@gotgenes/pi-permission-system 3.0.2 → 3.0.4

package/CHANGELOG.md

@@ -5,6 +5,32 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.0.4](https://github.com/gotgenes/pi-permission-system/compare/v3.0.3...v3.0.4) (2026-05-03)
+
+
+### Documentation
+
+* plan drop .js extensions from internal imports ([#32](https://github.com/gotgenes/pi-permission-system/issues/32)) ([1d73759](https://github.com/gotgenes/pi-permission-system/commit/1d73759bafb4de02f20817d977eca181a5df5a54))
+* **retro:** add retro notes for issue [#33](https://github.com/gotgenes/pi-permission-system/issues/33) ([4e4ef43](https://github.com/gotgenes/pi-permission-system/commit/4e4ef4397efe9fd0c75ac00b1b411eef50603f33))
+
+
+### Miscellaneous Chores
+
+* add lint:imports guard against .js extensions ([#32](https://github.com/gotgenes/pi-permission-system/issues/32)) ([fa0b924](https://github.com/gotgenes/pi-permission-system/commit/fa0b924fb5a8741de294eff8b2f2f94aded34f5d))
+
+## [3.0.3](https://github.com/gotgenes/pi-permission-system/compare/v3.0.2...v3.0.3) (2026-05-03)
+
+
+### Bug Fixes
+
+* stop findSection at first non-body line instead of EOF ([#33](https://github.com/gotgenes/pi-permission-system/issues/33)) ([15c178e](https://github.com/gotgenes/pi-permission-system/commit/15c178ea1aa42c091885f0aeacd87ba5b298ce24))
+
+
+### Documentation
+
+* plan fix for findSection greedy end boundary ([#33](https://github.com/gotgenes/pi-permission-system/issues/33)) ([72a5f9e](https://github.com/gotgenes/pi-permission-system/commit/72a5f9e4ab14cc9959781994cdc7dc52f1dfa657))
+* **retro:** add retro notes for issue [#35](https://github.com/gotgenes/pi-permission-system/issues/35) ([89830cb](https://github.com/gotgenes/pi-permission-system/commit/89830cb7c562ed092d4f08031584f0e0855326de))
+
 ## [3.0.2](https://github.com/gotgenes/pi-permission-system/compare/v3.0.1...v3.0.2) (2026-05-03)
 
 

package/index.ts

@@ -1,3 +1,3 @@
-import permissionSystemExtension from "./src/index.js";
+import permissionSystemExtension from "./src/index";
 
 export default permissionSystemExtension;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gotgenes/pi-permission-system",
-  "version": "3.0.2",
+  "version": "3.0.4",
   "description": "Permission enforcement extension for the Pi coding agent.",
   "type": "module",
   "main": "./index.ts",
@@ -24,7 +24,8 @@
     "lint:fix": "biome check --write .",
     "lint:md": "markdownlint-cli2 '*.md' 'docs/**/*.md' '.pi/prompts/**/*.md'",
     "lint:md:fix": "markdownlint-cli2 --fix '*.md' 'docs/**/*.md' '.pi/prompts/**/*.md'",
-    "lint:all": "npm run lint && npm run lint:md",
+    "lint:imports": "! grep -rn --include='*.ts' 'from \"\\.[./][^\"]*\\.js\"' src/ tests/ index.ts",
+    "lint:all": "npm run lint && npm run lint:md && npm run lint:imports",
     "format": "biome format --write .",
     "test": "vitest run",
     "test:watch": "vitest",

package/src/bash-filter.ts

@@ -1,9 +1,9 @@
-import type { BashPermissions, PermissionState } from "./types.js";
+import type { BashPermissions, PermissionState } from "./types";
 import {
   type CompiledWildcardPattern,
   compileWildcardPatterns,
   findCompiledWildcardMatch,
-} from "./wildcard-matcher.js";
+} from "./wildcard-matcher";
 
 type CompiledPattern = CompiledWildcardPattern<PermissionState>;
 

package/src/common.ts

@@ -1,4 +1,4 @@
-import type { PermissionState } from "./types.js";
+import type { PermissionState } from "./types";
 
 export function toRecord(value: unknown): Record<string, unknown> {
   if (!value || typeof value !== "object" || Array.isArray(value)) {

package/src/config-loader.ts

@@ -1,15 +1,15 @@
 import { existsSync, readFileSync } from "node:fs";
 import { normalize } from "node:path";
 
-import { isPermissionState, toRecord } from "./common.js";
+import { isPermissionState, toRecord } from "./common";
 import {
   getGlobalConfigPath,
   getLegacyExtensionConfigPath,
   getLegacyGlobalPolicyPath,
   getLegacyProjectPolicyPath,
   getProjectConfigPath,
-} from "./config-paths.js";
-import type { PermissionDefaultPolicy, PermissionState } from "./types.js";
+} from "./config-paths";
+import type { PermissionDefaultPolicy, PermissionState } from "./types";
 
 /**
  * Unified config shape combining runtime knobs and policy in one object.

package/src/config-modal.ts

@@ -8,7 +8,7 @@ import { type SettingItem, SettingsList } from "@mariozechner/pi-tui";
 import {
   DEFAULT_EXTENSION_CONFIG,
   type PermissionSystemExtensionConfig,
-} from "./extension-config.js";
+} from "./extension-config";
 
 interface PermissionSystemConfigController {
   getConfig(): PermissionSystemExtensionConfig;

package/src/config-reporter.ts

@@ -1,4 +1,4 @@
-import type { ResolvedPolicyPaths } from "./permission-manager.js";
+import type { ResolvedPolicyPaths } from "./permission-manager";
 
 export interface ResolvedConfigLogEntry {
   globalConfigPath: string;

package/src/extension-config.ts

@@ -9,7 +9,7 @@ import {
 import { dirname, join } from "node:path";
 import { fileURLToPath } from "node:url";
 
-import { toRecord } from "./common.js";
+import { toRecord } from "./common";
 
 export const EXTENSION_ID = "pi-permission-system";
 

package/src/external-directory.ts

@@ -1,7 +1,7 @@
 import { homedir } from "node:os";
 import { join, normalize, resolve, sep } from "node:path";
 
-import { getNonEmptyString, toRecord } from "./common.js";
+import { getNonEmptyString, toRecord } from "./common";
 
 export const PATH_BEARING_TOOLS = new Set([
   "read",

package/src/forwarded-permissions/io.ts

@@ -9,13 +9,13 @@ import {
   writeFileSync,
 } from "node:fs";
 
-import { isPermissionDecisionState } from "../permission-dialog.js";
+import { isPermissionDecisionState } from "../permission-dialog";
 import {
   createPermissionForwardingLocation,
   type ForwardedPermissionRequest,
   type ForwardedPermissionResponse,
   type PermissionForwardingLocation,
-} from "../permission-forwarding.js";
+} from "../permission-forwarding";
 
 type LogFn = (event: string, details: Record<string, unknown>) => void;
 

package/src/forwarded-permissions/polling.ts

@@ -5,9 +5,9 @@ import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
 import {
   getActiveAgentName,
   getActiveAgentNameFromSystemPrompt,
-} from "../active-agent.js";
-import { toRecord } from "../common.js";
-import type { PermissionPromptDecision } from "../permission-dialog.js";
+} from "../active-agent";
+import { toRecord } from "../common";
+import type { PermissionPromptDecision } from "../permission-dialog";
 import {
   type ForwardedPermissionRequest,
   type ForwardedPermissionResponse,
@@ -15,8 +15,8 @@ import {
   PERMISSION_FORWARDING_POLL_INTERVAL_MS,
   PERMISSION_FORWARDING_TIMEOUT_MS,
   resolvePermissionForwardingTargetSessionId,
-} from "../permission-forwarding.js";
-import { isSubagentExecutionContext } from "../subagent-context.js";
+} from "../permission-forwarding";
+import { isSubagentExecutionContext } from "../subagent-context";
 
 import {
   cleanupPermissionForwardingLocationIfEmpty,
@@ -30,7 +30,7 @@ import {
   safeDeleteFile,
   sleep,
   writeJsonFileAtomic,
-} from "./io.js";
+} from "./io";
 
 export interface PermissionForwardingDeps {
   forwardingDir: string;

package/src/index.ts

@@ -16,15 +16,15 @@ import {
 import {
   getActiveAgentName,
   getActiveAgentNameFromSystemPrompt,
-} from "./active-agent.js";
+} from "./active-agent";
 import {
   createActiveToolsCacheKey,
   createBeforeAgentStartPromptStateKey,
   shouldApplyCachedAgentStartState,
-} from "./before-agent-start-cache.js";
-import { toRecord } from "./common.js";
-import { loadAndMergeConfigs, loadUnifiedConfig } from "./config-loader.js";
-import { registerPermissionSystemCommand } from "./config-modal.js";
+} from "./before-agent-start-cache";
+import { toRecord } from "./common";
+import { loadAndMergeConfigs, loadUnifiedConfig } from "./config-loader";
+import { registerPermissionSystemCommand } from "./config-modal";
 import {
   DEBUG_LOG_FILENAME,
   getGlobalConfigPath,
@@ -34,15 +34,15 @@ import {
   getLegacyProjectPolicyPath,
   getProjectConfigPath,
   REVIEW_LOG_FILENAME,
-} from "./config-paths.js";
-import { buildResolvedConfigLogEntry } from "./config-reporter.js";
+} from "./config-paths";
+import { buildResolvedConfigLogEntry } from "./config-reporter";
 import {
   DEFAULT_EXTENSION_CONFIG,
   EXTENSION_ROOT,
   ensurePermissionSystemLogsDirectory,
   normalizePermissionSystemConfig,
   type PermissionSystemExtensionConfig,
-} from "./extension-config.js";
+} from "./extension-config";
 import {
   formatExternalDirectoryAskPrompt,
   formatExternalDirectoryDenyReason,
@@ -51,20 +51,20 @@ import {
   isPathOutsideWorkingDirectory,
   normalizePathForComparison,
   PATH_BEARING_TOOLS,
-} from "./external-directory.js";
-import { setForwardedPermissionLogger } from "./forwarded-permissions/io.js";
+} from "./external-directory";
+import { setForwardedPermissionLogger } from "./forwarded-permissions/io";
 import {
   confirmPermission,
   type PermissionForwardingDeps,
   processForwardedPermissionRequests,
-} from "./forwarded-permissions/polling.js";
-import { createPermissionSystemLogger } from "./logging.js";
+} from "./forwarded-permissions/polling";
+import { createPermissionSystemLogger } from "./logging";
 import {
   type PermissionPromptDecision,
   requestPermissionDecisionFromUi,
-} from "./permission-dialog.js";
-import { PERMISSION_FORWARDING_POLL_INTERVAL_MS } from "./permission-forwarding.js";
-import { PermissionManager } from "./permission-manager.js";
+} from "./permission-dialog";
+import { PERMISSION_FORWARDING_POLL_INTERVAL_MS } from "./permission-forwarding";
+import { PermissionManager } from "./permission-manager";
 import {
   formatAskPrompt,
   formatDenyReason,
@@ -74,27 +74,27 @@ import {
   formatSkillPathDenyReason,
   formatUnknownToolReason,
   formatUserDeniedReason,
-} from "./permission-prompts.js";
+} from "./permission-prompts";
 import {
   findSkillPathMatch,
   resolveSkillPromptEntries,
   type SkillPromptEntry,
-} from "./skill-prompt-sanitizer.js";
+} from "./skill-prompt-sanitizer";
 import {
   PERMISSION_SYSTEM_STATUS_KEY,
   syncPermissionSystemStatus,
-} from "./status.js";
-import { isSubagentExecutionContext } from "./subagent-context.js";
-import { sanitizeAvailableToolsSection } from "./system-prompt-sanitizer.js";
-import { getPermissionLogContext } from "./tool-input-preview.js";
+} from "./status";
+import { isSubagentExecutionContext } from "./subagent-context";
+import { sanitizeAvailableToolsSection } from "./system-prompt-sanitizer";
+import { getPermissionLogContext } from "./tool-input-preview";
 import {
   checkRequestedToolRegistration,
   getToolNameFromValue,
-} from "./tool-registry.js";
+} from "./tool-registry";
 import {
   canResolveAskPermissionRequest,
   shouldAutoApprovePermissionState,
-} from "./yolo-mode.js";
+} from "./yolo-mode";
 
 const PI_AGENT_DIR = getAgentDir();
 const SESSIONS_DIR = join(PI_AGENT_DIR, "sessions");

package/src/logging.ts

@@ -7,7 +7,7 @@ import {
   LOGS_DIR,
   PERMISSION_REVIEW_LOG_PATH,
   type PermissionSystemExtensionConfig,
-} from "./extension-config.js";
+} from "./extension-config";
 
 export function safeJsonStringify(value: unknown): string | undefined {
   const seen = new WeakSet<object>();

package/src/permission-forwarding.ts

@@ -1,6 +1,6 @@
 import { join } from "node:path";
 
-import type { PermissionDecisionState } from "./permission-dialog.js";
+import type { PermissionDecisionState } from "./permission-dialog";
 
 export const PERMISSION_FORWARDING_POLL_INTERVAL_MS = 250;
 export const PERMISSION_FORWARDING_TIMEOUT_MS = 10 * 60 * 1000;

package/src/permission-manager.ts

@@ -2,16 +2,16 @@ import { existsSync, readFileSync, statSync } from "node:fs";
 import { join } from "node:path";
 import { getAgentDir } from "@mariozechner/pi-coding-agent";
 
-import { BashFilter } from "./bash-filter.js";
+import { BashFilter } from "./bash-filter";
 import {
   extractFrontmatter,
   getNonEmptyString,
   isPermissionState,
   parseSimpleYamlMap,
   toRecord,
-} from "./common.js";
-import { loadUnifiedConfig, stripJsonComments } from "./config-loader.js";
-import { getGlobalConfigPath } from "./config-paths.js";
+} from "./common";
+import { loadUnifiedConfig, stripJsonComments } from "./config-loader";
+import { getGlobalConfigPath } from "./config-paths";
 import type {
   AgentPermissions,
   BashPermissions,
@@ -19,13 +19,13 @@ import type {
   PermissionCheckResult,
   PermissionDefaultPolicy,
   PermissionState,
-} from "./types.js";
+} from "./types";
 import {
   type CompiledWildcardPattern,
   compileWildcardPatternEntries,
   findCompiledWildcardMatch,
   findCompiledWildcardMatchForNames,
-} from "./wildcard-matcher.js";
+} from "./wildcard-matcher";
 
 function defaultGlobalConfigPath(): string {
   return getGlobalConfigPath(getAgentDir());

package/src/permission-prompts.ts

@@ -1,6 +1,6 @@
-import type { SkillPromptEntry } from "./skill-prompt-sanitizer.js";
-import { formatToolInputForPrompt } from "./tool-input-preview.js";
-import type { PermissionCheckResult } from "./types.js";
+import type { SkillPromptEntry } from "./skill-prompt-sanitizer";
+import { formatToolInputForPrompt } from "./tool-input-preview";
+import type { PermissionCheckResult } from "./types";
 
 export function formatMissingToolNameReason(): string {
   return "Tool call was blocked because no tool name was provided. Use a registered tool name from pi.getAllTools().";

package/src/skill-prompt-sanitizer.ts

@@ -1,8 +1,8 @@
 import { homedir } from "node:os";
 import { dirname, join, normalize, resolve, sep } from "node:path";
 
-import type { PermissionManager } from "./permission-manager.js";
-import type { PermissionState } from "./types.js";
+import type { PermissionManager } from "./permission-manager";
+import type { PermissionState } from "./types";
 
 const AVAILABLE_SKILLS_OPEN_TAG = "<available_skills>";
 const AVAILABLE_SKILLS_CLOSE_TAG = "</available_skills>";

package/src/status.ts

@@ -6,8 +6,8 @@ import type {
 import {
   EXTENSION_ID,
   type PermissionSystemExtensionConfig,
-} from "./extension-config.js";
-import { isYoloModeEnabled } from "./yolo-mode.js";
+} from "./extension-config";
+import { isYoloModeEnabled } from "./yolo-mode";
 
 export const PERMISSION_SYSTEM_STATUS_KEY = EXTENSION_ID;
 export const PERMISSION_SYSTEM_YOLO_STATUS_VALUE = "yolo";

package/src/subagent-context.ts

@@ -1,7 +1,7 @@
 import { normalize } from "node:path";
 import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
 
-import { SUBAGENT_ENV_HINT_KEYS } from "./permission-forwarding.js";
+import { SUBAGENT_ENV_HINT_KEYS } from "./permission-forwarding";
 
 export function normalizeFilesystemPath(pathValue: string): string {
   const normalizedPath = normalize(pathValue);

package/src/system-prompt-sanitizer.ts

@@ -94,6 +94,14 @@ function isTopLevelSectionHeader(line: string): boolean {
   );
 }
 
+function isSectionBodyLine(line: string): boolean {
+  const trimmed = line.trim();
+  if (trimmed.length === 0) return true; // blank line
+  if (trimmed.startsWith("- ")) return true; // bullet
+  if (line !== line.trimStart()) return true; // indented
+  return false;
+}
+
 function findSection(
   lines: readonly string[],
   header: string,
@@ -103,12 +111,25 @@ function findSection(
     return null;
   }
 
-  let end = lines.length;
+  // If a subsequent recognised section header exists, use it as the boundary.
+  // This preserves the original behaviour for the common case where sections
+  // are adjacent (e.g. "Available tools:" followed by "Guidelines:") and
+  // ensures any prose continuation between the two headers is also removed.
   for (let index = start + 1; index < lines.length; index += 1) {
     if (isTopLevelSectionHeader(lines[index])) {
+      return { start, end: index };
+    }
+  }
+
+  // No subsequent section header — stop at the first non-body line so that
+  // content after the section (e.g. custom user notes) is not silently deleted.
+  let end = start + 1;
+  for (let index = start + 1; index < lines.length; index += 1) {
+    if (!isSectionBodyLine(lines[index])) {
       end = index;
       break;
     }
+    end = index + 1;
   }
 
   return { start, end };

package/src/tool-input-preview.ts

@@ -1,6 +1,6 @@
-import { getNonEmptyString, toRecord } from "./common.js";
-import { safeJsonStringify } from "./logging.js";
-import type { PermissionCheckResult } from "./types.js";
+import { getNonEmptyString, toRecord } from "./common";
+import { safeJsonStringify } from "./logging";
+import type { PermissionCheckResult } from "./types";
 
 export const TOOL_INPUT_PREVIEW_MAX_LENGTH = 200;
 export const TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH = 1000;

package/src/tool-registry.ts

@@ -1,4 +1,4 @@
-import { getNonEmptyString, toRecord } from "./common.js";
+import { getNonEmptyString, toRecord } from "./common";
 
 export type ToolRegistrationCheckResult =
   | {

package/src/yolo-mode.ts

@@ -1,5 +1,5 @@
-import type { PermissionSystemExtensionConfig } from "./extension-config.js";
-import type { PermissionState } from "./types.js";
+import type { PermissionSystemExtensionConfig } from "./extension-config";
+import type { PermissionState } from "./types";
 
 export interface AskPermissionResolutionOptions {
   config: PermissionSystemExtensionConfig;

package/tests/active-agent.test.ts

@@ -5,7 +5,7 @@ import {
   getActiveAgentName,
   getActiveAgentNameFromSystemPrompt,
   normalizeAgentName,
-} from "../src/active-agent.js";
+} from "../src/active-agent";
 
 afterEach(() => {
   vi.restoreAllMocks();

package/tests/bash-filter.test.ts

@@ -1,6 +1,6 @@
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 
-import type { PermissionState } from "../src/types.js";
+import type { PermissionState } from "../src/types";
 
 // Mock wildcard-matcher before importing the module under test.
 vi.mock("../src/wildcard-matcher.js", () => ({
@@ -14,11 +14,11 @@ vi.mock("../src/wildcard-matcher.js", () => ({
   findCompiledWildcardMatch: vi.fn(),
 }));
 
-import { BashFilter } from "../src/bash-filter.js";
+import { BashFilter } from "../src/bash-filter";
 import {
   compileWildcardPatterns,
   findCompiledWildcardMatch,
-} from "../src/wildcard-matcher.js";
+} from "../src/wildcard-matcher";
 
 const mockedCompilePatterns = vi.mocked(compileWildcardPatterns);
 const mockedFindMatch = vi.mocked(findCompiledWildcardMatch);

package/tests/common.test.ts

@@ -6,7 +6,7 @@ import {
   isPermissionState,
   parseSimpleYamlMap,
   toRecord,
-} from "../src/common.js";
+} from "../src/common";
 
 afterEach(() => {
   vi.restoreAllMocks();

package/tests/config-loader.test.ts

@@ -7,7 +7,7 @@ import {
   loadAndMergeConfigs,
   loadUnifiedConfig,
   mergeUnifiedConfigs,
-} from "../src/config-loader.js";
+} from "../src/config-loader";
 
 describe("loadUnifiedConfig", () => {
   let tempDir: string;

package/tests/config-modal.test.ts

@@ -3,13 +3,13 @@ import { mkdtempSync, readFileSync, rmSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { test, vi } from "vitest";
-import { registerPermissionSystemCommand } from "../src/config-modal.js";
+import { registerPermissionSystemCommand } from "../src/config-modal";
 import {
   DEFAULT_EXTENSION_CONFIG,
   loadPermissionSystemConfig,
   type PermissionSystemExtensionConfig,
   savePermissionSystemConfig,
-} from "../src/extension-config.js";
+} from "../src/extension-config";
 
 vi.mock("@mariozechner/pi-coding-agent", () => ({
   getSettingsListTheme: () => ({}),

package/tests/config-paths.test.ts

@@ -11,7 +11,7 @@ import {
   getLegacyProjectPolicyPath,
   getProjectConfigPath,
   REVIEW_LOG_FILENAME,
-} from "../src/config-paths.js";
+} from "../src/config-paths";
 
 describe("config-paths", () => {
   const agentDir = "/home/user/.pi/agent";

package/tests/config-reporter.test.ts

@@ -9,10 +9,10 @@ import {
 import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { test } from "vitest";
-import { buildResolvedConfigLogEntry } from "../src/config-reporter.js";
-import { createPermissionSystemLogger } from "../src/logging.js";
-import type { ResolvedPolicyPaths } from "../src/permission-manager.js";
-import { PermissionManager } from "../src/permission-manager.js";
+import { buildResolvedConfigLogEntry } from "../src/config-reporter";
+import { createPermissionSystemLogger } from "../src/logging";
+import type { ResolvedPolicyPaths } from "../src/permission-manager";
+import { PermissionManager } from "../src/permission-manager";
 
 test("buildResolvedConfigLogEntry includes policy paths and legacy detection flags", () => {
   const policyPaths: ResolvedPolicyPaths = {

package/tests/extension-config.test.ts

@@ -7,7 +7,7 @@ import {
   detectMisplacedPermissionKeys,
   loadPermissionSystemConfig,
   normalizePermissionSystemConfig,
-} from "../src/extension-config.js";
+} from "../src/extension-config";
 
 describe("detectMisplacedPermissionKeys", () => {
   it("returns an empty array for a record with only valid extension keys", () => {

package/tests/external-directory.test.ts

@@ -20,7 +20,7 @@ import {
   isPathWithinDirectory,
   normalizePathForComparison,
   PATH_BEARING_TOOLS,
-} from "../src/external-directory.js";
+} from "../src/external-directory";
 
 afterEach(() => {
   vi.restoreAllMocks();

package/tests/permission-prompts.test.ts

@@ -15,10 +15,10 @@ import {
   formatSkillPathDenyReason,
   formatUnknownToolReason,
   formatUserDeniedReason,
-} from "../src/permission-prompts.js";
-import type { SkillPromptEntry } from "../src/skill-prompt-sanitizer.js";
-import { formatToolInputForPrompt } from "../src/tool-input-preview.js";
-import type { PermissionCheckResult } from "../src/types.js";
+} from "../src/permission-prompts";
+import type { SkillPromptEntry } from "../src/skill-prompt-sanitizer";
+import { formatToolInputForPrompt } from "../src/tool-input-preview";
+import type { PermissionCheckResult } from "../src/types";
 
 const mockedFormatToolInput = vi.mocked(formatToolInputForPrompt);
 

package/tests/permission-system.test.ts

@@ -10,51 +10,51 @@ import {
 import { tmpdir } from "node:os";
 import { dirname, join, resolve } from "node:path";
 import { test } from "vitest";
-import { BashFilter } from "../src/bash-filter.js";
+import { BashFilter } from "../src/bash-filter";
 import {
   createActiveToolsCacheKey,
   createBeforeAgentStartPromptStateKey,
   shouldApplyCachedAgentStartState,
-} from "../src/before-agent-start-cache.js";
-import { getGlobalConfigPath } from "../src/config-paths.js";
+} from "../src/before-agent-start-cache";
+import { getGlobalConfigPath } from "../src/config-paths";
 import {
   DEFAULT_EXTENSION_CONFIG,
   loadPermissionSystemConfig,
   savePermissionSystemConfig,
-} from "../src/extension-config.js";
-import piPermissionSystemExtension from "../src/index.js";
-import { createPermissionSystemLogger } from "../src/logging.js";
+} from "../src/extension-config";
+import piPermissionSystemExtension from "../src/index";
+import { createPermissionSystemLogger } from "../src/logging";
 import {
   createPermissionForwardingLocation,
   isForwardedPermissionRequestForSession,
   resolvePermissionForwardingTargetSessionId,
   SUBAGENT_ENV_HINT_KEYS,
   SUBAGENT_PARENT_SESSION_ENV_KEY,
-} from "../src/permission-forwarding.js";
+} from "../src/permission-forwarding";
 import {
   normalizeRawPermission,
   PermissionManager,
-} from "../src/permission-manager.js";
+} from "../src/permission-manager";
 import {
   findSkillPathMatch,
   parseAllSkillPromptSections,
   resolveSkillPromptEntries,
-} from "../src/skill-prompt-sanitizer.js";
-import { getPermissionSystemStatus } from "../src/status.js";
-import { sanitizeAvailableToolsSection } from "../src/system-prompt-sanitizer.js";
+} from "../src/skill-prompt-sanitizer";
+import { getPermissionSystemStatus } from "../src/status";
+import { sanitizeAvailableToolsSection } from "../src/system-prompt-sanitizer";
 import {
   checkRequestedToolRegistration,
   getToolNameFromValue,
-} from "../src/tool-registry.js";
+} from "../src/tool-registry";
 import type {
   AgentPermissions,
   GlobalPermissionConfig,
   PermissionState,
-} from "../src/types.js";
+} from "../src/types";
 import {
   canResolveAskPermissionRequest,
   shouldAutoApprovePermissionState,
-} from "../src/yolo-mode.js";
+} from "../src/yolo-mode";
 
 type CreateManagerOptions = {
   mcpServerNames?: readonly string[];

package/tests/session-start.test.ts

@@ -2,10 +2,10 @@ import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { dirname, join } from "node:path";
 import { afterEach, beforeEach, describe, expect, test } from "vitest";
-import { getGlobalConfigPath } from "../src/config-paths.js";
-import { DEFAULT_EXTENSION_CONFIG } from "../src/extension-config.js";
-import piPermissionSystemExtension from "../src/index.js";
-import type { GlobalPermissionConfig } from "../src/types.js";
+import { getGlobalConfigPath } from "../src/config-paths";
+import { DEFAULT_EXTENSION_CONFIG } from "../src/extension-config";
+import piPermissionSystemExtension from "../src/index";
+import type { GlobalPermissionConfig } from "../src/types";
 
 type MockHandler = (
   event: Record<string, unknown>,

package/tests/skill-prompt-sanitizer.test.ts

@@ -1,10 +1,10 @@
 import { afterEach, describe, expect, test, vi } from "vitest";
-import type { PermissionManager } from "../src/permission-manager.js";
+import type { PermissionManager } from "../src/permission-manager";
 import {
   findSkillPathMatch,
   resolveSkillPromptEntries,
-} from "../src/skill-prompt-sanitizer.js";
-import type { PermissionCheckResult } from "../src/types.js";
+} from "../src/skill-prompt-sanitizer";
+import type { PermissionCheckResult } from "../src/types";
 
 afterEach(() => {
   vi.restoreAllMocks();

package/tests/subagent-context.test.ts

@@ -1,10 +1,10 @@
 import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
 import { afterEach, describe, expect, test, vi } from "vitest";
-import { SUBAGENT_ENV_HINT_KEYS } from "../src/permission-forwarding.js";
+import { SUBAGENT_ENV_HINT_KEYS } from "../src/permission-forwarding";
 import {
   isSubagentExecutionContext,
   normalizeFilesystemPath,
-} from "../src/subagent-context.js";
+} from "../src/subagent-context";
 
 afterEach(() => {
   vi.unstubAllEnvs();

package/tests/system-prompt-sanitizer.test.ts

@@ -1,6 +1,6 @@
 import { afterEach, describe, expect, test, vi } from "vitest";
 
-import { sanitizeAvailableToolsSection } from "../src/system-prompt-sanitizer.js";
+import { sanitizeAvailableToolsSection } from "../src/system-prompt-sanitizer";
 
 afterEach(() => {
   vi.restoreAllMocks();
@@ -32,7 +32,7 @@ describe("sanitizeAvailableToolsSection — Available tools section", () => {
 
   // Bug #33: findSection extends to lines.length when no subsequent recognised
   // header follows, so content after the last section is silently deleted.
-  test.fails("preserves content that follows the Available tools section (bug #33)", () => {
+  test("preserves content that follows the Available tools section (bug #33)", () => {
     const input = prompt(
       availableToolsSection(["bash", "read"]),
       "Other content",
@@ -184,3 +184,44 @@ describe("sanitizeAvailableToolsSection — multi-section prompt", () => {
     expect(result.prompt).not.toMatch(/\n{3,}/);
   });
 });
+
+describe("sanitizeAvailableToolsSection — findSection boundary edge cases", () => {
+  test("preserves content after Guidelines when Guidelines is the last recognised section", () => {
+    const input = prompt(
+      guidelinesSection(["use bash for file operations like ls, rg, find"]),
+      "Trailing custom instructions",
+    );
+    const result = sanitizeAvailableToolsSection(input, []);
+    expect(result.prompt).toContain("Trailing custom instructions");
+  });
+
+  test("preserves trailing prose when both sections are removed", () => {
+    const input = prompt(
+      availableToolsSection(["bash"]),
+      guidelinesSection(["use bash for file operations like ls, rg, find"]),
+      "Important user note",
+    );
+    const result = sanitizeAvailableToolsSection(input, []);
+    expect(result.removed).toBe(true);
+    expect(result.prompt).not.toContain("Available tools:");
+    expect(result.prompt).not.toContain("Guidelines:");
+    expect(result.prompt).toContain("Important user note");
+  });
+
+  test("section at EOF with no trailing content still works", () => {
+    const input = availableToolsSection(["bash", "read"]);
+    const result = sanitizeAvailableToolsSection(input, ["bash", "read"]);
+    expect(result.removed).toBe(true);
+    expect(result.prompt).toBe("");
+  });
+
+  test("section followed by blank lines then prose — prose survives", () => {
+    const input = ["Available tools:", "- bash", "", "", "Custom note"].join(
+      "\n",
+    );
+    const result = sanitizeAvailableToolsSection(input, ["bash"]);
+    expect(result.removed).toBe(true);
+    expect(result.prompt).toContain("Custom note");
+    expect(result.prompt).not.toContain("Available tools:");
+  });
+});

package/tests/tool-input-preview.test.ts

@@ -5,7 +5,7 @@ vi.mock("../src/logging.js", () => ({
   safeJsonStringify: vi.fn((value: unknown) => JSON.stringify(value)),
 }));
 
-import { safeJsonStringify } from "../src/logging.js";
+import { safeJsonStringify } from "../src/logging";
 import {
   countTextLines,
   formatCount,
@@ -24,8 +24,8 @@ import {
   TOOL_INPUT_PREVIEW_MAX_LENGTH,
   TOOL_TEXT_SUMMARY_MAX_LENGTH,
   truncateInlineText,
-} from "../src/tool-input-preview.js";
-import type { PermissionCheckResult } from "../src/types.js";
+} from "../src/tool-input-preview";
+import type { PermissionCheckResult } from "../src/types";
 
 const mockedStringify = vi.mocked(safeJsonStringify);
 

package/tests/tool-registry.test.ts

@@ -3,7 +3,7 @@ import { afterEach, describe, expect, test, vi } from "vitest";
 import {
   checkRequestedToolRegistration,
   getToolNameFromValue,
-} from "../src/tool-registry.js";
+} from "../src/tool-registry";
 
 afterEach(() => {
   vi.restoreAllMocks();

package/tests/wildcard-matcher.test.ts

@@ -5,7 +5,7 @@ import {
   compileWildcardPatternEntries,
   findCompiledWildcardMatch,
   findCompiledWildcardMatchForNames,
-} from "../src/wildcard-matcher.js";
+} from "../src/wildcard-matcher";
 
 afterEach(() => {
   vi.restoreAllMocks();

package/tests/yolo-mode.test.ts

@@ -1,9 +1,9 @@
 import { afterEach, describe, expect, test, vi } from "vitest";
-import type { PermissionSystemExtensionConfig } from "../src/extension-config.js";
+import type { PermissionSystemExtensionConfig } from "../src/extension-config";
 import {
   canResolveAskPermissionRequest,
   shouldAutoApprovePermissionState,
-} from "../src/yolo-mode.js";
+} from "../src/yolo-mode";
 
 afterEach(() => {
   vi.restoreAllMocks();