@gotgenes/pi-permission-system 10.1.0 → 10.3.0

package/test/helpers/handler-fixtures.ts

@@ -30,7 +30,7 @@ import type { SessionApprovalRecorder } from "#src/session-approval-recorder";
 import type { SessionLogger } from "#src/session-logger";
 import { resolveToolPreviewLimits } from "#src/tool-preview-formatter";
 import type { ToolRegistry } from "#src/tool-registry";
-import type { PermissionCheckResult } from "#src/types";
+import type { PermissionCheckResult, PermissionState } from "#src/types";
 
 /**
  * Precise mock boundary for PermissionGateHandler integration tests.
@@ -220,6 +220,78 @@ export function makeToolRegistry(
   };
 }
 
+/**
+ * Surface-dispatching `checkPermission` mock.
+ *
+ * Builds a `vi.fn()` that returns a `PermissionCheckResult` for each surface,
+ * using `bySurface[surface]` when matched and `defaultResult` otherwise.
+ * Default fields: `toolName` = the surface string, `source: "tool"`,
+ * `origin: "builtin"` — callers override by including the field in the
+ * per-surface or default partial (e.g. `{ path: { state: "allow", source: "special" } }`).
+ *
+ * Return type is intentionally unannotated so callers retain full `vi.fn()`
+ * mock access (`mock.calls`, `toHaveBeenCalledWith`, etc.).
+ */
+export function makeSurfaceCheck(
+  bySurface: Record<
+    string,
+    Partial<PermissionCheckResult> & { state: PermissionState }
+  >,
+  defaultResult: Partial<PermissionCheckResult> & { state: PermissionState } = {
+    state: "allow",
+  },
+) {
+  return vi
+    .fn<MockGateHandlerSession["checkPermission"]>()
+    .mockImplementation((surface): PermissionCheckResult => {
+      const base = bySurface[surface] ?? defaultResult;
+      return {
+        toolName: surface,
+        source: "tool",
+        origin: "builtin",
+        ...base,
+      };
+    });
+}
+
+/**
+ * Bash-surface `checkPermission` mock that dispatches on a command regex.
+ *
+ * For the `bash` surface: returns a deny result when `opts.deny` matches the
+ * command, and an allow result otherwise.  For all other surfaces, returns a
+ * plain allow result.
+ *
+ * Return type is intentionally unannotated so callers retain full `vi.fn()`
+ * mock access.
+ */
+export function makeBashCommandCheck(opts: {
+  deny: RegExp;
+  denyMatched: string;
+  allowMatched?: string;
+}) {
+  return vi
+    .fn<MockGateHandlerSession["checkPermission"]>()
+    .mockImplementation((surface, input): PermissionCheckResult => {
+      if (surface === "bash") {
+        const command = (input as { command?: string }).command ?? "";
+        return opts.deny.test(command)
+          ? makeCheckResult({
+              state: "deny",
+              source: "bash",
+              command,
+              matchedPattern: opts.denyMatched,
+            })
+          : makeCheckResult({
+              state: "allow",
+              source: "bash",
+              command,
+              matchedPattern: opts.allowMatched,
+            });
+      }
+      return makeCheckResult({ state: "allow" });
+    });
+}
+
 /**
  * Constructs a PermissionGateHandler with mocked collaborators.
  *
@@ -229,10 +301,19 @@ export function makeToolRegistry(
 export function makeHandler(overrides?: {
   session?: Partial<MockGateHandlerSession>;
   toolRegistry?: Partial<ToolRegistry>;
+  /** Sugar: builds the `getAll` mock from a list of tool names. */
+  tools?: string[];
 }) {
   const session = makeSession(overrides?.session);
   const events = makeEvents();
-  const toolRegistry = makeToolRegistry(overrides?.toolRegistry);
+  const toolRegistry =
+    overrides?.tools !== undefined
+      ? makeToolRegistry({
+          getAll: vi
+            .fn()
+            .mockReturnValue(overrides.tools.map((name) => ({ name }))),
+        })
+      : makeToolRegistry(overrides?.toolRegistry);
   const pipeline = new ToolCallGatePipeline(session);
   const skillInputPipeline = new SkillInputGatePipeline(session);
   const reporter = new GateDecisionReporter(session.logger, events);

package/test/permission-manager-unified.test.ts

@@ -8,7 +8,11 @@ import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { homedir, tmpdir } from "node:os";
 import { join } from "node:path";
 import { describe, expect, it } from "vitest";
-import { PermissionManager } from "#src/permission-manager";
+import { getGlobalConfigPath, getProjectConfigPath } from "#src/config-paths";
+import {
+  PermissionManager,
+  type ScopedPermissionManager,
+} from "#src/permission-manager";
 import type { Rule, Ruleset } from "#src/rule";
 
 // ---------------------------------------------------------------------------
@@ -1349,3 +1353,157 @@ describe("cross-cutting path surface", () => {
     }
   });
 });
+
+// ---------------------------------------------------------------------------
+// configureForCwd and agentDir construction
+// ---------------------------------------------------------------------------
+
+describe("PermissionManager — configureForCwd and agentDir option", () => {
+  /**
+   * Build a temp agentDir with a global config and an optional cwd with a
+   * project config.  Returns the paths and a cleanup function.
+   */
+  function makeAgentDirSetup(opts: {
+    globalPermission: Record<string, unknown>;
+    projectPermission?: Record<string, unknown>;
+  }): {
+    agentDir: string;
+    cwd: string;
+    globalConfigPath: string;
+    projectConfigPath: string;
+    cleanup: () => void;
+  } {
+    const baseDir = mkdtempSync(join(tmpdir(), "pm-agent-dir-test-"));
+    const agentDir = join(baseDir, "agent");
+    const cwd = join(baseDir, "project");
+
+    // Write global config under getGlobalConfigPath(agentDir)
+    const globalConfigPath = getGlobalConfigPath(agentDir);
+    mkdirSync(join(agentDir, "extensions", "pi-permission-system"), {
+      recursive: true,
+    });
+    writeFileSync(
+      globalConfigPath,
+      JSON.stringify({ permission: opts.globalPermission }, null, 2),
+    );
+
+    // Write project config under getProjectConfigPath(cwd)
+    const projectConfigPath = getProjectConfigPath(cwd);
+    mkdirSync(join(cwd, ".pi", "extensions", "pi-permission-system"), {
+      recursive: true,
+    });
+    if (opts.projectPermission) {
+      writeFileSync(
+        projectConfigPath,
+        JSON.stringify({ permission: opts.projectPermission }, null, 2),
+      );
+    }
+
+    return {
+      agentDir,
+      cwd,
+      globalConfigPath,
+      projectConfigPath,
+      cleanup: () => rmSync(baseDir, { recursive: true, force: true }),
+    };
+  }
+
+  it("ScopedPermissionManager is exported and PermissionManager satisfies it", () => {
+    // Type-level assertion: assigning PermissionManager to ScopedPermissionManager compiles.
+    const manager = new PermissionManager({
+      globalConfigPath: "/nonexistent/config.json",
+      agentsDir: "/nonexistent/agents",
+    });
+    const scoped: ScopedPermissionManager = manager;
+    expect(typeof scoped.configureForCwd).toBe("function");
+    expect(typeof scoped.checkPermission).toBe("function");
+    expect(typeof scoped.getToolPermission).toBe("function");
+    expect(typeof scoped.getConfigIssues).toBe("function");
+    expect(typeof scoped.getPolicyCacheStamp).toBe("function");
+  });
+
+  it("construction with { agentDir } reads global config from getGlobalConfigPath(agentDir)", () => {
+    const { agentDir, cleanup } = makeAgentDirSetup({
+      globalPermission: { read: "deny" },
+    });
+    try {
+      const manager = new PermissionManager({ agentDir });
+      const result = manager.checkPermission("read", { path: "foo.txt" });
+      expect(result.state).toBe("deny");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("configureForCwd(cwd) applies project config (project overrides global)", () => {
+    const { agentDir, cwd, cleanup } = makeAgentDirSetup({
+      globalPermission: { read: "deny" },
+      projectPermission: { read: "allow" },
+    });
+    try {
+      const manager = new PermissionManager({ agentDir });
+      // Before configureForCwd: global policy applies
+      expect(manager.checkPermission("read", { path: "foo.txt" }).state).toBe(
+        "deny",
+      );
+
+      manager.configureForCwd(cwd);
+
+      // After configureForCwd: project override applies (last-match-wins)
+      expect(manager.checkPermission("read", { path: "foo.txt" }).state).toBe(
+        "allow",
+      );
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("configureForCwd(undefined) reverts to global-only", () => {
+    const { agentDir, cwd, cleanup } = makeAgentDirSetup({
+      globalPermission: { read: "deny" },
+      projectPermission: { read: "allow" },
+    });
+    try {
+      const manager = new PermissionManager({ agentDir });
+      manager.configureForCwd(cwd);
+      expect(manager.checkPermission("read", { path: "foo.txt" }).state).toBe(
+        "allow",
+      );
+
+      manager.configureForCwd(undefined);
+
+      // After reverting: global policy applies again
+      expect(manager.checkPermission("read", { path: "foo.txt" }).state).toBe(
+        "deny",
+      );
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("configureForCwd clears the resolved-permissions cache", () => {
+    const { agentDir, globalConfigPath, cleanup } = makeAgentDirSetup({
+      globalPermission: { read: "allow" },
+    });
+    try {
+      const manager = new PermissionManager({ agentDir });
+      // Warm the cache
+      expect(manager.checkPermission("read", { path: "foo.txt" }).state).toBe(
+        "allow",
+      );
+      // Update global config on disk to deny read
+      writeFileSync(
+        globalConfigPath,
+        JSON.stringify({ permission: { read: "deny" } }, null, 2),
+      );
+      // configureForCwd clears cache + rebuilds loader
+      manager.configureForCwd(undefined);
+      // Should pick up the changed global config
+      expect(manager.checkPermission("read", { path: "foo.txt" }).state).toBe(
+        "deny",
+      );
+    } finally {
+      cleanup();
+    }
+  });
+});

package/test/permission-prompter.test.ts

@@ -7,6 +7,7 @@ const mockRequestApproval = vi.fn();
 // ── Imports ─────────────────────────────────────────────────────────────────
 
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
+import type { ConfigReader } from "#src/config-store";
 import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
 import type { PermissionPromptDecision } from "#src/permission-dialog";
 import type { PromptPermissionDetails } from "#src/permission-prompter";
@@ -38,11 +39,17 @@ function makeDetails(
   };
 }
 
+function makeConfigReader(
+  config: Partial<typeof DEFAULT_EXTENSION_CONFIG> = {},
+): ConfigReader {
+  return { current: () => ({ ...DEFAULT_EXTENSION_CONFIG, ...config }) };
+}
+
 function makeDeps(
   overrides?: Partial<PermissionPrompterDeps>,
 ): PermissionPrompterDeps {
   return {
-    getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, yoloMode: false }),
+    config: makeConfigReader(),
     writeReviewLog: vi.fn(),
     events: { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) },
     forwarder: { requestApproval: mockRequestApproval },
@@ -70,7 +77,7 @@ describe("PermissionPrompter", () => {
         on: vi.fn().mockReturnValue(() => undefined),
       };
       const deps = makeDeps({
-        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, yoloMode: true }),
+        config: makeConfigReader({ yoloMode: true }),
         events,
       });
       const prompter = new PermissionPrompter(deps);
@@ -92,7 +99,7 @@ describe("PermissionPrompter", () => {
     it("logs permission_request.auto_approved in yolo mode", async () => {
       const writeReviewLog = vi.fn();
       const deps = makeDeps({
-        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, yoloMode: true }),
+        config: makeConfigReader({ yoloMode: true }),
         writeReviewLog,
       });
       const prompter = new PermissionPrompter(deps);
@@ -108,7 +115,7 @@ describe("PermissionPrompter", () => {
     it("does not log permission_request.waiting in yolo mode", async () => {
       const writeReviewLog = vi.fn();
       const deps = makeDeps({
-        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, yoloMode: true }),
+        config: makeConfigReader({ yoloMode: true }),
         writeReviewLog,
       });
       const prompter = new PermissionPrompter(deps);
@@ -123,7 +130,7 @@ describe("PermissionPrompter", () => {
 
     it("does not call confirmPermission with yoloMode even when ctx has UI", async () => {
       const deps = makeDeps({
-        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, yoloMode: true }),
+        config: makeConfigReader({ yoloMode: true }),
       });
       const prompter = new PermissionPrompter(deps);