@gotgenes/pi-permission-system 10.3.1 → 10.5.0

package/CHANGELOG.md

@@ -5,6 +5,30 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [10.5.0](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.4.0...pi-permission-system-v10.5.0) (2026-06-07)
+
+
+### Features
+
+* add PermissionResolver class and route gate runner through it ([#340](https://github.com/gotgenes/pi-packages/issues/340)) ([4133601](https://github.com/gotgenes/pi-packages/commit/41336018d495f85b30b7b77fadb5912870f0dedd))
+
+
+### Bug Fixes
+
+* suppress fallow unused-class-member for pre-Step-8 resolver methods ([#340](https://github.com/gotgenes/pi-packages/issues/340)) ([fd65626](https://github.com/gotgenes/pi-packages/commit/fd65626ae867457edeb829ea28d0ab94fe51dea6))
+
+## [10.4.0](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.3.1...pi-permission-system-v10.4.0) (2026-06-07)
+
+
+### Features
+
+* add context-owning PromptingGateway ([1885be2](https://github.com/gotgenes/pi-packages/commit/1885be28fb797eb5ed67a7a30d51e58fa73e3ff0))
+
+
+### Documentation
+
+* mark Phase 4 Step 6 complete; drop unused beforeEach import ([217057a](https://github.com/gotgenes/pi-packages/commit/217057ab5f8a1d3290322b442e267287b31635cf))
+
 ## [10.3.1](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.3.0...pi-permission-system-v10.3.1) (2026-06-06)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gotgenes/pi-permission-system",
-  "version": "10.3.1",
+  "version": "10.5.0",
   "description": "Permission enforcement extension for the Pi coding agent.",
   "type": "module",
   "exports": {

package/src/config-modal.ts

@@ -14,9 +14,12 @@ import type { Ruleset } from "./rule";
 
 interface PermissionSystemConfigController {
   config: CommandConfigStore;
-  getConfigPath(): string;
-  /** Optional: returns the composed config-layer ruleset for origin display. */
-  getComposedRules?(): Ruleset;
+  /** Precomputed global config file path. */
+  configPath: string;
+  /** Returns the composed config-layer ruleset for origin display. */
+  permissionManager: { getComposedConfigRules(agentName?: string): Ruleset };
+  /** Provides the active agent name for scoped rule lookup. */
+  session: { readonly lastKnownActiveAgentName: string | null };
 }
 
 const ON_OFF = ["on", "off"];
@@ -203,7 +206,9 @@ function handleArgs(
   }
 
   if (normalized === "show") {
-    const rules = controller.getComposedRules?.();
+    const rules = controller.permissionManager.getComposedConfigRules(
+      controller.session.lastKnownActiveAgentName ?? undefined,
+    );
     ctx.ui.notify(
       `permission-system: ${summarizeConfig(controller.config.current(), rules)}`,
       "info",
@@ -212,10 +217,7 @@ function handleArgs(
   }
 
   if (normalized === "path") {
-    ctx.ui.notify(
-      `permission-system config: ${controller.getConfigPath()}`,
-      "info",
-    );
+    ctx.ui.notify(`permission-system config: ${controller.configPath}`, "info");
     return true;
   }
 

package/src/config-store.ts

@@ -26,6 +26,7 @@ import {
   type PermissionSystemExtensionConfig,
 } from "./extension-config";
 import type { ResolvedPolicyPaths } from "./policy-loader";
+import type { DebugReviewLogger } from "./session-logger";
 import { syncPermissionSystemStatus } from "./status";
 
 /** Read-only view of the current config — for consumers that only read. */
@@ -57,12 +58,6 @@ export interface CommandConfigStore extends ConfigReader {
   ): void;
 }
 
-/** Narrow logging sink — replaced by an injected logger in Step 3 (#336). */
-export interface ConfigStoreLogger {
-  writeDebugLog(event: string, details?: Record<string, unknown>): void;
-  writeReviewLog(event: string, details?: Record<string, unknown>): void;
-}
-
 /** Narrow view of the manager's resolved policy paths (for `logResolvedPaths`). */
 export interface ResolvedPolicyPathProvider {
   getResolvedPolicyPaths(): ResolvedPolicyPaths;
@@ -71,7 +66,7 @@ export interface ResolvedPolicyPathProvider {
 export interface ConfigStoreDeps {
   agentDir: string;
   policyPaths: ResolvedPolicyPathProvider;
-  logger: ConfigStoreLogger;
+  logger: DebugReviewLogger;
 }
 
 /**
@@ -127,7 +122,7 @@ export class ConfigStore implements SessionConfigStore, CommandConfigStore {
       this.lastConfigWarning = null;
     }
 
-    this.deps.logger.writeDebugLog("config.loaded", {
+    this.deps.logger.debug("config.loaded", {
       warning: warning ?? null,
       debugLog: runtimeConfig.debugLog,
       permissionReviewLog: runtimeConfig.permissionReviewLog,
@@ -183,7 +178,7 @@ export class ConfigStore implements SessionConfigStore, CommandConfigStore {
     syncPermissionSystemStatus(ctx, normalized);
     this.lastConfigWarning = null;
 
-    this.deps.logger.writeDebugLog("config.saved", {
+    this.deps.logger.debug("config.saved", {
       debugLog: normalized.debugLog,
       permissionReviewLog: normalized.permissionReviewLog,
       yoloMode: normalized.yoloMode,
@@ -215,11 +210,11 @@ export class ConfigStore implements SessionConfigStore, CommandConfigStore {
       legacyProjectPolicyDetected,
       legacyExtensionConfigDetected,
     });
-    this.deps.logger.writeReviewLog(
+    this.deps.logger.review(
       "config.resolved",
       entry as unknown as Record<string, unknown>,
     );
-    this.deps.logger.writeDebugLog(
+    this.deps.logger.debug(
       "config.resolved",
       entry as unknown as Record<string, unknown>,
     );

package/src/forwarded-permissions/io.ts

@@ -17,6 +17,7 @@ import {
   type ForwardedPermissionResponse,
   type PermissionForwardingLocation,
 } from "#src/permission-forwarding";
+import type { DebugReviewLogger } from "#src/session-logger";
 
 /** Valid `permissions:ui_prompt` source values, for tolerant request reads. */
 const UI_PROMPT_SOURCES = [
@@ -41,13 +42,6 @@ function asNullableDisplayString(value: unknown): string | null | undefined {
   return undefined;
 }
 
-type LogFn = (event: string, details: Record<string, unknown>) => void;
-
-export interface ForwardedPermissionLogger {
-  writeReviewLog: LogFn;
-  writeDebugLog: LogFn;
-}
-
 export function formatUnknownErrorMessage(error: unknown): string {
   if (error instanceof Error && error.message) {
     return error.message;
@@ -69,7 +63,7 @@ export function isErrnoCode(error: unknown, code: string): boolean {
  * Pass `null` for `logger` to silently no-op (e.g. in unit tests without IO).
  */
 export function logPermissionForwardingWarning(
-  logger: ForwardedPermissionLogger | null,
+  logger: DebugReviewLogger | null,
   message: string,
   error?: unknown,
 ): void {
@@ -78,8 +72,8 @@ export function logPermissionForwardingWarning(
       ? { message }
       : { message, error: formatUnknownErrorMessage(error) };
 
-  logger?.writeReviewLog("permission_forwarding.warning", details);
-  logger?.writeDebugLog("permission_forwarding.warning", details);
+  logger?.review("permission_forwarding.warning", details);
+  logger?.debug("permission_forwarding.warning", details);
 }
 
 /**
@@ -87,7 +81,7 @@ export function logPermissionForwardingWarning(
  * Pass `null` for `logger` to silently no-op (e.g. in unit tests without IO).
  */
 export function logPermissionForwardingError(
-  logger: ForwardedPermissionLogger | null,
+  logger: DebugReviewLogger | null,
   message: string,
   error?: unknown,
 ): void {
@@ -96,12 +90,12 @@ export function logPermissionForwardingError(
       ? { message }
       : { message, error: formatUnknownErrorMessage(error) };
 
-  logger?.writeReviewLog("permission_forwarding.error", details);
-  logger?.writeDebugLog("permission_forwarding.error", details);
+  logger?.review("permission_forwarding.error", details);
+  logger?.debug("permission_forwarding.error", details);
 }
 
 export function ensureDirectoryExists(
-  logger: ForwardedPermissionLogger | null,
+  logger: DebugReviewLogger | null,
   path: string,
   description: string,
 ): boolean {
@@ -126,7 +120,7 @@ export function getPermissionForwardingLocationForSession(
 }
 
 export function ensurePermissionForwardingLocation(
-  logger: ForwardedPermissionLogger | null,
+  logger: DebugReviewLogger | null,
   forwardingDir: string,
   sessionId: string,
 ): PermissionForwardingLocation | null {
@@ -182,7 +176,7 @@ export function getExistingPermissionForwardingLocation(
 }
 
 export function tryRemoveDirectoryIfEmpty(
-  logger: ForwardedPermissionLogger | null,
+  logger: DebugReviewLogger | null,
   path: string,
   description: string,
 ): void {
@@ -222,7 +216,7 @@ export function tryRemoveDirectoryIfEmpty(
 }
 
 export function cleanupPermissionForwardingLocationIfEmpty(
-  logger: ForwardedPermissionLogger | null,
+  logger: DebugReviewLogger | null,
   location: PermissionForwardingLocation,
 ): void {
   tryRemoveDirectoryIfEmpty(
@@ -243,7 +237,7 @@ export function cleanupPermissionForwardingLocationIfEmpty(
 }
 
 export function safeDeleteFile(
-  logger: ForwardedPermissionLogger | null,
+  logger: DebugReviewLogger | null,
   filePath: string,
   description: string,
 ): void {
@@ -263,7 +257,7 @@ export function safeDeleteFile(
 }
 
 export function writeJsonFileAtomic(
-  logger: ForwardedPermissionLogger | null,
+  logger: DebugReviewLogger | null,
   filePath: string,
   value: unknown,
 ): void {
@@ -279,7 +273,7 @@ export function writeJsonFileAtomic(
 }
 
 export function readForwardedPermissionRequest(
-  logger: ForwardedPermissionLogger | null,
+  logger: DebugReviewLogger | null,
   filePath: string,
 ): ForwardedPermissionRequest | null {
   try {
@@ -326,7 +320,7 @@ export function readForwardedPermissionRequest(
 }
 
 export function readForwardedPermissionResponse(
-  logger: ForwardedPermissionLogger | null,
+  logger: DebugReviewLogger | null,
   filePath: string,
 ): ForwardedPermissionResponse | null {
   try {
@@ -370,7 +364,7 @@ export function readForwardedPermissionResponse(
 }
 
 export function listRequestFiles(
-  logger: ForwardedPermissionLogger | null,
+  logger: DebugReviewLogger | null,
   requestsDir: string,
 ): string[] {
   try {

package/src/forwarded-permissions/permission-forwarder.ts

@@ -7,6 +7,7 @@ import {
   getActiveAgentNameFromSystemPrompt,
 } from "#src/active-agent";
 import { toRecord } from "#src/common";
+import type { ConfigReader } from "#src/config-store";
 import type {
   PermissionPromptDecision,
   RequestPermissionOptions,
@@ -27,13 +28,14 @@ import {
   SUBAGENT_PARENT_SESSION_ENV_CANDIDATES,
 } from "#src/permission-forwarding";
 import { buildForwardedUiPrompt } from "#src/permission-ui-prompt";
+import type { DebugReviewLogger } from "#src/session-logger";
 import { isSubagentExecutionContext } from "#src/subagent-context";
 import type { SubagentSessionRegistry } from "#src/subagent-registry";
+import { shouldAutoApprovePermissionState } from "#src/yolo-mode";
 
 import {
   cleanupPermissionForwardingLocationIfEmpty,
   ensurePermissionForwardingLocation,
-  type ForwardedPermissionLogger,
   getExistingPermissionForwardingLocation,
   listRequestFiles,
   logPermissionForwardingError,
@@ -59,15 +61,15 @@ export interface PermissionForwarderDeps {
   registry?: SubagentSessionRegistry;
   /** Event bus used for UI prompt broadcasts. */
   events?: PermissionEventBus;
-  logger: ForwardedPermissionLogger;
-  writeReviewLog: (event: string, details: Record<string, unknown>) => void;
+  logger: DebugReviewLogger;
   requestPermissionDecisionFromUi: (
     ui: ExtensionContext["ui"],
     title: string,
     message: string,
     options?: RequestPermissionOptions,
   ) => Promise<PermissionPromptDecision>;
-  shouldAutoApprove: () => boolean;
+  /** Read current config for yolo-mode auto-approve check (called at prompt time). */
+  config: ConfigReader;
 }
 
 // ── Module-private helpers ────────────────────────────────────────────────
@@ -165,18 +167,14 @@ export class PermissionForwarder implements ApprovalRequester, InboxProcessor {
   private readonly subagentSessionsDir: string;
   private readonly registry: SubagentSessionRegistry | undefined;
   private readonly events: PermissionEventBus | undefined;
-  private readonly logger: ForwardedPermissionLogger;
-  private readonly writeReviewLog: (
-    event: string,
-    details: Record<string, unknown>,
-  ) => void;
+  private readonly logger: DebugReviewLogger;
   private readonly requestPermissionDecisionFromUi: (
     ui: ExtensionContext["ui"],
     title: string,
     message: string,
     options?: RequestPermissionOptions,
   ) => Promise<PermissionPromptDecision>;
-  private readonly shouldAutoApprove: () => boolean;
+  private readonly config: ConfigReader;
 
   constructor(deps: PermissionForwarderDeps) {
     this.forwardingDir = deps.forwardingDir;
@@ -184,9 +182,8 @@ export class PermissionForwarder implements ApprovalRequester, InboxProcessor {
     this.registry = deps.registry;
     this.events = deps.events;
     this.logger = deps.logger;
-    this.writeReviewLog = deps.writeReviewLog;
     this.requestPermissionDecisionFromUi = deps.requestPermissionDecisionFromUi;
-    this.shouldAutoApprove = deps.shouldAutoApprove;
+    this.config = deps.config;
   }
 
   // ── Public seam methods ────────────────────────────────────────────────
@@ -319,7 +316,7 @@ export class PermissionForwarder implements ApprovalRequester, InboxProcessor {
     const requestPath = join(location.requestsDir, `${request.id}.json`);
     const responsePath = join(location.responsesDir, `${request.id}.json`);
 
-    this.writeReviewLog("forwarded_permission.request_created", {
+    this.logger.review("forwarded_permission.request_created", {
       requestId: request.id,
       requesterAgentName: request.requesterAgentName,
       requesterSessionId: request.requesterSessionId,
@@ -391,7 +388,7 @@ export class PermissionForwarder implements ApprovalRequester, InboxProcessor {
           this.logger,
           responsePath,
         );
-        this.writeReviewLog("forwarded_permission.response_received", {
+        this.logger.review("forwarded_permission.response_received", {
           requestId,
           approved: response?.approved ?? null,
           state: response?.state ?? null,
@@ -421,7 +418,7 @@ export class PermissionForwarder implements ApprovalRequester, InboxProcessor {
       this.logger,
       `Timed out waiting for forwarded permission response '${responsePath}'`,
     );
-    this.writeReviewLog("forwarded_permission.response_timed_out", {
+    this.logger.review("forwarded_permission.response_timed_out", {
       requestId,
       requesterAgentName,
       targetSessionId,
@@ -465,14 +462,14 @@ export class PermissionForwarder implements ApprovalRequester, InboxProcessor {
       approved: false,
       state: "denied",
     };
-    if (this.shouldAutoApprove()) {
-      this.writeReviewLog(
+    if (shouldAutoApprovePermissionState("ask", this.config.current())) {
+      this.logger.review(
         "forwarded_permission.auto_approved",
         forwardedPermissionLogDetails,
       );
       decision = { approved: true, state: "approved" };
     } else {
-      this.writeReviewLog(
+      this.logger.review(
         "forwarded_permission.prompted",
         forwardedPermissionLogDetails,
       );
@@ -508,7 +505,7 @@ export class PermissionForwarder implements ApprovalRequester, InboxProcessor {
     }
 
     const responsePath = join(location.responsesDir, `${request.id}.json`);
-    this.writeReviewLog(
+    this.logger.review(
       decision.approved
         ? "forwarded_permission.approved"
         : "forwarded_permission.denied",

package/src/gate-prompter.ts

@@ -8,7 +8,5 @@ import type { PromptPermissionDetails } from "./permission-prompter";
  */
 export interface GatePrompter {
   canConfirm(): boolean;
-  promptPermission(
-    details: PromptPermissionDetails,
-  ): Promise<PermissionPromptDecision>;
+  prompt(details: PromptPermissionDetails): Promise<PermissionPromptDecision>;
 }

package/src/handlers/gates/bash-command.ts

@@ -1,6 +1,6 @@
 import type { BashCommand } from "#src/handlers/gates/bash-program";
 import { pickMostRestrictive } from "#src/handlers/gates/candidate-check";
-import type { PermissionResolver } from "#src/permission-resolver";
+import type { ScopedPermissionResolver } from "#src/permission-resolver";
 import type { PermissionCheckResult } from "#src/types";
 
 /**
@@ -30,7 +30,7 @@ export function resolveBashCommandCheck(
   command: string,
   commands: BashCommand[],
   agentName: string | undefined,
-  resolver: PermissionResolver,
+  resolver: ScopedPermissionResolver,
 ): PermissionCheckResult {
   const results = commands.map((cmd) => {
     const result = resolver.resolve("bash", { command: cmd.text }, agentName);

package/src/handlers/gates/bash-external-directory.ts

@@ -1,5 +1,5 @@
 import { getNonEmptyString, toRecord } from "#src/common";
-import type { PermissionResolver } from "#src/permission-resolver";
+import type { ScopedPermissionResolver } from "#src/permission-resolver";
 import { SessionApproval } from "#src/session-approval";
 import { deriveApprovalPattern } from "#src/session-rules";
 import type { PermissionCheckResult } from "#src/types";
@@ -21,7 +21,7 @@ import type { ToolCallContext } from "./types";
 export function describeBashExternalDirectoryGate(
   tcc: ToolCallContext,
   bashProgram: BashProgram | null,
-  resolver: PermissionResolver,
+  resolver: ScopedPermissionResolver,
 ): GateResult {
   if (tcc.toolName !== "bash" || !tcc.cwd) return null;
 

package/src/handlers/gates/bash-path.ts

@@ -1,5 +1,5 @@
 import { getNonEmptyString, toRecord } from "#src/common";
-import type { PermissionResolver } from "#src/permission-resolver";
+import type { ScopedPermissionResolver } from "#src/permission-resolver";
 import { SessionApproval } from "#src/session-approval";
 import { deriveApprovalPattern } from "#src/session-rules";
 import type { PermissionCheckResult } from "#src/types";
@@ -25,7 +25,7 @@ import type { ToolCallContext } from "./types";
 export function describeBashPathGate(
   tcc: ToolCallContext,
   bashProgram: BashProgram | null,
-  resolver: PermissionResolver,
+  resolver: ScopedPermissionResolver,
 ): GateResult {
   if (tcc.toolName !== "bash") return null;
 

package/src/handlers/gates/path.ts

@@ -1,5 +1,5 @@
 import { getPathBearingToolPath } from "#src/path-utils";
-import type { PermissionResolver } from "#src/permission-resolver";
+import type { ScopedPermissionResolver } from "#src/permission-resolver";
 import { SessionApproval } from "#src/session-approval";
 import { deriveApprovalPattern } from "#src/session-rules";
 import type { GateDescriptor, GateResult } from "./descriptor";
@@ -15,7 +15,7 @@ import type { ToolCallContext } from "./types";
  */
 export function describePathGate(
   tcc: ToolCallContext,
-  resolver: PermissionResolver,
+  resolver: ScopedPermissionResolver,
 ): GateResult {
   const filePath = getPathBearingToolPath(tcc.toolName, tcc.input);
   if (!filePath) return null;

package/src/handlers/gates/runner.ts

@@ -7,7 +7,7 @@ import {
 import type { GatePrompter } from "#src/gate-prompter";
 import type { PermissionPromptDecision } from "#src/permission-dialog";
 import { applyPermissionGate } from "#src/permission-gate";
-import type { PermissionResolver } from "#src/permission-resolver";
+import type { ScopedPermissionResolver } from "#src/permission-resolver";
 import type { SessionApprovalRecorder } from "#src/session-approval-recorder";
 import type { PermissionCheckResult } from "#src/types";
 import type { GateDescriptor, GateResult } from "./descriptor";
@@ -28,7 +28,7 @@ import type { GateOutcome } from "./types";
  */
 export class GateRunner {
   constructor(
-    private readonly resolver: PermissionResolver,
+    private readonly resolver: ScopedPermissionResolver,
     private readonly recorder: SessionApprovalRecorder,
     private readonly prompter: GatePrompter,
     private readonly reporter: DecisionReporter,
@@ -121,7 +121,7 @@ export class GateRunner {
       canConfirm,
       sessionApproval: descriptor.sessionApproval?.toGateApproval(),
       promptForApproval: async () => {
-        const decision = await this.prompter.promptPermission({
+        const decision = await this.prompter.prompt({
           requestId: toolCallId,
           ...descriptor.promptDetails,
         });

package/src/handlers/gates/tool-call-gate-pipeline.ts

@@ -1,5 +1,5 @@
 import { getNonEmptyString, toRecord } from "#src/common";
-import type { PermissionResolver } from "#src/permission-resolver";
+import type { ScopedPermissionResolver } from "#src/permission-resolver";
 import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
 import type { ToolInputFormatterLookup } from "#src/tool-input-formatter-registry";
 import {
@@ -21,14 +21,14 @@ import type { GateOutcome, ToolCallContext } from "./types";
 /**
  * Narrow interface the pipeline needs from its session-side dependency.
  *
- * Extends `PermissionResolver` (the `resolve` method gate factories use)
- * with the three query methods needed to assemble gate inputs.
+ * The three query methods needed to assemble gate inputs.
+ * The resolver is injected separately as a constructor parameter.
  *
  * `PermissionSession` satisfies this structurally at the construction call
  * site; no `implements` clause is needed and would create a layer-inversion
  * import from the domain module into the handler layer.
  */
-export interface ToolCallGateInputs extends PermissionResolver {
+export interface ToolCallGateInputs {
   /** Active skill prompt entries for the skill-read gate. */
   getActiveSkillEntries(): SkillPromptEntry[];
   /** Combined infrastructure read directories (static + config-derived). */
@@ -50,6 +50,7 @@ export interface ToolCallGateInputs extends PermissionResolver {
  */
 export class ToolCallGatePipeline {
   constructor(
+    private readonly resolver: ScopedPermissionResolver,
     private readonly inputs: ToolCallGateInputs,
     private readonly customFormatters?: ToolInputFormatterLookup,
   ) {}
@@ -76,10 +77,10 @@ export class ToolCallGatePipeline {
     const gateProducers: Array<() => GateResult | Promise<GateResult>> = [
       () =>
         describeSkillReadGate(tcc, () => this.inputs.getActiveSkillEntries()),
-      () => describePathGate(tcc, this.inputs),
+      () => describePathGate(tcc, this.resolver),
       () => describeExternalDirectoryGate(tcc, infraDirs),
-      () => describeBashExternalDirectoryGate(tcc, bashProgram, this.inputs),
-      () => describeBashPathGate(tcc, bashProgram, this.inputs),
+      () => describeBashExternalDirectoryGate(tcc, bashProgram, this.resolver),
+      () => describeBashPathGate(tcc, bashProgram, this.resolver),
       () => {
         // Bash commands may chain several sub-commands (`a && b`, `a | b`, …);
         // evaluate each unit from the shared parse on the bash surface and
@@ -91,9 +92,9 @@ export class ToolCallGatePipeline {
                 command ?? "",
                 bashProgram.commands(),
                 tcc.agentName ?? undefined,
-                this.inputs,
+                this.resolver,
               )
-            : this.inputs.resolve(
+            : this.resolver.resolve(
                 tcc.toolName,
                 tcc.input,
                 tcc.agentName ?? undefined,