@gotgenes/pi-permission-system 2.0.0 → 3.0.1

package/tests/session-start.test.ts

@@ -1,19 +1,9 @@
-import {
-  existsSync,
-  mkdirSync,
-  mkdtempSync,
-  readFileSync,
-  rmSync,
-  unlinkSync,
-  writeFileSync,
-} from "node:fs";
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
-import { join } from "node:path";
+import { dirname, join } from "node:path";
 import { afterEach, beforeEach, describe, expect, test } from "vitest";
-import {
-  CONFIG_PATH,
-  DEFAULT_EXTENSION_CONFIG,
-} from "../src/extension-config.js";
+import { getGlobalConfigPath } from "../src/config-paths.js";
+import { DEFAULT_EXTENSION_CONFIG } from "../src/extension-config.js";
 import piPermissionSystemExtension from "../src/index.js";
 import type { GlobalPermissionConfig } from "../src/types.js";
 
@@ -28,16 +18,13 @@ type MockHandler = (
 describe("session_start handler consolidation", () => {
   let baseDir: string;
   let originalAgentDir: string | undefined;
-  let originalExtensionConfig: string | null;
-
   beforeEach(() => {
     baseDir = mkdtempSync(join(tmpdir(), "pi-permission-session-start-"));
     originalAgentDir = process.env.PI_CODING_AGENT_DIR;
-    originalExtensionConfig = existsSync(CONFIG_PATH)
-      ? readFileSync(CONFIG_PATH, "utf8")
-      : null;
 
+    const globalConfigPath = getGlobalConfigPath(baseDir);
     mkdirSync(join(baseDir, "agents"), { recursive: true });
+    mkdirSync(dirname(globalConfigPath), { recursive: true });
 
     const config: GlobalPermissionConfig = {
       defaultPolicy: {
@@ -49,13 +36,8 @@ describe("session_start handler consolidation", () => {
       },
     };
     writeFileSync(
-      join(baseDir, "pi-permissions.jsonc"),
-      `${JSON.stringify(config, null, 2)}\n`,
-      "utf8",
-    );
-    writeFileSync(
-      CONFIG_PATH,
-      `${JSON.stringify(DEFAULT_EXTENSION_CONFIG, null, 2)}\n`,
+      globalConfigPath,
+      `${JSON.stringify({ ...DEFAULT_EXTENSION_CONFIG, ...config }, null, 2)}\n`,
       "utf8",
     );
 
@@ -68,13 +50,6 @@ describe("session_start handler consolidation", () => {
     } else {
       process.env.PI_CODING_AGENT_DIR = originalAgentDir;
     }
-    if (originalExtensionConfig === null) {
-      if (existsSync(CONFIG_PATH)) {
-        unlinkSync(CONFIG_PATH);
-      }
-    } else {
-      writeFileSync(CONFIG_PATH, originalExtensionConfig, "utf8");
-    }
     rmSync(baseDir, { recursive: true, force: true });
   });
 

package/tests/skill-prompt-sanitizer.test.ts

@@ -0,0 +1,244 @@
+import { afterEach, describe, expect, test, vi } from "vitest";
+import type { PermissionManager } from "../src/permission-manager.js";
+import {
+  findSkillPathMatch,
+  resolveSkillPromptEntries,
+} from "../src/skill-prompt-sanitizer.js";
+import type { PermissionCheckResult } from "../src/types.js";
+
+afterEach(() => {
+  vi.restoreAllMocks();
+});
+
+// ── Helpers ────────────────────────────────────────────────────────────────
+
+const CWD = "/projects/my-app";
+
+function makeManager(
+  defaultState: "allow" | "deny" | "ask" = "allow",
+  overrides: Record<string, "allow" | "deny" | "ask"> = {},
+): PermissionManager {
+  return {
+    checkPermission: vi.fn(
+      (_surface: string, input: { name?: string }): PermissionCheckResult => {
+        const name = input.name ?? "";
+        const state = overrides[name] ?? defaultState;
+        return { toolName: "skill", state, source: "tool" };
+      },
+    ),
+  } as unknown as PermissionManager;
+}
+
+function skillBlock(
+  name: string,
+  location = `/skills/${name}/SKILL.md`,
+): string {
+  return [
+    "  <skill>",
+    `    <name>${name}</name>`,
+    `    <description>Description of ${name}</description>`,
+    `    <location>${location}</location>`,
+    "  </skill>",
+  ].join("\n");
+}
+
+function availableSkillsSection(...names: string[]): string {
+  return [
+    "<available_skills>",
+    ...names.map((n) => skillBlock(n)),
+    "</available_skills>",
+  ].join("\n");
+}
+
+// ── resolveSkillPromptEntries ───────────────────────────────────────────────
+
+describe("resolveSkillPromptEntries", () => {
+  test("returns unchanged prompt and empty entries when no skills section present", () => {
+    const input = "You are a helpful assistant.";
+    const manager = makeManager("allow");
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.prompt).toBe(input);
+    expect(result.entries).toEqual([]);
+    expect(manager.checkPermission).not.toHaveBeenCalled();
+  });
+
+  test("keeps all skills when all are allowed", () => {
+    const input = availableSkillsSection("librarian", "ask-user");
+    const manager = makeManager("allow");
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.prompt).toContain("librarian");
+    expect(result.prompt).toContain("ask-user");
+    expect(result.entries).toHaveLength(2);
+  });
+
+  test("removes denied skill from section", () => {
+    const input = availableSkillsSection("librarian", "dangerous");
+    const manager = makeManager("allow", { dangerous: "deny" });
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.prompt).toContain("librarian");
+    expect(result.prompt).not.toContain("dangerous");
+    // denied skill is excluded from returned entries
+    expect(result.entries.map((e) => e.name)).not.toContain("dangerous");
+  });
+
+  test("removes entire section when all skills are denied", () => {
+    const input = `Intro\n${availableSkillsSection("dangerous")}\nOutro`;
+    const manager = makeManager("deny");
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.prompt).not.toContain("<available_skills>");
+    expect(result.prompt).toContain("Intro");
+    expect(result.prompt).toContain("Outro");
+    expect(result.entries).toHaveLength(0);
+  });
+
+  test("keeps ask-state skills in section and entries", () => {
+    const input = availableSkillsSection("librarian");
+    const manager = makeManager("ask");
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.prompt).toContain("librarian");
+    expect(result.entries).toHaveLength(1);
+    expect(result.entries[0].state).toBe("ask");
+  });
+
+  test("delegates permission check to permissionManager for each skill", () => {
+    const input = availableSkillsSection("alpha", "beta");
+    const manager = makeManager("allow");
+    resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(manager.checkPermission).toHaveBeenCalledWith(
+      "skill",
+      { name: "alpha" },
+      undefined,
+    );
+    expect(manager.checkPermission).toHaveBeenCalledWith(
+      "skill",
+      { name: "beta" },
+      undefined,
+    );
+  });
+
+  test("passes agentName to permissionManager", () => {
+    const input = availableSkillsSection("librarian");
+    const manager = makeManager("allow");
+    resolveSkillPromptEntries(input, manager, "my-agent", CWD);
+    expect(manager.checkPermission).toHaveBeenCalledWith(
+      "skill",
+      { name: "librarian" },
+      "my-agent",
+    );
+  });
+
+  test("caches permission result: checkPermission called once per unique skill name", () => {
+    // Same skill appears in two separate sections.
+    const input = [
+      availableSkillsSection("librarian"),
+      availableSkillsSection("librarian"),
+    ].join("\n");
+    const manager = makeManager("allow");
+    resolveSkillPromptEntries(input, manager, null, CWD);
+    // Should only be called once despite appearing twice.
+    expect(manager.checkPermission).toHaveBeenCalledTimes(1);
+  });
+
+  test("resolves entry normalizedLocation relative to cwd", () => {
+    const location = "/skills/librarian/SKILL.md";
+    const input = availableSkillsSection("librarian");
+    const manager = makeManager("allow");
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.entries[0].normalizedLocation).toBe(location);
+    expect(result.entries[0].normalizedBaseDir).toBe("/skills/librarian");
+  });
+
+  test("handles multi-section prompt: processes each section independently", () => {
+    const section1 = availableSkillsSection("alpha");
+    const section2 = availableSkillsSection("beta");
+    const input = `${section1}\n${section2}`;
+    const manager = makeManager("allow", { beta: "deny" });
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.entries.map((e) => e.name)).toContain("alpha");
+    expect(result.entries.map((e) => e.name)).not.toContain("beta");
+  });
+});
+
+// ── findSkillPathMatch ──────────────────────────────────────────────────────
+
+describe("findSkillPathMatch", () => {
+  const entries = [
+    {
+      name: "librarian",
+      description: "desc",
+      location: "/skills/librarian/SKILL.md",
+      state: "allow" as const,
+      normalizedLocation: "/skills/librarian/SKILL.md",
+      normalizedBaseDir: "/skills/librarian",
+    },
+    {
+      name: "ask-user",
+      description: "desc",
+      location: "/skills/ask-user/SKILL.md",
+      state: "allow" as const,
+      normalizedLocation: "/skills/ask-user/SKILL.md",
+      normalizedBaseDir: "/skills/ask-user",
+    },
+  ];
+
+  test("returns null for empty normalized path", () => {
+    expect(findSkillPathMatch("", entries)).toBeNull();
+  });
+
+  test("returns null for empty entries array", () => {
+    expect(findSkillPathMatch("/skills/librarian/SKILL.md", [])).toBeNull();
+  });
+
+  test("matches exact location path", () => {
+    const match = findSkillPathMatch("/skills/librarian/SKILL.md", entries);
+    expect(match?.name).toBe("librarian");
+  });
+
+  test("matches path within skill base directory", () => {
+    const match = findSkillPathMatch(
+      "/skills/librarian/extra/helper.md",
+      entries,
+    );
+    expect(match?.name).toBe("librarian");
+  });
+
+  test("returns null for path not within any skill directory", () => {
+    const match = findSkillPathMatch("/other/path/file.md", entries);
+    expect(match).toBeNull();
+  });
+
+  test("returns null for sibling path that shares a prefix", () => {
+    // "/skills/librarian-extra" should not match "/skills/librarian"
+    const match = findSkillPathMatch(
+      "/skills/librarian-extra/SKILL.md",
+      entries,
+    );
+    expect(match).toBeNull();
+  });
+
+  test("prefers longer matching base directory (most specific skill wins)", () => {
+    const nestedEntries = [
+      {
+        name: "parent",
+        description: "desc",
+        location: "/skills/parent/SKILL.md",
+        state: "allow" as const,
+        normalizedLocation: "/skills/parent/SKILL.md",
+        normalizedBaseDir: "/skills/parent",
+      },
+      {
+        name: "child",
+        description: "desc",
+        location: "/skills/parent/child/SKILL.md",
+        state: "allow" as const,
+        normalizedLocation: "/skills/parent/child/SKILL.md",
+        normalizedBaseDir: "/skills/parent/child",
+      },
+    ];
+    const match = findSkillPathMatch(
+      "/skills/parent/child/helper.md",
+      nestedEntries,
+    );
+    expect(match?.name).toBe("child");
+  });
+});

package/tests/subagent-context.test.ts

@@ -0,0 +1,124 @@
+import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
+import { afterEach, describe, expect, test, vi } from "vitest";
+import { SUBAGENT_ENV_HINT_KEYS } from "../src/permission-forwarding.js";
+import {
+  isSubagentExecutionContext,
+  normalizeFilesystemPath,
+} from "../src/subagent-context.js";
+
+afterEach(() => {
+  vi.unstubAllEnvs();
+  vi.restoreAllMocks();
+});
+
+function makeCtx(sessionDir: string | null): ExtensionContext {
+  return {
+    sessionManager: {
+      getSessionDir: vi.fn(() => sessionDir),
+    },
+  } as unknown as ExtensionContext;
+}
+
+describe("normalizeFilesystemPath", () => {
+  test("normalizes a simple absolute path", () => {
+    expect(normalizeFilesystemPath("/projects/my-app")).toBe(
+      "/projects/my-app",
+    );
+  });
+
+  test("collapses redundant separators", () => {
+    expect(normalizeFilesystemPath("/projects//my-app")).toBe(
+      "/projects/my-app",
+    );
+  });
+
+  test("resolves . and .. segments", () => {
+    expect(normalizeFilesystemPath("/projects/my-app/../other")).toBe(
+      "/projects/other",
+    );
+  });
+});
+
+describe("isSubagentExecutionContext — env hint detection", () => {
+  test("returns true when PI_IS_SUBAGENT is set", () => {
+    vi.stubEnv("PI_IS_SUBAGENT", "true");
+    expect(
+      isSubagentExecutionContext(makeCtx(null), "/sessions/subagents"),
+    ).toBe(true);
+  });
+
+  test("returns true when PI_SUBAGENT_SESSION_ID is set", () => {
+    vi.stubEnv("PI_SUBAGENT_SESSION_ID", "abc123");
+    expect(
+      isSubagentExecutionContext(makeCtx(null), "/sessions/subagents"),
+    ).toBe(true);
+  });
+
+  test("returns true when PI_AGENT_ROUTER_SUBAGENT is set", () => {
+    vi.stubEnv("PI_AGENT_ROUTER_SUBAGENT", "1");
+    expect(
+      isSubagentExecutionContext(makeCtx(null), "/sessions/subagents"),
+    ).toBe(true);
+  });
+
+  test("covers all three declared SUBAGENT_ENV_HINT_KEYS", () => {
+    // Verify the keys we test match what the module declares.
+    expect(SUBAGENT_ENV_HINT_KEYS).toContain("PI_IS_SUBAGENT");
+    expect(SUBAGENT_ENV_HINT_KEYS).toContain("PI_SUBAGENT_SESSION_ID");
+    expect(SUBAGENT_ENV_HINT_KEYS).toContain("PI_AGENT_ROUTER_SUBAGENT");
+  });
+
+  test("returns false when env hint value is empty string", () => {
+    vi.stubEnv("PI_IS_SUBAGENT", "");
+    expect(
+      isSubagentExecutionContext(makeCtx(null), "/sessions/subagents"),
+    ).toBe(false);
+  });
+
+  test("returns false when env hint value is whitespace only", () => {
+    vi.stubEnv("PI_IS_SUBAGENT", "   ");
+    expect(
+      isSubagentExecutionContext(makeCtx(null), "/sessions/subagents"),
+    ).toBe(false);
+  });
+});
+
+describe("isSubagentExecutionContext — session dir detection", () => {
+  const subagentRoot = "/home/user/.pi/agent/sessions/subagents";
+
+  test("returns true when session dir is within subagent root", () => {
+    const sessionDir = `${subagentRoot}/session-abc`;
+    expect(isSubagentExecutionContext(makeCtx(sessionDir), subagentRoot)).toBe(
+      true,
+    );
+  });
+
+  test("returns true when session dir equals subagent root", () => {
+    expect(
+      isSubagentExecutionContext(makeCtx(subagentRoot), subagentRoot),
+    ).toBe(true);
+  });
+
+  test("returns false when session dir is outside subagent root", () => {
+    const sessionDir = "/home/user/.pi/agent/sessions/main-session";
+    expect(isSubagentExecutionContext(makeCtx(sessionDir), subagentRoot)).toBe(
+      false,
+    );
+  });
+
+  test("returns false when session dir is a sibling with shared prefix", () => {
+    // "/sessions/subagents-extra" should not match root "/sessions/subagents"
+    const sessionDir = `${subagentRoot}-extra/session-abc`;
+    expect(isSubagentExecutionContext(makeCtx(sessionDir), subagentRoot)).toBe(
+      false,
+    );
+  });
+
+  test("returns false when getSessionDir returns null", () => {
+    expect(isSubagentExecutionContext(makeCtx(null), subagentRoot)).toBe(false);
+  });
+
+  test("returns false when getSessionDir returns empty string", () => {
+    expect(isSubagentExecutionContext(makeCtx(""), subagentRoot)).toBe(false);
+  });
+});

package/tests/system-prompt-sanitizer.test.ts

@@ -0,0 +1,186 @@
+import { afterEach, describe, expect, test, vi } from "vitest";
+
+import { sanitizeAvailableToolsSection } from "../src/system-prompt-sanitizer.js";
+
+afterEach(() => {
+  vi.restoreAllMocks();
+});
+
+// Helpers for building prompt sections.
+function availableToolsSection(tools: string[]): string {
+  return ["Available tools:", ...tools.map((t) => `- ${t}`)].join("\n");
+}
+
+function guidelinesSection(guidelines: string[]): string {
+  return ["Guidelines:", ...guidelines.map((g) => `- ${g}`)].join("\n");
+}
+
+function prompt(...sections: string[]): string {
+  return sections.join("\n\n");
+}
+
+describe("sanitizeAvailableToolsSection — Available tools section", () => {
+  test("sets removed:true and strips the Available tools header", () => {
+    const input = prompt(
+      availableToolsSection(["bash", "read"]),
+      "Other content",
+    );
+    const result = sanitizeAvailableToolsSection(input, ["bash", "read"]);
+    expect(result.removed).toBe(true);
+    expect(result.prompt).not.toContain("Available tools:");
+  });
+
+  // Bug #33: findSection extends to lines.length when no subsequent recognised
+  // header follows, so content after the last section is silently deleted.
+  test.fails("preserves content that follows the Available tools section (bug #33)", () => {
+    const input = prompt(
+      availableToolsSection(["bash", "read"]),
+      "Other content",
+    );
+    const result = sanitizeAvailableToolsSection(input, ["bash", "read"]);
+    expect(result.prompt).toContain("Other content");
+  });
+
+  test("removed flag is false when no Available tools section is present", () => {
+    const input = "Just some instructions.\n\nNo tools section.";
+    const result = sanitizeAvailableToolsSection(input, ["bash"]);
+    expect(result.removed).toBe(false);
+    expect(result.prompt).toBe(input);
+  });
+
+  test("removes only the tools section and leaves other sections intact", () => {
+    const input = prompt(
+      "Preamble text",
+      availableToolsSection(["bash"]),
+      guidelinesSection(["use bash for file operations like ls, rg, find"]),
+    );
+    const result = sanitizeAvailableToolsSection(input, ["bash"]);
+    expect(result.prompt).not.toContain("Available tools:");
+    expect(result.prompt).toContain("Guidelines:");
+  });
+
+  test("returns original prompt reference unchanged when nothing is removed", () => {
+    const input = "No tools section here.";
+    const result = sanitizeAvailableToolsSection(input, []);
+    expect(result.prompt).toBe(input);
+  });
+});
+
+describe("sanitizeAvailableToolsSection — Guidelines section", () => {
+  test("removes bash guideline when bash is not in allowed tools", () => {
+    const input = prompt(
+      guidelinesSection(["use bash for file operations like ls, rg, find"]),
+    );
+    const result = sanitizeAvailableToolsSection(input, []);
+    expect(result.removed).toBe(true);
+    expect(result.prompt).not.toContain("use bash for file operations");
+  });
+
+  test("keeps bash guideline when bash is in allowed tools", () => {
+    const input = prompt(
+      guidelinesSection(["use bash for file operations like ls, rg, find"]),
+    );
+    const result = sanitizeAvailableToolsSection(input, ["bash"]);
+    expect(result.removed).toBe(false);
+    expect(result.prompt).toContain("use bash for file operations");
+  });
+
+  test("removes read guideline when read is not allowed", () => {
+    const input = prompt(
+      guidelinesSection(["use read to examine files instead of cat or sed."]),
+    );
+    const result = sanitizeAvailableToolsSection(input, []);
+    expect(result.removed).toBe(true);
+    expect(result.prompt).not.toContain("use read to examine files");
+  });
+
+  test("keeps read guideline when read is allowed", () => {
+    const input = prompt(
+      guidelinesSection(["use read to examine files instead of cat or sed."]),
+    );
+    const result = sanitizeAvailableToolsSection(input, ["read"]);
+    expect(result.removed).toBe(false);
+    expect(result.prompt).toContain("use read to examine files");
+  });
+
+  test("removes edit guideline when edit is not allowed", () => {
+    const input = prompt(
+      guidelinesSection([
+        "use edit for precise changes (old text must match exactly)",
+      ]),
+    );
+    const result = sanitizeAvailableToolsSection(input, []);
+    expect(result.removed).toBe(true);
+    expect(result.prompt).not.toContain("use edit for precise changes");
+  });
+
+  test("removes write guideline when write is not allowed", () => {
+    const input = prompt(
+      guidelinesSection(["use write only for new files or complete rewrites"]),
+    );
+    const result = sanitizeAvailableToolsSection(input, []);
+    expect(result.removed).toBe(true);
+    expect(result.prompt).not.toContain("use write only for new files");
+  });
+
+  test("removes entire Guidelines section when all bullets are filtered out", () => {
+    const input = prompt(
+      guidelinesSection([
+        "use bash for file operations like ls, rg, find",
+        "use write only for new files or complete rewrites",
+      ]),
+    );
+    const result = sanitizeAvailableToolsSection(input, []);
+    expect(result.removed).toBe(true);
+    expect(result.prompt).not.toContain("Guidelines:");
+  });
+
+  test("preserves unrecognised guidelines regardless of allowed tools", () => {
+    const input = prompt(
+      guidelinesSection(["some custom guideline not in the rules"]),
+    );
+    const result = sanitizeAvailableToolsSection(input, []);
+    expect(result.removed).toBe(false);
+    expect(result.prompt).toContain("some custom guideline not in the rules");
+  });
+
+  test("handles both sections together: removes tools section and filters guidelines", () => {
+    const input = prompt(
+      availableToolsSection(["bash"]),
+      guidelinesSection([
+        "use bash for file operations like ls, rg, find",
+        "use write only for new files or complete rewrites",
+        "some custom guideline not in the rules",
+      ]),
+    );
+    const result = sanitizeAvailableToolsSection(input, []);
+    expect(result.removed).toBe(true);
+    expect(result.prompt).not.toContain("Available tools:");
+    expect(result.prompt).not.toContain("use bash for file operations");
+    expect(result.prompt).not.toContain("use write only for new files");
+    expect(result.prompt).toContain("some custom guideline not in the rules");
+  });
+
+  test("trims whitespace from allowed tool names", () => {
+    const input = prompt(
+      guidelinesSection(["use bash for file operations like ls, rg, find"]),
+    );
+    const result = sanitizeAvailableToolsSection(input, ["  bash  "]);
+    expect(result.removed).toBe(false);
+    expect(result.prompt).toContain("use bash for file operations");
+  });
+});
+
+describe("sanitizeAvailableToolsSection — multi-section prompt", () => {
+  test("collapses extra blank lines after removal", () => {
+    const input = prompt(
+      "Intro",
+      availableToolsSection(["bash"]),
+      guidelinesSection(["use bash for file operations like ls, rg, find"]),
+      "Closing",
+    );
+    const result = sanitizeAvailableToolsSection(input, []);
+    // No run of 3+ consecutive newlines
+    expect(result.prompt).not.toMatch(/\n{3,}/);
+  });
+});