@gotgenes/pi-permission-system 10.1.0 → 10.3.0

package/CHANGELOG.md

@@ -5,6 +5,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [10.3.0](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.2.0...pi-permission-system-v10.3.0) (2026-06-05)
+
+
+### Features
+
+* add ConfigStore owning extension config state ([5941733](https://github.com/gotgenes/pi-packages/commit/5941733a67c0ad9aef3d3b2e5908a82e76ac8603))
+
+## [10.2.0](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.1.0...pi-permission-system-v10.2.0) (2026-06-04)
+
+
+### Features
+
+* add PermissionManager.configureForCwd and agentDir option ([5a2d363](https://github.com/gotgenes/pi-packages/commit/5a2d3634a0b8466a5d6aa8baa170a9bf53e068fb))
+
 ## [10.1.0](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.0.0...pi-permission-system-v10.1.0) (2026-06-03)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gotgenes/pi-permission-system",
-  "version": "10.1.0",
+  "version": "10.3.0",
   "description": "Permission enforcement extension for the Pi coding agent.",
   "type": "module",
   "exports": {

package/src/config-modal.ts

@@ -5,6 +5,7 @@ import {
 } from "@earendil-works/pi-coding-agent";
 import { type SettingItem, SettingsList } from "@earendil-works/pi-tui";
 
+import type { CommandConfigStore } from "./config-store";
 import {
   DEFAULT_EXTENSION_CONFIG,
   type PermissionSystemExtensionConfig,
@@ -12,11 +13,7 @@ import {
 import type { Ruleset } from "./rule";
 
 interface PermissionSystemConfigController {
-  getConfig(): PermissionSystemExtensionConfig;
-  setConfig(
-    next: PermissionSystemExtensionConfig,
-    ctx: ExtensionCommandContext,
-  ): void;
+  config: CommandConfigStore;
   getConfigPath(): string;
   /** Optional: returns the composed config-layer ruleset for origin display. */
   getComposedRules?(): Ruleset;
@@ -175,15 +172,15 @@ async function openSettingsModal(
   // eslint-disable-next-line @typescript-eslint/no-invalid-void-type -- ctx.ui.custom<void> is valid; rule does not allow void in generic fn call type args
   await ctx.ui.custom<void>(
     (_tui, _theme, _keybindings, done) => {
-      let current = controller.getConfig();
+      let current = controller.config.current();
       const settingsList = new SettingsList(
         buildSettingItems(current),
         10,
         getSettingsListTheme(),
         (id, newValue) => {
           current = applySetting(current, id, newValue);
-          controller.setConfig(current, ctx);
-          current = controller.getConfig();
+          controller.config.save(current, ctx);
+          current = controller.config.current();
           syncSettingValues(settingsList, current);
         },
         () => done(),
@@ -208,7 +205,7 @@ function handleArgs(
   if (normalized === "show") {
     const rules = controller.getComposedRules?.();
     ctx.ui.notify(
-      `permission-system: ${summarizeConfig(controller.getConfig(), rules)}`,
+      `permission-system: ${summarizeConfig(controller.config.current(), rules)}`,
       "info",
     );
     return true;
@@ -223,7 +220,7 @@ function handleArgs(
   }
 
   if (normalized === "reset") {
-    controller.setConfig(cloneDefaultConfig(), ctx);
+    controller.config.save(cloneDefaultConfig(), ctx);
     ctx.ui.notify("Permission system settings reset to defaults.", "info");
     return true;
   }

package/src/config-store.ts

@@ -0,0 +1,243 @@
+import {
+  existsSync,
+  mkdirSync,
+  renameSync,
+  unlinkSync,
+  writeFileSync,
+} from "node:fs";
+import { dirname, normalize } from "node:path";
+import type {
+  ExtensionCommandContext,
+  ExtensionContext,
+} from "@earendil-works/pi-coding-agent";
+
+import { loadAndMergeConfigs, loadUnifiedConfig } from "./config-loader";
+import {
+  getGlobalConfigPath,
+  getLegacyExtensionConfigPath,
+  getLegacyGlobalPolicyPath,
+  getLegacyProjectPolicyPath,
+} from "./config-paths";
+import { buildResolvedConfigLogEntry } from "./config-reporter";
+import {
+  DEFAULT_EXTENSION_CONFIG,
+  EXTENSION_ROOT,
+  normalizePermissionSystemConfig,
+  type PermissionSystemExtensionConfig,
+} from "./extension-config";
+import type { ResolvedPolicyPaths } from "./policy-loader";
+import { syncPermissionSystemStatus } from "./status";
+
+/** Read-only view of the current config — for consumers that only read. */
+export interface ConfigReader {
+  current(): PermissionSystemExtensionConfig;
+}
+
+/**
+ * Narrow subset of `ConfigStore` that `PermissionSession` depends on.
+ *
+ * Using an interface rather than the concrete class avoids private-member
+ * coupling between the class and test doubles.
+ */
+export interface SessionConfigStore extends ConfigReader {
+  refresh(ctx?: ExtensionContext): void;
+  logResolvedPaths(): void;
+}
+
+/**
+ * Narrow subset of `ConfigStore` for the `/permission-system` command.
+ *
+ * Using an interface rather than the concrete class avoids private-member
+ * coupling between the class and test doubles.
+ */
+export interface CommandConfigStore extends ConfigReader {
+  save(
+    next: PermissionSystemExtensionConfig,
+    ctx: ExtensionCommandContext,
+  ): void;
+}
+
+/**
+ * Transitional get/set seam over the runtime-owned context.
+ *
+ * Retired in Step 4 (#337) when context ownership moves to `PermissionSession`.
+ */
+export interface RuntimeContextRef {
+  get(): ExtensionContext | null;
+  set(ctx: ExtensionContext): void;
+}
+
+/** Narrow logging sink — replaced by an injected logger in Step 3 (#336). */
+export interface ConfigStoreLogger {
+  writeDebugLog(event: string, details?: Record<string, unknown>): void;
+  writeReviewLog(event: string, details?: Record<string, unknown>): void;
+}
+
+/** Narrow view of the manager's resolved policy paths (for `logResolvedPaths`). */
+export interface ResolvedPolicyPathProvider {
+  getResolvedPolicyPaths(): ResolvedPolicyPaths;
+}
+
+export interface ConfigStoreDeps {
+  agentDir: string;
+  context: RuntimeContextRef;
+  policyPaths: ResolvedPolicyPathProvider;
+  logger: ConfigStoreLogger;
+}
+
+/**
+ * Owns the mutable extension config and the operations that read/write it.
+ *
+ * Replaces the three `(runtime, …)` config free functions
+ * (`refreshExtensionConfig`, `saveExtensionConfig`, `logResolvedConfigPaths`)
+ * with methods that privately own `config` and `lastConfigWarning`.
+ *
+ * Implements {@link ConfigReader} so consumers that only read the current config
+ * can depend on the narrow interface rather than the full class.
+ */
+export class ConfigStore implements SessionConfigStore, CommandConfigStore {
+  private config: PermissionSystemExtensionConfig;
+  private lastConfigWarning: string | null = null;
+
+  constructor(private readonly deps: ConfigStoreDeps) {
+    this.config = { ...DEFAULT_EXTENSION_CONFIG };
+  }
+
+  /** Return the current extension config. */
+  current(): PermissionSystemExtensionConfig {
+    return this.config;
+  }
+
+  /**
+   * Reload merged config from disk.
+   *
+   * If `ctx` is provided, updates the stored runtime context via the seam first.
+   * Equivalent to `refreshExtensionConfig(runtime, ctx?)`.
+   */
+  refresh(ctx?: ExtensionContext): void {
+    if (ctx) {
+      this.deps.context.set(ctx);
+    }
+    const cwd = this.deps.context.get()?.cwd ?? null;
+    const mergeResult = loadAndMergeConfigs(
+      this.deps.agentDir,
+      cwd ?? "",
+      EXTENSION_ROOT,
+    );
+    const runtimeConfig = normalizePermissionSystemConfig(mergeResult.merged);
+    this.config = runtimeConfig;
+
+    const currentCtx = this.deps.context.get();
+    if (currentCtx?.hasUI) {
+      syncPermissionSystemStatus(currentCtx, runtimeConfig);
+    }
+
+    const warning =
+      mergeResult.issues.length > 0 ? mergeResult.issues.join("\n") : undefined;
+
+    if (warning && warning !== this.lastConfigWarning) {
+      this.lastConfigWarning = warning;
+      currentCtx?.ui.notify(warning, "warning");
+    } else if (!warning) {
+      this.lastConfigWarning = null;
+    }
+
+    this.deps.logger.writeDebugLog("config.loaded", {
+      warning: warning ?? null,
+      debugLog: runtimeConfig.debugLog,
+      permissionReviewLog: runtimeConfig.permissionReviewLog,
+      yoloMode: runtimeConfig.yoloMode,
+    });
+  }
+
+  /**
+   * Save updated runtime knobs to the global config file, then update
+   * the current config and sync UI status.
+   *
+   * Equivalent to `saveExtensionConfig(runtime, next, ctx)`.
+   */
+  // Called via the CommandConfigStore interface from config-modal.ts — fallow cannot trace through interfaces.
+  // fallow-ignore-next-line unused-class-member
+  save(
+    next: PermissionSystemExtensionConfig,
+    ctx: ExtensionCommandContext,
+  ): void {
+    const normalized = normalizePermissionSystemConfig(next);
+    const globalPath = getGlobalConfigPath(this.deps.agentDir);
+
+    const existing = loadUnifiedConfig(globalPath);
+    const merged = {
+      ...existing.config,
+      debugLog: normalized.debugLog,
+      permissionReviewLog: normalized.permissionReviewLog,
+      yoloMode: normalized.yoloMode,
+    };
+
+    const tmpPath = `${globalPath}.tmp`;
+    try {
+      mkdirSync(dirname(globalPath), { recursive: true });
+      writeFileSync(tmpPath, `${JSON.stringify(merged, null, 2)}\n`, "utf-8");
+      renameSync(tmpPath, globalPath);
+    } catch (error) {
+      try {
+        if (existsSync(tmpPath)) {
+          unlinkSync(tmpPath);
+        }
+      } catch {
+        // Ignore cleanup failures.
+      }
+      const message = error instanceof Error ? error.message : String(error);
+      ctx.ui.notify(
+        `Failed to save permission-system config at '${globalPath}': ${message}`,
+        "error",
+      );
+      return;
+    }
+
+    this.config = normalized;
+    syncPermissionSystemStatus(ctx, normalized);
+    this.lastConfigWarning = null;
+
+    this.deps.logger.writeDebugLog("config.saved", {
+      debugLog: normalized.debugLog,
+      permissionReviewLog: normalized.permissionReviewLog,
+      yoloMode: normalized.yoloMode,
+    });
+  }
+
+  /**
+   * Write the resolved config path set to the review and debug logs.
+   *
+   * Equivalent to `logResolvedConfigPaths(runtime)`.
+   */
+  logResolvedPaths(): void {
+    const policyPaths = this.deps.policyPaths.getResolvedPolicyPaths();
+    const cwd = this.deps.context.get()?.cwd ?? null;
+    const { agentDir } = this.deps;
+    const legacyGlobalPolicyDetected = existsSync(
+      getLegacyGlobalPolicyPath(agentDir),
+    );
+    const legacyProjectPolicyDetected = cwd
+      ? existsSync(getLegacyProjectPolicyPath(cwd))
+      : false;
+    const legacyExtConfigPath = getLegacyExtensionConfigPath(EXTENSION_ROOT);
+    const newGlobalPath = getGlobalConfigPath(agentDir);
+    const legacyExtensionConfigDetected =
+      normalize(legacyExtConfigPath) !== normalize(newGlobalPath) &&
+      existsSync(legacyExtConfigPath);
+    const entry = buildResolvedConfigLogEntry({
+      policyPaths,
+      legacyGlobalPolicyDetected,
+      legacyProjectPolicyDetected,
+      legacyExtensionConfigDetected,
+    });
+    this.deps.logger.writeReviewLog(
+      "config.resolved",
+      entry as unknown as Record<string, unknown>,
+    );
+    this.deps.logger.writeDebugLog(
+      "config.resolved",
+      entry as unknown as Record<string, unknown>,
+    );
+  }
+}

package/src/index.ts

@@ -18,15 +18,11 @@ import { SkillInputGatePipeline } from "./handlers/gates/skill-input-gate-pipeli
 import { ToolCallGatePipeline } from "./handlers/gates/tool-call-gate-pipeline";
 import { requestPermissionDecisionFromUi } from "./permission-dialog";
 import { registerPermissionRpcHandlers } from "./permission-event-rpc";
+import { PermissionManager } from "./permission-manager";
 import { PermissionPrompter } from "./permission-prompter";
 import { PermissionSession } from "./permission-session";
 import { LocalPermissionsService } from "./permissions-service";
-import {
-  createExtensionRuntime,
-  logResolvedConfigPaths,
-  refreshExtensionConfig,
-  saveExtensionConfig,
-} from "./runtime";
+import { createExtensionRuntime } from "./runtime";
 import { PermissionServiceLifecycle } from "./service-lifecycle";
 import { createSessionLogger } from "./session-logger";
 import { isSubagentExecutionContext } from "./subagent-context";
@@ -56,18 +52,20 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
     writeReviewLog: runtime.writeReviewLog.bind(runtime),
     requestPermissionDecisionFromUi,
     shouldAutoApprove: () =>
-      shouldAutoApprovePermissionState("ask", runtime.config),
+      shouldAutoApprovePermissionState("ask", runtime.configStore.current()),
   };
   const forwarder = new PermissionForwarder(forwardingDeps);
 
   const prompter = new PermissionPrompter({
-    getConfig: () => runtime.config,
+    config: runtime.configStore,
     writeReviewLog: runtime.writeReviewLog.bind(runtime),
     events: pi.events,
     forwarder,
   });
 
-  refreshExtensionConfig(runtime);
+  runtime.configStore.refresh();
+
+  const sessionManager = new PermissionManager({ agentDir: runtime.agentDir });
 
   const session = new PermissionSession(
     runtime,
@@ -77,13 +75,12 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
       forwarder,
       subagentRegistry,
     ),
+    sessionManager,
+    runtime.configStore,
     {
-      refreshExtensionConfig: (ctx) => refreshExtensionConfig(runtime, ctx),
-      logResolvedConfigPaths: () => logResolvedConfigPaths(runtime),
-      getConfig: () => runtime.config,
       canRequestPermissionConfirmation: (ctx) =>
         canResolveAskPermissionRequest({
-          config: runtime.config,
+          config: runtime.configStore.current(),
           hasUI: ctx.hasUI,
           isSubagent: isSubagentExecutionContext(
             ctx,
@@ -96,8 +93,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
   );
 
   registerPermissionSystemCommand(pi, {
-    getConfig: () => runtime.config,
-    setConfig: (next, ctx) => saveExtensionConfig(runtime, next, ctx),
+    config: runtime.configStore,
     getConfigPath: () => getGlobalConfigPath(runtime.agentDir),
     getComposedRules: () =>
       runtime.permissionManager.getComposedConfigRules(

package/src/permission-manager.ts

@@ -1,4 +1,6 @@
+import { join } from "node:path";
 import { isPermissionState } from "./common";
+import { getGlobalConfigPath, getProjectConfigPath } from "./config-paths";
 import { normalizeInput } from "./input-normalizer";
 import { normalizeFlatConfig } from "./normalize";
 import {
@@ -48,19 +50,66 @@ type ResolvedPermissions = {
   composedRules: Ruleset;
 };
 
+/**
+ * Narrow interface for session-scoped permission checking.
+ * `PermissionSession` depends on this — not the full concrete class — so
+ * test mocks can satisfy it without an `as unknown as PermissionManager` cast.
+ */
+export interface ScopedPermissionManager {
+  configureForCwd(cwd: string | undefined | null): void;
+  checkPermission(
+    toolName: string,
+    input: unknown,
+    agentName?: string,
+    sessionRules?: Ruleset,
+  ): PermissionCheckResult;
+  getToolPermission(toolName: string, agentName?: string): PermissionState;
+  getConfigIssues(agentName?: string): string[];
+  getPolicyCacheStamp(agentName?: string): string;
+}
+
 export interface PermissionManagerOptions extends PolicyLoaderOptions {
   policyLoader?: PolicyLoader;
+  /**
+   * Pi agent directory.  When provided, the manager derives all loader paths
+   * from this value and supports {@link PermissionManager.configureForCwd}.
+   */
+  agentDir?: string;
 }
 
-export class PermissionManager {
-  private readonly loader: PolicyLoader;
+export class PermissionManager implements ScopedPermissionManager {
+  private readonly agentDir: string | undefined;
+  private loader: PolicyLoader;
   private readonly resolvedPermissionsCache = new Map<
     string,
     FileCacheEntry<ResolvedPermissions>
   >();
 
   constructor(options: PermissionManagerOptions = {}) {
-    this.loader = options.policyLoader ?? new FilePolicyLoader(options);
+    this.agentDir = options.agentDir;
+    this.loader =
+      options.policyLoader ??
+      new FilePolicyLoader(
+        options.agentDir !== undefined
+          ? derivePolicyLoaderOptions(options.agentDir, undefined)
+          : options,
+      );
+  }
+
+  /**
+   * Rebuild the policy loader for a new working directory and clear the
+   * resolved-permissions cache.
+   *
+   * When `agentDir` was not provided at construction (e.g. test managers
+   * built with explicit paths), only the cache is cleared.
+   */
+  configureForCwd(cwd: string | undefined | null): void {
+    if (this.agentDir !== undefined) {
+      this.loader = new FilePolicyLoader(
+        derivePolicyLoaderOptions(this.agentDir, cwd),
+      );
+    }
+    this.resolvedPermissionsCache.clear();
   }
 
   getConfigIssues(agentName?: string): string[] {
@@ -219,6 +268,23 @@ export class PermissionManager {
   }
 }
 
+/**
+ * Derive `PolicyLoaderOptions` from an agentDir + an optional cwd.
+ * Setting agentsDir explicitly from agentDir removes the hidden
+ * `getAgentDir()` env-read that FilePolicyLoader's default would perform.
+ */
+function derivePolicyLoaderOptions(
+  agentDir: string,
+  cwd: string | undefined | null,
+): PolicyLoaderOptions {
+  return {
+    globalConfigPath: getGlobalConfigPath(agentDir),
+    agentsDir: join(agentDir, "agents"),
+    projectGlobalConfigPath: cwd ? getProjectConfigPath(cwd) : undefined,
+    projectAgentsDir: cwd ? join(cwd, ".pi", "agent", "agents") : undefined,
+  };
+}
+
 /**
  * Map a matched rule + tool name to the correct PermissionCheckResult.source.
  *

package/src/permission-prompter.ts

@@ -1,5 +1,5 @@
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
-import type { PermissionSystemExtensionConfig } from "./extension-config";
+import type { ConfigReader } from "./config-store";
 import type { ApprovalRequester } from "./forwarded-permissions/permission-forwarder";
 import type { PermissionPromptDecision } from "./permission-dialog";
 import {
@@ -45,7 +45,7 @@ export interface PermissionPrompterApi {
  */
 export interface PermissionPrompterDeps {
   /** Read current config for yolo-mode check (called at prompt time). */
-  getConfig(): PermissionSystemExtensionConfig;
+  config: ConfigReader;
   /** Write structured entries to the permission review log. */
   writeReviewLog(event: string, details: Record<string, unknown>): void;
   /** Event bus used for UI prompt broadcasts. */
@@ -72,7 +72,7 @@ export class PermissionPrompter implements PermissionPrompterApi {
     ctx: ExtensionContext,
     details: PromptPermissionDetails,
   ): Promise<PermissionPromptDecision> {
-    if (shouldAutoApprovePermissionState("ask", this.deps.getConfig())) {
+    if (shouldAutoApprovePermissionState("ask", this.deps.config.current())) {
       this.writeReviewEntry("permission_request.auto_approved", details);
       return { approved: true, state: "approved", autoApproved: true };
     }

package/src/permission-session.ts

@@ -5,17 +5,17 @@ import {
   getActiveAgentNameFromSystemPrompt,
 } from "./active-agent";
 import type { AgentPrepSession } from "./agent-prep-session";
+import type { SessionConfigStore } from "./config-store";
 import type { PermissionSystemExtensionConfig } from "./extension-config";
 import type { ExtensionPaths } from "./extension-paths";
 import type { ForwardingController } from "./forwarding-manager";
 import type { GateHandlerSession } from "./gate-handler-session";
 import type { GatePrompter } from "./gate-prompter";
 import type { PermissionPromptDecision } from "./permission-dialog";
-import type { PermissionManager } from "./permission-manager";
+import type { ScopedPermissionManager } from "./permission-manager";
 import type { PromptPermissionDetails } from "./permission-prompter";
 import type { PermissionResolver } from "./permission-resolver";
 import type { Rule } from "./rule";
-import { createPermissionManagerForCwd } from "./runtime";
 import type { SessionApproval } from "./session-approval";
 import type { SessionApprovalRecorder } from "./session-approval-recorder";
 import type { SessionLifecycleSession } from "./session-lifecycle-session";
@@ -35,12 +35,6 @@ import type { PermissionCheckResult, PermissionState } from "./types";
  * where the `ExtensionRuntime` is available.
  */
 export interface PermissionSessionRuntimeDeps {
-  /** Reload merged config from disk; optionally update the stored runtime context. */
-  refreshExtensionConfig(ctx?: ExtensionContext): void;
-  /** Write the resolved config path set to the review and debug logs. */
-  logResolvedConfigPaths(): void;
-  /** Read current extension config (called at query time). */
-  getConfig(): PermissionSystemExtensionConfig;
   /** Whether the current context can show an interactive permission prompt. */
   canRequestPermissionConfirmation(ctx: ExtensionContext): boolean;
   /** Prompt the user for a permission decision, log the outcome, and return it. */
@@ -62,7 +56,8 @@ export interface PermissionSessionRuntimeDeps {
  * - `ExtensionPaths` — immutable path constants
  * - `SessionLogger` — debug + review + warn
  * - `ForwardingController` — polling lifecycle
- * - `PermissionSessionRuntimeDeps` — config refresh + log delegates
+ * - `SessionConfigStore` — owns extension config; provides refresh, log, read
+ * - `PermissionSessionRuntimeDeps` — prompting + permission-confirmation bridge
  */
 export class PermissionSession
   implements
@@ -74,7 +69,6 @@ export class PermissionSession
     SessionLifecycleSession
 {
   private context: ExtensionContext | null = null;
-  private permissionManager: PermissionManager;
   private readonly sessionRules = new SessionRules();
   private skillEntries: SkillPromptEntry[] = [];
   private knownAgentName: string | null = null;
@@ -85,13 +79,10 @@ export class PermissionSession
     private readonly paths: ExtensionPaths,
     readonly logger: SessionLogger,
     private readonly forwarding: ForwardingController,
+    private readonly permissionManager: ScopedPermissionManager,
+    private readonly configStore: SessionConfigStore,
     private readonly runtimeDeps: PermissionSessionRuntimeDeps,
-  ) {
-    this.permissionManager = createPermissionManagerForCwd(
-      paths.agentDir,
-      undefined,
-    );
-  }
+  ) {}
 
   // ── Context lifecycle ──────────────────────────────────────────────────
 
@@ -173,14 +164,11 @@ export class PermissionSession
   /**
    * Reset all mutable state for a new session.
    *
-   * Creates a fresh PermissionManager scoped to `ctx.cwd`, clears caches,
+   * Configures the injected PermissionManager for `ctx.cwd`, clears caches,
    * skill entries, and activates the new context.
    */
   resetForNewSession(ctx: ExtensionContext): void {
-    this.permissionManager = createPermissionManagerForCwd(
-      this.paths.agentDir,
-      ctx.cwd,
-    );
+    this.permissionManager.configureForCwd(ctx.cwd);
     this.skillEntries = [];
     this.toolsCacheKey = null;
     this.promptCacheKey = null;
@@ -204,10 +192,7 @@ export class PermissionSession
    * Used on config reload (e.g. `resources_discover` with reason "reload").
    */
   reload(): void {
-    this.permissionManager = createPermissionManagerForCwd(
-      this.paths.agentDir,
-      this.context?.cwd,
-    );
+    this.permissionManager.configureForCwd(this.context?.cwd);
     this.skillEntries = [];
     this.toolsCacheKey = null;
     this.promptCacheKey = null;
@@ -272,17 +257,17 @@ export class PermissionSession
 
   /** Reload merged config from disk; optionally update the stored runtime context. */
   refreshConfig(ctx?: ExtensionContext): void {
-    this.runtimeDeps.refreshExtensionConfig(ctx);
+    this.configStore.refresh(ctx);
   }
 
   /** Write the resolved config path set to the review and debug logs. */
   logResolvedConfigPaths(): void {
-    this.runtimeDeps.logResolvedConfigPaths();
+    this.configStore.logResolvedPaths();
   }
 
   /** Read current extension config. */
   get config(): PermissionSystemExtensionConfig {
-    return this.runtimeDeps.getConfig();
+    return this.configStore.current();
   }
 
   // ── Infrastructure paths ───────────────────────────────────────────────