@gotgenes/pi-permission-system 10.5.0 → 10.5.2

package/test/permission-resolver.test.ts

@@ -82,7 +82,9 @@ describe("PermissionResolver", () => {
       const { resolver } = makeResolver(pm, sessionRules);
 
       // Record an approval directly into the shared SessionRules instance.
-      sessionRules.record(SessionApproval.single("bash", "git *"));
+      sessionRules.recordSessionApproval(
+        SessionApproval.single("bash", "git *"),
+      );
       resolver.resolve("bash", { command: "git status" });
 
       const passedRules = vi.mocked(pm.checkPermission).mock.calls[0][3];

package/test/permission-session.test.ts

@@ -17,20 +17,19 @@ vi.mock("../src/active-agent", () => ({
 
 // ── Test helpers ───────────────────────────────────────────────────────────
 
-import type { SessionConfigStore } from "#src/config-store";
-import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
-import type { ExtensionPaths } from "#src/extension-paths";
-import type { ForwardingController } from "#src/forwarding-manager";
-import type { ScopedPermissionManager } from "#src/permission-manager";
-import { PermissionSession } from "#src/permission-session";
-import type { PromptingGatewayLifecycle } from "#src/prompting-gateway";
-import type { Ruleset } from "#src/rule";
+import type { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
 import { SessionApproval } from "#src/session-approval";
-import type { SessionLogger } from "#src/session-logger";
-import { SessionRules } from "#src/session-rules";
 import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
-import type { PermissionCheckResult, PermissionState } from "#src/types";
 import { makeCtx } from "#test/helpers/handler-fixtures";
+import {
+  makeConfigStore,
+  makeFakePermissionManager,
+  makeRealSession,
+} from "#test/helpers/session-fixtures";
+
+// Alias so the existing tests read naturally.
+const createSession = makeRealSession;
+const makePermissionManager = makeFakePermissionManager;
 
 function makeSkillEntry(
   name: string,
@@ -47,125 +46,6 @@ function makeSkillEntry(
   };
 }
 
-function makePaths(overrides: Partial<ExtensionPaths> = {}): ExtensionPaths {
-  return {
-    agentDir: "/test/agent",
-    sessionsDir: "/test/agent/sessions",
-    subagentSessionsDir: "/test/agent/subagent-sessions",
-    forwardingDir: "/test/agent/sessions/permission-forwarding",
-    globalLogsDir: "/test/agent/logs",
-    piInfrastructureDirs: ["/test/agent", "/test/agent/git"],
-    ...overrides,
-  };
-}
-
-function makeLogger(): SessionLogger {
-  return {
-    debug: vi.fn(),
-    review: vi.fn(),
-    warn: vi.fn(),
-  };
-}
-
-function makeConfigStore(
-  overrides: Partial<SessionConfigStore> = {},
-): SessionConfigStore {
-  return {
-    current:
-      overrides.current ??
-      vi
-        .fn<() => typeof DEFAULT_EXTENSION_CONFIG>()
-        .mockReturnValue({ ...DEFAULT_EXTENSION_CONFIG }),
-    refresh: overrides.refresh ?? vi.fn<(ctx?: ExtensionContext) => void>(),
-    logResolvedPaths: overrides.logResolvedPaths ?? vi.fn<() => void>(),
-  };
-}
-
-function makeGateway(): PromptingGatewayLifecycle {
-  return {
-    activate: vi.fn<PromptingGatewayLifecycle["activate"]>(),
-    deactivate: vi.fn<PromptingGatewayLifecycle["deactivate"]>(),
-  };
-}
-
-function makeForwarding(): ForwardingController {
-  return {
-    start: vi.fn(),
-    stop: vi.fn(),
-  };
-}
-
-function makePermissionManager() {
-  return {
-    configureForCwd: vi.fn<(cwd: string | undefined | null) => void>(),
-    checkPermission: vi
-      .fn<
-        (
-          toolName: string,
-          input: unknown,
-          agentName?: string,
-          sessionRules?: Ruleset,
-        ) => PermissionCheckResult
-      >()
-      .mockReturnValue({
-        state: "allow",
-        toolName: "read",
-        source: "tool",
-        origin: "builtin",
-      }),
-    getToolPermission: vi
-      .fn<(toolName: string, agentName?: string) => PermissionState>()
-      .mockReturnValue("allow"),
-    getConfigIssues: vi.fn((): string[] => []),
-    getPolicyCacheStamp: vi.fn((): string => "stamp-1"),
-  };
-}
-
-function createSession(overrides?: {
-  paths?: Partial<ExtensionPaths>;
-  logger?: SessionLogger;
-  forwarding?: ForwardingController;
-  permissionManager?: ScopedPermissionManager;
-  sessionRules?: SessionRules;
-  configStore?: SessionConfigStore;
-  gateway?: PromptingGatewayLifecycle;
-}): {
-  session: PermissionSession;
-  paths: ExtensionPaths;
-  logger: SessionLogger;
-  forwarding: ForwardingController;
-  sessionRules: SessionRules;
-  configStore: SessionConfigStore;
-  gateway: PromptingGatewayLifecycle;
-} {
-  const paths = makePaths(overrides?.paths);
-  const logger = overrides?.logger ?? makeLogger();
-  const forwarding = overrides?.forwarding ?? makeForwarding();
-  const permissionManager =
-    overrides?.permissionManager ?? makePermissionManager();
-  const sessionRules = overrides?.sessionRules ?? new SessionRules();
-  const configStore = overrides?.configStore ?? makeConfigStore();
-  const gateway = overrides?.gateway ?? makeGateway();
-  const session = new PermissionSession(
-    paths,
-    logger,
-    forwarding,
-    permissionManager,
-    sessionRules,
-    configStore,
-    gateway,
-  );
-  return {
-    session,
-    paths,
-    logger,
-    forwarding,
-    sessionRules,
-    configStore,
-    gateway,
-  };
-}
-
 // ── Tests ──────────────────────────────────────────────────────────────────
 
 beforeEach(() => {
@@ -176,70 +56,6 @@ beforeEach(() => {
 });
 
 describe("PermissionSession", () => {
-  describe("constructor and delegation", () => {
-    it("delegates checkPermission to internal PermissionManager", () => {
-      const pm = makePermissionManager();
-      const { session } = createSession({ permissionManager: pm });
-
-      const result = session.checkPermission("bash", { command: "ls" });
-
-      expect(pm.checkPermission).toHaveBeenCalledWith(
-        "bash",
-        { command: "ls" },
-        undefined,
-        undefined,
-      );
-      expect(result.state).toBe("allow");
-    });
-
-    it("delegates getToolPermission to internal PermissionManager", () => {
-      const pm = makePermissionManager();
-      const { session } = createSession({ permissionManager: pm });
-
-      const result = session.getToolPermission("read");
-
-      expect(pm.getToolPermission).toHaveBeenCalledWith("read", undefined);
-      expect(result).toBe("allow");
-    });
-
-    it("delegates getConfigIssues to internal PermissionManager", () => {
-      const pm = makePermissionManager();
-      vi.mocked(pm.getConfigIssues).mockReturnValue(["issue1"]);
-      const { session } = createSession({ permissionManager: pm });
-
-      expect(session.getConfigIssues("agent1")).toEqual(["issue1"]);
-      expect(pm.getConfigIssues).toHaveBeenCalledWith("agent1");
-    });
-
-    it("delegates getPolicyCacheStamp to internal PermissionManager", () => {
-      const pm = makePermissionManager();
-      const { session } = createSession({ permissionManager: pm });
-
-      expect(session.getPolicyCacheStamp("agent1")).toBe("stamp-1");
-      expect(pm.getPolicyCacheStamp).toHaveBeenCalledWith("agent1");
-    });
-
-    it("delegates getSessionRuleset to internal SessionRules", () => {
-      const { session } = createSession();
-      const rules = session.getSessionRuleset();
-      expect(rules).toEqual([]);
-    });
-
-    it("delegates recordSessionApproval to internal SessionRules", () => {
-      const { session } = createSession();
-      session.recordSessionApproval(
-        SessionApproval.single("bash", "/usr/bin/*"),
-      );
-      const rules = session.getSessionRuleset();
-      expect(rules).toHaveLength(1);
-      expect(rules[0]).toMatchObject({
-        surface: "bash",
-        pattern: "/usr/bin/*",
-        action: "allow",
-      });
-    });
-  });
-
   describe("activate and deactivate", () => {
     it("stores the context on activate", () => {
       const { session, forwarding } = createSession();
@@ -335,13 +151,13 @@ describe("PermissionSession", () => {
 
   describe("shutdown", () => {
     it("clears session rules", () => {
-      const { session } = createSession();
-      session.recordSessionApproval(SessionApproval.single("bash", "*"));
-      expect(session.getSessionRuleset()).toHaveLength(1);
+      const { session, sessionRules } = createSession();
+      sessionRules.recordSessionApproval(SessionApproval.single("bash", "*"));
+      expect(sessionRules.getRuleset()).toHaveLength(1);
 
       session.shutdown();
 
-      expect(session.getSessionRuleset()).toEqual([]);
+      expect(sessionRules.getRuleset()).toEqual([]);
     });
 
     it("clears cache keys", () => {

package/test/session-rules.test.ts

@@ -2,6 +2,7 @@ import { describe, expect, it } from "vitest";
 
 import { evaluate } from "#src/rule";
 import { SessionApproval } from "#src/session-approval";
+import type { SessionApprovalRecorder } from "#src/session-approval-recorder";
 import { deriveApprovalPattern, SessionRules } from "#src/session-rules";
 
 // ── SessionRules ───────────────────────────────────────────────────────────
@@ -67,10 +68,15 @@ describe("SessionRules", () => {
     });
   });
 
-  describe("record", () => {
+  describe("recordSessionApproval", () => {
+    it("satisfies the SessionApprovalRecorder interface", () => {
+      const rules: SessionApprovalRecorder = new SessionRules();
+      expect(typeof rules.recordSessionApproval).toBe("function");
+    });
+
     it("records a single-pattern approval as one rule", () => {
       const rules = new SessionRules();
-      rules.record(SessionApproval.single("bash", "git *"));
+      rules.recordSessionApproval(SessionApproval.single("bash", "git *"));
       expect(rules.getRuleset()).toEqual([
         {
           surface: "bash",
@@ -84,7 +90,7 @@ describe("SessionRules", () => {
 
     it("records a multi-pattern approval as one rule per pattern", () => {
       const rules = new SessionRules();
-      rules.record(
+      rules.recordSessionApproval(
         SessionApproval.multiple("external_directory", [
           "/outside/a/*",
           "/outside/b/*",
@@ -97,7 +103,7 @@ describe("SessionRules", () => {
 
     it("records each rule with the correct surface", () => {
       const rules = new SessionRules();
-      rules.record(
+      rules.recordSessionApproval(
         SessionApproval.multiple("external_directory", [
           "/outside/a/*",
           "/outside/b/*",
@@ -110,7 +116,9 @@ describe("SessionRules", () => {
 
     it("records nothing for an empty patterns list", () => {
       const rules = new SessionRules();
-      rules.record(SessionApproval.multiple("external_directory", []));
+      rules.recordSessionApproval(
+        SessionApproval.multiple("external_directory", []),
+      );
       expect(rules.getRuleset()).toEqual([]);
     });
   });

package/test/skill-prompt-sanitizer.test.ts

@@ -1,10 +1,13 @@
+import { resolve } from "node:path";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import type { PermissionManager } from "#src/permission-manager";
 import {
   findSkillPathMatch,
+  parseAllSkillPromptSections,
   resolveSkillPromptEntries,
 } from "#src/skill-prompt-sanitizer";
 import type { PermissionCheckResult } from "#src/types";
+import { createManager } from "#test/helpers/manager-harness";
 
 afterEach(() => {
   vi.restoreAllMocks();
@@ -242,3 +245,130 @@ describe("findSkillPathMatch", () => {
     expect(match?.name).toBe("child");
   });
 });
+
+// ---------------------------------------------------------------------------
+// Moved from permission-system.test.ts catch-all (#342)
+// ---------------------------------------------------------------------------
+
+test("parseAllSkillPromptSections finds every available_skills block", () => {
+  const prompt = [
+    "Some preamble",
+    "<available_skills>",
+    "  <skill>",
+    "    <name>skill-one</name>",
+    "    <description>First skill</description>",
+    "    <location>/path/to/one</location>",
+    "  </skill>",
+    "</available_skills>",
+    "Some content between",
+    "<available_skills>",
+    "  <skill>",
+    "    <name>skill-two</name>",
+    "    <description>Second skill</description>",
+    "    <location>/path/to/two</location>",
+    "  </skill>",
+    "</available_skills>",
+    "Footer",
+  ].join("\n");
+
+  const sections = parseAllSkillPromptSections(prompt);
+
+  expect(sections.length).toBe(2);
+  expect(sections[0].entries[0]?.name).toBe("skill-one");
+  expect(sections[1].entries[0]?.name).toBe("skill-two");
+});
+
+test("REGRESSION: resolveSkillPromptEntries sanitizes every available_skills block", () => {
+  const { manager, cleanup } = createManager({
+    permission: {
+      "*": "ask",
+      skill: { "denied-skill": "deny" },
+    },
+  });
+
+  try {
+    const prompt = [
+      "System prompt start",
+      "<available_skills>",
+      "  <skill>",
+      "    <name>visible-skill</name>",
+      "    <description>Allowed skill</description>",
+      "    <location>/skills/visible/index.ts</location>",
+      "  </skill>",
+      "  <skill>",
+      "    <name>denied-skill</name>",
+      "    <description>Denied in first block</description>",
+      "    <location>/skills/blocked/one.ts</location>",
+      "  </skill>",
+      "</available_skills>",
+      "Agent identity section",
+      "<available_skills>",
+      "  <skill>",
+      "    <name>denied-skill</name>",
+      "    <description>Denied in second block</description>",
+      "    <location>/skills/blocked/two.ts</location>",
+      "  </skill>",
+      "</available_skills>",
+      "System prompt end",
+    ].join("\n");
+
+    const result = resolveSkillPromptEntries(prompt, manager, null, "/cwd");
+
+    expect(result.prompt).not.toContain("denied-skill");
+    expect(result.prompt).toContain("visible-skill");
+    expect((result.prompt.match(/<available_skills>/g) ?? []).length).toBe(1);
+    expect(result.entries.map((entry) => entry.name)).toEqual([
+      "visible-skill",
+    ]);
+  } finally {
+    cleanup();
+  }
+});
+
+test("REGRESSION: resolveSkillPromptEntries keeps only visible skills available for path matching", () => {
+  const { manager, cleanup } = createManager({
+    permission: {
+      "*": "ask",
+      skill: { "blocked-skill": "deny" },
+    },
+  });
+
+  try {
+    const prompt = [
+      "System prompt start",
+      "<available_skills>",
+      "  <skill>",
+      "    <name>blocked-skill</name>",
+      "    <description>Blocked skill</description>",
+      "    <location>@./skills/blocked/entry.ts</location>",
+      "  </skill>",
+      "</available_skills>",
+      "Middle section",
+      "<available_skills>",
+      "  <skill>",
+      "    <name>visible-skill</name>",
+      "    <description>Visible skill</description>",
+      "    <location>@./skills/visible/entry.ts</location>",
+      "  </skill>",
+      "</available_skills>",
+      "System prompt end",
+    ].join("\n");
+
+    const result = resolveSkillPromptEntries(prompt, manager, null, "/cwd");
+    const visiblePath = resolve("/cwd", "./skills/visible/file.ts");
+    const blockedPath = resolve("/cwd", "./skills/blocked/file.ts");
+    const matchedVisibleSkill = findSkillPathMatch(
+      process.platform === "win32" ? visiblePath.toLowerCase() : visiblePath,
+      result.entries,
+    );
+    const matchedBlockedSkill = findSkillPathMatch(
+      process.platform === "win32" ? blockedPath.toLowerCase() : blockedPath,
+      result.entries,
+    );
+
+    expect(matchedVisibleSkill?.name).toBe("visible-skill");
+    expect(matchedBlockedSkill).toBe(null);
+  } finally {
+    cleanup();
+  }
+});

package/test/status.test.ts

@@ -0,0 +1,10 @@
+import { expect, test } from "vitest";
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
+import { getPermissionSystemStatus } from "#src/status";
+
+test("Permission-system status is only exposed when yolo mode is enabled", () => {
+  expect(getPermissionSystemStatus(DEFAULT_EXTENSION_CONFIG)).toBe(undefined);
+  expect(
+    getPermissionSystemStatus({ ...DEFAULT_EXTENSION_CONFIG, yoloMode: true }),
+  ).toBe("yolo");
+});

package/test/system-prompt-sanitizer.test.ts

@@ -225,3 +225,71 @@ describe("sanitizeAvailableToolsSection — findSection boundary edge cases", ()
     expect(result.prompt).not.toContain("Available tools:");
   });
 });
+
+// ---------------------------------------------------------------------------
+// Moved from permission-system.test.ts catch-all (#342)
+// ---------------------------------------------------------------------------
+
+test("System prompt sanitizer removes the Available tools section and surrounding boilerplate", () => {
+  const prompt = [
+    "Available tools:",
+    "- read: Read file contents",
+    "- mcp: Discover, inspect, and call MCP tools across configured servers",
+    "",
+    "In addition to the tools above, you may have access to other custom tools depending on the project.",
+    "",
+    "Guidelines:",
+    "- Use mcp for MCP discovery first: search by capability, describe one exact tool name, then call it.",
+    "- Be concise in your responses",
+  ].join("\n");
+
+  const result = sanitizeAvailableToolsSection(prompt, ["read", "mcp"]);
+
+  expect(result.removed).toBe(true);
+  expect(result.prompt).not.toContain("Available tools:");
+  expect(result.prompt).not.toContain("In addition to the tools above");
+  expect(result.prompt).toMatch(/Guidelines:/);
+  expect(result.prompt).toMatch(/Use mcp for MCP discovery first/i);
+});
+
+test("System prompt sanitizer removes denied tool guidelines while keeping global guidance", () => {
+  const prompt = [
+    "Guidelines:",
+    "- Use task when work SHOULD be delegated to one or more specialized agents instead of handled entirely in the current session.",
+    "- Use mcp for MCP discovery first: search by capability, describe one exact tool name, then call it.",
+    "- Prefer grep/find/ls tools over bash for file exploration (faster, respects .gitignore)",
+    "- Be concise in your responses",
+    "- Show file paths clearly when working with files",
+  ].join("\n");
+
+  const result = sanitizeAvailableToolsSection(prompt, ["bash", "grep", "mcp"]);
+
+  expect(result.removed).toBe(true);
+  expect(result.prompt).not.toContain("Use task when work SHOULD");
+  expect(result.prompt).toMatch(/Use mcp for MCP discovery first/i);
+  expect(result.prompt).toMatch(/Prefer grep\/find\/ls tools over bash/i);
+  expect(result.prompt).toMatch(/Be concise in your responses/);
+  expect(result.prompt).toMatch(
+    /Show file paths clearly when working with files/,
+  );
+});
+
+test("System prompt sanitizer removes inactive built-in write guidance", () => {
+  const prompt = [
+    "Guidelines:",
+    "- Use write only for new files or complete rewrites",
+    "- When summarizing your actions, output plain text directly - do NOT use cat or bash to display what you did",
+    "- Be concise in your responses",
+  ].join("\n");
+
+  const result = sanitizeAvailableToolsSection(prompt, ["read"]);
+
+  expect(result.removed).toBe(true);
+  expect(result.prompt).not.toContain(
+    "Use write only for new files or complete rewrites",
+  );
+  expect(result.prompt).not.toContain(
+    "do NOT use cat or bash to display what you did",
+  );
+  expect(result.prompt).toMatch(/Be concise in your responses/);
+});

package/test/tool-registry.test.ts

@@ -153,3 +153,45 @@ describe("checkRequestedToolRegistration", () => {
     expect(result.status).toBe("registered");
   });
 });
+
+// ---------------------------------------------------------------------------
+// Moved from permission-system.test.ts catch-all (#342)
+// ---------------------------------------------------------------------------
+
+test("Tool registry resolves event tool names from string and object payloads", () => {
+  expect(getToolNameFromValue("  read  ")).toBe("read");
+  expect(getToolNameFromValue({ toolName: "write" })).toBe("write");
+  expect(getToolNameFromValue({ name: "find" })).toBe("find");
+  expect(getToolNameFromValue({ tool: "grep" })).toBe("grep");
+  expect(getToolNameFromValue({})).toBe(null);
+});
+
+test("Tool registry blocks unregistered tools and handles aliases", () => {
+  const registeredTools = [
+    { toolName: "mcp" },
+    { toolName: "read" },
+    { toolName: "bash" },
+  ];
+
+  const unknownCheck = checkRequestedToolRegistration(
+    "third_party_tool",
+    registeredTools,
+  );
+  expect(unknownCheck.status).toBe("unregistered");
+  if (unknownCheck.status === "unregistered") {
+    expect(unknownCheck.availableToolNames).toEqual(["bash", "mcp", "read"]);
+  }
+
+  const aliasCheck = checkRequestedToolRegistration(
+    "legacy_read",
+    registeredTools,
+    { legacy_read: "read" },
+  );
+  expect(aliasCheck.status).toBe("registered");
+
+  const missingNameCheck = checkRequestedToolRegistration(
+    "   ",
+    registeredTools,
+  );
+  expect(missingNameCheck.status).toBe("missing-tool-name");
+});

package/test/yolo-mode.test.ts

@@ -1,5 +1,7 @@
 import { afterEach, describe, expect, test, vi } from "vitest";
 import type { PermissionSystemExtensionConfig } from "#src/extension-config";
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
+import { resolvePermissionForwardingTargetSessionId } from "#src/permission-forwarding";
 import {
   canResolveAskPermissionRequest,
   shouldAutoApprovePermissionState,
@@ -108,3 +110,79 @@ describe("canResolveAskPermissionRequest", () => {
     ).toBe(true);
   });
 });
+
+// ---------------------------------------------------------------------------
+// Moved from permission-system.test.ts catch-all (#342)
+// ---------------------------------------------------------------------------
+
+test("Yolo mode only auto-approves ask-state permissions", () => {
+  expect(
+    shouldAutoApprovePermissionState("ask", DEFAULT_EXTENSION_CONFIG),
+  ).toBe(false);
+  expect(
+    shouldAutoApprovePermissionState("ask", {
+      ...DEFAULT_EXTENSION_CONFIG,
+      yoloMode: true,
+    }),
+  ).toBe(true);
+  expect(
+    shouldAutoApprovePermissionState("deny", {
+      ...DEFAULT_EXTENSION_CONFIG,
+      yoloMode: true,
+    }),
+  ).toBe(false);
+  expect(
+    shouldAutoApprovePermissionState("allow", {
+      ...DEFAULT_EXTENSION_CONFIG,
+      yoloMode: true,
+    }),
+  ).toBe(false);
+});
+
+test("Yolo mode resolves ask permissions without UI or delegation forwarding", () => {
+  expect(
+    canResolveAskPermissionRequest({
+      config: DEFAULT_EXTENSION_CONFIG,
+      hasUI: false,
+      isSubagent: false,
+    }),
+  ).toBe(false);
+  expect(
+    canResolveAskPermissionRequest({
+      config: { ...DEFAULT_EXTENSION_CONFIG, yoloMode: true },
+      hasUI: false,
+      isSubagent: false,
+    }),
+  ).toBe(true);
+  expect(
+    canResolveAskPermissionRequest({
+      config: DEFAULT_EXTENSION_CONFIG,
+      hasUI: false,
+      isSubagent: true,
+    }),
+  ).toBe(true);
+});
+
+test("Yolo mode bypasses delegated ask routing when no parent forwarding target is available", () => {
+  const targetSessionId = resolvePermissionForwardingTargetSessionId({
+    hasUI: false,
+    isSubagent: true,
+    currentSessionId: "child-session",
+    env: {},
+  });
+
+  expect(targetSessionId).toBe(null);
+  expect(
+    canResolveAskPermissionRequest({
+      config: { ...DEFAULT_EXTENSION_CONFIG, yoloMode: true },
+      hasUI: false,
+      isSubagent: true,
+    }),
+  ).toBe(true);
+  expect(
+    shouldAutoApprovePermissionState("ask", {
+      ...DEFAULT_EXTENSION_CONFIG,
+      yoloMode: true,
+    }),
+  ).toBe(true);
+});