@gotgenes/pi-permission-system 10.3.0 → 10.3.1

package/CHANGELOG.md

@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [10.3.1](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.3.0...pi-permission-system-v10.3.1) (2026-06-06)
+
+
+### Bug Fixes
+
+* share one PermissionManager and SessionRules across gate and RPC paths ([#337](https://github.com/gotgenes/pi-packages/issues/337)) ([7dd1e65](https://github.com/gotgenes/pi-packages/commit/7dd1e65493fa0061a3b84eb329457f939b953e0a))
+
 ## [10.3.0](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.2.0...pi-permission-system-v10.3.0) (2026-06-05)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gotgenes/pi-permission-system",
-  "version": "10.3.0",
+  "version": "10.3.1",
   "description": "Permission enforcement extension for the Pi coding agent.",
   "type": "module",
   "exports": {

package/src/config-store.ts

@@ -41,7 +41,7 @@ export interface ConfigReader {
  */
 export interface SessionConfigStore extends ConfigReader {
   refresh(ctx?: ExtensionContext): void;
-  logResolvedPaths(): void;
+  logResolvedPaths(cwd?: string): void;
 }
 
 /**
@@ -57,16 +57,6 @@ export interface CommandConfigStore extends ConfigReader {
   ): void;
 }
 
-/**
- * Transitional get/set seam over the runtime-owned context.
- *
- * Retired in Step 4 (#337) when context ownership moves to `PermissionSession`.
- */
-export interface RuntimeContextRef {
-  get(): ExtensionContext | null;
-  set(ctx: ExtensionContext): void;
-}
-
 /** Narrow logging sink — replaced by an injected logger in Step 3 (#336). */
 export interface ConfigStoreLogger {
   writeDebugLog(event: string, details?: Record<string, unknown>): void;
@@ -80,7 +70,6 @@ export interface ResolvedPolicyPathProvider {
 
 export interface ConfigStoreDeps {
   agentDir: string;
-  context: RuntimeContextRef;
   policyPaths: ResolvedPolicyPathProvider;
   logger: ConfigStoreLogger;
 }
@@ -111,14 +100,11 @@ export class ConfigStore implements SessionConfigStore, CommandConfigStore {
   /**
    * Reload merged config from disk.
    *
-   * If `ctx` is provided, updates the stored runtime context via the seam first.
+   * If `ctx` is provided, uses it to derive the cwd and sync UI status.
    * Equivalent to `refreshExtensionConfig(runtime, ctx?)`.
    */
   refresh(ctx?: ExtensionContext): void {
-    if (ctx) {
-      this.deps.context.set(ctx);
-    }
-    const cwd = this.deps.context.get()?.cwd ?? null;
+    const cwd = ctx?.cwd ?? null;
     const mergeResult = loadAndMergeConfigs(
       this.deps.agentDir,
       cwd ?? "",
@@ -127,9 +113,8 @@ export class ConfigStore implements SessionConfigStore, CommandConfigStore {
     const runtimeConfig = normalizePermissionSystemConfig(mergeResult.merged);
     this.config = runtimeConfig;
 
-    const currentCtx = this.deps.context.get();
-    if (currentCtx?.hasUI) {
-      syncPermissionSystemStatus(currentCtx, runtimeConfig);
+    if (ctx?.hasUI) {
+      syncPermissionSystemStatus(ctx, runtimeConfig);
     }
 
     const warning =
@@ -137,7 +122,7 @@ export class ConfigStore implements SessionConfigStore, CommandConfigStore {
 
     if (warning && warning !== this.lastConfigWarning) {
       this.lastConfigWarning = warning;
-      currentCtx?.ui.notify(warning, "warning");
+      ctx?.ui.notify(warning, "warning");
     } else if (!warning) {
       this.lastConfigWarning = null;
     }
@@ -210,9 +195,8 @@ export class ConfigStore implements SessionConfigStore, CommandConfigStore {
    *
    * Equivalent to `logResolvedConfigPaths(runtime)`.
    */
-  logResolvedPaths(): void {
+  logResolvedPaths(cwd?: string): void {
     const policyPaths = this.deps.policyPaths.getResolvedPolicyPaths();
-    const cwd = this.deps.context.get()?.cwd ?? null;
     const { agentDir } = this.deps;
     const legacyGlobalPolicyDetected = existsSync(
       getLegacyGlobalPolicyPath(agentDir),

package/src/index.ts

@@ -1,8 +1,11 @@
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { getAgentDir } from "@earendil-works/pi-coding-agent";
 import { registerBuiltinToolInputFormatters } from "./builtin-tool-input-formatters";
 import { registerPermissionSystemCommand } from "./config-modal";
 import { getGlobalConfigPath } from "./config-paths";
+import { ConfigStore } from "./config-store";
 import { GateDecisionReporter } from "./decision-reporter";
+import { computeExtensionPaths } from "./extension-paths";
 import {
   PermissionForwarder,
   type PermissionForwarderDeps,
@@ -22,9 +25,9 @@ import { PermissionManager } from "./permission-manager";
 import { PermissionPrompter } from "./permission-prompter";
 import { PermissionSession } from "./permission-session";
 import { LocalPermissionsService } from "./permissions-service";
-import { createExtensionRuntime } from "./runtime";
 import { PermissionServiceLifecycle } from "./service-lifecycle";
 import { createSessionLogger } from "./session-logger";
+import { SessionRules } from "./session-rules";
 import { isSubagentExecutionContext } from "./subagent-context";
 import { subscribeSubagentLifecycle } from "./subagent-lifecycle-events";
 import { getSubagentSessionRegistry } from "./subagent-registry";
@@ -35,56 +38,85 @@ import {
 } from "./yolo-mode";
 
 export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
-  const runtime = createExtensionRuntime();
+  const agentDir = getAgentDir();
+  const paths = computeExtensionPaths(agentDir);
+  const permissionManager = new PermissionManager({ agentDir });
+  const sessionRules = new SessionRules();
   const subagentRegistry = getSubagentSessionRegistry();
   const formatterRegistry = new ToolInputFormatterRegistry();
   registerBuiltinToolInputFormatters(formatterRegistry);
 
+  // Forward reference: configStore is declared before the logger so the
+  // logger's getConfig thunk can close over the variable; assigned immediately
+  // after. Typed via cast so the closure compiles without assertions.
+  // The same null-at-init pattern used in the former createExtensionRuntime.
+  let configStore = null as unknown as ConfigStore;
+
+  // sessionNotify is a mutable holder so the logger's notify closure can
+  // reach the UI once PermissionSession is constructed. Starts as null;
+  // notify is a best-effort sink (no-op at factory-init when there is no UI).
+  let sessionNotify: PermissionSession | null = null;
+
+  const logger = createSessionLogger({
+    globalLogsDir: paths.globalLogsDir,
+    getConfig: () => configStore.current(),
+    notify: (message) =>
+      sessionNotify?.getRuntimeContext()?.ui.notify(message, "warning"),
+  });
+
+  configStore = new ConfigStore({
+    agentDir,
+    policyPaths: permissionManager,
+    logger: {
+      writeDebugLog: (e, d) => logger.debug(e, d),
+      writeReviewLog: (e, d) => logger.review(e, d),
+    },
+  });
+
   const forwardingDeps: PermissionForwarderDeps = {
-    forwardingDir: runtime.forwardingDir,
-    subagentSessionsDir: runtime.subagentSessionsDir,
+    forwardingDir: paths.forwardingDir,
+    subagentSessionsDir: paths.subagentSessionsDir,
     registry: subagentRegistry,
     events: pi.events,
     logger: {
-      writeReviewLog: runtime.writeReviewLog.bind(runtime),
-      writeDebugLog: runtime.writeDebugLog.bind(runtime),
+      writeReviewLog: (event, details) => logger.review(event, details),
+      writeDebugLog: (event, details) => logger.debug(event, details),
     },
-    writeReviewLog: runtime.writeReviewLog.bind(runtime),
+    writeReviewLog: (event, details) => logger.review(event, details),
     requestPermissionDecisionFromUi,
     shouldAutoApprove: () =>
-      shouldAutoApprovePermissionState("ask", runtime.configStore.current()),
+      shouldAutoApprovePermissionState("ask", configStore.current()),
   };
   const forwarder = new PermissionForwarder(forwardingDeps);
 
   const prompter = new PermissionPrompter({
-    config: runtime.configStore,
-    writeReviewLog: runtime.writeReviewLog.bind(runtime),
+    config: configStore,
+    writeReviewLog: (event, details) => logger.review(event, details),
     events: pi.events,
     forwarder,
   });
 
-  runtime.configStore.refresh();
-
-  const sessionManager = new PermissionManager({ agentDir: runtime.agentDir });
+  configStore.refresh();
 
   const session = new PermissionSession(
-    runtime,
-    createSessionLogger(runtime),
+    paths,
+    logger,
     new ForwardingManager(
-      runtime.subagentSessionsDir,
+      paths.subagentSessionsDir,
       forwarder,
       subagentRegistry,
     ),
-    sessionManager,
-    runtime.configStore,
+    permissionManager,
+    sessionRules,
+    configStore,
     {
       canRequestPermissionConfirmation: (ctx) =>
         canResolveAskPermissionRequest({
-          config: runtime.configStore.current(),
+          config: configStore.current(),
           hasUI: ctx.hasUI,
           isSubagent: isSubagentExecutionContext(
             ctx,
-            runtime.subagentSessionsDir,
+            paths.subagentSessionsDir,
             subagentRegistry,
           ),
         }),
@@ -92,26 +124,29 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
     },
   );
 
+  // Connect the notify sink now that session is available.
+  sessionNotify = session;
+
   registerPermissionSystemCommand(pi, {
-    config: runtime.configStore,
-    getConfigPath: () => getGlobalConfigPath(runtime.agentDir),
+    config: configStore,
+    getConfigPath: () => getGlobalConfigPath(agentDir),
     getComposedRules: () =>
-      runtime.permissionManager.getComposedConfigRules(
-        runtime.lastKnownActiveAgentName ?? undefined,
+      permissionManager.getComposedConfigRules(
+        session.lastKnownActiveAgentName ?? undefined,
       ),
   });
 
   const rpcHandles = registerPermissionRpcHandlers(pi.events, {
-    getPermissionManager: () => runtime.permissionManager,
-    getSessionRules: () => runtime.sessionRules.getRuleset(),
-    getRuntimeContext: () => runtime.runtimeContext,
+    getPermissionManager: () => permissionManager,
+    getSessionRules: () => sessionRules.getRuleset(),
+    getRuntimeContext: () => session.getRuntimeContext(),
     requestPermissionDecisionFromUi,
-    writeReviewLog: runtime.writeReviewLog.bind(runtime),
+    writeReviewLog: (event, details) => logger.review(event, details),
   });
 
   const permissionsService = new LocalPermissionsService(
-    runtime.permissionManager,
-    runtime.sessionRules,
+    permissionManager,
+    sessionRules,
     formatterRegistry,
   );
 

package/src/permission-session.ts

@@ -20,7 +20,7 @@ import type { SessionApproval } from "./session-approval";
 import type { SessionApprovalRecorder } from "./session-approval-recorder";
 import type { SessionLifecycleSession } from "./session-lifecycle-session";
 import type { SessionLogger } from "./session-logger";
-import { SessionRules } from "./session-rules";
+import type { SessionRules } from "./session-rules";
 import type { SkillPromptEntry } from "./skill-prompt-sanitizer";
 import {
   resolveToolPreviewLimits,
@@ -31,8 +31,7 @@ import type { PermissionCheckResult, PermissionState } from "./types";
 /**
  * Runtime operations that `PermissionSession` delegates to but does not own.
  *
- * Injected at construction time from the composition root (`index.ts`),
- * where the `ExtensionRuntime` is available.
+ * Injected at construction time from the composition root (`index.ts`).
  */
 export interface PermissionSessionRuntimeDeps {
   /** Whether the current context can show an interactive permission prompt. */
@@ -69,7 +68,6 @@ export class PermissionSession
     SessionLifecycleSession
 {
   private context: ExtensionContext | null = null;
-  private readonly sessionRules = new SessionRules();
   private skillEntries: SkillPromptEntry[] = [];
   private knownAgentName: string | null = null;
   private toolsCacheKey: string | null = null;
@@ -80,6 +78,7 @@ export class PermissionSession
     readonly logger: SessionLogger,
     private readonly forwarding: ForwardingController,
     private readonly permissionManager: ScopedPermissionManager,
+    private readonly sessionRules: SessionRules,
     private readonly configStore: SessionConfigStore,
     private readonly runtimeDeps: PermissionSessionRuntimeDeps,
   ) {}
@@ -262,7 +261,7 @@ export class PermissionSession
 
   /** Write the resolved config path set to the review and debug logs. */
   logResolvedConfigPaths(): void {
-    this.configStore.logResolvedPaths();
+    this.configStore.logResolvedPaths(this.context?.cwd);
   }
 
   /** Read current extension config. */

package/src/permissions-service.ts

@@ -10,11 +10,9 @@ import type {
 /**
  * In-process implementation of the cross-extension {@link PermissionsService}.
  *
- * Constructed once in the composition root and backed by the runtime's
- * permission manager and session rules. Both injected instances are stable
- * for the lifetime of the factory — `runtime.permissionManager` is never
- * reassigned on the runtime object (only `PermissionSession` reassigns its
- * own internal copy), and `runtime.sessionRules` is `readonly`.
+ * Constructed once in the composition root and backed by the single shared
+ * `PermissionManager` and `SessionRules` instances that `PermissionSession`
+ * also uses — so service queries and gate-path approvals see the same state.
  */
 export class LocalPermissionsService implements PermissionsService {
   constructor(

package/src/session-logger.ts

@@ -1,4 +1,10 @@
-import type { ExtensionRuntime } from "./runtime";
+import { join } from "node:path";
+import { DEBUG_LOG_FILENAME, REVIEW_LOG_FILENAME } from "./config-paths";
+import {
+  ensurePermissionSystemLogsDirectory,
+  type PermissionSystemExtensionConfig,
+} from "./extension-config";
+import { createPermissionSystemLogger } from "./logging";
 
 /**
  * Unified logging + notification surface for handler deps.
@@ -13,17 +19,48 @@ export interface SessionLogger {
   warn(message: string): void;
 }
 
+/** Narrow dependencies for constructing a {@link SessionLogger}. */
+export interface SessionLoggerDeps {
+  /** Root logs directory; the debug + review log file paths derive from it. */
+  globalLogsDir: string;
+  /** Reads current config for the debug/review write toggles (call-time). */
+  getConfig: () => PermissionSystemExtensionConfig;
+  /** Surfaces a warning message to the user; called at warn/IO-failure time. */
+  notify: (message: string) => void;
+}
+
 /**
- * Create a SessionLogger backed by an ExtensionRuntime.
+ * Create a SessionLogger from narrow dependencies.
  *
- * Captures `runtime` by reference so `warn` always reads the current
- * `runtimeContext` at call time — matching the behavior of the inline
- * closures it replaces in `src/index.ts`.
+ * Composes the JSONL log writer, owns the IO-failure warning dedup Set,
+ * and routes both IO-failure warnings and explicit warn() calls through
+ * the injected notify sink. No ExtensionRuntime reference required.
  */
-export function createSessionLogger(runtime: ExtensionRuntime): SessionLogger {
+export function createSessionLogger(deps: SessionLoggerDeps): SessionLogger {
+  const writer = createPermissionSystemLogger({
+    getConfig: deps.getConfig,
+    debugLogPath: join(deps.globalLogsDir, DEBUG_LOG_FILENAME),
+    reviewLogPath: join(deps.globalLogsDir, REVIEW_LOG_FILENAME),
+    ensureLogsDirectory: () =>
+      ensurePermissionSystemLogsDirectory(deps.globalLogsDir),
+  });
+
+  const reported = new Set<string>();
+  const reportOnce = (warning: string): void => {
+    if (reported.has(warning)) return;
+    reported.add(warning);
+    deps.notify(warning);
+  };
+
   return {
-    debug: (event, details) => runtime.writeDebugLog(event, details),
-    review: (event, details) => runtime.writeReviewLog(event, details),
-    warn: (message) => runtime.runtimeContext?.ui.notify(message, "warning"),
+    debug: (event, details) => {
+      const warning = writer.debug(event, details);
+      if (warning) reportOnce(warning);
+    },
+    review: (event, details) => {
+      const warning = writer.review(event, details);
+      if (warning) reportOnce(warning);
+    },
+    warn: (message) => deps.notify(message),
   };
 }

package/test/composition-root.test.ts

@@ -31,7 +31,10 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { getGlobalConfigPath } from "#src/config-paths";
 import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
 import piPermissionSystemExtension from "#src/index";
-import { PERMISSIONS_READY_CHANNEL } from "#src/permission-events";
+import {
+  PERMISSIONS_READY_CHANNEL,
+  PERMISSIONS_RPC_CHECK_CHANNEL,
+} from "#src/permission-events";
 import {
   createPermissionForwardingLocation,
   type ForwardedPermissionRequest,
@@ -359,6 +362,87 @@ describe("ready emitted after service publication", () => {
   });
 });
 
+describe("single source of truth for session state", () => {
+  // Regression guard for the split-brain bug: before the fix, the gate path
+  // recorded session approvals into a private SessionRules instance that the
+  // RPC check and the service never saw. After the fix, both readers use the
+  // same SessionRules the gate writes into.
+  it("gate session-approval is visible to the RPC check and the service", async () => {
+    writeGlobalConfig({
+      permission: { "*": "allow", demo: "ask" },
+    });
+
+    const cwd = mkdtempSync(join(tmpdir(), "pi-perm-sot-cwd-"));
+    const pi = makeFakePi({ toolNames: ["demo"] });
+    piPermissionSystemExtension(pi as unknown as ExtensionAPI);
+
+    // UI ctx that approves the gate prompt for this session (options[1]).
+    const ctx = {
+      cwd,
+      hasUI: true,
+      sessionManager: {
+        getEntries: (): unknown[] => [],
+        getSessionId: (): string => "sot-session",
+        getSessionDir: (): string => cwd,
+      },
+      ui: {
+        notify: (): void => {},
+        setStatus: (): void => {},
+        // Return the second option label-agnostically — always the
+        // "for this session" choice regardless of the exact label text.
+        select: async (
+          _title: string,
+          options: string[],
+        ): Promise<string | undefined> => options[1],
+        input: async (): Promise<string | undefined> => undefined,
+      },
+    };
+
+    await fireSessionStart(pi, ctx);
+
+    // Drive a tool_call on "demo"; the gate prompts and the mock selects
+    // options[1], recording a session-scoped approval.
+    await pi.fire(
+      "tool_call",
+      {
+        toolName: "demo",
+        toolCallId: "demo-for-session",
+        input: { foo: "bar" },
+      },
+      ctx,
+    );
+
+    // RPC check — the deprecated channel must now reflect the session approval.
+    // eslint-disable-next-line @typescript-eslint/no-deprecated -- intentionally testing the deprecated RPC channel's session-rules visibility
+    const rpcCheckChannel: string = PERMISSIONS_RPC_CHECK_CHANNEL;
+    const requestId = "sot-rpc-1";
+    const replyPromise = new Promise<unknown>((resolve) => {
+      const unsub = pi.events.on(
+        `${rpcCheckChannel}:reply:${requestId}`,
+        (data) => {
+          unsub();
+          resolve(data);
+        },
+      );
+    });
+    pi.events.emit(rpcCheckChannel, { requestId, surface: "demo" });
+    const reply = (await replyPromise) as {
+      success: boolean;
+      data?: { result: string };
+    };
+
+    expect(reply.success).toBe(true);
+    // Before the fix this was "ask" — the RPC channel read an empty SessionRules.
+    expect(reply.data?.result).toBe("allow");
+
+    // Service accessor must also see the session approval.
+    const serviceResult = getPermissionsService()!.checkPermission("demo");
+    expect(serviceResult.state).toBe("allow");
+
+    rmSync(cwd, { recursive: true, force: true });
+  });
+});
+
 describe("multi-instance global service interplay", () => {
   // The fix (#302) scopes the process-global service slot to the publishing
   // instance. The parent publishes at its session_start; an in-process child

package/test/config-store.test.ts

@@ -62,26 +62,12 @@ import {
   ConfigStore,
   type ConfigStoreDeps,
   type ResolvedPolicyPathProvider,
-  type RuntimeContextRef,
 } from "#src/config-store";
 import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
 import type { ResolvedPolicyPaths } from "#src/policy-loader";
 
 // ── Helpers ────────────────────────────────────────────────────────────────
 
-function makeContextRef(
-  initialCtx: ExtensionContext | null = null,
-): RuntimeContextRef & { _ctx: ExtensionContext | null } {
-  const ref = {
-    _ctx: initialCtx,
-    get: () => ref._ctx,
-    set: (ctx: ExtensionContext) => {
-      ref._ctx = ctx;
-    },
-  };
-  return ref;
-}
-
 function makePolicyPathProvider(
   paths?: Partial<ResolvedPolicyPaths>,
 ): ResolvedPolicyPathProvider {
@@ -133,19 +119,16 @@ function makeCommandCtx(
 
 function makeStore(overrides: Partial<ConfigStoreDeps> = {}): {
   store: ConfigStore;
-  contextRef: RuntimeContextRef & { _ctx: ExtensionContext | null };
   logger: ReturnType<typeof makeLogger>;
 } {
-  const contextRef = makeContextRef();
   const logger = makeLogger();
   const deps: ConfigStoreDeps = {
     agentDir: "/test/agent",
-    context: contextRef,
     policyPaths: makePolicyPathProvider(),
     logger,
     ...overrides,
   };
-  return { store: new ConfigStore(deps), contextRef, logger };
+  return { store: new ConfigStore(deps), logger };
 }
 
 // ── Tests ──────────────────────────────────────────────────────────────────
@@ -180,10 +163,9 @@ describe("ConfigStore", () => {
   // ── refresh() ─────────────────────────────────────────────────────────
 
   describe("refresh()", () => {
-    it("calls loadAndMergeConfigs with agentDir and cwd from context", () => {
-      const { store, contextRef } = makeStore();
-      contextRef._ctx = makeCtx({ cwd: "/my/project" });
-      store.refresh();
+    it("uses the passed ctx cwd for loadAndMergeConfigs", () => {
+      const { store } = makeStore();
+      store.refresh(makeCtx({ cwd: "/my/project" }));
       expect(mockLoadAndMergeConfigs).toHaveBeenCalledWith(
         "/test/agent",
         "/my/project",
@@ -191,19 +173,14 @@ describe("ConfigStore", () => {
       );
     });
 
-    it("updates context via context.set when ctx is provided", () => {
-      const { store, contextRef } = makeStore();
-      const ctx = makeCtx({ cwd: "/new/project" });
-      store.refresh(ctx);
-      expect(contextRef._ctx).toBe(ctx);
-    });
-
-    it("does not overwrite context when ctx is omitted", () => {
-      const { store, contextRef } = makeStore();
-      const existing = makeCtx();
-      contextRef._ctx = existing;
+    it("uses empty string cwd when no ctx is provided", () => {
+      const { store } = makeStore();
       store.refresh();
-      expect(contextRef._ctx).toBe(existing);
+      expect(mockLoadAndMergeConfigs).toHaveBeenCalledWith(
+        "/test/agent",
+        "",
+        expect.any(String),
+      );
     });
 
     it("updates current() with normalized merged result", () => {
@@ -422,13 +399,12 @@ describe("ConfigStore", () => {
     });
 
     it("passes legacy detection results to buildResolvedConfigLogEntry", () => {
-      const { store, contextRef } = makeStore();
-      contextRef._ctx = makeCtx({ cwd: "/some/project" });
+      const { store } = makeStore();
       // Make one legacy path exist
       mockExistsSync.mockImplementation((p: string) =>
         p.includes("policies.json"),
       );
-      store.logResolvedPaths();
+      store.logResolvedPaths("/some/project");
       expect(mockBuildResolvedConfigLogEntry).toHaveBeenCalledWith(
         expect.objectContaining({
           legacyGlobalPolicyDetected: expect.any(Boolean),
@@ -438,9 +414,9 @@ describe("ConfigStore", () => {
       );
     });
 
-    it("does not check project legacy path when context has no cwd", () => {
-      const { store } = makeStore(); // contextRef._ctx = null
-      store.logResolvedPaths();
+    it("does not check project legacy path when no cwd is provided", () => {
+      const { store } = makeStore();
+      store.logResolvedPaths(); // no cwd
       // existsSync called for global and ext-config legacy paths only (not project)
       const calls = mockExistsSync.mock.calls.map(([p]: [string]) => p);
       const projectCalls = calls.filter(

package/test/permission-session.test.ts

@@ -29,6 +29,7 @@ import {
 import type { Ruleset } from "#src/rule";
 import { SessionApproval } from "#src/session-approval";
 import type { SessionLogger } from "#src/session-logger";
+import { SessionRules } from "#src/session-rules";
 import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
 import type { PermissionCheckResult, PermissionState } from "#src/types";
 import { makeCtx } from "#test/helpers/handler-fixtures";
@@ -129,6 +130,7 @@ function createSession(overrides?: {
   logger?: SessionLogger;
   forwarding?: ForwardingController;
   permissionManager?: ScopedPermissionManager;
+  sessionRules?: SessionRules;
   configStore?: SessionConfigStore;
   runtimeDeps?: PermissionSessionRuntimeDeps;
 }): {
@@ -136,6 +138,7 @@ function createSession(overrides?: {
   paths: ExtensionPaths;
   logger: SessionLogger;
   forwarding: ForwardingController;
+  sessionRules: SessionRules;
   configStore: SessionConfigStore;
   runtimeDeps: PermissionSessionRuntimeDeps;
 } {
@@ -144,6 +147,7 @@ function createSession(overrides?: {
   const forwarding = overrides?.forwarding ?? makeForwarding();
   const permissionManager =
     overrides?.permissionManager ?? makePermissionManager();
+  const sessionRules = overrides?.sessionRules ?? new SessionRules();
   const configStore = overrides?.configStore ?? makeConfigStore();
   const runtimeDeps = overrides?.runtimeDeps ?? makeRuntimeDeps();
   const session = new PermissionSession(
@@ -151,10 +155,19 @@ function createSession(overrides?: {
     logger,
     forwarding,
     permissionManager,
+    sessionRules,
     configStore,
     runtimeDeps,
   );
-  return { session, paths, logger, forwarding, configStore, runtimeDeps };
+  return {
+    session,
+    paths,
+    logger,
+    forwarding,
+    sessionRules,
+    configStore,
+    runtimeDeps,
+  };
 }
 
 // ── Tests ──────────────────────────────────────────────────────────────────