@gotgenes/pi-permission-system 2.0.0 → 3.0.1

package/tests/active-agent.test.ts

@@ -0,0 +1,160 @@
+import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
+import { afterEach, describe, expect, test, vi } from "vitest";
+import {
+  ACTIVE_AGENT_TAG_REGEX,
+  getActiveAgentName,
+  getActiveAgentNameFromSystemPrompt,
+  normalizeAgentName,
+} from "../src/active-agent.js";
+
+afterEach(() => {
+  vi.restoreAllMocks();
+});
+
+type SessionEntry = {
+  type: string;
+  customType?: string;
+  data?: unknown;
+};
+
+function makeCtx(entries: SessionEntry[]): ExtensionContext {
+  return {
+    sessionManager: {
+      getEntries: vi.fn(() => entries),
+    },
+  } as unknown as ExtensionContext;
+}
+
+describe("ACTIVE_AGENT_TAG_REGEX", () => {
+  test("matches double-quoted name attribute", () => {
+    const match = '<active_agent name="my-agent">'.match(
+      ACTIVE_AGENT_TAG_REGEX,
+    );
+    expect(match?.[1]).toBe("my-agent");
+  });
+
+  test("matches single-quoted name attribute", () => {
+    const match = "<active_agent name='my-agent'>".match(
+      ACTIVE_AGENT_TAG_REGEX,
+    );
+    expect(match?.[1]).toBe("my-agent");
+  });
+
+  test("is case-insensitive", () => {
+    const match = '<ACTIVE_AGENT name="bot">'.match(ACTIVE_AGENT_TAG_REGEX);
+    expect(match?.[1]).toBe("bot");
+  });
+
+  test("does not match when tag is absent", () => {
+    expect("no tag here".match(ACTIVE_AGENT_TAG_REGEX)).toBeNull();
+  });
+});
+
+describe("normalizeAgentName", () => {
+  test("returns trimmed string for valid input", () => {
+    expect(normalizeAgentName("  my-agent  ")).toBe("my-agent");
+  });
+
+  test("returns null for empty string", () => {
+    expect(normalizeAgentName("")).toBeNull();
+  });
+
+  test("returns null for whitespace-only string", () => {
+    expect(normalizeAgentName("   ")).toBeNull();
+  });
+
+  test("returns null for non-string values", () => {
+    expect(normalizeAgentName(null)).toBeNull();
+    expect(normalizeAgentName(undefined)).toBeNull();
+    expect(normalizeAgentName(42)).toBeNull();
+    expect(normalizeAgentName({})).toBeNull();
+  });
+});
+
+describe("getActiveAgentName", () => {
+  test("returns null when session has no entries", () => {
+    expect(getActiveAgentName(makeCtx([]))).toBeNull();
+  });
+
+  test("returns null when no active_agent custom entry exists", () => {
+    const ctx = makeCtx([{ type: "message", data: { name: "agent" } }]);
+    expect(getActiveAgentName(ctx)).toBeNull();
+  });
+
+  test("returns agent name from active_agent entry", () => {
+    const ctx = makeCtx([
+      { type: "custom", customType: "active_agent", data: { name: "bot" } },
+    ]);
+    expect(getActiveAgentName(ctx)).toBe("bot");
+  });
+
+  test("last-entry-wins: returns name from the last matching entry", () => {
+    const ctx = makeCtx([
+      { type: "custom", customType: "active_agent", data: { name: "first" } },
+      { type: "custom", customType: "active_agent", data: { name: "last" } },
+    ]);
+    expect(getActiveAgentName(ctx)).toBe("last");
+  });
+
+  test("entry with name: null resets agent name to null", () => {
+    const ctx = makeCtx([
+      { type: "custom", customType: "active_agent", data: { name: "bot" } },
+      { type: "custom", customType: "active_agent", data: { name: null } },
+    ]);
+    expect(getActiveAgentName(ctx)).toBeNull();
+  });
+
+  test("skips entries with whitespace-only name and continues scanning", () => {
+    const ctx = makeCtx([
+      { type: "custom", customType: "active_agent", data: { name: "first" } },
+      { type: "custom", customType: "active_agent", data: { name: "   " } },
+    ]);
+    // "   " normalizes to null — not a sentinel reset, keeps scanning backwards
+    expect(getActiveAgentName(ctx)).toBe("first");
+  });
+
+  test("ignores entries with wrong customType", () => {
+    const ctx = makeCtx([
+      { type: "custom", customType: "something_else", data: { name: "bot" } },
+    ]);
+    expect(getActiveAgentName(ctx)).toBeNull();
+  });
+
+  test("ignores entries with wrong type", () => {
+    const ctx = makeCtx([
+      { type: "tool_call", customType: "active_agent", data: { name: "bot" } },
+    ]);
+    expect(getActiveAgentName(ctx)).toBeNull();
+  });
+});
+
+describe("getActiveAgentNameFromSystemPrompt", () => {
+  test("returns null for undefined system prompt", () => {
+    expect(getActiveAgentNameFromSystemPrompt(undefined)).toBeNull();
+  });
+
+  test("returns null for empty system prompt", () => {
+    expect(getActiveAgentNameFromSystemPrompt("")).toBeNull();
+  });
+
+  test("returns null when tag is absent", () => {
+    expect(
+      getActiveAgentNameFromSystemPrompt("You are a helpful assistant."),
+    ).toBeNull();
+  });
+
+  test("extracts agent name from tag in system prompt", () => {
+    const prompt = 'You are helpful.\n<active_agent name="my-bot">\nDo work.';
+    expect(getActiveAgentNameFromSystemPrompt(prompt)).toBe("my-bot");
+  });
+
+  test("returns null when tag name is empty", () => {
+    const prompt = '<active_agent name="">';
+    expect(getActiveAgentNameFromSystemPrompt(prompt)).toBeNull();
+  });
+
+  test("trims whitespace from extracted name", () => {
+    const prompt = '<active_agent name="  trimmed  ">';
+    expect(getActiveAgentNameFromSystemPrompt(prompt)).toBe("trimmed");
+  });
+});

package/tests/bash-filter.test.ts

@@ -0,0 +1,137 @@
+import { afterEach, describe, expect, test, vi } from "vitest";
+
+import type { PermissionState } from "../src/types.js";
+
+// Mock wildcard-matcher before importing the module under test.
+vi.mock("../src/wildcard-matcher.js", () => ({
+  compileWildcardPatterns: vi.fn((patterns: Record<string, PermissionState>) =>
+    Object.entries(patterns).map(([pattern, state]) => ({
+      pattern,
+      state,
+      regex: new RegExp(`^${pattern.replace(/\*/g, ".*")}$`),
+    })),
+  ),
+  findCompiledWildcardMatch: vi.fn(),
+}));
+
+import { BashFilter } from "../src/bash-filter.js";
+import {
+  compileWildcardPatterns,
+  findCompiledWildcardMatch,
+} from "../src/wildcard-matcher.js";
+
+const mockedFindMatch = vi.mocked(findCompiledWildcardMatch);
+
+afterEach(() => {
+  vi.clearAllMocks();
+  vi.restoreAllMocks();
+});
+
+describe("BashFilter.check", () => {
+  test("returns matched state when wildcard-matcher finds a pattern match", () => {
+    mockedFindMatch.mockReturnValue({
+      state: "allow",
+      matchedPattern: "git *",
+      matchedName: "git status",
+    });
+
+    const filter = new BashFilter({ "git *": "allow" }, "ask");
+    const result = filter.check("git status");
+
+    expect(result.state).toBe("allow");
+    expect(result.matchedPattern).toBe("git *");
+    expect(result.command).toBe("git status");
+    expect(mockedFindMatch).toHaveBeenCalledOnce();
+  });
+
+  test("returns default state when wildcard-matcher returns null", () => {
+    mockedFindMatch.mockReturnValue(null);
+
+    const filter = new BashFilter({ "git *": "allow" }, "ask");
+    const result = filter.check("npm install");
+
+    expect(result.state).toBe("ask");
+    expect(result.matchedPattern).toBeUndefined();
+    expect(result.command).toBe("npm install");
+  });
+
+  test("delegates pattern compilation to compileWildcardPatterns", () => {
+    mockedFindMatch.mockReturnValue(null);
+
+    const permissions: Record<string, PermissionState> = {
+      "git *": "allow",
+      "npm *": "deny",
+    };
+    new BashFilter(permissions, "ask");
+
+    expect(compileWildcardPatterns).toHaveBeenCalledWith(permissions);
+  });
+
+  test("default fallback is the configured defaultState", () => {
+    mockedFindMatch.mockReturnValue(null);
+
+    const denyFilter = new BashFilter({}, "deny");
+    expect(denyFilter.check("anything").state).toBe("deny");
+
+    const allowFilter = new BashFilter({}, "allow");
+    expect(allowFilter.check("anything").state).toBe("allow");
+  });
+
+  test("passes command string to findCompiledWildcardMatch", () => {
+    mockedFindMatch.mockReturnValue(null);
+
+    const filter = new BashFilter({}, "ask");
+    filter.check("echo hello");
+
+    expect(mockedFindMatch).toHaveBeenCalledWith(
+      expect.any(Array),
+      "echo hello",
+    );
+  });
+
+  test("empty command falls through to default state", () => {
+    mockedFindMatch.mockReturnValue(null);
+
+    const filter = new BashFilter({}, "ask");
+    const result = filter.check("");
+
+    expect(result.state).toBe("ask");
+    expect(result.command).toBe("");
+  });
+
+  test("accepts pre-compiled pattern list instead of permissions object", () => {
+    mockedFindMatch.mockReturnValue({
+      state: "deny",
+      matchedPattern: "rm *",
+      matchedName: "rm -rf /",
+    });
+
+    const compiledPatterns = [
+      {
+        pattern: "rm *",
+        state: "deny" as const,
+        regex: /^rm .*$/,
+      },
+    ];
+    const filter = new BashFilter(compiledPatterns, "ask");
+    const result = filter.check("rm -rf /");
+
+    // compileWildcardPatterns should NOT be called for a pre-compiled list
+    expect(compileWildcardPatterns).not.toHaveBeenCalled();
+    expect(result.state).toBe("deny");
+  });
+
+  test("last-match-wins: matched pattern state overrides default", () => {
+    mockedFindMatch.mockReturnValue({
+      state: "deny",
+      matchedPattern: "rm *",
+      matchedName: "rm -rf /",
+    });
+
+    const filter = new BashFilter({ "rm *": "deny" }, "allow");
+    const result = filter.check("rm -rf /");
+
+    expect(result.state).toBe("deny");
+    expect(result.matchedPattern).toBe("rm *");
+  });
+});

package/tests/common.test.ts

@@ -0,0 +1,189 @@
+import { afterEach, describe, expect, test, vi } from "vitest";
+
+import {
+  extractFrontmatter,
+  getNonEmptyString,
+  isPermissionState,
+  parseSimpleYamlMap,
+  toRecord,
+} from "../src/common.js";
+
+afterEach(() => {
+  vi.restoreAllMocks();
+});
+
+describe("toRecord", () => {
+  test("returns empty object for null", () => {
+    expect(toRecord(null)).toEqual({});
+  });
+
+  test("returns empty object for undefined", () => {
+    expect(toRecord(undefined)).toEqual({});
+  });
+
+  test("returns empty object for a string", () => {
+    expect(toRecord("hello")).toEqual({});
+  });
+
+  test("returns empty object for a number", () => {
+    expect(toRecord(42)).toEqual({});
+  });
+
+  test("returns empty object for an array", () => {
+    expect(toRecord(["a", "b"])).toEqual({});
+  });
+
+  test("returns the object itself for a plain object", () => {
+    const input = { a: 1, b: "two" };
+    expect(toRecord(input)).toBe(input);
+  });
+
+  test("returns the object for a nested object", () => {
+    const input = { x: { y: 3 } };
+    expect(toRecord(input)).toBe(input);
+  });
+});
+
+describe("getNonEmptyString", () => {
+  test("returns null for non-string values", () => {
+    expect(getNonEmptyString(null)).toBeNull();
+    expect(getNonEmptyString(undefined)).toBeNull();
+    expect(getNonEmptyString(42)).toBeNull();
+    expect(getNonEmptyString({})).toBeNull();
+    expect(getNonEmptyString([])).toBeNull();
+  });
+
+  test("returns null for empty string", () => {
+    expect(getNonEmptyString("")).toBeNull();
+  });
+
+  test("returns null for whitespace-only string", () => {
+    expect(getNonEmptyString("   ")).toBeNull();
+    expect(getNonEmptyString("\t\n")).toBeNull();
+  });
+
+  test("returns trimmed string for valid string", () => {
+    expect(getNonEmptyString("hello")).toBe("hello");
+    expect(getNonEmptyString("  hello  ")).toBe("hello");
+  });
+
+  test("returns single non-whitespace character", () => {
+    expect(getNonEmptyString("a")).toBe("a");
+  });
+});
+
+describe("isPermissionState", () => {
+  test("returns true for 'allow'", () => {
+    expect(isPermissionState("allow")).toBe(true);
+  });
+
+  test("returns true for 'deny'", () => {
+    expect(isPermissionState("deny")).toBe(true);
+  });
+
+  test("returns true for 'ask'", () => {
+    expect(isPermissionState("ask")).toBe(true);
+  });
+
+  test("returns false for unrecognized strings", () => {
+    expect(isPermissionState("ALLOW")).toBe(false);
+    expect(isPermissionState("permit")).toBe(false);
+    expect(isPermissionState("")).toBe(false);
+    expect(isPermissionState("block")).toBe(false);
+  });
+
+  test("returns false for non-string types", () => {
+    expect(isPermissionState(null)).toBe(false);
+    expect(isPermissionState(undefined)).toBe(false);
+    expect(isPermissionState(1)).toBe(false);
+    expect(isPermissionState({})).toBe(false);
+  });
+});
+
+describe("extractFrontmatter", () => {
+  test("returns empty string when no frontmatter delimiter", () => {
+    expect(extractFrontmatter("# Hello\nSome content")).toBe("");
+  });
+
+  test("returns empty string when only opening delimiter with no closing", () => {
+    expect(extractFrontmatter("---\nkey: value")).toBe("");
+  });
+
+  test("returns frontmatter body between delimiters", () => {
+    const markdown = "---\nissue: 1\ntitle: Test\n---\n# Content";
+    expect(extractFrontmatter(markdown)).toBe("issue: 1\ntitle: Test");
+  });
+
+  test("returns empty string when file does not start with ---", () => {
+    expect(extractFrontmatter("content\n---\nkey: val\n---")).toBe("");
+  });
+
+  test("handles CRLF line endings", () => {
+    const markdown = "---\r\nissue: 5\r\n---\r\n# Content";
+    expect(extractFrontmatter(markdown)).toBe("issue: 5");
+  });
+
+  test("returns empty string for empty string input", () => {
+    expect(extractFrontmatter("")).toBe("");
+  });
+
+  test("returns empty frontmatter for --- \\n--- with nothing between", () => {
+    const markdown = "---\n---\n# Content";
+    expect(extractFrontmatter(markdown)).toBe("");
+  });
+});
+
+describe("parseSimpleYamlMap", () => {
+  test("returns empty object for empty string", () => {
+    expect(parseSimpleYamlMap("")).toEqual({});
+  });
+
+  test("parses simple key-value pairs", () => {
+    const yaml = "issue: 21\ntitle: Test";
+    expect(parseSimpleYamlMap(yaml)).toEqual({ issue: "21", title: "Test" });
+  });
+
+  test("strips surrounding quotes from values", () => {
+    const yaml = 'title: "My Title"';
+    expect(parseSimpleYamlMap(yaml)).toEqual({ title: "My Title" });
+
+    const yaml2 = "title: 'My Title'";
+    expect(parseSimpleYamlMap(yaml2)).toEqual({ title: "My Title" });
+  });
+
+  test("skips lines without colon or with colon at position 0", () => {
+    const yaml = "no separator here\n:starts-with-colon: val\nkey: val";
+    const result = parseSimpleYamlMap(yaml);
+    expect(result.key).toBe("val");
+    expect(result["no separator here"]).toBeUndefined();
+  });
+
+  test("skips comment lines", () => {
+    const yaml = "# This is a comment\nkey: value";
+    expect(parseSimpleYamlMap(yaml)).toEqual({ key: "value" });
+  });
+
+  test("skips blank lines", () => {
+    const yaml = "\n\nkey: value\n\n";
+    expect(parseSimpleYamlMap(yaml)).toEqual({ key: "value" });
+  });
+
+  test("parses nested map (child indented under parent)", () => {
+    const yaml = "parent:\n  child: nested_value";
+    const result = parseSimpleYamlMap(yaml);
+    expect(result.parent).toEqual({ child: "nested_value" });
+  });
+
+  test("handles multi-line values correctly (second line is new key)", () => {
+    const yaml = "key1: val1\nkey2: val2";
+    const result = parseSimpleYamlMap(yaml);
+    expect(result.key1).toBe("val1");
+    expect(result.key2).toBe("val2");
+  });
+
+  test("strips quotes from keys", () => {
+    const yaml = '"quoted-key": value';
+    const result = parseSimpleYamlMap(yaml);
+    expect(result["quoted-key"]).toBe("value");
+  });
+});