@gotgenes/pi-permission-system 10.5.1 → 10.5.3

package/CHANGELOG.md

@@ -5,6 +5,27 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [10.5.3](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.5.2...pi-permission-system-v10.5.3) (2026-06-08)
+
+
+### Bug Fixes
+
+* merge tool preview length fields across config layers ([803fbb4](https://github.com/gotgenes/pi-packages/commit/803fbb4a118d4c26dc7b23fcec3f88d23aec0065))
+* parse tool preview length fields in unified config loader ([3241956](https://github.com/gotgenes/pi-packages/commit/3241956b5656bc44788061c4a0a4ee334cb3ace5))
+
+## [10.5.2](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.5.1...pi-permission-system-v10.5.2) (2026-06-08)
+
+
+### Bug Fixes
+
+* **pi-permission-system:** expand $HOME in normalizePathForComparison ([#350](https://github.com/gotgenes/pi-packages/issues/350)) ([1b92ed3](https://github.com/gotgenes/pi-packages/commit/1b92ed3d2364174d3287171c58ce8452239b3e8d))
+* **pi-permission-system:** home-expand path values before matching ([#350](https://github.com/gotgenes/pi-packages/issues/350)) ([48a7b37](https://github.com/gotgenes/pi-packages/commit/48a7b3783857b449442d30edefe04f8255e5f4f8))
+
+
+### Documentation
+
+* **pi-permission-system:** note path values are home-expanded for matching ([#350](https://github.com/gotgenes/pi-packages/issues/350)) ([e9c264d](https://github.com/gotgenes/pi-packages/commit/e9c264de85d327a0bfbcd84401a259cb509a5dfa))
+
 ## [10.5.1](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v10.5.0...pi-permission-system-v10.5.1) (2026-06-07)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gotgenes/pi-permission-system",
-  "version": "10.5.1",
+  "version": "10.5.3",
   "description": "Permission enforcement extension for the Pi coding agent.",
   "type": "module",
   "exports": {

package/src/common.ts

@@ -17,6 +17,13 @@ export function getNonEmptyString(value: unknown): string | null {
   return trimmed.length > 0 ? trimmed : null;
 }
 
+/** Returns `raw` if it is a positive integer; otherwise `undefined`. */
+export function normalizeOptionalPositiveInt(raw: unknown): number | undefined {
+  return typeof raw === "number" && Number.isInteger(raw) && raw > 0
+    ? raw
+    : undefined;
+}
+
 export function isPermissionState(value: unknown): value is PermissionState {
   return value === "allow" || value === "deny" || value === "ask";
 }

package/src/config-loader.ts

@@ -1,7 +1,11 @@
 import { existsSync, readFileSync } from "node:fs";
 import { normalize } from "node:path";
 
-import { isPermissionState, toRecord } from "./common";
+import {
+  isPermissionState,
+  normalizeOptionalPositiveInt,
+  toRecord,
+} from "./common";
 import {
   getGlobalConfigPath,
   getLegacyExtensionConfigPath,
@@ -21,6 +25,8 @@ export interface UnifiedPermissionConfig {
   debugLog?: boolean;
   permissionReviewLog?: boolean;
   yoloMode?: boolean;
+  toolInputPreviewMaxLength?: number;
+  toolTextSummaryMaxLength?: number;
 
   // Flat permission policy
   permission?: FlatPermissionConfig;
@@ -183,6 +189,18 @@ export function normalizeUnifiedConfig(raw: unknown): {
   const yoloMode = normalizeOptionalBoolean(record.yoloMode);
   if (yoloMode !== undefined) config.yoloMode = yoloMode;
 
+  const toolInputPreviewMaxLength = normalizeOptionalPositiveInt(
+    record.toolInputPreviewMaxLength,
+  );
+  if (toolInputPreviewMaxLength !== undefined)
+    config.toolInputPreviewMaxLength = toolInputPreviewMaxLength;
+
+  const toolTextSummaryMaxLength = normalizeOptionalPositiveInt(
+    record.toolTextSummaryMaxLength,
+  );
+  if (toolTextSummaryMaxLength !== undefined)
+    config.toolTextSummaryMaxLength = toolTextSummaryMaxLength;
+
   // Flat permission policy
   const permission = normalizeFlatPermissionValue(record.permission);
   if (permission !== undefined) config.permission = permission;
@@ -202,7 +220,7 @@ export function mergeUnifiedConfigs(
 ): UnifiedPermissionConfig {
   const merged: UnifiedPermissionConfig = {};
 
-  // Scalars: override replaces base when defined
+  // Boolean scalars: override replaces base when defined
   for (const key of ["debugLog", "permissionReviewLog", "yoloMode"] as const) {
     const value = override[key] ?? base[key];
     if (value !== undefined) {
@@ -210,6 +228,17 @@ export function mergeUnifiedConfigs(
     }
   }
 
+  // Number scalars: override replaces base when defined
+  for (const key of [
+    "toolInputPreviewMaxLength",
+    "toolTextSummaryMaxLength",
+  ] as const) {
+    const value = override[key] ?? base[key];
+    if (value !== undefined) {
+      merged[key] = value;
+    }
+  }
+
   // Permission: deep-shallow merge
   const basePerm = base.permission;
   const overridePerm = override.permission;

package/src/extension-config.ts

@@ -2,7 +2,7 @@ import { mkdirSync } from "node:fs";
 import { dirname, join } from "node:path";
 import { fileURLToPath } from "node:url";
 
-import { toRecord } from "./common";
+import { normalizeOptionalPositiveInt, toRecord } from "./common";
 
 export const EXTENSION_ID = "pi-permission-system";
 
@@ -46,13 +46,6 @@ export function detectMisplacedPermissionKeys(
   return Object.keys(raw).filter((key) => PERMISSION_POLICY_KEYS.has(key));
 }
 
-/** Returns `raw` if it is a positive integer; otherwise `undefined`. */
-export function normalizeOptionalPositiveInt(raw: unknown): number | undefined {
-  return typeof raw === "number" && Number.isInteger(raw) && raw > 0
-    ? raw
-    : undefined;
-}
-
 export function normalizePermissionSystemConfig(
   raw: unknown,
 ): PermissionSystemExtensionConfig {

package/src/input-normalizer.ts

@@ -1,6 +1,7 @@
-import { toRecord } from "./common";
+import { getNonEmptyString, toRecord } from "./common";
+import { expandHomePath } from "./expand-home";
 import { createMcpPermissionTargets } from "./mcp-targets";
-import { getPathBearingToolPath, PATH_BEARING_TOOLS } from "./path-utils";
+import { PATH_BEARING_TOOLS } from "./path-utils";
 
 /**
  * Construct a surface-appropriate input object from a raw value string.
@@ -66,13 +67,11 @@ export function normalizeInput(
   input: unknown,
   configuredMcpServerNames: readonly string[],
 ): NormalizedInput {
-  // --- Special surfaces (external_directory) ---
+  // --- Special surfaces (path, external_directory) ---
   if (SPECIAL_PERMISSION_KEYS.has(toolName)) {
-    const record = toRecord(input);
-    const pathValue = typeof record.path === "string" ? record.path : null;
     return {
       surface: toolName,
-      values: [pathValue ?? "*"],
+      values: [normalizePathSurfaceValue(input)],
       resultExtras: {},
     };
   }
@@ -116,10 +115,9 @@ export function normalizeInput(
 
   // --- Path-bearing tools (read, write, edit, grep, find, ls) ---
   if (PATH_BEARING_TOOLS.has(toolName)) {
-    const path = getPathBearingToolPath(toolName, input);
     return {
       surface: toolName,
-      values: [path ?? "*"],
+      values: [normalizePathSurfaceValue(input)],
       resultExtras: {},
     };
   }
@@ -131,3 +129,17 @@ export function normalizeInput(
     resultExtras: {},
   };
 }
+
+/**
+ * Extract and home-expand the `input.path` lookup value shared by every path
+ * surface (`path`, `external_directory`, and the path-bearing tools).
+ *
+ * Missing, empty, or whitespace-only paths collapse to the surface catch-all
+ * `"*"`; otherwise `~/…` and `$HOME/…` prefixes are expanded to the OS home
+ * directory so values match home-anchored patterns symmetrically with how
+ * `compileWildcardPattern` expands the patterns themselves (#350).
+ */
+function normalizePathSurfaceValue(input: unknown): string {
+  const path = getNonEmptyString(toRecord(input).path);
+  return path === null ? "*" : expandHomePath(path);
+}

package/src/path-utils.ts

@@ -1,4 +1,3 @@
-import { homedir } from "node:os";
 import { join, normalize, resolve, sep } from "node:path";
 
 import { getNonEmptyString, toRecord } from "./common";
@@ -15,15 +14,7 @@ export function normalizePathForComparison(
   }
 
   let normalizedPath = trimmed.startsWith("@") ? trimmed.slice(1) : trimmed;
-
-  if (normalizedPath === "~") {
-    normalizedPath = homedir();
-  } else if (
-    normalizedPath.startsWith("~/") ||
-    normalizedPath.startsWith("~\\")
-  ) {
-    normalizedPath = join(homedir(), normalizedPath.slice(2));
-  }
+  normalizedPath = expandHomePath(normalizedPath);
 
   const absolutePath = resolve(cwd, normalizedPath);
   const normalizedAbsolutePath = normalize(absolutePath);

package/test/before-agent-start-cache.test.ts

@@ -0,0 +1,89 @@
+import { writeFileSync } from "node:fs";
+import { expect, test } from "vitest";
+import {
+  createActiveToolsCacheKey,
+  createBeforeAgentStartPromptStateKey,
+  shouldApplyCachedAgentStartState,
+} from "#src/before-agent-start-cache";
+import { createManager } from "#test/helpers/manager-harness";
+
+test("Before-agent-start cache dedupes unchanged active-tool exposure and prompt state", () => {
+  const allowedTools = ["read", "mcp"];
+  const activeToolsKey = createActiveToolsCacheKey(allowedTools);
+  const promptStateKey = createBeforeAgentStartPromptStateKey({
+    agentName: "code",
+    cwd: "C:/workspace/project",
+    permissionStamp: "permissions-v1",
+    systemPrompt: "Available tools:\n- read\n- mcp",
+    allowedToolNames: allowedTools,
+  });
+
+  expect(shouldApplyCachedAgentStartState(null, activeToolsKey)).toBe(true);
+  expect(shouldApplyCachedAgentStartState(activeToolsKey, activeToolsKey)).toBe(
+    false,
+  );
+  expect(shouldApplyCachedAgentStartState(null, promptStateKey)).toBe(true);
+  expect(shouldApplyCachedAgentStartState(promptStateKey, promptStateKey)).toBe(
+    false,
+  );
+});
+
+test("Before-agent-start prompt cache invalidates on permission changes while runtime enforcement stays authoritative", () => {
+  const { manager, globalConfigPath, cleanup } = createManager({
+    permission: { "*": "allow", write: "deny" },
+  });
+
+  try {
+    const baselineStamp = manager.getPolicyCacheStamp();
+    const baselineKey = createBeforeAgentStartPromptStateKey({
+      agentName: null,
+      cwd: "C:/workspace/project",
+      permissionStamp: baselineStamp,
+      systemPrompt: "Available tools:\n- read\n- write",
+      allowedToolNames: ["read"],
+    });
+
+    expect(shouldApplyCachedAgentStartState(baselineKey, baselineKey)).toBe(
+      false,
+    );
+    expect(manager.checkPermission("write", {}, undefined).state).toBe("deny");
+
+    const updatedConfig = `${JSON.stringify(
+      { permission: { "*": "allow", write: "allow" } },
+      null,
+      2,
+    )}\n`;
+
+    let updatedStamp = baselineStamp;
+    for (
+      let attempt = 0;
+      attempt < 10 && updatedStamp === baselineStamp;
+      attempt += 1
+    ) {
+      const waitUntil = Date.now() + 2;
+      while (Date.now() < waitUntil) {
+        // Wait for the filesystem timestamp granularity to advance.
+      }
+
+      writeFileSync(globalConfigPath, updatedConfig, "utf8");
+      updatedStamp = manager.getPolicyCacheStamp();
+    }
+
+    expect(updatedStamp).not.toBe(baselineStamp);
+
+    const invalidatedKey = createBeforeAgentStartPromptStateKey({
+      agentName: null,
+      cwd: "C:/workspace/project",
+      permissionStamp: updatedStamp,
+      systemPrompt: "Available tools:\n- read\n- write",
+      allowedToolNames: ["read", "write"],
+    });
+
+    expect(shouldApplyCachedAgentStartState(baselineKey, invalidatedKey)).toBe(
+      true,
+    );
+    expect(manager.checkPermission("write", {}, undefined).state).toBe("allow");
+  } finally {
+    cleanup();
+  }
+});

package/test/common.test.ts

@@ -1,9 +1,10 @@
-import { afterEach, describe, expect, test, vi } from "vitest";
+import { afterEach, describe, expect, it, test, vi } from "vitest";
 
 import {
   extractFrontmatter,
   getNonEmptyString,
   isPermissionState,
+  normalizeOptionalPositiveInt,
   parseSimpleYamlMap,
   toRecord,
 } from "#src/common";
@@ -187,3 +188,33 @@ describe("parseSimpleYamlMap", () => {
     expect(result["quoted-key"]).toBe("value");
   });
 });
+
+describe("normalizeOptionalPositiveInt", () => {
+  it("returns the value for a valid positive integer", () => {
+    expect(normalizeOptionalPositiveInt(1)).toBe(1);
+    expect(normalizeOptionalPositiveInt(200)).toBe(200);
+    expect(normalizeOptionalPositiveInt(9999)).toBe(9999);
+  });
+
+  it("returns undefined for zero", () => {
+    expect(normalizeOptionalPositiveInt(0)).toBeUndefined();
+  });
+
+  it("returns undefined for negative integers", () => {
+    expect(normalizeOptionalPositiveInt(-1)).toBeUndefined();
+    expect(normalizeOptionalPositiveInt(-100)).toBeUndefined();
+  });
+
+  it("returns undefined for non-integer numbers (floats)", () => {
+    expect(normalizeOptionalPositiveInt(400.5)).toBeUndefined();
+    expect(normalizeOptionalPositiveInt(1.1)).toBeUndefined();
+  });
+
+  it("returns undefined for non-number types", () => {
+    expect(normalizeOptionalPositiveInt("200")).toBeUndefined();
+    expect(normalizeOptionalPositiveInt(true)).toBeUndefined();
+    expect(normalizeOptionalPositiveInt(null)).toBeUndefined();
+    expect(normalizeOptionalPositiveInt(undefined)).toBeUndefined();
+    expect(normalizeOptionalPositiveInt({})).toBeUndefined();
+  });
+});

package/test/config-loader.test.ts

@@ -258,6 +258,72 @@ describe("loadUnifiedConfig", () => {
     const result = loadUnifiedConfig(configPath);
     expect(result.config.permission).toBeUndefined();
   });
+
+  it("parses toolInputPreviewMaxLength when a valid positive integer is present", () => {
+    const configPath = join(tempDir, "config.json");
+    writeFileSync(
+      configPath,
+      JSON.stringify({ toolInputPreviewMaxLength: 1000 }),
+    );
+    const result = loadUnifiedConfig(configPath);
+    expect(result.config.toolInputPreviewMaxLength).toBe(1000);
+  });
+
+  it("parses toolTextSummaryMaxLength when a valid positive integer is present", () => {
+    const configPath = join(tempDir, "config.json");
+    writeFileSync(
+      configPath,
+      JSON.stringify({ toolTextSummaryMaxLength: 120 }),
+    );
+    const result = loadUnifiedConfig(configPath);
+    expect(result.config.toolTextSummaryMaxLength).toBe(120);
+  });
+
+  it("omits toolInputPreviewMaxLength when absent", () => {
+    const configPath = join(tempDir, "config.json");
+    writeFileSync(configPath, JSON.stringify({ debugLog: false }));
+    const result = loadUnifiedConfig(configPath);
+    expect(result.config).not.toHaveProperty("toolInputPreviewMaxLength");
+  });
+
+  it("omits toolTextSummaryMaxLength when absent", () => {
+    const configPath = join(tempDir, "config.json");
+    writeFileSync(configPath, JSON.stringify({ debugLog: false }));
+    const result = loadUnifiedConfig(configPath);
+    expect(result.config).not.toHaveProperty("toolTextSummaryMaxLength");
+  });
+
+  it.each([
+    ["zero", 0],
+    ["negative", -1],
+    ["float", 1.5],
+    ["string", "200"],
+    ["boolean", true],
+  ] as const)("omits toolInputPreviewMaxLength for invalid value: %s", (_label, value) => {
+    const configPath = join(tempDir, "config.json");
+    writeFileSync(
+      configPath,
+      JSON.stringify({ toolInputPreviewMaxLength: value }),
+    );
+    const result = loadUnifiedConfig(configPath);
+    expect(result.config).not.toHaveProperty("toolInputPreviewMaxLength");
+  });
+
+  it.each([
+    ["zero", 0],
+    ["negative", -1],
+    ["float", 1.5],
+    ["string", "80"],
+    ["boolean", false],
+  ] as const)("omits toolTextSummaryMaxLength for invalid value: %s", (_label, value) => {
+    const configPath = join(tempDir, "config.json");
+    writeFileSync(
+      configPath,
+      JSON.stringify({ toolTextSummaryMaxLength: value }),
+    );
+    const result = loadUnifiedConfig(configPath);
+    expect(result.config).not.toHaveProperty("toolTextSummaryMaxLength");
+  });
 });
 
 describe("mergeUnifiedConfigs", () => {
@@ -352,6 +418,48 @@ describe("mergeUnifiedConfigs", () => {
     expect(merged).not.toHaveProperty("permissionReviewLog");
     expect(merged).not.toHaveProperty("permission");
   });
+
+  it("override toolInputPreviewMaxLength replaces base value", () => {
+    const merged = mergeUnifiedConfigs(
+      { toolInputPreviewMaxLength: 200 },
+      { toolInputPreviewMaxLength: 1000 },
+    );
+    expect(merged.toolInputPreviewMaxLength).toBe(1000);
+  });
+
+  it("base toolInputPreviewMaxLength survives when override omits it", () => {
+    const merged = mergeUnifiedConfigs(
+      { toolInputPreviewMaxLength: 500 },
+      { debugLog: true },
+    );
+    expect(merged.toolInputPreviewMaxLength).toBe(500);
+  });
+
+  it("toolInputPreviewMaxLength is absent when both base and override omit it", () => {
+    const merged = mergeUnifiedConfigs({ debugLog: true }, { yoloMode: false });
+    expect(merged).not.toHaveProperty("toolInputPreviewMaxLength");
+  });
+
+  it("override toolTextSummaryMaxLength replaces base value", () => {
+    const merged = mergeUnifiedConfigs(
+      { toolTextSummaryMaxLength: 80 },
+      { toolTextSummaryMaxLength: 200 },
+    );
+    expect(merged.toolTextSummaryMaxLength).toBe(200);
+  });
+
+  it("base toolTextSummaryMaxLength survives when override omits it", () => {
+    const merged = mergeUnifiedConfigs(
+      { toolTextSummaryMaxLength: 120 },
+      { debugLog: false },
+    );
+    expect(merged.toolTextSummaryMaxLength).toBe(120);
+  });
+
+  it("toolTextSummaryMaxLength is absent when both base and override omit it", () => {
+    const merged = mergeUnifiedConfigs({}, { permissionReviewLog: true });
+    expect(merged).not.toHaveProperty("toolTextSummaryMaxLength");
+  });
 });
 
 describe("loadAndMergeConfigs", () => {

package/test/config-store.test.ts

@@ -371,6 +371,20 @@ describe("ConfigStore", () => {
       store.save({ ...DEFAULT_EXTENSION_CONFIG }, ctx);
       expect(mockUnlinkSync).toHaveBeenCalled();
     });
+
+    it("preserves an existing global toolInputPreviewMaxLength on save", () => {
+      const { store } = makeStore();
+      // Simulate a global config.json that already has the preview-length field.
+      mockLoadUnifiedConfig.mockReturnValue({
+        config: { toolInputPreviewMaxLength: 800 },
+      });
+      store.save({ ...DEFAULT_EXTENSION_CONFIG }, makeCommandCtx());
+      expect(mockWriteFileSync).toHaveBeenCalledWith(
+        expect.stringContaining(".tmp"),
+        expect.stringContaining('"toolInputPreviewMaxLength": 800'),
+        "utf-8",
+      );
+    });
   });
 
   // ── logResolvedPaths() ─────────────────────────────────────────────────

package/test/extension-config.test.ts

@@ -2,7 +2,6 @@ import { describe, expect, it } from "vitest";
 
 import {
   detectMisplacedPermissionKeys,
-  normalizeOptionalPositiveInt,
   normalizePermissionSystemConfig,
 } from "#src/extension-config";
 
@@ -75,36 +74,6 @@ describe("detectMisplacedPermissionKeys", () => {
   });
 });
 
-describe("normalizeOptionalPositiveInt", () => {
-  it("returns the value for a valid positive integer", () => {
-    expect(normalizeOptionalPositiveInt(1)).toBe(1);
-    expect(normalizeOptionalPositiveInt(200)).toBe(200);
-    expect(normalizeOptionalPositiveInt(9999)).toBe(9999);
-  });
-
-  it("returns undefined for zero", () => {
-    expect(normalizeOptionalPositiveInt(0)).toBeUndefined();
-  });
-
-  it("returns undefined for negative integers", () => {
-    expect(normalizeOptionalPositiveInt(-1)).toBeUndefined();
-    expect(normalizeOptionalPositiveInt(-100)).toBeUndefined();
-  });
-
-  it("returns undefined for non-integer numbers (floats)", () => {
-    expect(normalizeOptionalPositiveInt(400.5)).toBeUndefined();
-    expect(normalizeOptionalPositiveInt(1.1)).toBeUndefined();
-  });
-
-  it("returns undefined for non-number types", () => {
-    expect(normalizeOptionalPositiveInt("200")).toBeUndefined();
-    expect(normalizeOptionalPositiveInt(true)).toBeUndefined();
-    expect(normalizeOptionalPositiveInt(null)).toBeUndefined();
-    expect(normalizeOptionalPositiveInt(undefined)).toBeUndefined();
-    expect(normalizeOptionalPositiveInt({})).toBeUndefined();
-  });
-});
-
 describe("normalizePermissionSystemConfig", () => {
   it("normalizes a valid config object", () => {
     const result = normalizePermissionSystemConfig({

package/test/handlers/external-directory-session-dedup.test.ts

@@ -300,3 +300,99 @@ describe("external-directory session dedup", () => {
     });
   });
 });
+
+// ---------------------------------------------------------------------------
+// Moved from permission-system.test.ts catch-all (#342)
+// ---------------------------------------------------------------------------
+
+describe("session shutdown clears external-directory approvals", () => {
+  it("re-prompts for the same path after session shutdown", async () => {
+    // Build a fully wired handler inline so we can access session directly.
+    const { session, permissionManager, sessionRules, logger } =
+      makeRealSession();
+    const { resolver } = makeRealResolver(permissionManager, sessionRules);
+
+    // external_directory=ask; session-covered paths return allow/session.
+    vi.mocked(permissionManager.checkPermission).mockImplementation(
+      (surface, input, _agentName, rules): PermissionCheckResult => {
+        if (surface === "external_directory") {
+          const record = (input ?? {}) as Record<string, unknown>;
+          const pathValue =
+            typeof record.path === "string" ? record.path : null;
+          if (pathValue && rules && rules.length > 0) {
+            const match = rules.findLast(
+              (r) =>
+                r.surface === "external_directory" &&
+                wildcardMatch(r.pattern, pathValue),
+            );
+            if (match) {
+              return {
+                state: "allow",
+                toolName: surface,
+                source: "session",
+                origin: "session",
+                matchedPattern: match.pattern,
+              };
+            }
+          }
+          return {
+            state: "ask",
+            toolName: surface,
+            source: "special",
+            origin: "global",
+          };
+        }
+        return {
+          state: "allow",
+          toolName: surface,
+          source: "tool",
+          origin: "builtin",
+        };
+      },
+    );
+
+    const events = makeEvents();
+    const reporter = new GateDecisionReporter(logger, events);
+    const prompter: GatePrompter = {
+      canConfirm: vi.fn().mockReturnValue(true),
+      // Simulate "Yes, for this session" on first call, "Yes" on subsequent.
+      prompt: vi
+        .fn<GatePrompter["prompt"]>()
+        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
+    };
+    const runner = new GateRunner(resolver, sessionRules, prompter, reporter);
+    const handler = new PermissionGateHandler(
+      session,
+      makeToolRegistry({
+        getAll: vi.fn().mockReturnValue([{ name: "read" }]),
+      }),
+      new ToolCallGatePipeline(resolver, session),
+      new SkillInputGatePipeline(resolver),
+      runner,
+    );
+
+    const externalPath = "/tmp/sibling/foo.ts";
+    const ctx = makeCtx();
+    const event = {
+      type: "tool_call",
+      toolCallId: "tc-1",
+      toolName: "read",
+      input: { path: externalPath },
+    };
+
+    // First access: prompt fires and records session approval.
+    await handler.handleToolCall(event, ctx);
+    expect(vi.mocked(prompter.prompt)).toHaveBeenCalledTimes(1);
+
+    // Second access: covered by session approval — no re-prompt.
+    await handler.handleToolCall({ ...event, toolCallId: "tc-2" }, ctx);
+    expect(vi.mocked(prompter.prompt)).toHaveBeenCalledTimes(1);
+
+    // Shutdown clears session approvals.
+    session.shutdown();
+
+    // Third access: session rules cleared — must re-prompt.
+    await handler.handleToolCall({ ...event, toolCallId: "tc-3" }, ctx);
+    expect(vi.mocked(prompter.prompt)).toHaveBeenCalledTimes(2);
+  });
+});