npm - @gotgenes/pi-permission-system - Versions diffs - 10.1.0 → 10.3.0 - Mend

@gotgenes/pi-permission-system 10.1.0 → 10.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/CHANGELOG.md +14 -0
package/package.json +1 -1
package/src/config-modal.ts +7 -10
package/src/config-store.ts +243 -0
package/src/index.ts +11 -15
package/src/permission-manager.ts +69 -3
package/src/permission-prompter.ts +3 -3
package/src/permission-session.ts +13 -28
package/src/runtime.ts +34 -203
package/test/config-modal.test.ts +15 -10
package/test/config-store.test.ts +452 -0
package/test/handlers/external-directory-integration.test.ts +81 -176
package/test/handlers/gates/bash-path.test.ts +26 -44
package/test/handlers/gates/runner.test.ts +27 -119
package/test/handlers/tool-call.test.ts +44 -153
package/test/helpers/gate-fixtures.ts +66 -2
package/test/helpers/handler-fixtures.ts +83 -2
package/test/permission-manager-unified.test.ts +159 -1
package/test/permission-prompter.test.ts +12 -5
package/test/permission-session.test.ts +111 -120
package/test/runtime.test.ts +11 -275

package/src/runtime.ts CHANGED Viewed

@@ -1,35 +1,12 @@
+import { join } from "node:path";
 import {
-  existsSync,
-  mkdirSync,
-  renameSync,
-  unlinkSync,
-  writeFileSync,
-} from "node:fs";
-import { dirname, join, normalize } from "node:path";
-import {
-  type ExtensionCommandContext,
   type ExtensionContext,
   getAgentDir,
 } from "@earendil-works/pi-coding-agent";
-import { loadAndMergeConfigs, loadUnifiedConfig } from "./config-loader";
-import {
-  DEBUG_LOG_FILENAME,
-  getGlobalConfigPath,
-  getLegacyExtensionConfigPath,
-  getLegacyGlobalPolicyPath,
-  getLegacyProjectPolicyPath,
-  getProjectConfigPath,
-  REVIEW_LOG_FILENAME,
-} from "./config-paths";
-import { buildResolvedConfigLogEntry } from "./config-reporter";
-import {
-  DEFAULT_EXTENSION_CONFIG,
-  EXTENSION_ROOT,
-  ensurePermissionSystemLogsDirectory,
-  normalizePermissionSystemConfig,
-  type PermissionSystemExtensionConfig,
-} from "./extension-config";
+import { DEBUG_LOG_FILENAME, REVIEW_LOG_FILENAME } from "./config-paths";
+import { ConfigStore, type RuntimeContextRef } from "./config-store";
+import { ensurePermissionSystemLogsDirectory } from "./extension-config";
 import { computeExtensionPaths, type ExtensionPaths } from "./extension-paths";
 export type { ExtensionPaths } from "./extension-paths";
@@ -38,7 +15,6 @@ import { createPermissionSystemLogger } from "./logging";
 import { PermissionManager } from "./permission-manager";
 import { SessionRules } from "./session-rules";
 import type { SkillPromptEntry } from "./skill-prompt-sanitizer";
-import { syncPermissionSystemStatus } from "./status";
 /**
  * Mutable session state — the subset of ExtensionRuntime that holds
@@ -68,179 +44,14 @@ interface SessionState {
  * without timing issues around `PI_CODING_AGENT_DIR`.
  */
 export interface ExtensionRuntime extends ExtensionPaths, SessionState {
-  // ── Mutable state (beyond SessionState) ───────────────────────────────────
-  config: PermissionSystemExtensionConfig;
-  lastConfigWarning: string | null;
+  /** The store that owns extension config. */
+  configStore: ConfigStore;
   // ── Logging (backed by logger created at construction) ─────────────────
   writeDebugLog(event: string, details?: Record<string, unknown>): void;
   writeReviewLog(event: string, details?: Record<string, unknown>): void;
 }
-// ── Pure helpers ───────────────────────────────────────────────────────────
-/**
- * Derive Pi project-level config and agents paths from a working directory.
- * Returns null when cwd is absent (headless / global-only config).
- */
-export function derivePiProjectPaths(cwd: string | undefined | null): {
-  projectGlobalConfigPath: string;
-  projectAgentsDir: string;
-} | null {
-  if (!cwd) {
-    return null;
-  }
-  return {
-    projectGlobalConfigPath: getProjectConfigPath(cwd),
-    projectAgentsDir: join(cwd, ".pi", "agent", "agents"),
-  };
-}
-/**
- * Create a new PermissionManager scoped to a working directory's config hierarchy.
- * Pass `cwd` as null/undefined to use global config only.
- */
-export function createPermissionManagerForCwd(
-  agentDir: string,
-  cwd: string | undefined | null,
-): PermissionManager {
-  const projectPaths = derivePiProjectPaths(cwd);
-  return new PermissionManager({
-    globalConfigPath: getGlobalConfigPath(agentDir),
-    projectGlobalConfigPath: projectPaths?.projectGlobalConfigPath,
-    projectAgentsDir: projectPaths?.projectAgentsDir,
-  });
-}
-/**
- * Reload merged config from disk into the runtime.
- * If `ctx` is provided, updates `runtime.runtimeContext` first.
- */
-export function refreshExtensionConfig(
-  runtime: ExtensionRuntime,
-  ctx?: ExtensionContext,
-): void {
-  if (ctx) {
-    runtime.runtimeContext = ctx;
-  }
-  const cwd = runtime.runtimeContext?.cwd ?? null;
-  const mergeResult = loadAndMergeConfigs(
-    runtime.agentDir,
-    cwd ?? "",
-    EXTENSION_ROOT,
-  );
-  const runtimeConfig = normalizePermissionSystemConfig(mergeResult.merged);
-  runtime.config = runtimeConfig;
-  if (runtime.runtimeContext?.hasUI) {
-    syncPermissionSystemStatus(runtime.runtimeContext, runtimeConfig);
-  }
-  const warning =
-    mergeResult.issues.length > 0 ? mergeResult.issues.join("\n") : undefined;
-  if (warning && warning !== runtime.lastConfigWarning) {
-    runtime.lastConfigWarning = warning;
-    runtime.runtimeContext?.ui.notify(warning, "warning");
-  } else if (!warning) {
-    runtime.lastConfigWarning = null;
-  }
-  runtime.writeDebugLog("config.loaded", {
-    warning: warning ?? null,
-    debugLog: runtimeConfig.debugLog,
-    permissionReviewLog: runtimeConfig.permissionReviewLog,
-    yoloMode: runtimeConfig.yoloMode,
-  });
-}
-/**
- * Save updated runtime knobs (debugLog, permissionReviewLog, yoloMode) to the
- * global config file, then update runtime.config and sync UI status.
- */
-export function saveExtensionConfig(
-  runtime: ExtensionRuntime,
-  next: PermissionSystemExtensionConfig,
-  ctx: ExtensionCommandContext,
-): void {
-  const normalized = normalizePermissionSystemConfig(next);
-  const globalPath = getGlobalConfigPath(runtime.agentDir);
-  const existing = loadUnifiedConfig(globalPath);
-  const merged = {
-    ...existing.config,
-    debugLog: normalized.debugLog,
-    permissionReviewLog: normalized.permissionReviewLog,
-    yoloMode: normalized.yoloMode,
-  };
-  const tmpPath = `${globalPath}.tmp`;
-  try {
-    mkdirSync(dirname(globalPath), { recursive: true });
-    writeFileSync(tmpPath, `${JSON.stringify(merged, null, 2)}\n`, "utf-8");
-    renameSync(tmpPath, globalPath);
-  } catch (error) {
-    try {
-      if (existsSync(tmpPath)) {
-        unlinkSync(tmpPath);
-      }
-    } catch {
-      // Ignore cleanup failures.
-    }
-    const message = error instanceof Error ? error.message : String(error);
-    ctx.ui.notify(
-      `Failed to save permission-system config at '${globalPath}': ${message}`,
-      "error",
-    );
-    return;
-  }
-  runtime.config = normalized;
-  syncPermissionSystemStatus(ctx, normalized);
-  runtime.lastConfigWarning = null;
-  runtime.writeDebugLog("config.saved", {
-    debugLog: normalized.debugLog,
-    permissionReviewLog: normalized.permissionReviewLog,
-    yoloMode: normalized.yoloMode,
-  });
-}
-/**
- * Write the resolved config path set (global, project, legacy) to the review
- * and debug logs.
- */
-export function logResolvedConfigPaths(runtime: ExtensionRuntime): void {
-  const policyPaths = runtime.permissionManager.getResolvedPolicyPaths();
-  const cwd = runtime.runtimeContext?.cwd ?? null;
-  const { agentDir } = runtime;
-  const legacyGlobalPolicyDetected = existsSync(
-    getLegacyGlobalPolicyPath(agentDir),
-  );
-  const legacyProjectPolicyDetected = cwd
-    ? existsSync(getLegacyProjectPolicyPath(cwd))
-    : false;
-  const legacyExtConfigPath = getLegacyExtensionConfigPath(EXTENSION_ROOT);
-  const newGlobalPath = getGlobalConfigPath(agentDir);
-  const legacyExtensionConfigDetected =
-    normalize(legacyExtConfigPath) !== normalize(newGlobalPath) &&
-    existsSync(legacyExtConfigPath);
-  const entry = buildResolvedConfigLogEntry({
-    policyPaths,
-    legacyGlobalPolicyDetected,
-    legacyProjectPolicyDetected,
-    legacyExtensionConfigDetected,
-  });
-  runtime.writeReviewLog(
-    "config.resolved",
-    entry as unknown as Record<string, unknown>,
-  );
-  runtime.writeDebugLog(
-    "config.resolved",
-    entry as unknown as Record<string, unknown>,
-  );
-}
 // ── Factory ────────────────────────────────────────────────────────────────
 /**
@@ -255,28 +66,49 @@ export function createExtensionRuntime(options?: {
   const agentDir = options?.agentDir ?? getAgentDir();
   const paths = computeExtensionPaths(agentDir);
-  // Build a plain-object runtime first so the logger's `getConfig` closure
-  // can reference `runtime.config` directly (always reads current value).
+  const permissionManager = new PermissionManager({ agentDir });
   const runtime: ExtensionRuntime = {
     ...paths,
-    config: { ...DEFAULT_EXTENSION_CONFIG },
     runtimeContext: null,
-    permissionManager: createPermissionManagerForCwd(agentDir, undefined),
+    configStore: null as unknown as ConfigStore,
+    permissionManager,
     activeSkillEntries: [],
     lastKnownActiveAgentName: null,
     lastActiveToolsCacheKey: null,
     lastPromptStateCacheKey: null,
-    lastConfigWarning: null,
     sessionRules: new SessionRules(),
     // Logging methods are replaced below after the logger is constructed.
     writeDebugLog: () => {},
     writeReviewLog: () => {},
   };
+  // Transitional RuntimeContextRef: reads/writes the still-runtime-owned
+  // `runtimeContext` field until Step 4 (#337) unifies context onto
+  // PermissionSession.
+  const contextRef: RuntimeContextRef = {
+    get: () => runtime.runtimeContext,
+    set: (ctx) => {
+      runtime.runtimeContext = ctx;
+    },
+  };
+  const configStore = new ConfigStore({
+    agentDir,
+    context: contextRef,
+    policyPaths: permissionManager,
+    logger: {
+      // Deferred-binding: `runtime.writeDebugLog` is replaced below after
+      // the logger is constructed — same deferred pattern as before Step 2.
+      writeDebugLog: (e, d) => runtime.writeDebugLog(e, d),
+      writeReviewLog: (e, d) => runtime.writeReviewLog(e, d),
+    },
+  });
+  runtime.configStore = configStore;
   const reportedLoggingWarnings = new Set<string>();
   const logger = createPermissionSystemLogger({
-    // Reads runtime.config at call time — always current.
-    getConfig: () => runtime.config,
+    getConfig: () => configStore.current(),
     debugLogPath: join(paths.globalLogsDir, DEBUG_LOG_FILENAME),
     reviewLogPath: join(paths.globalLogsDir, REVIEW_LOG_FILENAME),
     ensureLogsDirectory: () =>
@@ -288,7 +120,6 @@ export function createExtensionRuntime(options?: {
       return;
     }
     reportedLoggingWarnings.add(message);
-    // Reads runtime.runtimeContext at call time — always current.
     runtime.runtimeContext?.ui.notify(message, "warning");
   };

package/test/config-modal.test.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { expect, test, vi } from "vitest";
 import { registerPermissionSystemCommand } from "#src/config-modal";
+import type { CommandConfigStore } from "#src/config-store";
 import {
   DEFAULT_EXTENSION_CONFIG,
   normalizePermissionSystemConfig,
@@ -79,11 +80,14 @@ test("permission-system command completions expose top-level config actions", ()
   let config: PermissionSystemExtensionConfig = { ...DEFAULT_EXTENSION_CONFIG };
   try {
-    const controller = {
-      getConfig: () => config,
-      setConfig: (next: PermissionSystemExtensionConfig) => {
+    const configStore: CommandConfigStore = {
+      current: () => config,
+      save: (next) => {
         config = next;
       },
+    };
+    const controller = {
+      config: configStore,
       getConfigPath: () => configPath,
     };
@@ -136,9 +140,9 @@ test("permission-system command handlers manage config summary, persistence, and
       "utf-8",
     );
-    const controller = {
-      getConfig: () => config,
-      setConfig: (next: PermissionSystemExtensionConfig) => {
+    const configStore: CommandConfigStore = {
+      current: () => config,
+      save: (next) => {
         const currentConfig = normalizePermissionSystemConfig(
           JSON.parse(readFileSync(configPath, "utf-8")) as unknown,
         );
@@ -153,6 +157,9 @@ test("permission-system command handlers manage config summary, persistence, and
         );
         expect(config).not.toEqual(currentConfig);
       },
+    };
+    const controller = {
+      config: configStore,
       getConfigPath: () => configPath,
     };
@@ -249,8 +256,7 @@ test("show output includes rule origins when getComposedRules is provided", asyn
   ];
   const controller = {
-    getConfig: () => config,
-    setConfig: () => {},
+    config: { current: () => config, save: () => {} } as CommandConfigStore,
     getConfigPath: () => "/fake/config.json",
     getComposedRules: () => composedRules,
   };
@@ -282,8 +288,7 @@ test("show output omits rule summary when getComposedRules is not provided", asy
   const config = { ...DEFAULT_EXTENSION_CONFIG, yoloMode: true };
   const controller = {
-    getConfig: () => config,
-    setConfig: () => {},
+    config: { current: () => config, save: () => {} } as CommandConfigStore,
     getConfigPath: () => "/fake/config.json",
     // no getComposedRules
   };