@gotgenes/pi-permission-system 3.8.0 → 3.10.0

package/tests/rule.test.ts

@@ -1,38 +1,6 @@
-import { afterEach, describe, expect, test, vi } from "vitest";
+import { describe, expect, test } from "vitest";
 import type { Rule, Ruleset } from "../src/rule";
-import { evaluate, getDefaultAction } from "../src/rule";
-
-afterEach(() => {
-  vi.restoreAllMocks();
-});
-
-describe("getDefaultAction", () => {
-  test("returns 'ask' for bash surface", () => {
-    expect(getDefaultAction("bash")).toBe("ask");
-  });
-
-  test("returns 'ask' for mcp surface", () => {
-    expect(getDefaultAction("mcp")).toBe("ask");
-  });
-
-  test("returns 'ask' for skill surface", () => {
-    expect(getDefaultAction("skill")).toBe("ask");
-  });
-
-  test("returns 'ask' for special surface", () => {
-    expect(getDefaultAction("special")).toBe("ask");
-  });
-
-  test("returns 'ask' for tools surface", () => {
-    expect(getDefaultAction("tools")).toBe("ask");
-  });
-
-  test("returns 'ask' for unknown surface (least privilege)", () => {
-    expect(getDefaultAction("unknown_surface")).toBe("ask");
-    expect(getDefaultAction("")).toBe("ask");
-    expect(getDefaultAction("external_directory")).toBe("ask");
-  });
-});
+import { evaluate } from "../src/rule";
 
 describe("evaluate", () => {
   const allowBashGit: Rule = {
@@ -64,11 +32,23 @@ describe("evaluate", () => {
     expect(result).toEqual(allowBashGit);
   });
 
-  test("returns synthetic rule with default action when no rules match", () => {
+  test("returns synthetic rule with 'ask' when no rules match and no defaultAction", () => {
     const result = evaluate("bash", "npm install", [allowBashGit]);
     expect(result.surface).toBe("bash");
     expect(result.pattern).toBe("npm install");
-    expect(result.action).toBe("ask"); // getDefaultAction("bash")
+    expect(result.action).toBe("ask");
+  });
+
+  test("returns synthetic rule with custom defaultAction when no rules match", () => {
+    const result = evaluate("bash", "npm install", [allowBashGit], "deny");
+    expect(result.surface).toBe("bash");
+    expect(result.pattern).toBe("npm install");
+    expect(result.action).toBe("deny");
+  });
+
+  test("defaultAction does not affect matched rules", () => {
+    const result = evaluate("bash", "git status", [allowBashGit], "deny");
+    expect(result).toEqual(allowBashGit);
   });
 
   test("returns synthetic rule for empty ruleset", () => {
@@ -126,18 +106,19 @@ describe("evaluate", () => {
     expect(result.action).toBe("ask"); // falls back to default
   });
 
-  test("multiple rulesets: rules from later rulesets take priority", () => {
+  test("merged rulesets: rules from later scope take priority", () => {
     const globalRules: Ruleset = [
       { surface: "bash", pattern: "git *", action: "ask" },
     ];
     const agentRules: Ruleset = [
       { surface: "bash", pattern: "git *", action: "allow" },
     ];
-    const result = evaluate("bash", "git status", globalRules, agentRules);
+    const merged = [...globalRules, ...agentRules];
+    const result = evaluate("bash", "git status", merged);
     expect(result.action).toBe("allow"); // agent rule wins
   });
 
-  test("multiple rulesets: earlier rulesets used when later rulesets have no match", () => {
+  test("merged rulesets: earlier scope used when later scope has no match", () => {
     const globalRules: Ruleset = [
       { surface: "bash", pattern: "git *", action: "allow" },
     ];
@@ -145,12 +126,13 @@ describe("evaluate", () => {
       { surface: "bash", pattern: "npm *", action: "deny" },
     ];
     // git status matches global but not agent rule
-    const result = evaluate("bash", "git status", globalRules, agentRules);
+    const merged = [...globalRules, ...agentRules];
+    const result = evaluate("bash", "git status", merged);
     expect(result.action).toBe("allow"); // global rule is the last match for this pattern
   });
 
-  test("no rulesets at all returns synthetic default", () => {
-    const result = evaluate("bash", "git status");
+  test("empty ruleset returns synthetic default", () => {
+    const result = evaluate("bash", "git status", []);
     expect(result.surface).toBe("bash");
     expect(result.pattern).toBe("git status");
     expect(result.action).toBe("ask");

package/tests/runtime.test.ts

@@ -68,8 +68,9 @@ vi.mock("../src/subagent-context", () => ({
   isSubagentExecutionContext: vi.fn().mockReturnValue(false),
 }));
 
-vi.mock("../src/session-approval-cache", () => ({
-  SessionApprovalCache: vi.fn(),
+vi.mock("../src/session-rules", () => ({
+  SessionRules: vi.fn(),
+  deriveApprovalPattern: vi.fn(),
 }));
 
 import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
@@ -184,9 +185,9 @@ describe("createExtensionRuntime", () => {
     expect(runtime.isProcessingForwardedRequests).toBe(false);
   });
 
-  it("creates a sessionApprovalCache instance", () => {
+  it("creates a sessionRules instance", () => {
     const runtime = createExtensionRuntime({ agentDir: "/test/agent" });
-    expect(runtime.sessionApprovalCache).toBeDefined();
+    expect(runtime.sessionRules).toBeDefined();
   });
 
   // ── Mutable state is writable ──────────────────────────────────────────

package/tests/session-rules.test.ts

@@ -0,0 +1,225 @@
+import { describe, expect, it } from "vitest";
+
+import { evaluate } from "../src/rule";
+import { deriveApprovalPattern, SessionRules } from "../src/session-rules";
+
+// ── SessionRules ───────────────────────────────────────────────────────────
+
+describe("SessionRules", () => {
+  describe("getRuleset", () => {
+    it("returns an empty ruleset initially", () => {
+      const rules = new SessionRules();
+      expect(rules.getRuleset()).toEqual([]);
+    });
+
+    it("returns a ruleset containing approved rules", () => {
+      const rules = new SessionRules();
+      rules.approve("external_directory", "/other/project/*");
+      expect(rules.getRuleset()).toEqual([
+        {
+          surface: "external_directory",
+          pattern: "/other/project/*",
+          action: "allow",
+        },
+      ]);
+    });
+
+    it("returns a defensive copy — mutations do not affect internal state", () => {
+      const rules = new SessionRules();
+      rules.approve("external_directory", "/other/project/*");
+      const copy = rules.getRuleset();
+      copy.push({ surface: "bash", pattern: "*", action: "deny" });
+      expect(rules.getRuleset()).toHaveLength(1);
+    });
+
+    it("accumulates multiple approved patterns", () => {
+      const rules = new SessionRules();
+      rules.approve("external_directory", "/project-a/*");
+      rules.approve("external_directory", "/project-b/*");
+      expect(rules.getRuleset()).toHaveLength(2);
+    });
+  });
+
+  describe("clear", () => {
+    it("removes all session rules", () => {
+      const rules = new SessionRules();
+      rules.approve("external_directory", "/other/project/*");
+      rules.approve("external_directory", "/another/path/*");
+      rules.clear();
+      expect(rules.getRuleset()).toEqual([]);
+    });
+
+    it("allows new approvals after clearing", () => {
+      const rules = new SessionRules();
+      rules.approve("external_directory", "/old/path/*");
+      rules.clear();
+      rules.approve("external_directory", "/new/path/*");
+      expect(rules.getRuleset()).toHaveLength(1);
+      expect(rules.getRuleset()[0].pattern).toBe("/new/path/*");
+    });
+  });
+
+  describe("evaluate() integration", () => {
+    it("returns allow for a path under an approved directory", () => {
+      const session = new SessionRules();
+      session.approve("external_directory", "/other/project/*");
+      const result = evaluate(
+        "external_directory",
+        "/other/project/src/foo.ts",
+        session.getRuleset(),
+      );
+      expect(result.action).toBe("allow");
+    });
+
+    it("returns ask (default) for a path outside approved directories", () => {
+      const session = new SessionRules();
+      session.approve("external_directory", "/other/project/*");
+      const result = evaluate(
+        "external_directory",
+        "/other/unrelated/file.ts",
+        session.getRuleset(),
+      );
+      // No rule matches — evaluate returns synthetic rule with default action "ask"
+      expect(result.action).toBe("ask");
+    });
+
+    it("does not match a sibling directory that shares a string prefix", () => {
+      const session = new SessionRules();
+      session.approve("external_directory", "/other/project/*");
+      const result = evaluate(
+        "external_directory",
+        "/other/project-b/foo.ts",
+        session.getRuleset(),
+      );
+      expect(result.action).toBe("ask");
+    });
+
+    it("matches the directory itself (trailing slash)", () => {
+      const session = new SessionRules();
+      session.approve("external_directory", "/other/project/src/*");
+      // The * in wildcardMatch maps to .* which matches zero chars — so /src/ is covered.
+      const result = evaluate(
+        "external_directory",
+        "/other/project/src/",
+        session.getRuleset(),
+      );
+      expect(result.action).toBe("allow");
+    });
+
+    it("handles multiple approved directories", () => {
+      const session = new SessionRules();
+      session.approve("external_directory", "/project-a/*");
+      session.approve("external_directory", "/project-b/*");
+      expect(
+        evaluate(
+          "external_directory",
+          "/project-a/foo.ts",
+          session.getRuleset(),
+        ).action,
+      ).toBe("allow");
+      expect(
+        evaluate(
+          "external_directory",
+          "/project-b/bar.ts",
+          session.getRuleset(),
+        ).action,
+      ).toBe("allow");
+      expect(
+        evaluate(
+          "external_directory",
+          "/project-c/baz.ts",
+          session.getRuleset(),
+        ).action,
+      ).toBe("ask");
+    });
+
+    it("does not match a different surface", () => {
+      const session = new SessionRules();
+      session.approve("external_directory", "/other/project/*");
+      const result = evaluate(
+        "bash",
+        "/other/project/foo.ts",
+        session.getRuleset(),
+      );
+      expect(result.action).toBe("ask");
+    });
+
+    it("returns allow after clearing and re-approving", () => {
+      const session = new SessionRules();
+      session.approve("external_directory", "/old/project/*");
+      session.clear();
+      session.approve("external_directory", "/new/project/*");
+      expect(
+        evaluate(
+          "external_directory",
+          "/old/project/file.ts",
+          session.getRuleset(),
+        ).action,
+      ).toBe("ask");
+      expect(
+        evaluate(
+          "external_directory",
+          "/new/project/file.ts",
+          session.getRuleset(),
+        ).action,
+      ).toBe("allow");
+    });
+  });
+});
+
+// ── deriveApprovalPattern ──────────────────────────────────────────────────
+
+describe("deriveApprovalPattern", () => {
+  it("returns parent directory glob for a file path", () => {
+    expect(deriveApprovalPattern("/other/project/src/foo.ts")).toBe(
+      "/other/project/src/*",
+    );
+  });
+
+  it("returns directory glob when path already ends with separator", () => {
+    expect(deriveApprovalPattern("/other/project/src/")).toBe(
+      "/other/project/src/*",
+    );
+  });
+
+  it("returns parent directory glob for a directory-like path without trailing separator", () => {
+    // Cannot distinguish dir from file — dirname is the safe choice
+    expect(deriveApprovalPattern("/other/project/src")).toBe(
+      "/other/project/*",
+    );
+  });
+
+  it("handles root path", () => {
+    expect(deriveApprovalPattern("/")).toBe("/*");
+  });
+
+  it("handles single-level path", () => {
+    expect(deriveApprovalPattern("/foo")).toBe("/*");
+  });
+
+  it("produces a pattern that matches paths under the approved directory", () => {
+    const pattern = deriveApprovalPattern("/other/project/src/foo.ts");
+    const session = new SessionRules();
+    session.approve("external_directory", pattern);
+    expect(
+      evaluate(
+        "external_directory",
+        "/other/project/src/bar.ts",
+        session.getRuleset(),
+      ).action,
+    ).toBe("allow");
+  });
+
+  it("produces a pattern that does not match sibling directories", () => {
+    const pattern = deriveApprovalPattern("/other/project/src/foo.ts");
+    const session = new SessionRules();
+    session.approve("external_directory", pattern);
+    expect(
+      evaluate(
+        "external_directory",
+        "/other/project/lib/bar.ts",
+        session.getRuleset(),
+      ).action,
+    ).toBe("ask");
+  });
+});

package/tests/session-start.test.ts

@@ -5,7 +5,7 @@ import { afterEach, beforeEach, describe, expect, test } from "vitest";
 import { getGlobalConfigPath } from "../src/config-paths";
 import { DEFAULT_EXTENSION_CONFIG } from "../src/extension-config";
 import piPermissionSystemExtension from "../src/index";
-import type { GlobalPermissionConfig } from "../src/types";
+import type { ScopeConfig } from "../src/types";
 
 type MockHandler = (
   event: Record<string, unknown>,
@@ -26,7 +26,7 @@ describe("session_start handler consolidation", () => {
     mkdirSync(join(baseDir, "agents"), { recursive: true });
     mkdirSync(dirname(globalConfigPath), { recursive: true });
 
-    const config: GlobalPermissionConfig = {
+    const config: ScopeConfig = {
       defaultPolicy: {
         tools: "ask",
         bash: "ask",

package/src/bash-filter.ts

@@ -1,51 +0,0 @@
-import type { BashPermissions, PermissionState } from "./types";
-import {
-  type CompiledWildcardPattern,
-  compileWildcardPatterns,
-  findCompiledWildcardMatch,
-} from "./wildcard-matcher";
-
-type CompiledPattern = CompiledWildcardPattern<PermissionState>;
-
-type BashPermissionSource = BashPermissions | readonly CompiledPattern[];
-
-function isCompiledPatternList(
-  value: BashPermissionSource,
-): value is readonly CompiledPattern[] {
-  return Array.isArray(value);
-}
-
-export interface BashPermissionCheck {
-  state: PermissionState;
-  matchedPattern?: string;
-  command: string;
-}
-
-export class BashFilter {
-  private readonly compiledPatterns: CompiledPattern[];
-
-  constructor(
-    permissions: BashPermissionSource,
-    private readonly defaultState: PermissionState,
-  ) {
-    this.compiledPatterns = isCompiledPatternList(permissions)
-      ? [...permissions]
-      : compileWildcardPatterns(permissions);
-  }
-
-  check(command: string): BashPermissionCheck {
-    const match = findCompiledWildcardMatch(this.compiledPatterns, command);
-    if (match) {
-      return {
-        state: match.state,
-        matchedPattern: match.matchedPattern,
-        command,
-      };
-    }
-
-    return {
-      state: this.defaultState,
-      command,
-    };
-  }
-}

package/src/session-approval-cache.ts

@@ -1,81 +0,0 @@
-import { dirname, sep } from "node:path";
-
-import { isPathWithinDirectory } from "./external-directory";
-
-/**
- * Ephemeral in-memory cache of session-scoped permission approvals.
- * Keyed by permission surface (e.g. "external_directory"), values are
- * normalized directory prefixes that have been approved for the session.
- *
- * Cleared on session_shutdown — never persisted to disk.
- */
-export class SessionApprovalCache {
-  private approvals = new Map<string, Set<string>>();
-
-  /** Record a directory prefix as approved for the given surface. */
-  approve(surface: string, prefix: string): void {
-    let prefixes = this.approvals.get(surface);
-    if (!prefixes) {
-      prefixes = new Set();
-      this.approvals.set(surface, prefixes);
-    }
-    prefixes.add(prefix);
-  }
-
-  /**
-   * Check whether a path falls under any approved prefix for the given surface.
-   * Uses `isPathWithinDirectory()` for correct separator-aware prefix matching.
-   */
-  has(surface: string, path: string): boolean {
-    const prefixes = this.approvals.get(surface);
-    if (!prefixes) {
-      return false;
-    }
-    for (const prefix of prefixes) {
-      if (isPathWithinDirectory(path, prefix)) {
-        return true;
-      }
-    }
-    return false;
-  }
-
-  /** Find and return the matching approved prefix, or null if none matches. */
-  findMatchingPrefix(surface: string, path: string): string | null {
-    const prefixes = this.approvals.get(surface);
-    if (!prefixes) {
-      return null;
-    }
-    for (const prefix of prefixes) {
-      if (isPathWithinDirectory(path, prefix)) {
-        return prefix;
-      }
-    }
-    return null;
-  }
-
-  /** Remove all session approvals. */
-  clear(): void {
-    this.approvals.clear();
-  }
-}
-
-/**
- * Derive the directory prefix to approve from a normalized path.
- * Returns `dirname(path)` with a trailing separator so that
- * prefix matching via `isPathWithinDirectory()` works correctly.
- *
- * For paths that already end with a separator (directories),
- * the trailing separator is stripped by dirname and re-added.
- */
-export function deriveApprovalPrefix(normalizedPath: string): string {
-  // If the path already ends with a separator, it's a directory — return as-is.
-  if (normalizedPath.endsWith(sep)) {
-    return normalizedPath;
-  }
-  const dir = dirname(normalizedPath);
-  if (dir === normalizedPath) {
-    // Root path — dirname('/') === '/'
-    return dir;
-  }
-  return dir.endsWith(sep) ? dir : `${dir}${sep}`;
-}

package/tests/bash-filter.test.ts

@@ -1,142 +0,0 @@
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-
-import type { PermissionState } from "../src/types";
-
-// Mock wildcard-matcher before importing the module under test.
-vi.mock("../src/wildcard-matcher.js", () => ({
-  compileWildcardPatterns: vi.fn((patterns: Record<string, PermissionState>) =>
-    Object.entries(patterns).map(([pattern, state]) => ({
-      pattern,
-      state,
-      regex: new RegExp(`^${pattern.replace(/\*/g, ".*")}$`),
-    })),
-  ),
-  findCompiledWildcardMatch: vi.fn(),
-}));
-
-import { BashFilter } from "../src/bash-filter";
-import {
-  compileWildcardPatterns,
-  findCompiledWildcardMatch,
-} from "../src/wildcard-matcher";
-
-const mockedCompilePatterns = vi.mocked(compileWildcardPatterns);
-const mockedFindMatch = vi.mocked(findCompiledWildcardMatch);
-
-beforeEach(() => {
-  mockedCompilePatterns.mockClear();
-  mockedFindMatch.mockReset();
-});
-
-afterEach(() => {
-  vi.restoreAllMocks();
-});
-
-describe("BashFilter.check", () => {
-  test("returns matched state when wildcard-matcher finds a pattern match", () => {
-    mockedFindMatch.mockReturnValue({
-      state: "allow",
-      matchedPattern: "git *",
-      matchedName: "git status",
-    });
-
-    const filter = new BashFilter({ "git *": "allow" }, "ask");
-    const result = filter.check("git status");
-
-    expect(result.state).toBe("allow");
-    expect(result.matchedPattern).toBe("git *");
-    expect(result.command).toBe("git status");
-    expect(mockedFindMatch).toHaveBeenCalledOnce();
-  });
-
-  test("returns default state when wildcard-matcher returns null", () => {
-    mockedFindMatch.mockReturnValue(null);
-
-    const filter = new BashFilter({ "git *": "allow" }, "ask");
-    const result = filter.check("npm install");
-
-    expect(result.state).toBe("ask");
-    expect(result.matchedPattern).toBeUndefined();
-    expect(result.command).toBe("npm install");
-  });
-
-  test("delegates pattern compilation to compileWildcardPatterns", () => {
-    mockedFindMatch.mockReturnValue(null);
-
-    const permissions: Record<string, PermissionState> = {
-      "git *": "allow",
-      "npm *": "deny",
-    };
-    new BashFilter(permissions, "ask");
-
-    expect(compileWildcardPatterns).toHaveBeenCalledWith(permissions);
-  });
-
-  test("default fallback is the configured defaultState", () => {
-    mockedFindMatch.mockReturnValue(null);
-
-    const denyFilter = new BashFilter({}, "deny");
-    expect(denyFilter.check("anything").state).toBe("deny");
-
-    const allowFilter = new BashFilter({}, "allow");
-    expect(allowFilter.check("anything").state).toBe("allow");
-  });
-
-  test("passes command string to findCompiledWildcardMatch", () => {
-    mockedFindMatch.mockReturnValue(null);
-
-    const filter = new BashFilter({}, "ask");
-    filter.check("echo hello");
-
-    expect(mockedFindMatch).toHaveBeenCalledWith(
-      expect.any(Array),
-      "echo hello",
-    );
-  });
-
-  test("empty command falls through to default state", () => {
-    mockedFindMatch.mockReturnValue(null);
-
-    const filter = new BashFilter({}, "ask");
-    const result = filter.check("");
-
-    expect(result.state).toBe("ask");
-    expect(result.command).toBe("");
-  });
-
-  test("accepts pre-compiled pattern list instead of permissions object", () => {
-    mockedFindMatch.mockReturnValue({
-      state: "deny",
-      matchedPattern: "rm *",
-      matchedName: "rm -rf /",
-    });
-
-    const compiledPatterns = [
-      {
-        pattern: "rm *",
-        state: "deny" as const,
-        regex: /^rm .*$/,
-      },
-    ];
-    const filter = new BashFilter(compiledPatterns, "ask");
-    const result = filter.check("rm -rf /");
-
-    // compileWildcardPatterns should NOT be called for a pre-compiled list
-    expect(compileWildcardPatterns).not.toHaveBeenCalled();
-    expect(result.state).toBe("deny");
-  });
-
-  test("last-match-wins: matched pattern state overrides default", () => {
-    mockedFindMatch.mockReturnValue({
-      state: "deny",
-      matchedPattern: "rm *",
-      matchedName: "rm -rf /",
-    });
-
-    const filter = new BashFilter({ "rm *": "deny" }, "allow");
-    const result = filter.check("rm -rf /");
-
-    expect(result.state).toBe("deny");
-    expect(result.matchedPattern).toBe("rm *");
-  });
-});