@gotgenes/pi-permission-system 3.8.0 → 3.10.0

package/src/runtime.ts

@@ -44,7 +44,7 @@ import { createPermissionSystemLogger } from "./logging";
 import type { PermissionPromptDecision } from "./permission-dialog";
 import { PERMISSION_FORWARDING_POLL_INTERVAL_MS } from "./permission-forwarding";
 import { PermissionManager } from "./permission-manager";
-import { SessionApprovalCache } from "./session-approval-cache";
+import { SessionRules } from "./session-rules";
 import type { SkillPromptEntry } from "./skill-prompt-sanitizer";
 import { syncPermissionSystemStatus } from "./status";
 import { isSubagentExecutionContext } from "./subagent-context";
@@ -78,7 +78,7 @@ export interface ExtensionRuntime {
   lastActiveToolsCacheKey: string | null;
   lastPromptStateCacheKey: string | null;
   lastConfigWarning: string | null;
-  readonly sessionApprovalCache: SessionApprovalCache;
+  readonly sessionRules: SessionRules;
 
   // ── Forwarding polling state ───────────────────────────────────────────
   permissionForwardingContext: ExtensionContext | null;
@@ -432,7 +432,7 @@ export function createExtensionRuntime(options?: {
     lastActiveToolsCacheKey: null,
     lastPromptStateCacheKey: null,
     lastConfigWarning: null,
-    sessionApprovalCache: new SessionApprovalCache(),
+    sessionRules: new SessionRules(),
     permissionForwardingContext: null,
     permissionForwardingTimer: null,
     isProcessingForwardedRequests: false,

package/src/session-rules.ts

@@ -0,0 +1,54 @@
+import { dirname, sep } from "node:path";
+
+import type { Ruleset } from "./rule";
+
+/**
+ * Ephemeral in-memory store of session-scoped permission approvals.
+ *
+ * Each approval is stored as a `Rule` with `action: "allow"`, making the
+ * ruleset directly usable with `evaluate()` — no custom matching engine needed.
+ *
+ * Cleared on session_shutdown — never persisted to disk.
+ */
+export class SessionRules {
+  private rules: Ruleset = [];
+
+  /** Record a wildcard pattern as approved for the given surface. */
+  approve(surface: string, pattern: string): void {
+    this.rules.push({ surface, pattern, action: "allow" });
+  }
+
+  /** Return a defensive copy of the current session ruleset. */
+  getRuleset(): Ruleset {
+    return [...this.rules];
+  }
+
+  /** Remove all session approvals. */
+  clear(): void {
+    this.rules = [];
+  }
+}
+
+/**
+ * Derive the wildcard glob pattern to approve from a normalized path.
+ *
+ * Returns `<parent-dir>/*` so that `evaluate()` / `wildcardMatch()` matches
+ * all paths under the approved directory — identical semantics to the former
+ * `SessionApprovalCache` prefix matching, using the unified wildcard engine.
+ *
+ * For paths that already end with a separator (directories), the separator
+ * is treated as the directory boundary and `*` is appended directly.
+ */
+export function deriveApprovalPattern(normalizedPath: string): string {
+  // If the path already ends with a separator, it's a directory — glob its contents.
+  if (normalizedPath.endsWith(sep)) {
+    return `${normalizedPath}*`;
+  }
+  const dir = dirname(normalizedPath);
+  if (dir === normalizedPath) {
+    // Root path — dirname('/') === '/'
+    return `${dir}*`;
+  }
+  const prefix = dir.endsWith(sep) ? dir : `${dir}${sep}`;
+  return `${prefix}*`;
+}

package/src/types.ts

@@ -9,16 +9,8 @@ export type BuiltInToolName =
   | "find"
   | "ls";
 
-export type ToolPermissions = Record<string, PermissionState>;
-
-export type BashPermissions = Record<string, PermissionState>;
-
-export type SkillPermissions = Record<string, PermissionState>;
-
 export type SpecialPermissionName = "external_directory";
 
-export type SpecialPermissions = Record<string, PermissionState>;
-
 export interface PermissionDefaultPolicy {
   tools: PermissionState;
   bash: PermissionState;
@@ -27,17 +19,20 @@ export interface PermissionDefaultPolicy {
   special: PermissionState;
 }
 
-export interface AgentPermissions {
+/**
+ * Per-scope permission config shape after loading and validation.
+ * All fields optional — each scope may define a subset of the policy.
+ *
+ * This replaces the former AgentPermissions / GlobalPermissionConfig
+ * interfaces (removed in #56).
+ */
+export interface ScopeConfig {
   defaultPolicy?: Partial<PermissionDefaultPolicy>;
-  tools?: ToolPermissions;
-  bash?: BashPermissions;
-  mcp?: ToolPermissions;
-  skills?: SkillPermissions;
-  special?: SpecialPermissions;
-}
-
-export interface GlobalPermissionConfig extends AgentPermissions {
-  defaultPolicy: PermissionDefaultPolicy;
+  tools?: Record<string, PermissionState>;
+  bash?: Record<string, PermissionState>;
+  mcp?: Record<string, PermissionState>;
+  skills?: Record<string, PermissionState>;
+  special?: Record<string, PermissionState>;
 }
 
 export interface PermissionCheckResult {

package/tests/defaults.test.ts

@@ -0,0 +1,105 @@
+import { describe, expect, test } from "vitest";
+import {
+  DEFAULT_POLICY,
+  getSurfaceDefault,
+  mergeDefaults,
+} from "../src/defaults";
+import type { PermissionDefaultPolicy } from "../src/types";
+
+const SPECIAL_KEYS = new Set(["external_directory"]);
+
+describe("getSurfaceDefault", () => {
+  const defaults: PermissionDefaultPolicy = {
+    tools: "allow",
+    bash: "deny",
+    mcp: "ask",
+    skills: "allow",
+    special: "deny",
+  };
+
+  test("returns defaults.bash for surface 'bash'", () => {
+    expect(getSurfaceDefault("bash", defaults, SPECIAL_KEYS)).toBe("deny");
+  });
+
+  test("returns defaults.mcp for surface 'mcp'", () => {
+    expect(getSurfaceDefault("mcp", defaults, SPECIAL_KEYS)).toBe("ask");
+  });
+
+  test("returns defaults.skills for surface 'skill'", () => {
+    expect(getSurfaceDefault("skill", defaults, SPECIAL_KEYS)).toBe("allow");
+  });
+
+  test("returns defaults.special for special-key surfaces", () => {
+    expect(
+      getSurfaceDefault("external_directory", defaults, SPECIAL_KEYS),
+    ).toBe("deny");
+  });
+
+  test("returns defaults.tools for tool-name surfaces", () => {
+    expect(getSurfaceDefault("read", defaults, SPECIAL_KEYS)).toBe("allow");
+    expect(getSurfaceDefault("write", defaults, SPECIAL_KEYS)).toBe("allow");
+    expect(getSurfaceDefault("edit", defaults, SPECIAL_KEYS)).toBe("allow");
+  });
+
+  test("returns defaults.tools for unknown surfaces (least privilege via tools default)", () => {
+    expect(
+      getSurfaceDefault("unknown_extension_tool", defaults, SPECIAL_KEYS),
+    ).toBe("allow");
+  });
+
+  test("uses DEFAULT_POLICY when no overrides exist", () => {
+    expect(getSurfaceDefault("bash", DEFAULT_POLICY, SPECIAL_KEYS)).toBe("ask");
+    expect(getSurfaceDefault("read", DEFAULT_POLICY, SPECIAL_KEYS)).toBe("ask");
+    expect(
+      getSurfaceDefault("external_directory", DEFAULT_POLICY, SPECIAL_KEYS),
+    ).toBe("ask");
+  });
+});
+
+describe("mergeDefaults", () => {
+  test("returns DEFAULT_POLICY when called with no partials", () => {
+    expect(mergeDefaults()).toEqual(DEFAULT_POLICY);
+  });
+
+  test("overrides specific fields from a single partial", () => {
+    const result = mergeDefaults({ tools: "allow", bash: "deny" });
+    expect(result).toEqual({
+      tools: "allow",
+      bash: "deny",
+      mcp: "ask",
+      skills: "ask",
+      special: "ask",
+    });
+  });
+
+  test("later partials override earlier ones", () => {
+    const global: Partial<PermissionDefaultPolicy> = { tools: "allow" };
+    const project: Partial<PermissionDefaultPolicy> = { tools: "deny" };
+    const result = mergeDefaults(global, project);
+    expect(result.tools).toBe("deny");
+  });
+
+  test("merges across multiple partials", () => {
+    const global: Partial<PermissionDefaultPolicy> = {
+      tools: "allow",
+      bash: "allow",
+    };
+    const project: Partial<PermissionDefaultPolicy> = { bash: "deny" };
+    const agent: Partial<PermissionDefaultPolicy> = { mcp: "allow" };
+    const result = mergeDefaults(global, project, agent);
+    expect(result).toEqual({
+      tools: "allow",
+      bash: "deny",
+      mcp: "allow",
+      skills: "ask",
+      special: "ask",
+    });
+  });
+
+  test("undefined fields in later partials do not override earlier values", () => {
+    const global: Partial<PermissionDefaultPolicy> = { tools: "allow" };
+    const project: Partial<PermissionDefaultPolicy> = { bash: "deny" };
+    const result = mergeDefaults(global, project);
+    expect(result.tools).toBe("allow");
+  });
+});

package/tests/handlers/before-agent-start.test.ts

@@ -1,5 +1,5 @@
 import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
-import { beforeEach, describe, expect, it, vi } from "vitest";
+import { describe, expect, it, vi } from "vitest";
 
 import {
   handleBeforeAgentStart,
@@ -74,12 +74,11 @@ function makeRuntime(
     lastActiveToolsCacheKey: null,
     lastPromptStateCacheKey: null,
     lastConfigWarning: null,
-    sessionApprovalCache: {
+    sessionRules: {
       approve: vi.fn(),
-      has: vi.fn(),
-      findMatchingPrefix: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
       clear: vi.fn(),
-    } as unknown as ExtensionRuntime["sessionApprovalCache"],
+    } as unknown as ExtensionRuntime["sessionRules"],
     permissionForwardingContext: null,
     permissionForwardingTimer: null,
     isProcessingForwardedRequests: false,

package/tests/handlers/input.test.ts

@@ -53,12 +53,11 @@ function makeRuntime(
     lastActiveToolsCacheKey: null,
     lastPromptStateCacheKey: null,
     lastConfigWarning: null,
-    sessionApprovalCache: {
+    sessionRules: {
       approve: vi.fn(),
-      has: vi.fn(),
-      findMatchingPrefix: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
       clear: vi.fn(),
-    } as unknown as ExtensionRuntime["sessionApprovalCache"],
+    } as unknown as ExtensionRuntime["sessionRules"],
     permissionForwardingContext: null,
     permissionForwardingTimer: null,
     isProcessingForwardedRequests: false,

package/tests/handlers/lifecycle.test.ts

@@ -8,7 +8,7 @@ import {
 import type { HandlerDeps } from "../../src/handlers/types";
 import type { PermissionManager } from "../../src/permission-manager";
 import type { ExtensionRuntime } from "../../src/runtime";
-import type { SessionApprovalCache } from "../../src/session-approval-cache";
+import type { SessionRules } from "../../src/session-rules";
 import type { SkillPromptEntry } from "../../src/skill-prompt-sanitizer";
 
 // ── active-agent stub ──────────────────────────────────────────────────────
@@ -59,13 +59,12 @@ function makePermissionManager(
   };
 }
 
-function makeSessionApprovalCache(): SessionApprovalCache {
+function makeSessionRules(): SessionRules {
   return {
     approve: vi.fn(),
-    has: vi.fn().mockReturnValue(false),
-    findMatchingPrefix: vi.fn().mockReturnValue(null),
+    getRuleset: vi.fn().mockReturnValue([]),
     clear: vi.fn(),
-  } as unknown as SessionApprovalCache;
+  } as unknown as SessionRules;
 }
 
 function makeRuntime(
@@ -85,7 +84,7 @@ function makeRuntime(
     lastActiveToolsCacheKey: null,
     lastPromptStateCacheKey: null,
     lastConfigWarning: null,
-    sessionApprovalCache: makeSessionApprovalCache(),
+    sessionRules: makeSessionRules(),
     permissionForwardingContext: null,
     permissionForwardingTimer: null,
     isProcessingForwardedRequests: false,
@@ -330,10 +329,10 @@ describe("handleSessionShutdown", () => {
     expect(deps.runtime.lastPromptStateCacheKey).toBeNull();
   });
 
-  it("clears the session approval cache", async () => {
+  it("clears the session rules", async () => {
     const deps = makeDeps();
     await handleSessionShutdown(deps);
-    expect(deps.runtime.sessionApprovalCache.clear).toHaveBeenCalledOnce();
+    expect(deps.runtime.sessionRules.clear).toHaveBeenCalledOnce();
   });
 
   it("stops forwarded permission polling", async () => {

package/tests/handlers/tool-call.test.ts

@@ -74,12 +74,11 @@ function makeRuntime(
     lastActiveToolsCacheKey: null,
     lastPromptStateCacheKey: null,
     lastConfigWarning: null,
-    sessionApprovalCache: {
+    sessionRules: {
       approve: vi.fn(),
-      has: vi.fn().mockReturnValue(false),
-      findMatchingPrefix: vi.fn().mockReturnValue(null),
+      getRuleset: vi.fn().mockReturnValue([]),
       clear: vi.fn(),
-    } as unknown as ExtensionRuntime["sessionApprovalCache"],
+    } as unknown as ExtensionRuntime["sessionRules"],
     permissionForwardingContext: null,
     permissionForwardingTimer: null,
     isProcessingForwardedRequests: false,
@@ -339,12 +338,17 @@ describe("handleToolCall — external-directory gate", () => {
   it("allows when session has an existing approval for the external path", async () => {
     const deps = makeDeps({
       runtime: makeRuntime({
-        sessionApprovalCache: {
+        sessionRules: {
           approve: vi.fn(),
-          has: vi.fn().mockReturnValue(false),
-          findMatchingPrefix: vi.fn().mockReturnValue("/outside/project/"),
+          getRuleset: vi.fn().mockReturnValue([
+            {
+              surface: "external_directory",
+              pattern: "/outside/project/*",
+              action: "allow",
+            },
+          ]),
           clear: vi.fn(),
-        } as unknown as ExtensionRuntime["sessionApprovalCache"],
+        } as unknown as ExtensionRuntime["sessionRules"],
       }),
       getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
     });
@@ -359,18 +363,17 @@ describe("handleToolCall — external-directory gate", () => {
   });
 
   it("approves session when user selects approved_for_session", async () => {
-    const approveCache = {
+    const sessionRules = {
       approve: vi.fn(),
-      has: vi.fn().mockReturnValue(false),
-      findMatchingPrefix: vi.fn().mockReturnValue(null),
+      getRuleset: vi.fn().mockReturnValue([]),
       clear: vi.fn(),
-    } as unknown as ExtensionRuntime["sessionApprovalCache"];
+    } as unknown as ExtensionRuntime["sessionRules"];
     const deps = makeDeps({
       runtime: makeRuntime({
         permissionManager: {
           checkPermission: vi.fn().mockReturnValue(makePermissionResult("ask")),
         } as unknown as ExtensionRuntime["permissionManager"],
-        sessionApprovalCache: approveCache,
+        sessionRules,
       }),
       getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
       canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
@@ -385,7 +388,7 @@ describe("handleToolCall — external-directory gate", () => {
       input: { path: "/outside/project/file.ts" },
     };
     await handleToolCall(deps, event, makeCtx());
-    expect(approveCache.approve).toHaveBeenCalledWith(
+    expect(sessionRules.approve).toHaveBeenCalledWith(
       "external_directory",
       expect.any(String),
     );
@@ -419,13 +422,18 @@ describe("handleToolCall — bash external-directory gate", () => {
   it("skips bash external gate when all referenced paths are session-approved", async () => {
     const deps = makeDeps({
       runtime: makeRuntime({
-        sessionApprovalCache: {
+        sessionRules: {
           approve: vi.fn(),
-          // All paths are covered
-          has: vi.fn().mockReturnValue(true),
-          findMatchingPrefix: vi.fn().mockReturnValue(null),
+          // /outside/project/* covers /outside/project/file.ts
+          getRuleset: vi.fn().mockReturnValue([
+            {
+              surface: "external_directory",
+              pattern: "/outside/project/*",
+              action: "allow",
+            },
+          ]),
           clear: vi.fn(),
-        } as unknown as ExtensionRuntime["sessionApprovalCache"],
+        } as unknown as ExtensionRuntime["sessionRules"],
       }),
       getAllTools: vi.fn().mockReturnValue([{ name: "bash" }]),
     });

package/tests/normalize.test.ts

@@ -0,0 +1,121 @@
+import { describe, expect, test } from "vitest";
+import { normalizeConfig } from "../src/normalize";
+
+describe("normalizeConfig", () => {
+  describe("tools entries", () => {
+    test("converts tools entries to tool-name-as-surface rules", () => {
+      const result = normalizeConfig({
+        tools: { read: "allow", write: "deny" },
+      });
+      expect(result).toEqual([
+        { surface: "read", pattern: "*", action: "allow" },
+        { surface: "write", pattern: "*", action: "deny" },
+      ]);
+    });
+
+    test("tools.bash is excluded (handled as fallback override)", () => {
+      const result = normalizeConfig({
+        tools: { bash: "allow", read: "allow" },
+      });
+      expect(result).toEqual([
+        { surface: "read", pattern: "*", action: "allow" },
+      ]);
+    });
+
+    test("tools.mcp is excluded (handled as fallback override)", () => {
+      const result = normalizeConfig({
+        tools: { mcp: "ask", read: "allow" },
+      });
+      expect(result).toEqual([
+        { surface: "read", pattern: "*", action: "allow" },
+      ]);
+    });
+  });
+
+  describe("bash entries", () => {
+    test("converts bash entries to surface 'bash' rules", () => {
+      const result = normalizeConfig({
+        bash: { "git *": "allow", "rm -rf *": "deny" },
+      });
+      expect(result).toEqual([
+        { surface: "bash", pattern: "git *", action: "allow" },
+        { surface: "bash", pattern: "rm -rf *", action: "deny" },
+      ]);
+    });
+  });
+
+  describe("mcp entries", () => {
+    test("converts mcp entries to surface 'mcp' rules", () => {
+      const result = normalizeConfig({
+        mcp: { "exa:*": "allow", mcp_status: "allow" },
+      });
+      expect(result).toEqual([
+        { surface: "mcp", pattern: "exa:*", action: "allow" },
+        { surface: "mcp", pattern: "mcp_status", action: "allow" },
+      ]);
+    });
+  });
+
+  describe("skills entries", () => {
+    test("converts skills entries to surface 'skill' rules", () => {
+      const result = normalizeConfig({
+        skills: { "*": "ask", librarian: "allow" },
+      });
+      expect(result).toEqual([
+        { surface: "skill", pattern: "*", action: "ask" },
+        { surface: "skill", pattern: "librarian", action: "allow" },
+      ]);
+    });
+  });
+
+  describe("special entries", () => {
+    test("converts special entries to surface 'special' with key as pattern", () => {
+      const result = normalizeConfig({
+        special: { external_directory: "ask" },
+      });
+      expect(result).toEqual([
+        { surface: "special", pattern: "external_directory", action: "ask" },
+      ]);
+    });
+  });
+
+  describe("ordering", () => {
+    test("tools.bash excluded; bash entries come after tools", () => {
+      const result = normalizeConfig({
+        tools: { bash: "allow", read: "deny" },
+        bash: { "git *": "ask" },
+      });
+      expect(result).toEqual([
+        { surface: "read", pattern: "*", action: "deny" },
+        { surface: "bash", pattern: "git *", action: "ask" },
+      ]);
+    });
+
+    test("full ordering: tools → bash → mcp → skills → special", () => {
+      const result = normalizeConfig({
+        tools: { read: "allow" },
+        bash: { "git *": "allow" },
+        mcp: { "exa:*": "allow" },
+        skills: { librarian: "allow" },
+        special: { external_directory: "ask" },
+      });
+      expect(result).toEqual([
+        { surface: "read", pattern: "*", action: "allow" },
+        { surface: "bash", pattern: "git *", action: "allow" },
+        { surface: "mcp", pattern: "exa:*", action: "allow" },
+        { surface: "skill", pattern: "librarian", action: "allow" },
+        { surface: "special", pattern: "external_directory", action: "ask" },
+      ]);
+    });
+  });
+
+  describe("empty and missing sections", () => {
+    test("empty config produces empty ruleset", () => {
+      expect(normalizeConfig({})).toEqual([]);
+    });
+
+    test("undefined sections are skipped", () => {
+      expect(normalizeConfig({ tools: undefined })).toEqual([]);
+    });
+  });
+});

package/tests/permission-system.test.ts

@@ -10,7 +10,7 @@ import {
 import { tmpdir } from "node:os";
 import { dirname, join, resolve } from "node:path";
 import { test } from "vitest";
-import { BashFilter } from "../src/bash-filter";
+
 import {
   createActiveToolsCacheKey,
   createBeforeAgentStartPromptStateKey,
@@ -46,11 +46,7 @@ import {
   checkRequestedToolRegistration,
   getToolNameFromValue,
 } from "../src/tool-registry";
-import type {
-  AgentPermissions,
-  GlobalPermissionConfig,
-  PermissionState,
-} from "../src/types";
+import type { PermissionState, ScopeConfig } from "../src/types";
 import {
   canResolveAskPermissionRequest,
   shouldAutoApprovePermissionState,
@@ -61,7 +57,7 @@ type CreateManagerOptions = {
 };
 
 function createManager(
-  config: GlobalPermissionConfig,
+  config: ScopeConfig,
   agentFiles: Record<string, string> = {},
   options: CreateManagerOptions = {},
 ) {
@@ -146,7 +142,7 @@ async function withIsolatedSubagentEnv<T>(
 }
 
 function createToolCallHarness(
-  config: GlobalPermissionConfig,
+  config: ScopeConfig,
   toolNames: readonly string[],
   options: ExtensionHarnessOptions = {},
 ): ExtensionHarness {
@@ -652,30 +648,6 @@ test("Permission-system logger respects debug toggle and keeps review log enable
   }
 });
 
-test("BashFilter uses opencode-style last-match hierarchy", () => {
-  const filter = new BashFilter(
-    {
-      "*": "ask",
-      "git *": "deny",
-      "git status *": "ask",
-      "git status": "allow",
-    },
-    "deny",
-  );
-
-  const exact = filter.check("git status");
-  assert.equal(exact.state, "allow");
-  assert.equal(exact.matchedPattern, "git status");
-
-  const subcommand = filter.check("git status --short");
-  assert.equal(subcommand.state, "ask");
-  assert.equal(subcommand.matchedPattern, "git status *");
-
-  const generic = filter.check("git commit -m test");
-  assert.equal(generic.state, "deny");
-  assert.equal(generic.matchedPattern, "git *");
-});
-
 test("PermissionManager canonical built-in permission checking", () => {
   const { manager, cleanup } = createManager({
     defaultPolicy: {
@@ -910,7 +882,7 @@ test("MCP server names in settings.json are not used — only mcp.json is consul
   // which matches this rule and returns "allow".
   // After the fix, settings.json is ignored, so no server name is derived and the
   // result falls through to the default mcp policy ("ask").
-  const config: GlobalPermissionConfig = {
+  const config: ScopeConfig = {
     defaultPolicy: {
       tools: "ask",
       bash: "ask",
@@ -1510,12 +1482,12 @@ test("Permission forwarding rejects unresolved sentinel session ids", () => {
 });
 
 type CreateManagerWithProjectOptions = CreateManagerOptions & {
-  projectConfig?: AgentPermissions;
+  projectConfig?: ScopeConfig;
   projectAgentFiles?: Record<string, string>;
 };
 
 function createManagerWithProject(
-  config: GlobalPermissionConfig,
+  config: ScopeConfig,
   agentFiles: Record<string, string> = {},
   options: CreateManagerWithProjectOptions = {},
 ) {
@@ -1807,7 +1779,7 @@ test("PermissionManager reads config from PI_CODING_AGENT_DIR when set", () => {
   mkdirSync(agentsDir, { recursive: true });
   mkdirSync(dirname(newConfigPath), { recursive: true });
 
-  const config: GlobalPermissionConfig = {
+  const config: ScopeConfig = {
     defaultPolicy: {
       tools: "deny",
       bash: "deny",
@@ -2609,7 +2581,7 @@ test("normalizeRawPermission emits no issues when special is absent", () => {
 });
 
 test("PermissionManager.getConfigIssues returns deprecation for tool_call_limit in global config", () => {
-  const config: GlobalPermissionConfig = {
+  const config: ScopeConfig = {
     defaultPolicy: {
       tools: "ask",
       bash: "ask",
@@ -2634,7 +2606,7 @@ test("PermissionManager.getConfigIssues returns deprecation for tool_call_limit
 });
 
 test("PermissionManager.getConfigIssues returns empty array for clean config", () => {
-  const config: GlobalPermissionConfig = {
+  const config: ScopeConfig = {
     defaultPolicy: {
       tools: "ask",
       bash: "ask",
@@ -2660,7 +2632,7 @@ test("PermissionManager.getConfigIssues returns empty array for clean config", (
 // --- doom_loop config-loader deprecation tests (#54) ---
 
 test("PermissionManager.getConfigIssues returns deprecation for doom_loop in global config", () => {
-  const config: GlobalPermissionConfig = {
+  const config: ScopeConfig = {
     defaultPolicy: {
       tools: "ask",
       bash: "ask",