `MockGateHandlerSession` individually — a missing field fails
+ * `pnpm run check` instead of failing silently at runtime.
  *
- * Includes every method mocked across handler test files so each file
- * only needs to override the fields that differ from the defaults.
+ * The `resolve`, `canConfirm`, and `promptPermission` delegations are inlined
+ * as closures that read `session` at call time, so overriding `checkPermission`,
+ * `canPrompt`, or `prompt` automatically steers them without extra guards.
  */
 export function makeSession(
-  overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
-): PermissionSession {
-  return {
-    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    activate: vi.fn(),
-    resolveAgentName: vi.fn().mockReturnValue(null),
-    checkPermission: vi.fn().mockReturnValue(makeCheckResult()),
-    getToolPermission: vi.fn().mockReturnValue("allow"),
-    getSessionRuleset: vi.fn().mockReturnValue([]),
-    recordSessionApproval: vi.fn(),
-    getActiveSkillEntries: vi.fn().mockReturnValue([]),
-    getInfrastructureDirs: vi
-      .fn()
-      .mockReturnValue(["/test/agent", "/test/agent/git"]),
-    getInfrastructureReadPaths: vi.fn().mockReturnValue([]),
-    config: DEFAULT_EXTENSION_CONFIG,
-    canPrompt: vi.fn().mockReturnValue(true),
-    prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
-    createPermissionRequestId: vi.fn().mockReturnValue("req-id"),
-    ...overrides,
-  } as unknown as PermissionSession;
+  overrides: Partial<MockGateHandlerSession> = {},
+): MockGateHandlerSession {
+  const session: MockGateHandlerSession = {
+    logger: overrides.logger ?? {
+      debug: vi.fn(),
+      review: vi.fn(),
+      warn: vi.fn(),
+    },
+    activate: overrides.activate ?? vi.fn<MockGateHandlerSession["activate"]>(),
+    resolveAgentName:
+      overrides.resolveAgentName ??
+      vi.fn<MockGateHandlerSession["resolveAgentName"]>().mockReturnValue(null),
+    checkPermission:
+      overrides.checkPermission ??
+      vi
+        .fn<MockGateHandlerSession["checkPermission"]>()
+        .mockReturnValue(makeCheckResult()),
+    getSessionRuleset:
+      overrides.getSessionRuleset ??
+      vi.fn<MockGateHandlerSession["getSessionRuleset"]>().mockReturnValue([]),
+    recordSessionApproval:
+      overrides.recordSessionApproval ??
+      vi.fn<MockGateHandlerSession["recordSessionApproval"]>(),
+    getActiveSkillEntries:
+      overrides.getActiveSkillEntries ??
+      vi
+        .fn<MockGateHandlerSession["getActiveSkillEntries"]>()
+        .mockReturnValue([]),
+    getInfrastructureReadDirs:
+      overrides.getInfrastructureReadDirs ??
+      vi
+        .fn<MockGateHandlerSession["getInfrastructureReadDirs"]>()
+        .mockReturnValue(["/test/agent", "/test/agent/git"]),
+    getToolPreviewLimits:
+      overrides.getToolPreviewLimits ??
+      vi
+        .fn<MockGateHandlerSession["getToolPreviewLimits"]>()
+        .mockReturnValue(resolveToolPreviewLimits(DEFAULT_EXTENSION_CONFIG)),
+    canPrompt:
+      overrides.canPrompt ??
+      vi.fn<MockGateHandlerSession["canPrompt"]>().mockReturnValue(true),
+    prompt:
+      overrides.prompt ??
+      vi
+        .fn<MockGateHandlerSession["prompt"]>()
+        .mockResolvedValue({ approved: true, state: "approved" }),
+    // Delegations — closures read `session` at call time so overrides win.
+    resolve:
+      overrides.resolve ??
+      vi.fn<MockGateHandlerSession["resolve"]>((surface, input, agentName) =>
+        session.checkPermission(
+          surface,
+          input,
+          agentName,
+          session.getSessionRuleset(),
+        ),
+      ),
+    canConfirm:
+      overrides.canConfirm ??
+      vi.fn<MockGateHandlerSession["canConfirm"]>(() =>
+        session.canPrompt(undefined as unknown as ExtensionContext),
+      ),
+    promptPermission:
+      overrides.promptPermission ??
+      vi.fn<MockGateHandlerSession["promptPermission"]>((details) =>
+        session.prompt(undefined as unknown as ExtensionContext, details),
+      ),
+  };
+  return session;
 }
 
 export function makeToolRegistry(
@@ -114,6 +220,78 @@ export function makeToolRegistry(
   };
 }
 
+/**
+ * Surface-dispatching `checkPermission` mock.
+ *
+ * Builds a `vi.fn()` that returns a `PermissionCheckResult` for each surface,
+ * using `bySurface[surface]` when matched and `defaultResult` otherwise.
+ * Default fields: `toolName` = the surface string, `source: "tool"`,
+ * `origin: "builtin"` — callers override by including the field in the
+ * per-surface or default partial (e.g. `{ path: { state: "allow", source: "special" } }`).
+ *
+ * Return type is intentionally unannotated so callers retain full `vi.fn()`
+ * mock access (`mock.calls`, `toHaveBeenCalledWith`, etc.).
+ */
+export function makeSurfaceCheck(
+  bySurface: Record<
+    string,
+    Partial<PermissionCheckResult> & { state: PermissionState }
+  >,
+  defaultResult: Partial<PermissionCheckResult> & { state: PermissionState } = {
+    state: "allow",
+  },
+) {
+  return vi
+    .fn<MockGateHandlerSession["checkPermission"]>()
+    .mockImplementation((surface): PermissionCheckResult => {
+      const base = bySurface[surface] ?? defaultResult;
+      return {
+        toolName: surface,
+        source: "tool",
+        origin: "builtin",
+        ...base,
+      };
+    });
+}
+
+/**
+ * Bash-surface `checkPermission` mock that dispatches on a command regex.
+ *
+ * For the `bash` surface: returns a deny result when `opts.deny` matches the
+ * command, and an allow result otherwise.  For all other surfaces, returns a
+ * plain allow result.
+ *
+ * Return type is intentionally unannotated so callers retain full `vi.fn()`
+ * mock access.
+ */
+export function makeBashCommandCheck(opts: {
+  deny: RegExp;
+  denyMatched: string;
+  allowMatched?: string;
+}) {
+  return vi
+    .fn<MockGateHandlerSession["checkPermission"]>()
+    .mockImplementation((surface, input): PermissionCheckResult => {
+      if (surface === "bash") {
+        const command = (input as { command?: string }).command ?? "";
+        return opts.deny.test(command)
+          ? makeCheckResult({
+              state: "deny",
+              source: "bash",
+              command,
+              matchedPattern: opts.denyMatched,
+            })
+          : makeCheckResult({
+              state: "allow",
+              source: "bash",
+              command,
+              matchedPattern: opts.allowMatched,
+            });
+      }
+      return makeCheckResult({ state: "allow" });
+    });
+}
+
 /**
  * Constructs a PermissionGateHandler with mocked collaborators.
  *
@@ -121,13 +299,32 @@ export function makeToolRegistry(
  * it needs — handler, events, session, and toolRegistry are all available.
  */
 export function makeHandler(overrides?: {
-  session?: Partial<Record<keyof PermissionSession, unknown>>;
+  session?: Partial<MockGateHandlerSession>;
   toolRegistry?: Partial<ToolRegistry>;
+  /** Sugar: builds the `getAll` mock from a list of tool names. */
+  tools?: string[];
 }) {
   const session = makeSession(overrides?.session);
   const events = makeEvents();
-  const toolRegistry = makeToolRegistry(overrides?.toolRegistry);
-  const handler = new PermissionGateHandler(session, events, toolRegistry);
+  const toolRegistry =
+    overrides?.tools !== undefined
+      ? makeToolRegistry({
+          getAll: vi
+            .fn()
+            .mockReturnValue(overrides.tools.map((name) => ({ name }))),
+        })
+      : makeToolRegistry(overrides?.toolRegistry);
+  const pipeline = new ToolCallGatePipeline(session);
+  const skillInputPipeline = new SkillInputGatePipeline(session);
+  const reporter = new GateDecisionReporter(session.logger, events);
+  const runner = new GateRunner(session, session, session, reporter);
+  const handler = new PermissionGateHandler(
+    session,
+    toolRegistry,
+    pipeline,
+    skillInputPipeline,
+    runner,
+  );
   return { handler, events, session, toolRegistry };
 }
 

package/test/mcp-targets.test.ts

@@ -1,6 +1,7 @@
 import { describe, expect, it } from "vitest";
 import {
   createMcpPermissionTargets,
+  McpTargetList,
   parseQualifiedMcpToolName,
 } from "#src/mcp-targets";
 
@@ -176,3 +177,57 @@ describe("createMcpPermissionTargets", () => {
     });
   });
 });
+
+describe("McpTargetList", () => {
+  describe("add", () => {
+    it("ignores null", () => {
+      const list = new McpTargetList();
+      list.add(null);
+      expect(list.toArray()).toEqual([]);
+    });
+
+    it("ignores empty string", () => {
+      const list = new McpTargetList();
+      list.add("");
+      expect(list.toArray()).toEqual([]);
+    });
+
+    it("appends a new value", () => {
+      const list = new McpTargetList();
+      list.add("exa");
+      expect(list.toArray()).toEqual(["exa"]);
+    });
+
+    it("dedups repeated values", () => {
+      const list = new McpTargetList();
+      list.add("exa");
+      list.add("exa");
+      expect(list.toArray()).toEqual(["exa"]);
+    });
+
+    it("preserves first-insertion order across a mix of values", () => {
+      const list = new McpTargetList();
+      list.add("exa_search");
+      list.add("exa:search");
+      list.add("exa");
+      list.add("exa_search"); // duplicate — must not change order
+      list.add("mcp_call");
+      expect(list.toArray()).toEqual([
+        "exa_search",
+        "exa:search",
+        "exa",
+        "mcp_call",
+      ]);
+    });
+  });
+
+  describe("toArray", () => {
+    it("returns an independent copy that does not mutate the list", () => {
+      const list = new McpTargetList();
+      list.add("exa");
+      const first = list.toArray();
+      first.push("mutated");
+      expect(list.toArray()).toEqual(["exa"]);
+    });
+  });
+});

package/test/permission-forwarder.test.ts

@@ -0,0 +1,295 @@
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
+import { afterEach, describe, expect, test, vi } from "vitest";
+
+import {
+  PermissionForwarder,
+  type PermissionForwarderDeps,
+} from "#src/forwarded-permissions/permission-forwarder";
+import { createPermissionForwardingLocation } from "#src/permission-forwarding";
+
+// ── Helpers ───────────────────────────────────────────────────────────────
+
+function makeDeps(
+  overrides: Partial<PermissionForwarderDeps> = {},
+): PermissionForwarderDeps {
+  return {
+    forwardingDir: "/tmp/forwarding",
+    subagentSessionsDir: "/tmp/subagents",
+    logger: { writeReviewLog: vi.fn(), writeDebugLog: vi.fn() },
+    writeReviewLog: vi.fn(),
+    requestPermissionDecisionFromUi: vi
+      .fn()
+      .mockResolvedValue({ approved: true, state: "approved" as const }),
+    shouldAutoApprove: () => false,
+    ...overrides,
+  };
+}
+
+afterEach(() => {
+  vi.unstubAllEnvs();
+});
+
+// ── requestApproval ───────────────────────────────────────────────────────
+
+describe("requestApproval — UI fast path", () => {
+  test("calls requestPermissionDecisionFromUi but does not emit a UI prompt event (the prompter does)", async () => {
+    const events = {
+      emit: vi.fn(),
+      on: vi.fn().mockReturnValue(() => undefined),
+    };
+    const requestPermissionDecisionFromUi = vi
+      .fn()
+      .mockResolvedValue({ approved: true, state: "approved" as const });
+
+    const forwarder = new PermissionForwarder(
+      makeDeps({ events, requestPermissionDecisionFromUi }),
+    );
+
+    await forwarder.requestApproval(
+      {
+        hasUI: true,
+        ui: { select: vi.fn(), input: vi.fn() },
+      } as unknown as ExtensionContext,
+      "Allow git push?",
+    );
+
+    expect(requestPermissionDecisionFromUi).toHaveBeenCalled();
+    expect(events.emit).not.toHaveBeenCalledWith(
+      "permissions:ui_prompt",
+      expect.anything(),
+    );
+  });
+});
+
+describe("requestApproval — non-UI, non-subagent path", () => {
+  test("returns denied without showing a dialog or emitting when there is no active UI", async () => {
+    const events = {
+      emit: vi.fn(),
+      on: vi.fn().mockReturnValue(() => undefined),
+    };
+    const requestPermissionDecisionFromUi = vi.fn();
+
+    const forwarder = new PermissionForwarder(
+      makeDeps({ events, requestPermissionDecisionFromUi }),
+    );
+
+    const result = await forwarder.requestApproval(
+      {
+        hasUI: false,
+        sessionManager: {
+          getSessionDir: vi.fn().mockReturnValue(null),
+        },
+      } as unknown as ExtensionContext,
+      "Allow git push?",
+    );
+
+    expect(result).toEqual({ approved: false, state: "denied" });
+    expect(events.emit).not.toHaveBeenCalledWith(
+      "permissions:ui_prompt",
+      expect.anything(),
+    );
+    expect(requestPermissionDecisionFromUi).not.toHaveBeenCalled();
+  });
+});
+
+// ── processInbox ──────────────────────────────────────────────────────────
+
+describe("processInbox", () => {
+  test("emits a UI prompt event before showing a forwarded permission dialog", async () => {
+    const root = mkdtempSync(join(tmpdir(), "permission-forwarding-"));
+    try {
+      const forwardingDir = join(root, "forwarding");
+      const location = createPermissionForwardingLocation(
+        forwardingDir,
+        "parent-session",
+      );
+      mkdirSync(location.requestsDir, { recursive: true });
+      mkdirSync(location.responsesDir, { recursive: true });
+      writeFileSync(
+        join(location.requestsDir, "req-forwarded.json"),
+        JSON.stringify({
+          id: "req-forwarded",
+          createdAt: Date.now(),
+          requesterSessionId: "child-session",
+          targetSessionId: "parent-session",
+          requesterAgentName: "Explore",
+          message: "Allow git push?",
+        }),
+        "utf-8",
+      );
+
+      const events = {
+        emit: vi.fn(),
+        on: vi.fn().mockReturnValue(() => undefined),
+      };
+      const requestPermissionDecisionFromUi = vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved" as const });
+
+      const forwarder = new PermissionForwarder(
+        makeDeps({
+          forwardingDir,
+          events,
+          requestPermissionDecisionFromUi,
+        }),
+      );
+
+      await forwarder.processInbox({
+        hasUI: true,
+        ui: { select: vi.fn(), input: vi.fn() },
+        sessionManager: {
+          getSessionId: vi.fn().mockReturnValue("parent-session"),
+        },
+      } as unknown as ExtensionContext);
+
+      expect(events.emit).toHaveBeenCalledWith(
+        "permissions:ui_prompt",
+        expect.objectContaining({
+          requestId: "req-forwarded",
+          source: "tool_call",
+          surface: null,
+          value: null,
+          agentName: "Explore",
+          message: expect.stringContaining("Allow git push?"),
+          forwarding: {
+            requesterAgentName: "Explore",
+            requesterSessionId: "child-session",
+          },
+        }),
+      );
+      expect(requestPermissionDecisionFromUi).toHaveBeenCalled();
+    } finally {
+      rmSync(root, { recursive: true, force: true });
+    }
+  });
+
+  test("emits a non-degraded UI prompt event when the request carries display fields", async () => {
+    const root = mkdtempSync(join(tmpdir(), "permission-forwarding-"));
+    try {
+      const forwardingDir = join(root, "forwarding");
+      const location = createPermissionForwardingLocation(
+        forwardingDir,
+        "parent-session",
+      );
+      mkdirSync(location.requestsDir, { recursive: true });
+      mkdirSync(location.responsesDir, { recursive: true });
+      writeFileSync(
+        join(location.requestsDir, "req-forwarded-rich.json"),
+        JSON.stringify({
+          id: "req-forwarded-rich",
+          createdAt: Date.now(),
+          requesterSessionId: "child-session",
+          targetSessionId: "parent-session",
+          requesterAgentName: "Explore",
+          message: "Allow git push?",
+          source: "tool_call",
+          surface: "bash",
+          value: "git push",
+        }),
+        "utf-8",
+      );
+
+      const events = {
+        emit: vi.fn(),
+        on: vi.fn().mockReturnValue(() => undefined),
+      };
+      const requestPermissionDecisionFromUi = vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved" as const });
+
+      const forwarder = new PermissionForwarder(
+        makeDeps({
+          forwardingDir,
+          events,
+          requestPermissionDecisionFromUi,
+        }),
+      );
+
+      await forwarder.processInbox({
+        hasUI: true,
+        ui: { select: vi.fn(), input: vi.fn() },
+        sessionManager: {
+          getSessionId: vi.fn().mockReturnValue("parent-session"),
+        },
+      } as unknown as ExtensionContext);
+
+      expect(events.emit).toHaveBeenCalledWith(
+        "permissions:ui_prompt",
+        expect.objectContaining({
+          requestId: "req-forwarded-rich",
+          source: "tool_call",
+          surface: "bash",
+          value: "git push",
+          agentName: "Explore",
+          message: expect.stringContaining("Allow git push?"),
+          forwarding: {
+            requesterAgentName: "Explore",
+            requesterSessionId: "child-session",
+          },
+        }),
+      );
+      expect(requestPermissionDecisionFromUi).toHaveBeenCalled();
+    } finally {
+      rmSync(root, { recursive: true, force: true });
+    }
+  });
+
+  test("does not emit a UI prompt event when forwarded permission auto-approves", async () => {
+    const root = mkdtempSync(join(tmpdir(), "permission-forwarding-"));
+    try {
+      const forwardingDir = join(root, "forwarding");
+      const location = createPermissionForwardingLocation(
+        forwardingDir,
+        "parent-session",
+      );
+      mkdirSync(location.requestsDir, { recursive: true });
+      mkdirSync(location.responsesDir, { recursive: true });
+      writeFileSync(
+        join(location.requestsDir, "req-forwarded-auto.json"),
+        JSON.stringify({
+          id: "req-forwarded-auto",
+          createdAt: Date.now(),
+          requesterSessionId: "child-session",
+          targetSessionId: "parent-session",
+          requesterAgentName: "Explore",
+          message: "Allow git push?",
+        }),
+        "utf-8",
+      );
+
+      const events = {
+        emit: vi.fn(),
+        on: vi.fn().mockReturnValue(() => undefined),
+      };
+      const requestPermissionDecisionFromUi = vi.fn();
+
+      const forwarder = new PermissionForwarder(
+        makeDeps({
+          forwardingDir,
+          events,
+          requestPermissionDecisionFromUi,
+          shouldAutoApprove: () => true,
+        }),
+      );
+
+      await forwarder.processInbox({
+        hasUI: true,
+        ui: { select: vi.fn(), input: vi.fn() },
+        sessionManager: {
+          getSessionId: vi.fn().mockReturnValue("parent-session"),
+        },
+      } as unknown as ExtensionContext);
+
+      expect(events.emit).not.toHaveBeenCalledWith(
+        "permissions:ui_prompt",
+        expect.anything(),
+      );
+      expect(requestPermissionDecisionFromUi).not.toHaveBeenCalled();
+    } finally {
+      rmSync(root, { recursive: true, force: true });
+    }
+  });
+});