@gotgenes/pi-permission-system 10.3.1 → 10.5.0

package/src/index.ts

@@ -23,19 +23,16 @@ import { requestPermissionDecisionFromUi } from "./permission-dialog";
 import { registerPermissionRpcHandlers } from "./permission-event-rpc";
 import { PermissionManager } from "./permission-manager";
 import { PermissionPrompter } from "./permission-prompter";
+import { PermissionResolver } from "./permission-resolver";
 import { PermissionSession } from "./permission-session";
 import { LocalPermissionsService } from "./permissions-service";
+import { PromptingGateway } from "./prompting-gateway";
 import { PermissionServiceLifecycle } from "./service-lifecycle";
 import { createSessionLogger } from "./session-logger";
 import { SessionRules } from "./session-rules";
-import { isSubagentExecutionContext } from "./subagent-context";
 import { subscribeSubagentLifecycle } from "./subagent-lifecycle-events";
 import { getSubagentSessionRegistry } from "./subagent-registry";
 import { ToolInputFormatterRegistry } from "./tool-input-formatter-registry";
-import {
-  canResolveAskPermissionRequest,
-  shouldAutoApprovePermissionState,
-} from "./yolo-mode";
 
 export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
   const agentDir = getAgentDir();
@@ -67,10 +64,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
   configStore = new ConfigStore({
     agentDir,
     policyPaths: permissionManager,
-    logger: {
-      writeDebugLog: (e, d) => logger.debug(e, d),
-      writeReviewLog: (e, d) => logger.review(e, d),
-    },
+    logger,
   });
 
   const forwardingDeps: PermissionForwarderDeps = {
@@ -78,26 +72,28 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
     subagentSessionsDir: paths.subagentSessionsDir,
     registry: subagentRegistry,
     events: pi.events,
-    logger: {
-      writeReviewLog: (event, details) => logger.review(event, details),
-      writeDebugLog: (event, details) => logger.debug(event, details),
-    },
-    writeReviewLog: (event, details) => logger.review(event, details),
+    logger,
     requestPermissionDecisionFromUi,
-    shouldAutoApprove: () =>
-      shouldAutoApprovePermissionState("ask", configStore.current()),
+    config: configStore,
   };
   const forwarder = new PermissionForwarder(forwardingDeps);
 
   const prompter = new PermissionPrompter({
     config: configStore,
-    writeReviewLog: (event, details) => logger.review(event, details),
+    logger,
     events: pi.events,
     forwarder,
   });
 
   configStore.refresh();
 
+  const gateway = new PromptingGateway({
+    config: configStore,
+    subagentSessionsDir: paths.subagentSessionsDir,
+    registry: subagentRegistry,
+    prompter,
+  });
+
   const session = new PermissionSession(
     paths,
     logger,
@@ -109,39 +105,26 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
     permissionManager,
     sessionRules,
     configStore,
-    {
-      canRequestPermissionConfirmation: (ctx) =>
-        canResolveAskPermissionRequest({
-          config: configStore.current(),
-          hasUI: ctx.hasUI,
-          isSubagent: isSubagentExecutionContext(
-            ctx,
-            paths.subagentSessionsDir,
-            subagentRegistry,
-          ),
-        }),
-      promptPermission: (ctx, details) => prompter.prompt(ctx, details),
-    },
+    gateway,
   );
 
   // Connect the notify sink now that session is available.
   sessionNotify = session;
 
+  const configPath = getGlobalConfigPath(agentDir);
   registerPermissionSystemCommand(pi, {
     config: configStore,
-    getConfigPath: () => getGlobalConfigPath(agentDir),
-    getComposedRules: () =>
-      permissionManager.getComposedConfigRules(
-        session.lastKnownActiveAgentName ?? undefined,
-      ),
+    configPath,
+    permissionManager,
+    session,
   });
 
   const rpcHandles = registerPermissionRpcHandlers(pi.events, {
-    getPermissionManager: () => permissionManager,
-    getSessionRules: () => sessionRules.getRuleset(),
-    getRuntimeContext: () => session.getRuntimeContext(),
+    permissionManager,
+    sessionRules,
+    session,
     requestPermissionDecisionFromUi,
-    writeReviewLog: (event, details) => logger.review(event, details),
+    logger,
   });
 
   const permissionsService = new LocalPermissionsService(
@@ -176,13 +159,16 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
 
   const lifecycle = new SessionLifecycleHandler(session, serviceLifecycle);
   const agentPrep = new AgentPrepHandler(session, toolRegistry);
+  const resolver = new PermissionResolver(permissionManager, sessionRules);
+
   const reporter = new GateDecisionReporter(session.logger, pi.events);
-  const gateRunner = new GateRunner(session, session, session, reporter);
+  const gateRunner = new GateRunner(resolver, session, gateway, reporter);
   const toolCallGatePipeline = new ToolCallGatePipeline(
+    resolver,
     session,
     formatterRegistry,
   );
-  const skillInputGatePipeline = new SkillInputGatePipeline(session);
+  const skillInputGatePipeline = new SkillInputGatePipeline(resolver);
   const gates = new PermissionGateHandler(
     session,
     toolRegistry,

package/src/permission-event-rpc.ts

@@ -28,19 +28,20 @@ import {
 } from "./permission-events";
 import type { PermissionManager } from "./permission-manager";
 import { buildRpcUiPrompt } from "./permission-ui-prompt";
-import type { Rule } from "./rule";
+import type { ReviewLogger } from "./session-logger";
+import type { SessionRules } from "./session-rules";
 
 /** Dependencies injected into the RPC handler registry. */
 export interface PermissionRpcDeps {
-  /** Returns the current PermissionManager (refreshed on session start). */
-  getPermissionManager(): Pick<PermissionManager, "checkPermission">;
-  /** Returns the current session rules (highest-priority approvals). */
-  getSessionRules(): Rule[];
+  /** The shared PermissionManager instance. */
+  permissionManager: Pick<PermissionManager, "checkPermission">;
+  /** The shared SessionRules instance. */
+  sessionRules: Pick<SessionRules, "getRuleset">;
   /**
-   * Returns the current ExtensionContext, or null if no session is active.
+   * Narrow session view: provides runtime context.
    * Used by the prompt handler to check hasUI and access the UI dialog.
    */
-  getRuntimeContext(): ExtensionContext | null;
+  session: { getRuntimeContext(): ExtensionContext | null };
   /** Show the interactive permission dialog in the parent session UI. */
   requestPermissionDecisionFromUi(
     ui: ExtensionContext["ui"],
@@ -48,8 +49,8 @@ export interface PermissionRpcDeps {
     message: string,
     options?: RequestPermissionOptions,
   ): Promise<PermissionPromptDecision>;
-  /** Write structured entries to the permission review log. */
-  writeReviewLog(event: string, details: Record<string, unknown>): void;
+  /** Write review-log entries for prompted decisions. */
+  logger: ReviewLogger;
 }
 
 /** Unsubscribe handles returned from registerPermissionRpcHandlers. */
@@ -107,10 +108,13 @@ function handleCheckRpc(
     }
 
     const input = buildInputForSurface(surface, value);
-    const sessionRules = deps.getSessionRules();
-    const result = deps
-      .getPermissionManager()
-      .checkPermission(surface, input, agentName ?? undefined, sessionRules);
+    const sessionRules = deps.sessionRules.getRuleset();
+    const result = deps.permissionManager.checkPermission(
+      surface,
+      input,
+      agentName ?? undefined,
+      sessionRules,
+    );
 
     const data: PermissionsCheckReplyData = {
       result: result.state,
@@ -141,7 +145,7 @@ async function handlePromptRpc(
 
   const replyChannel = `${PERMISSIONS_RPC_PROMPT_CHANNEL}:reply:${requestId}`;
 
-  const ctx = deps.getRuntimeContext();
+  const ctx = deps.session.getRuntimeContext();
   if (!ctx?.hasUI) {
     events.emit(replyChannel, errorReply("no_ui"));
     return;
@@ -169,7 +173,7 @@ async function handlePromptRpc(
       sessionLabel ? { sessionLabel } : undefined,
     );
 
-    deps.writeReviewLog("permission_request.rpc_prompt", {
+    deps.logger.review("permission_request.rpc_prompt", {
       requestId,
       surface: surface ?? null,
       value: value ?? null,

package/src/permission-prompter.ts

@@ -7,6 +7,7 @@ import {
   type PermissionEventBus,
 } from "./permission-events";
 import { buildDirectUiPrompt } from "./permission-ui-prompt";
+import type { ReviewLogger } from "./session-logger";
 import { shouldAutoApprovePermissionState } from "./yolo-mode";
 
 export type PermissionReviewSource = "tool_call" | "skill_input" | "skill_read";
@@ -40,14 +41,14 @@ export interface PermissionPrompterApi {
  * Dependencies required by PermissionPrompter.
  *
  * Keeps the prompter's external surface narrow: callers provide config
- * access, review-log writing, the UI-prompt event bus, and the forwarder
+ * access, a review logger, the UI-prompt event bus, and the forwarder
  * that owns the UI/subagent-forwarding branching logic.
  */
 export interface PermissionPrompterDeps {
   /** Read current config for yolo-mode check (called at prompt time). */
   config: ConfigReader;
   /** Write structured entries to the permission review log. */
-  writeReviewLog(event: string, details: Record<string, unknown>): void;
+  logger: ReviewLogger;
   /** Event bus used for UI prompt broadcasts. */
   events: PermissionEventBus;
   /** Resolves the permission decision: direct UI dialog or forwarded to parent. */
@@ -122,7 +123,7 @@ export class PermissionPrompter implements PermissionPrompterApi {
       denialReason?: string;
     },
   ): void {
-    this.deps.writeReviewLog(event, {
+    this.deps.logger.review(event, {
       requestId: details.requestId,
       source: details.source,
       agentName: details.agentName,

package/src/permission-resolver.ts

@@ -1,4 +1,7 @@
-import type { PermissionCheckResult } from "./types";
+import type { ScopedPermissionManager } from "./permission-manager";
+import type { Rule } from "./rule";
+import type { SessionRules } from "./session-rules";
+import type { PermissionCheckResult, PermissionState } from "./types";
 
 /**
  * Resolves the effective permission for a surface/input, applying the current
@@ -8,10 +11,74 @@ import type { PermissionCheckResult } from "./types";
  * previously threaded by hand: the ruleset was only ever fetched to be passed
  * straight back into `checkPermission`, so the two are one operation.
  */
-export interface PermissionResolver {
+export interface ScopedPermissionResolver {
   resolve(
     surface: string,
     input: unknown,
     agentName?: string,
   ): PermissionCheckResult;
 }
+
+/**
+ * Concrete collaborator that owns the resolution surface.
+ *
+ * Holds a `ScopedPermissionManager` and a `SessionRules` store, composing
+ * them so callers never thread the session ruleset by hand.
+ *
+ * Constructor deps:
+ * - `permissionManager` — the narrow session-scoped permission-checking interface
+ * - `sessionRules` — narrowed to `getRuleset` (ISP: the resolver only reads, never records)
+ */
+export class PermissionResolver implements ScopedPermissionResolver {
+  constructor(
+    private readonly permissionManager: ScopedPermissionManager,
+    private readonly sessionRules: Pick<SessionRules, "getRuleset">,
+  ) {}
+
+  /**
+   * Resolve the effective permission for a surface/input, applying the current
+   * session rules. Composes `checkPermission` with `getRuleset()` so callers
+   * never thread the ruleset by hand.
+   */
+  resolve(
+    surface: string,
+    input: unknown,
+    agentName?: string,
+  ): PermissionCheckResult {
+    return this.checkPermission(
+      surface,
+      input,
+      agentName,
+      this.sessionRules.getRuleset(),
+    );
+  }
+
+  checkPermission(
+    surface: string,
+    input: unknown,
+    agentName?: string,
+    sessionRules?: Rule[],
+  ): PermissionCheckResult {
+    return this.permissionManager.checkPermission(
+      surface,
+      input,
+      agentName,
+      sessionRules,
+    );
+  }
+
+  // fallow-ignore-next-line unused-class-member
+  getToolPermission(toolName: string, agentName?: string): PermissionState {
+    return this.permissionManager.getToolPermission(toolName, agentName);
+  }
+
+  // fallow-ignore-next-line unused-class-member
+  getConfigIssues(agentName?: string): string[] {
+    return this.permissionManager.getConfigIssues(agentName);
+  }
+
+  // fallow-ignore-next-line unused-class-member
+  getPolicyCacheStamp(agentName?: string): string {
+    return this.permissionManager.getPolicyCacheStamp(agentName);
+  }
+}

package/src/permission-session.ts

@@ -10,11 +10,8 @@ import type { PermissionSystemExtensionConfig } from "./extension-config";
 import type { ExtensionPaths } from "./extension-paths";
 import type { ForwardingController } from "./forwarding-manager";
 import type { GateHandlerSession } from "./gate-handler-session";
-import type { GatePrompter } from "./gate-prompter";
-import type { PermissionPromptDecision } from "./permission-dialog";
 import type { ScopedPermissionManager } from "./permission-manager";
-import type { PromptPermissionDetails } from "./permission-prompter";
-import type { PermissionResolver } from "./permission-resolver";
+import type { PromptingGatewayLifecycle } from "./prompting-gateway";
 import type { Rule } from "./rule";
 import type { SessionApproval } from "./session-approval";
 import type { SessionApprovalRecorder } from "./session-approval-recorder";
@@ -28,21 +25,6 @@ import {
 } from "./tool-preview-formatter";
 import type { PermissionCheckResult, PermissionState } from "./types";
 
-/**
- * Runtime operations that `PermissionSession` delegates to but does not own.
- *
- * Injected at construction time from the composition root (`index.ts`).
- */
-export interface PermissionSessionRuntimeDeps {
-  /** Whether the current context can show an interactive permission prompt. */
-  canRequestPermissionConfirmation(ctx: ExtensionContext): boolean;
-  /** Prompt the user for a permission decision, log the outcome, and return it. */
-  promptPermission(
-    ctx: ExtensionContext,
-    details: PromptPermissionDetails,
-  ): Promise<PermissionPromptDecision>;
-}
-
 /**
  * Encapsulates all mutable session state and exposes operations instead of
  * fields.
@@ -56,13 +38,11 @@ export interface PermissionSessionRuntimeDeps {
  * - `SessionLogger` — debug + review + warn
  * - `ForwardingController` — polling lifecycle
  * - `SessionConfigStore` — owns extension config; provides refresh, log, read
- * - `PermissionSessionRuntimeDeps` — prompting + permission-confirmation bridge
+ * - `PromptingGatewayLifecycle` — prompting lifecycle forwarded via activate/deactivate
  */
 export class PermissionSession
   implements
-    PermissionResolver,
     SessionApprovalRecorder,
-    GatePrompter,
     GateHandlerSession,
     AgentPrepSession,
     SessionLifecycleSession
@@ -80,21 +60,23 @@ export class PermissionSession
     private readonly permissionManager: ScopedPermissionManager,
     private readonly sessionRules: SessionRules,
     private readonly configStore: SessionConfigStore,
-    private readonly runtimeDeps: PermissionSessionRuntimeDeps,
+    private readonly gateway: PromptingGatewayLifecycle,
   ) {}
 
   // ── Context lifecycle ──────────────────────────────────────────────────
 
-  /** Store the current extension context and start forwarding. */
+  /** Store the current extension context, start forwarding, and activate the gateway. */
   activate(ctx: ExtensionContext): void {
     this.context = ctx;
     this.forwarding.start(ctx);
+    this.gateway.activate(ctx);
   }
 
-  /** Clear the context and stop forwarding. */
+  /** Clear the context, stop forwarding, and deactivate the gateway. */
   deactivate(): void {
     this.context = null;
     this.forwarding.stop();
+    this.gateway.deactivate();
   }
 
   /** Return the current runtime context, or null if not activated. */
@@ -118,24 +100,6 @@ export class PermissionSession
     );
   }
 
-  /**
-   * Resolve the effective permission for a surface/input, applying the current
-   * session rules. Composes `checkPermission` with `getSessionRuleset` so
-   * callers never thread the ruleset by hand.
-   */
-  resolve(
-    surface: string,
-    input: unknown,
-    agentName?: string,
-  ): PermissionCheckResult {
-    return this.checkPermission(
-      surface,
-      input,
-      agentName,
-      this.getSessionRuleset(),
-    );
-  }
-
   getToolPermission(toolName: string, agentName?: string): PermissionState {
     return this.permissionManager.getToolPermission(toolName, agentName);
   }
@@ -291,44 +255,4 @@ export class PermissionSession
   getToolPreviewLimits(): ToolPreviewFormatterOptions {
     return resolveToolPreviewLimits(this.config);
   }
-
-  // ── Prompting ──────────────────────────────────────────────────────────
-
-  /** Whether the current context can show an interactive permission prompt. */
-  canPrompt(ctx: ExtensionContext): boolean {
-    return this.runtimeDeps.canRequestPermissionConfirmation(ctx);
-  }
-
-  /** Prompt the user for a permission decision, log the outcome, and return it. */
-  prompt(
-    ctx: ExtensionContext,
-    details: PromptPermissionDetails,
-  ): Promise<PermissionPromptDecision> {
-    return this.runtimeDeps.promptPermission(ctx, details);
-  }
-
-  /**
-   * Whether an interactive confirmation is possible using the stored context.
-   * Returns `false` when no context is active (before `activate` is called).
-   * Implements {@link GatePrompter}.
-   */
-  canConfirm(): boolean {
-    return this.context !== null && this.canPrompt(this.context);
-  }
-
-  /**
-   * Prompt the user for a permission decision using the stored context.
-   * Throws if no context is active — `canConfirm()` guards this in normal use.
-   * Implements {@link GatePrompter}.
-   */
-  promptPermission(
-    details: PromptPermissionDetails,
-  ): Promise<PermissionPromptDecision> {
-    if (this.context === null) {
-      return Promise.reject(
-        new Error("promptPermission called before the session was activated"),
-      );
-    }
-    return this.prompt(this.context, details);
-  }
 }

package/src/prompting-gateway.ts

@@ -0,0 +1,104 @@
+import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
+
+import type { ConfigReader } from "./config-store";
+import type { GatePrompter } from "./gate-prompter";
+import type { PermissionPromptDecision } from "./permission-dialog";
+import type {
+  PermissionPrompterApi,
+  PromptPermissionDetails,
+} from "./permission-prompter";
+import { isSubagentExecutionContext } from "./subagent-context";
+import type { SubagentSessionRegistry } from "./subagent-registry";
+import { canResolveAskPermissionRequest } from "./yolo-mode";
+
+/**
+ * Dependencies required by PromptingGateway.
+ *
+ * All four fields are actively consumed:
+ * - `config` + `subagentSessionsDir` + `registry` drive `canConfirm()`.
+ * - `prompter` is called by `prompt()`.
+ */
+export interface PromptingGatewayDeps {
+  /** Read current config for the yolo-mode branch of the can-prompt policy. */
+  config: ConfigReader;
+  /** Static path used to detect a forwarding subagent context. */
+  subagentSessionsDir: string;
+  /** Process-global registry used to detect a registered child session. */
+  registry?: SubagentSessionRegistry;
+  /** Resolves the permission decision: direct UI dialog or forwarded to parent. */
+  prompter: PermissionPrompterApi;
+}
+
+/**
+ * The lifecycle slice of the gateway that PermissionSession drives.
+ *
+ * PermissionSession calls activate/deactivate to keep the gateway's stored
+ * context in sync with its own — the same pattern used for ForwardingController.
+ */
+export interface PromptingGatewayLifecycle {
+  activate(ctx: ExtensionContext): void;
+  deactivate(): void;
+}
+
+/**
+ * Context-owning implementation of the GatePrompter role.
+ *
+ * Owns the stored ExtensionContext and the "can we prompt?" policy
+ * (UI / subagent / yolo-mode), replacing the four twin methods
+ * that previously lived on PermissionSession.
+ *
+ * Lifecycle: PermissionSession drives activate/deactivate so the stored
+ * context mirrors the session context without independent call-site changes.
+ */
+export class PromptingGateway
+  implements GatePrompter, PromptingGatewayLifecycle
+{
+  private context: ExtensionContext | null = null;
+
+  constructor(private readonly deps: PromptingGatewayDeps) {}
+
+  /** Store the current extension context. */
+  activate(ctx: ExtensionContext): void {
+    this.context = ctx;
+  }
+
+  /** Clear the stored context. */
+  deactivate(): void {
+    this.context = null;
+  }
+
+  /**
+   * Whether an interactive permission prompt can be shown.
+   *
+   * Returns false when no context is active. Otherwise delegates to
+   * canResolveAskPermissionRequest, which checks hasUI, subagent status,
+   * and yolo-mode — relocating the policy from the index.ts closure.
+   */
+  canConfirm(): boolean {
+    if (this.context === null) return false;
+    return canResolveAskPermissionRequest({
+      config: this.deps.config.current(),
+      hasUI: this.context.hasUI,
+      isSubagent: isSubagentExecutionContext(
+        this.context,
+        this.deps.subagentSessionsDir,
+        this.deps.registry,
+      ),
+    });
+  }
+
+  /**
+   * Prompt the user for a permission decision using the stored context.
+   *
+   * Rejects if no context is active — canConfirm() guards this in normal use.
+   * Implements {@link GatePrompter}.
+   */
+  prompt(details: PromptPermissionDetails): Promise<PermissionPromptDecision> {
+    if (this.context === null) {
+      return Promise.reject(
+        new Error("prompt called before the session was activated"),
+      );
+    }
+    return this.deps.prompter.prompt(this.context, details);
+  }
+}

package/src/session-logger.ts

@@ -6,6 +6,22 @@ import {
 } from "./extension-config";
 import { createPermissionSystemLogger } from "./logging";
 
+/**
+ * Narrowest logging seam — consumers that only write review-log entries.
+ * Injected into `PermissionPrompter` and the RPC handlers.
+ */
+export interface ReviewLogger {
+  review(event: string, details?: Record<string, unknown>): void;
+}
+
+/**
+ * Logging seam for consumers that write both debug and review entries.
+ * Injected into `ConfigStore` and `PermissionForwarder`.
+ */
+export interface DebugReviewLogger extends ReviewLogger {
+  debug(event: string, details?: Record<string, unknown>): void;
+}
+
 /**
  * Unified logging + notification surface for handler deps.
  *
@@ -13,9 +29,7 @@ import { createPermissionSystemLogger } from "./logging";
  * `writeReviewLog`, `notifyWarning`) with a single typed collaborator.
  * This is an intermediate abstraction on the path to PermissionSession (#129).
  */
-export interface SessionLogger {
-  debug(event: string, details?: Record<string, unknown>): void;
-  review(event: string, details?: Record<string, unknown>): void;
+export interface SessionLogger extends DebugReviewLogger {
   warn(message: string): void;
 }
 

package/test/config-modal.test.ts

@@ -9,7 +9,7 @@ import {
   normalizePermissionSystemConfig,
   type PermissionSystemExtensionConfig,
 } from "#src/extension-config";
-import type { Rule } from "#src/rule";
+import type { Rule, Ruleset } from "#src/rule";
 
 vi.mock("@earendil-works/pi-coding-agent", () => ({
   getSettingsListTheme: () => ({}),
@@ -88,7 +88,9 @@ test("permission-system command completions expose top-level config actions", ()
     };
     const controller = {
       config: configStore,
-      getConfigPath: () => configPath,
+      configPath,
+      permissionManager: { getComposedConfigRules: () => [] as Ruleset },
+      session: { lastKnownActiveAgentName: null },
     };
 
     let definition: {
@@ -160,7 +162,9 @@ test("permission-system command handlers manage config summary, persistence, and
     };
     const controller = {
       config: configStore,
-      getConfigPath: () => configPath,
+      configPath,
+      permissionManager: { getComposedConfigRules: () => [] as Ruleset },
+      session: { lastKnownActiveAgentName: null },
     };
 
     let registeredName = "";
@@ -257,8 +261,9 @@ test("show output includes rule origins when getComposedRules is provided", asyn
 
   const controller = {
     config: { current: () => config, save: () => {} } as CommandConfigStore,
-    getConfigPath: () => "/fake/config.json",
-    getComposedRules: () => composedRules,
+    configPath: "/fake/config.json",
+    permissionManager: { getComposedConfigRules: () => composedRules },
+    session: { lastKnownActiveAgentName: null },
   };
 
   let definition: {
@@ -289,8 +294,9 @@ test("show output omits rule summary when getComposedRules is not provided", asy
 
   const controller = {
     config: { current: () => config, save: () => {} } as CommandConfigStore,
-    getConfigPath: () => "/fake/config.json",
-    // no getComposedRules
+    configPath: "/fake/config.json",
+    permissionManager: { getComposedConfigRules: () => [] as Ruleset },
+    session: { lastKnownActiveAgentName: null },
   };
 
   let definition: {