@gotgenes/pi-permission-system 3.3.0 → 3.5.0

package/tests/permission-dialog.test.ts

@@ -0,0 +1,166 @@
+import { describe, expect, it, vi } from "vitest";
+import {
+  createDeniedPermissionDecision,
+  isPermissionDecisionState,
+  normalizePermissionDenialReason,
+  type PermissionDecisionUi,
+  requestPermissionDecisionFromUi,
+} from "../src/permission-dialog";
+
+describe("isPermissionDecisionState", () => {
+  it("accepts approved", () => {
+    expect(isPermissionDecisionState("approved")).toBe(true);
+  });
+
+  it("accepts denied", () => {
+    expect(isPermissionDecisionState("denied")).toBe(true);
+  });
+
+  it("accepts denied_with_reason", () => {
+    expect(isPermissionDecisionState("denied_with_reason")).toBe(true);
+  });
+
+  it("accepts approved_for_session", () => {
+    expect(isPermissionDecisionState("approved_for_session")).toBe(true);
+  });
+
+  it("rejects unknown strings", () => {
+    expect(isPermissionDecisionState("unknown")).toBe(false);
+  });
+
+  it("rejects non-strings", () => {
+    expect(isPermissionDecisionState(42)).toBe(false);
+    expect(isPermissionDecisionState(null)).toBe(false);
+  });
+});
+
+describe("requestPermissionDecisionFromUi", () => {
+  it("returns approved when user selects Yes", async () => {
+    const ui: PermissionDecisionUi = {
+      select: vi.fn().mockResolvedValue("Yes"),
+      input: vi.fn(),
+    };
+    const result = await requestPermissionDecisionFromUi(
+      ui,
+      "Title",
+      "Message",
+    );
+    expect(result).toEqual({ approved: true, state: "approved" });
+  });
+
+  it("returns approved_for_session when user selects session option", async () => {
+    const ui: PermissionDecisionUi = {
+      select: vi.fn().mockResolvedValue("Yes, for this session"),
+      input: vi.fn(),
+    };
+    const result = await requestPermissionDecisionFromUi(
+      ui,
+      "Title",
+      "Message",
+    );
+    expect(result).toEqual({ approved: true, state: "approved_for_session" });
+  });
+
+  it("returns denied when user selects No", async () => {
+    const ui: PermissionDecisionUi = {
+      select: vi.fn().mockResolvedValue("No"),
+      input: vi.fn(),
+    };
+    const result = await requestPermissionDecisionFromUi(
+      ui,
+      "Title",
+      "Message",
+    );
+    expect(result).toEqual({ approved: false, state: "denied" });
+  });
+
+  it("returns denied_with_reason when user provides reason", async () => {
+    const ui: PermissionDecisionUi = {
+      select: vi.fn().mockResolvedValue("No, provide reason"),
+      input: vi.fn().mockResolvedValue("not now"),
+    };
+    const result = await requestPermissionDecisionFromUi(
+      ui,
+      "Title",
+      "Message",
+    );
+    expect(result).toEqual({
+      approved: false,
+      state: "denied_with_reason",
+      denialReason: "not now",
+    });
+  });
+
+  it("returns denied when user selects deny-with-reason but gives empty input", async () => {
+    const ui: PermissionDecisionUi = {
+      select: vi.fn().mockResolvedValue("No, provide reason"),
+      input: vi.fn().mockResolvedValue(""),
+    };
+    const result = await requestPermissionDecisionFromUi(
+      ui,
+      "Title",
+      "Message",
+    );
+    expect(result).toEqual({ approved: false, state: "denied" });
+  });
+
+  it("returns denied when user dismisses dialog (undefined)", async () => {
+    const ui: PermissionDecisionUi = {
+      select: vi.fn().mockResolvedValue(undefined),
+      input: vi.fn(),
+    };
+    const result = await requestPermissionDecisionFromUi(
+      ui,
+      "Title",
+      "Message",
+    );
+    expect(result).toEqual({ approved: false, state: "denied" });
+  });
+
+  it("passes four options to ui.select", async () => {
+    const selectFn = vi.fn().mockResolvedValue("Yes");
+    const ui: PermissionDecisionUi = {
+      select: selectFn,
+      input: vi.fn(),
+    };
+    await requestPermissionDecisionFromUi(ui, "Title", "Message");
+    const options = selectFn.mock.calls[0][1] as string[];
+    expect(options).toEqual([
+      "Yes",
+      "Yes, for this session",
+      "No",
+      "No, provide reason",
+    ]);
+  });
+});
+
+describe("normalizePermissionDenialReason", () => {
+  it("returns trimmed string for non-empty input", () => {
+    expect(normalizePermissionDenialReason("  reason  ")).toBe("reason");
+  });
+
+  it("returns undefined for empty string", () => {
+    expect(normalizePermissionDenialReason("")).toBeUndefined();
+  });
+
+  it("returns undefined for non-string", () => {
+    expect(normalizePermissionDenialReason(42)).toBeUndefined();
+  });
+});
+
+describe("createDeniedPermissionDecision", () => {
+  it("returns denied_with_reason when reason provided", () => {
+    expect(createDeniedPermissionDecision("nope")).toEqual({
+      approved: false,
+      state: "denied_with_reason",
+      denialReason: "nope",
+    });
+  });
+
+  it("returns denied when no reason", () => {
+    expect(createDeniedPermissionDecision()).toEqual({
+      approved: false,
+      state: "denied",
+    });
+  });
+});

package/tests/permission-system.test.ts

@@ -2115,7 +2115,7 @@ permission:
   }
 });
 
-test("external_directory permission is independent of doom_loop in the same special config", () => {
+test("external_directory permission is unaffected when doom_loop key is present in config (deprecated and ignored)", () => {
   const { manager, cleanup } = createManager({
     defaultPolicy: {
       tools: "allow",
@@ -2131,10 +2131,12 @@ test("external_directory permission is independent of doom_loop in the same spec
   });
 
   try {
+    // doom_loop is deprecated and stripped — falls through to defaultPolicy.tools
     const doomResult = manager.checkPermission("doom_loop", {});
-    assert.equal(doomResult.state, "deny");
-    assert.equal(doomResult.matchedPattern, "doom_loop");
+    assert.equal(doomResult.state, "allow"); // defaultPolicy.tools, not the stripped doom_loop: "deny"
+    assert.equal(doomResult.matchedPattern, undefined);
 
+    // external_directory still resolves from its own entry
     const extResult = manager.checkPermission("external_directory", {});
     assert.equal(extResult.state, "allow");
     assert.equal(extResult.matchedPattern, "external_directory");
@@ -2583,12 +2585,22 @@ test("normalizeRawPermission emits deprecation issue for special.tool_call_limit
   assert.equal(result.permissions.special?.tool_call_limit, undefined);
 });
 
-test("normalizeRawPermission emits no issues for valid special keys", () => {
+test("normalizeRawPermission emits deprecation issue for special.doom_loop (string)", () => {
+  const result = normalizeRawPermission({
+    special: { doom_loop: "ask" },
+  });
+  assert.equal(result.configIssues.length, 1);
+  assert.ok(result.configIssues[0].includes("doom_loop"));
+  assert.equal(result.permissions.special?.doom_loop, undefined);
+});
+
+test("normalizeRawPermission emits deprecation issue for special.doom_loop (deny)", () => {
   const result = normalizeRawPermission({
     special: { doom_loop: "deny" },
   });
-  assert.equal(result.configIssues.length, 0);
-  assert.equal(result.permissions.special?.doom_loop, "deny");
+  assert.equal(result.configIssues.length, 1);
+  assert.ok(result.configIssues[0].includes("doom_loop"));
+  assert.equal(result.permissions.special?.doom_loop, undefined);
 });
 
 test("normalizeRawPermission emits no issues when special is absent", () => {
@@ -2609,7 +2621,7 @@ test("PermissionManager.getConfigIssues returns deprecation for tool_call_limit
     bash: {},
     mcp: {},
     skills: {},
-    special: { tool_call_limit: "allow" as PermissionState, doom_loop: "deny" },
+    special: { tool_call_limit: "allow" as PermissionState },
   };
   const { manager, cleanup } = createManager(config);
   try {
@@ -2634,7 +2646,7 @@ test("PermissionManager.getConfigIssues returns empty array for clean config", (
     bash: {},
     mcp: {},
     skills: {},
-    special: { doom_loop: "deny" },
+    special: { external_directory: "ask" },
   };
   const { manager, cleanup } = createManager(config);
   try {
@@ -2644,3 +2656,344 @@ test("PermissionManager.getConfigIssues returns empty array for clean config", (
     cleanup();
   }
 });
+
+// --- doom_loop config-loader deprecation tests (#54) ---
+
+test("PermissionManager.getConfigIssues returns deprecation for doom_loop in global config", () => {
+  const config: GlobalPermissionConfig = {
+    defaultPolicy: {
+      tools: "ask",
+      bash: "ask",
+      mcp: "ask",
+      skills: "ask",
+      special: "ask",
+    },
+    tools: {},
+    bash: {},
+    mcp: {},
+    skills: {},
+    special: { doom_loop: "deny" },
+  };
+  const { manager, cleanup } = createManager(config);
+  try {
+    const issues = manager.getConfigIssues();
+    assert.equal(issues.length, 1);
+    assert.ok(issues[0].includes("doom_loop"));
+  } finally {
+    cleanup();
+  }
+});
+
+test("checkPermission doom_loop falls through to defaultPolicy.tools when stripped by config-loader", () => {
+  const { manager, cleanup } = createManager({
+    defaultPolicy: {
+      tools: "allow",
+      bash: "ask",
+      mcp: "ask",
+      skills: "ask",
+      special: "deny",
+    },
+    tools: {},
+    bash: {},
+    mcp: {},
+    skills: {},
+    special: { doom_loop: "ask" },
+  });
+  try {
+    const result = manager.checkPermission("doom_loop", {});
+    // doom_loop stripped by config-loader — falls through to defaultPolicy.tools
+    assert.equal(result.state, "allow");
+    assert.equal(result.matchedPattern, undefined);
+  } finally {
+    cleanup();
+  }
+});
+
+// --- session-scoped approval tests (#45) ---
+
+test("session approval: first prompt with 'Yes, for this session' skips subsequent prompts under same prefix", async () => {
+  const rootDir = mkdtempSync(join(tmpdir(), "pi-session-approval-"));
+  const cwd = join(rootDir, "repo");
+  const siblingDir = join(rootDir, "sibling-project");
+  mkdirSync(cwd, { recursive: true });
+  mkdirSync(siblingDir, { recursive: true });
+
+  const harness = createToolCallHarness(
+    {
+      defaultPolicy: {
+        tools: "allow",
+        bash: "allow",
+        mcp: "allow",
+        skills: "allow",
+        special: "ask",
+      },
+      special: { external_directory: "ask" },
+    },
+    ["read", "grep"],
+    { cwd },
+  );
+
+  try {
+    // First access — user selects "Yes, for this session"
+    const result1 = await runToolCall(
+      harness,
+      {
+        toolName: "read",
+        toolCallId: "ext-session-1",
+        input: { path: join(siblingDir, "src", "foo.ts") },
+      },
+      { hasUI: true, selectResponse: "Yes, for this session" },
+    );
+    assert.deepEqual(result1, {});
+    assert.equal(harness.prompts.length, 1);
+
+    // Second access under same prefix — should skip prompt
+    const result2 = await runToolCall(
+      harness,
+      {
+        toolName: "read",
+        toolCallId: "ext-session-2",
+        input: { path: join(siblingDir, "src", "bar.ts") },
+      },
+      { hasUI: true, selectResponse: "Yes, for this session" },
+    );
+    assert.deepEqual(result2, {});
+    // No new prompt — still just the original one
+    assert.equal(harness.prompts.length, 1);
+
+    // Third access with different tool under same prefix — also skipped
+    const result3 = await runToolCall(
+      harness,
+      {
+        toolName: "grep",
+        toolCallId: "ext-session-3",
+        input: { pattern: "needle", path: join(siblingDir, "src", "baz.ts") },
+      },
+      { hasUI: true, selectResponse: "Yes, for this session" },
+    );
+    assert.deepEqual(result3, {});
+    assert.equal(harness.prompts.length, 1);
+  } finally {
+    await harness.cleanup();
+    rmSync(rootDir, { recursive: true, force: true });
+  }
+});
+
+test("session approval: different directory prefix still prompts", async () => {
+  const rootDir = mkdtempSync(join(tmpdir(), "pi-session-approval-"));
+  const cwd = join(rootDir, "repo");
+  const siblingA = join(rootDir, "sibling-a");
+  const siblingB = join(rootDir, "sibling-b");
+  mkdirSync(cwd, { recursive: true });
+  mkdirSync(siblingA, { recursive: true });
+  mkdirSync(siblingB, { recursive: true });
+
+  const harness = createToolCallHarness(
+    {
+      defaultPolicy: {
+        tools: "allow",
+        bash: "allow",
+        mcp: "allow",
+        skills: "allow",
+        special: "ask",
+      },
+      special: { external_directory: "ask" },
+    },
+    ["read"],
+    { cwd },
+  );
+
+  try {
+    // Approve sibling-a/src/ for session
+    await runToolCall(
+      harness,
+      {
+        toolName: "read",
+        toolCallId: "ext-diff-1",
+        input: { path: join(siblingA, "src", "foo.ts") },
+      },
+      { hasUI: true, selectResponse: "Yes, for this session" },
+    );
+    assert.equal(harness.prompts.length, 1);
+
+    // Access sibling-b — different prefix, should prompt again
+    await runToolCall(
+      harness,
+      {
+        toolName: "read",
+        toolCallId: "ext-diff-2",
+        input: { path: join(siblingB, "src", "bar.ts") },
+      },
+      { hasUI: true, selectResponse: "Yes" },
+    );
+    assert.equal(harness.prompts.length, 2);
+  } finally {
+    await harness.cleanup();
+    rmSync(rootDir, { recursive: true, force: true });
+  }
+});
+
+test("session approval: session_shutdown clears session approvals", async () => {
+  const rootDir = mkdtempSync(join(tmpdir(), "pi-session-approval-"));
+  const cwd = join(rootDir, "repo");
+  const siblingDir = join(rootDir, "sibling");
+  mkdirSync(cwd, { recursive: true });
+  mkdirSync(siblingDir, { recursive: true });
+
+  const harness = createToolCallHarness(
+    {
+      defaultPolicy: {
+        tools: "allow",
+        bash: "allow",
+        mcp: "allow",
+        skills: "allow",
+        special: "ask",
+      },
+      special: { external_directory: "ask" },
+    },
+    ["read"],
+    { cwd },
+  );
+
+  try {
+    // Approve for session
+    await runToolCall(
+      harness,
+      {
+        toolName: "read",
+        toolCallId: "ext-shutdown-1",
+        input: { path: join(siblingDir, "src", "foo.ts") },
+      },
+      { hasUI: true, selectResponse: "Yes, for this session" },
+    );
+    assert.equal(harness.prompts.length, 1);
+
+    // Trigger session_shutdown (clears cache)
+    const shutdownCtx = createMockContext(cwd, harness.prompts, {
+      hasUI: true,
+      selectResponse: "Yes",
+    });
+    await Promise.resolve(harness.handlers.session_shutdown?.({}, shutdownCtx));
+
+    // Access same path again — should prompt because cache was cleared
+    const result = await runToolCall(
+      harness,
+      {
+        toolName: "read",
+        toolCallId: "ext-shutdown-2",
+        input: { path: join(siblingDir, "src", "foo.ts") },
+      },
+      { hasUI: true, selectResponse: "Yes" },
+    );
+    assert.deepEqual(result, {});
+    assert.equal(harness.prompts.length, 2);
+  } finally {
+    await harness.cleanup();
+    rmSync(rootDir, { recursive: true, force: true });
+  }
+});
+
+test("session approval: bash external directory with 'Yes, for this session' skips subsequent prompts", async () => {
+  const rootDir = mkdtempSync(join(tmpdir(), "pi-session-approval-"));
+  const cwd = join(rootDir, "repo");
+  mkdirSync(cwd, { recursive: true });
+
+  const harness = createToolCallHarness(
+    {
+      defaultPolicy: {
+        tools: "allow",
+        bash: "allow",
+        mcp: "allow",
+        skills: "allow",
+        special: "ask",
+      },
+      special: { external_directory: "ask" },
+    },
+    ["bash"],
+    { cwd },
+  );
+
+  try {
+    const externalPath = join(rootDir, "other-project", "src");
+    // First bash command referencing external path
+    const result1 = await runToolCall(
+      harness,
+      {
+        toolName: "bash",
+        toolCallId: "bash-session-1",
+        input: { command: `ls ${externalPath}/foo.ts` },
+      },
+      { hasUI: true, selectResponse: "Yes, for this session" },
+    );
+    assert.deepEqual(result1, {});
+    assert.equal(harness.prompts.length, 1);
+
+    // Second bash command referencing path under same prefix — skips prompt
+    const result2 = await runToolCall(
+      harness,
+      {
+        toolName: "bash",
+        toolCallId: "bash-session-2",
+        input: { command: `cat ${externalPath}/bar.ts` },
+      },
+      { hasUI: true, selectResponse: "Yes, for this session" },
+    );
+    assert.deepEqual(result2, {});
+    assert.equal(harness.prompts.length, 1);
+  } finally {
+    await harness.cleanup();
+    rmSync(rootDir, { recursive: true, force: true });
+  }
+});
+
+test("session approval: regular 'Yes' does not create session approval", async () => {
+  const rootDir = mkdtempSync(join(tmpdir(), "pi-session-approval-"));
+  const cwd = join(rootDir, "repo");
+  const siblingDir = join(rootDir, "sibling");
+  mkdirSync(cwd, { recursive: true });
+  mkdirSync(siblingDir, { recursive: true });
+
+  const harness = createToolCallHarness(
+    {
+      defaultPolicy: {
+        tools: "allow",
+        bash: "allow",
+        mcp: "allow",
+        skills: "allow",
+        special: "ask",
+      },
+      special: { external_directory: "ask" },
+    },
+    ["read"],
+    { cwd },
+  );
+
+  try {
+    // Approve once with "Yes" (not session)
+    await runToolCall(
+      harness,
+      {
+        toolName: "read",
+        toolCallId: "ext-once-1",
+        input: { path: join(siblingDir, "src", "foo.ts") },
+      },
+      { hasUI: true, selectResponse: "Yes" },
+    );
+    assert.equal(harness.prompts.length, 1);
+
+    // Same prefix — should still prompt since we used "Yes" not session
+    await runToolCall(
+      harness,
+      {
+        toolName: "read",
+        toolCallId: "ext-once-2",
+        input: { path: join(siblingDir, "src", "bar.ts") },
+      },
+      { hasUI: true, selectResponse: "Yes" },
+    );
+    assert.equal(harness.prompts.length, 2);
+  } finally {
+    await harness.cleanup();
+    rmSync(rootDir, { recursive: true, force: true });
+  }
+});