@gotgenes/pi-permission-system 10.2.0 → 10.3.1

package/test/permission-prompter.test.ts

@@ -7,6 +7,7 @@ const mockRequestApproval = vi.fn();
 // ── Imports ─────────────────────────────────────────────────────────────────
 
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
+import type { ConfigReader } from "#src/config-store";
 import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
 import type { PermissionPromptDecision } from "#src/permission-dialog";
 import type { PromptPermissionDetails } from "#src/permission-prompter";
@@ -38,11 +39,17 @@ function makeDetails(
   };
 }
 
+function makeConfigReader(
+  config: Partial<typeof DEFAULT_EXTENSION_CONFIG> = {},
+): ConfigReader {
+  return { current: () => ({ ...DEFAULT_EXTENSION_CONFIG, ...config }) };
+}
+
 function makeDeps(
   overrides?: Partial<PermissionPrompterDeps>,
 ): PermissionPrompterDeps {
   return {
-    getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, yoloMode: false }),
+    config: makeConfigReader(),
     writeReviewLog: vi.fn(),
     events: { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) },
     forwarder: { requestApproval: mockRequestApproval },
@@ -70,7 +77,7 @@ describe("PermissionPrompter", () => {
         on: vi.fn().mockReturnValue(() => undefined),
       };
       const deps = makeDeps({
-        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, yoloMode: true }),
+        config: makeConfigReader({ yoloMode: true }),
         events,
       });
       const prompter = new PermissionPrompter(deps);
@@ -92,7 +99,7 @@ describe("PermissionPrompter", () => {
     it("logs permission_request.auto_approved in yolo mode", async () => {
       const writeReviewLog = vi.fn();
       const deps = makeDeps({
-        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, yoloMode: true }),
+        config: makeConfigReader({ yoloMode: true }),
         writeReviewLog,
       });
       const prompter = new PermissionPrompter(deps);
@@ -108,7 +115,7 @@ describe("PermissionPrompter", () => {
     it("does not log permission_request.waiting in yolo mode", async () => {
       const writeReviewLog = vi.fn();
       const deps = makeDeps({
-        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, yoloMode: true }),
+        config: makeConfigReader({ yoloMode: true }),
         writeReviewLog,
       });
       const prompter = new PermissionPrompter(deps);
@@ -123,7 +130,7 @@ describe("PermissionPrompter", () => {
 
     it("does not call confirmPermission with yoloMode even when ctx has UI", async () => {
       const deps = makeDeps({
-        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, yoloMode: true }),
+        config: makeConfigReader({ yoloMode: true }),
       });
       const prompter = new PermissionPrompter(deps);
 

package/test/permission-session.test.ts

@@ -17,6 +17,8 @@ vi.mock("../src/active-agent", () => ({
 
 // ── Test helpers ───────────────────────────────────────────────────────────
 
+import type { SessionConfigStore } from "#src/config-store";
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
 import type { ExtensionPaths } from "#src/extension-paths";
 import type { ForwardingController } from "#src/forwarding-manager";
 import type { ScopedPermissionManager } from "#src/permission-manager";
@@ -27,6 +29,7 @@ import {
 import type { Ruleset } from "#src/rule";
 import { SessionApproval } from "#src/session-approval";
 import type { SessionLogger } from "#src/session-logger";
+import { SessionRules } from "#src/session-rules";
 import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
 import type { PermissionCheckResult, PermissionState } from "#src/types";
 import { makeCtx } from "#test/helpers/handler-fixtures";
@@ -66,11 +69,22 @@ function makeLogger(): SessionLogger {
   };
 }
 
+function makeConfigStore(
+  overrides: Partial<SessionConfigStore> = {},
+): SessionConfigStore {
+  return {
+    current:
+      overrides.current ??
+      vi
+        .fn<() => typeof DEFAULT_EXTENSION_CONFIG>()
+        .mockReturnValue({ ...DEFAULT_EXTENSION_CONFIG }),
+    refresh: overrides.refresh ?? vi.fn<(ctx?: ExtensionContext) => void>(),
+    logResolvedPaths: overrides.logResolvedPaths ?? vi.fn<() => void>(),
+  };
+}
+
 function makeRuntimeDeps(): PermissionSessionRuntimeDeps {
   return {
-    refreshExtensionConfig: vi.fn(),
-    logResolvedConfigPaths: vi.fn(),
-    getConfig: vi.fn().mockReturnValue({}),
     canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
     promptPermission: vi
       .fn()
@@ -116,12 +130,16 @@ function createSession(overrides?: {
   logger?: SessionLogger;
   forwarding?: ForwardingController;
   permissionManager?: ScopedPermissionManager;
+  sessionRules?: SessionRules;
+  configStore?: SessionConfigStore;
   runtimeDeps?: PermissionSessionRuntimeDeps;
 }): {
   session: PermissionSession;
   paths: ExtensionPaths;
   logger: SessionLogger;
   forwarding: ForwardingController;
+  sessionRules: SessionRules;
+  configStore: SessionConfigStore;
   runtimeDeps: PermissionSessionRuntimeDeps;
 } {
   const paths = makePaths(overrides?.paths);
@@ -129,15 +147,27 @@ function createSession(overrides?: {
   const forwarding = overrides?.forwarding ?? makeForwarding();
   const permissionManager =
     overrides?.permissionManager ?? makePermissionManager();
+  const sessionRules = overrides?.sessionRules ?? new SessionRules();
+  const configStore = overrides?.configStore ?? makeConfigStore();
   const runtimeDeps = overrides?.runtimeDeps ?? makeRuntimeDeps();
   const session = new PermissionSession(
     paths,
     logger,
     forwarding,
     permissionManager,
+    sessionRules,
+    configStore,
     runtimeDeps,
   );
-  return { session, paths, logger, forwarding, runtimeDeps };
+  return {
+    session,
+    paths,
+    logger,
+    forwarding,
+    sessionRules,
+    configStore,
+    runtimeDeps,
+  };
 }
 
 // ── Tests ──────────────────────────────────────────────────────────────────
@@ -484,11 +514,12 @@ describe("PermissionSession", () => {
 
   describe("infrastructure paths", () => {
     it("getInfrastructureReadDirs combines piInfrastructureDirs and piInfrastructureReadPaths", () => {
-      const runtimeDeps = makeRuntimeDeps();
-      (runtimeDeps.getConfig as ReturnType<typeof vi.fn>).mockReturnValue({
-        piInfrastructureReadPaths: ["/extra/path"],
+      const configStore = makeConfigStore({
+        current: vi.fn().mockReturnValue({
+          piInfrastructureReadPaths: ["/extra/path"],
+        }),
       });
-      const { session } = createSession({ runtimeDeps });
+      const { session } = createSession({ configStore });
       expect(session.getInfrastructureReadDirs()).toEqual([
         "/test/agent",
         "/test/agent/git",
@@ -506,36 +537,36 @@ describe("PermissionSession", () => {
   });
 
   describe("config delegation", () => {
-    it("refreshConfig delegates to runtimeDeps", () => {
-      const { session, runtimeDeps } = createSession();
+    it("refreshConfig delegates to configStore.refresh", () => {
+      const { session, configStore } = createSession();
       const ctx = makeCtx();
       session.refreshConfig(ctx);
-      expect(runtimeDeps.refreshExtensionConfig).toHaveBeenCalledWith(ctx);
+      expect(configStore.refresh).toHaveBeenCalledWith(ctx);
     });
 
-    it("logResolvedConfigPaths delegates to runtimeDeps", () => {
-      const { session, runtimeDeps } = createSession();
+    it("logResolvedConfigPaths delegates to configStore.logResolvedPaths", () => {
+      const { session, configStore } = createSession();
       session.logResolvedConfigPaths();
-      expect(runtimeDeps.logResolvedConfigPaths).toHaveBeenCalled();
+      expect(configStore.logResolvedPaths).toHaveBeenCalled();
     });
 
-    it("config getter delegates to runtimeDeps.getConfig", () => {
-      const runtimeDeps = makeRuntimeDeps();
-      const fakeConfig = { debugLog: true };
-      (runtimeDeps.getConfig as ReturnType<typeof vi.fn>).mockReturnValue(
-        fakeConfig,
-      );
-      const { session } = createSession({ runtimeDeps });
+    it("config getter delegates to configStore.current()", () => {
+      const fakeConfig = { debugLog: true } as typeof DEFAULT_EXTENSION_CONFIG;
+      const configStore = makeConfigStore({
+        current: vi.fn().mockReturnValue(fakeConfig),
+      });
+      const { session } = createSession({ configStore });
       expect(session.config).toBe(fakeConfig);
     });
 
     it("getToolPreviewLimits returns resolved preview limits from config", () => {
-      const runtimeDeps = makeRuntimeDeps();
-      (runtimeDeps.getConfig as ReturnType<typeof vi.fn>).mockReturnValue({
-        toolInputPreviewMaxLength: 400,
-        toolTextSummaryMaxLength: 120,
+      const configStore = makeConfigStore({
+        current: vi.fn().mockReturnValue({
+          toolInputPreviewMaxLength: 400,
+          toolTextSummaryMaxLength: 120,
+        }),
       });
-      const { session } = createSession({ runtimeDeps });
+      const { session } = createSession({ configStore });
       const limits = session.getToolPreviewLimits();
       expect(limits.toolInputPreviewMaxLength).toBe(400);
       expect(limits.toolTextSummaryMaxLength).toBe(120);

package/test/session-logger.test.ts

@@ -1,113 +1,200 @@
-import { describe, expect, it, vi } from "vitest";
-import type { ExtensionRuntime } from "#src/runtime";
+import { existsSync, mkdtempSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { DEBUG_LOG_FILENAME, REVIEW_LOG_FILENAME } from "#src/config-paths";
+import {
+  DEFAULT_EXTENSION_CONFIG,
+  type PermissionSystemExtensionConfig,
+} from "#src/extension-config";
+import type { SessionLoggerDeps } from "#src/session-logger";
 import { createSessionLogger } from "#src/session-logger";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
-function makeRuntime(
-  overrides: Partial<ExtensionRuntime> = {},
-): ExtensionRuntime {
+let tempDir: string;
+
+beforeEach(() => {
+  tempDir = mkdtempSync(join(tmpdir(), "ps-session-logger-"));
+});
+
+function makeDeps(
+  overrides: {
+    globalLogsDir?: string;
+    getConfig?: () => PermissionSystemExtensionConfig;
+  } = {},
+) {
   return {
-    runtimeContext: null,
-    writeDebugLog: vi.fn(),
-    writeReviewLog: vi.fn(),
-    ...overrides,
-  } as unknown as ExtensionRuntime;
+    globalLogsDir: overrides.globalLogsDir ?? tempDir,
+    getConfig:
+      overrides.getConfig ??
+      ((): PermissionSystemExtensionConfig => ({
+        ...DEFAULT_EXTENSION_CONFIG,
+      })),
+    notify: vi.fn<(message: string) => void>(),
+  };
+}
+
+/** A `globalLogsDir` that cannot be created: a file at the parent path blocks it. */
+function makeBlockedLogsDir(): string {
+  const barrier = join(tempDir, "barrier");
+  writeFileSync(barrier, "");
+  return join(barrier, "logs");
 }
 
 // ── createSessionLogger ────────────────────────────────────────────────────
 
 describe("createSessionLogger", () => {
+  // ── debug ────────────────────────────────────────────────────────────────
+
   describe("debug", () => {
-    it("delegates to runtime.writeDebugLog with event and details", () => {
-      const runtime = makeRuntime();
-      const logger = createSessionLogger(runtime);
+    it("writes a JSONL line to the debug log file when debugLog is true", () => {
+      const deps = makeDeps({
+        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, debugLog: true }),
+      });
+      const logger = createSessionLogger(deps);
 
       logger.debug("test.event", { key: "value" });
 
-      expect(runtime.writeDebugLog).toHaveBeenCalledWith("test.event", {
-        key: "value",
-      });
+      expect(existsSync(join(tempDir, DEBUG_LOG_FILENAME))).toBe(true);
+      expect(deps.notify).not.toHaveBeenCalled();
     });
 
-    it("delegates to runtime.writeDebugLog with event and no details", () => {
-      const runtime = makeRuntime();
-      const logger = createSessionLogger(runtime);
+    it("does not write to the debug log when debugLog is false", () => {
+      // DEFAULT_EXTENSION_CONFIG.debugLog === false
+      const deps = makeDeps();
+      const logger = createSessionLogger(deps);
 
       logger.debug("test.event");
 
-      expect(runtime.writeDebugLog).toHaveBeenCalledWith(
-        "test.event",
-        undefined,
-      );
+      expect(existsSync(join(tempDir, DEBUG_LOG_FILENAME))).toBe(false);
+      expect(deps.notify).not.toHaveBeenCalled();
+    });
+
+    it("reads getConfig at write time — a mid-session toggle change takes effect", () => {
+      let debugLog = true;
+      const deps = makeDeps({
+        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, debugLog }),
+      });
+      const logger = createSessionLogger(deps);
+      debugLog = false;
+
+      logger.debug("test.event");
+
+      expect(existsSync(join(tempDir, DEBUG_LOG_FILENAME))).toBe(false);
     });
   });
 
+  // ── review ───────────────────────────────────────────────────────────────
+
   describe("review", () => {
-    it("delegates to runtime.writeReviewLog with event and details", () => {
-      const runtime = makeRuntime();
-      const logger = createSessionLogger(runtime);
+    it("writes a JSONL line to the review log file when permissionReviewLog is true", () => {
+      // DEFAULT_EXTENSION_CONFIG.permissionReviewLog === true
+      const deps = makeDeps();
+      const logger = createSessionLogger(deps);
 
       logger.review("permission.granted", { agentName: "coder" });
 
-      expect(runtime.writeReviewLog).toHaveBeenCalledWith(
-        "permission.granted",
-        { agentName: "coder" },
-      );
+      expect(existsSync(join(tempDir, REVIEW_LOG_FILENAME))).toBe(true);
+      expect(deps.notify).not.toHaveBeenCalled();
     });
 
-    it("delegates to runtime.writeReviewLog with event and no details", () => {
-      const runtime = makeRuntime();
-      const logger = createSessionLogger(runtime);
+    it("does not write to the review log when permissionReviewLog is false", () => {
+      const deps = makeDeps({
+        getConfig: () => ({
+          ...DEFAULT_EXTENSION_CONFIG,
+          permissionReviewLog: false,
+        }),
+      });
+      const logger = createSessionLogger(deps);
 
       logger.review("permission.granted");
 
-      expect(runtime.writeReviewLog).toHaveBeenCalledWith(
-        "permission.granted",
-        undefined,
-      );
+      expect(existsSync(join(tempDir, REVIEW_LOG_FILENAME))).toBe(false);
+      expect(deps.notify).not.toHaveBeenCalled();
     });
   });
 
-  describe("warn", () => {
-    it("calls ui.notify with the message and 'warning' severity when runtimeContext is present", () => {
-      const notify = vi.fn();
-      const runtime = makeRuntime({
-        runtimeContext: {
-          ui: { notify, setStatus: vi.fn(), select: vi.fn(), input: vi.fn() },
-        } as unknown as ExtensionRuntime["runtimeContext"],
+  // ── IO-failure warnings ───────────────────────────────────────────────────
+
+  describe("IO-failure warnings", () => {
+    it("calls notify with the error message when the logs directory cannot be created", () => {
+      const deps = makeDeps({
+        globalLogsDir: makeBlockedLogsDir(),
+        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, debugLog: true }),
       });
-      const logger = createSessionLogger(runtime);
+      const logger = createSessionLogger(deps);
 
-      logger.warn("Something went wrong");
+      logger.debug("test.event");
+
+      expect(deps.notify).toHaveBeenCalledOnce();
+      expect(deps.notify).toHaveBeenCalledWith(
+        expect.stringContaining("Failed to"),
+      );
+    });
+
+    it("deduplicates the same IO-failure warning across multiple writes", () => {
+      const deps = makeDeps({
+        globalLogsDir: makeBlockedLogsDir(),
+        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG, debugLog: true }),
+      });
+      const logger = createSessionLogger(deps);
+
+      logger.debug("event.one");
+      logger.debug("event.two");
+
+      expect(deps.notify).toHaveBeenCalledOnce();
+    });
+
+    it("shares the dedup set across debug and review — same message notified only once", () => {
+      const deps = makeDeps({
+        globalLogsDir: makeBlockedLogsDir(),
+        getConfig: () => ({
+          ...DEFAULT_EXTENSION_CONFIG,
+          debugLog: true,
+          permissionReviewLog: true,
+        }),
+      });
+      const logger = createSessionLogger(deps);
 
-      expect(notify).toHaveBeenCalledWith("Something went wrong", "warning");
+      logger.debug("event.one"); // emits warning
+      logger.review("event.two"); // same error message → suppressed
+
+      expect(deps.notify).toHaveBeenCalledOnce();
     });
+  });
 
-    it("does not throw when runtimeContext is null", () => {
-      const runtime = makeRuntime({ runtimeContext: null });
-      const logger = createSessionLogger(runtime);
+  // ── warn ──────────────────────────────────────────────────────────────────
 
-      expect(() => logger.warn("no-op warning")).not.toThrow();
+  describe("warn", () => {
+    it("calls notify with the message directly", () => {
+      const deps = makeDeps();
+      const logger = createSessionLogger(deps);
+
+      logger.warn("Something went wrong");
+
+      expect(deps.notify).toHaveBeenCalledWith("Something went wrong");
     });
 
-    it("reads runtimeContext at call time, not at creation time", () => {
-      const runtime = makeRuntime({ runtimeContext: null });
-      const logger = createSessionLogger(runtime);
+    it("calls notify for every warn — not deduplicated", () => {
+      const deps = makeDeps();
+      const logger = createSessionLogger(deps);
 
-      // runtimeContext is null at creation — warn should be a no-op now
-      logger.warn("early warning");
+      logger.warn("same message");
+      logger.warn("same message");
 
-      // Later runtimeContext is set
-      const notify = vi.fn();
-      runtime.runtimeContext = {
-        ui: { notify, setStatus: vi.fn(), select: vi.fn(), input: vi.fn() },
-      } as unknown as ExtensionRuntime["runtimeContext"];
+      expect(deps.notify).toHaveBeenCalledTimes(2);
+    });
 
-      logger.warn("late warning");
+    it("does not throw when notify is a no-op", () => {
+      const deps: SessionLoggerDeps = {
+        globalLogsDir: tempDir,
+        getConfig: () => ({ ...DEFAULT_EXTENSION_CONFIG }),
+        notify: () => {},
+      };
+      const logger = createSessionLogger(deps);
 
-      expect(notify).toHaveBeenCalledOnce();
-      expect(notify).toHaveBeenCalledWith("late warning", "warning");
+      expect(() => logger.warn("test")).not.toThrow();
     });
   });
 });