@gotgenes/pi-permission-system 3.3.0 → 3.5.0

package/CHANGELOG.md

@@ -5,6 +5,39 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.5.0](https://github.com/gotgenes/pi-permission-system/compare/v3.4.0...v3.5.0) (2026-05-03)
+
+
+### Features
+
+* deprecate doom_loop special permission key ([68e70e7](https://github.com/gotgenes/pi-permission-system/commit/68e70e71b68e5a76a071ef4613da356a91080158))
+* remove doom_loop from type union and config-loader ([bf2f288](https://github.com/gotgenes/pi-permission-system/commit/bf2f2886a800187337e82954e812e6d05e9bd451))
+
+
+### Documentation
+
+* add architecture documents for current and target permission model ([aab1ac5](https://github.com/gotgenes/pi-permission-system/commit/aab1ac50c4478d2e393c2a796bf6fcc4ec606f79))
+* plan doom_loop deprecation ([#54](https://github.com/gotgenes/pi-permission-system/issues/54)) ([2e730f5](https://github.com/gotgenes/pi-permission-system/commit/2e730f52189dd2996ebbe90dd5d2b3206a45d1f6))
+* plan handler extraction from piPermissionSystemExtension ([#42](https://github.com/gotgenes/pi-permission-system/issues/42)) ([6ecd419](https://github.com/gotgenes/pi-permission-system/commit/6ecd4190fb9a60009eb695b4998ab8a1d1419139))
+* remove doom_loop from schema, example, and README ([7f422e0](https://github.com/gotgenes/pi-permission-system/commit/7f422e086f0052e0d9449dbd0122c57b923b053d))
+* **retro:** add retro notes for issue [#45](https://github.com/gotgenes/pi-permission-system/issues/45) ([14c5559](https://github.com/gotgenes/pi-permission-system/commit/14c55595c5abfaa51f8ec83369452db5f457836c))
+
+## [3.4.0](https://github.com/gotgenes/pi-permission-system/compare/v3.3.0...v3.4.0) (2026-05-03)
+
+
+### Features
+
+* add "approve for session" option to permission dialog ([#45](https://github.com/gotgenes/pi-permission-system/issues/45)) ([909d5ee](https://github.com/gotgenes/pi-permission-system/commit/909d5ee540615f876852b3bdb60154487c2570fd))
+* add SessionApprovalCache for ephemeral session approvals ([#45](https://github.com/gotgenes/pi-permission-system/issues/45)) ([4f97779](https://github.com/gotgenes/pi-permission-system/commit/4f9777980eba139c9c85a027eeddc84ff932911c))
+* wire session approvals into external-directory gates ([#45](https://github.com/gotgenes/pi-permission-system/issues/45)) ([3ab156d](https://github.com/gotgenes/pi-permission-system/commit/3ab156dc4ad10bd37938a5096dc6c33970767b1a))
+
+
+### Documentation
+
+* document session-scoped approval option ([#45](https://github.com/gotgenes/pi-permission-system/issues/45)) ([eb1eb9c](https://github.com/gotgenes/pi-permission-system/commit/eb1eb9c0052e7dd88ad7162b322160cfd6e0e62b))
+* plan session-scoped approvals for permission prompts ([#45](https://github.com/gotgenes/pi-permission-system/issues/45)) ([29dcede](https://github.com/gotgenes/pi-permission-system/commit/29dcede17ad68fd3980bf3289069e237de2b4ef0))
+* **retro:** add retro notes for issue [#41](https://github.com/gotgenes/pi-permission-system/issues/41) ([fd2755f](https://github.com/gotgenes/pi-permission-system/commit/fd2755fcf4ec68c9e65e6128e9b869da1f368abb))
+
 ## [3.3.0](https://github.com/gotgenes/pi-permission-system/compare/v3.2.0...v3.3.0) (2026-05-03)
 
 

package/README.md

@@ -137,7 +137,7 @@ The config file combines runtime knobs and permission policy in one object:
   "bash": { "git status": "allow", "git *": "ask" },
   "mcp": { "mcp_status": "allow" },
   "skills": { "*": "ask" },
-  "special": { "doom_loop": "deny", "external_directory": "ask" }
+  "special": { "external_directory": "ask" }
 }
 ```
 
@@ -353,13 +353,11 @@ Reserved permission checks:
 
 | Key                  | Description                                                                                                                                                                   |
 | -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `doom_loop`          | Controls doom loop detection behavior                                                                                                                                         |
 | `external_directory` | Enforces ask/allow/deny decisions for path-bearing tools and bash commands that reference paths outside the active working directory                                          |
 
 ```jsonc
 {
   "special": {
-    "doom_loop": "deny",
     "external_directory": "ask",
   },
 }
@@ -470,6 +468,23 @@ Example edit approval prompt:
 Current agent requested tool 'edit' for '.gitignore' (1 replacement: edit #1 replaces 5 lines with 2 lines). Allow this call?
 ```
 
+### Session-Scoped Approvals
+
+When `special.external_directory` resolves to `ask`, the permission dialog offers four options:
+
+```text
+Yes | Yes, for this session | No | No, provide reason
+```
+
+Selecting **Yes, for this session** approves the current request and caches the directory prefix so that subsequent accesses under the same directory skip the prompt for the remainder of the session.
+For example, approving access to `~/other-project/src/foo.ts` covers all paths under `~/other-project/src/` until the session ends.
+
+Session approvals are ephemeral — they are never persisted to disk and are cleared on `session_shutdown`.
+The review log records these decisions with `resolution: "session_approved"` so they remain auditable.
+
+This is currently scoped to the `external_directory` surface only.
+Other permission surfaces (tools, bash patterns, MCP, skills) always use the standard one-time approval flow.
+
 ### Subagent Permission Forwarding
 
 When a delegated or routed subagent runs without direct UI access, `ask` permissions can still be enforced by forwarding the confirmation request through Pi session directories. The main interactive session polls for forwarded requests, shows the confirmation prompt, writes the response, and the subagent resumes once that decision is available.
@@ -514,6 +529,7 @@ This makes it easy to verify which files the extension actually loaded:
 index.ts                    → Root Pi entrypoint shim
 src/
 ├── index.ts                → Extension bootstrap, permission checks, readable prompts, review logging, reload handling, and subagent forwarding
+├── session-approval-cache.ts → Ephemeral session-scoped approval cache for external-directory access
 ├── config-loader.ts        → Unified config loader, merger, and legacy-path detection
 ├── config-paths.ts         → Path derivation for global, project, and legacy config locations
 ├── config-reporter.ts      → Resolved config path reporting for diagnostic logs

package/config/config.example.json

@@ -27,7 +27,6 @@
     "*": "ask"
   },
   "special": {
-    "doom_loop": "deny",
     "external_directory": "ask"
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gotgenes/pi-permission-system",
-  "version": "3.3.0",
+  "version": "3.5.0",
   "description": "Permission enforcement extension for the Pi coding agent.",
   "type": "module",
   "files": [

package/schemas/permissions.schema.json

@@ -60,8 +60,8 @@
           "default": "ask"
         },
         "special": {
-          "description": "Default permission for special checks (doom_loop, external_directory) when no explicit rule matches.",
-          "markdownDescription": "Default permission for special checks (`doom_loop`, `external_directory`) when no explicit rule matches.",
+          "description": "Default permission for special checks (external_directory) when no explicit rule matches.",
+          "markdownDescription": "Default permission for special checks (`external_directory`) when no explicit rule matches.",
           "$ref": "#/$defs/permissionState",
           "default": "ask"
         }
@@ -122,10 +122,6 @@
       "type": "object",
       "additionalProperties": false,
       "properties": {
-        "doom_loop": {
-          "description": "Controls doom loop detection behavior.",
-          "$ref": "#/$defs/permissionState"
-        },
         "external_directory": {
           "description": "Enforces permission checks for path-bearing file tools (read, write, edit, find, grep, ls) when they target paths outside the active working directory.",
           "markdownDescription": "Enforces permission checks for path-bearing file tools (`read`, `write`, `edit`, `find`, `grep`, `ls`) when they target paths outside the active working directory.\n\nEvaluated **before** the normal tool permission check — so `tools.read: \"allow\"` can permit ordinary reads while `external_directory: \"ask\"` still requires confirmation for paths outside `cwd`.",

package/src/config-loader.ts

@@ -36,6 +36,7 @@ export interface UnifiedConfigLoadResult {
 }
 
 const DEPRECATED_SPECIAL_KEYS: ReadonlySet<string> = new Set([
+  "doom_loop",
   "tool_call_limit",
 ]);
 
@@ -49,7 +50,7 @@ const BUILT_IN_TOOL_PERMISSION_NAMES = new Set([
   "ls",
 ]);
 
-const SPECIAL_PERMISSION_KEYS = new Set(["doom_loop", "external_directory"]);
+const SPECIAL_PERMISSION_KEYS = new Set(["external_directory"]);
 
 export function stripJsonComments(input: string): string {
   let output = "";

package/src/extension-config.ts

@@ -69,7 +69,6 @@ const PERMISSION_POLICY_KEYS: ReadonlySet<string> = new Set([
   "skills",
   "special",
   "external_directory",
-  "doom_loop",
 ]);
 
 export function detectMisplacedPermissionKeys(

package/src/index.ts

@@ -80,6 +80,10 @@ import {
   formatUnknownToolReason,
   formatUserDeniedReason,
 } from "./permission-prompts";
+import {
+  deriveApprovalPrefix,
+  SessionApprovalCache,
+} from "./session-approval-cache";
 import {
   findSkillPathMatch,
   resolveSkillPromptEntries,
@@ -234,6 +238,7 @@ function createPermissionManagerForCwd(
 
 export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
   let permissionManager = new PermissionManager();
+  const sessionApprovalCache = new SessionApprovalCache();
   let activeSkillEntries: SkillPromptEntry[] = [];
   let lastKnownActiveAgentName: string | null = null;
   let lastActiveToolsCacheKey: string | null = null;
@@ -587,6 +592,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
     runtimeContext?.ui.setStatus(PERMISSION_SYSTEM_STATUS_KEY, undefined);
     runtimeContext = null;
     invalidateAgentStartCache();
+    sessionApprovalCache.clear();
     stopForwardedPermissionPolling();
   });
 
@@ -814,60 +820,91 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
       externalDirectoryPath &&
       isPathOutsideWorkingDirectory(externalDirectoryPath, ctx.cwd)
     ) {
-      const extCheck = permissionManager.checkPermission(
-        "external_directory",
-        {},
-        agentName ?? undefined,
-      );
-
-      const extDirMessage = formatExternalDirectoryAskPrompt(
-        toolName,
+      const normalizedExtPath = normalizePathForComparison(
         externalDirectoryPath,
         ctx.cwd,
-        agentName ?? undefined,
       );
-      const extDirGate = await applyPermissionGate({
-        state: extCheck.state,
-        canConfirm: canRequestPermissionConfirmation(ctx),
-        promptForApproval: () =>
-          promptPermission(ctx, {
-            requestId: event.toolCallId,
-            source: "tool_call",
-            agentName,
-            message: extDirMessage,
-            toolCallId: event.toolCallId,
-            toolName,
-            path: externalDirectoryPath,
-          }),
-        writeLog: writeReviewLog,
-        logContext: {
+      const sessionPrefix = sessionApprovalCache.findMatchingPrefix(
+        "external_directory",
+        normalizedExtPath,
+      );
+
+      if (sessionPrefix) {
+        writeReviewLog("permission_request.session_approved", {
           source: "tool_call",
           toolCallId: event.toolCallId,
           toolName,
           agentName,
           path: externalDirectoryPath,
-          message: extDirMessage,
-        },
-        messages: {
-          denyReason: formatExternalDirectoryDenyReason(
+          resolution: "session_approved",
+          sessionApprovalPrefix: sessionPrefix,
+        });
+        // Fall through to normal permission check
+      } else {
+        const extCheck = permissionManager.checkPermission(
+          "external_directory",
+          {},
+          agentName ?? undefined,
+        );
+
+        let extDirDecision: PermissionPromptDecision | null = null;
+        const extDirMessage = formatExternalDirectoryAskPrompt(
+          toolName,
+          externalDirectoryPath,
+          ctx.cwd,
+          agentName ?? undefined,
+        );
+        const extDirGate = await applyPermissionGate({
+          state: extCheck.state,
+          canConfirm: canRequestPermissionConfirmation(ctx),
+          promptForApproval: async () => {
+            const decision = await promptPermission(ctx, {
+              requestId: event.toolCallId,
+              source: "tool_call",
+              agentName,
+              message: extDirMessage,
+              toolCallId: event.toolCallId,
+              toolName,
+              path: externalDirectoryPath,
+            });
+            extDirDecision = decision;
+            return decision;
+          },
+          writeLog: writeReviewLog,
+          logContext: {
+            source: "tool_call",
+            toolCallId: event.toolCallId,
             toolName,
-            externalDirectoryPath,
-            ctx.cwd,
-            agentName ?? undefined,
-          ),
-          unavailableReason: `Accessing '${externalDirectoryPath}' outside the working directory requires approval, but no interactive UI is available.`,
-          userDeniedReason: (decision) =>
-            formatExternalDirectoryUserDeniedReason(
+            agentName,
+            path: externalDirectoryPath,
+            message: extDirMessage,
+          },
+          messages: {
+            denyReason: formatExternalDirectoryDenyReason(
               toolName,
               externalDirectoryPath,
-              decision.denialReason,
+              ctx.cwd,
+              agentName ?? undefined,
             ),
-        },
-      });
-      if (extDirGate.action === "block") {
-        return { block: true, reason: extDirGate.reason };
+            unavailableReason: `Accessing '${externalDirectoryPath}' outside the working directory requires approval, but no interactive UI is available.`,
+            userDeniedReason: (decision) =>
+              formatExternalDirectoryUserDeniedReason(
+                toolName,
+                externalDirectoryPath,
+                decision.denialReason,
+              ),
+          },
+        });
+        if (extDirGate.action === "block") {
+          return { block: true, reason: extDirGate.reason };
+        }
+
+        if (extDirDecision?.state === "approved_for_session") {
+          const prefix = deriveApprovalPrefix(normalizedExtPath);
+          sessionApprovalCache.approve("external_directory", prefix);
+        }
       }
-      // state === "allow" → fall through to normal permission check
+      // Fall through to normal permission check
     }
 
     // Bash external directory gate: extract paths from bash commands
@@ -879,61 +916,91 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
           ctx.cwd,
         );
         if (externalPaths.length > 0) {
-          const extCheck = permissionManager.checkPermission(
-            "external_directory",
-            {},
-            agentName ?? undefined,
+          // Filter out paths already covered by session approvals
+          const uncoveredPaths = externalPaths.filter(
+            (p) => !sessionApprovalCache.has("external_directory", p),
           );
 
-          const bashExtMessage = formatBashExternalDirectoryAskPrompt(
-            command,
-            externalPaths,
-            ctx.cwd,
-            agentName ?? undefined,
-          );
-          const bashExtGate = await applyPermissionGate({
-            state: extCheck.state,
-            canConfirm: canRequestPermissionConfirmation(ctx),
-            promptForApproval: () =>
-              promptPermission(ctx, {
-                requestId: event.toolCallId,
-                source: "tool_call",
-                agentName,
-                message: bashExtMessage,
-                toolCallId: event.toolCallId,
-                toolName,
-                command,
-              }),
-            writeLog: writeReviewLog,
-            logContext: {
+          if (uncoveredPaths.length === 0) {
+            // All external paths are session-approved
+            writeReviewLog("permission_request.session_approved", {
               source: "tool_call",
               toolCallId: event.toolCallId,
               toolName,
               agentName,
               command,
               externalPaths,
-              message: bashExtMessage,
-            },
-            messages: {
-              denyReason: formatBashExternalDirectoryDenyReason(
+              resolution: "session_approved",
+            });
+            // Fall through to normal bash permission check
+          } else {
+            const extCheck = permissionManager.checkPermission(
+              "external_directory",
+              {},
+              agentName ?? undefined,
+            );
+
+            let bashExtDecision: PermissionPromptDecision | null = null;
+            const bashExtMessage = formatBashExternalDirectoryAskPrompt(
+              command,
+              uncoveredPaths,
+              ctx.cwd,
+              agentName ?? undefined,
+            );
+            const bashExtGate = await applyPermissionGate({
+              state: extCheck.state,
+              canConfirm: canRequestPermissionConfirmation(ctx),
+              promptForApproval: async () => {
+                const decision = await promptPermission(ctx, {
+                  requestId: event.toolCallId,
+                  source: "tool_call",
+                  agentName,
+                  message: bashExtMessage,
+                  toolCallId: event.toolCallId,
+                  toolName,
+                  command,
+                });
+                bashExtDecision = decision;
+                return decision;
+              },
+              writeLog: writeReviewLog,
+              logContext: {
+                source: "tool_call",
+                toolCallId: event.toolCallId,
+                toolName,
+                agentName,
                 command,
-                externalPaths,
-                ctx.cwd,
-                agentName ?? undefined,
-              ),
-              unavailableReason: `Bash command '${command}' references path(s) outside the working directory and requires approval, but no interactive UI is available.`,
-              userDeniedReason: (decision) => {
-                const reasonSuffix = decision.denialReason
-                  ? ` Reason: ${decision.denialReason}.`
-                  : "";
-                return `User denied external directory access for bash command '${command}'.${reasonSuffix} ${formatExternalDirectoryHardStopHint()}`;
+                externalPaths: uncoveredPaths,
+                message: bashExtMessage,
               },
-            },
-          });
-          if (bashExtGate.action === "block") {
-            return { block: true, reason: bashExtGate.reason };
+              messages: {
+                denyReason: formatBashExternalDirectoryDenyReason(
+                  command,
+                  uncoveredPaths,
+                  ctx.cwd,
+                  agentName ?? undefined,
+                ),
+                unavailableReason: `Bash command '${command}' references path(s) outside the working directory and requires approval, but no interactive UI is available.`,
+                userDeniedReason: (decision) => {
+                  const reasonSuffix = decision.denialReason
+                    ? ` Reason: ${decision.denialReason}.`
+                    : "";
+                  return `User denied external directory access for bash command '${command}'.${reasonSuffix} ${formatExternalDirectoryHardStopHint()}`;
+                },
+              },
+            });
+            if (bashExtGate.action === "block") {
+              return { block: true, reason: bashExtGate.reason };
+            }
+
+            if (bashExtDecision?.state === "approved_for_session") {
+              for (const extPath of uncoveredPaths) {
+                const prefix = deriveApprovalPrefix(extPath);
+                sessionApprovalCache.approve("external_directory", prefix);
+              }
+            }
           }
-          // state === "allow" → fall through to normal bash permission check
+          // Fall through to normal bash permission check
         }
       }
     }

package/src/permission-dialog.ts

@@ -1,5 +1,6 @@
 export type PermissionDecisionState =
   | "approved"
+  | "approved_for_session"
   | "denied"
   | "denied_with_reason";
 
@@ -15,10 +16,12 @@ export interface PermissionDecisionUi {
 }
 
 const APPROVE_OPTION = "Yes";
+const APPROVE_FOR_SESSION_OPTION = "Yes, for this session";
 const DENY_OPTION = "No";
 const DENY_WITH_REASON_OPTION = "No, provide reason";
 const PERMISSION_DECISION_OPTIONS = [
   APPROVE_OPTION,
+  APPROVE_FOR_SESSION_OPTION,
   DENY_OPTION,
   DENY_WITH_REASON_OPTION,
 ] as const;
@@ -54,7 +57,10 @@ export function isPermissionDecisionState(
   value: unknown,
 ): value is PermissionDecisionState {
   return (
-    value === "approved" || value === "denied" || value === "denied_with_reason"
+    value === "approved" ||
+    value === "approved_for_session" ||
+    value === "denied" ||
+    value === "denied_with_reason"
   );
 }
 
@@ -74,6 +80,13 @@ export async function requestPermissionDecisionFromUi(
     };
   }
 
+  if (selected === APPROVE_FOR_SESSION_OPTION) {
+    return {
+      approved: true,
+      state: "approved_for_session",
+    };
+  }
+
   if (selected === DENY_WITH_REASON_OPTION) {
     const denialReason = normalizePermissionDenialReason(
       await ui.input(

package/src/permission-manager.ts

@@ -46,7 +46,7 @@ const BUILT_IN_TOOL_PERMISSION_NAMES = new Set([
   "find",
   "ls",
 ]);
-const SPECIAL_PERMISSION_KEYS = new Set(["doom_loop", "external_directory"]);
+const SPECIAL_PERMISSION_KEYS = new Set(["external_directory"]);
 const MCP_BASELINE_TARGETS = new Set([
   "mcp_status",
   "mcp_list",
@@ -156,6 +156,7 @@ function getConfiguredMcpServerNamesFromPaths(
 }
 
 const DEPRECATED_SPECIAL_KEYS: ReadonlySet<string> = new Set([
+  "doom_loop",
   "tool_call_limit",
 ]);
 

package/src/session-approval-cache.ts

@@ -0,0 +1,81 @@
+import { dirname, sep } from "node:path";
+
+import { isPathWithinDirectory } from "./external-directory";
+
+/**
+ * Ephemeral in-memory cache of session-scoped permission approvals.
+ * Keyed by permission surface (e.g. "external_directory"), values are
+ * normalized directory prefixes that have been approved for the session.
+ *
+ * Cleared on session_shutdown — never persisted to disk.
+ */
+export class SessionApprovalCache {
+  private approvals = new Map<string, Set<string>>();
+
+  /** Record a directory prefix as approved for the given surface. */
+  approve(surface: string, prefix: string): void {
+    let prefixes = this.approvals.get(surface);
+    if (!prefixes) {
+      prefixes = new Set();
+      this.approvals.set(surface, prefixes);
+    }
+    prefixes.add(prefix);
+  }
+
+  /**
+   * Check whether a path falls under any approved prefix for the given surface.
+   * Uses `isPathWithinDirectory()` for correct separator-aware prefix matching.
+   */
+  has(surface: string, path: string): boolean {
+    const prefixes = this.approvals.get(surface);
+    if (!prefixes) {
+      return false;
+    }
+    for (const prefix of prefixes) {
+      if (isPathWithinDirectory(path, prefix)) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  /** Find and return the matching approved prefix, or null if none matches. */
+  findMatchingPrefix(surface: string, path: string): string | null {
+    const prefixes = this.approvals.get(surface);
+    if (!prefixes) {
+      return null;
+    }
+    for (const prefix of prefixes) {
+      if (isPathWithinDirectory(path, prefix)) {
+        return prefix;
+      }
+    }
+    return null;
+  }
+
+  /** Remove all session approvals. */
+  clear(): void {
+    this.approvals.clear();
+  }
+}
+
+/**
+ * Derive the directory prefix to approve from a normalized path.
+ * Returns `dirname(path)` with a trailing separator so that
+ * prefix matching via `isPathWithinDirectory()` works correctly.
+ *
+ * For paths that already end with a separator (directories),
+ * the trailing separator is stripped by dirname and re-added.
+ */
+export function deriveApprovalPrefix(normalizedPath: string): string {
+  // If the path already ends with a separator, it's a directory — return as-is.
+  if (normalizedPath.endsWith(sep)) {
+    return normalizedPath;
+  }
+  const dir = dirname(normalizedPath);
+  if (dir === normalizedPath) {
+    // Root path — dirname('/') === '/'
+    return dir;
+  }
+  return dir.endsWith(sep) ? dir : `${dir}${sep}`;
+}

package/src/types.ts

@@ -15,7 +15,7 @@ export type BashPermissions = Record<string, PermissionState>;
 
 export type SkillPermissions = Record<string, PermissionState>;
 
-export type SpecialPermissionName = "doom_loop" | "external_directory";
+export type SpecialPermissionName = "external_directory";
 
 export type SpecialPermissions = Record<string, PermissionState>;
 

package/tests/config-loader.test.ts

@@ -133,7 +133,7 @@ describe("loadUnifiedConfig", () => {
     expect(result.config.bash).toEqual({ "git *": "ask" });
   });
 
-  it("collects deprecated special key issues", () => {
+  it("collects deprecated special key issues (doom_loop and tool_call_limit)", () => {
     const configPath = join(tempDir, "config.json");
     writeFileSync(
       configPath,
@@ -143,9 +143,10 @@ describe("loadUnifiedConfig", () => {
     );
 
     const result = loadUnifiedConfig(configPath);
-    expect(result.issues).toHaveLength(1);
-    expect(result.issues[0]).toContain("tool_call_limit");
-    expect(result.config.special).toEqual({ doom_loop: "deny" });
+    expect(result.issues).toHaveLength(2);
+    expect(result.issues.some((i) => i.includes("doom_loop"))).toBe(true);
+    expect(result.issues.some((i) => i.includes("tool_call_limit"))).toBe(true);
+    expect(result.config.special).toBeUndefined();
   });
 });
 

package/tests/extension-config.test.ts

@@ -42,7 +42,6 @@ describe("detectMisplacedPermissionKeys", () => {
       skills: {},
       special: {},
       external_directory: {},
-      doom_loop: {},
     });
     expect(result).toEqual([
       "defaultPolicy",
@@ -52,10 +51,16 @@ describe("detectMisplacedPermissionKeys", () => {
       "skills",
       "special",
       "external_directory",
-      "doom_loop",
     ]);
   });
 
+  it("does not detect doom_loop as a misplaced permission key (deprecated)", () => {
+    const result = detectMisplacedPermissionKeys({
+      doom_loop: {},
+    });
+    expect(result).toEqual([]);
+  });
+
   it("ignores unknown keys that are not permission-rule keys", () => {
     const result = detectMisplacedPermissionKeys({
       debugLog: true,