@gotgenes/pi-permission-system 10.3.0 → 10.4.0

package/test/handlers/gates/runner.test.ts

@@ -81,9 +81,7 @@ describe("GateRunner — descriptor path", () => {
   it("returns allow and emits user_approved when ask + user approves", async () => {
     const { runner, deps } = makeGateRunner({
       resolveResult: makeCheckResult({ state: "ask", matchedPattern: "*" }),
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved" }),
+      prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
     });
     const result = await runner.run(makeDescriptor(), null, "tc-1");
     expect(result).toEqual({ action: "allow" });
@@ -98,7 +96,7 @@ describe("GateRunner — descriptor path", () => {
   it("returns allow, emits user_approved_for_session, and records session rule on approved_for_session", async () => {
     const { runner, deps } = makeGateRunner({
       resolveResult: makeCheckResult({ state: "ask", matchedPattern: "*" }),
-      promptPermission: vi
+      prompt: vi
         .fn()
         .mockResolvedValue({ approved: true, state: "approved_for_session" }),
     });
@@ -120,7 +118,7 @@ describe("GateRunner — descriptor path", () => {
   it("calls recordSessionApproval once with the full SessionApproval when sessionApproval has multiple patterns", async () => {
     const { runner, deps } = makeGateRunner({
       resolveResult: makeCheckResult({ state: "ask", matchedPattern: "*" }),
-      promptPermission: vi
+      prompt: vi
         .fn()
         .mockResolvedValue({ approved: true, state: "approved_for_session" }),
     });
@@ -138,9 +136,7 @@ describe("GateRunner — descriptor path", () => {
   it("returns block and emits user_denied when ask + user denies", async () => {
     const { runner, deps } = makeGateRunner({
       resolveResult: makeCheckResult({ state: "ask", matchedPattern: "*" }),
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: false, state: "denied" }),
+      prompt: vi.fn().mockResolvedValue({ approved: false, state: "denied" }),
     });
     const result = await runner.run(makeDescriptor(), null, "tc-1");
     expect(result).toMatchObject({ action: "block" });
@@ -170,7 +166,7 @@ describe("GateRunner — descriptor path", () => {
   it("emits auto_approved resolution when decision has autoApproved flag", async () => {
     const { runner, deps } = makeGateRunner({
       resolveResult: makeCheckResult({ state: "ask", matchedPattern: "*" }),
-      promptPermission: vi.fn().mockResolvedValue({
+      prompt: vi.fn().mockResolvedValue({
         approved: true,
         state: "approved",
         autoApproved: true,
@@ -227,12 +223,12 @@ describe("GateRunner — descriptor path", () => {
     );
   });
 
-  it("passes requestId from toolCallId to promptPermission", async () => {
+  it("passes requestId from toolCallId to prompt", async () => {
     const { runner, deps } = makeGateRunner({
       resolveResult: makeCheckResult({ state: "ask", matchedPattern: "*" }),
     });
     await runner.run(makeDescriptor(), null, "tc-42");
-    expect(deps.promptPermission).toHaveBeenCalledWith(
+    expect(deps.prompt).toHaveBeenCalledWith(
       expect.objectContaining({ requestId: "tc-42" }),
     );
   });
@@ -240,9 +236,7 @@ describe("GateRunner — descriptor path", () => {
   it("does not call recordSessionApproval when user approves once (no sessionApproval)", async () => {
     const { runner, deps } = makeGateRunner({
       resolveResult: makeCheckResult({ state: "ask", matchedPattern: "*" }),
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved" }),
+      prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
     });
     await runner.run(makeDescriptor(), null, "tc-1");
     expect(deps.recordSessionApproval).not.toHaveBeenCalled();
@@ -272,7 +266,7 @@ describe("GateRunner — descriptor path", () => {
   it("does not call recordSessionApproval when user approves for session but no sessionApproval on descriptor", async () => {
     const { runner, deps } = makeGateRunner({
       resolveResult: makeCheckResult({ state: "ask", matchedPattern: "*" }),
-      promptPermission: vi
+      prompt: vi
         .fn()
         .mockResolvedValue({ approved: true, state: "approved_for_session" }),
     });
@@ -323,7 +317,7 @@ describe("GateRunner — descriptor path", () => {
     it("uses denialContext to format userDeniedReason with extension tag", async () => {
       const { runner } = makeGateRunner({
         resolveResult: makeCheckResult({ state: "ask", matchedPattern: "*" }),
-        promptPermission: vi.fn().mockResolvedValue({
+        prompt: vi.fn().mockResolvedValue({
           approved: false,
           state: "denied",
           denialReason: "too risky",

package/test/handlers/input-events.test.ts

@@ -3,6 +3,7 @@
  */
 import { describe, expect, it, vi } from "vitest";
 
+import type { GatePrompter } from "#src/gate-prompter";
 import {
   getDecisionEvents,
   makeCheckResult,
@@ -70,8 +71,11 @@ describe("handleInput decision events — skill gate", () => {
     const { handler, events } = makeHandler({
       session: {
         checkPermission: makeSkillCheckPermission("ask"),
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(true),
         prompt: vi
-          .fn()
+          .fn<GatePrompter["prompt"]>()
           .mockResolvedValue({ approved: true, state: "approved" }),
       },
     });
@@ -91,7 +95,12 @@ describe("handleInput decision events — skill gate", () => {
     const { handler, events } = makeHandler({
       session: {
         checkPermission: makeSkillCheckPermission("ask"),
-        prompt: vi.fn().mockResolvedValue({ approved: false, state: "denied" }),
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(true),
+        prompt: vi
+          .fn<GatePrompter["prompt"]>()
+          .mockResolvedValue({ approved: false, state: "denied" }),
       },
     });
     await handler.handleInput({ text: "/skill:explorer" }, makeCtx());
@@ -110,7 +119,10 @@ describe("handleInput decision events — skill gate", () => {
     const { handler, events } = makeHandler({
       session: {
         checkPermission: makeSkillCheckPermission("ask"),
-        canPrompt: vi.fn().mockReturnValue(false),
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(false),
+        prompt: vi.fn<GatePrompter["prompt"]>(),
       },
     });
     await handler.handleInput(
@@ -132,7 +144,10 @@ describe("handleInput decision events — skill gate", () => {
     const { handler, events } = makeHandler({
       session: {
         checkPermission: makeSkillCheckPermission("ask"),
-        prompt: vi.fn().mockResolvedValue({
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(true),
+        prompt: vi.fn<GatePrompter["prompt"]>().mockResolvedValue({
           approved: true,
           state: "approved",
           autoApproved: true,

package/test/handlers/input.test.ts

@@ -1,5 +1,5 @@
 import { describe, expect, it, vi } from "vitest";
-
+import type { GatePrompter } from "#src/gate-prompter";
 import { extractSkillNameFromInput } from "#src/handlers/permission-gate-handler";
 
 import { makeCtx, makeHandler } from "#test/helpers/handler-fixtures";
@@ -120,7 +120,10 @@ describe("handleInput", () => {
     const { handler } = makeHandler({
       session: {
         checkPermission: vi.fn().mockReturnValue({ state: "ask" }),
-        canPrompt: vi.fn().mockReturnValue(false),
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(false),
+        prompt: vi.fn<GatePrompter["prompt"]>(),
       },
     });
     const result = await handler.handleInput(
@@ -131,12 +134,16 @@ describe("handleInput", () => {
   });
 
   it("prompts and returns continue when skill ask is approved", async () => {
-    const { handler, session } = makeHandler({
+    const approvePrompt = vi
+      .fn<GatePrompter["prompt"]>()
+      .mockResolvedValue({ approved: true, state: "approved" });
+    const { handler, prompter } = makeHandler({
       session: {
         checkPermission: vi.fn().mockReturnValue({ state: "ask" }),
-        prompt: vi
-          .fn()
-          .mockResolvedValue({ approved: true, state: "approved" }),
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(true),
+        prompt: approvePrompt,
       },
     });
     const result = await handler.handleInput(
@@ -144,14 +151,19 @@ describe("handleInput", () => {
       makeCtx(),
     );
     expect(result).toEqual({ action: "continue" });
-    expect(session.prompt).toHaveBeenCalledOnce();
+    expect(prompter.prompt).toHaveBeenCalledOnce();
   });
 
   it("returns handled when skill ask is denied by user", async () => {
     const { handler } = makeHandler({
       session: {
         checkPermission: vi.fn().mockReturnValue({ state: "ask" }),
-        prompt: vi.fn().mockResolvedValue({ approved: false, state: "denied" }),
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(true),
+        prompt: vi
+          .fn<GatePrompter["prompt"]>()
+          .mockResolvedValue({ approved: false, state: "denied" }),
       },
     });
     const result = await handler.handleInput(
@@ -162,17 +174,21 @@ describe("handleInput", () => {
   });
 
   it("passes agentName in the prompt permission request", async () => {
-    const { handler, session } = makeHandler({
+    const approvePrompt = vi
+      .fn<GatePrompter["prompt"]>()
+      .mockResolvedValue({ approved: true, state: "approved" });
+    const { handler, prompter } = makeHandler({
       session: {
         checkPermission: vi.fn().mockReturnValue({ state: "ask" }),
         resolveAgentName: vi.fn().mockReturnValue("code-agent"),
-        prompt: vi
-          .fn()
-          .mockResolvedValue({ approved: true, state: "approved" }),
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(true),
+        prompt: approvePrompt,
       },
     });
     await handler.handleInput(makeInputEvent("/skill:librarian"), makeCtx());
-    expect(session.promptPermission).toHaveBeenCalledWith(
+    expect(prompter.prompt).toHaveBeenCalledWith(
       expect.objectContaining({
         agentName: "code-agent",
         skillName: "librarian",

package/test/handlers/tool-call-events.test.ts

@@ -4,6 +4,7 @@
  */
 import { describe, expect, it, vi } from "vitest";
 
+import type { GatePrompter } from "#src/gate-prompter";
 import {
   getDecisionEvents,
   makeCheckResult,
@@ -110,8 +111,11 @@ describe("handleToolCall decision events — user_approved", () => {
         checkPermission: vi
           .fn()
           .mockReturnValue(makeCheckResult({ state: "ask" })),
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(true),
         prompt: vi
-          .fn()
+          .fn<GatePrompter["prompt"]>()
           .mockResolvedValue({ approved: true, state: "approved" }),
       },
     });
@@ -132,7 +136,10 @@ describe("handleToolCall decision events — user_approved", () => {
         checkPermission: vi
           .fn()
           .mockReturnValue(makeCheckResult({ state: "ask" })),
-        prompt: vi.fn().mockResolvedValue({
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(true),
+        prompt: vi.fn<GatePrompter["prompt"]>().mockResolvedValue({
           approved: true,
           state: "approved_for_session",
         }),
@@ -159,7 +166,12 @@ describe("handleToolCall decision events — user_denied", () => {
         checkPermission: vi
           .fn()
           .mockReturnValue(makeCheckResult({ state: "ask" })),
-        prompt: vi.fn().mockResolvedValue({ approved: false, state: "denied" }),
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(true),
+        prompt: vi
+          .fn<GatePrompter["prompt"]>()
+          .mockResolvedValue({ approved: false, state: "denied" }),
       },
     });
 
@@ -183,7 +195,10 @@ describe("handleToolCall decision events — confirmation_unavailable", () => {
         checkPermission: vi
           .fn()
           .mockReturnValue(makeCheckResult({ state: "ask" })),
-        canPrompt: vi.fn().mockReturnValue(false),
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(false),
+        prompt: vi.fn<GatePrompter["prompt"]>(),
       },
     });
 
@@ -239,7 +254,10 @@ describe("handleToolCall decision events — auto_approved", () => {
         checkPermission: vi
           .fn()
           .mockReturnValue(makeCheckResult({ state: "ask" })),
-        prompt: vi.fn().mockResolvedValue({
+      },
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(true),
+        prompt: vi.fn<GatePrompter["prompt"]>().mockResolvedValue({
           approved: true,
           state: "approved",
           autoApproved: true,

package/test/helpers/gate-fixtures.ts

@@ -94,7 +94,7 @@ export function makeGateRunner(
     resolve?: PermissionResolver["resolve"];
     recordSessionApproval?: SessionApprovalRecorder["recordSessionApproval"];
     canConfirm?: GatePrompter["canConfirm"];
-    promptPermission?: GatePrompter["promptPermission"];
+    prompt?: GatePrompter["prompt"];
     reporter?: Partial<DecisionReporter>;
   } = {},
 ) {
@@ -112,15 +112,15 @@ export function makeGateRunner(
   const canConfirm =
     overrides.canConfirm ??
     (vi.fn().mockReturnValue(true) as GatePrompter["canConfirm"]);
-  const promptPermission =
-    overrides.promptPermission ??
+  const prompt =
+    overrides.prompt ??
     vi
-      .fn<GatePrompter["promptPermission"]>()
+      .fn<GatePrompter["prompt"]>()
       .mockResolvedValue({ approved: true, state: "approved" });
   const runner = new GateRunner(
     { resolve },
     { recordSessionApproval },
-    { canConfirm, promptPermission },
+    { canConfirm, prompt },
     reporter,
   );
   return {
@@ -129,7 +129,7 @@ export function makeGateRunner(
       resolve,
       recordSessionApproval,
       canConfirm,
-      promptPermission,
+      prompt,
       reporter,
     },
   };

package/test/helpers/handler-fixtures.ts

@@ -21,10 +21,8 @@ import {
   ToolCallGatePipeline,
 } from "#src/handlers/gates/tool-call-gate-pipeline";
 import { PermissionGateHandler } from "#src/handlers/permission-gate-handler";
-import type { PermissionPromptDecision } from "#src/permission-dialog";
 import type { PermissionDecisionEvent } from "#src/permission-events";
 import { PERMISSIONS_DECISION_CHANNEL } from "#src/permission-events";
-import type { PromptPermissionDetails } from "#src/permission-prompter";
 import type { Rule } from "#src/rule";
 import type { SessionApprovalRecorder } from "#src/session-approval-recorder";
 import type { SessionLogger } from "#src/session-logger";
@@ -35,10 +33,10 @@ import type { PermissionCheckResult, PermissionState } from "#src/types";
 /**
  * Precise mock boundary for PermissionGateHandler integration tests.
  *
- * Intersection of every role the handler and its collaborators require,
- * plus the context-bound prompting helpers that GatePrompter delegates to.
- * Without a cast, TypeScript enforces this at the call sites where the
- * mock is passed to GateRunner / ToolCallGatePipeline / PermissionGateHandler.
+ * Intersection of every role the handler and its collaborators require.
+ * Prompting is not included here — it moved to `PromptingGateway` (#339).
+ * Pass a `prompter` override to `makeHandler` to steer GateRunner's prompting
+ * role; `makeHandler` creates a clean default prompter when none is supplied.
  *
  * The 4-arg `checkPermission` overrides the 3-arg version from
  * GateHandlerSession so the `resolve` delegation can forward session rules.
@@ -46,7 +44,6 @@ import type { PermissionCheckResult, PermissionState } from "#src/types";
 export type MockGateHandlerSession = ToolCallGateInputs &
   SkillInputGateInputs &
   SessionApprovalRecorder &
-  GatePrompter &
   GateHandlerSession & {
     /** Logger source for the reporter the fixture builds. */
     logger: SessionLogger;
@@ -59,13 +56,6 @@ export type MockGateHandlerSession = ToolCallGateInputs &
       agentName?: string,
       rules?: Rule[],
     ): PermissionCheckResult;
-    /** Context-bound canPrompt — overriding this steers canConfirm. */
-    canPrompt(ctx: ExtensionContext): boolean;
-    /** Context-bound prompt — overriding this steers promptPermission. */
-    prompt(
-      ctx: ExtensionContext,
-      details: PromptPermissionDetails,
-    ): Promise<PermissionPromptDecision>;
   };
 
 export function makeEvents() {
@@ -134,9 +124,11 @@ export function makeCheckResult(
  * field against `MockGateHandlerSession` individually — a missing field fails
  * `pnpm run check` instead of failing silently at runtime.
  *
- * The `resolve`, `canConfirm`, and `promptPermission` delegations are inlined
- * as closures that read `session` at call time, so overriding `checkPermission`,
- * `canPrompt`, or `prompt` automatically steers them without extra guards.
+ * The `resolve` delegation is inlined as a closure that reads `session` at
+ * call time, so overriding `checkPermission` or `getSessionRuleset`
+ * automatically steers it without extra guards.
+ *
+ * Prompting is not part of this mock — pass `prompter` to `makeHandler`.
  */
 export function makeSession(
   overrides: Partial<MockGateHandlerSession> = {},
@@ -177,15 +169,7 @@ export function makeSession(
       vi
         .fn<MockGateHandlerSession["getToolPreviewLimits"]>()
         .mockReturnValue(resolveToolPreviewLimits(DEFAULT_EXTENSION_CONFIG)),
-    canPrompt:
-      overrides.canPrompt ??
-      vi.fn<MockGateHandlerSession["canPrompt"]>().mockReturnValue(true),
-    prompt:
-      overrides.prompt ??
-      vi
-        .fn<MockGateHandlerSession["prompt"]>()
-        .mockResolvedValue({ approved: true, state: "approved" }),
-    // Delegations — closures read `session` at call time so overrides win.
+    // Resolve delegation — closure reads `session` at call time so overrides win.
     resolve:
       overrides.resolve ??
       vi.fn<MockGateHandlerSession["resolve"]>((surface, input, agentName) =>
@@ -196,16 +180,6 @@ export function makeSession(
           session.getSessionRuleset(),
         ),
       ),
-    canConfirm:
-      overrides.canConfirm ??
-      vi.fn<MockGateHandlerSession["canConfirm"]>(() =>
-        session.canPrompt(undefined as unknown as ExtensionContext),
-      ),
-    promptPermission:
-      overrides.promptPermission ??
-      vi.fn<MockGateHandlerSession["promptPermission"]>((details) =>
-        session.prompt(undefined as unknown as ExtensionContext, details),
-      ),
   };
   return session;
 }
@@ -296,10 +270,15 @@ export function makeBashCommandCheck(opts: {
  * Constructs a PermissionGateHandler with mocked collaborators.
  *
  * Returns all collaborators so each test file can destructure only what
- * it needs — handler, events, session, and toolRegistry are all available.
+ * it needs — handler, events, session, toolRegistry, and prompter are all available.
+ *
+ * The default prompter approves all requests. Pass `prompter` explicitly to
+ * steer canConfirm/prompt behavior for the test.
  */
 export function makeHandler(overrides?: {
   session?: Partial<MockGateHandlerSession>;
+  /** Override the GatePrompter passed to GateRunner. Defaults to an allow-all stub. */
+  prompter?: GatePrompter;
   toolRegistry?: Partial<ToolRegistry>;
   /** Sugar: builds the `getAll` mock from a list of tool names. */
   tools?: string[];
@@ -317,7 +296,13 @@ export function makeHandler(overrides?: {
   const pipeline = new ToolCallGatePipeline(session);
   const skillInputPipeline = new SkillInputGatePipeline(session);
   const reporter = new GateDecisionReporter(session.logger, events);
-  const runner = new GateRunner(session, session, session, reporter);
+  const prompter: GatePrompter = overrides?.prompter ?? {
+    canConfirm: vi.fn().mockReturnValue(true),
+    prompt: vi
+      .fn<GatePrompter["prompt"]>()
+      .mockResolvedValue({ approved: true, state: "approved" }),
+  };
+  const runner = new GateRunner(session, session, prompter, reporter);
   const handler = new PermissionGateHandler(
     session,
     toolRegistry,
@@ -325,7 +310,7 @@ export function makeHandler(overrides?: {
     skillInputPipeline,
     runner,
   );
-  return { handler, events, session, toolRegistry };
+  return { handler, events, session, toolRegistry, prompter };
 }
 
 /** Extract all permissions:decision payloads from the events.emit mock. */

package/test/permission-event-rpc.test.ts

@@ -36,13 +36,13 @@ function makeDeps(
   overrides: Partial<PermissionRpcDeps> = {},
 ): PermissionRpcDeps {
   return {
-    getPermissionManager: vi.fn().mockReturnValue({
+    permissionManager: {
       checkPermission: vi.fn().mockReturnValue(makeCheckResult("allow")),
-    }),
-    getSessionRules: vi.fn().mockReturnValue([]),
-    getRuntimeContext: vi.fn().mockReturnValue(null),
+    },
+    sessionRules: { getRuleset: vi.fn().mockReturnValue([]) },
+    session: { getRuntimeContext: vi.fn().mockReturnValue(null) },
     requestPermissionDecisionFromUi: vi.fn(),
-    writeReviewLog: vi.fn(),
+    logger: { review: vi.fn() },
     ...overrides,
   };
 }
@@ -73,9 +73,9 @@ describe("registerPermissionRpcHandlers — permissions:rpc:check", () => {
   it("replies allow for an allowed surface/value", async () => {
     const bus = createEventBus();
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({
+      permissionManager: {
         checkPermission: vi.fn().mockReturnValue(makeCheckResult("allow")),
-      }),
+      },
     });
     registerPermissionRpcHandlers(bus, deps);
 
@@ -100,14 +100,14 @@ describe("registerPermissionRpcHandlers — permissions:rpc:check", () => {
   it("replies deny for a denied surface/value", async () => {
     const bus = createEventBus();
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({
+      permissionManager: {
         checkPermission: vi.fn().mockReturnValue(
           makeCheckResult("deny", {
             origin: "project",
             matchedPattern: "rm *",
           }),
         ),
-      }),
+      },
     });
     registerPermissionRpcHandlers(bus, deps);
 
@@ -131,13 +131,13 @@ describe("registerPermissionRpcHandlers — permissions:rpc:check", () => {
   it("replies ask for an ask surface/value", async () => {
     const bus = createEventBus();
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({
+      permissionManager: {
         checkPermission: vi
           .fn()
           .mockReturnValue(
             makeCheckResult("ask", { matchedPattern: undefined }),
           ),
-      }),
+      },
     });
     registerPermissionRpcHandlers(bus, deps);
 
@@ -161,7 +161,7 @@ describe("registerPermissionRpcHandlers — permissions:rpc:check", () => {
     const checkPermission = vi.fn().mockReturnValue(makeCheckResult("allow"));
     const bus = createEventBus();
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({ checkPermission }),
+      permissionManager: { checkPermission },
     });
     registerPermissionRpcHandlers(bus, deps);
 
@@ -197,8 +197,8 @@ describe("registerPermissionRpcHandlers — permissions:rpc:check", () => {
     const checkPermission = vi.fn().mockReturnValue(makeCheckResult("allow"));
     const bus = createEventBus();
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({ checkPermission }),
-      getSessionRules: vi.fn().mockReturnValue(sessionRules),
+      permissionManager: { checkPermission },
+      sessionRules: { getRuleset: vi.fn().mockReturnValue(sessionRules) },
     });
     registerPermissionRpcHandlers(bus, deps);
 
@@ -246,7 +246,7 @@ describe("registerPermissionRpcHandlers — permissions:rpc:check", () => {
     const checkPermission = vi.fn().mockReturnValue(makeCheckResult("allow"));
     const bus = createEventBus();
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({ checkPermission }),
+      permissionManager: { checkPermission },
     });
     const handles = registerPermissionRpcHandlers(bus, deps);
     handles.unsubCheck();
@@ -290,7 +290,7 @@ describe("registerPermissionRpcHandlers — permissions:rpc:prompt", () => {
     const ctx = makeCtxWithUi();
     const approvedDecision = { approved: true, state: "approved" as const };
     const deps = makeDeps({
-      getRuntimeContext: vi.fn().mockReturnValue(ctx),
+      session: { getRuntimeContext: vi.fn().mockReturnValue(ctx) },
       requestPermissionDecisionFromUi: vi
         .fn()
         .mockResolvedValue(approvedDecision),
@@ -325,7 +325,7 @@ describe("registerPermissionRpcHandlers — permissions:rpc:prompt", () => {
       .fn()
       .mockResolvedValue({ approved: true, state: "approved" as const });
     const deps = makeDeps({
-      getRuntimeContext: vi.fn().mockReturnValue(ctx),
+      session: { getRuntimeContext: vi.fn().mockReturnValue(ctx) },
       requestPermissionDecisionFromUi: requestUi,
     });
     registerPermissionRpcHandlers(bus, deps);
@@ -363,7 +363,7 @@ describe("registerPermissionRpcHandlers — permissions:rpc:prompt", () => {
       .fn()
       .mockResolvedValue({ approved: true, state: "approved" as const });
     const deps = makeDeps({
-      getRuntimeContext: vi.fn().mockReturnValue(ctx),
+      session: { getRuntimeContext: vi.fn().mockReturnValue(ctx) },
       requestPermissionDecisionFromUi: requestUi,
     });
     registerPermissionRpcHandlers(bus, deps);
@@ -399,7 +399,7 @@ describe("registerPermissionRpcHandlers — permissions:rpc:prompt", () => {
       denialReason: "Too risky",
     };
     const deps = makeDeps({
-      getRuntimeContext: vi.fn().mockReturnValue(ctx),
+      session: { getRuntimeContext: vi.fn().mockReturnValue(ctx) },
       requestPermissionDecisionFromUi: vi
         .fn()
         .mockResolvedValue(deniedDecision),
@@ -430,7 +430,7 @@ describe("registerPermissionRpcHandlers — permissions:rpc:prompt", () => {
   it("replies with no_ui error when context has no UI", async () => {
     const bus = createEventBus();
     const deps = makeDeps({
-      getRuntimeContext: vi.fn().mockReturnValue(null),
+      session: { getRuntimeContext: vi.fn().mockReturnValue(null) },
     });
     registerPermissionRpcHandlers(bus, deps);
 
@@ -453,9 +453,11 @@ describe("registerPermissionRpcHandlers — permissions:rpc:prompt", () => {
   it("replies with no_ui error when context hasUI is false", async () => {
     const bus = createEventBus();
     const deps = makeDeps({
-      getRuntimeContext: vi
-        .fn()
-        .mockReturnValue({ hasUI: false, ui: makeUi() }),
+      session: {
+        getRuntimeContext: vi
+          .fn()
+          .mockReturnValue({ hasUI: false, ui: makeUi() }),
+      },
     });
     registerPermissionRpcHandlers(bus, deps);
 
@@ -478,13 +480,13 @@ describe("registerPermissionRpcHandlers — permissions:rpc:prompt", () => {
   it("writes to the review log after a prompt decision", async () => {
     const bus = createEventBus();
     const ctx = makeCtxWithUi();
-    const writeReviewLog = vi.fn();
+    const logger = { review: vi.fn() };
     const deps = makeDeps({
-      getRuntimeContext: vi.fn().mockReturnValue(ctx),
+      session: { getRuntimeContext: vi.fn().mockReturnValue(ctx) },
       requestPermissionDecisionFromUi: vi
         .fn()
         .mockResolvedValue({ approved: true, state: "approved" as const }),
-      writeReviewLog,
+      logger,
     });
     registerPermissionRpcHandlers(bus, deps);
 
@@ -501,7 +503,7 @@ describe("registerPermissionRpcHandlers — permissions:rpc:prompt", () => {
     });
     await replyPromise;
 
-    expect(writeReviewLog).toHaveBeenCalledWith(
+    expect(logger.review).toHaveBeenCalledWith(
       "permission_request.rpc_prompt",
       expect.objectContaining({
         requestId: "req-log",
@@ -520,7 +522,7 @@ describe("registerPermissionRpcHandlers — permissions:rpc:prompt", () => {
     const bus = createEventBus();
     const ctx = makeCtxWithUi();
     const deps = makeDeps({
-      getRuntimeContext: vi.fn().mockReturnValue(ctx),
+      session: { getRuntimeContext: vi.fn().mockReturnValue(ctx) },
       requestPermissionDecisionFromUi: requestUi,
     });
     const handles = registerPermissionRpcHandlers(bus, deps);