@gotgenes/pi-permission-system 3.10.0 → 4.0.0

package/src/rule.ts

@@ -9,6 +9,11 @@ export interface Rule {
   pattern: string;
   /** The permission decision. */
   action: PermissionState;
+  /**
+   * Origin layer — used to derive PermissionCheckResult.source after evaluation.
+   * Not used by evaluate(); purely informational metadata.
+   */
+  layer?: "default" | "override" | "baseline" | "config" | "session";
 }
 
 /** An ordered list of rules. Later rules take priority (last-match-wins). */

package/src/session-rules.ts

@@ -15,7 +15,7 @@ export class SessionRules {
 
   /** Record a wildcard pattern as approved for the given surface. */
   approve(surface: string, pattern: string): void {
-    this.rules.push({ surface, pattern, action: "allow" });
+    this.rules.push({ surface, pattern, action: "allow", layer: "session" });
   }
 
   /** Return a defensive copy of the current session ruleset. */

package/src/synthesize.ts

@@ -0,0 +1,87 @@
+import type { Rule, Ruleset } from "./rule";
+import type { PermissionState } from "./types";
+
+/**
+ * Synthesize a single universal catch-all rule from the universal default.
+ *
+ * Produces one rule:
+ * `{ surface: "*", pattern: "*", action: universalDefault, layer: "default" }`
+ *
+ * Per-surface catch-alls (`bash["*"]`, `mcp["*"]`, etc.) are expressed as
+ * regular config rules from `normalizeFlatConfig()` and sit at higher indices
+ * in the composed array, so they override this default via last-match-wins.
+ */
+export function synthesizeDefaults(universalDefault: PermissionState): Ruleset {
+  return [
+    {
+      surface: "*",
+      pattern: "*",
+      action: universalDefault,
+      layer: "default",
+    },
+  ];
+}
+
+/**
+ * MCP metadata operation targets that are auto-allowed when any explicit MCP
+ * allow rule exists in the config layer.
+ */
+const MCP_BASELINE_TARGETS: readonly string[] = [
+  "mcp_status",
+  "mcp_list",
+  "mcp_search",
+  "mcp_describe",
+  "mcp_connect",
+];
+
+/**
+ * Conditionally synthesize MCP baseline auto-allow rules.
+ *
+ * Emits allow rules for the 5 MCP metadata targets only when `configRules`
+ * contains at least one `surface: "mcp", action: "allow"` rule. This replicates
+ * the `hasAnyMcpAllowRule` heuristic as actual rules.
+ *
+ * When `permission["mcp"]` is `"allow"` (or `mcp["*"]` is `"allow"`), the
+ * synthesized config catch-all already covers all MCP targets — no separate
+ * baseline rules are needed (and this function is not called in that case).
+ *
+ * Baseline rules are placed BEFORE config rules in the composed array so
+ * that explicit config deny rules can still override them.
+ *
+ * All rules carry `layer: "baseline"`.
+ */
+export function synthesizeBaseline(configRules: Ruleset): Ruleset {
+  const hasAnyMcpAllow = configRules.some(
+    (r) => r.surface === "mcp" && r.action === "allow",
+  );
+  if (!hasAnyMcpAllow) {
+    return [];
+  }
+  return MCP_BASELINE_TARGETS.map(
+    (target): Rule => ({
+      surface: "mcp",
+      pattern: target,
+      action: "allow",
+      layer: "baseline",
+    }),
+  );
+}
+
+/**
+ * Concatenate all rule layers into a single flat ruleset.
+ *
+ * Priority order (lowest → highest, i.e. earlier index → later index):
+ *   defaults → baseline → config
+ *
+ * Session rules are NOT included here — they are appended at call-time inside
+ * `checkPermission()` so that the cached composed ruleset remains session-agnostic.
+ *
+ * `evaluate()` scans from the end, so later layers override earlier ones.
+ */
+export function composeRuleset(
+  defaults: Ruleset,
+  baseline: Ruleset,
+  config: Ruleset,
+): Ruleset {
+  return [...defaults, ...baseline, ...config];
+}

package/src/types.ts

@@ -1,5 +1,15 @@
 export type PermissionState = "allow" | "deny" | "ask";
 
+/**
+ * The on-disk permission shape inside the `"permission"` key.
+ * Each key is a surface name; values are either a PermissionState string
+ * (shorthand for `{ "*": action }`) or a pattern→action map.
+ */
+export type FlatPermissionConfig = Record<
+  string,
+  PermissionState | Record<string, PermissionState>
+>;
+
 export type BuiltInToolName =
   | "bash"
   | "read"
@@ -11,28 +21,12 @@ export type BuiltInToolName =
 
 export type SpecialPermissionName = "external_directory";
 
-export interface PermissionDefaultPolicy {
-  tools: PermissionState;
-  bash: PermissionState;
-  mcp: PermissionState;
-  skills: PermissionState;
-  special: PermissionState;
-}
-
 /**
  * Per-scope permission config shape after loading and validation.
- * All fields optional — each scope may define a subset of the policy.
- *
- * This replaces the former AgentPermissions / GlobalPermissionConfig
- * interfaces (removed in #56).
+ * Holds only the flat permission map — all policy is expressed there.
  */
 export interface ScopeConfig {
-  defaultPolicy?: Partial<PermissionDefaultPolicy>;
-  tools?: Record<string, PermissionState>;
-  bash?: Record<string, PermissionState>;
-  mcp?: Record<string, PermissionState>;
-  skills?: Record<string, PermissionState>;
-  special?: Record<string, PermissionState>;
+  permission?: FlatPermissionConfig;
 }
 
 export interface PermissionCheckResult {
@@ -41,5 +35,5 @@ export interface PermissionCheckResult {
   matchedPattern?: string;
   command?: string;
   target?: string;
-  source: "tool" | "bash" | "mcp" | "skill" | "special" | "default";
+  source: "tool" | "bash" | "mcp" | "skill" | "special" | "default" | "session";
 }

package/tests/config-loader.test.ts

@@ -20,7 +20,7 @@ describe("loadUnifiedConfig", () => {
     rmSync(tempDir, { recursive: true, force: true });
   });
 
-  it("parses a valid JSON file with runtime knobs and policy", () => {
+  it("parses a valid JSON file with runtime knobs and flat permission", () => {
     const configPath = join(tempDir, "config.json");
     writeFileSync(
       configPath,
@@ -28,9 +28,11 @@ describe("loadUnifiedConfig", () => {
         debugLog: true,
         permissionReviewLog: false,
         yoloMode: true,
-        defaultPolicy: { tools: "allow", bash: "deny" },
-        tools: { read: "allow", write: "deny" },
-        bash: { "git status": "allow" },
+        permission: {
+          "*": "ask",
+          read: "allow",
+          bash: { "git status": "allow" },
+        },
       }),
     );
 
@@ -39,12 +41,11 @@ describe("loadUnifiedConfig", () => {
     expect(result.config.debugLog).toBe(true);
     expect(result.config.permissionReviewLog).toBe(false);
     expect(result.config.yoloMode).toBe(true);
-    expect(result.config.defaultPolicy).toEqual({
-      tools: "allow",
-      bash: "deny",
+    expect(result.config.permission).toEqual({
+      "*": "ask",
+      read: "allow",
+      bash: { "git status": "allow" },
     });
-    expect(result.config.tools).toEqual({ read: "allow", write: "deny" });
-    expect(result.config.bash).toEqual({ "git status": "allow" });
   });
 
   it("strips JSONC comments before parsing", () => {
@@ -55,14 +56,14 @@ describe("loadUnifiedConfig", () => {
   // This is a comment
   "debugLog": true,
   /* block comment */
-  "defaultPolicy": { "tools": "ask" }
+  "permission": { "*": "ask" }
 }`,
     );
 
     const result = loadUnifiedConfig(configPath);
     expect(result.issues).toEqual([]);
     expect(result.config.debugLog).toBe(true);
-    expect(result.config.defaultPolicy).toEqual({ tools: "ask" });
+    expect(result.config.permission).toEqual({ "*": "ask" });
   });
 
   it("ignores unknown keys without emitting issues", () => {
@@ -82,16 +83,15 @@ describe("loadUnifiedConfig", () => {
     expect(result.config).not.toHaveProperty("unknownField");
   });
 
-  it("returns defaults and no issues when the file does not exist", () => {
+  it("returns empty config and no issues when the file does not exist", () => {
     const configPath = join(tempDir, "nonexistent.json");
     const result = loadUnifiedConfig(configPath);
     expect(result.issues).toEqual([]);
     expect(result.config.debugLog).toBeUndefined();
-    expect(result.config.defaultPolicy).toBeUndefined();
-    expect(result.config.tools).toBeUndefined();
+    expect(result.config.permission).toBeUndefined();
   });
 
-  it("returns defaults and an issue when the file contains invalid JSON", () => {
+  it("returns empty config and an issue when the file contains invalid JSON", () => {
     const configPath = join(tempDir, "config.json");
     writeFileSync(configPath, "not valid json {{{");
 
@@ -112,65 +112,121 @@ describe("loadUnifiedConfig", () => {
     );
 
     const result = loadUnifiedConfig(configPath);
-    // Non-boolean values are not included
     expect(result.config.debugLog).toBeUndefined();
     expect(result.config.permissionReviewLog).toBeUndefined();
     expect(result.config.yoloMode).toBeUndefined();
   });
 
-  it("normalizes permission maps, keeping only valid PermissionState values", () => {
+  it("normalizes permission map, keeping only valid PermissionState values", () => {
     const configPath = join(tempDir, "config.json");
     writeFileSync(
       configPath,
       JSON.stringify({
-        tools: { read: "allow", write: "invalid", edit: "deny" },
-        bash: { "git *": "ask", "rm -rf": 42 },
+        permission: {
+          read: "allow",
+          write: "invalid",
+          bash: { "git *": "ask", "rm -rf": 42 },
+        },
       }),
     );
 
     const result = loadUnifiedConfig(configPath);
-    expect(result.config.tools).toEqual({ read: "allow", edit: "deny" });
-    expect(result.config.bash).toEqual({ "git *": "ask" });
+    expect(result.config.permission).toEqual({
+      read: "allow",
+      bash: { "git *": "ask" },
+    });
   });
 
-  it("collects deprecated special key issues (doom_loop and tool_call_limit)", () => {
+  it("accepts permission as object with mixed string and object values", () => {
     const configPath = join(tempDir, "config.json");
     writeFileSync(
       configPath,
       JSON.stringify({
-        special: { doom_loop: "deny", tool_call_limit: "ask" },
+        permission: {
+          "*": "ask",
+          read: "allow",
+          bash: { "*": "ask", "git *": "allow" },
+          external_directory: "ask",
+        },
       }),
     );
 
     const result = loadUnifiedConfig(configPath);
-    expect(result.issues).toHaveLength(2);
-    expect(result.issues.some((i) => i.includes("doom_loop"))).toBe(true);
-    expect(result.issues.some((i) => i.includes("tool_call_limit"))).toBe(true);
-    expect(result.config.special).toBeUndefined();
+    expect(result.issues).toEqual([]);
+    expect(result.config.permission).toEqual({
+      "*": "ask",
+      read: "allow",
+      bash: { "*": "ask", "git *": "allow" },
+      external_directory: "ask",
+    });
+  });
+
+  it("returns no permission when the permission field is absent", () => {
+    const configPath = join(tempDir, "config.json");
+    writeFileSync(configPath, JSON.stringify({ debugLog: false }));
+
+    const result = loadUnifiedConfig(configPath);
+    expect(result.config.permission).toBeUndefined();
+  });
+
+  it("ignores a non-object permission field", () => {
+    const configPath = join(tempDir, "config.json");
+    writeFileSync(configPath, JSON.stringify({ permission: "allow" }));
+
+    const result = loadUnifiedConfig(configPath);
+    expect(result.config.permission).toBeUndefined();
   });
 });
 
 describe("mergeUnifiedConfigs", () => {
-  it("deep-merges object fields so project overrides global per-key", () => {
+  it("deep-merges permission objects so project overrides global per-key", () => {
     const merged = mergeUnifiedConfigs(
       {
-        defaultPolicy: { tools: "ask", bash: "deny" },
-        tools: { read: "allow", write: "deny" },
-        bash: { "git status": "allow" },
+        permission: {
+          "*": "ask",
+          read: "allow",
+          bash: { "git status": "allow" },
+        },
       },
       {
-        defaultPolicy: { tools: "allow" },
-        tools: { write: "allow", edit: "ask" },
+        permission: {
+          "*": "allow",
+          bash: { "rm -rf *": "deny" },
+        },
       },
     );
 
-    expect(merged.defaultPolicy).toEqual({ tools: "allow", bash: "deny" });
-    expect(merged.tools).toEqual({
+    expect(merged.permission).toEqual({
+      "*": "allow",
       read: "allow",
-      write: "allow",
-      edit: "ask",
+      bash: { "git status": "allow", "rm -rf *": "deny" },
     });
-    expect(merged.bash).toEqual({ "git status": "allow" });
+  });
+
+  it("string permission value in override replaces base string for same key", () => {
+    const merged = mergeUnifiedConfigs(
+      { permission: { read: "ask" } },
+      { permission: { read: "allow" } },
+    );
+    expect(merged.permission).toEqual({ read: "allow" });
+  });
+
+  it("object replaces string when override uses object for same surface", () => {
+    const merged = mergeUnifiedConfigs(
+      { permission: { bash: "ask" } },
+      { permission: { bash: { "*": "allow", "rm -rf *": "deny" } } },
+    );
+    expect(merged.permission).toEqual({
+      bash: { "*": "allow", "rm -rf *": "deny" },
+    });
+  });
+
+  it("string replaces object when override uses string for same surface", () => {
+    const merged = mergeUnifiedConfigs(
+      { permission: { bash: { "git *": "allow" } } },
+      { permission: { bash: "deny" } },
+    );
+    expect(merged.permission).toEqual({ bash: "deny" });
   });
 
   it("replaces scalar runtime knobs (project wins)", () => {
@@ -187,25 +243,23 @@ describe("mergeUnifiedConfigs", () => {
   it("returns base unchanged when override is empty", () => {
     const base = {
       debugLog: true,
-      defaultPolicy: { tools: "ask" as const },
-      tools: { read: "allow" as const },
+      permission: { read: "allow" as const },
     };
     const merged = mergeUnifiedConfigs(base, {});
 
     expect(merged.debugLog).toBe(true);
-    expect(merged.defaultPolicy).toEqual({ tools: "ask" });
-    expect(merged.tools).toEqual({ read: "allow" });
+    expect(merged.permission).toEqual({ read: "allow" });
   });
 
   it("returns override unchanged when base is empty", () => {
     const override = {
       yoloMode: true,
-      bash: { "rm -rf": "deny" as const },
+      permission: { bash: { "rm -rf *": "deny" as const } },
     };
     const merged = mergeUnifiedConfigs({}, override);
 
     expect(merged.yoloMode).toBe(true);
-    expect(merged.bash).toEqual({ "rm -rf": "deny" });
+    expect(merged.permission).toEqual({ bash: { "rm -rf *": "deny" } });
   });
 
   it("does not set undefined keys in the merged result", () => {
@@ -214,8 +268,7 @@ describe("mergeUnifiedConfigs", () => {
     expect(merged.debugLog).toBe(true);
     expect(merged.yoloMode).toBe(false);
     expect(merged).not.toHaveProperty("permissionReviewLog");
-    expect(merged).not.toHaveProperty("defaultPolicy");
-    expect(merged).not.toHaveProperty("tools");
+    expect(merged).not.toHaveProperty("permission");
   });
 });
 
@@ -270,22 +323,20 @@ describe("loadAndMergeConfigs", () => {
   it("merges global and project new-layout configs", () => {
     writeGlobal({
       debugLog: true,
-      defaultPolicy: { tools: "ask", bash: "deny" },
-      tools: { read: "allow" },
+      permission: { "*": "ask", read: "allow" },
     });
     writeProject({
-      defaultPolicy: { tools: "allow" },
-      tools: { write: "deny" },
+      permission: { "*": "allow", write: "deny" },
     });
 
     const result = loadAndMergeConfigs(agentDir, cwd, extensionRoot);
     expect(result.issues).toEqual([]);
     expect(result.merged.debugLog).toBe(true);
-    expect(result.merged.defaultPolicy).toEqual({
-      tools: "allow",
-      bash: "deny",
+    expect(result.merged.permission).toEqual({
+      "*": "allow",
+      read: "allow",
+      write: "deny",
     });
-    expect(result.merged.tools).toEqual({ read: "allow", write: "deny" });
   });
 
   it("detects legacy global policy and emits migration issue", () => {
@@ -298,9 +349,8 @@ describe("loadAndMergeConfigs", () => {
     expect(result.issues).toHaveLength(1);
     expect(result.issues[0]).toContain("pi-permissions.jsonc");
     expect(result.issues[0]).toContain("extensions/pi-permission-system");
-    // Legacy values are merged
-    expect(result.merged.defaultPolicy).toEqual({ tools: "allow" });
-    expect(result.merged.tools).toEqual({ read: "allow" });
+    // Legacy file has no flat-format permission key — no rules extracted
+    expect(result.merged.permission).toBeUndefined();
   });
 
   it("detects legacy project policy and emits migration issue", () => {
@@ -312,7 +362,8 @@ describe("loadAndMergeConfigs", () => {
     expect(result.issues).toHaveLength(1);
     expect(result.issues[0]).toContain(".pi/agent/pi-permissions.jsonc");
     expect(result.issues[0]).toContain(".pi/extensions/pi-permission-system");
-    expect(result.merged.bash).toEqual({ "git status": "allow" });
+    // Legacy file has no flat-format permission key — no rules extracted
+    expect(result.merged.permission).toBeUndefined();
   });
 
   it("detects legacy extension runtime config and emits migration issue", () => {
@@ -329,7 +380,6 @@ describe("loadAndMergeConfigs", () => {
   });
 
   it("does not emit legacy extension config issue when path equals new global path", () => {
-    // If the extension happens to be installed at the new path, no warning
     const newGlobalDir = join(agentDir, "extensions", "pi-permission-system");
     mkdirSync(newGlobalDir, { recursive: true });
     writeFileSync(
@@ -348,15 +398,15 @@ describe("loadAndMergeConfigs", () => {
 
   it("new-layout config takes precedence over legacy config at same scope", () => {
     writeGlobal({
-      defaultPolicy: { tools: "deny" },
+      permission: { "*": "deny" },
     });
     writeLegacyGlobalPolicy({
-      defaultPolicy: { tools: "allow" },
+      permission: { "*": "allow" },
     });
 
     const result = loadAndMergeConfigs(agentDir, cwd, extensionRoot);
-    // New layout wins
-    expect(result.merged.defaultPolicy).toEqual({ tools: "deny" });
+    // New layout wins (legacy loaded first, new layout loaded second → new wins)
+    expect(result.merged.permission).toEqual({ "*": "deny" });
     // But legacy still emits a migration warning
     expect(result.issues.some((i) => i.includes("pi-permissions.jsonc"))).toBe(
       true,

package/tests/defaults.test.ts

@@ -1,105 +1,12 @@
+// defaults.ts has been removed as part of #66 (flat permission config format).
+// The PermissionDefaultPolicy type and mergeDefaults() / getSurfaceDefault()
+// helpers are no longer needed — the universal default is expressed as
+// permission["*"] in the flat config, and per-surface catch-alls are regular
+// config rules produced by normalizeFlatConfig().
 import { describe, expect, test } from "vitest";
-import {
-  DEFAULT_POLICY,
-  getSurfaceDefault,
-  mergeDefaults,
-} from "../src/defaults";
-import type { PermissionDefaultPolicy } from "../src/types";
 
-const SPECIAL_KEYS = new Set(["external_directory"]);
-
-describe("getSurfaceDefault", () => {
-  const defaults: PermissionDefaultPolicy = {
-    tools: "allow",
-    bash: "deny",
-    mcp: "ask",
-    skills: "allow",
-    special: "deny",
-  };
-
-  test("returns defaults.bash for surface 'bash'", () => {
-    expect(getSurfaceDefault("bash", defaults, SPECIAL_KEYS)).toBe("deny");
-  });
-
-  test("returns defaults.mcp for surface 'mcp'", () => {
-    expect(getSurfaceDefault("mcp", defaults, SPECIAL_KEYS)).toBe("ask");
-  });
-
-  test("returns defaults.skills for surface 'skill'", () => {
-    expect(getSurfaceDefault("skill", defaults, SPECIAL_KEYS)).toBe("allow");
-  });
-
-  test("returns defaults.special for special-key surfaces", () => {
-    expect(
-      getSurfaceDefault("external_directory", defaults, SPECIAL_KEYS),
-    ).toBe("deny");
-  });
-
-  test("returns defaults.tools for tool-name surfaces", () => {
-    expect(getSurfaceDefault("read", defaults, SPECIAL_KEYS)).toBe("allow");
-    expect(getSurfaceDefault("write", defaults, SPECIAL_KEYS)).toBe("allow");
-    expect(getSurfaceDefault("edit", defaults, SPECIAL_KEYS)).toBe("allow");
-  });
-
-  test("returns defaults.tools for unknown surfaces (least privilege via tools default)", () => {
-    expect(
-      getSurfaceDefault("unknown_extension_tool", defaults, SPECIAL_KEYS),
-    ).toBe("allow");
-  });
-
-  test("uses DEFAULT_POLICY when no overrides exist", () => {
-    expect(getSurfaceDefault("bash", DEFAULT_POLICY, SPECIAL_KEYS)).toBe("ask");
-    expect(getSurfaceDefault("read", DEFAULT_POLICY, SPECIAL_KEYS)).toBe("ask");
-    expect(
-      getSurfaceDefault("external_directory", DEFAULT_POLICY, SPECIAL_KEYS),
-    ).toBe("ask");
-  });
-});
-
-describe("mergeDefaults", () => {
-  test("returns DEFAULT_POLICY when called with no partials", () => {
-    expect(mergeDefaults()).toEqual(DEFAULT_POLICY);
-  });
-
-  test("overrides specific fields from a single partial", () => {
-    const result = mergeDefaults({ tools: "allow", bash: "deny" });
-    expect(result).toEqual({
-      tools: "allow",
-      bash: "deny",
-      mcp: "ask",
-      skills: "ask",
-      special: "ask",
-    });
-  });
-
-  test("later partials override earlier ones", () => {
-    const global: Partial<PermissionDefaultPolicy> = { tools: "allow" };
-    const project: Partial<PermissionDefaultPolicy> = { tools: "deny" };
-    const result = mergeDefaults(global, project);
-    expect(result.tools).toBe("deny");
-  });
-
-  test("merges across multiple partials", () => {
-    const global: Partial<PermissionDefaultPolicy> = {
-      tools: "allow",
-      bash: "allow",
-    };
-    const project: Partial<PermissionDefaultPolicy> = { bash: "deny" };
-    const agent: Partial<PermissionDefaultPolicy> = { mcp: "allow" };
-    const result = mergeDefaults(global, project, agent);
-    expect(result).toEqual({
-      tools: "allow",
-      bash: "deny",
-      mcp: "allow",
-      skills: "ask",
-      special: "ask",
-    });
-  });
-
-  test("undefined fields in later partials do not override earlier values", () => {
-    const global: Partial<PermissionDefaultPolicy> = { tools: "allow" };
-    const project: Partial<PermissionDefaultPolicy> = { bash: "deny" };
-    const result = mergeDefaults(global, project);
-    expect(result.tools).toBe("allow");
+describe("defaults (removed)", () => {
+  test("placeholder — defaults.ts was removed in #66", () => {
+    expect(true).toBe(true);
   });
 });

package/tests/extension-config.test.ts

@@ -24,7 +24,7 @@ describe("detectMisplacedPermissionKeys", () => {
     expect(result).toEqual([]);
   });
 
-  it("returns misplaced key names when permission-rule keys are present", () => {
+  it("returns misplaced key names when legacy permission-rule keys are present", () => {
     const result = detectMisplacedPermissionKeys({
       debugLog: true,
       defaultPolicy: { tools: "ask" },
@@ -33,7 +33,7 @@ describe("detectMisplacedPermissionKeys", () => {
     expect(result).toEqual(["defaultPolicy", "bash"]);
   });
 
-  it("detects all known permission-rule keys", () => {
+  it("detects all known legacy permission-rule keys", () => {
     const result = detectMisplacedPermissionKeys({
       defaultPolicy: {},
       tools: {},
@@ -54,13 +54,21 @@ describe("detectMisplacedPermissionKeys", () => {
     ]);
   });
 
-  it("does not detect doom_loop as a misplaced permission key (deprecated)", () => {
+  it("does not detect doom_loop as a misplaced permission key", () => {
     const result = detectMisplacedPermissionKeys({
       doom_loop: {},
     });
     expect(result).toEqual([]);
   });
 
+  it("does not flag the new flat-format permission key as misplaced", () => {
+    const result = detectMisplacedPermissionKeys({
+      debugLog: false,
+      permission: { "*": "ask" },
+    });
+    expect(result).toEqual([]);
+  });
+
   it("ignores unknown keys that are not permission-rule keys", () => {
     const result = detectMisplacedPermissionKeys({
       debugLog: true,
@@ -109,7 +117,7 @@ describe("loadPermissionSystemConfig", () => {
     expect(result.warning).toBeDefined();
     expect(result.warning).toContain("defaultPolicy");
     expect(result.warning).toContain("bash");
-    expect(result.warning).toContain("pi-permissions.jsonc");
+    expect(result.warning).toContain("permission");
   });
 
   it("still returns the valid extension config fields when misplaced keys are present", () => {