@gotgenes/pi-permission-system 12.0.0 → 13.1.0

package/test/config-pipeline.test.ts

@@ -0,0 +1,90 @@
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterEach, beforeEach, describe, expect, it } from "vitest";
+
+import { loadAndMergeConfigs } from "#src/config-loader";
+import { normalizePermissionSystemConfig } from "#src/extension-config";
+
+/**
+ * Full-pipeline seam tests: write a temp config.json → loadAndMergeConfigs →
+ * normalizePermissionSystemConfig → assert values survive end to end.
+ *
+ * These tests guard the seam between the two normalizers — the class of bug
+ * fixed in #332, where a field declared on PermissionSystemExtensionConfig was
+ * silently dropped by the UnifiedPermissionConfig intermediate.
+ */
+describe("config pipeline seam", () => {
+  let tempDir: string;
+  let agentDir: string;
+  let cwd: string;
+  let extensionRoot: string;
+
+  beforeEach(() => {
+    tempDir = mkdtempSync(join(tmpdir(), "config-pipeline-test-"));
+    agentDir = join(tempDir, "agent");
+    cwd = join(tempDir, "project");
+    extensionRoot = join(tempDir, "ext");
+  });
+
+  afterEach(() => {
+    rmSync(tempDir, { recursive: true, force: true });
+  });
+
+  function writeGlobal(content: Record<string, unknown>): void {
+    const dir = join(agentDir, "extensions", "pi-permission-system");
+    mkdirSync(dir, { recursive: true });
+    writeFileSync(join(dir, "config.json"), JSON.stringify(content));
+  }
+
+  it("runtime knob and preview-length field both survive the full pipeline", () => {
+    writeGlobal({
+      debugLog: true,
+      toolInputPreviewMaxLength: 1000,
+    });
+
+    const mergeResult = loadAndMergeConfigs(agentDir, cwd, extensionRoot);
+    const config = normalizePermissionSystemConfig(mergeResult.merged);
+
+    expect(config.debugLog).toBe(true);
+    expect(config.toolInputPreviewMaxLength).toBe(1000);
+  });
+
+  it("text summary length field survives the full pipeline", () => {
+    writeGlobal({
+      toolTextSummaryMaxLength: 250,
+    });
+
+    const mergeResult = loadAndMergeConfigs(agentDir, cwd, extensionRoot);
+    const config = normalizePermissionSystemConfig(mergeResult.merged);
+
+    expect(config.toolTextSummaryMaxLength).toBe(250);
+  });
+
+  it("project config overrides global preview-length field end to end", () => {
+    writeGlobal({ toolInputPreviewMaxLength: 200 });
+    const projectDir = join(cwd, ".pi", "extensions", "pi-permission-system");
+    mkdirSync(projectDir, { recursive: true });
+    writeFileSync(
+      join(projectDir, "config.json"),
+      JSON.stringify({ toolInputPreviewMaxLength: 500 }),
+    );
+
+    const mergeResult = loadAndMergeConfigs(agentDir, cwd, extensionRoot);
+    const config = normalizePermissionSystemConfig(mergeResult.merged);
+
+    expect(config.toolInputPreviewMaxLength).toBe(500);
+  });
+
+  it("defaults apply when config file is absent", () => {
+    // No config files written — agentDir and cwd directories don't exist.
+    const mergeResult = loadAndMergeConfigs(agentDir, cwd, extensionRoot);
+    const config = normalizePermissionSystemConfig(mergeResult.merged);
+
+    expect(config.debugLog).toBe(false);
+    expect(config.permissionReviewLog).toBe(true);
+    expect(config.yoloMode).toBe(false);
+    expect(config.toolInputPreviewMaxLength).toBeUndefined();
+    expect(config.toolTextSummaryMaxLength).toBeUndefined();
+  });
+});

package/test/denial-messages.test.ts

@@ -114,6 +114,67 @@ describe("formatDenyReason", () => {
       );
     });
 
+    test("bash with a custom reason appended after the period", () => {
+      expect(
+        formatDenyReason(
+          toolCtx(
+            toolCheck("bash", {
+              command: "npm install",
+              matchedPattern: "npm *",
+              reason: "Use pnpm instead",
+            }),
+          ),
+        ),
+      ).toBe(
+        "[pi-permission-system] is not permitted to run 'bash' command 'npm install' (matched 'npm *'). Reason: Use pnpm instead.",
+      );
+    });
+
+    test("custom reason with no matched pattern", () => {
+      expect(
+        formatDenyReason(
+          toolCtx(
+            toolCheck("write", {
+              reason: "Write access is disabled for security",
+            }),
+          ),
+        ),
+      ).toBe(
+        "[pi-permission-system] is not permitted to run 'write'. Reason: Write access is disabled for security.",
+      );
+    });
+
+    test("custom reason is included alongside the agent name", () => {
+      expect(
+        formatDenyReason(
+          toolCtx(
+            toolCheck("bash", {
+              command: "yarn build",
+              matchedPattern: "yarn *",
+              reason: "Use pnpm instead",
+            }),
+            "dev-agent",
+          ),
+        ),
+      ).toBe(
+        "[pi-permission-system] Agent 'dev-agent' is not permitted to run 'bash' command 'yarn build' (matched 'yarn *'). Reason: Use pnpm instead.",
+      );
+    });
+
+    test("custom reason on an MCP target", () => {
+      expect(
+        formatDenyReason(
+          toolCtx(
+            mcpCheck("server:deploy", {
+              reason: "Deploy requires approval from a senior engineer",
+            }),
+          ),
+        ),
+      ).toBe(
+        "[pi-permission-system] is not permitted to run MCP target 'server:deploy'. Reason: Deploy requires approval from a senior engineer.",
+      );
+    });
+
     test("MCP source with target on non-mcp toolName", () => {
       expect(
         formatDenyReason(

package/test/extension-config.test.ts

@@ -103,26 +103,6 @@ describe("normalizePermissionSystemConfig", () => {
     expect(result.yoloMode).toBe(false);
   });
 
-  it("coerces non-boolean values to their defaults", () => {
-    const result = normalizePermissionSystemConfig({
-      debugLog: "yes",
-      permissionReviewLog: 1,
-      yoloMode: null,
-    });
-    expect(result.debugLog).toBe(false);
-    expect(result.permissionReviewLog).toBe(true);
-    expect(result.yoloMode).toBe(false);
-  });
-
-  it("handles null/undefined input gracefully", () => {
-    const result = normalizePermissionSystemConfig(null);
-    expect(result).toEqual({
-      debugLog: false,
-      permissionReviewLog: true,
-      yoloMode: false,
-    });
-  });
-
   it("includes toolInputPreviewMaxLength when a valid positive integer is provided", () => {
     const result = normalizePermissionSystemConfig({
       toolInputPreviewMaxLength: 400,
@@ -135,25 +115,6 @@ describe("normalizePermissionSystemConfig", () => {
     expect("toolInputPreviewMaxLength" in result).toBe(false);
   });
 
-  it("omits toolInputPreviewMaxLength for invalid values", () => {
-    expect(
-      normalizePermissionSystemConfig({ toolInputPreviewMaxLength: 0 })
-        .toolInputPreviewMaxLength,
-    ).toBeUndefined();
-    expect(
-      normalizePermissionSystemConfig({ toolInputPreviewMaxLength: -1 })
-        .toolInputPreviewMaxLength,
-    ).toBeUndefined();
-    expect(
-      normalizePermissionSystemConfig({ toolInputPreviewMaxLength: 200.5 })
-        .toolInputPreviewMaxLength,
-    ).toBeUndefined();
-    expect(
-      normalizePermissionSystemConfig({ toolInputPreviewMaxLength: "200" })
-        .toolInputPreviewMaxLength,
-    ).toBeUndefined();
-  });
-
   it("includes toolTextSummaryMaxLength when a valid positive integer is provided", () => {
     const result = normalizePermissionSystemConfig({
       toolTextSummaryMaxLength: 120,
@@ -165,23 +126,4 @@ describe("normalizePermissionSystemConfig", () => {
     const result = normalizePermissionSystemConfig({});
     expect("toolTextSummaryMaxLength" in result).toBe(false);
   });
-
-  it("omits toolTextSummaryMaxLength for invalid values", () => {
-    expect(
-      normalizePermissionSystemConfig({ toolTextSummaryMaxLength: 0 })
-        .toolTextSummaryMaxLength,
-    ).toBeUndefined();
-    expect(
-      normalizePermissionSystemConfig({ toolTextSummaryMaxLength: -1 })
-        .toolTextSummaryMaxLength,
-    ).toBeUndefined();
-    expect(
-      normalizePermissionSystemConfig({ toolTextSummaryMaxLength: 80.1 })
-        .toolTextSummaryMaxLength,
-    ).toBeUndefined();
-    expect(
-      normalizePermissionSystemConfig({ toolTextSummaryMaxLength: true })
-        .toolTextSummaryMaxLength,
-    ).toBeUndefined();
-  });
 });

package/test/handlers/gates/bash-path.test.ts

@@ -215,6 +215,49 @@ describe("describeBashPathGate", () => {
     expect(desc.preCheck?.state).toBe("deny");
     expect(desc.decision.value).toBe(".env");
   });
+
+  it("resolves cd-aware policy values while keeping the raw prompt token", async () => {
+    const resolver = makeResolver(
+      makeCheckResult({ state: "deny", matchedPattern: "*" }),
+    );
+    const result = (await describeGate(
+      makeTcc({
+        input: { command: "cd nested && cat src/file.txt" },
+        cwd: "/test/project",
+      }),
+      resolver,
+    )) as GateDescriptor;
+
+    expect(resolver.resolvePathPolicy).toHaveBeenCalledWith(
+      [
+        "/test/project/nested/src/file.txt",
+        "nested/src/file.txt",
+        "src/file.txt",
+      ],
+      undefined,
+    );
+    // The raw token drives the prompt, denial context, and session approval.
+    expect(result.denialContext).toMatchObject({ pathValue: "src/file.txt" });
+    expect(result.decision.value).toBe("src/file.txt");
+  });
+
+  it("does not resolve relative policy values through an unknown cd", async () => {
+    const resolver = makeResolver(
+      makeCheckResult({ state: "deny", matchedPattern: "*" }),
+    );
+    await describeGate(
+      makeTcc({
+        input: { command: 'cd "$DIR" && cat src/foo.ts' },
+        cwd: "/test/project",
+      }),
+      resolver,
+    );
+
+    expect(resolver.resolvePathPolicy).toHaveBeenCalledWith(
+      ["src/foo.ts"],
+      undefined,
+    );
+  });
 });
 
 // Home-relative path characterization (#350) ──────────────────────────────
@@ -229,7 +272,7 @@ describe("describeBashPathGate — home-relative paths", () => {
     // cat ~/.ssh/config → token "~/.ssh/config" extracted.
     const resolver = makePathDispatchResolver(
       {
-        "~/.ssh/config": makeCheckResult({
+        "/mock/home/.ssh/config": makeCheckResult({
           state: "deny",
           matchedPattern: "~/.ssh/*",
         }),
@@ -253,7 +296,7 @@ describe("describeBashPathGate — home-relative paths", () => {
   it("extracts $HOME/... token and builds descriptor on deny", async () => {
     const resolver = makePathDispatchResolver(
       {
-        "$HOME/.ssh/config": makeCheckResult({
+        "/mock/home/.ssh/config": makeCheckResult({
           state: "deny",
           matchedPattern: "$HOME/.ssh/*",
         }),

package/test/handlers/gates/bash-program.test.ts

@@ -13,20 +13,50 @@ vi.mock("node:fs", () => ({
 import { BashProgram } from "#src/handlers/gates/bash-program";
 
 describe("BashProgram", () => {
-  describe("pathTokens", () => {
-    it("returns dot-files and relative path tokens", async () => {
-      const program = await BashProgram.parse("cat .env src/foo.ts");
-      expect(program.pathTokens()).toEqual([".env", "src/foo.ts"]);
+  describe("pathRuleCandidates", () => {
+    const cwd = "/projects/my-app";
+
+    it("adds absolute and relative policy values for relative tokens", async () => {
+      const program = await BashProgram.parse("cat src/foo.ts");
+      expect(program.pathRuleCandidates(cwd)).toEqual([
+        {
+          token: "src/foo.ts",
+          policyValues: ["/projects/my-app/src/foo.ts", "src/foo.ts"],
+        },
+      ]);
+    });
+
+    it("returns the literal token only when no cwd is provided", async () => {
+      const program = await BashProgram.parse("cat src/foo.ts");
+      expect(program.pathRuleCandidates()).toEqual([
+        { token: "src/foo.ts", policyValues: ["src/foo.ts"] },
+      ]);
     });
 
-    it("returns an empty array when there are no path tokens", async () => {
-      const program = await BashProgram.parse("echo hello");
-      expect(program.pathTokens()).toEqual([]);
+    it("resolves tokens after literal cd against the effective directory", async () => {
+      const program = await BashProgram.parse("cd nested && cat src/file.txt");
+      const fileCandidate = program
+        .pathRuleCandidates(cwd)
+        .find((candidate) => candidate.token === "src/file.txt");
+      expect(fileCandidate).toEqual({
+        token: "src/file.txt",
+        policyValues: [
+          "/projects/my-app/nested/src/file.txt",
+          "nested/src/file.txt",
+          "src/file.txt",
+        ],
+      });
     });
 
-    it("deduplicates repeated tokens across a command chain", async () => {
-      const program = await BashProgram.parse("cat .env && rm .env");
-      expect(program.pathTokens()).toEqual([".env"]);
+    it("does not absolute-allow relative tokens after unknown cd", async () => {
+      const program = await BashProgram.parse('cd "$DIR" && cat src/foo.ts');
+      const fileCandidate = program
+        .pathRuleCandidates(cwd)
+        .find((candidate) => candidate.token === "src/foo.ts");
+      expect(fileCandidate).toEqual({
+        token: "src/foo.ts",
+        policyValues: ["src/foo.ts"],
+      });
     });
   });
 
@@ -322,7 +352,10 @@ describe("BashProgram", () => {
 
   it("derives both slices from a single parse", async () => {
     const program = await BashProgram.parse("cat .env /etc/hosts");
-    expect(program.pathTokens()).toEqual([".env", "/etc/hosts"]);
+    expect(program.pathRuleCandidates().map(({ token }) => token)).toEqual([
+      ".env",
+      "/etc/hosts",
+    ]);
     const external = program.externalPaths("/projects/my-app");
     expect(external).toContain("/etc/hosts");
     expect(external).not.toContain(".env");

package/test/handlers/gates/tool-call-gate-pipeline.test.ts

@@ -23,7 +23,7 @@ vi.mock("#src/handlers/gates/bash-program", () => ({
 function makeMockBashProgram() {
   return {
     commands: vi.fn<() => []>(() => []),
-    pathTokens: vi.fn<() => []>(() => []),
+    pathRuleCandidates: vi.fn<() => []>(() => []),
     externalPaths: vi.fn<() => []>(() => []),
   };
 }

package/test/helpers/gate-fixtures.ts

@@ -26,10 +26,13 @@ import { makeCheckResult } from "#test/helpers/handler-fixtures";
  */
 export function makeResolver(defaultCheck?: PermissionCheckResult) {
   const resolve = vi.fn<ScopedPermissionResolver["resolve"]>();
+  const resolvePathPolicy =
+    vi.fn<ScopedPermissionResolver["resolvePathPolicy"]>();
   if (defaultCheck) {
     resolve.mockReturnValue(defaultCheck);
+    resolvePathPolicy.mockReturnValue(defaultCheck);
   }
-  return { resolve };
+  return { resolve, resolvePathPolicy };
 }
 
 /**
@@ -92,6 +95,7 @@ export function makeGateRunner(
   overrides: {
     resolveResult?: PermissionCheckResult;
     resolve?: ScopedPermissionResolver["resolve"];
+    resolvePathPolicy?: ScopedPermissionResolver["resolvePathPolicy"];
     recordSessionApproval?: SessionApprovalRecorder["recordSessionApproval"];
     canConfirm?: GatePrompter["canConfirm"];
     prompt?: GatePrompter["prompt"];
@@ -106,6 +110,13 @@ export function makeGateRunner(
       .mockReturnValue(
         overrides.resolveResult ?? makeCheckResult({ matchedPattern: "*" }),
       );
+  const resolvePathPolicy =
+    overrides.resolvePathPolicy ??
+    vi
+      .fn<ScopedPermissionResolver["resolvePathPolicy"]>()
+      .mockReturnValue(
+        overrides.resolveResult ?? makeCheckResult({ matchedPattern: "*" }),
+      );
   const recordSessionApproval =
     overrides.recordSessionApproval ??
     (vi.fn() as SessionApprovalRecorder["recordSessionApproval"]);
@@ -118,7 +129,7 @@ export function makeGateRunner(
       .fn<GatePrompter["prompt"]>()
       .mockResolvedValue({ approved: true, state: "approved" });
   const runner = new GateRunner(
-    { resolve },
+    { resolve, resolvePathPolicy },
     { recordSessionApproval },
     { canConfirm, prompt },
     reporter,
@@ -127,6 +138,7 @@ export function makeGateRunner(
     runner,
     deps: {
       resolve,
+      resolvePathPolicy,
       recordSessionApproval,
       canConfirm,
       prompt,
@@ -212,7 +224,15 @@ export function makePathDispatchResolver(
     }
     return defaultResult;
   });
-  return { resolve };
+  const resolvePathPolicy =
+    vi.fn<ScopedPermissionResolver["resolvePathPolicy"]>();
+  resolvePathPolicy.mockImplementation((values) => {
+    for (const value of values) {
+      if (value in byPath) return byPath[value];
+    }
+    return defaultResult;
+  });
+  return { resolve, resolvePathPolicy };
 }
 
 /**

package/test/helpers/handler-fixtures.ts

@@ -236,9 +236,21 @@ export function makeHandler(overrides?: {
 
   // Apply session override bag to the real collaborators.
   const so = overrides?.session;
-  if (so?.checkPermission) {
+  const surfaceCheck = so?.checkPermission;
+  if (surfaceCheck) {
     vi.mocked(permissionManager.checkPermission).mockImplementation(
-      so.checkPermission,
+      surfaceCheck,
+    );
+    // The bash path gate resolves through checkPathPolicy; route it through
+    // the same surface dispatcher so `path` overrides apply to bash tokens.
+    vi.mocked(permissionManager.checkPathPolicy).mockImplementation(
+      (values, agentName, sessionRules) =>
+        surfaceCheck(
+          "path",
+          { path: values[0] ?? "*" },
+          agentName,
+          sessionRules,
+        ),
     );
   }
   if (so?.getActiveSkillEntries) {

package/test/helpers/session-fixtures.ts

@@ -102,6 +102,20 @@ export function makeFakePermissionManager() {
         source: "tool",
         origin: "builtin",
       }),
+    checkPathPolicy: vi
+      .fn<
+        (
+          values: readonly string[],
+          agentName?: string,
+          sessionRules?: Ruleset,
+        ) => PermissionCheckResult
+      >()
+      .mockReturnValue({
+        state: "allow",
+        toolName: "path",
+        source: "special",
+        origin: "builtin",
+      }),
     getToolPermission: vi
       .fn<(toolName: string, agentName?: string) => PermissionState>()
       .mockReturnValue("allow"),

package/test/input-normalizer.test.ts

@@ -68,6 +68,32 @@ describe("normalizeInput — non-MCP surfaces", () => {
       const result = normalizeInput("path", {}, []);
       expect(result.values).toEqual(["*"]);
     });
+
+    it("adds cwd-normalized and relative aliases when cwd is provided", () => {
+      const result = normalizeInput(
+        "path",
+        { path: "src/App.jsx" },
+        [],
+        "/workspace/project",
+      );
+      expect(result.values).toEqual([
+        "/workspace/project/src/App.jsx",
+        "src/App.jsx",
+      ]);
+    });
+
+    it("ignores a user-supplied string pathPolicyValues field", () => {
+      const result = normalizeInput(
+        "path",
+        { path: "src/App.jsx", pathPolicyValues: ["/etc/shadow"] },
+        [],
+        "/workspace/project",
+      );
+      expect(result.values).toEqual([
+        "/workspace/project/src/App.jsx",
+        "src/App.jsx",
+      ]);
+    });
   });
 
   describe("special / external_directory", () => {
@@ -119,6 +145,19 @@ describe("normalizeInput — non-MCP surfaces", () => {
       );
       expect(result.values).toEqual([join("/mock/home", "dev/project")]);
     });
+
+    it("adds cwd-normalized and relative aliases when cwd is provided", () => {
+      const result = normalizeInput(
+        "external_directory",
+        { path: "src/App.jsx" },
+        [],
+        "/workspace/project",
+      );
+      expect(result.values).toEqual([
+        "/workspace/project/src/App.jsx",
+        "src/App.jsx",
+      ]);
+    });
   });
 
   describe("skill", () => {
@@ -206,6 +245,19 @@ describe("normalizeInput — non-MCP surfaces", () => {
       const result = normalizeInput("write", { path: "$HOME/.ssh/config" }, []);
       expect(result.values).toEqual([join("/mock/home", ".ssh/config")]);
     });
+
+    it("adds cwd-normalized and relative aliases when cwd is provided", () => {
+      const result = normalizeInput(
+        "read",
+        { path: "src/App.jsx" },
+        [],
+        "/workspace/project",
+      );
+      expect(result.values).toEqual([
+        "/workspace/project/src/App.jsx",
+        "src/App.jsx",
+      ]);
+    });
   });
 
   describe("extension tools (non-path-bearing)", () => {

package/test/normalize.test.ts

@@ -163,4 +163,85 @@ describe("normalizeFlatConfig", () => {
       ]);
     });
   });
+
+  describe("deny with reason", () => {
+    test("{ action: 'deny', reason } produces a deny rule carrying the reason", () => {
+      const result = normalizeFlatConfig({
+        bash: { "npm *": { action: "deny", reason: "Use pnpm instead" } },
+      });
+      expect(result).toEqual([
+        {
+          surface: "bash",
+          pattern: "npm *",
+          action: "deny",
+          reason: "Use pnpm instead",
+          origin: "builtin",
+        },
+      ]);
+    });
+
+    test("{ action: 'deny' } without a reason produces a deny rule without reason", () => {
+      const result = normalizeFlatConfig({
+        bash: { "rm -rf *": { action: "deny" } },
+      });
+      expect(result).toEqual([
+        {
+          surface: "bash",
+          pattern: "rm -rf *",
+          action: "deny",
+          origin: "builtin",
+        },
+      ]);
+    });
+
+    test("deny-with-reason and plain strings coexist in the same surface", () => {
+      const result = normalizeFlatConfig({
+        bash: {
+          "git *": "allow",
+          "npm *": { action: "deny", reason: "Use pnpm" },
+          "*": "ask",
+        },
+      });
+      expect(result).toEqual([
+        {
+          surface: "bash",
+          pattern: "git *",
+          action: "allow",
+          origin: "builtin",
+        },
+        {
+          surface: "bash",
+          pattern: "npm *",
+          action: "deny",
+          reason: "Use pnpm",
+          origin: "builtin",
+        },
+        { surface: "bash", pattern: "*", action: "ask", origin: "builtin" },
+      ]);
+    });
+
+    test("top-level deny-with-reason object is treated as a pattern map", () => {
+      // At the surface level, { action: "deny", reason: "..." } is parsed as a
+      // pattern→action map: "action" is a pattern key with action "deny", and
+      // "reason" maps to a non-PermissionState string that is dropped.
+      const result = normalizeFlatConfig({
+        bash: { action: "deny", reason: "Not allowed" } as never,
+      });
+      expect(result).toEqual([
+        {
+          surface: "bash",
+          pattern: "action",
+          action: "deny",
+          origin: "builtin",
+        },
+      ]);
+    });
+
+    test("non-string reason is rejected (malformed config)", () => {
+      const result = normalizeFlatConfig({
+        bash: { "npm *": { action: "deny", reason: 42 } as never },
+      });
+      expect(result).toEqual([]);
+    });
+  });
 });