@gotgenes/pi-permission-system 3.11.0 → 4.0.1

package/src/synthesize.ts

@@ -1,90 +1,27 @@
 import type { Rule, Ruleset } from "./rule";
-import type { PermissionDefaultPolicy, PermissionState } from "./types";
+import type { PermissionState } from "./types";
 
 /**
- * Convert the merged `defaultPolicy` into catch-all rules at the lowest
- * priority position in the composed ruleset.
+ * Synthesize a single universal catch-all rule from the universal default.
  *
- * Produces 5 rules:
- * 1. `{ surface: "*", pattern: "*" }` — universal fallback (tools default)
- * 2. `{ surface: "bash", pattern: "*" }` — bash default
- * 3. `{ surface: "mcp", pattern: "*" }` — mcp default
- * 4. `{ surface: "skill", pattern: "*" }` — skill default
- * 5. `{ surface: "special", pattern: "*" }` — special / external_directory default
+ * Produces one rule:
+ * `{ surface: "*", pattern: "*", action: universalDefault, layer: "default" }`
  *
- * All rules carry `layer: "default"`. `evaluate()` ignores this field.
- * The specific per-surface rules come after the universal rule so they win
- * via last-match-wins when a surface-specific default differs from the
- * tools default.
+ * Per-surface catch-alls (`bash["*"]`, `mcp["*"]`, etc.) are expressed as
+ * regular config rules from `normalizeFlatConfig()` and sit at higher indices
+ * in the composed array, so they override this default via last-match-wins.
  */
-export function synthesizeDefaults(defaults: PermissionDefaultPolicy): Ruleset {
+export function synthesizeDefaults(universalDefault: PermissionState): Ruleset {
   return [
-    { surface: "*", pattern: "*", action: defaults.tools, layer: "default" },
-    { surface: "bash", pattern: "*", action: defaults.bash, layer: "default" },
-    { surface: "mcp", pattern: "*", action: defaults.mcp, layer: "default" },
     {
-      surface: "skill",
+      surface: "*",
       pattern: "*",
-      action: defaults.skills,
-      layer: "default",
-    },
-    {
-      surface: "special",
-      pattern: "*",
-      action: defaults.special,
+      action: universalDefault,
       layer: "default",
     },
   ];
 }
 
-/**
- * Per-scope override shape — the relevant keys extracted from `tools`.
- * `undefined` means the scope did not configure that override.
- */
-export interface OverrideScope {
-  bash?: PermissionState;
-  mcp?: PermissionState;
-}
-
-/**
- * Convert per-scope `tools.bash` / `tools.mcp` entries into catch-all rules
- * placed between defaults and config rules.
- *
- * Scopes must be passed in precedence order (lowest first, e.g. global →
- * project → agent → project-agent). Later scopes produce later rules and
- * therefore win via last-match-wins — identical to the current last-scope-wins
- * logic for `bashDefault` / `mcpToolLevel`.
- *
- * Only scopes that explicitly define a value contribute a rule; `undefined`
- * entries are skipped.
- *
- * All rules carry `layer: "override"`.
- */
-export function synthesizeOverrides(
-  scopes: ReadonlyArray<OverrideScope>,
-): Ruleset {
-  const rules: Rule[] = [];
-  for (const scope of scopes) {
-    if (scope.bash !== undefined) {
-      rules.push({
-        surface: "bash",
-        pattern: "*",
-        action: scope.bash,
-        layer: "override",
-      });
-    }
-    if (scope.mcp !== undefined) {
-      rules.push({
-        surface: "mcp",
-        pattern: "*",
-        action: scope.mcp,
-        layer: "override",
-      });
-    }
-  }
-  return rules;
-}
-
 /**
  * MCP metadata operation targets that are auto-allowed when any explicit MCP
  * allow rule exists in the config layer.
@@ -104,13 +41,12 @@ const MCP_BASELINE_TARGETS: readonly string[] = [
  * contains at least one `surface: "mcp", action: "allow"` rule. This replicates
  * the `hasAnyMcpAllowRule` heuristic as actual rules.
  *
- * When `defaults.mcp === "allow"`, the synthesized default catch-all already
- * covers all MCP targets — no separate baseline rules are needed (and this
- * function is not called in that case).
+ * When `permission["mcp"]` is `"allow"` (or `mcp["*"]` is `"allow"`), the
+ * synthesized config catch-all already covers all MCP targets — no separate
+ * baseline rules are needed (and this function is not called in that case).
  *
- * Baseline rules are placed BEFORE override rules in the composed array so
- * that `tools.mcp` overrides beat baseline (preserving current behaviour where
- * an explicit `tools.mcp` value always terminates the MCP decision).
+ * Baseline rules are placed BEFORE config rules in the composed array so
+ * that explicit config deny rules can still override them.
  *
  * All rules carry `layer: "baseline"`.
  */
@@ -135,7 +71,7 @@ export function synthesizeBaseline(configRules: Ruleset): Ruleset {
  * Concatenate all rule layers into a single flat ruleset.
  *
  * Priority order (lowest → highest, i.e. earlier index → later index):
- *   defaults → baseline → overrides → config
+ *   defaults → baseline → config
  *
  * Session rules are NOT included here — they are appended at call-time inside
  * `checkPermission()` so that the cached composed ruleset remains session-agnostic.
@@ -145,8 +81,7 @@ export function synthesizeBaseline(configRules: Ruleset): Ruleset {
 export function composeRuleset(
   defaults: Ruleset,
   baseline: Ruleset,
-  overrides: Ruleset,
   config: Ruleset,
 ): Ruleset {
-  return [...defaults, ...baseline, ...overrides, ...config];
+  return [...defaults, ...baseline, ...config];
 }

package/src/types.ts

@@ -1,5 +1,15 @@
 export type PermissionState = "allow" | "deny" | "ask";
 
+/**
+ * The on-disk permission shape inside the `"permission"` key.
+ * Each key is a surface name; values are either a PermissionState string
+ * (shorthand for `{ "*": action }`) or a pattern→action map.
+ */
+export type FlatPermissionConfig = Record<
+  string,
+  PermissionState | Record<string, PermissionState>
+>;
+
 export type BuiltInToolName =
   | "bash"
   | "read"
@@ -11,28 +21,12 @@ export type BuiltInToolName =
 
 export type SpecialPermissionName = "external_directory";
 
-export interface PermissionDefaultPolicy {
-  tools: PermissionState;
-  bash: PermissionState;
-  mcp: PermissionState;
-  skills: PermissionState;
-  special: PermissionState;
-}
-
 /**
  * Per-scope permission config shape after loading and validation.
- * All fields optional — each scope may define a subset of the policy.
- *
- * This replaces the former AgentPermissions / GlobalPermissionConfig
- * interfaces (removed in #56).
+ * Holds only the flat permission map — all policy is expressed there.
  */
 export interface ScopeConfig {
-  defaultPolicy?: Partial<PermissionDefaultPolicy>;
-  tools?: Record<string, PermissionState>;
-  bash?: Record<string, PermissionState>;
-  mcp?: Record<string, PermissionState>;
-  skills?: Record<string, PermissionState>;
-  special?: Record<string, PermissionState>;
+  permission?: FlatPermissionConfig;
 }
 
 export interface PermissionCheckResult {

package/tests/bash-external-directory.test.ts

@@ -279,6 +279,37 @@ describe("extractExternalPathsFromBashCommand", () => {
     });
   });
 
+  describe("bare-slash tokens are skipped", () => {
+    test("does not flag // token", () => {
+      const result = extractExternalPathsFromBashCommand("echo //", cwd);
+      expect(result).toHaveLength(0);
+    });
+
+    test("does not flag / token", () => {
+      const result = extractExternalPathsFromBashCommand("echo /", cwd);
+      expect(result).toHaveLength(0);
+    });
+
+    test("does not flag /// token", () => {
+      const result = extractExternalPathsFromBashCommand("echo ///", cwd);
+      expect(result).toHaveLength(0);
+    });
+
+    test("does not flag // in echo with other args", () => {
+      const result = extractExternalPathsFromBashCommand("echo // hello", cwd);
+      expect(result).toHaveLength(0);
+    });
+
+    test("still flags real external path alongside //", () => {
+      const result = extractExternalPathsFromBashCommand(
+        "cat /etc/hosts; echo //",
+        cwd,
+      );
+      expect(result).toContain("/etc/hosts");
+      expect(result).toHaveLength(1);
+    });
+  });
+
   describe("deduplication", () => {
     test("returns deduplicated paths", () => {
       const result = extractExternalPathsFromBashCommand(

package/tests/config-loader.test.ts

@@ -20,7 +20,7 @@ describe("loadUnifiedConfig", () => {
     rmSync(tempDir, { recursive: true, force: true });
   });
 
-  it("parses a valid JSON file with runtime knobs and policy", () => {
+  it("parses a valid JSON file with runtime knobs and flat permission", () => {
     const configPath = join(tempDir, "config.json");
     writeFileSync(
       configPath,
@@ -28,9 +28,11 @@ describe("loadUnifiedConfig", () => {
         debugLog: true,
         permissionReviewLog: false,
         yoloMode: true,
-        defaultPolicy: { tools: "allow", bash: "deny" },
-        tools: { read: "allow", write: "deny" },
-        bash: { "git status": "allow" },
+        permission: {
+          "*": "ask",
+          read: "allow",
+          bash: { "git status": "allow" },
+        },
       }),
     );
 
@@ -39,12 +41,11 @@ describe("loadUnifiedConfig", () => {
     expect(result.config.debugLog).toBe(true);
     expect(result.config.permissionReviewLog).toBe(false);
     expect(result.config.yoloMode).toBe(true);
-    expect(result.config.defaultPolicy).toEqual({
-      tools: "allow",
-      bash: "deny",
+    expect(result.config.permission).toEqual({
+      "*": "ask",
+      read: "allow",
+      bash: { "git status": "allow" },
     });
-    expect(result.config.tools).toEqual({ read: "allow", write: "deny" });
-    expect(result.config.bash).toEqual({ "git status": "allow" });
   });
 
   it("strips JSONC comments before parsing", () => {
@@ -55,14 +56,14 @@ describe("loadUnifiedConfig", () => {
   // This is a comment
   "debugLog": true,
   /* block comment */
-  "defaultPolicy": { "tools": "ask" }
+  "permission": { "*": "ask" }
 }`,
     );
 
     const result = loadUnifiedConfig(configPath);
     expect(result.issues).toEqual([]);
     expect(result.config.debugLog).toBe(true);
-    expect(result.config.defaultPolicy).toEqual({ tools: "ask" });
+    expect(result.config.permission).toEqual({ "*": "ask" });
   });
 
   it("ignores unknown keys without emitting issues", () => {
@@ -82,16 +83,15 @@ describe("loadUnifiedConfig", () => {
     expect(result.config).not.toHaveProperty("unknownField");
   });
 
-  it("returns defaults and no issues when the file does not exist", () => {
+  it("returns empty config and no issues when the file does not exist", () => {
     const configPath = join(tempDir, "nonexistent.json");
     const result = loadUnifiedConfig(configPath);
     expect(result.issues).toEqual([]);
     expect(result.config.debugLog).toBeUndefined();
-    expect(result.config.defaultPolicy).toBeUndefined();
-    expect(result.config.tools).toBeUndefined();
+    expect(result.config.permission).toBeUndefined();
   });
 
-  it("returns defaults and an issue when the file contains invalid JSON", () => {
+  it("returns empty config and an issue when the file contains invalid JSON", () => {
     const configPath = join(tempDir, "config.json");
     writeFileSync(configPath, "not valid json {{{");
 
@@ -112,65 +112,121 @@ describe("loadUnifiedConfig", () => {
     );
 
     const result = loadUnifiedConfig(configPath);
-    // Non-boolean values are not included
     expect(result.config.debugLog).toBeUndefined();
     expect(result.config.permissionReviewLog).toBeUndefined();
     expect(result.config.yoloMode).toBeUndefined();
   });
 
-  it("normalizes permission maps, keeping only valid PermissionState values", () => {
+  it("normalizes permission map, keeping only valid PermissionState values", () => {
     const configPath = join(tempDir, "config.json");
     writeFileSync(
       configPath,
       JSON.stringify({
-        tools: { read: "allow", write: "invalid", edit: "deny" },
-        bash: { "git *": "ask", "rm -rf": 42 },
+        permission: {
+          read: "allow",
+          write: "invalid",
+          bash: { "git *": "ask", "rm -rf": 42 },
+        },
       }),
     );
 
     const result = loadUnifiedConfig(configPath);
-    expect(result.config.tools).toEqual({ read: "allow", edit: "deny" });
-    expect(result.config.bash).toEqual({ "git *": "ask" });
+    expect(result.config.permission).toEqual({
+      read: "allow",
+      bash: { "git *": "ask" },
+    });
   });
 
-  it("collects deprecated special key issues (doom_loop and tool_call_limit)", () => {
+  it("accepts permission as object with mixed string and object values", () => {
     const configPath = join(tempDir, "config.json");
     writeFileSync(
       configPath,
       JSON.stringify({
-        special: { doom_loop: "deny", tool_call_limit: "ask" },
+        permission: {
+          "*": "ask",
+          read: "allow",
+          bash: { "*": "ask", "git *": "allow" },
+          external_directory: "ask",
+        },
       }),
     );
 
     const result = loadUnifiedConfig(configPath);
-    expect(result.issues).toHaveLength(2);
-    expect(result.issues.some((i) => i.includes("doom_loop"))).toBe(true);
-    expect(result.issues.some((i) => i.includes("tool_call_limit"))).toBe(true);
-    expect(result.config.special).toBeUndefined();
+    expect(result.issues).toEqual([]);
+    expect(result.config.permission).toEqual({
+      "*": "ask",
+      read: "allow",
+      bash: { "*": "ask", "git *": "allow" },
+      external_directory: "ask",
+    });
+  });
+
+  it("returns no permission when the permission field is absent", () => {
+    const configPath = join(tempDir, "config.json");
+    writeFileSync(configPath, JSON.stringify({ debugLog: false }));
+
+    const result = loadUnifiedConfig(configPath);
+    expect(result.config.permission).toBeUndefined();
+  });
+
+  it("ignores a non-object permission field", () => {
+    const configPath = join(tempDir, "config.json");
+    writeFileSync(configPath, JSON.stringify({ permission: "allow" }));
+
+    const result = loadUnifiedConfig(configPath);
+    expect(result.config.permission).toBeUndefined();
   });
 });
 
 describe("mergeUnifiedConfigs", () => {
-  it("deep-merges object fields so project overrides global per-key", () => {
+  it("deep-merges permission objects so project overrides global per-key", () => {
     const merged = mergeUnifiedConfigs(
       {
-        defaultPolicy: { tools: "ask", bash: "deny" },
-        tools: { read: "allow", write: "deny" },
-        bash: { "git status": "allow" },
+        permission: {
+          "*": "ask",
+          read: "allow",
+          bash: { "git status": "allow" },
+        },
       },
       {
-        defaultPolicy: { tools: "allow" },
-        tools: { write: "allow", edit: "ask" },
+        permission: {
+          "*": "allow",
+          bash: { "rm -rf *": "deny" },
+        },
       },
     );
 
-    expect(merged.defaultPolicy).toEqual({ tools: "allow", bash: "deny" });
-    expect(merged.tools).toEqual({
+    expect(merged.permission).toEqual({
+      "*": "allow",
       read: "allow",
-      write: "allow",
-      edit: "ask",
+      bash: { "git status": "allow", "rm -rf *": "deny" },
     });
-    expect(merged.bash).toEqual({ "git status": "allow" });
+  });
+
+  it("string permission value in override replaces base string for same key", () => {
+    const merged = mergeUnifiedConfigs(
+      { permission: { read: "ask" } },
+      { permission: { read: "allow" } },
+    );
+    expect(merged.permission).toEqual({ read: "allow" });
+  });
+
+  it("object replaces string when override uses object for same surface", () => {
+    const merged = mergeUnifiedConfigs(
+      { permission: { bash: "ask" } },
+      { permission: { bash: { "*": "allow", "rm -rf *": "deny" } } },
+    );
+    expect(merged.permission).toEqual({
+      bash: { "*": "allow", "rm -rf *": "deny" },
+    });
+  });
+
+  it("string replaces object when override uses string for same surface", () => {
+    const merged = mergeUnifiedConfigs(
+      { permission: { bash: { "git *": "allow" } } },
+      { permission: { bash: "deny" } },
+    );
+    expect(merged.permission).toEqual({ bash: "deny" });
   });
 
   it("replaces scalar runtime knobs (project wins)", () => {
@@ -187,25 +243,23 @@ describe("mergeUnifiedConfigs", () => {
   it("returns base unchanged when override is empty", () => {
     const base = {
       debugLog: true,
-      defaultPolicy: { tools: "ask" as const },
-      tools: { read: "allow" as const },
+      permission: { read: "allow" as const },
     };
     const merged = mergeUnifiedConfigs(base, {});
 
     expect(merged.debugLog).toBe(true);
-    expect(merged.defaultPolicy).toEqual({ tools: "ask" });
-    expect(merged.tools).toEqual({ read: "allow" });
+    expect(merged.permission).toEqual({ read: "allow" });
   });
 
   it("returns override unchanged when base is empty", () => {
     const override = {
       yoloMode: true,
-      bash: { "rm -rf": "deny" as const },
+      permission: { bash: { "rm -rf *": "deny" as const } },
     };
     const merged = mergeUnifiedConfigs({}, override);
 
     expect(merged.yoloMode).toBe(true);
-    expect(merged.bash).toEqual({ "rm -rf": "deny" });
+    expect(merged.permission).toEqual({ bash: { "rm -rf *": "deny" } });
   });
 
   it("does not set undefined keys in the merged result", () => {
@@ -214,8 +268,7 @@ describe("mergeUnifiedConfigs", () => {
     expect(merged.debugLog).toBe(true);
     expect(merged.yoloMode).toBe(false);
     expect(merged).not.toHaveProperty("permissionReviewLog");
-    expect(merged).not.toHaveProperty("defaultPolicy");
-    expect(merged).not.toHaveProperty("tools");
+    expect(merged).not.toHaveProperty("permission");
   });
 });
 
@@ -270,22 +323,20 @@ describe("loadAndMergeConfigs", () => {
   it("merges global and project new-layout configs", () => {
     writeGlobal({
       debugLog: true,
-      defaultPolicy: { tools: "ask", bash: "deny" },
-      tools: { read: "allow" },
+      permission: { "*": "ask", read: "allow" },
     });
     writeProject({
-      defaultPolicy: { tools: "allow" },
-      tools: { write: "deny" },
+      permission: { "*": "allow", write: "deny" },
     });
 
     const result = loadAndMergeConfigs(agentDir, cwd, extensionRoot);
     expect(result.issues).toEqual([]);
     expect(result.merged.debugLog).toBe(true);
-    expect(result.merged.defaultPolicy).toEqual({
-      tools: "allow",
-      bash: "deny",
+    expect(result.merged.permission).toEqual({
+      "*": "allow",
+      read: "allow",
+      write: "deny",
     });
-    expect(result.merged.tools).toEqual({ read: "allow", write: "deny" });
   });
 
   it("detects legacy global policy and emits migration issue", () => {
@@ -298,9 +349,8 @@ describe("loadAndMergeConfigs", () => {
     expect(result.issues).toHaveLength(1);
     expect(result.issues[0]).toContain("pi-permissions.jsonc");
     expect(result.issues[0]).toContain("extensions/pi-permission-system");
-    // Legacy values are merged
-    expect(result.merged.defaultPolicy).toEqual({ tools: "allow" });
-    expect(result.merged.tools).toEqual({ read: "allow" });
+    // Legacy file has no flat-format permission key — no rules extracted
+    expect(result.merged.permission).toBeUndefined();
   });
 
   it("detects legacy project policy and emits migration issue", () => {
@@ -312,7 +362,8 @@ describe("loadAndMergeConfigs", () => {
     expect(result.issues).toHaveLength(1);
     expect(result.issues[0]).toContain(".pi/agent/pi-permissions.jsonc");
     expect(result.issues[0]).toContain(".pi/extensions/pi-permission-system");
-    expect(result.merged.bash).toEqual({ "git status": "allow" });
+    // Legacy file has no flat-format permission key — no rules extracted
+    expect(result.merged.permission).toBeUndefined();
   });
 
   it("detects legacy extension runtime config and emits migration issue", () => {
@@ -329,7 +380,6 @@ describe("loadAndMergeConfigs", () => {
   });
 
   it("does not emit legacy extension config issue when path equals new global path", () => {
-    // If the extension happens to be installed at the new path, no warning
     const newGlobalDir = join(agentDir, "extensions", "pi-permission-system");
     mkdirSync(newGlobalDir, { recursive: true });
     writeFileSync(
@@ -348,15 +398,15 @@ describe("loadAndMergeConfigs", () => {
 
   it("new-layout config takes precedence over legacy config at same scope", () => {
     writeGlobal({
-      defaultPolicy: { tools: "deny" },
+      permission: { "*": "deny" },
     });
     writeLegacyGlobalPolicy({
-      defaultPolicy: { tools: "allow" },
+      permission: { "*": "allow" },
     });
 
     const result = loadAndMergeConfigs(agentDir, cwd, extensionRoot);
-    // New layout wins
-    expect(result.merged.defaultPolicy).toEqual({ tools: "deny" });
+    // New layout wins (legacy loaded first, new layout loaded second → new wins)
+    expect(result.merged.permission).toEqual({ "*": "deny" });
     // But legacy still emits a migration warning
     expect(result.issues.some((i) => i.includes("pi-permissions.jsonc"))).toBe(
       true,

package/tests/defaults.test.ts

@@ -1,105 +1,12 @@
+// defaults.ts has been removed as part of #66 (flat permission config format).
+// The PermissionDefaultPolicy type and mergeDefaults() / getSurfaceDefault()
+// helpers are no longer needed — the universal default is expressed as
+// permission["*"] in the flat config, and per-surface catch-alls are regular
+// config rules produced by normalizeFlatConfig().
 import { describe, expect, test } from "vitest";
-import {
-  DEFAULT_POLICY,
-  getSurfaceDefault,
-  mergeDefaults,
-} from "../src/defaults";
-import type { PermissionDefaultPolicy } from "../src/types";
 
-const SPECIAL_KEYS = new Set(["external_directory"]);
-
-describe("getSurfaceDefault", () => {
-  const defaults: PermissionDefaultPolicy = {
-    tools: "allow",
-    bash: "deny",
-    mcp: "ask",
-    skills: "allow",
-    special: "deny",
-  };
-
-  test("returns defaults.bash for surface 'bash'", () => {
-    expect(getSurfaceDefault("bash", defaults, SPECIAL_KEYS)).toBe("deny");
-  });
-
-  test("returns defaults.mcp for surface 'mcp'", () => {
-    expect(getSurfaceDefault("mcp", defaults, SPECIAL_KEYS)).toBe("ask");
-  });
-
-  test("returns defaults.skills for surface 'skill'", () => {
-    expect(getSurfaceDefault("skill", defaults, SPECIAL_KEYS)).toBe("allow");
-  });
-
-  test("returns defaults.special for special-key surfaces", () => {
-    expect(
-      getSurfaceDefault("external_directory", defaults, SPECIAL_KEYS),
-    ).toBe("deny");
-  });
-
-  test("returns defaults.tools for tool-name surfaces", () => {
-    expect(getSurfaceDefault("read", defaults, SPECIAL_KEYS)).toBe("allow");
-    expect(getSurfaceDefault("write", defaults, SPECIAL_KEYS)).toBe("allow");
-    expect(getSurfaceDefault("edit", defaults, SPECIAL_KEYS)).toBe("allow");
-  });
-
-  test("returns defaults.tools for unknown surfaces (least privilege via tools default)", () => {
-    expect(
-      getSurfaceDefault("unknown_extension_tool", defaults, SPECIAL_KEYS),
-    ).toBe("allow");
-  });
-
-  test("uses DEFAULT_POLICY when no overrides exist", () => {
-    expect(getSurfaceDefault("bash", DEFAULT_POLICY, SPECIAL_KEYS)).toBe("ask");
-    expect(getSurfaceDefault("read", DEFAULT_POLICY, SPECIAL_KEYS)).toBe("ask");
-    expect(
-      getSurfaceDefault("external_directory", DEFAULT_POLICY, SPECIAL_KEYS),
-    ).toBe("ask");
-  });
-});
-
-describe("mergeDefaults", () => {
-  test("returns DEFAULT_POLICY when called with no partials", () => {
-    expect(mergeDefaults()).toEqual(DEFAULT_POLICY);
-  });
-
-  test("overrides specific fields from a single partial", () => {
-    const result = mergeDefaults({ tools: "allow", bash: "deny" });
-    expect(result).toEqual({
-      tools: "allow",
-      bash: "deny",
-      mcp: "ask",
-      skills: "ask",
-      special: "ask",
-    });
-  });
-
-  test("later partials override earlier ones", () => {
-    const global: Partial<PermissionDefaultPolicy> = { tools: "allow" };
-    const project: Partial<PermissionDefaultPolicy> = { tools: "deny" };
-    const result = mergeDefaults(global, project);
-    expect(result.tools).toBe("deny");
-  });
-
-  test("merges across multiple partials", () => {
-    const global: Partial<PermissionDefaultPolicy> = {
-      tools: "allow",
-      bash: "allow",
-    };
-    const project: Partial<PermissionDefaultPolicy> = { bash: "deny" };
-    const agent: Partial<PermissionDefaultPolicy> = { mcp: "allow" };
-    const result = mergeDefaults(global, project, agent);
-    expect(result).toEqual({
-      tools: "allow",
-      bash: "deny",
-      mcp: "allow",
-      skills: "ask",
-      special: "ask",
-    });
-  });
-
-  test("undefined fields in later partials do not override earlier values", () => {
-    const global: Partial<PermissionDefaultPolicy> = { tools: "allow" };
-    const project: Partial<PermissionDefaultPolicy> = { bash: "deny" };
-    const result = mergeDefaults(global, project);
-    expect(result.tools).toBe("allow");
+describe("defaults (removed)", () => {
+  test("placeholder — defaults.ts was removed in #66", () => {
+    expect(true).toBe(true);
   });
 });