@gotgenes/pi-permission-system 2.0.0 → 3.0.1

package/tests/external-directory.test.ts

@@ -0,0 +1,250 @@
+import { join } from "node:path";
+import { afterEach, describe, expect, test, vi } from "vitest";
+
+// Mock node:os so tilde-expansion is deterministic across platforms.
+vi.mock("node:os", () => ({
+  homedir: vi.fn(() => "/mock/home"),
+}));
+
+import {
+  formatExternalDirectoryAskPrompt,
+  formatExternalDirectoryDenyReason,
+  formatExternalDirectoryHardStopHint,
+  formatExternalDirectoryUserDeniedReason,
+  getPathBearingToolPath,
+  isPathOutsideWorkingDirectory,
+  isPathWithinDirectory,
+  normalizePathForComparison,
+  PATH_BEARING_TOOLS,
+} from "../src/external-directory.js";
+
+afterEach(() => {
+  vi.restoreAllMocks();
+});
+
+describe("PATH_BEARING_TOOLS", () => {
+  test("contains the expected tool names", () => {
+    for (const tool of ["read", "write", "edit", "find", "grep", "ls"]) {
+      expect(PATH_BEARING_TOOLS.has(tool)).toBe(true);
+    }
+  });
+
+  test("does not contain bash or mcp", () => {
+    expect(PATH_BEARING_TOOLS.has("bash")).toBe(false);
+    expect(PATH_BEARING_TOOLS.has("mcp")).toBe(false);
+  });
+});
+
+describe("normalizePathForComparison", () => {
+  const cwd = "/projects/my-app";
+
+  test("resolves absolute path unchanged", () => {
+    expect(normalizePathForComparison("/usr/local/bin", cwd)).toBe(
+      "/usr/local/bin",
+    );
+  });
+
+  test("resolves relative path against cwd", () => {
+    expect(normalizePathForComparison("src/foo.ts", cwd)).toBe(
+      "/projects/my-app/src/foo.ts",
+    );
+  });
+
+  test("expands bare ~ to homedir", () => {
+    expect(normalizePathForComparison("~", cwd)).toBe("/mock/home");
+  });
+
+  test("expands ~/... to homedir-relative path", () => {
+    expect(normalizePathForComparison("~/docs/readme.md", cwd)).toBe(
+      join("/mock/home", "docs/readme.md"),
+    );
+  });
+
+  test("strips leading @ before resolving", () => {
+    expect(normalizePathForComparison("@/usr/local/bin", cwd)).toBe(
+      "/usr/local/bin",
+    );
+  });
+
+  test("strips surrounding quotes", () => {
+    expect(normalizePathForComparison("'/usr/local/bin'", cwd)).toBe(
+      "/usr/local/bin",
+    );
+    expect(normalizePathForComparison('"/usr/local/bin"', cwd)).toBe(
+      "/usr/local/bin",
+    );
+  });
+
+  test("returns empty string for blank/whitespace-only path", () => {
+    expect(normalizePathForComparison("", cwd)).toBe("");
+    expect(normalizePathForComparison("   ", cwd)).toBe("");
+  });
+});
+
+describe("isPathWithinDirectory", () => {
+  test("returns true when path equals directory", () => {
+    expect(isPathWithinDirectory("/a/b", "/a/b")).toBe(true);
+  });
+
+  test("returns true when path is a direct child", () => {
+    expect(isPathWithinDirectory("/a/b/c", "/a/b")).toBe(true);
+  });
+
+  test("returns true when path is a deep descendant", () => {
+    expect(isPathWithinDirectory("/a/b/c/d/e", "/a/b")).toBe(true);
+  });
+
+  test("returns false when path is a sibling directory", () => {
+    expect(isPathWithinDirectory("/a/bc", "/a/b")).toBe(false);
+  });
+
+  test("returns false when path is outside the directory", () => {
+    expect(isPathWithinDirectory("/other/path", "/a/b")).toBe(false);
+  });
+
+  test("returns false for empty path", () => {
+    expect(isPathWithinDirectory("", "/a/b")).toBe(false);
+  });
+
+  test("returns false for empty directory", () => {
+    expect(isPathWithinDirectory("/a/b", "")).toBe(false);
+  });
+});
+
+describe("getPathBearingToolPath", () => {
+  test("returns path for a path-bearing tool", () => {
+    expect(getPathBearingToolPath("read", { path: "/src/foo.ts" })).toBe(
+      "/src/foo.ts",
+    );
+  });
+
+  test("returns null for a non-path-bearing tool", () => {
+    expect(getPathBearingToolPath("bash", { path: "/src/foo.ts" })).toBeNull();
+    expect(getPathBearingToolPath("mcp", { path: "/src/foo.ts" })).toBeNull();
+    expect(getPathBearingToolPath("task", { path: "/src/foo.ts" })).toBeNull();
+  });
+
+  test("returns null when input has no path", () => {
+    expect(getPathBearingToolPath("read", {})).toBeNull();
+    expect(getPathBearingToolPath("read", { path: "" })).toBeNull();
+    expect(getPathBearingToolPath("read", null)).toBeNull();
+  });
+});
+
+describe("isPathOutsideWorkingDirectory", () => {
+  const cwd = "/projects/my-app";
+
+  test("returns false when path is inside cwd", () => {
+    expect(isPathOutsideWorkingDirectory("/projects/my-app/src", cwd)).toBe(
+      false,
+    );
+  });
+
+  test("returns false when path equals cwd", () => {
+    expect(isPathOutsideWorkingDirectory("/projects/my-app", cwd)).toBe(false);
+  });
+
+  test("returns true when path is outside cwd", () => {
+    expect(isPathOutsideWorkingDirectory("/etc/passwd", cwd)).toBe(true);
+  });
+
+  test("returns true for home directory when outside cwd", () => {
+    expect(isPathOutsideWorkingDirectory("~/secrets", cwd)).toBe(true);
+  });
+
+  test("returns false for relative path resolving inside cwd", () => {
+    expect(isPathOutsideWorkingDirectory("src/index.ts", cwd)).toBe(false);
+  });
+
+  test("returns false for empty path (normalizes to empty string)", () => {
+    expect(isPathOutsideWorkingDirectory("", cwd)).toBe(false);
+  });
+});
+
+describe("formatExternalDirectoryHardStopHint", () => {
+  test("returns the hard stop instruction string", () => {
+    const hint = formatExternalDirectoryHardStopHint();
+    expect(hint).toContain("Hard stop");
+    expect(hint).toContain("external directory");
+  });
+});
+
+describe("formatExternalDirectoryAskPrompt", () => {
+  test("uses 'Current agent' when no agent name provided", () => {
+    const result = formatExternalDirectoryAskPrompt(
+      "read",
+      "/etc/passwd",
+      "/projects/my-app",
+    );
+    expect(result).toContain("Current agent");
+    expect(result).toContain("read");
+    expect(result).toContain("/etc/passwd");
+    expect(result).toContain("/projects/my-app");
+  });
+
+  test("uses agent name when provided", () => {
+    const result = formatExternalDirectoryAskPrompt(
+      "write",
+      "/tmp/out.txt",
+      "/projects/my-app",
+      "my-agent",
+    );
+    expect(result).toContain("Agent 'my-agent'");
+    expect(result).toContain("write");
+    expect(result).toContain("/tmp/out.txt");
+  });
+});
+
+describe("formatExternalDirectoryDenyReason", () => {
+  test("includes tool name, path, cwd, agent name, and hard stop hint", () => {
+    const result = formatExternalDirectoryDenyReason(
+      "read",
+      "/etc/passwd",
+      "/projects/my-app",
+      "sec-agent",
+    );
+    expect(result).toContain("Agent 'sec-agent'");
+    expect(result).toContain("read");
+    expect(result).toContain("/etc/passwd");
+    expect(result).toContain("/projects/my-app");
+    expect(result).toContain("Hard stop");
+  });
+
+  test("uses 'Current agent' without agent name", () => {
+    const result = formatExternalDirectoryDenyReason(
+      "read",
+      "/etc",
+      "/projects",
+    );
+    expect(result).toContain("Current agent");
+  });
+});
+
+describe("formatExternalDirectoryUserDeniedReason", () => {
+  test("includes tool name and path", () => {
+    const result = formatExternalDirectoryUserDeniedReason(
+      "edit",
+      "/etc/hosts",
+    );
+    expect(result).toContain("edit");
+    expect(result).toContain("/etc/hosts");
+    expect(result).toContain("Hard stop");
+  });
+
+  test("appends denial reason when provided", () => {
+    const result = formatExternalDirectoryUserDeniedReason(
+      "edit",
+      "/etc/hosts",
+      "too risky",
+    );
+    expect(result).toContain("Reason: too risky");
+  });
+
+  test("omits reason suffix when not provided", () => {
+    const result = formatExternalDirectoryUserDeniedReason(
+      "edit",
+      "/etc/hosts",
+    );
+    expect(result).not.toContain("Reason:");
+  });
+});

package/tests/permission-prompts.test.ts

@@ -0,0 +1,301 @@
+import { afterEach, describe, expect, test, vi } from "vitest";
+
+// Mock tool-input-preview collaborator before importing the module under test.
+vi.mock("../src/tool-input-preview.js", () => ({
+  formatToolInputForPrompt: vi.fn(() => "mocked preview"),
+}));
+
+import {
+  formatAskPrompt,
+  formatDenyReason,
+  formatMissingToolNameReason,
+  formatPermissionHardStopHint,
+  formatSkillAskPrompt,
+  formatSkillPathAskPrompt,
+  formatSkillPathDenyReason,
+  formatUnknownToolReason,
+  formatUserDeniedReason,
+} from "../src/permission-prompts.js";
+import type { SkillPromptEntry } from "../src/skill-prompt-sanitizer.js";
+import { formatToolInputForPrompt } from "../src/tool-input-preview.js";
+import type { PermissionCheckResult } from "../src/types.js";
+
+const mockedFormatToolInput = vi.mocked(formatToolInputForPrompt);
+
+afterEach(() => {
+  vi.clearAllMocks();
+  vi.restoreAllMocks();
+});
+
+function toolResult(
+  toolName: string,
+  overrides: Partial<PermissionCheckResult> = {},
+): PermissionCheckResult {
+  return { toolName, state: "ask", source: "tool", ...overrides };
+}
+
+function mcpResult(
+  target: string,
+  overrides: Partial<PermissionCheckResult> = {},
+): PermissionCheckResult {
+  return {
+    toolName: "mcp",
+    target,
+    state: "ask",
+    source: "tool",
+    ...overrides,
+  };
+}
+
+function skillEntry(name: string): SkillPromptEntry {
+  return {
+    name,
+    description: "A skill",
+    location: `/skills/${name}/SKILL.md`,
+    state: "ask",
+    normalizedLocation: `/skills/${name}/SKILL.md`,
+    normalizedBaseDir: `/skills/${name}`,
+  };
+}
+
+describe("formatMissingToolNameReason", () => {
+  test("mentions missing tool name and pi.getAllTools()", () => {
+    const result = formatMissingToolNameReason();
+    expect(result).toContain("no tool name");
+    expect(result).toContain("pi.getAllTools()");
+  });
+});
+
+describe("formatUnknownToolReason", () => {
+  test("mentions the unknown tool name and lists available tools", () => {
+    const result = formatUnknownToolReason("phantom", ["read", "write"]);
+    expect(result).toContain("phantom");
+    expect(result).toContain("read");
+    expect(result).toContain("write");
+  });
+
+  test("includes MCP hint for non-mcp tool names", () => {
+    const result = formatUnknownToolReason("my-server:tool", ["mcp"]);
+    expect(result).toContain("mcp");
+  });
+
+  test("omits MCP hint when tool name is 'mcp'", () => {
+    const result = formatUnknownToolReason("mcp", []);
+    expect(result).not.toContain("call the registered 'mcp' tool");
+  });
+
+  test("shows 'none' when no tools are registered", () => {
+    const result = formatUnknownToolReason("ghost", []);
+    expect(result).toContain("none");
+  });
+
+  test("caps preview at 10 tools and appends ellipsis for longer lists", () => {
+    const tools = Array.from({ length: 15 }, (_, i) => `tool${i}`);
+    const result = formatUnknownToolReason("ghost", tools);
+    expect(result).toContain("...");
+  });
+});
+
+describe("formatPermissionHardStopHint", () => {
+  test("returns MCP-specific message for mcp tool with target", () => {
+    const result = formatPermissionHardStopHint(mcpResult("server:tool"));
+    expect(result).toContain("MCP permission denial");
+  });
+
+  test("returns MCP-specific message for mcp source with target", () => {
+    const result = formatPermissionHardStopHint(
+      toolResult("anything", { source: "mcp", target: "server:tool" }),
+    );
+    expect(result).toContain("MCP permission denial");
+  });
+
+  test("returns generic message for non-MCP tools", () => {
+    const result = formatPermissionHardStopHint(toolResult("read"));
+    expect(result).toContain("Hard stop");
+    expect(result).not.toContain("MCP");
+  });
+});
+
+describe("formatDenyReason", () => {
+  test("includes tool name and hard stop hint", () => {
+    const result = formatDenyReason(toolResult("read"));
+    expect(result).toContain("read");
+    expect(result).toContain("Hard stop");
+  });
+
+  test("includes agent name when provided", () => {
+    const result = formatDenyReason(toolResult("write"), "my-agent");
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("includes MCP target for mcp results", () => {
+    const result = formatDenyReason(mcpResult("server:do-thing"));
+    expect(result).toContain("server:do-thing");
+    expect(result).toContain("MCP");
+  });
+
+  test("includes bash command when present", () => {
+    const result = formatDenyReason(
+      toolResult("bash", { command: "rm -rf /" }),
+    );
+    expect(result).toContain("rm -rf /");
+  });
+
+  test("includes matched pattern when present", () => {
+    const result = formatDenyReason(
+      toolResult("bash", { command: "rm -rf /", matchedPattern: "rm *" }),
+    );
+    expect(result).toContain("matched 'rm *'");
+  });
+});
+
+describe("formatUserDeniedReason", () => {
+  test("mentions tool name for generic tools", () => {
+    const result = formatUserDeniedReason(toolResult("read"));
+    expect(result).toContain("read");
+    expect(result).toContain("Hard stop");
+  });
+
+  test("mentions bash command for bash results", () => {
+    const result = formatUserDeniedReason(
+      toolResult("bash", { command: "ls -la" }),
+    );
+    expect(result).toContain("ls -la");
+  });
+
+  test("mentions MCP target for mcp results", () => {
+    const result = formatUserDeniedReason(mcpResult("server:query"));
+    expect(result).toContain("server:query");
+  });
+
+  test("appends denial reason when provided", () => {
+    const result = formatUserDeniedReason(toolResult("read"), "too sensitive");
+    expect(result).toContain("Reason: too sensitive");
+  });
+
+  test("omits reason suffix when not provided", () => {
+    const result = formatUserDeniedReason(toolResult("read"));
+    expect(result).not.toContain("Reason:");
+  });
+});
+
+describe("formatAskPrompt", () => {
+  test("uses 'Current agent' when no agent name given", () => {
+    const result = formatAskPrompt(toolResult("read"), undefined, {
+      path: "/src",
+    });
+    expect(result).toContain("Current agent");
+  });
+
+  test("uses agent name when provided", () => {
+    const result = formatAskPrompt(toolResult("read"), "my-agent", {
+      path: "/src",
+    });
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("formats bash prompt with command and no tool-input-preview call", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", { command: "git status" }),
+    );
+    expect(result).toContain("git status");
+    expect(result).toContain("Allow this command?");
+    expect(mockedFormatToolInput).not.toHaveBeenCalled();
+  });
+
+  test("formats bash prompt with matched pattern", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", { command: "git push", matchedPattern: "git *" }),
+    );
+    expect(result).toContain("matched 'git *'");
+  });
+
+  test("formats MCP prompt with target", () => {
+    const result = formatAskPrompt(mcpResult("server:query"));
+    expect(result).toContain("server:query");
+    expect(result).toContain("Allow this call?");
+    expect(mockedFormatToolInput).not.toHaveBeenCalled();
+  });
+
+  test("formats MCP prompt with matched pattern", () => {
+    const result = formatAskPrompt(
+      mcpResult("server:query", { matchedPattern: "server:*" }),
+    );
+    expect(result).toContain("matched 'server:*'");
+  });
+
+  test("calls formatToolInputForPrompt for non-bash non-mcp tools", () => {
+    mockedFormatToolInput.mockReturnValue("for '/src/foo.ts'");
+    const result = formatAskPrompt(toolResult("read"), undefined, {
+      path: "/src/foo.ts",
+    });
+    expect(mockedFormatToolInput).toHaveBeenCalledWith("read", {
+      path: "/src/foo.ts",
+    });
+    expect(result).toContain("for '/src/foo.ts'");
+    expect(result).toContain("Allow this call?");
+  });
+
+  test("omits input suffix when formatToolInputForPrompt returns empty string", () => {
+    mockedFormatToolInput.mockReturnValue("");
+    const result = formatAskPrompt(toolResult("task"));
+    expect(result).toContain("task");
+    expect(result).not.toContain("undefined");
+  });
+});
+
+describe("formatSkillAskPrompt", () => {
+  test("includes skill name and agent name", () => {
+    const result = formatSkillAskPrompt("librarian", "my-agent");
+    expect(result).toContain("librarian");
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("uses 'Current agent' without agent name", () => {
+    const result = formatSkillAskPrompt("librarian");
+    expect(result).toContain("Current agent");
+    expect(result).toContain("librarian");
+  });
+});
+
+describe("formatSkillPathAskPrompt", () => {
+  test("includes skill name, read path, and agent name", () => {
+    const result = formatSkillPathAskPrompt(
+      skillEntry("librarian"),
+      "/skills/librarian/SKILL.md",
+      "my-agent",
+    );
+    expect(result).toContain("librarian");
+    expect(result).toContain("/skills/librarian/SKILL.md");
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("uses 'Current agent' without agent name", () => {
+    const result = formatSkillPathAskPrompt(
+      skillEntry("librarian"),
+      "/skills/librarian/SKILL.md",
+    );
+    expect(result).toContain("Current agent");
+  });
+});
+
+describe("formatSkillPathDenyReason", () => {
+  test("includes skill name, read path, and agent name", () => {
+    const result = formatSkillPathDenyReason(
+      skillEntry("librarian"),
+      "/skills/librarian/SKILL.md",
+      "my-agent",
+    );
+    expect(result).toContain("librarian");
+    expect(result).toContain("/skills/librarian/SKILL.md");
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("uses 'Current agent' without agent name", () => {
+    const result = formatSkillPathDenyReason(
+      skillEntry("librarian"),
+      "/skills/librarian/SKILL.md",
+    );
+    expect(result).toContain("Current agent");
+  });
+});

package/tests/permission-system.test.ts

@@ -5,11 +5,10 @@ import {
   mkdtempSync,
   readFileSync,
   rmSync,
-  unlinkSync,
   writeFileSync,
 } from "node:fs";
 import { tmpdir } from "node:os";
-import { join, resolve } from "node:path";
+import { dirname, join, resolve } from "node:path";
 import { test } from "vitest";
 import { BashFilter } from "../src/bash-filter.js";
 import {
@@ -17,8 +16,8 @@ import {
   createBeforeAgentStartPromptStateKey,
   shouldApplyCachedAgentStartState,
 } from "../src/before-agent-start-cache.js";
+import { getGlobalConfigPath } from "../src/config-paths.js";
 import {
-  CONFIG_PATH,
   DEFAULT_EXTENSION_CONFIG,
   loadPermissionSystemConfig,
   savePermissionSystemConfig,
@@ -156,20 +155,13 @@ function createToolCallHarness(
   const prompts: string[] = [];
   const handlers: Record<string, MockHandler> = {};
   const originalAgentDir = process.env.PI_CODING_AGENT_DIR;
-  const originalExtensionConfig = existsSync(CONFIG_PATH)
-    ? readFileSync(CONFIG_PATH, "utf8")
-    : null;
-
+  const globalConfigPath = getGlobalConfigPath(baseDir);
   mkdirSync(join(baseDir, "agents"), { recursive: true });
+  mkdirSync(dirname(globalConfigPath), { recursive: true });
   mkdirSync(cwd, { recursive: true });
   writeFileSync(
-    join(baseDir, "pi-permissions.jsonc"),
-    `${JSON.stringify(config, null, 2)}\n`,
-    "utf8",
-  );
-  writeFileSync(
-    CONFIG_PATH,
-    `${JSON.stringify(DEFAULT_EXTENSION_CONFIG, null, 2)}\n`,
+    globalConfigPath,
+    `${JSON.stringify({ ...DEFAULT_EXTENSION_CONFIG, ...config }, null, 2)}\n`,
     "utf8",
   );
 
@@ -208,13 +200,6 @@ function createToolCallHarness(
           createMockContext(cwd, prompts, options),
         ),
       );
-      if (originalExtensionConfig === null) {
-        if (existsSync(CONFIG_PATH)) {
-          unlinkSync(CONFIG_PATH);
-        }
-      } else {
-        writeFileSync(CONFIG_PATH, originalExtensionConfig, "utf8");
-      }
       rmSync(baseDir, { recursive: true, force: true });
     },
   };
@@ -1818,7 +1803,9 @@ permission:
 test("PermissionManager reads config from PI_CODING_AGENT_DIR when set", () => {
   const baseDir = mkdtempSync(join(tmpdir(), "pi-permission-system-envdir-"));
   const agentsDir = join(baseDir, "agents");
+  const newConfigPath = getGlobalConfigPath(baseDir);
   mkdirSync(agentsDir, { recursive: true });
+  mkdirSync(dirname(newConfigPath), { recursive: true });
 
   const config: GlobalPermissionConfig = {
     defaultPolicy: {
@@ -1834,11 +1821,7 @@ test("PermissionManager reads config from PI_CODING_AGENT_DIR when set", () => {
     skills: {},
     special: {},
   };
-  writeFileSync(
-    join(baseDir, "pi-permissions.jsonc"),
-    JSON.stringify(config),
-    "utf8",
-  );
+  writeFileSync(newConfigPath, JSON.stringify(config), "utf8");
 
   const original = process.env.PI_CODING_AGENT_DIR;
   process.env.PI_CODING_AGENT_DIR = baseDir;