@gotgenes/pi-permission-system 10.5.1 → 10.5.3

package/test/handlers/gates/bash-path.test.ts

@@ -216,3 +216,60 @@ describe("describeBashPathGate", () => {
     expect(desc.decision.value).toBe(".env");
   });
 });
+
+// Home-relative path characterization (#350) ──────────────────────────────
+//
+// The parser extracts ~/... tokens from bash commands; the resolver receives
+// the raw token and normalizeInput handles expansion. These tests verify the
+// gate correctly dispatches ~/... tokens through the deny/ask path.
+
+describe("describeBashPathGate — home-relative paths", () => {
+  it("extracts ~/... token and builds descriptor on deny", async () => {
+    // node:os is mocked: homedir() returns "/mock/home".
+    // cat ~/.ssh/config → token "~/.ssh/config" extracted.
+    const resolver = makePathDispatchResolver(
+      {
+        "~/.ssh/config": makeCheckResult({
+          state: "deny",
+          matchedPattern: "~/.ssh/*",
+        }),
+      },
+      makeCheckResult({ state: "allow" }),
+    );
+    const result = (await describeGate(
+      makeTcc({ input: { command: "cat ~/.ssh/config" } }),
+      resolver,
+    )) as GateDescriptor;
+
+    expect(isGateDescriptor(result)).toBe(true);
+    expect(result.preCheck?.state).toBe("deny");
+    expect(result.denialContext).toMatchObject({
+      kind: "bash_path",
+      command: "cat ~/.ssh/config",
+      pathValue: "~/.ssh/config",
+    });
+  });
+
+  it("extracts $HOME/... token and builds descriptor on deny", async () => {
+    const resolver = makePathDispatchResolver(
+      {
+        "$HOME/.ssh/config": makeCheckResult({
+          state: "deny",
+          matchedPattern: "$HOME/.ssh/*",
+        }),
+      },
+      makeCheckResult({ state: "allow" }),
+    );
+    const result = (await describeGate(
+      makeTcc({ input: { command: "cat $HOME/.ssh/config" } }),
+      resolver,
+    )) as GateDescriptor;
+
+    expect(isGateDescriptor(result)).toBe(true);
+    expect(result.preCheck?.state).toBe("deny");
+    expect(result.denialContext).toMatchObject({
+      kind: "bash_path",
+      pathValue: "$HOME/.ssh/config",
+    });
+  });
+});

package/test/handlers/gates/path.test.ts

@@ -148,3 +148,61 @@ describe("describePathGate", () => {
     );
   });
 });
+
+// Home-relative path characterization (#350) ──────────────────────────────
+//
+// The gate passes the raw path to the resolver; home expansion is handled
+// downstream by normalizeInput. These tests lock in that the gate works
+// correctly when the tool input contains a ~/... or $HOME/... path.
+
+describe("describePathGate — home-relative paths", () => {
+  it("passes raw ~/... path to resolver and builds descriptor on deny", () => {
+    const resolver = makeResolver(
+      makeCheckResult({ state: "deny", matchedPattern: "~/.ssh/*" }),
+    );
+    const result = describePathGate(
+      makeTcc({ input: { path: "~/.ssh/config" } }),
+      resolver,
+    ) as GateDescriptor;
+
+    expect(isGateDescriptor(result)).toBe(true);
+    expect(result.preCheck?.state).toBe("deny");
+    // Raw path preserved in denial context for display.
+    expect(result.denialContext).toMatchObject({
+      kind: "path",
+      toolName: "read",
+      pathValue: "~/.ssh/config",
+    });
+    expect(resolver.resolve).toHaveBeenCalledWith(
+      "path",
+      { path: "~/.ssh/config" },
+      undefined,
+    );
+  });
+
+  it("passes raw $HOME/... path to resolver and builds descriptor on deny", () => {
+    const resolver = makeResolver(
+      makeCheckResult({ state: "deny", matchedPattern: "$HOME/.ssh/*" }),
+    );
+    const result = describePathGate(
+      makeTcc({ input: { path: "$HOME/.ssh/config" } }),
+      resolver,
+    ) as GateDescriptor;
+
+    expect(isGateDescriptor(result)).toBe(true);
+    expect(result.preCheck?.state).toBe("deny");
+    expect(result.denialContext).toMatchObject({
+      kind: "path",
+      pathValue: "$HOME/.ssh/config",
+    });
+  });
+
+  it("returns null when home-relative path resolves to allow", () => {
+    const resolver = makeResolver(makeCheckResult({ state: "allow" }));
+    const result = describePathGate(
+      makeTcc({ input: { path: "~/.ssh/config" } }),
+      resolver,
+    );
+    expect(result).toBeNull();
+  });
+});

package/test/handlers/tool-call.test.ts

@@ -290,3 +290,106 @@ describe("handleToolCall — bash command chain gate", () => {
     expect(result).toEqual({});
   });
 });
+
+// ---------------------------------------------------------------------------
+// Moved from permission-system.test.ts catch-all (#342)
+// ---------------------------------------------------------------------------
+
+describe("handleToolCall — bash external-directory policy states", () => {
+  it("allows bash command with only internal paths when external_directory is denied", async () => {
+    const { handler } = makeHandler({ tools: ["bash"] });
+    const event = makeToolCallEvent("bash", {
+      input: { command: "cat src/index.ts" },
+    });
+    const result = await handler.handleToolCall(event, makeCtx());
+    expect(result).toEqual({});
+  });
+
+  it("blocks bash command with external path when external_directory is ask and no UI", async () => {
+    const { handler } = makeHandler({
+      session: {
+        checkPermission: makeSurfaceCheck({
+          external_directory: { state: "ask", source: "special" },
+        }),
+      },
+      tools: ["bash"],
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(false),
+        prompt: vi.fn().mockResolvedValue({ approved: false, state: "denied" }),
+      },
+    });
+    const event = makeToolCallEvent("bash", {
+      input: { command: "cat /etc/hosts" },
+    });
+    const result = await handler.handleToolCall(
+      event,
+      makeCtx({ hasUI: false }),
+    );
+    expect(result).toMatchObject({ block: true });
+    expect(String((result as { reason?: unknown }).reason)).toMatch(
+      /no interactive UI/i,
+    );
+  });
+
+  it("allows bash command with external path when external_directory is allow", async () => {
+    const { handler } = makeHandler({
+      session: {
+        checkPermission: makeSurfaceCheck({
+          external_directory: { state: "allow", source: "special" },
+        }),
+      },
+      tools: ["bash"],
+    });
+    const event = makeToolCallEvent("bash", {
+      input: { command: "cat /etc/hosts" },
+    });
+    const result = await handler.handleToolCall(event, makeCtx());
+    expect(result).toEqual({});
+  });
+
+  it("applies bash pattern deny after external_directory allow", async () => {
+    const { handler } = makeHandler({
+      session: {
+        checkPermission: makeSurfaceCheck(
+          {
+            external_directory: { state: "allow", source: "special" },
+            bash: { state: "deny", source: "bash" },
+          },
+          { state: "allow" },
+        ),
+      },
+      tools: ["bash"],
+    });
+    const event = makeToolCallEvent("bash", {
+      input: { command: "cat /etc/hosts" },
+    });
+    const result = await handler.handleToolCall(event, makeCtx());
+    expect(result).toMatchObject({ block: true });
+  });
+});
+
+describe("handleToolCall — generic ask prompt content", () => {
+  it("ask prompt includes serialized tool input for informed approval", async () => {
+    const { handler, prompter } = makeHandler({
+      session: {
+        checkPermission: makeSurfaceCheck({
+          weather_lookup: { state: "ask" },
+        }),
+      },
+      tools: ["weather_lookup"],
+      prompter: {
+        canConfirm: vi.fn().mockReturnValue(true),
+        prompt: vi.fn().mockResolvedValue({ approved: false, state: "denied" }),
+      },
+    });
+    const event = makeToolCallEvent("weather_lookup", {
+      input: { city: "Chicago", units: "metric" },
+    });
+    await handler.handleToolCall(event, makeCtx());
+    expect(vi.mocked(prompter.prompt)).toHaveBeenCalledTimes(1);
+    const promptDetails = vi.mocked(prompter.prompt).mock.calls[0][0];
+    expect(promptDetails.message).toMatch(
+      /\{"city":"Chicago","units":"metric"\}/,
+    );
+  });
+});

package/test/helpers/manager-harness.ts

@@ -15,6 +15,11 @@ export type CreateManagerOptions = {
   mcpServerNames?: readonly string[];
 };
 
+export type CreateManagerWithProjectOptions = CreateManagerOptions & {
+  projectConfig?: ScopeConfig;
+  projectAgentFiles?: Record<string, string>;
+};
+
 export function createManager(
   config: ScopeConfig,
   agentFiles: Record<string, string> = {},
@@ -49,3 +54,59 @@ export function createManager(
     },
   };
 }
+
+export function createManagerWithProject(
+  config: ScopeConfig,
+  agentFiles: Record<string, string> = {},
+  options: CreateManagerWithProjectOptions = {},
+) {
+  const baseDir = mkdtempSync(
+    join(tmpdir(), "pi-permission-system-proj-test-"),
+  );
+  const globalConfigPath = join(baseDir, "pi-permissions.jsonc");
+  const agentsDir = join(baseDir, "agents");
+  const projectRoot = join(baseDir, "project");
+  const projectGlobalConfigPath = join(projectRoot, "pi-permissions.jsonc");
+  const projectAgentsDir = join(projectRoot, "agents");
+
+  mkdirSync(agentsDir, { recursive: true });
+  mkdirSync(projectAgentsDir, { recursive: true });
+
+  writeFileSync(
+    globalConfigPath,
+    `${JSON.stringify(config, null, 2)}\n`,
+    "utf8",
+  );
+  if (options.projectConfig) {
+    writeFileSync(
+      projectGlobalConfigPath,
+      `${JSON.stringify(options.projectConfig, null, 2)}\n`,
+      "utf8",
+    );
+  }
+
+  for (const [name, content] of Object.entries(agentFiles)) {
+    writeFileSync(join(agentsDir, `${name}.md`), content, "utf8");
+  }
+
+  for (const [name, content] of Object.entries(
+    options.projectAgentFiles ?? {},
+  )) {
+    writeFileSync(join(projectAgentsDir, `${name}.md`), content, "utf8");
+  }
+
+  const manager = new PermissionManager({
+    globalConfigPath,
+    agentsDir,
+    projectGlobalConfigPath,
+    projectAgentsDir,
+    mcpServerNames: options.mcpServerNames,
+  });
+
+  return {
+    manager,
+    cleanup: (): void => {
+      rmSync(baseDir, { recursive: true, force: true });
+    },
+  };
+}

package/test/input-normalizer.test.ts

@@ -1,7 +1,20 @@
-import { describe, expect, it } from "vitest";
+import { join } from "node:path";
+import { afterEach, describe, expect, it, vi } from "vitest";
+
+const mockHomedir = vi.hoisted(() => vi.fn(() => "/mock/home"));
+
+vi.mock("node:os", () => ({
+  homedir: mockHomedir,
+  default: { homedir: mockHomedir },
+}));
+
 import { normalizeInput } from "#src/input-normalizer";
 import { createMcpPermissionTargets } from "#src/mcp-targets";
 
+afterEach(() => {
+  mockHomedir.mockClear();
+});
+
 describe("normalizeInput — non-MCP surfaces", () => {
   describe("special / path", () => {
     it("uses path from input as the lookup value", () => {
@@ -21,10 +34,40 @@ describe("normalizeInput — non-MCP surfaces", () => {
       expect(result.values).toEqual(["*"]);
     });
 
+    it("falls back to '*' when path is an empty string", () => {
+      const result = normalizeInput("path", { path: "" }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("falls back to '*' when path is whitespace-only", () => {
+      const result = normalizeInput("path", { path: "   " }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
     it("handles null input", () => {
       const result = normalizeInput("path", null, []);
       expect(result.values).toEqual(["*"]);
     });
+
+    it("expands ~/... path value to absolute home path", () => {
+      const result = normalizeInput("path", { path: "~/.ssh/config" }, []);
+      expect(result.values).toEqual([join("/mock/home", ".ssh/config")]);
+    });
+
+    it("expands $HOME/... path value to absolute home path", () => {
+      const result = normalizeInput("path", { path: "$HOME/.ssh/config" }, []);
+      expect(result.values).toEqual([join("/mock/home", ".ssh/config")]);
+    });
+
+    it("does not expand non-home values", () => {
+      const result = normalizeInput("path", { path: ".env" }, []);
+      expect(result.values).toEqual([".env"]);
+    });
+
+    it("does not expand the '*' fallback", () => {
+      const result = normalizeInput("path", {}, []);
+      expect(result.values).toEqual(["*"]);
+    });
   });
 
   describe("special / external_directory", () => {
@@ -49,10 +92,33 @@ describe("normalizeInput — non-MCP surfaces", () => {
       expect(result.values).toEqual(["*"]);
     });
 
+    it("falls back to '*' when path is an empty string", () => {
+      const result = normalizeInput("external_directory", { path: "" }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
     it("handles null input", () => {
       const result = normalizeInput("external_directory", null, []);
       expect(result.values).toEqual(["*"]);
     });
+
+    it("expands ~/... path value to absolute home path", () => {
+      const result = normalizeInput(
+        "external_directory",
+        { path: "~/dev/project" },
+        [],
+      );
+      expect(result.values).toEqual([join("/mock/home", "dev/project")]);
+    });
+
+    it("expands $HOME/... path value to absolute home path", () => {
+      const result = normalizeInput(
+        "external_directory",
+        { path: "$HOME/dev/project" },
+        [],
+      );
+      expect(result.values).toEqual([join("/mock/home", "dev/project")]);
+    });
   });
 
   describe("skill", () => {
@@ -130,6 +196,16 @@ describe("normalizeInput — non-MCP surfaces", () => {
       const result = normalizeInput("edit", null, []);
       expect(result.values).toEqual(["*"]);
     });
+
+    it("expands ~/... path value to absolute home path", () => {
+      const result = normalizeInput("read", { path: "~/.ssh/config" }, []);
+      expect(result.values).toEqual([join("/mock/home", ".ssh/config")]);
+    });
+
+    it("expands $HOME/... path value to absolute home path", () => {
+      const result = normalizeInput("write", { path: "$HOME/.ssh/config" }, []);
+      expect(result.values).toEqual([join("/mock/home", ".ssh/config")]);
+    });
   });
 
   describe("extension tools (non-path-bearing)", () => {

package/test/logging.test.ts

@@ -0,0 +1,51 @@
+import {
+  existsSync,
+  mkdirSync,
+  mkdtempSync,
+  readFileSync,
+  rmSync,
+} from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { expect, test } from "vitest";
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
+import { createPermissionSystemLogger } from "#src/logging";
+
+test("Permission-system logger respects debug toggle and keeps review log enabled by default", () => {
+  const baseDir = mkdtempSync(join(tmpdir(), "pi-permission-system-logs-"));
+  const logsDir = join(baseDir, "logs");
+  const debugLogPath = join(logsDir, "debug.jsonl");
+  const reviewLogPath = join(logsDir, "review.jsonl");
+  const config = { ...DEFAULT_EXTENSION_CONFIG };
+  const logger = createPermissionSystemLogger({
+    getConfig: () => config,
+    debugLogPath,
+    reviewLogPath,
+    ensureLogsDirectory: () => {
+      mkdirSync(logsDir, { recursive: true });
+      return undefined;
+    },
+  });
+
+  try {
+    const initialDebugWarning = logger.debug("debug.disabled", {
+      sample: true,
+    });
+    const reviewWarning = logger.review("permission_request.waiting", {
+      toolName: "write",
+    });
+
+    expect(initialDebugWarning).toBe(undefined);
+    expect(reviewWarning).toBe(undefined);
+    expect(existsSync(debugLogPath)).toBe(false);
+    expect(existsSync(reviewLogPath)).toBe(true);
+
+    config.debugLog = true;
+    const enabledDebugWarning = logger.debug("debug.enabled", { sample: true });
+    expect(enabledDebugWarning).toBe(undefined);
+    expect(existsSync(debugLogPath)).toBe(true);
+    expect(readFileSync(debugLogPath, "utf8")).toMatch(/debug\.enabled/);
+  } finally {
+    rmSync(baseDir, { recursive: true, force: true });
+  }
+});

package/test/path-utils.test.ts

@@ -47,6 +47,16 @@ describe("normalizePathForComparison", () => {
     );
   });
 
+  test("expands bare $HOME to homedir", () => {
+    expect(normalizePathForComparison("$HOME", cwd)).toBe("/mock/home");
+  });
+
+  test("expands $HOME/... to homedir-relative path", () => {
+    expect(normalizePathForComparison("$HOME/.ssh/config", cwd)).toBe(
+      join("/mock/home", ".ssh/config"),
+    );
+  });
+
   test("strips leading @ before resolving", () => {
     expect(normalizePathForComparison("@/usr/local/bin", cwd)).toBe(
       "/usr/local/bin",

package/test/permission-forwarding.test.ts

@@ -1,5 +1,9 @@
+import { tmpdir } from "node:os";
+import { join } from "node:path";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import {
+  createPermissionForwardingLocation,
+  isForwardedPermissionRequestForSession,
   resolvePermissionForwardingTargetSessionId,
   SUBAGENT_PARENT_SESSION_ENV_CANDIDATES,
   SUBAGENT_PARENT_SESSION_ENV_KEY,
@@ -240,3 +244,72 @@ describe("resolvePermissionForwardingTargetSessionId — registry resolution", (
     ).toBe("parent-from-env");
   });
 });
+
+// ---------------------------------------------------------------------------
+// Moved from permission-system.test.ts catch-all (#342)
+// ---------------------------------------------------------------------------
+
+test("Permission forwarding resolves the parent interactive session from subagent runtime env", () => {
+  const targetSessionId = resolvePermissionForwardingTargetSessionId({
+    hasUI: false,
+    isSubagent: true,
+    currentSessionId: "child-session",
+    env: {
+      PI_AGENT_ROUTER_PARENT_SESSION_ID: "parent-session",
+    },
+  });
+
+  expect(targetSessionId).toBe("parent-session");
+});
+
+test("Permission forwarding does not guess a target session when subagent runtime env is missing", () => {
+  const targetSessionId = resolvePermissionForwardingTargetSessionId({
+    hasUI: false,
+    isSubagent: true,
+    currentSessionId: "child-session",
+    env: {},
+  });
+
+  expect(targetSessionId).toBe(null);
+});
+
+test("Permission forwarding uses session-scoped directories per interactive session", () => {
+  const forwardingRoot = join(tmpdir(), "pi-permission-system-forwarding-root");
+  const sessionA = createPermissionForwardingLocation(
+    forwardingRoot,
+    "session-a",
+  );
+  const sessionB = createPermissionForwardingLocation(
+    forwardingRoot,
+    "session-b",
+  );
+
+  expect(sessionA.sessionRootDir).not.toBe(sessionB.sessionRootDir);
+  expect(sessionA.requestsDir).not.toBe(sessionB.requestsDir);
+  expect(sessionA.responsesDir).not.toBe(sessionB.responsesDir);
+});
+
+test("Permission forwarding request routing only matches the intended UI session", () => {
+  expect(
+    isForwardedPermissionRequestForSession(
+      { targetSessionId: "session-a" },
+      "session-a",
+    ),
+  ).toBe(true);
+  expect(
+    isForwardedPermissionRequestForSession(
+      { targetSessionId: "session-a" },
+      "session-b",
+    ),
+  ).toBe(false);
+});
+
+test("Permission forwarding rejects unresolved sentinel session ids", () => {
+  const targetSessionId = resolvePermissionForwardingTargetSessionId({
+    hasUI: true,
+    isSubagent: false,
+    currentSessionId: "unknown",
+  });
+
+  expect(targetSessionId).toBe(null);
+});