@gotgenes/pi-permission-system 3.7.0 → 3.9.0

package/tests/forwarded-permissions/io.test.ts

@@ -0,0 +1,135 @@
+import { describe, expect, it, vi } from "vitest";
+
+import type { ForwardedPermissionLogger } from "../../src/forwarded-permissions/io";
+import {
+  formatUnknownErrorMessage,
+  isErrnoCode,
+  logPermissionForwardingError,
+  logPermissionForwardingWarning,
+} from "../../src/forwarded-permissions/io";
+
+// ── helpers ────────────────────────────────────────────────────────────────
+
+function makeLogger(): ForwardedPermissionLogger {
+  return {
+    writeReviewLog: vi.fn(),
+    writeDebugLog: vi.fn(),
+  };
+}
+
+// ── formatUnknownErrorMessage ──────────────────────────────────────────────
+
+describe("formatUnknownErrorMessage", () => {
+  it("returns the error message for Error instances", () => {
+    expect(formatUnknownErrorMessage(new Error("oops"))).toBe("oops");
+  });
+
+  it("converts non-Error values to string", () => {
+    expect(formatUnknownErrorMessage("raw string")).toBe("raw string");
+    expect(formatUnknownErrorMessage(42)).toBe("42");
+  });
+
+  it("falls back to String(error) for Error with empty message", () => {
+    // error.message is falsy (""), so the function falls through to String(error)
+    const e = new Error("");
+    expect(formatUnknownErrorMessage(e)).toBe("Error");
+  });
+});
+
+// ── isErrnoCode ────────────────────────────────────────────────────────────
+
+describe("isErrnoCode", () => {
+  it("returns true when code matches", () => {
+    expect(isErrnoCode({ code: "ENOENT" }, "ENOENT")).toBe(true);
+  });
+
+  it("returns false when code does not match", () => {
+    expect(isErrnoCode({ code: "EACCES" }, "ENOENT")).toBe(false);
+  });
+
+  it("returns false for null", () => {
+    expect(isErrnoCode(null, "ENOENT")).toBe(false);
+  });
+
+  it("returns false when no code property", () => {
+    expect(isErrnoCode({}, "ENOENT")).toBe(false);
+  });
+});
+
+// ── logPermissionForwardingWarning ─────────────────────────────────────────
+
+describe("logPermissionForwardingWarning", () => {
+  it("calls logger.writeReviewLog with the warning event", () => {
+    const logger = makeLogger();
+    logPermissionForwardingWarning(logger, "something went wrong");
+    expect(logger.writeReviewLog).toHaveBeenCalledWith(
+      "permission_forwarding.warning",
+      { message: "something went wrong" },
+    );
+  });
+
+  it("calls logger.writeDebugLog with the warning event", () => {
+    const logger = makeLogger();
+    logPermissionForwardingWarning(logger, "something went wrong");
+    expect(logger.writeDebugLog).toHaveBeenCalledWith(
+      "permission_forwarding.warning",
+      { message: "something went wrong" },
+    );
+  });
+
+  it("includes formatted error when an error is provided", () => {
+    const logger = makeLogger();
+    logPermissionForwardingWarning(logger, "bad thing", new Error("fs fail"));
+    expect(logger.writeReviewLog).toHaveBeenCalledWith(
+      "permission_forwarding.warning",
+      { message: "bad thing", error: "fs fail" },
+    );
+  });
+
+  it("does not throw when logger is null", () => {
+    expect(() => logPermissionForwardingWarning(null, "ignored")).not.toThrow();
+  });
+
+  it("does not call anything when logger is null", () => {
+    // Verify the null-logger path is a true no-op — cannot easily spy on null,
+    // but we can verify the call succeeds silently.
+    expect(() =>
+      logPermissionForwardingWarning(null, "msg", new Error("err")),
+    ).not.toThrow();
+  });
+});
+
+// ── logPermissionForwardingError ───────────────────────────────────────────
+
+describe("logPermissionForwardingError", () => {
+  it("calls logger.writeReviewLog with the error event", () => {
+    const logger = makeLogger();
+    logPermissionForwardingError(logger, "critical failure");
+    expect(logger.writeReviewLog).toHaveBeenCalledWith(
+      "permission_forwarding.error",
+      { message: "critical failure" },
+    );
+  });
+
+  it("calls logger.writeDebugLog with the error event", () => {
+    const logger = makeLogger();
+    logPermissionForwardingError(logger, "critical failure");
+    expect(logger.writeDebugLog).toHaveBeenCalledWith(
+      "permission_forwarding.error",
+      { message: "critical failure" },
+    );
+  });
+
+  it("includes formatted error when an error is provided", () => {
+    const logger = makeLogger();
+    logPermissionForwardingError(logger, "io error", new Error("ENOENT"));
+    expect(logger.writeReviewLog).toHaveBeenCalledWith(
+      "permission_forwarding.error",
+      { message: "io error", error: "ENOENT" },
+    );
+  });
+
+  it("does not throw when logger is null", () => {
+    expect(() => logPermissionForwardingError(null, "ignored")).not.toThrow();
+  });
+});

package/tests/handlers/before-agent-start.test.ts

@@ -1,5 +1,5 @@
 import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
-import { beforeEach, describe, expect, it, vi } from "vitest";
+import { describe, expect, it, vi } from "vitest";
 
 import {
   handleBeforeAgentStart,
@@ -7,6 +7,7 @@ import {
 } from "../../src/handlers/before-agent-start";
 import type { HandlerDeps } from "../../src/handlers/types";
 import type { PermissionManager } from "../../src/permission-manager";
+import type { ExtensionRuntime } from "../../src/runtime";
 import type { SkillPromptEntry } from "../../src/skill-prompt-sanitizer";
 
 // ── SDK stubs ──────────────────────────────────────────────────────────────
@@ -56,27 +57,41 @@ function makePm(
   } as unknown as PermissionManager;
 }
 
-function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
-  const pm = makePm();
+function makeRuntime(
+  overrides: Partial<ExtensionRuntime> = {},
+): ExtensionRuntime {
   return {
-    getPermissionManager: vi.fn().mockReturnValue(pm),
-    setPermissionManager: vi.fn(),
-    getRuntimeContext: vi.fn().mockReturnValue(null),
-    setRuntimeContext: vi.fn(),
-    getActiveSkillEntries: vi.fn().mockReturnValue([] as SkillPromptEntry[]),
-    setActiveSkillEntries: vi.fn(),
-    getLastKnownActiveAgentName: vi.fn().mockReturnValue(null),
-    setLastKnownActiveAgentName: vi.fn(),
-    getLastActiveToolsCacheKey: vi.fn().mockReturnValue(null),
-    setLastActiveToolsCacheKey: vi.fn(),
-    getLastPromptStateCacheKey: vi.fn().mockReturnValue(null),
-    setLastPromptStateCacheKey: vi.fn(),
+    agentDir: "/test/agent",
+    sessionsDir: "/test/agent/sessions",
+    subagentSessionsDir: "/test/agent/subagent-sessions",
+    forwardingDir: "/test/agent/sessions/permission-forwarding",
+    globalLogsDir: "/test/agent/extensions/pi-permission-system/logs",
+    config: { debugLog: false, permissionReviewLog: true, yoloMode: false },
+    runtimeContext: null,
+    permissionManager: makePm() as unknown as PermissionManager,
+    activeSkillEntries: [] as SkillPromptEntry[],
+    lastKnownActiveAgentName: null,
+    lastActiveToolsCacheKey: null,
+    lastPromptStateCacheKey: null,
+    lastConfigWarning: null,
     sessionApprovalCache: {
       approve: vi.fn(),
       has: vi.fn(),
       findMatchingPrefix: vi.fn(),
       clear: vi.fn(),
-    } as unknown as HandlerDeps["sessionApprovalCache"],
+    } as unknown as ExtensionRuntime["sessionApprovalCache"],
+    permissionForwardingContext: null,
+    permissionForwardingTimer: null,
+    isProcessingForwardedRequests: false,
+    writeDebugLog: vi.fn(),
+    writeReviewLog: vi.fn(),
+    ...overrides,
+  } as ExtensionRuntime;
+}
+
+function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
+  return {
+    runtime: makeRuntime(),
     createPermissionManagerForCwd: vi.fn().mockReturnValue(makePm()),
     refreshExtensionConfig: vi.fn(),
     notifyWarning: vi.fn(),
@@ -89,8 +104,6 @@ function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
     createPermissionRequestId: vi.fn().mockReturnValue("test-id"),
     startForwardedPermissionPolling: vi.fn(),
     stopForwardedPermissionPolling: vi.fn(),
-    writeReviewLog: vi.fn(),
-    writeDebugLog: vi.fn(),
     getAllTools: vi.fn().mockReturnValue([]),
     setActiveTools: vi.fn(),
     ...overrides,
@@ -162,7 +175,9 @@ describe("handleBeforeAgentStart", () => {
   it("filters out denied tools from allowed list", async () => {
     const pm = makePm("deny");
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue(pm),
+      runtime: makeRuntime({
+        permissionManager: pm as unknown as PermissionManager,
+      }),
       getAllTools: vi
         .fn()
         .mockReturnValue([{ name: "write" }, { name: "read" }]),
@@ -175,7 +190,9 @@ describe("handleBeforeAgentStart", () => {
   it("includes allowed and ask tools in the active list", async () => {
     const pm = makePm("allow");
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue(pm),
+      runtime: makeRuntime({
+        permissionManager: pm as unknown as PermissionManager,
+      }),
       getAllTools: vi
         .fn()
         .mockReturnValue([{ name: "read" }, { name: "write" }]),
@@ -187,10 +204,9 @@ describe("handleBeforeAgentStart", () => {
   it("updates the active-tools cache key after applying", async () => {
     const deps = makeDeps({
       getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
-      getLastActiveToolsCacheKey: vi.fn().mockReturnValue(null),
     });
     await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
-    expect(deps.setLastActiveToolsCacheKey).toHaveBeenCalledOnce();
+    expect(deps.runtime.lastActiveToolsCacheKey).not.toBeNull();
   });
 
   it("skips setActiveTools when cache key is unchanged", async () => {
@@ -200,8 +216,8 @@ describe("handleBeforeAgentStart", () => {
     );
     const key = createActiveToolsCacheKey(["read"]);
     const deps = makeDeps({
+      runtime: makeRuntime({ lastActiveToolsCacheKey: key }),
       getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
-      getLastActiveToolsCacheKey: vi.fn().mockReturnValue(key),
     });
     await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
     expect(deps.setActiveTools).not.toHaveBeenCalled();
@@ -213,7 +229,6 @@ describe("handleBeforeAgentStart", () => {
     const systemPrompt = `You are an assistant.\n\nAvailable tools:\n- read\n- write\n`;
     const deps = makeDeps({
       getAllTools: vi.fn().mockReturnValue([]),
-      getLastPromptStateCacheKey: vi.fn().mockReturnValue(null),
     });
     const result = await handleBeforeAgentStart(
       deps,
@@ -222,14 +237,13 @@ describe("handleBeforeAgentStart", () => {
     );
     // The prompt was modified, so systemPrompt should be returned
     expect(result).toHaveProperty("systemPrompt");
-    expect(deps.setLastPromptStateCacheKey).toHaveBeenCalledOnce();
+    expect(deps.runtime.lastPromptStateCacheKey).not.toBeNull();
   });
 
   it("returns empty object when systemPrompt is unchanged", async () => {
     const prompt = "No tools section here.";
     const deps = makeDeps({
       getAllTools: vi.fn().mockReturnValue([]),
-      getLastPromptStateCacheKey: vi.fn().mockReturnValue(null),
     });
     const result = await handleBeforeAgentStart(
       deps,
@@ -242,10 +256,9 @@ describe("handleBeforeAgentStart", () => {
   it("stores resolved skill entries on deps", async () => {
     const deps = makeDeps({
       getAllTools: vi.fn().mockReturnValue([]),
-      getLastPromptStateCacheKey: vi.fn().mockReturnValue(null),
     });
     await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
-    expect(deps.setActiveSkillEntries).toHaveBeenCalledOnce();
+    expect(deps.runtime.activeSkillEntries).toEqual(expect.any(Array));
   });
 
   it("returns empty object and skips prompt work when prompt cache key is unchanged", async () => {
@@ -263,12 +276,15 @@ describe("handleBeforeAgentStart", () => {
       allowedToolNames: allowedTools,
     });
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue(pm),
+      runtime: makeRuntime({
+        permissionManager: pm as unknown as PermissionManager,
+        lastPromptStateCacheKey: key,
+      }),
       getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
-      getLastPromptStateCacheKey: vi.fn().mockReturnValue(key),
     });
     const result = await handleBeforeAgentStart(deps, makeEvent("hello"), ctx);
     expect(result).toEqual({});
-    expect(deps.setActiveSkillEntries).not.toHaveBeenCalled();
+    // activeSkillEntries was not assigned by the handler (early return)
+    expect(deps.runtime.activeSkillEntries).toEqual([]);
   });
 });

package/tests/handlers/input.test.ts

@@ -6,6 +6,7 @@ import {
   handleInput,
 } from "../../src/handlers/input";
 import type { HandlerDeps } from "../../src/handlers/types";
+import type { ExtensionRuntime } from "../../src/runtime";
 import type { SkillPromptEntry } from "../../src/skill-prompt-sanitizer";
 
 // ── helpers ────────────────────────────────────────────────────────────────
@@ -33,29 +34,43 @@ function makeInputEvent(text: string) {
   return { text };
 }
 
-function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
+function makeRuntime(
+  overrides: Partial<ExtensionRuntime> = {},
+): ExtensionRuntime {
   return {
-    getPermissionManager: vi.fn().mockReturnValue({
+    agentDir: "/test/agent",
+    sessionsDir: "/test/agent/sessions",
+    subagentSessionsDir: "/test/agent/subagent-sessions",
+    forwardingDir: "/test/agent/sessions/permission-forwarding",
+    globalLogsDir: "/test/agent/extensions/pi-permission-system/logs",
+    config: { debugLog: false, permissionReviewLog: true, yoloMode: false },
+    runtimeContext: null,
+    permissionManager: {
       checkPermission: vi.fn().mockReturnValue({ state: "allow" }),
-      getConfigIssues: vi.fn().mockReturnValue([]),
-    }),
-    setPermissionManager: vi.fn(),
-    getRuntimeContext: vi.fn().mockReturnValue(null),
-    setRuntimeContext: vi.fn(),
-    getActiveSkillEntries: vi.fn().mockReturnValue([] as SkillPromptEntry[]),
-    setActiveSkillEntries: vi.fn(),
-    getLastKnownActiveAgentName: vi.fn().mockReturnValue(null),
-    setLastKnownActiveAgentName: vi.fn(),
-    getLastActiveToolsCacheKey: vi.fn().mockReturnValue(null),
-    setLastActiveToolsCacheKey: vi.fn(),
-    getLastPromptStateCacheKey: vi.fn().mockReturnValue(null),
-    setLastPromptStateCacheKey: vi.fn(),
+    } as unknown as ExtensionRuntime["permissionManager"],
+    activeSkillEntries: [] as SkillPromptEntry[],
+    lastKnownActiveAgentName: null,
+    lastActiveToolsCacheKey: null,
+    lastPromptStateCacheKey: null,
+    lastConfigWarning: null,
     sessionApprovalCache: {
       approve: vi.fn(),
       has: vi.fn(),
       findMatchingPrefix: vi.fn(),
       clear: vi.fn(),
-    } as unknown as HandlerDeps["sessionApprovalCache"],
+    } as unknown as ExtensionRuntime["sessionApprovalCache"],
+    permissionForwardingContext: null,
+    permissionForwardingTimer: null,
+    isProcessingForwardedRequests: false,
+    writeDebugLog: vi.fn(),
+    writeReviewLog: vi.fn(),
+    ...overrides,
+  } as ExtensionRuntime;
+}
+
+function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
+  return {
+    runtime: makeRuntime(),
     createPermissionManagerForCwd: vi.fn(),
     refreshExtensionConfig: vi.fn(),
     notifyWarning: vi.fn(),
@@ -68,8 +83,6 @@ function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
     createPermissionRequestId: vi.fn().mockReturnValue("req-id"),
     startForwardedPermissionPolling: vi.fn(),
     stopForwardedPermissionPolling: vi.fn(),
-    writeReviewLog: vi.fn(),
-    writeDebugLog: vi.fn(),
     getAllTools: vi.fn().mockReturnValue([]),
     setActiveTools: vi.fn(),
     ...overrides,
@@ -117,7 +130,7 @@ describe("handleInput", () => {
     const ctx = makeCtx();
     const deps = makeDeps();
     await handleInput(deps, makeInputEvent("hello"), ctx);
-    expect(deps.setRuntimeContext).toHaveBeenCalledWith(ctx);
+    expect(deps.runtime.runtimeContext).toBe(ctx);
   });
 
   it("starts forwarded permission polling", async () => {
@@ -140,15 +153,14 @@ describe("handleInput", () => {
   it("does not check permissions for non-skill input", async () => {
     const deps = makeDeps();
     await handleInput(deps, makeInputEvent("just a message"), makeCtx());
-    expect(deps.getPermissionManager().checkPermission).not.toHaveBeenCalled();
+    expect(
+      deps.runtime.permissionManager.checkPermission,
+    ).not.toHaveBeenCalled();
   });
 
   it("returns continue when skill is allowed", async () => {
-    const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({
-        checkPermission: vi.fn().mockReturnValue({ state: "allow" }),
-      }),
-    });
+    const deps = makeDeps();
+    // default makeRuntime() has checkPermission → { state: "allow" }
     const result = await handleInput(
       deps,
       makeInputEvent("/skill:librarian"),
@@ -158,9 +170,13 @@ describe("handleInput", () => {
   });
 
   it("returns handled when skill is denied", async () => {
+    const pm = {
+      checkPermission: vi.fn().mockReturnValue({ state: "deny" }),
+    };
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({
-        checkPermission: vi.fn().mockReturnValue({ state: "deny" }),
+      runtime: makeRuntime({
+        permissionManager:
+          pm as unknown as ExtensionRuntime["permissionManager"],
       }),
     });
     const result = await handleInput(
@@ -173,9 +189,13 @@ describe("handleInput", () => {
 
   it("shows a warning notification when skill is denied and UI is available", async () => {
     const ctx = makeCtx({ hasUI: true });
+    const pm = {
+      checkPermission: vi.fn().mockReturnValue({ state: "deny" }),
+    };
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({
-        checkPermission: vi.fn().mockReturnValue({ state: "deny" }),
+      runtime: makeRuntime({
+        permissionManager:
+          pm as unknown as ExtensionRuntime["permissionManager"],
       }),
     });
     await handleInput(deps, makeInputEvent("/skill:librarian"), ctx);
@@ -187,9 +207,11 @@ describe("handleInput", () => {
 
   it("does not show a warning notification when skill is denied and UI is absent", async () => {
     const ctx = makeCtx({ hasUI: false });
+    const pm = { checkPermission: vi.fn().mockReturnValue({ state: "deny" }) };
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({
-        checkPermission: vi.fn().mockReturnValue({ state: "deny" }),
+      runtime: makeRuntime({
+        permissionManager:
+          pm as unknown as ExtensionRuntime["permissionManager"],
       }),
     });
     await handleInput(deps, makeInputEvent("/skill:librarian"), ctx);
@@ -197,9 +219,11 @@ describe("handleInput", () => {
   });
 
   it("returns handled when skill requires approval but no UI is available", async () => {
+    const pm = { checkPermission: vi.fn().mockReturnValue({ state: "ask" }) };
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({
-        checkPermission: vi.fn().mockReturnValue({ state: "ask" }),
+      runtime: makeRuntime({
+        permissionManager:
+          pm as unknown as ExtensionRuntime["permissionManager"],
       }),
       canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
     });
@@ -212,9 +236,11 @@ describe("handleInput", () => {
   });
 
   it("prompts and returns continue when skill ask is approved", async () => {
+    const pm = { checkPermission: vi.fn().mockReturnValue({ state: "ask" }) };
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({
-        checkPermission: vi.fn().mockReturnValue({ state: "ask" }),
+      runtime: makeRuntime({
+        permissionManager:
+          pm as unknown as ExtensionRuntime["permissionManager"],
       }),
       canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
       promptPermission: vi
@@ -231,9 +257,11 @@ describe("handleInput", () => {
   });
 
   it("returns handled when skill ask is denied by user", async () => {
+    const pm = { checkPermission: vi.fn().mockReturnValue({ state: "ask" }) };
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({
-        checkPermission: vi.fn().mockReturnValue({ state: "ask" }),
+      runtime: makeRuntime({
+        permissionManager:
+          pm as unknown as ExtensionRuntime["permissionManager"],
       }),
       canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
       promptPermission: vi
@@ -249,9 +277,11 @@ describe("handleInput", () => {
   });
 
   it("passes agentName in the prompt permission request", async () => {
+    const pm = { checkPermission: vi.fn().mockReturnValue({ state: "ask" }) };
     const deps = makeDeps({
-      getPermissionManager: vi.fn().mockReturnValue({
-        checkPermission: vi.fn().mockReturnValue({ state: "ask" }),
+      runtime: makeRuntime({
+        permissionManager:
+          pm as unknown as ExtensionRuntime["permissionManager"],
       }),
       resolveAgentName: vi.fn().mockReturnValue("code-agent"),
       canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),