@gotgenes/pi-permission-system 10.5.0 → 10.5.1

package/test/handlers/external-directory-session-dedup.test.ts

@@ -3,33 +3,30 @@
  * external path only prompt once — the session-approval recorded by the
  * first call covers the second.
  *
- * These tests use stateful mocks: `recordSessionApproval` records rules,
- * and `checkPermission` consults them via `getSessionRuleset`, mirroring
- * the real interaction between PermissionSession, SessionRules, and
- * PermissionManager.
+ * Uses real PermissionSession + PermissionResolver + SessionRules so the
+ * stateful approval-tracking path is exercised end-to-end.
  */
 
 import { describe, expect, it, vi } from "vitest";
 
 import { GateDecisionReporter } from "#src/decision-reporter";
-import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
 import type { GatePrompter } from "#src/gate-prompter";
 import { GateRunner } from "#src/handlers/gates/runner";
 import { SkillInputGatePipeline } from "#src/handlers/gates/skill-input-gate-pipeline";
 import { ToolCallGatePipeline } from "#src/handlers/gates/tool-call-gate-pipeline";
 import { PermissionGateHandler } from "#src/handlers/permission-gate-handler";
-import type { Rule } from "#src/rule";
-import type { SessionApproval } from "#src/session-approval";
-import { resolveToolPreviewLimits } from "#src/tool-preview-formatter";
-import type { ToolRegistry } from "#src/tool-registry";
 import type { PermissionCheckResult } from "#src/types";
 import { wildcardMatch } from "#src/wildcard-matcher";
 
 import {
-  type MockGateHandlerSession,
   makeCtx,
   makeEvents,
+  makeToolRegistry,
 } from "#test/helpers/handler-fixtures";
+import {
+  makeRealResolver,
+  makeRealSession,
+} from "#test/helpers/session-fixtures";
 
 // ── SDK stub ───────────────────────────────────────────────────────────────
 vi.mock("@earendil-works/pi-coding-agent", async (importOriginal) => {
@@ -41,177 +38,105 @@ vi.mock("@earendil-works/pi-coding-agent", async (importOriginal) => {
 // ── helpers ────────────────────────────────────────────────────────────────
 
 /**
- * Build a PermissionSession mock with stateful session-rule tracking.
+ * Build a fully wired PermissionGateHandler for external-directory dedup
+ * tests.
  *
- * `checkPermission` returns "ask" for `external_directory` unless a
- * matching session rule exists (via `recordSessionApproval`), in which case
- * it returns "allow" with `source: "session"`. All other surfaces return
- * "allow" by default.
+ * `permissionManager.checkPermission` is configured so that:
+ * - `external_directory` surface returns "ask" on first call
+ * - On subsequent calls it checks the shared `sessionRules` store; if a
+ *   matching rule was recorded by the runner, it returns "allow" with
+ *   `source: "session"`.
+ * - All other surfaces return "allow".
  */
-function makeStatefulSession(
-  overrides: Partial<MockGateHandlerSession> = {},
-): MockGateHandlerSession {
-  const sessionRules: Rule[] = [];
-
-  const checkPermission = vi
-    .fn<MockGateHandlerSession["checkPermission"]>()
-    .mockImplementation(
-      (
-        surface: string,
-        input: unknown,
-        _agentName?: string,
-        rules?: Rule[],
-      ): PermissionCheckResult => {
-        // Merge stored session rules with any passed-in rules
-        const allRules = [...sessionRules, ...(rules ?? [])];
-
-        if (surface === "external_directory") {
-          const record = (input ?? {}) as Record<string, unknown>;
-          const pathValue =
-            typeof record.path === "string" ? record.path : null;
-
-          if (pathValue && allRules.length > 0) {
-            const match = allRules.findLast(
-              (r) =>
-                r.surface === "external_directory" &&
-                wildcardMatch(r.pattern, pathValue),
-            );
-            if (match) {
-              return {
-                state: "allow",
-                toolName: surface,
-                source: "session",
-                origin: "session",
-                matchedPattern: match.pattern,
-              };
-            }
+function makeDeduplicatingHandler(prompter?: GatePrompter): {
+  handler: PermissionGateHandler;
+  prompter: GatePrompter;
+} {
+  const { session, permissionManager, sessionRules, logger } =
+    makeRealSession();
+  const { resolver } = makeRealResolver(permissionManager, sessionRules);
+
+  // Configure checkPermission to simulate config-level "ask" for external_directory
+  // but return "allow/session" when a session rule has been recorded.
+  vi.mocked(permissionManager.checkPermission).mockImplementation(
+    (surface, input, _agentName, rules): PermissionCheckResult => {
+      if (surface === "external_directory") {
+        const record = (input ?? {}) as Record<string, unknown>;
+        const pathValue = typeof record.path === "string" ? record.path : null;
+
+        if (pathValue && rules && rules.length > 0) {
+          const match = rules.findLast(
+            (r) =>
+              r.surface === "external_directory" &&
+              wildcardMatch(r.pattern, pathValue),
+          );
+          if (match) {
+            return {
+              state: "allow",
+              toolName: surface,
+              source: "session",
+              origin: "session",
+              matchedPattern: match.pattern,
+            };
           }
-
-          // No session match → config-level "ask"
-          return {
-            state: "ask",
-            toolName: surface,
-            source: "special",
-            origin: "global",
-          };
         }
 
-        // All other surfaces: allow
         return {
-          state: "allow",
+          state: "ask",
           toolName: surface,
-          source: "tool",
-          origin: "builtin",
+          source: "special",
+          origin: "global",
         };
-      },
-    );
-
-  const recordSessionApproval = vi
-    .fn<MockGateHandlerSession["recordSessionApproval"]>()
-    .mockImplementation((approval: SessionApproval) => {
-      for (const pattern of approval.patterns) {
-        sessionRules.push({
-          surface: approval.surface,
-          pattern,
-          action: "allow",
-          layer: "session",
-          origin: "session",
-        });
       }
-    });
 
-  const getSessionRuleset = vi
-    .fn<MockGateHandlerSession["getSessionRuleset"]>()
-    .mockImplementation(() => [...sessionRules]);
-
-  const session: MockGateHandlerSession = {
-    logger: overrides.logger ?? {
-      debug: vi.fn(),
-      review: vi.fn(),
-      warn: vi.fn(),
+      return {
+        state: "allow",
+        toolName: surface,
+        source: "tool",
+        origin: "builtin",
+      };
     },
-    activate: overrides.activate ?? vi.fn<MockGateHandlerSession["activate"]>(),
-    resolveAgentName:
-      overrides.resolveAgentName ??
-      vi.fn<MockGateHandlerSession["resolveAgentName"]>().mockReturnValue(null),
-    checkPermission: overrides.checkPermission ?? checkPermission,
-    getSessionRuleset: overrides.getSessionRuleset ?? getSessionRuleset,
-    recordSessionApproval:
-      overrides.recordSessionApproval ?? recordSessionApproval,
-    getActiveSkillEntries:
-      overrides.getActiveSkillEntries ??
-      vi
-        .fn<MockGateHandlerSession["getActiveSkillEntries"]>()
-        .mockReturnValue([]),
-    getInfrastructureReadDirs:
-      overrides.getInfrastructureReadDirs ??
-      vi
-        .fn<MockGateHandlerSession["getInfrastructureReadDirs"]>()
-        .mockReturnValue([]),
-    getToolPreviewLimits:
-      overrides.getToolPreviewLimits ??
-      vi
-        .fn<MockGateHandlerSession["getToolPreviewLimits"]>()
-        .mockReturnValue(resolveToolPreviewLimits(DEFAULT_EXTENSION_CONFIG)),
-  };
-  return session;
-}
+  );
 
-function makeHandlerForSession(
-  session: MockGateHandlerSession,
-  prompter?: GatePrompter,
-): { handler: PermissionGateHandler; prompter: GatePrompter } {
   const events = makeEvents();
-  const reporter = new GateDecisionReporter(session.logger, events);
+  const reporter = new GateDecisionReporter(logger, events);
   const resolvedPrompter: GatePrompter = prompter ?? {
     canConfirm: vi.fn().mockReturnValue(true),
     prompt: vi
       .fn<GatePrompter["prompt"]>()
       .mockResolvedValue({ approved: true, state: "approved_for_session" }),
   };
-  // Resolver delegates to session's checkPermission + getSessionRuleset so
-  // stateful approval tracking steers resolve automatically.
-  const resolver = {
-    resolve: (surface: string, input: unknown, agentName?: string) =>
-      session.checkPermission(
-        surface,
-        input,
-        agentName,
-        session.getSessionRuleset(),
-      ),
-  };
-  const runner = new GateRunner(resolver, session, resolvedPrompter, reporter);
+  const runner = new GateRunner(
+    resolver,
+    sessionRules,
+    resolvedPrompter,
+    reporter,
+  );
   const handler = new PermissionGateHandler(
     session,
-    makeToolRegistry(),
+    makeToolRegistry({
+      getAll: vi
+        .fn()
+        .mockReturnValue([
+          { name: "read" },
+          { name: "write" },
+          { name: "edit" },
+          { name: "bash" },
+        ]),
+    }),
     new ToolCallGatePipeline(resolver, session),
-    new SkillInputGatePipeline(session),
+    new SkillInputGatePipeline(resolver),
     runner,
   );
   return { handler, prompter: resolvedPrompter };
 }
 
-function makeToolRegistry(): ToolRegistry {
-  return {
-    getAll: vi
-      .fn()
-      .mockReturnValue([
-        { name: "read" },
-        { name: "write" },
-        { name: "edit" },
-        { name: "bash" },
-      ]),
-    setActive: vi.fn(),
-  };
-}
-
 // ── tests ──────────────────────────────────────────────────────────────────
 
 describe("external-directory session dedup", () => {
   describe("path-bearing tools (read, write, edit)", () => {
     it("does not re-prompt for the same external path after session approval", async () => {
-      const session = makeStatefulSession();
-      const { handler, prompter } = makeHandlerForSession(session);
+      const { handler, prompter } = makeDeduplicatingHandler();
       const ctx = makeCtx();
       const externalPath = "/outside/project/data.txt";
 
@@ -239,8 +164,7 @@ describe("external-directory session dedup", () => {
     });
 
     it("does not re-prompt for a different file in the same external directory", async () => {
-      const session = makeStatefulSession();
-      const { handler, prompter } = makeHandlerForSession(session);
+      const { handler, prompter } = makeDeduplicatingHandler();
       const ctx = makeCtx();
 
       // First call — prompt for /outside/project/a.txt
@@ -265,8 +189,7 @@ describe("external-directory session dedup", () => {
     });
 
     it("does prompt for a file in a different external directory", async () => {
-      const session = makeStatefulSession();
-      const { handler, prompter } = makeHandlerForSession(session);
+      const { handler, prompter } = makeDeduplicatingHandler();
       const ctx = makeCtx();
 
       // First call — /outside/alpha/file.txt
@@ -291,14 +214,13 @@ describe("external-directory session dedup", () => {
     });
 
     it("re-prompts when user approved once (not for session)", async () => {
-      const session = makeStatefulSession();
       const approveOnce: GatePrompter = {
         canConfirm: vi.fn().mockReturnValue(true),
         prompt: vi
           .fn<GatePrompter["prompt"]>()
           .mockResolvedValue({ approved: true, state: "approved" }),
       };
-      const { handler, prompter } = makeHandlerForSession(session, approveOnce);
+      const { handler, prompter } = makeDeduplicatingHandler(approveOnce);
       const ctx = makeCtx();
       const externalPath = "/outside/project/data.txt";
 
@@ -326,8 +248,7 @@ describe("external-directory session dedup", () => {
 
   describe("bash commands with external paths", () => {
     it("does not re-prompt for a bash command referencing the same external path after session approval", async () => {
-      const session = makeStatefulSession();
-      const { handler, prompter } = makeHandlerForSession(session);
+      const { handler, prompter } = makeDeduplicatingHandler();
       const ctx = makeCtx();
 
       // First call — bash referencing /tmp/out.txt
@@ -354,8 +275,7 @@ describe("external-directory session dedup", () => {
     });
 
     it("does not re-prompt for read after bash already approved the same directory", async () => {
-      const session = makeStatefulSession();
-      const { handler, prompter } = makeHandlerForSession(session);
+      const { handler, prompter } = makeDeduplicatingHandler();
       const ctx = makeCtx();
 
       // First call — bash writes to /tmp/out.txt

package/test/handlers/input.test.ts

@@ -49,9 +49,10 @@ describe("extractSkillNameFromInput", () => {
 describe("handleInput", () => {
   it("activates session with ctx", async () => {
     const ctx = makeCtx();
-    const { handler, session } = makeHandler();
+    const { handler, forwarding } = makeHandler();
     await handler.handleInput(makeInputEvent("hello"), ctx);
-    expect(session.activate).toHaveBeenCalledWith(ctx);
+    // session.activate(ctx) calls forwarding.start(ctx) on the real session
+    expect(forwarding.start).toHaveBeenCalledWith(ctx);
   });
 
   it("returns continue for non-skill input", async () => {
@@ -64,9 +65,9 @@ describe("handleInput", () => {
   });
 
   it("does not check permissions for non-skill input", async () => {
-    const { handler, session } = makeHandler();
+    const { handler, permissionManager } = makeHandler();
     await handler.handleInput(makeInputEvent("just a message"), makeCtx());
-    expect(session.checkPermission).not.toHaveBeenCalled();
+    expect(permissionManager.checkPermission).not.toHaveBeenCalled();
   });
 
   it("returns continue when skill is allowed", async () => {

package/test/handlers/lifecycle.test.ts

@@ -2,9 +2,12 @@ import { describe, expect, it, vi } from "vitest";
 
 import { SessionLifecycleHandler } from "#src/handlers/lifecycle";
 import type { ServiceLifecycle } from "#src/service-lifecycle";
-import type { SessionLifecycleSession } from "#src/session-lifecycle-session";
 
 import { makeCtx } from "#test/helpers/handler-fixtures";
+import {
+  makeRealResolver,
+  makeRealSession,
+} from "#test/helpers/session-fixtures";
 
 // ── status stub ────────────────────────────────────────────────────────────
 vi.mock("../../src/status", () => ({
@@ -15,55 +18,40 @@ vi.mock("../../src/status", () => ({
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
-function makeSession(
-  overrides: Partial<SessionLifecycleSession> = {},
-): SessionLifecycleSession {
-  return {
-    logger: overrides.logger ?? {
-      debug: vi.fn<SessionLifecycleSession["logger"]["debug"]>(),
-      review: vi.fn<SessionLifecycleSession["logger"]["review"]>(),
-      warn: vi.fn<SessionLifecycleSession["logger"]["warn"]>(),
-    },
-    refreshConfig:
-      overrides.refreshConfig ??
-      vi.fn<SessionLifecycleSession["refreshConfig"]>(),
-    resetForNewSession:
-      overrides.resetForNewSession ??
-      vi.fn<SessionLifecycleSession["resetForNewSession"]>(),
-    logResolvedConfigPaths:
-      overrides.logResolvedConfigPaths ??
-      vi.fn<SessionLifecycleSession["logResolvedConfigPaths"]>(),
-    resolveAgentName:
-      overrides.resolveAgentName ??
-      vi
-        .fn<SessionLifecycleSession["resolveAgentName"]>()
-        .mockReturnValue(null),
-    getConfigIssues:
-      overrides.getConfigIssues ??
-      vi.fn<SessionLifecycleSession["getConfigIssues"]>().mockReturnValue([]),
-    reload: overrides.reload ?? vi.fn<SessionLifecycleSession["reload"]>(),
-    getRuntimeContext:
-      overrides.getRuntimeContext ??
-      vi
-        .fn<SessionLifecycleSession["getRuntimeContext"]>()
-        .mockReturnValue(null),
-    shutdown:
-      overrides.shutdown ?? vi.fn<SessionLifecycleSession["shutdown"]>(),
-  };
-}
-
-function makeHandler(overrides?: Partial<SessionLifecycleSession>): {
-  handler: SessionLifecycleHandler;
-  session: SessionLifecycleSession;
-  serviceLifecycle: ServiceLifecycle;
-} {
-  const session = makeSession(overrides);
+function makeSetup(opts?: { configIssues?: string[] }) {
+  const {
+    session,
+    permissionManager,
+    sessionRules,
+    logger,
+    forwarding,
+    configStore,
+  } = makeRealSession();
+  const { resolver } = makeRealResolver(permissionManager, sessionRules);
+  if (opts?.configIssues) {
+    vi.mocked(permissionManager.getConfigIssues).mockReturnValue(
+      opts.configIssues,
+    );
+  }
   const serviceLifecycle: ServiceLifecycle = {
     activate: vi.fn<ServiceLifecycle["activate"]>(),
     teardown: vi.fn<ServiceLifecycle["teardown"]>(),
   };
-  const handler = new SessionLifecycleHandler(session, serviceLifecycle);
-  return { handler, session, serviceLifecycle };
+  const handler = new SessionLifecycleHandler(
+    session,
+    resolver,
+    serviceLifecycle,
+  );
+  return {
+    handler,
+    session,
+    resolver,
+    permissionManager,
+    logger,
+    forwarding,
+    configStore,
+    serviceLifecycle,
+  };
 }
 
 // ── handleSessionStart ─────────────────────────────────────────────────────
@@ -71,51 +59,53 @@ function makeHandler(overrides?: Partial<SessionLifecycleSession>): {
 describe("handleSessionStart", () => {
   it("refreshes config with ctx", async () => {
     const ctx = makeCtx();
-    const { handler, session } = makeHandler();
+    const { handler, configStore } = makeSetup();
     await handler.handleSessionStart({ reason: "startup" }, ctx);
-    expect(session.refreshConfig).toHaveBeenCalledWith(ctx);
+    expect(configStore.refresh).toHaveBeenCalledWith(ctx);
   });
 
   it("calls resetForNewSession with ctx", async () => {
     const ctx = makeCtx();
-    const { handler, session } = makeHandler();
+    const { handler, session } = makeSetup();
+    const spy = vi.spyOn(session, "resetForNewSession");
     await handler.handleSessionStart({ reason: "startup" }, ctx);
-    expect(session.resetForNewSession).toHaveBeenCalledWith(ctx);
+    expect(spy).toHaveBeenCalledWith(ctx);
   });
 
   it("logs resolved config paths", async () => {
-    const { handler, session } = makeHandler();
+    const { handler, configStore } = makeSetup();
     await handler.handleSessionStart({ reason: "startup" }, makeCtx());
-    expect(session.logResolvedConfigPaths).toHaveBeenCalledOnce();
+    expect(configStore.logResolvedPaths).toHaveBeenCalledOnce();
   });
 
   it("resolves agent name from ctx", async () => {
     const ctx = makeCtx();
-    const { handler, session } = makeHandler();
+    const { handler, session } = makeSetup();
+    const spy = vi.spyOn(session, "resolveAgentName");
     await handler.handleSessionStart({ reason: "startup" }, ctx);
-    expect(session.resolveAgentName).toHaveBeenCalledWith(ctx);
+    expect(spy).toHaveBeenCalledWith(ctx);
   });
 
   it("notifies each policy issue", async () => {
-    const { handler, session } = makeHandler({
-      getConfigIssues: vi.fn().mockReturnValue(["issue A", "issue B"]),
+    const { handler, logger } = makeSetup({
+      configIssues: ["issue A", "issue B"],
     });
     await handler.handleSessionStart({ reason: "startup" }, makeCtx());
-    expect(session.logger.warn).toHaveBeenCalledWith("issue A");
-    expect(session.logger.warn).toHaveBeenCalledWith("issue B");
+    expect(logger.warn).toHaveBeenCalledWith("issue A");
+    expect(logger.warn).toHaveBeenCalledWith("issue B");
   });
 
   it("does not warn when there are no policy issues", async () => {
-    const { handler, session } = makeHandler();
+    const { handler, logger } = makeSetup();
     await handler.handleSessionStart({ reason: "startup" }, makeCtx());
-    expect(session.logger.warn).not.toHaveBeenCalled();
+    expect(logger.warn).not.toHaveBeenCalled();
   });
 
   it("writes lifecycle.reload debug log when reason is reload", async () => {
     const ctx = makeCtx({ cwd: "/proj" });
-    const { handler, session } = makeHandler();
+    const { handler, logger } = makeSetup();
     await handler.handleSessionStart({ reason: "reload" }, ctx);
-    expect(session.logger.debug).toHaveBeenCalledWith("lifecycle.reload", {
+    expect(logger.debug).toHaveBeenCalledWith("lifecycle.reload", {
       triggeredBy: "session_start",
       reason: "reload",
       cwd: "/proj",
@@ -123,23 +113,26 @@ describe("handleSessionStart", () => {
   });
 
   it("does not write lifecycle.reload debug log for non-reload reasons", async () => {
-    const { handler, session } = makeHandler();
+    const { handler, logger } = makeSetup();
     await handler.handleSessionStart({ reason: "startup" }, makeCtx());
-    expect(session.logger.debug).not.toHaveBeenCalled();
+    expect(logger.debug).not.toHaveBeenCalled();
   });
 
   it("activates the service for the session with ctx", async () => {
     const ctx = makeCtx();
-    const { handler, serviceLifecycle } = makeHandler();
+    const { handler, serviceLifecycle } = makeSetup();
     await handler.handleSessionStart({ reason: "startup" }, ctx);
     expect(serviceLifecycle.activate).toHaveBeenCalledWith(ctx);
   });
 
   it("calls refreshConfig before resetForNewSession", async () => {
     const callOrder: string[] = [];
-    const { handler } = makeHandler({
-      refreshConfig: vi.fn(() => callOrder.push("refreshConfig")),
-      resetForNewSession: vi.fn(() => callOrder.push("resetForNewSession")),
+    const { handler, session, configStore } = makeSetup();
+    vi.spyOn(configStore, "refresh").mockImplementation(() => {
+      callOrder.push("refreshConfig");
+    });
+    vi.spyOn(session, "resetForNewSession").mockImplementation(() => {
+      callOrder.push("resetForNewSession");
     });
     await handler.handleSessionStart({ reason: "startup" }, makeCtx());
     expect(callOrder).toEqual(["refreshConfig", "resetForNewSession"]);
@@ -150,24 +143,25 @@ describe("handleSessionStart", () => {
 
 describe("handleResourcesDiscover", () => {
   it("does nothing when reason is not reload", async () => {
-    const { handler, session } = makeHandler();
+    const { handler, session } = makeSetup();
+    const spy = vi.spyOn(session, "reload");
     await handler.handleResourcesDiscover({ reason: "startup" });
-    expect(session.reload).not.toHaveBeenCalled();
+    expect(spy).not.toHaveBeenCalled();
   });
 
   it("calls reload on the session on reload", async () => {
-    const { handler, session } = makeHandler();
+    const { handler, session } = makeSetup();
+    const spy = vi.spyOn(session, "reload");
     await handler.handleResourcesDiscover({ reason: "reload" });
-    expect(session.reload).toHaveBeenCalledOnce();
+    expect(spy).toHaveBeenCalledOnce();
   });
 
   it("writes lifecycle.reload debug log on reload", async () => {
     const ctx = makeCtx({ cwd: "/proj" });
-    const { handler, session } = makeHandler({
-      getRuntimeContext: vi.fn().mockReturnValue(ctx),
-    });
+    const { handler, session, logger } = makeSetup();
+    session.activate(ctx);
     await handler.handleResourcesDiscover({ reason: "reload" });
-    expect(session.logger.debug).toHaveBeenCalledWith("lifecycle.reload", {
+    expect(logger.debug).toHaveBeenCalledWith("lifecycle.reload", {
       triggeredBy: "resources_discover",
       reason: "reload",
       cwd: "/proj",
@@ -175,9 +169,9 @@ describe("handleResourcesDiscover", () => {
   });
 
   it("logs cwd as null when runtimeContext is null on reload", async () => {
-    const { handler, session } = makeHandler();
+    const { handler, logger } = makeSetup();
     await handler.handleResourcesDiscover({ reason: "reload" });
-    expect(session.logger.debug).toHaveBeenCalledWith("lifecycle.reload", {
+    expect(logger.debug).toHaveBeenCalledWith("lifecycle.reload", {
       triggeredBy: "resources_discover",
       reason: "reload",
       cwd: null,
@@ -190,9 +184,8 @@ describe("handleResourcesDiscover", () => {
 describe("handleSessionShutdown", () => {
   it("clears UI status when runtime context is present", async () => {
     const ctx = makeCtx();
-    const { handler } = makeHandler({
-      getRuntimeContext: vi.fn().mockReturnValue(ctx),
-    });
+    const { handler, session } = makeSetup();
+    session.activate(ctx);
     await handler.handleSessionShutdown();
     expect(ctx.ui.setStatus).toHaveBeenCalledWith(
       "permission-system",
@@ -201,18 +194,19 @@ describe("handleSessionShutdown", () => {
   });
 
   it("does not throw when runtime context is null", async () => {
-    const { handler } = makeHandler();
+    const { handler } = makeSetup();
     await expect(handler.handleSessionShutdown()).resolves.not.toThrow();
   });
 
   it("calls shutdown on the session", async () => {
-    const { handler, session } = makeHandler();
+    const { handler, session } = makeSetup();
+    const spy = vi.spyOn(session, "shutdown");
     await handler.handleSessionShutdown();
-    expect(session.shutdown).toHaveBeenCalledOnce();
+    expect(spy).toHaveBeenCalledOnce();
   });
 
   it("calls serviceLifecycle.teardown", async () => {
-    const { handler, serviceLifecycle } = makeHandler();
+    const { handler, serviceLifecycle } = makeSetup();
     await handler.handleSessionShutdown();
     expect(serviceLifecycle.teardown).toHaveBeenCalledOnce();
   });

package/test/handlers/tool-call.test.ts

@@ -49,9 +49,10 @@ describe("getEventInput", () => {
 describe("handleToolCall", () => {
   it("activates session with ctx", async () => {
     const ctx = makeCtx();
-    const { handler, session } = makeHandler();
+    const { handler, forwarding } = makeHandler();
     await handler.handleToolCall(makeToolCallEvent("read"), ctx);
-    expect(session.activate).toHaveBeenCalledWith(ctx);
+    // session.activate(ctx) calls forwarding.start(ctx) on the real session
+    expect(forwarding.start).toHaveBeenCalledWith(ctx);
   });
 
   it("blocks when tool name cannot be resolved", async () => {