@gotgenes/pi-permission-system 10.0.0 → 10.2.0

package/test/handlers/external-directory-session-dedup.test.ts

@@ -8,18 +8,29 @@
  * the real interaction between PermissionSession, SessionRules, and
  * PermissionManager.
  */
+
+import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
 
+import { GateDecisionReporter } from "#src/decision-reporter";
 import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
+import { GateRunner } from "#src/handlers/gates/runner";
+import { SkillInputGatePipeline } from "#src/handlers/gates/skill-input-gate-pipeline";
+import { ToolCallGatePipeline } from "#src/handlers/gates/tool-call-gate-pipeline";
 import { PermissionGateHandler } from "#src/handlers/permission-gate-handler";
-import type { PermissionSession } from "#src/permission-session";
+import type { PromptPermissionDetails } from "#src/permission-prompter";
 import type { Rule } from "#src/rule";
 import type { SessionApproval } from "#src/session-approval";
+import { resolveToolPreviewLimits } from "#src/tool-preview-formatter";
 import type { ToolRegistry } from "#src/tool-registry";
 import type { PermissionCheckResult } from "#src/types";
 import { wildcardMatch } from "#src/wildcard-matcher";
 
-import { makeCtx, makeEvents } from "#test/helpers/handler-fixtures";
+import {
+  type MockGateHandlerSession,
+  makeCtx,
+  makeEvents,
+} from "#test/helpers/handler-fixtures";
 
 // ── SDK stub ───────────────────────────────────────────────────────────────
 vi.mock("@earendil-works/pi-coding-agent", async (importOriginal) => {
@@ -39,12 +50,12 @@ vi.mock("@earendil-works/pi-coding-agent", async (importOriginal) => {
  * "allow" by default.
  */
 function makeStatefulSession(
-  overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
-): PermissionSession {
+  overrides: Partial<MockGateHandlerSession> = {},
+): MockGateHandlerSession {
   const sessionRules: Rule[] = [];
 
   const checkPermission = vi
-    .fn()
+    .fn<MockGateHandlerSession["checkPermission"]>()
     .mockImplementation(
       (
         surface: string,
@@ -97,7 +108,7 @@ function makeStatefulSession(
     );
 
   const recordSessionApproval = vi
-    .fn()
+    .fn<MockGateHandlerSession["recordSessionApproval"]>()
     .mockImplementation((approval: SessionApproval) => {
       for (const pattern of approval.patterns) {
         sessionRules.push({
@@ -110,26 +121,86 @@ function makeStatefulSession(
       }
     });
 
-  const getSessionRuleset = vi.fn().mockImplementation(() => [...sessionRules]);
+  const getSessionRuleset = vi
+    .fn<MockGateHandlerSession["getSessionRuleset"]>()
+    .mockImplementation(() => [...sessionRules]);
+
+  const session: MockGateHandlerSession = {
+    logger: overrides.logger ?? {
+      debug: vi.fn(),
+      review: vi.fn(),
+      warn: vi.fn(),
+    },
+    activate: overrides.activate ?? vi.fn<MockGateHandlerSession["activate"]>(),
+    resolveAgentName:
+      overrides.resolveAgentName ??
+      vi.fn<MockGateHandlerSession["resolveAgentName"]>().mockReturnValue(null),
+    checkPermission: overrides.checkPermission ?? checkPermission,
+    getSessionRuleset: overrides.getSessionRuleset ?? getSessionRuleset,
+    recordSessionApproval:
+      overrides.recordSessionApproval ?? recordSessionApproval,
+    getActiveSkillEntries:
+      overrides.getActiveSkillEntries ??
+      vi
+        .fn<MockGateHandlerSession["getActiveSkillEntries"]>()
+        .mockReturnValue([]),
+    getInfrastructureReadDirs:
+      overrides.getInfrastructureReadDirs ??
+      vi
+        .fn<MockGateHandlerSession["getInfrastructureReadDirs"]>()
+        .mockReturnValue([]),
+    getToolPreviewLimits:
+      overrides.getToolPreviewLimits ??
+      vi
+        .fn<MockGateHandlerSession["getToolPreviewLimits"]>()
+        .mockReturnValue(resolveToolPreviewLimits(DEFAULT_EXTENSION_CONFIG)),
+    canPrompt:
+      overrides.canPrompt ??
+      vi.fn<MockGateHandlerSession["canPrompt"]>().mockReturnValue(true),
+    prompt:
+      overrides.prompt ??
+      vi
+        .fn<MockGateHandlerSession["prompt"]>()
+        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
+    // Delegations — closures read `session` at call time so overrides win.
+    resolve:
+      overrides.resolve ??
+      vi.fn<MockGateHandlerSession["resolve"]>((surface, input, agentName) =>
+        session.checkPermission(
+          surface,
+          input,
+          agentName,
+          session.getSessionRuleset(),
+        ),
+      ),
+    canConfirm:
+      overrides.canConfirm ??
+      vi.fn<MockGateHandlerSession["canConfirm"]>(() =>
+        session.canPrompt(undefined as unknown as ExtensionContext),
+      ),
+    promptPermission:
+      overrides.promptPermission ??
+      vi.fn<MockGateHandlerSession["promptPermission"]>(
+        (details: PromptPermissionDetails) =>
+          session.prompt(undefined as unknown as ExtensionContext, details),
+      ),
+  };
+  return session;
+}
 
-  return {
-    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    activate: vi.fn(),
-    resolveAgentName: vi.fn().mockReturnValue(null),
-    checkPermission,
-    getToolPermission: vi.fn().mockReturnValue("allow"),
-    getSessionRuleset,
-    recordSessionApproval,
-    getActiveSkillEntries: vi.fn().mockReturnValue([]),
-    getInfrastructureDirs: vi.fn().mockReturnValue([]),
-    getInfrastructureReadPaths: vi.fn().mockReturnValue([]),
-    config: DEFAULT_EXTENSION_CONFIG,
-    canPrompt: vi.fn().mockReturnValue(true),
-    prompt: vi
-      .fn()
-      .mockResolvedValue({ approved: true, state: "approved_for_session" }),
-    ...overrides,
-  } as unknown as PermissionSession;
+function makeHandlerForSession(
+  session: MockGateHandlerSession,
+): PermissionGateHandler {
+  const events = makeEvents();
+  const reporter = new GateDecisionReporter(session.logger, events);
+  const runner = new GateRunner(session, session, session, reporter);
+  return new PermissionGateHandler(
+    session,
+    makeToolRegistry(),
+    new ToolCallGatePipeline(session),
+    new SkillInputGatePipeline(session),
+    runner,
+  );
 }
 
 function makeToolRegistry(): ToolRegistry {
@@ -152,11 +223,7 @@ describe("external-directory session dedup", () => {
   describe("path-bearing tools (read, write, edit)", () => {
     it("does not re-prompt for the same external path after session approval", async () => {
       const session = makeStatefulSession();
-      const handler = new PermissionGateHandler(
-        session,
-        makeEvents(),
-        makeToolRegistry(),
-      );
+      const handler = makeHandlerForSession(session);
       const ctx = makeCtx();
       const externalPath = "/outside/project/data.txt";
 
@@ -185,11 +252,7 @@ describe("external-directory session dedup", () => {
 
     it("does not re-prompt for a different file in the same external directory", async () => {
       const session = makeStatefulSession();
-      const handler = new PermissionGateHandler(
-        session,
-        makeEvents(),
-        makeToolRegistry(),
-      );
+      const handler = makeHandlerForSession(session);
       const ctx = makeCtx();
 
       // First call — prompt for /outside/project/a.txt
@@ -215,11 +278,7 @@ describe("external-directory session dedup", () => {
 
     it("does prompt for a file in a different external directory", async () => {
       const session = makeStatefulSession();
-      const handler = new PermissionGateHandler(
-        session,
-        makeEvents(),
-        makeToolRegistry(),
-      );
+      const handler = makeHandlerForSession(session);
       const ctx = makeCtx();
 
       // First call — /outside/alpha/file.txt
@@ -249,11 +308,7 @@ describe("external-directory session dedup", () => {
           .fn()
           .mockResolvedValue({ approved: true, state: "approved" }),
       });
-      const handler = new PermissionGateHandler(
-        session,
-        makeEvents(),
-        makeToolRegistry(),
-      );
+      const handler = makeHandlerForSession(session);
       const ctx = makeCtx();
       const externalPath = "/outside/project/data.txt";
 
@@ -282,11 +337,7 @@ describe("external-directory session dedup", () => {
   describe("bash commands with external paths", () => {
     it("does not re-prompt for a bash command referencing the same external path after session approval", async () => {
       const session = makeStatefulSession();
-      const handler = new PermissionGateHandler(
-        session,
-        makeEvents(),
-        makeToolRegistry(),
-      );
+      const handler = makeHandlerForSession(session);
       const ctx = makeCtx();
 
       // First call — bash referencing /tmp/out.txt
@@ -314,11 +365,7 @@ describe("external-directory session dedup", () => {
 
     it("does not re-prompt for read after bash already approved the same directory", async () => {
       const session = makeStatefulSession();
-      const handler = new PermissionGateHandler(
-        session,
-        makeEvents(),
-        makeToolRegistry(),
-      );
+      const handler = makeHandlerForSession(session);
       const ctx = makeCtx();
 
       // First call — bash writes to /tmp/out.txt

package/test/handlers/gates/bash-command.test.ts

@@ -1,18 +1,11 @@
-import { describe, expect, it, vi } from "vitest";
+import { describe, expect, it } from "vitest";
 
 import { resolveBashCommandCheck } from "#src/handlers/gates/bash-command";
-import type { Rule } from "#src/rule";
 import type { PermissionCheckResult } from "#src/types";
 
+import { makeResolver } from "#test/helpers/gate-fixtures";
 import { makeCheckResult } from "#test/helpers/handler-fixtures";
 
-type CheckPermissionFn = (
-  surface: string,
-  input: unknown,
-  agentName?: string,
-  sessionRules?: Rule[],
-) => PermissionCheckResult;
-
 /** Build a bash-surface check result for a single command unit. */
 function bashResult(
   state: PermissionCheckResult["state"],
@@ -24,44 +17,40 @@ function bashResult(
 
 describe("resolveBashCommandCheck", () => {
   it("passes a single command straight through", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(bashResult("allow", "npm install pkg", "npm *"));
+    const resolver = makeResolver(
+      bashResult("allow", "npm install pkg", "npm *"),
+    );
 
     const result = resolveBashCommandCheck(
       "npm install pkg",
       [{ text: "npm install pkg" }],
       undefined,
-      [],
-      checkPermission,
+      resolver,
     );
 
     expect(result.state).toBe("allow");
-    expect(checkPermission).toHaveBeenCalledTimes(1);
-    expect(checkPermission).toHaveBeenCalledWith(
+    expect(resolver.resolve).toHaveBeenCalledTimes(1);
+    expect(resolver.resolve).toHaveBeenCalledWith(
       "bash",
       { command: "npm install pkg" },
       undefined,
-      [],
     );
   });
 
   it("denies the chain when any sub-command is denied, reporting that command's pattern", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockImplementation((_surface, input) => {
-        const command = (input as { command: string }).command;
-        return command.startsWith("npm")
-          ? bashResult("deny", command, "npm *")
-          : bashResult("allow", command, "cd *");
-      });
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface, input) => {
+      const command = (input as { command: string }).command;
+      return command.startsWith("npm")
+        ? bashResult("deny", command, "npm *")
+        : bashResult("allow", command, "cd *");
+    });
 
     const result = resolveBashCommandCheck(
       "cd /p && npm install pkg",
       [{ text: "cd /p" }, { text: "npm install pkg" }],
       undefined,
-      [],
-      checkPermission,
+      resolver,
     );
 
     expect(result.state).toBe("deny");
@@ -70,21 +59,19 @@ describe("resolveBashCommandCheck", () => {
   });
 
   it("asks when a sub-command asks and none denies", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockImplementation((_surface, input) => {
-        const command = (input as { command: string }).command;
-        return command.startsWith("git")
-          ? bashResult("ask", command, "git *")
-          : bashResult("allow", command, "cd *");
-      });
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface, input) => {
+      const command = (input as { command: string }).command;
+      return command.startsWith("git")
+        ? bashResult("ask", command, "git *")
+        : bashResult("allow", command, "cd *");
+    });
 
     const result = resolveBashCommandCheck(
       "cd /p && git push",
       [{ text: "cd /p" }, { text: "git push" }],
       undefined,
-      [],
-      checkPermission,
+      resolver,
     );
 
     expect(result.state).toBe("ask");
@@ -93,19 +80,17 @@ describe("resolveBashCommandCheck", () => {
   });
 
   it("returns the first allow result when every sub-command is allowed", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockImplementation((_surface, input) => {
-        const command = (input as { command: string }).command;
-        return bashResult("allow", command, `${command} *`);
-      });
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface, input) => {
+      const command = (input as { command: string }).command;
+      return bashResult("allow", command, `${command} *`);
+    });
 
     const result = resolveBashCommandCheck(
       "a && b",
       [{ text: "a" }, { text: "b" }],
       undefined,
-      [],
-      checkPermission,
+      resolver,
     );
 
     expect(result.state).toBe("allow");
@@ -113,62 +98,40 @@ describe("resolveBashCommandCheck", () => {
   });
 
   it("falls back to the whole command when no top-level commands are found", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(bashResult("ask", "( rm x )", "*"));
+    const resolver = makeResolver(bashResult("ask", "( rm x )", "*"));
 
-    const result = resolveBashCommandCheck(
-      "( rm x )",
-      [],
-      undefined,
-      [],
-      checkPermission,
-    );
+    const result = resolveBashCommandCheck("( rm x )", [], undefined, resolver);
 
     expect(result.state).toBe("ask");
     expect(result.commandContext).toBeUndefined();
-    expect(checkPermission).toHaveBeenCalledTimes(1);
-    expect(checkPermission).toHaveBeenCalledWith(
+    expect(resolver.resolve).toHaveBeenCalledTimes(1);
+    expect(resolver.resolve).toHaveBeenCalledWith(
       "bash",
       { command: "( rm x )" },
       undefined,
-      [],
     );
   });
 
-  it("forwards the agent name and session rules to each sub-command check", () => {
-    const sessionRules: Rule[] = [
-      { surface: "bash", pattern: "npm *", action: "allow", origin: "session" },
-    ];
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(bashResult("allow", "npm i"));
-
-    resolveBashCommandCheck(
-      "npm i",
-      [{ text: "npm i" }],
-      "agent-x",
-      sessionRules,
-      checkPermission,
-    );
+  it("forwards the agent name to each sub-command check", () => {
+    const resolver = makeResolver(bashResult("allow", "npm i"));
+
+    resolveBashCommandCheck("npm i", [{ text: "npm i" }], "agent-x", resolver);
 
-    expect(checkPermission).toHaveBeenCalledWith(
+    expect(resolver.resolve).toHaveBeenCalledWith(
       "bash",
       { command: "npm i" },
       "agent-x",
-      sessionRules,
     );
   });
 
   it("tags the winning result with the offending command's execution context", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockImplementation((_surface, input) => {
-        const command = (input as { command: string }).command;
-        return command.startsWith("rm")
-          ? bashResult("deny", command, "rm *")
-          : bashResult("allow", command, "echo *");
-      });
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface, input) => {
+      const command = (input as { command: string }).command;
+      return command.startsWith("rm")
+        ? bashResult("deny", command, "rm *")
+        : bashResult("allow", command, "echo *");
+    });
 
     const result = resolveBashCommandCheck(
       "echo $(rm -rf foo)",
@@ -177,8 +140,7 @@ describe("resolveBashCommandCheck", () => {
         { text: "rm -rf foo", context: "command_substitution" },
       ],
       undefined,
-      [],
-      checkPermission,
+      resolver,
     );
 
     expect(result.state).toBe("deny");
@@ -187,16 +149,13 @@ describe("resolveBashCommandCheck", () => {
   });
 
   it("leaves commandContext unset when the winning command is top-level", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(bashResult("deny", "rm -rf foo", "rm *"));
+    const resolver = makeResolver(bashResult("deny", "rm -rf foo", "rm *"));
 
     const result = resolveBashCommandCheck(
       "rm -rf foo",
       [{ text: "rm -rf foo" }],
       undefined,
-      [],
-      checkPermission,
+      resolver,
     );
 
     expect(result.state).toBe("deny");