@gotgenes/pi-permission-system 10.10.0 → 11.0.0

package/CHANGELOG.md

@@ -5,6 +5,34 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [11.0.0](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.10.1...pi-permission-system-v11.0.0) (2026-06-11)
+
+
+### ⚠ BREAKING CHANGES
+
+* The permission system no longer auto-activates pi's off-by-default tools (`find`, `grep`, `ls`) in the main session. Users who want them active should enable them via pi's own `activeTools` configuration rather than relying on the permission system to expose every non-denied tool.
+
+### Features
+
+* add getActive to ToolRegistry wired to pi.getActiveTools ([#385](https://github.com/gotgenes/pi-packages/issues/385)) ([79c4594](https://github.com/gotgenes/pi-packages/commit/79c459443294c1b58643b746e3511fc17c9f8961))
+
+
+### Bug Fixes
+
+* respect pi's default active tool set in before_agent_start ([#385](https://github.com/gotgenes/pi-packages/issues/385)) ([bf5be48](https://github.com/gotgenes/pi-packages/commit/bf5be48ca8b06e8cb08f66d08eccb85af0673987))
+
+
+### Documentation
+
+* clarify before_agent_start filters pi's active tool set ([#385](https://github.com/gotgenes/pi-packages/issues/385)) ([bdb5a6a](https://github.com/gotgenes/pi-packages/commit/bdb5a6a08e3c1bb611c8b1795c4d46856104b3b0))
+
+## [10.10.1](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.10.0...pi-permission-system-v10.10.1) (2026-06-11)
+
+
+### Documentation
+
+* fix bash rule precedence examples and wording ([#387](https://github.com/gotgenes/pi-packages/issues/387)) ([9e18d6f](https://github.com/gotgenes/pi-packages/commit/9e18d6faab6e3ceaa1a8839f5b6753d5457a2a28))
+
 ## [10.10.0](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.9.0...pi-permission-system-v10.10.0) (2026-06-10)
 
 

package/config/config.example.json

@@ -23,9 +23,9 @@
     "edit": "deny",
     "bash": {
       "*": "ask",
+      "git *": "ask",
       "git status": "allow",
-      "git diff": "allow",
-      "git *": "ask"
+      "git diff": "allow"
     },
     "mcp": { "*": "ask", "mcp_status": "allow", "mcp_list": "allow" },
     "skill": { "*": "ask" },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gotgenes/pi-permission-system",
-  "version": "10.10.0",
+  "version": "11.0.0",
   "description": "Permission enforcement extension for the Pi coding agent.",
   "type": "module",
   "exports": {

package/schemas/permissions.schema.json

@@ -86,9 +86,9 @@
           "edit": "deny",
           "bash": {
             "*": "ask",
+            "git *": "ask",
             "git status": "allow",
-            "git diff": "allow",
-            "git *": "ask"
+            "git diff": "allow"
           },
           "mcp": { "*": "ask", "mcp_status": "allow", "exa:*": "allow" },
           "skill": { "*": "ask", "librarian": "allow" },

package/src/handlers/before-agent-start.ts

@@ -38,7 +38,7 @@ export function shouldExposeTool(
  * Constructor deps:
  * - `session` — encapsulates all mutable session state and lifecycle operations
  * - `resolver` — owns permission-query surface: `getToolPermission`, `getPolicyCacheStamp`, skill check
- * - `toolRegistry` — Pi tool API subset (getAll + setActive)
+ * - `toolRegistry` — Pi tool API subset (getActive + setActive)
  */
 export class AgentPrepHandler {
   constructor(
@@ -56,10 +56,10 @@ export class AgentPrepHandler {
     this.session.refreshConfig(ctx);
 
     const agentName = this.session.resolveAgentName(ctx, event.systemPrompt);
-    const allTools = this.toolRegistry.getAll();
+    const activeTools = this.toolRegistry.getActive();
     const allowedTools: string[] = [];
 
-    for (const tool of allTools) {
+    for (const tool of activeTools) {
       const toolName = getToolNameFromValue(tool);
       if (!toolName) {
         continue;

package/src/index.ts

@@ -152,6 +152,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
 
   const toolRegistry = {
     getAll: () => pi.getAllTools(),
+    getActive: () => pi.getActiveTools(),
     setActive: (names: string[]) => pi.setActiveTools(names),
   };
 

package/src/tool-registry.ts

@@ -2,7 +2,10 @@ import { getNonEmptyString, toRecord } from "./common";
 
 /** Narrow interface for the Pi tool API subset used by handler classes. */
 export interface ToolRegistry {
+  /** All registered tools (`pi.getAllTools()` — `ToolInfo[]`); kept defensively wide. */
   getAll(): unknown[];
+  /** Currently active tool names (`pi.getActiveTools()`). */
+  getActive(): string[];
   setActive(names: string[]): void;
 }
 

package/test/handlers/before-agent-start.test.ts

@@ -31,6 +31,7 @@ function makeEvent(systemPrompt = "You are an assistant.") {
 function makeToolRegistry(overrides: Partial<ToolRegistry> = {}): ToolRegistry {
   return {
     getAll: vi.fn().mockReturnValue([]),
+    getActive: vi.fn().mockReturnValue([]),
     setActive: vi.fn(),
     ...overrides,
   };
@@ -126,7 +127,7 @@ describe("AgentPrepHandler.handle", () => {
     const { handler, toolRegistry } = makeSetup({
       toolPermission: "deny",
       toolRegistry: {
-        getAll: vi.fn().mockReturnValue([{ name: "write" }, { name: "read" }]),
+        getActive: vi.fn().mockReturnValue(["write", "read"]),
       },
     });
     await handler.handle(makeEvent(), makeCtx());
@@ -136,17 +137,44 @@ describe("AgentPrepHandler.handle", () => {
   it("includes allowed and ask tools in the active list", async () => {
     const { handler, toolRegistry } = makeSetup({
       toolRegistry: {
-        getAll: vi.fn().mockReturnValue([{ name: "read" }, { name: "write" }]),
+        getActive: vi.fn().mockReturnValue(["read", "write"]),
       },
     });
     await handler.handle(makeEvent(), makeCtx());
     expect(toolRegistry.setActive).toHaveBeenCalledWith(["read", "write"]);
   });
 
+  it("does not activate registered tools pi left inactive (find/grep/ls)", async () => {
+    // Regression for #385: the active set is the base, not the full registry.
+    const { handler, toolRegistry } = makeSetup({
+      toolRegistry: {
+        getActive: vi.fn().mockReturnValue(["read", "bash", "edit", "write"]),
+        getAll: vi
+          .fn()
+          .mockReturnValue([
+            { name: "read" },
+            { name: "bash" },
+            { name: "edit" },
+            { name: "write" },
+            { name: "find" },
+            { name: "grep" },
+            { name: "ls" },
+          ]),
+      },
+    });
+    await handler.handle(makeEvent(), makeCtx());
+    expect(toolRegistry.setActive).toHaveBeenCalledWith([
+      "read",
+      "bash",
+      "edit",
+      "write",
+    ]);
+  });
+
   it("calls setActive once across repeated calls with the same allowed tools", async () => {
     const { handler, toolRegistry } = makeSetup({
       toolRegistry: {
-        getAll: vi.fn().mockReturnValue([{ name: "read" }]),
+        getActive: vi.fn().mockReturnValue(["read"]),
       },
     });
     await handler.handle(makeEvent(), makeCtx());

package/test/helpers/handler-fixtures.ts

@@ -123,6 +123,7 @@ export function makeToolRegistry(
 ): ToolRegistry {
   return {
     getAll: vi.fn().mockReturnValue([{ name: "read" }, { name: "bash" }]),
+    getActive: vi.fn().mockReturnValue(["read", "bash"]),
     setActive: vi.fn(),
     ...overrides,
   };

package/test/helpers/make-fake-pi.ts

@@ -42,6 +42,8 @@ export interface FakePi {
   fire(event: string, input?: unknown, ctx?: unknown): Promise<unknown>;
   /** Minimal tool registry — returns the configured tool names. */
   getAllTools(): { name: string }[];
+  /** Active tool names (`pi.getActiveTools()` shape — bare strings). */
+  getActiveTools(): string[];
   setActiveTools(names: string[]): void;
 }
 
@@ -80,6 +82,9 @@ export function makeFakePi(options: MakeFakePiOptions = {}): FakePi {
     getAllTools(): { name: string }[] {
       return toolNames.map((name) => ({ name }));
     },
+    getActiveTools(): string[] {
+      return [...toolNames];
+    },
     setActiveTools: vi.fn(),
     // ── ExtensionAPI methods the factory touches (recorded) ────────────────
     on(event: string, handler: RecordedHandler): void {

package/test/permission-events.test.ts

@@ -363,6 +363,7 @@ describe("piPermissionSystemExtension ready event wiring", () => {
       ),
       registerCommand: vi.fn(),
       getAllTools: vi.fn().mockReturnValue([]),
+      getActiveTools: vi.fn().mockReturnValue([]),
       setActiveTools: vi.fn(),
       registerProvider: vi.fn(),
       events: { emit: emitSpy, on: vi.fn().mockReturnValue(() => undefined) },

package/test/session-start.test.ts

@@ -56,6 +56,7 @@ describe("session_start handler consolidation", () => {
       },
       registerCommand: (): void => {},
       getAllTools: (): Array<{ name: string }> => [],
+      getActiveTools: (): string[] => [],
       setActiveTools: (): void => {},
       registerProvider: (): void => {},
       events: {
@@ -79,6 +80,7 @@ describe("session_start handler consolidation", () => {
       },
       registerCommand: (): void => {},
       getAllTools: (): Array<{ name: string }> => [],
+      getActiveTools: (): string[] => [],
       setActiveTools: (): void => {},
       registerProvider: (): void => {},
       events: {