@gotgenes/pi-permission-system 3.0.0 → 3.0.2

package/tests/permission-prompts.test.ts

@@ -0,0 +1,304 @@
+import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+
+// Mock tool-input-preview collaborator before importing the module under test.
+vi.mock("../src/tool-input-preview.js", () => ({
+  formatToolInputForPrompt: vi.fn(() => "mocked preview"),
+}));
+
+import {
+  formatAskPrompt,
+  formatDenyReason,
+  formatMissingToolNameReason,
+  formatPermissionHardStopHint,
+  formatSkillAskPrompt,
+  formatSkillPathAskPrompt,
+  formatSkillPathDenyReason,
+  formatUnknownToolReason,
+  formatUserDeniedReason,
+} from "../src/permission-prompts.js";
+import type { SkillPromptEntry } from "../src/skill-prompt-sanitizer.js";
+import { formatToolInputForPrompt } from "../src/tool-input-preview.js";
+import type { PermissionCheckResult } from "../src/types.js";
+
+const mockedFormatToolInput = vi.mocked(formatToolInputForPrompt);
+
+beforeEach(() => {
+  mockedFormatToolInput.mockReset();
+});
+
+afterEach(() => {
+  vi.restoreAllMocks();
+});
+
+function toolResult(
+  toolName: string,
+  overrides: Partial<PermissionCheckResult> = {},
+): PermissionCheckResult {
+  return { toolName, state: "ask", source: "tool", ...overrides };
+}
+
+function mcpResult(
+  target: string,
+  overrides: Partial<PermissionCheckResult> = {},
+): PermissionCheckResult {
+  return {
+    toolName: "mcp",
+    target,
+    state: "ask",
+    source: "tool",
+    ...overrides,
+  };
+}
+
+function skillEntry(name: string): SkillPromptEntry {
+  return {
+    name,
+    description: "A skill",
+    location: `/skills/${name}/SKILL.md`,
+    state: "ask",
+    normalizedLocation: `/skills/${name}/SKILL.md`,
+    normalizedBaseDir: `/skills/${name}`,
+  };
+}
+
+describe("formatMissingToolNameReason", () => {
+  test("mentions missing tool name and pi.getAllTools()", () => {
+    const result = formatMissingToolNameReason();
+    expect(result).toContain("no tool name");
+    expect(result).toContain("pi.getAllTools()");
+  });
+});
+
+describe("formatUnknownToolReason", () => {
+  test("mentions the unknown tool name and lists available tools", () => {
+    const result = formatUnknownToolReason("phantom", ["read", "write"]);
+    expect(result).toContain("phantom");
+    expect(result).toContain("read");
+    expect(result).toContain("write");
+  });
+
+  test("includes MCP hint for non-mcp tool names", () => {
+    const result = formatUnknownToolReason("my-server:tool", ["mcp"]);
+    expect(result).toContain("mcp");
+  });
+
+  test("omits MCP hint when tool name is 'mcp'", () => {
+    const result = formatUnknownToolReason("mcp", []);
+    expect(result).not.toContain("call the registered 'mcp' tool");
+  });
+
+  test("shows 'none' when no tools are registered", () => {
+    const result = formatUnknownToolReason("ghost", []);
+    expect(result).toContain("none");
+  });
+
+  test("caps preview at 10 tools and appends ellipsis for longer lists", () => {
+    const tools = Array.from({ length: 15 }, (_, i) => `tool${i}`);
+    const result = formatUnknownToolReason("ghost", tools);
+    expect(result).toContain("...");
+  });
+});
+
+describe("formatPermissionHardStopHint", () => {
+  test("returns MCP-specific message for mcp tool with target", () => {
+    const result = formatPermissionHardStopHint(mcpResult("server:tool"));
+    expect(result).toContain("MCP permission denial");
+  });
+
+  test("returns MCP-specific message for mcp source with target", () => {
+    const result = formatPermissionHardStopHint(
+      toolResult("anything", { source: "mcp", target: "server:tool" }),
+    );
+    expect(result).toContain("MCP permission denial");
+  });
+
+  test("returns generic message for non-MCP tools", () => {
+    const result = formatPermissionHardStopHint(toolResult("read"));
+    expect(result).toContain("Hard stop");
+    expect(result).not.toContain("MCP");
+  });
+});
+
+describe("formatDenyReason", () => {
+  test("includes tool name and hard stop hint", () => {
+    const result = formatDenyReason(toolResult("read"));
+    expect(result).toContain("read");
+    expect(result).toContain("Hard stop");
+  });
+
+  test("includes agent name when provided", () => {
+    const result = formatDenyReason(toolResult("write"), "my-agent");
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("includes MCP target for mcp results", () => {
+    const result = formatDenyReason(mcpResult("server:do-thing"));
+    expect(result).toContain("server:do-thing");
+    expect(result).toContain("MCP");
+  });
+
+  test("includes bash command when present", () => {
+    const result = formatDenyReason(
+      toolResult("bash", { command: "rm -rf /" }),
+    );
+    expect(result).toContain("rm -rf /");
+  });
+
+  test("includes matched pattern when present", () => {
+    const result = formatDenyReason(
+      toolResult("bash", { command: "rm -rf /", matchedPattern: "rm *" }),
+    );
+    expect(result).toContain("matched 'rm *'");
+  });
+});
+
+describe("formatUserDeniedReason", () => {
+  test("mentions tool name for generic tools", () => {
+    const result = formatUserDeniedReason(toolResult("read"));
+    expect(result).toContain("read");
+    expect(result).toContain("Hard stop");
+  });
+
+  test("mentions bash command for bash results", () => {
+    const result = formatUserDeniedReason(
+      toolResult("bash", { command: "ls -la" }),
+    );
+    expect(result).toContain("ls -la");
+  });
+
+  test("mentions MCP target for mcp results", () => {
+    const result = formatUserDeniedReason(mcpResult("server:query"));
+    expect(result).toContain("server:query");
+  });
+
+  test("appends denial reason when provided", () => {
+    const result = formatUserDeniedReason(toolResult("read"), "too sensitive");
+    expect(result).toContain("Reason: too sensitive");
+  });
+
+  test("omits reason suffix when not provided", () => {
+    const result = formatUserDeniedReason(toolResult("read"));
+    expect(result).not.toContain("Reason:");
+  });
+});
+
+describe("formatAskPrompt", () => {
+  test("uses 'Current agent' when no agent name given", () => {
+    const result = formatAskPrompt(toolResult("read"), undefined, {
+      path: "/src",
+    });
+    expect(result).toContain("Current agent");
+  });
+
+  test("uses agent name when provided", () => {
+    const result = formatAskPrompt(toolResult("read"), "my-agent", {
+      path: "/src",
+    });
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("formats bash prompt with command and no tool-input-preview call", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", { command: "git status" }),
+    );
+    expect(result).toContain("git status");
+    expect(result).toContain("Allow this command?");
+    expect(mockedFormatToolInput).not.toHaveBeenCalled();
+  });
+
+  test("formats bash prompt with matched pattern", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", { command: "git push", matchedPattern: "git *" }),
+    );
+    expect(result).toContain("matched 'git *'");
+  });
+
+  test("formats MCP prompt with target", () => {
+    const result = formatAskPrompt(mcpResult("server:query"));
+    expect(result).toContain("server:query");
+    expect(result).toContain("Allow this call?");
+    expect(mockedFormatToolInput).not.toHaveBeenCalled();
+  });
+
+  test("formats MCP prompt with matched pattern", () => {
+    const result = formatAskPrompt(
+      mcpResult("server:query", { matchedPattern: "server:*" }),
+    );
+    expect(result).toContain("matched 'server:*'");
+  });
+
+  test("calls formatToolInputForPrompt for non-bash non-mcp tools", () => {
+    mockedFormatToolInput.mockReturnValue("for '/src/foo.ts'");
+    const result = formatAskPrompt(toolResult("read"), undefined, {
+      path: "/src/foo.ts",
+    });
+    expect(mockedFormatToolInput).toHaveBeenCalledWith("read", {
+      path: "/src/foo.ts",
+    });
+    expect(result).toContain("for '/src/foo.ts'");
+    expect(result).toContain("Allow this call?");
+  });
+
+  test("omits input suffix when formatToolInputForPrompt returns empty string", () => {
+    mockedFormatToolInput.mockReturnValue("");
+    const result = formatAskPrompt(toolResult("task"));
+    expect(result).toContain("task");
+    expect(result).not.toContain("undefined");
+  });
+});
+
+describe("formatSkillAskPrompt", () => {
+  test("includes skill name and agent name", () => {
+    const result = formatSkillAskPrompt("librarian", "my-agent");
+    expect(result).toContain("librarian");
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("uses 'Current agent' without agent name", () => {
+    const result = formatSkillAskPrompt("librarian");
+    expect(result).toContain("Current agent");
+    expect(result).toContain("librarian");
+  });
+});
+
+describe("formatSkillPathAskPrompt", () => {
+  test("includes skill name, read path, and agent name", () => {
+    const result = formatSkillPathAskPrompt(
+      skillEntry("librarian"),
+      "/skills/librarian/SKILL.md",
+      "my-agent",
+    );
+    expect(result).toContain("librarian");
+    expect(result).toContain("/skills/librarian/SKILL.md");
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("uses 'Current agent' without agent name", () => {
+    const result = formatSkillPathAskPrompt(
+      skillEntry("librarian"),
+      "/skills/librarian/SKILL.md",
+    );
+    expect(result).toContain("Current agent");
+  });
+});
+
+describe("formatSkillPathDenyReason", () => {
+  test("includes skill name, read path, and agent name", () => {
+    const result = formatSkillPathDenyReason(
+      skillEntry("librarian"),
+      "/skills/librarian/SKILL.md",
+      "my-agent",
+    );
+    expect(result).toContain("librarian");
+    expect(result).toContain("/skills/librarian/SKILL.md");
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("uses 'Current agent' without agent name", () => {
+    const result = formatSkillPathDenyReason(
+      skillEntry("librarian"),
+      "/skills/librarian/SKILL.md",
+    );
+    expect(result).toContain("Current agent");
+  });
+});

package/tests/skill-prompt-sanitizer.test.ts

@@ -0,0 +1,244 @@
+import { afterEach, describe, expect, test, vi } from "vitest";
+import type { PermissionManager } from "../src/permission-manager.js";
+import {
+  findSkillPathMatch,
+  resolveSkillPromptEntries,
+} from "../src/skill-prompt-sanitizer.js";
+import type { PermissionCheckResult } from "../src/types.js";
+
+afterEach(() => {
+  vi.restoreAllMocks();
+});
+
+// ── Helpers ────────────────────────────────────────────────────────────────
+
+const CWD = "/projects/my-app";
+
+function makeManager(
+  defaultState: "allow" | "deny" | "ask" = "allow",
+  overrides: Record<string, "allow" | "deny" | "ask"> = {},
+): PermissionManager {
+  return {
+    checkPermission: vi.fn(
+      (_surface: string, input: { name?: string }): PermissionCheckResult => {
+        const name = input.name ?? "";
+        const state = overrides[name] ?? defaultState;
+        return { toolName: "skill", state, source: "tool" };
+      },
+    ),
+  } as unknown as PermissionManager;
+}
+
+function skillBlock(
+  name: string,
+  location = `/skills/${name}/SKILL.md`,
+): string {
+  return [
+    "  <skill>",
+    `    <name>${name}</name>`,
+    `    <description>Description of ${name}</description>`,
+    `    <location>${location}</location>`,
+    "  </skill>",
+  ].join("\n");
+}
+
+function availableSkillsSection(...names: string[]): string {
+  return [
+    "<available_skills>",
+    ...names.map((n) => skillBlock(n)),
+    "</available_skills>",
+  ].join("\n");
+}
+
+// ── resolveSkillPromptEntries ───────────────────────────────────────────────
+
+describe("resolveSkillPromptEntries", () => {
+  test("returns unchanged prompt and empty entries when no skills section present", () => {
+    const input = "You are a helpful assistant.";
+    const manager = makeManager("allow");
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.prompt).toBe(input);
+    expect(result.entries).toEqual([]);
+    expect(manager.checkPermission).not.toHaveBeenCalled();
+  });
+
+  test("keeps all skills when all are allowed", () => {
+    const input = availableSkillsSection("librarian", "ask-user");
+    const manager = makeManager("allow");
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.prompt).toContain("librarian");
+    expect(result.prompt).toContain("ask-user");
+    expect(result.entries).toHaveLength(2);
+  });
+
+  test("removes denied skill from section", () => {
+    const input = availableSkillsSection("librarian", "dangerous");
+    const manager = makeManager("allow", { dangerous: "deny" });
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.prompt).toContain("librarian");
+    expect(result.prompt).not.toContain("dangerous");
+    // denied skill is excluded from returned entries
+    expect(result.entries.map((e) => e.name)).not.toContain("dangerous");
+  });
+
+  test("removes entire section when all skills are denied", () => {
+    const input = `Intro\n${availableSkillsSection("dangerous")}\nOutro`;
+    const manager = makeManager("deny");
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.prompt).not.toContain("<available_skills>");
+    expect(result.prompt).toContain("Intro");
+    expect(result.prompt).toContain("Outro");
+    expect(result.entries).toHaveLength(0);
+  });
+
+  test("keeps ask-state skills in section and entries", () => {
+    const input = availableSkillsSection("librarian");
+    const manager = makeManager("ask");
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.prompt).toContain("librarian");
+    expect(result.entries).toHaveLength(1);
+    expect(result.entries[0].state).toBe("ask");
+  });
+
+  test("delegates permission check to permissionManager for each skill", () => {
+    const input = availableSkillsSection("alpha", "beta");
+    const manager = makeManager("allow");
+    resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(manager.checkPermission).toHaveBeenCalledWith(
+      "skill",
+      { name: "alpha" },
+      undefined,
+    );
+    expect(manager.checkPermission).toHaveBeenCalledWith(
+      "skill",
+      { name: "beta" },
+      undefined,
+    );
+  });
+
+  test("passes agentName to permissionManager", () => {
+    const input = availableSkillsSection("librarian");
+    const manager = makeManager("allow");
+    resolveSkillPromptEntries(input, manager, "my-agent", CWD);
+    expect(manager.checkPermission).toHaveBeenCalledWith(
+      "skill",
+      { name: "librarian" },
+      "my-agent",
+    );
+  });
+
+  test("caches permission result: checkPermission called once per unique skill name", () => {
+    // Same skill appears in two separate sections.
+    const input = [
+      availableSkillsSection("librarian"),
+      availableSkillsSection("librarian"),
+    ].join("\n");
+    const manager = makeManager("allow");
+    resolveSkillPromptEntries(input, manager, null, CWD);
+    // Should only be called once despite appearing twice.
+    expect(manager.checkPermission).toHaveBeenCalledTimes(1);
+  });
+
+  test("resolves entry normalizedLocation relative to cwd", () => {
+    const location = "/skills/librarian/SKILL.md";
+    const input = availableSkillsSection("librarian");
+    const manager = makeManager("allow");
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.entries[0].normalizedLocation).toBe(location);
+    expect(result.entries[0].normalizedBaseDir).toBe("/skills/librarian");
+  });
+
+  test("handles multi-section prompt: processes each section independently", () => {
+    const section1 = availableSkillsSection("alpha");
+    const section2 = availableSkillsSection("beta");
+    const input = `${section1}\n${section2}`;
+    const manager = makeManager("allow", { beta: "deny" });
+    const result = resolveSkillPromptEntries(input, manager, null, CWD);
+    expect(result.entries.map((e) => e.name)).toContain("alpha");
+    expect(result.entries.map((e) => e.name)).not.toContain("beta");
+  });
+});
+
+// ── findSkillPathMatch ──────────────────────────────────────────────────────
+
+describe("findSkillPathMatch", () => {
+  const entries = [
+    {
+      name: "librarian",
+      description: "desc",
+      location: "/skills/librarian/SKILL.md",
+      state: "allow" as const,
+      normalizedLocation: "/skills/librarian/SKILL.md",
+      normalizedBaseDir: "/skills/librarian",
+    },
+    {
+      name: "ask-user",
+      description: "desc",
+      location: "/skills/ask-user/SKILL.md",
+      state: "allow" as const,
+      normalizedLocation: "/skills/ask-user/SKILL.md",
+      normalizedBaseDir: "/skills/ask-user",
+    },
+  ];
+
+  test("returns null for empty normalized path", () => {
+    expect(findSkillPathMatch("", entries)).toBeNull();
+  });
+
+  test("returns null for empty entries array", () => {
+    expect(findSkillPathMatch("/skills/librarian/SKILL.md", [])).toBeNull();
+  });
+
+  test("matches exact location path", () => {
+    const match = findSkillPathMatch("/skills/librarian/SKILL.md", entries);
+    expect(match?.name).toBe("librarian");
+  });
+
+  test("matches path within skill base directory", () => {
+    const match = findSkillPathMatch(
+      "/skills/librarian/extra/helper.md",
+      entries,
+    );
+    expect(match?.name).toBe("librarian");
+  });
+
+  test("returns null for path not within any skill directory", () => {
+    const match = findSkillPathMatch("/other/path/file.md", entries);
+    expect(match).toBeNull();
+  });
+
+  test("returns null for sibling path that shares a prefix", () => {
+    // "/skills/librarian-extra" should not match "/skills/librarian"
+    const match = findSkillPathMatch(
+      "/skills/librarian-extra/SKILL.md",
+      entries,
+    );
+    expect(match).toBeNull();
+  });
+
+  test("prefers longer matching base directory (most specific skill wins)", () => {
+    const nestedEntries = [
+      {
+        name: "parent",
+        description: "desc",
+        location: "/skills/parent/SKILL.md",
+        state: "allow" as const,
+        normalizedLocation: "/skills/parent/SKILL.md",
+        normalizedBaseDir: "/skills/parent",
+      },
+      {
+        name: "child",
+        description: "desc",
+        location: "/skills/parent/child/SKILL.md",
+        state: "allow" as const,
+        normalizedLocation: "/skills/parent/child/SKILL.md",
+        normalizedBaseDir: "/skills/parent/child",
+      },
+    ];
+    const match = findSkillPathMatch(
+      "/skills/parent/child/helper.md",
+      nestedEntries,
+    );
+    expect(match?.name).toBe("child");
+  });
+});

package/tests/subagent-context.test.ts

@@ -0,0 +1,124 @@
+import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
+import { afterEach, describe, expect, test, vi } from "vitest";
+import { SUBAGENT_ENV_HINT_KEYS } from "../src/permission-forwarding.js";
+import {
+  isSubagentExecutionContext,
+  normalizeFilesystemPath,
+} from "../src/subagent-context.js";
+
+afterEach(() => {
+  vi.unstubAllEnvs();
+  vi.restoreAllMocks();
+});
+
+function makeCtx(sessionDir: string | null): ExtensionContext {
+  return {
+    sessionManager: {
+      getSessionDir: vi.fn(() => sessionDir),
+    },
+  } as unknown as ExtensionContext;
+}
+
+describe("normalizeFilesystemPath", () => {
+  test("normalizes a simple absolute path", () => {
+    expect(normalizeFilesystemPath("/projects/my-app")).toBe(
+      "/projects/my-app",
+    );
+  });
+
+  test("collapses redundant separators", () => {
+    expect(normalizeFilesystemPath("/projects//my-app")).toBe(
+      "/projects/my-app",
+    );
+  });
+
+  test("resolves . and .. segments", () => {
+    expect(normalizeFilesystemPath("/projects/my-app/../other")).toBe(
+      "/projects/other",
+    );
+  });
+});
+
+describe("isSubagentExecutionContext — env hint detection", () => {
+  test("returns true when PI_IS_SUBAGENT is set", () => {
+    vi.stubEnv("PI_IS_SUBAGENT", "true");
+    expect(
+      isSubagentExecutionContext(makeCtx(null), "/sessions/subagents"),
+    ).toBe(true);
+  });
+
+  test("returns true when PI_SUBAGENT_SESSION_ID is set", () => {
+    vi.stubEnv("PI_SUBAGENT_SESSION_ID", "abc123");
+    expect(
+      isSubagentExecutionContext(makeCtx(null), "/sessions/subagents"),
+    ).toBe(true);
+  });
+
+  test("returns true when PI_AGENT_ROUTER_SUBAGENT is set", () => {
+    vi.stubEnv("PI_AGENT_ROUTER_SUBAGENT", "1");
+    expect(
+      isSubagentExecutionContext(makeCtx(null), "/sessions/subagents"),
+    ).toBe(true);
+  });
+
+  test("covers all three declared SUBAGENT_ENV_HINT_KEYS", () => {
+    // Verify the keys we test match what the module declares.
+    expect(SUBAGENT_ENV_HINT_KEYS).toContain("PI_IS_SUBAGENT");
+    expect(SUBAGENT_ENV_HINT_KEYS).toContain("PI_SUBAGENT_SESSION_ID");
+    expect(SUBAGENT_ENV_HINT_KEYS).toContain("PI_AGENT_ROUTER_SUBAGENT");
+  });
+
+  test("returns false when env hint value is empty string", () => {
+    vi.stubEnv("PI_IS_SUBAGENT", "");
+    expect(
+      isSubagentExecutionContext(makeCtx(null), "/sessions/subagents"),
+    ).toBe(false);
+  });
+
+  test("returns false when env hint value is whitespace only", () => {
+    vi.stubEnv("PI_IS_SUBAGENT", "   ");
+    expect(
+      isSubagentExecutionContext(makeCtx(null), "/sessions/subagents"),
+    ).toBe(false);
+  });
+});
+
+describe("isSubagentExecutionContext — session dir detection", () => {
+  const subagentRoot = "/home/user/.pi/agent/sessions/subagents";
+
+  test("returns true when session dir is within subagent root", () => {
+    const sessionDir = `${subagentRoot}/session-abc`;
+    expect(isSubagentExecutionContext(makeCtx(sessionDir), subagentRoot)).toBe(
+      true,
+    );
+  });
+
+  test("returns true when session dir equals subagent root", () => {
+    expect(
+      isSubagentExecutionContext(makeCtx(subagentRoot), subagentRoot),
+    ).toBe(true);
+  });
+
+  test("returns false when session dir is outside subagent root", () => {
+    const sessionDir = "/home/user/.pi/agent/sessions/main-session";
+    expect(isSubagentExecutionContext(makeCtx(sessionDir), subagentRoot)).toBe(
+      false,
+    );
+  });
+
+  test("returns false when session dir is a sibling with shared prefix", () => {
+    // "/sessions/subagents-extra" should not match root "/sessions/subagents"
+    const sessionDir = `${subagentRoot}-extra/session-abc`;
+    expect(isSubagentExecutionContext(makeCtx(sessionDir), subagentRoot)).toBe(
+      false,
+    );
+  });
+
+  test("returns false when getSessionDir returns null", () => {
+    expect(isSubagentExecutionContext(makeCtx(null), subagentRoot)).toBe(false);
+  });
+
+  test("returns false when getSessionDir returns empty string", () => {
+    expect(isSubagentExecutionContext(makeCtx(""), subagentRoot)).toBe(false);
+  });
+});