@gotgenes/pi-permission-system 2.0.0 → 3.0.0

package/src/config-loader.ts

@@ -0,0 +1,398 @@
+import { existsSync, readFileSync } from "node:fs";
+import { normalize } from "node:path";
+
+import { isPermissionState, toRecord } from "./common.js";
+import {
+  getGlobalConfigPath,
+  getLegacyExtensionConfigPath,
+  getLegacyGlobalPolicyPath,
+  getLegacyProjectPolicyPath,
+  getProjectConfigPath,
+} from "./config-paths.js";
+import type { PermissionDefaultPolicy, PermissionState } from "./types.js";
+
+/**
+ * Unified config shape combining runtime knobs and policy in one object.
+ * All fields are optional so partial configs (project-only, global-only) work.
+ */
+export interface UnifiedPermissionConfig {
+  // Runtime knobs
+  debugLog?: boolean;
+  permissionReviewLog?: boolean;
+  yoloMode?: boolean;
+
+  // Policy
+  defaultPolicy?: Partial<PermissionDefaultPolicy>;
+  tools?: Record<string, PermissionState>;
+  bash?: Record<string, PermissionState>;
+  mcp?: Record<string, PermissionState>;
+  skills?: Record<string, PermissionState>;
+  special?: Record<string, PermissionState>;
+}
+
+export interface UnifiedConfigLoadResult {
+  config: UnifiedPermissionConfig;
+  issues: string[];
+}
+
+const DEPRECATED_SPECIAL_KEYS: ReadonlySet<string> = new Set([
+  "tool_call_limit",
+]);
+
+const BUILT_IN_TOOL_PERMISSION_NAMES = new Set([
+  "bash",
+  "read",
+  "write",
+  "edit",
+  "grep",
+  "find",
+  "ls",
+]);
+
+const SPECIAL_PERMISSION_KEYS = new Set(["doom_loop", "external_directory"]);
+
+export function stripJsonComments(input: string): string {
+  let output = "";
+  let inString = false;
+  let stringQuote: '"' | "'" | "" = "";
+  let escaping = false;
+  let inLineComment = false;
+  let inBlockComment = false;
+
+  for (let i = 0; i < input.length; i++) {
+    const char = input[i];
+    const next = input[i + 1] || "";
+
+    if (inLineComment) {
+      if (char === "\n") {
+        inLineComment = false;
+        output += char;
+      }
+      continue;
+    }
+
+    if (inBlockComment) {
+      if (char === "*" && next === "/") {
+        inBlockComment = false;
+        i++;
+      }
+      continue;
+    }
+
+    if (!inString && char === "/" && next === "/") {
+      inLineComment = true;
+      i++;
+      continue;
+    }
+
+    if (!inString && char === "/" && next === "*") {
+      inBlockComment = true;
+      i++;
+      continue;
+    }
+
+    output += char;
+
+    if (!inString && (char === '"' || char === "'")) {
+      inString = true;
+      stringQuote = char;
+      escaping = false;
+      continue;
+    }
+
+    if (!inString) {
+      continue;
+    }
+
+    if (escaping) {
+      escaping = false;
+      continue;
+    }
+
+    if (char === "\\") {
+      escaping = true;
+      continue;
+    }
+
+    if (char === stringQuote) {
+      inString = false;
+      stringQuote = "";
+    }
+  }
+
+  return output;
+}
+
+function normalizePartialPolicy(
+  value: unknown,
+): Partial<PermissionDefaultPolicy> | undefined {
+  const record = toRecord(value);
+  const normalized: Partial<PermissionDefaultPolicy> = {};
+  let hasAny = false;
+
+  for (const key of ["tools", "bash", "mcp", "skills", "special"] as const) {
+    if (isPermissionState(record[key])) {
+      normalized[key] = record[key] as PermissionState;
+      hasAny = true;
+    }
+  }
+
+  return hasAny ? normalized : undefined;
+}
+
+function normalizePermissionRecord(
+  value: unknown,
+): Record<string, PermissionState> | undefined {
+  const record = toRecord(value);
+  const normalized: Record<string, PermissionState> = {};
+  let hasAny = false;
+
+  for (const [key, state] of Object.entries(record)) {
+    if (isPermissionState(state)) {
+      normalized[key] = state;
+      hasAny = true;
+    }
+  }
+
+  return hasAny ? normalized : undefined;
+}
+
+function normalizeOptionalBoolean(value: unknown): boolean | undefined {
+  if (typeof value === "boolean") {
+    return value;
+  }
+  return undefined;
+}
+
+/**
+ * Normalize raw parsed JSON into the unified config shape.
+ * Handles top-level shorthand keys (e.g. `bash: "allow"` at root)
+ * and deprecated special keys, collecting issues along the way.
+ */
+export function normalizeUnifiedConfig(raw: unknown): {
+  config: UnifiedPermissionConfig;
+  issues: string[];
+} {
+  const record = toRecord(raw);
+  const issues: string[] = [];
+
+  const config: UnifiedPermissionConfig = {};
+
+  // Runtime knobs
+  const debugLog = normalizeOptionalBoolean(record.debugLog);
+  if (debugLog !== undefined) config.debugLog = debugLog;
+
+  const permissionReviewLog = normalizeOptionalBoolean(
+    record.permissionReviewLog,
+  );
+  if (permissionReviewLog !== undefined)
+    config.permissionReviewLog = permissionReviewLog;
+
+  const yoloMode = normalizeOptionalBoolean(record.yoloMode);
+  if (yoloMode !== undefined) config.yoloMode = yoloMode;
+
+  // Policy
+  const defaultPolicy = normalizePartialPolicy(record.defaultPolicy);
+  if (defaultPolicy) config.defaultPolicy = defaultPolicy;
+
+  const tools = normalizePermissionRecord(record.tools);
+  if (tools) config.tools = tools;
+
+  const bash = normalizePermissionRecord(record.bash);
+  if (bash) config.bash = bash;
+
+  const mcp = normalizePermissionRecord(record.mcp);
+  if (mcp) config.mcp = mcp;
+
+  const skills = normalizePermissionRecord(record.skills);
+  if (skills) config.skills = skills;
+
+  const special = normalizePermissionRecord(record.special);
+  if (special) config.special = special;
+
+  // Detect deprecated special keys
+  const rawSpecial = toRecord(record.special);
+  for (const key of DEPRECATED_SPECIAL_KEYS) {
+    if (key in rawSpecial) {
+      issues.push(
+        `special.${key} is deprecated and ignored — remove it from your config file.`,
+      );
+      if (config.special) {
+        delete config.special[key];
+        if (Object.keys(config.special).length === 0) {
+          delete config.special;
+        }
+      }
+    }
+  }
+
+  // Handle top-level shorthand keys (e.g. `bash: "allow"` at root level)
+  for (const [key, value] of Object.entries(record)) {
+    if (!isPermissionState(value)) continue;
+
+    if (BUILT_IN_TOOL_PERMISSION_NAMES.has(key)) {
+      config.tools = { ...(config.tools || {}), [key]: value };
+    } else if (SPECIAL_PERMISSION_KEYS.has(key)) {
+      config.special = { ...(config.special || {}), [key]: value };
+    }
+  }
+
+  return { config, issues };
+}
+
+/**
+ * Merge two unified configs. Object-shaped fields (defaultPolicy, tools, bash,
+ * mcp, skills, special) are shallow-merged (override wins per-key). Scalar
+ * fields (debugLog, permissionReviewLog, yoloMode) are replaced when present
+ * in the override.
+ */
+export function mergeUnifiedConfigs(
+  base: UnifiedPermissionConfig,
+  override: UnifiedPermissionConfig,
+): UnifiedPermissionConfig {
+  const merged: UnifiedPermissionConfig = {};
+
+  // Scalars: override replaces base when defined
+  for (const key of ["debugLog", "permissionReviewLog", "yoloMode"] as const) {
+    const value = override[key] ?? base[key];
+    if (value !== undefined) {
+      merged[key] = value;
+    }
+  }
+
+  // Object fields: shallow spread merge
+  for (const key of [
+    "defaultPolicy",
+    "tools",
+    "bash",
+    "mcp",
+    "skills",
+    "special",
+  ] as const) {
+    const baseVal = base[key];
+    const overrideVal = override[key];
+    if (baseVal || overrideVal) {
+      merged[key] = { ...(baseVal || {}), ...(overrideVal || {}) } as never;
+    }
+  }
+
+  return merged;
+}
+
+export interface MergedConfigResult {
+  global: UnifiedPermissionConfig;
+  project: UnifiedPermissionConfig;
+  merged: UnifiedPermissionConfig;
+  issues: string[];
+}
+
+/**
+ * Load global and project configs from the new layout, detect legacy files,
+ * merge everything, and collect issues.
+ *
+ * Merge order:
+ * 1. Legacy global policy (if present) — lowest precedence
+ * 2. Legacy extension runtime config (if present and path differs from new global)
+ * 3. New global config
+ * 4. Legacy project policy (if present)
+ * 5. New project config — highest precedence
+ */
+export function loadAndMergeConfigs(
+  agentDir: string,
+  cwd: string,
+  extensionRoot: string,
+): MergedConfigResult {
+  const allIssues: string[] = [];
+
+  const newGlobalPath = getGlobalConfigPath(agentDir);
+  const newProjectPath = getProjectConfigPath(cwd);
+  const legacyGlobalPolicyPath = getLegacyGlobalPolicyPath(agentDir);
+  const legacyProjectPolicyPath = getLegacyProjectPolicyPath(cwd);
+  const legacyExtConfigPath = getLegacyExtensionConfigPath(extensionRoot);
+
+  // Start with empty
+  let merged: UnifiedPermissionConfig = {};
+
+  // 1. Legacy global policy
+  if (existsSync(legacyGlobalPolicyPath)) {
+    const legacy = loadUnifiedConfig(legacyGlobalPolicyPath);
+    allIssues.push(
+      `Legacy global policy found at '${legacyGlobalPolicyPath}'. ` +
+        `Move it to '${newGlobalPath}':\n` +
+        `  mv '${legacyGlobalPolicyPath}' '${newGlobalPath}'`,
+    );
+    allIssues.push(...legacy.issues);
+    merged = mergeUnifiedConfigs(merged, legacy.config);
+  }
+
+  // 2. Legacy extension runtime config (only if different from new global path)
+  const normalizedLegacyExt = normalize(legacyExtConfigPath);
+  const normalizedNewGlobal = normalize(newGlobalPath);
+  if (
+    normalizedLegacyExt !== normalizedNewGlobal &&
+    existsSync(legacyExtConfigPath)
+  ) {
+    const legacy = loadUnifiedConfig(legacyExtConfigPath);
+    allIssues.push(
+      `Legacy extension config found at '${legacyExtConfigPath}'. ` +
+        `Move runtime settings to '${newGlobalPath}':\n` +
+        `  mv '${legacyExtConfigPath}' '${newGlobalPath}'`,
+    );
+    allIssues.push(...legacy.issues);
+    merged = mergeUnifiedConfigs(merged, legacy.config);
+  }
+
+  // 3. New global config
+  const globalResult = loadUnifiedConfig(newGlobalPath);
+  allIssues.push(...globalResult.issues);
+  const globalConfig = globalResult.config;
+  merged = mergeUnifiedConfigs(merged, globalConfig);
+
+  // 4. Legacy project policy
+  if (existsSync(legacyProjectPolicyPath)) {
+    const legacy = loadUnifiedConfig(legacyProjectPolicyPath);
+    allIssues.push(
+      `Legacy project policy found at '${legacyProjectPolicyPath}'. ` +
+        `Move it to '${newProjectPath}':\n` +
+        `  mv '${legacyProjectPolicyPath}' '${newProjectPath}'`,
+    );
+    allIssues.push(...legacy.issues);
+    merged = mergeUnifiedConfigs(merged, legacy.config);
+  }
+
+  // 5. New project config
+  const projectResult = loadUnifiedConfig(newProjectPath);
+  allIssues.push(...projectResult.issues);
+  const projectConfig = projectResult.config;
+  merged = mergeUnifiedConfigs(merged, projectConfig);
+
+  return {
+    global: globalConfig,
+    project: projectConfig,
+    merged,
+    issues: allIssues,
+  };
+}
+
+/**
+ * Load and normalize a unified config file.
+ * Returns an empty config with no issues if the file does not exist.
+ * Returns an empty config with an issue if the file cannot be parsed.
+ */
+export function loadUnifiedConfig(path: string): UnifiedConfigLoadResult {
+  if (!existsSync(path)) {
+    return { config: {}, issues: [] };
+  }
+
+  try {
+    const raw = readFileSync(path, "utf-8");
+    const parsed = JSON.parse(stripJsonComments(raw)) as unknown;
+    return normalizeUnifiedConfig(parsed);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return {
+      config: {},
+      issues: [`Failed to read config at '${path}': ${message}`],
+    };
+  }
+}

package/src/config-paths.ts

@@ -0,0 +1,34 @@
+import { join } from "node:path";
+
+const EXTENSION_ID = "pi-permission-system";
+
+export const DEBUG_LOG_FILENAME = `${EXTENSION_ID}-debug.jsonl`;
+export const REVIEW_LOG_FILENAME = `${EXTENSION_ID}-permission-review.jsonl`;
+
+export function getGlobalConfigDir(agentDir: string): string {
+  return join(agentDir, "extensions", EXTENSION_ID);
+}
+
+export function getGlobalConfigPath(agentDir: string): string {
+  return join(getGlobalConfigDir(agentDir), "config.json");
+}
+
+export function getGlobalLogsDir(agentDir: string): string {
+  return join(getGlobalConfigDir(agentDir), "logs");
+}
+
+export function getProjectConfigPath(cwd: string): string {
+  return join(cwd, ".pi", "extensions", EXTENSION_ID, "config.json");
+}
+
+export function getLegacyGlobalPolicyPath(agentDir: string): string {
+  return join(agentDir, "pi-permissions.jsonc");
+}
+
+export function getLegacyProjectPolicyPath(cwd: string): string {
+  return join(cwd, ".pi", "agent", "pi-permissions.jsonc");
+}
+
+export function getLegacyExtensionConfigPath(extensionRoot: string): string {
+  return join(extensionRoot, "config.json");
+}

package/src/config-reporter.ts

@@ -1,8 +1,6 @@
 import type { ResolvedPolicyPaths } from "./permission-manager.js";
 
 export interface ResolvedConfigLogEntry {
-  extensionConfigPath: string;
-  extensionConfigExists: boolean;
   globalConfigPath: string;
   globalConfigExists: boolean;
   projectConfigPath: string | null;
@@ -11,16 +9,26 @@ export interface ResolvedConfigLogEntry {
   agentsDirExists: boolean;
   projectAgentsDir: string | null;
   projectAgentsDirExists: boolean;
+  legacyGlobalPolicyDetected: boolean;
+  legacyProjectPolicyDetected: boolean;
+  legacyExtensionConfigDetected: boolean;
+}
+
+export interface BuildResolvedConfigLogEntryOptions {
+  policyPaths: ResolvedPolicyPaths;
+  legacyGlobalPolicyDetected?: boolean;
+  legacyProjectPolicyDetected?: boolean;
+  legacyExtensionConfigDetected?: boolean;
 }
 
 export function buildResolvedConfigLogEntry(
-  extensionConfigPath: string,
-  extensionConfigExists: boolean,
-  policyPaths: ResolvedPolicyPaths,
+  options: BuildResolvedConfigLogEntryOptions,
 ): ResolvedConfigLogEntry {
   return {
-    extensionConfigPath,
-    extensionConfigExists,
-    ...policyPaths,
+    ...options.policyPaths,
+    legacyGlobalPolicyDetected: options.legacyGlobalPolicyDetected ?? false,
+    legacyProjectPolicyDetected: options.legacyProjectPolicyDetected ?? false,
+    legacyExtensionConfigDetected:
+      options.legacyExtensionConfigDetected ?? false,
   };
 }

package/src/index.ts

@@ -9,7 +9,7 @@ import {
   writeFileSync,
 } from "node:fs";
 import { homedir } from "node:os";
-import { join, normalize, resolve, sep } from "node:path";
+import { dirname, join, normalize, resolve, sep } from "node:path";
 import {
   type ExtensionAPI,
   type ExtensionCommandContext,
@@ -23,16 +23,25 @@ import {
   shouldApplyCachedAgentStartState,
 } from "./before-agent-start-cache.js";
 import { getNonEmptyString, toRecord } from "./common.js";
+import { loadAndMergeConfigs, loadUnifiedConfig } from "./config-loader.js";
 import { registerPermissionSystemCommand } from "./config-modal.js";
+import {
+  DEBUG_LOG_FILENAME,
+  getGlobalConfigPath,
+  getGlobalLogsDir,
+  getLegacyExtensionConfigPath,
+  getLegacyGlobalPolicyPath,
+  getLegacyProjectPolicyPath,
+  getProjectConfigPath,
+  REVIEW_LOG_FILENAME,
+} from "./config-paths.js";
 import { buildResolvedConfigLogEntry } from "./config-reporter.js";
 import {
-  CONFIG_PATH,
   DEFAULT_EXTENSION_CONFIG,
-  getPermissionSystemConfigPath,
-  loadPermissionSystemConfig,
+  EXTENSION_ROOT,
+  ensurePermissionSystemLogsDirectory,
   normalizePermissionSystemConfig,
   type PermissionSystemExtensionConfig,
-  savePermissionSystemConfig,
 } from "./extension-config.js";
 import { createPermissionSystemLogger, safeJsonStringify } from "./logging.js";
 import {
@@ -92,8 +101,13 @@ const PATH_BEARING_TOOLS = new Set([
 let extensionConfig: PermissionSystemExtensionConfig = {
   ...DEFAULT_EXTENSION_CONFIG,
 };
+const GLOBAL_LOGS_DIR = getGlobalLogsDir(PI_AGENT_DIR);
 const extensionLogger = createPermissionSystemLogger({
   getConfig: () => extensionConfig,
+  debugLogPath: join(GLOBAL_LOGS_DIR, DEBUG_LOG_FILENAME),
+  reviewLogPath: join(GLOBAL_LOGS_DIR, REVIEW_LOG_FILENAME),
+  ensureLogsDirectory: () =>
+    ensurePermissionSystemLogsDirectory(GLOBAL_LOGS_DIR),
 });
 const reportedLoggingWarnings = new Set<string>();
 let loggingWarningReporter: ((message: string) => void) | null = null;
@@ -1217,24 +1231,22 @@ function derivePiProjectPaths(cwd: string | undefined | null): {
     return null;
   }
 
-  const projectAgentRoot = join(cwd, ".pi", "agent");
   return {
-    projectGlobalConfigPath: join(projectAgentRoot, "pi-permissions.jsonc"),
-    projectAgentsDir: join(projectAgentRoot, "agents"),
+    projectGlobalConfigPath: getProjectConfigPath(cwd),
+    projectAgentsDir: join(cwd, ".pi", "agent", "agents"),
   };
 }
 
 function createPermissionManagerForCwd(
   cwd: string | undefined | null,
 ): PermissionManager {
+  const agentDir = getAgentDir();
   const projectPaths = derivePiProjectPaths(cwd);
-  if (!projectPaths) {
-    return new PermissionManager();
-  }
 
   return new PermissionManager({
-    projectGlobalConfigPath: projectPaths.projectGlobalConfigPath,
-    projectAgentsDir: projectPaths.projectAgentsDir,
+    globalConfigPath: getGlobalConfigPath(agentDir),
+    projectGlobalConfigPath: projectPaths?.projectGlobalConfigPath,
+    projectAgentsDir: projectPaths?.projectAgentsDir,
   });
 }
 
@@ -1269,26 +1281,34 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
       runtimeContext = ctx;
     }
 
-    const result = loadPermissionSystemConfig();
-    setExtensionConfig(result.config);
+    const cwd = runtimeContext?.cwd ?? null;
+    const agentDir = getAgentDir();
+    const mergeResult = loadAndMergeConfigs(
+      agentDir,
+      cwd ?? "",
+      EXTENSION_ROOT,
+    );
+    const runtimeConfig = normalizePermissionSystemConfig(mergeResult.merged);
+    setExtensionConfig(runtimeConfig);
 
     if (runtimeContext?.hasUI) {
-      syncPermissionSystemStatus(runtimeContext, result.config);
+      syncPermissionSystemStatus(runtimeContext, runtimeConfig);
     }
 
-    if (result.warning && result.warning !== lastConfigWarning) {
-      lastConfigWarning = result.warning;
-      notifyWarning(result.warning);
-    } else if (!result.warning) {
+    const warning =
+      mergeResult.issues.length > 0 ? mergeResult.issues.join("\n") : undefined;
+    if (warning && warning !== lastConfigWarning) {
+      lastConfigWarning = warning;
+      notifyWarning(warning);
+    } else if (!warning) {
       lastConfigWarning = null;
     }
 
     writeDebugLog("config.loaded", {
-      created: result.created,
-      warning: result.warning ?? null,
-      debugLog: result.config.debugLog,
-      permissionReviewLog: result.config.permissionReviewLog,
-      yoloMode: result.config.yoloMode,
+      warning: warning ?? null,
+      debugLog: runtimeConfig.debugLog,
+      permissionReviewLog: runtimeConfig.permissionReviewLog,
+      yoloMode: runtimeConfig.yoloMode,
     });
   };
 
@@ -1297,11 +1317,35 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
     ctx: ExtensionCommandContext,
   ): void => {
     const normalized = normalizePermissionSystemConfig(next);
-    const saved = savePermissionSystemConfig(normalized);
-    if (!saved.success) {
-      if (saved.error) {
-        ctx.ui.notify(saved.error, "error");
+    const globalPath = getGlobalConfigPath(getAgentDir());
+
+    // Load existing global config and merge runtime knobs into it
+    const existing = loadUnifiedConfig(globalPath);
+    const merged = {
+      ...existing.config,
+      debugLog: normalized.debugLog,
+      permissionReviewLog: normalized.permissionReviewLog,
+      yoloMode: normalized.yoloMode,
+    };
+
+    const tmpPath = `${globalPath}.tmp`;
+    try {
+      mkdirSync(dirname(globalPath), { recursive: true });
+      writeFileSync(tmpPath, `${JSON.stringify(merged, null, 2)}\n`, "utf-8");
+      renameSync(tmpPath, globalPath);
+    } catch (error) {
+      try {
+        if (existsSync(tmpPath)) {
+          unlinkSync(tmpPath);
+        }
+      } catch {
+        // Ignore cleanup failures.
       }
+      const message = error instanceof Error ? error.message : String(error);
+      ctx.ui.notify(
+        `Failed to save permission-system config at '${globalPath}': ${message}`,
+        "error",
+      );
       return;
     }
 
@@ -1321,7 +1365,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
   registerPermissionSystemCommand(pi, {
     getConfig: () => extensionConfig,
     setConfig: saveExtensionConfig,
-    getConfigPath: getPermissionSystemConfigPath,
+    getConfigPath: () => getGlobalConfigPath(getAgentDir()),
   });
 
   const createPermissionRequestId = (prefix: string): string => {
@@ -1470,11 +1514,28 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
 
   const logResolvedConfigPaths = (): void => {
     const policyPaths = permissionManager.getResolvedPolicyPaths();
-    const entry = buildResolvedConfigLogEntry(
-      CONFIG_PATH,
-      existsSync(CONFIG_PATH),
-      policyPaths,
+    const cwd = runtimeContext?.cwd ?? null;
+
+    // Detect legacy files for the log entry
+    const agentDir = getAgentDir();
+    const legacyGlobalPolicyDetected = existsSync(
+      getLegacyGlobalPolicyPath(agentDir),
     );
+    const legacyProjectPolicyDetected = cwd
+      ? existsSync(getLegacyProjectPolicyPath(cwd))
+      : false;
+    const legacyExtConfigPath = getLegacyExtensionConfigPath(EXTENSION_ROOT);
+    const newGlobalPath = getGlobalConfigPath(agentDir);
+    const legacyExtensionConfigDetected =
+      normalize(legacyExtConfigPath) !== normalize(newGlobalPath) &&
+      existsSync(legacyExtConfigPath);
+
+    const entry = buildResolvedConfigLogEntry({
+      policyPaths,
+      legacyGlobalPolicyDetected,
+      legacyProjectPolicyDetected,
+      legacyExtensionConfigDetected,
+    });
     writeReviewLog(
       "config.resolved",
       entry as unknown as Record<string, unknown>,