@gotgenes/pi-permission-system 2.0.0 → 3.0.1

package/src/permission-manager.ts

@@ -10,6 +10,8 @@ import {
   parseSimpleYamlMap,
   toRecord,
 } from "./common.js";
+import { loadUnifiedConfig, stripJsonComments } from "./config-loader.js";
+import { getGlobalConfigPath } from "./config-paths.js";
 import type {
   AgentPermissions,
   BashPermissions,
@@ -26,7 +28,7 @@ import {
 } from "./wildcard-matcher.js";
 
 function defaultGlobalConfigPath(): string {
-  return join(getAgentDir(), "pi-permissions.jsonc");
+  return getGlobalConfigPath(getAgentDir());
 }
 function defaultAgentsDir(): string {
   return join(getAgentDir(), "agents");
@@ -61,87 +63,6 @@ const DEFAULT_POLICY: PermissionDefaultPolicy = {
   special: "ask",
 };
 
-const EMPTY_GLOBAL_CONFIG: GlobalPermissionConfig = {
-  defaultPolicy: DEFAULT_POLICY,
-  tools: {},
-  bash: {},
-  mcp: {},
-  skills: {},
-  special: {},
-};
-
-function stripJsonComments(input: string): string {
-  let output = "";
-  let inString = false;
-  let stringQuote: '"' | "'" | "" = "";
-  let escaping = false;
-  let inLineComment = false;
-  let inBlockComment = false;
-
-  for (let i = 0; i < input.length; i++) {
-    const char = input[i];
-    const next = input[i + 1] || "";
-
-    if (inLineComment) {
-      if (char === "\n") {
-        inLineComment = false;
-        output += char;
-      }
-      continue;
-    }
-
-    if (inBlockComment) {
-      if (char === "*" && next === "/") {
-        inBlockComment = false;
-        i++;
-      }
-      continue;
-    }
-
-    if (!inString && char === "/" && next === "/") {
-      inLineComment = true;
-      i++;
-      continue;
-    }
-
-    if (!inString && char === "/" && next === "*") {
-      inBlockComment = true;
-      i++;
-      continue;
-    }
-
-    output += char;
-
-    if (!inString && (char === '"' || char === "'")) {
-      inString = true;
-      stringQuote = char;
-      escaping = false;
-      continue;
-    }
-
-    if (!inString) {
-      continue;
-    }
-
-    if (escaping) {
-      escaping = false;
-      continue;
-    }
-
-    if (char === "\\") {
-      escaping = true;
-      continue;
-    }
-
-    if (char === stringQuote) {
-      inString = false;
-      stringQuote = "";
-    }
-  }
-
-  return output;
-}
-
 function normalizePolicy(value: unknown): PermissionDefaultPolicy {
   const record = toRecord(value);
   return {
@@ -592,25 +513,17 @@ export class PermissionManager {
       return this.globalConfigCache.value;
     }
 
-    let value: GlobalPermissionConfig;
-    try {
-      const raw = readFileSync(this.globalConfigPath, "utf-8");
-      const parsed = JSON.parse(stripJsonComments(raw)) as unknown;
-      const { permissions: normalized, configIssues } =
-        normalizeRawPermission(parsed);
-      this.accumulateConfigIssues(configIssues);
-
-      value = {
-        defaultPolicy: normalizePolicy(normalized.defaultPolicy),
-        tools: normalized.tools || {},
-        bash: normalized.bash || {},
-        mcp: normalized.mcp || {},
-        skills: normalized.skills || {},
-        special: normalized.special || {},
-      };
-    } catch {
-      value = EMPTY_GLOBAL_CONFIG;
-    }
+    const { config, issues } = loadUnifiedConfig(this.globalConfigPath);
+    this.accumulateConfigIssues(issues);
+
+    const value: GlobalPermissionConfig = {
+      defaultPolicy: normalizePolicy(config.defaultPolicy),
+      tools: config.tools || {},
+      bash: config.bash || {},
+      mcp: config.mcp || {},
+      skills: config.skills || {},
+      special: config.special || {},
+    };
 
     this.globalConfigCache = { stamp, value };
     return value;
@@ -626,16 +539,17 @@ export class PermissionManager {
       return this.projectGlobalConfigCache.value;
     }
 
-    let value: AgentPermissions;
-    try {
-      const raw = readFileSync(this.projectGlobalConfigPath, "utf-8");
-      const parsed = JSON.parse(stripJsonComments(raw)) as unknown;
-      const result = normalizeRawPermission(parsed);
-      value = result.permissions;
-      this.accumulateConfigIssues(result.configIssues);
-    } catch {
-      value = {};
-    }
+    const { config, issues } = loadUnifiedConfig(this.projectGlobalConfigPath);
+    this.accumulateConfigIssues(issues);
+
+    const value: AgentPermissions = {
+      defaultPolicy: config.defaultPolicy,
+      tools: config.tools,
+      bash: config.bash,
+      mcp: config.mcp,
+      skills: config.skills,
+      special: config.special,
+    };
 
     this.projectGlobalConfigCache = { stamp, value };
     return value;

package/src/permission-prompts.ts

@@ -0,0 +1,131 @@
+import type { SkillPromptEntry } from "./skill-prompt-sanitizer.js";
+import { formatToolInputForPrompt } from "./tool-input-preview.js";
+import type { PermissionCheckResult } from "./types.js";
+
+export function formatMissingToolNameReason(): string {
+  return "Tool call was blocked because no tool name was provided. Use a registered tool name from pi.getAllTools().";
+}
+
+export function formatUnknownToolReason(
+  toolName: string,
+  availableToolNames: readonly string[],
+): string {
+  const preview = availableToolNames.slice(0, 10);
+  const suffix = availableToolNames.length > preview.length ? ", ..." : "";
+  const availableList =
+    preview.length > 0 ? `${preview.join(", ")}${suffix}` : "none";
+
+  const mcpHint =
+    toolName === "mcp"
+      ? ""
+      : ' If this was intended as an MCP server tool, call the registered \'mcp\' tool when available (for example: {"tool":"server:tool"}).';
+
+  return `Tool '${toolName}' is not registered in this runtime and was blocked before permission checks.${mcpHint} Registered tools: ${availableList}.`;
+}
+
+export function formatPermissionHardStopHint(
+  result: PermissionCheckResult,
+): string {
+  if ((result.source === "mcp" || result.toolName === "mcp") && result.target) {
+    return "Hard stop: this MCP permission denial is policy-enforced. Do not retry this target, do not run discovery/investigation to bypass it, and report the block to the user.";
+  }
+
+  return "Hard stop: this permission denial is policy-enforced. Do not retry or investigate bypasses; report the block to the user.";
+}
+
+export function formatDenyReason(
+  result: PermissionCheckResult,
+  agentName?: string,
+): string {
+  const parts: string[] = [];
+
+  if (agentName) {
+    parts.push(`Agent '${agentName}'`);
+  }
+
+  if ((result.source === "mcp" || result.toolName === "mcp") && result.target) {
+    parts.push(`is not permitted to run MCP target '${result.target}'`);
+  } else {
+    parts.push(`is not permitted to run '${result.toolName}'`);
+  }
+
+  if (result.command) {
+    parts.push(`command '${result.command}'`);
+  }
+
+  if (result.matchedPattern) {
+    parts.push(`(matched '${result.matchedPattern}')`);
+  }
+
+  return `${parts.join(" ")}. ${formatPermissionHardStopHint(result)}`;
+}
+
+export function formatUserDeniedReason(
+  result: PermissionCheckResult,
+  denialReason?: string,
+): string {
+  const base =
+    (result.source === "mcp" || result.toolName === "mcp") && result.target
+      ? `User denied MCP target '${result.target}'.`
+      : result.toolName === "bash" && result.command
+        ? `User denied bash command '${result.command}'.`
+        : `User denied tool '${result.toolName}'.`;
+  const reasonSuffix = denialReason ? ` Reason: ${denialReason}.` : "";
+
+  return `${base}${reasonSuffix} ${formatPermissionHardStopHint(result)}`;
+}
+
+export function formatAskPrompt(
+  result: PermissionCheckResult,
+  agentName?: string,
+  input?: unknown,
+): string {
+  const subject = agentName ? `Agent '${agentName}'` : "Current agent";
+
+  if (result.toolName === "bash") {
+    const patternInfo = result.matchedPattern
+      ? ` (matched '${result.matchedPattern}')`
+      : "";
+    return `${subject} requested bash command '${result.command || ""}'${patternInfo}. Allow this command?`;
+  }
+
+  if ((result.source === "mcp" || result.toolName === "mcp") && result.target) {
+    const patternInfo = result.matchedPattern
+      ? ` (matched '${result.matchedPattern}')`
+      : "";
+    return `${subject} requested MCP target '${result.target}'${patternInfo}. Allow this call?`;
+  }
+
+  const patternInfo = result.matchedPattern
+    ? ` (matched '${result.matchedPattern}')`
+    : "";
+  const inputPreview = formatToolInputForPrompt(result.toolName, input);
+  const inputSuffix = inputPreview ? ` ${inputPreview}` : "";
+  return `${subject} requested tool '${result.toolName}'${patternInfo}${inputSuffix}. Allow this call?`;
+}
+
+export function formatSkillAskPrompt(
+  skillName: string,
+  agentName?: string,
+): string {
+  const subject = agentName ? `Agent '${agentName}'` : "Current agent";
+  return `${subject} requested skill '${skillName}'. Allow loading this skill?`;
+}
+
+export function formatSkillPathAskPrompt(
+  skill: SkillPromptEntry,
+  readPath: string,
+  agentName?: string,
+): string {
+  const subject = agentName ? `Agent '${agentName}'` : "Current agent";
+  return `${subject} requested access to skill '${skill.name}' via '${readPath}'. Allow this read?`;
+}
+
+export function formatSkillPathDenyReason(
+  skill: SkillPromptEntry,
+  readPath: string,
+  agentName?: string,
+): string {
+  const subject = agentName ? `Agent '${agentName}'` : "Current agent";
+  return `${subject} is not permitted to access skill '${skill.name}' via '${readPath}'.`;
+}

package/src/subagent-context.ts

@@ -0,0 +1,52 @@
+import { normalize } from "node:path";
+import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
+
+import { SUBAGENT_ENV_HINT_KEYS } from "./permission-forwarding.js";
+
+export function normalizeFilesystemPath(pathValue: string): string {
+  const normalizedPath = normalize(pathValue);
+  return process.platform === "win32"
+    ? normalizedPath.toLowerCase()
+    : normalizedPath;
+}
+
+function isPathWithinDirectoryForSubagent(
+  pathValue: string,
+  directory: string,
+): boolean {
+  if (!pathValue || !directory) {
+    return false;
+  }
+
+  if (pathValue === directory) {
+    return true;
+  }
+
+  const sep = process.platform === "win32" ? "\\" : "/";
+  const prefix = directory.endsWith(sep) ? directory : `${directory}${sep}`;
+  return pathValue.startsWith(prefix);
+}
+
+export function isSubagentExecutionContext(
+  ctx: ExtensionContext,
+  subagentSessionsDir: string,
+): boolean {
+  for (const key of SUBAGENT_ENV_HINT_KEYS) {
+    const value = process.env[key];
+    if (typeof value === "string" && value.trim()) {
+      return true;
+    }
+  }
+
+  const sessionDir = ctx.sessionManager.getSessionDir();
+  if (!sessionDir) {
+    return false;
+  }
+
+  const normalizedSessionDir = normalizeFilesystemPath(sessionDir);
+  const normalizedSubagentRoot = normalizeFilesystemPath(subagentSessionsDir);
+  return isPathWithinDirectoryForSubagent(
+    normalizedSessionDir,
+    normalizedSubagentRoot,
+  );
+}

package/src/tool-input-preview.ts

@@ -0,0 +1,206 @@
+import { getNonEmptyString, toRecord } from "./common.js";
+import { safeJsonStringify } from "./logging.js";
+import type { PermissionCheckResult } from "./types.js";
+
+export const TOOL_INPUT_PREVIEW_MAX_LENGTH = 200;
+export const TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH = 1000;
+export const TOOL_TEXT_SUMMARY_MAX_LENGTH = 80;
+
+export function truncateInlineText(value: string, maxLength: number): string {
+  return value.length > maxLength ? `${value.slice(0, maxLength)}…` : value;
+}
+
+export function sanitizeInlineText(
+  value: string,
+  maxLength = TOOL_TEXT_SUMMARY_MAX_LENGTH,
+): string {
+  const normalized = value.replace(/\s+/g, " ").trim();
+  return normalized ? truncateInlineText(normalized, maxLength) : "empty text";
+}
+
+export function countTextLines(value: string): number {
+  if (!value) {
+    return 0;
+  }
+
+  return value.split(/\r\n|\r|\n/).length;
+}
+
+export function formatCount(
+  value: number,
+  singular: string,
+  plural: string,
+): string {
+  return `${value} ${value === 1 ? singular : plural}`;
+}
+
+export function getPromptPath(input: Record<string, unknown>): string | null {
+  return getNonEmptyString(input.path) ?? getNonEmptyString(input.file_path);
+}
+
+export function formatEditInputForPrompt(
+  input: Record<string, unknown>,
+): string {
+  const path = getPromptPath(input);
+  const rawEdits = Array.isArray(input.edits)
+    ? input.edits
+    : typeof input.oldText === "string" && typeof input.newText === "string"
+      ? [{ oldText: input.oldText, newText: input.newText }]
+      : [];
+
+  const edits = rawEdits
+    .map((edit) => toRecord(edit))
+    .filter(
+      (edit) =>
+        typeof edit.oldText === "string" && typeof edit.newText === "string",
+    );
+
+  const pathPart = path ? `for '${path}'` : "";
+  if (edits.length === 0) {
+    return pathPart ? `${pathPart} with edit input` : "with edit input";
+  }
+
+  const firstEdit = edits[0];
+  const oldText = String(firstEdit.oldText);
+  const newText = String(firstEdit.newText);
+  const firstEditSummary = `edit #1 replaces ${formatCount(countTextLines(oldText), "line", "lines")} with ${formatCount(countTextLines(newText), "line", "lines")}`;
+  const extraEdits =
+    edits.length > 1
+      ? `, plus ${formatCount(edits.length - 1, "additional edit", "additional edits")}`
+      : "";
+  const summary = `(${formatCount(edits.length, "replacement", "replacements")}: ${firstEditSummary}${extraEdits})`;
+  return pathPart ? `${pathPart} ${summary}` : summary;
+}
+
+export function formatWriteInputForPrompt(
+  input: Record<string, unknown>,
+): string {
+  const path = getPromptPath(input);
+  const content = typeof input.content === "string" ? input.content : "";
+  const summary = `(${formatCount(countTextLines(content), "line", "lines")}, ${formatCount(content.length, "character", "characters")})`;
+  return path ? `for '${path}' ${summary}` : summary;
+}
+
+export function formatReadInputForPrompt(
+  input: Record<string, unknown>,
+): string {
+  const path = getPromptPath(input);
+  const parts = path ? [`path '${path}'`] : [];
+  if (typeof input.offset === "number") {
+    parts.push(`offset ${input.offset}`);
+  }
+  if (typeof input.limit === "number") {
+    parts.push(`limit ${input.limit}`);
+  }
+  return parts.length > 0 ? `for ${parts.join(", ")}` : "";
+}
+
+export function formatSearchInputForPrompt(
+  toolName: string,
+  input: Record<string, unknown>,
+): string {
+  const parts: string[] = [];
+  const path = getPromptPath(input);
+  const pattern = getNonEmptyString(input.pattern);
+  const glob = getNonEmptyString(input.glob);
+
+  if (pattern) {
+    parts.push(`pattern '${sanitizeInlineText(pattern)}'`);
+  }
+  if (glob) {
+    parts.push(`glob '${sanitizeInlineText(glob)}'`);
+  }
+  if (path) {
+    parts.push(`path '${path}'`);
+  } else if (toolName === "find" || toolName === "grep" || toolName === "ls") {
+    parts.push("current working directory");
+  }
+
+  return parts.length > 0 ? `for ${parts.join(", ")}` : "";
+}
+
+export function serializeToolInputPreview(input: unknown): string {
+  const serialized = safeJsonStringify(input);
+  if (!serialized || serialized === "{}" || serialized === "null") {
+    return "";
+  }
+
+  return serialized.replace(/\s+/g, " ").trim();
+}
+
+export function formatJsonInputForPrompt(input: unknown): string {
+  const inline = serializeToolInputPreview(input);
+  return inline
+    ? `with input ${truncateInlineText(inline, TOOL_INPUT_PREVIEW_MAX_LENGTH)}`
+    : "";
+}
+
+export function formatToolInputForPrompt(
+  toolName: string,
+  input: unknown,
+): string {
+  const inputRecord = toRecord(input);
+
+  switch (toolName) {
+    case "edit":
+      return formatEditInputForPrompt(inputRecord);
+    case "write":
+      return formatWriteInputForPrompt(inputRecord);
+    case "read":
+      return formatReadInputForPrompt(inputRecord);
+    case "find":
+    case "grep":
+    case "ls":
+      return formatSearchInputForPrompt(toolName, inputRecord);
+    default:
+      return formatJsonInputForPrompt(input);
+  }
+}
+
+export function formatGenericToolInputForLog(
+  input: unknown,
+): string | undefined {
+  const inline = serializeToolInputPreview(input);
+  return inline
+    ? `input ${truncateInlineText(inline, TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH)}`
+    : undefined;
+}
+
+export function getToolInputPreviewForLog(
+  result: PermissionCheckResult,
+  input: unknown,
+  pathBearingTools: ReadonlySet<string>,
+): string | undefined {
+  if (
+    result.toolName === "bash" ||
+    result.toolName === "mcp" ||
+    result.source === "mcp"
+  ) {
+    return undefined;
+  }
+
+  if (pathBearingTools.has(result.toolName)) {
+    const inputPreview = formatToolInputForPrompt(result.toolName, input);
+    return inputPreview
+      ? truncateInlineText(inputPreview, TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH)
+      : undefined;
+  }
+
+  return formatGenericToolInputForLog(input);
+}
+
+export function getPermissionLogContext(
+  result: PermissionCheckResult,
+  input: unknown,
+  pathBearingTools: ReadonlySet<string>,
+): { command?: string; target?: string; toolInputPreview?: string } {
+  return {
+    command: result.command,
+    target: result.target,
+    toolInputPreview: getToolInputPreviewForLog(
+      result,
+      input,
+      pathBearingTools,
+    ),
+  };
+}