@gotgenes/pi-permission-system 4.1.1 → 4.3.0

package/tests/handlers/tool-call.test.ts

@@ -447,3 +447,215 @@ describe("handleToolCall — bash external-directory gate", () => {
     expect(result).toEqual({});
   });
 });
+
+// ── session approval ───────────────────────────────────────────────
+
+describe("handleToolCall — session-hit detection (normal gate)", () => {
+  it("skips gate and logs session_approved when bash check returns source=session", async () => {
+    const sessionRules = {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    } as unknown as ExtensionRuntime["sessionRules"];
+    const deps = makeDeps({
+      runtime: makeRuntime({
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue({
+            state: "allow",
+            toolName: "bash",
+            source: "session",
+            command: "git status",
+            matchedPattern: "git *",
+          }),
+        } as unknown as ExtensionRuntime["permissionManager"],
+        sessionRules,
+      }),
+    });
+    const event = makeToolCallEvent("bash", {
+      input: { command: "git status" },
+    });
+    const result = await handleToolCall(deps, event, makeCtx());
+    expect(result).toEqual({});
+    expect(deps.runtime.writeReviewLog).toHaveBeenCalledWith(
+      "permission_request.session_approved",
+      expect.objectContaining({
+        resolution: "session_approved",
+        toolName: "bash",
+      }),
+    );
+  });
+
+  it("skips gate and logs session_approved when mcp check returns source=session", async () => {
+    const deps = makeDeps({
+      runtime: makeRuntime({
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue({
+            state: "allow",
+            toolName: "mcp",
+            source: "session",
+            target: "exa:search",
+            matchedPattern: "exa:*",
+          }),
+        } as unknown as ExtensionRuntime["permissionManager"],
+      }),
+      getAllTools: vi.fn().mockReturnValue([{ name: "mcp" }]),
+    });
+    const event = makeToolCallEvent("mcp", { input: { tool: "exa:search" } });
+    const result = await handleToolCall(deps, event, makeCtx());
+    expect(result).toEqual({});
+    expect(deps.runtime.writeReviewLog).toHaveBeenCalledWith(
+      "permission_request.session_approved",
+      expect.objectContaining({
+        resolution: "session_approved",
+        toolName: "mcp",
+      }),
+    );
+  });
+
+  it("does NOT call sessionRules.approve when source is session (already recorded)", async () => {
+    const sessionRules = {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    } as unknown as ExtensionRuntime["sessionRules"];
+    const deps = makeDeps({
+      runtime: makeRuntime({
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue({
+            state: "allow",
+            toolName: "bash",
+            source: "session",
+            command: "git status",
+            matchedPattern: "git *",
+          }),
+        } as unknown as ExtensionRuntime["permissionManager"],
+        sessionRules,
+      }),
+    });
+    const event = makeToolCallEvent("bash", {
+      input: { command: "git status" },
+    });
+    await handleToolCall(deps, event, makeCtx());
+    expect(sessionRules.approve).not.toHaveBeenCalled();
+  });
+});
+
+describe("handleToolCall — session recording on approved_for_session", () => {
+  it("records bash session approval with suggestBashPattern result", async () => {
+    const sessionRules = {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    } as unknown as ExtensionRuntime["sessionRules"];
+    const deps = makeDeps({
+      runtime: makeRuntime({
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue({
+            state: "ask",
+            toolName: "bash",
+            source: "bash",
+            command: "git status",
+          }),
+        } as unknown as ExtensionRuntime["permissionManager"],
+        sessionRules,
+      }),
+      canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
+    });
+    const event = makeToolCallEvent("bash", {
+      input: { command: "git status" },
+    });
+    await handleToolCall(deps, event, makeCtx());
+    expect(sessionRules.approve).toHaveBeenCalledWith("bash", "git *");
+  });
+
+  it("records mcp session approval with suggestMcpPattern result", async () => {
+    const sessionRules = {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    } as unknown as ExtensionRuntime["sessionRules"];
+    const deps = makeDeps({
+      runtime: makeRuntime({
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue({
+            state: "ask",
+            toolName: "mcp",
+            source: "mcp",
+            target: "exa:search",
+          }),
+        } as unknown as ExtensionRuntime["permissionManager"],
+        sessionRules,
+      }),
+      getAllTools: vi.fn().mockReturnValue([{ name: "mcp" }]),
+      canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
+    });
+    const event = makeToolCallEvent("mcp", { input: { tool: "exa:search" } });
+    await handleToolCall(deps, event, makeCtx());
+    expect(sessionRules.approve).toHaveBeenCalledWith("mcp", "exa:*");
+  });
+
+  it("records tool session approval with * pattern for read surface", async () => {
+    const sessionRules = {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    } as unknown as ExtensionRuntime["sessionRules"];
+    const deps = makeDeps({
+      runtime: makeRuntime({
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue({
+            state: "ask",
+            toolName: "read",
+            source: "tool",
+          }),
+        } as unknown as ExtensionRuntime["permissionManager"],
+        sessionRules,
+      }),
+      canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
+    });
+    const event = makeToolCallEvent("read", {
+      input: { path: "/test/project/foo.ts" },
+    });
+    await handleToolCall(deps, event, makeCtx());
+    expect(sessionRules.approve).toHaveBeenCalledWith("read", "*");
+  });
+
+  it("does NOT call sessionRules.approve when user approves once (not for session)", async () => {
+    const sessionRules = {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    } as unknown as ExtensionRuntime["sessionRules"];
+    const deps = makeDeps({
+      runtime: makeRuntime({
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue({
+            state: "ask",
+            toolName: "bash",
+            source: "bash",
+            command: "git status",
+          }),
+        } as unknown as ExtensionRuntime["permissionManager"],
+        sessionRules,
+      }),
+      canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved" }),
+    });
+    const event = makeToolCallEvent("bash", {
+      input: { command: "git status" },
+    });
+    await handleToolCall(deps, event, makeCtx());
+    expect(sessionRules.approve).not.toHaveBeenCalled();
+  });
+});

package/tests/pattern-suggest.test.ts

@@ -0,0 +1,139 @@
+import { describe, expect, it } from "vitest";
+import {
+  suggestBashPattern,
+  suggestMcpPattern,
+  suggestSessionPattern,
+} from "../src/pattern-suggest";
+
+describe("suggestBashPattern", () => {
+  it("returns <command> * for a multi-word command", () => {
+    expect(suggestBashPattern("git status --short")).toBe("git *");
+  });
+
+  it("uses only the first word as the base", () => {
+    expect(suggestBashPattern("npm run build")).toBe("npm *");
+  });
+
+  it("returns the exact command when there are no arguments", () => {
+    expect(suggestBashPattern("ls")).toBe("ls");
+  });
+
+  it("trims leading and trailing whitespace", () => {
+    expect(suggestBashPattern("  git log  ")).toBe("git *");
+  });
+
+  it("handles empty string gracefully", () => {
+    expect(suggestBashPattern("")).toBe("");
+  });
+});
+
+describe("suggestMcpPattern", () => {
+  it("suggests server:* for a qualified target (colon-separated)", () => {
+    expect(suggestMcpPattern("exa:search")).toBe("exa:*");
+  });
+
+  it("suggests server_* for a munged target (underscore-separated)", () => {
+    expect(suggestMcpPattern("exa_search")).toBe("exa_*");
+  });
+
+  it("suggests * for a bare 'mcp' target", () => {
+    expect(suggestMcpPattern("mcp")).toBe("*");
+  });
+
+  it("suggests * for a plain tool name with no server prefix", () => {
+    expect(suggestMcpPattern("search")).toBe("*");
+  });
+
+  it("prefers colon over underscore when both are present", () => {
+    // Qualified names contain ':'; the colon check runs first.
+    expect(suggestMcpPattern("my-server:some_tool")).toBe("my-server:*");
+  });
+});
+
+describe("suggestSessionPattern", () => {
+  describe("bash surface", () => {
+    it("returns bash surface with <command> * pattern for multi-word command", () => {
+      const result = suggestSessionPattern("bash", "git status --short");
+      expect(result).toMatchObject({
+        surface: "bash",
+        pattern: "git *",
+      });
+    });
+
+    it("returns exact command for single-word bash command", () => {
+      const result = suggestSessionPattern("bash", "ls");
+      expect(result).toMatchObject({ surface: "bash", pattern: "ls" });
+    });
+  });
+
+  describe("mcp surface", () => {
+    it("returns mcp surface with server:* for qualified target", () => {
+      const result = suggestSessionPattern("mcp", "exa:search");
+      expect(result).toMatchObject({ surface: "mcp", pattern: "exa:*" });
+    });
+
+    it("returns mcp surface with server_* for munged target", () => {
+      const result = suggestSessionPattern("mcp", "exa_search");
+      expect(result).toMatchObject({ surface: "mcp", pattern: "exa_*" });
+    });
+
+    it("returns * for bare mcp target", () => {
+      const result = suggestSessionPattern("mcp", "mcp");
+      expect(result).toMatchObject({ surface: "mcp", pattern: "*" });
+    });
+  });
+
+  describe("skill surface", () => {
+    it("returns exact skill name as pattern", () => {
+      const result = suggestSessionPattern("skill", "librarian");
+      expect(result).toMatchObject({ surface: "skill", pattern: "librarian" });
+    });
+  });
+
+  describe("external_directory surface", () => {
+    it("returns parent-directory glob from deriveApprovalPattern", () => {
+      const result = suggestSessionPattern(
+        "external_directory",
+        "/tmp/foo.txt",
+      );
+      expect(result).toMatchObject({
+        surface: "external_directory",
+        pattern: "/tmp/*",
+      });
+    });
+  });
+
+  describe("tool surfaces", () => {
+    it("returns * for read surface", () => {
+      const result = suggestSessionPattern("read", "*");
+      expect(result).toMatchObject({ surface: "read", pattern: "*" });
+    });
+
+    it("returns * for write surface", () => {
+      const result = suggestSessionPattern("write", "*");
+      expect(result).toMatchObject({ surface: "write", pattern: "*" });
+    });
+
+    it("returns * for edit surface", () => {
+      const result = suggestSessionPattern("edit", "*");
+      expect(result).toMatchObject({ surface: "edit", pattern: "*" });
+    });
+  });
+
+  describe("label field", () => {
+    it("includes the suggested pattern in the label", () => {
+      const result = suggestSessionPattern("bash", "git status");
+      expect(result.label).toContain("git *");
+    });
+
+    it("wraps the pattern in quotes in the label", () => {
+      const result = suggestSessionPattern("mcp", "exa:search");
+      expect(result.label).toContain('"exa:*"');
+    });
+
+    it("label reads as a natural session-approval option", () => {
+      const result = suggestSessionPattern("skill", "librarian");
+      expect(result.label).toBe('Yes, allow "librarian" for this session');
+    });
+  });
+});

package/tests/permission-dialog.test.ts

@@ -132,6 +132,45 @@ describe("requestPermissionDecisionFromUi", () => {
       "No, provide reason",
     ]);
   });
+
+  it("uses custom sessionLabel when provided", async () => {
+    const selectFn = vi.fn().mockResolvedValue("Yes");
+    const ui: PermissionDecisionUi = {
+      select: selectFn,
+      input: vi.fn(),
+    };
+    await requestPermissionDecisionFromUi(ui, "Title", "Message", {
+      sessionLabel: 'Yes, allow "git *" for this session',
+    });
+    const options = selectFn.mock.calls[0][1] as string[];
+    expect(options[1]).toBe('Yes, allow "git *" for this session');
+  });
+
+  it("still returns approved_for_session when user selects the custom session label", async () => {
+    const customLabel = 'Yes, allow "git *" for this session';
+    const ui: PermissionDecisionUi = {
+      select: vi.fn().mockResolvedValue(customLabel),
+      input: vi.fn(),
+    };
+    const result = await requestPermissionDecisionFromUi(
+      ui,
+      "Title",
+      "Message",
+      { sessionLabel: customLabel },
+    );
+    expect(result).toEqual({ approved: true, state: "approved_for_session" });
+  });
+
+  it("falls back to default session label when no options provided", async () => {
+    const selectFn = vi.fn().mockResolvedValue("Yes");
+    const ui: PermissionDecisionUi = {
+      select: selectFn,
+      input: vi.fn(),
+    };
+    await requestPermissionDecisionFromUi(ui, "Title", "Message");
+    const options = selectFn.mock.calls[0][1] as string[];
+    expect(options[1]).toBe("Yes, for this session");
+  });
 });
 
 describe("normalizePermissionDenialReason", () => {

package/tests/permission-gate.test.ts

@@ -179,6 +179,74 @@ describe("applyPermissionGate", () => {
     });
   });
 
+  describe("ask branch — approved_for_session with sessionApproval", () => {
+    it("attaches sessionApproval to result when decision is approved_for_session and param provided", async () => {
+      const decision: PermissionPromptDecision = {
+        approved: true,
+        state: "approved_for_session",
+      };
+      const promptForApproval = vi.fn().mockResolvedValue(decision);
+      const params = makeParams({
+        state: "ask",
+        canConfirm: true,
+        promptForApproval,
+        sessionApproval: { surface: "bash", pattern: "git *" },
+      });
+      const result = await applyPermissionGate(params);
+      expect(result).toEqual({
+        action: "allow",
+        sessionApproval: { surface: "bash", pattern: "git *" },
+      });
+    });
+
+    it("does not attach sessionApproval when decision is approved (once)", async () => {
+      const decision: PermissionPromptDecision = {
+        approved: true,
+        state: "approved",
+      };
+      const promptForApproval = vi.fn().mockResolvedValue(decision);
+      const params = makeParams({
+        state: "ask",
+        canConfirm: true,
+        promptForApproval,
+        sessionApproval: { surface: "bash", pattern: "git *" },
+      });
+      const result = await applyPermissionGate(params);
+      expect(result).toEqual({ action: "allow" });
+    });
+
+    it("does not attach sessionApproval when no sessionApproval param", async () => {
+      const decision: PermissionPromptDecision = {
+        approved: true,
+        state: "approved_for_session",
+      };
+      const promptForApproval = vi.fn().mockResolvedValue(decision);
+      const params = makeParams({
+        state: "ask",
+        canConfirm: true,
+        promptForApproval,
+      });
+      const result = await applyPermissionGate(params);
+      expect(result).toEqual({ action: "allow" });
+    });
+
+    it("does not attach sessionApproval when user denies", async () => {
+      const decision: PermissionPromptDecision = {
+        approved: false,
+        state: "denied",
+      };
+      const promptForApproval = vi.fn().mockResolvedValue(decision);
+      const params = makeParams({
+        state: "ask",
+        canConfirm: true,
+        promptForApproval,
+        sessionApproval: { surface: "bash", pattern: "git *" },
+      });
+      const result = await applyPermissionGate(params);
+      expect(result).toEqual({ action: "block", reason: "User denied." });
+    });
+  });
+
   describe("allow branch", () => {
     it("returns allow immediately when state is allow", async () => {
       const params = makeParams({ state: "allow" });

package/tests/permission-system.test.ts

@@ -2620,6 +2620,187 @@ test("session rules override config deny for external_directory", () => {
   }
 });
 
+// ── Session rule evaluation for all surfaces ─────────────────────────────
+
+test("checkPermission returns source 'session' for bash when session rules match", () => {
+  const { manager, cleanup } = createManager({ permission: {} });
+
+  try {
+    const sessionRules = [
+      {
+        surface: "bash",
+        pattern: "git *",
+        action: "allow" as const,
+        layer: "session" as const,
+      },
+    ];
+
+    const result = manager.checkPermission(
+      "bash",
+      { command: "git status --short" },
+      undefined,
+      sessionRules,
+    );
+    assert.equal(result.state, "allow");
+    assert.equal(result.source, "session");
+    assert.equal(result.matchedPattern, "git *");
+  } finally {
+    cleanup();
+  }
+});
+
+test("checkPermission returns source 'session' for bash when session rule is exact match", () => {
+  const { manager, cleanup } = createManager({ permission: {} });
+
+  try {
+    const sessionRules = [
+      {
+        surface: "bash",
+        pattern: "ls",
+        action: "allow" as const,
+        layer: "session" as const,
+      },
+    ];
+
+    const result = manager.checkPermission(
+      "bash",
+      { command: "ls" },
+      undefined,
+      sessionRules,
+    );
+    assert.equal(result.state, "allow");
+    assert.equal(result.source, "session");
+  } finally {
+    cleanup();
+  }
+});
+
+test("checkPermission falls back to config for bash when session rules do not match the command", () => {
+  const { manager, cleanup } = createManager({ permission: { bash: "deny" } });
+
+  try {
+    const sessionRules = [
+      {
+        surface: "bash",
+        pattern: "git *",
+        action: "allow" as const,
+        layer: "session" as const,
+      },
+    ];
+
+    const result = manager.checkPermission(
+      "bash",
+      { command: "npm run build" },
+      undefined,
+      sessionRules,
+    );
+    assert.equal(result.state, "deny");
+    assert.equal(result.source, "bash");
+  } finally {
+    cleanup();
+  }
+});
+
+test("checkPermission returns source 'session' for mcp when session rules match the target", () => {
+  const { manager, cleanup } = createManager({ permission: {} });
+
+  try {
+    const sessionRules = [
+      {
+        surface: "mcp",
+        pattern: "exa:*",
+        action: "allow" as const,
+        layer: "session" as const,
+      },
+    ];
+
+    const result = manager.checkPermission(
+      "mcp",
+      { tool: "exa:search" },
+      undefined,
+      sessionRules,
+    );
+    assert.equal(result.state, "allow");
+    assert.equal(result.source, "session");
+  } finally {
+    cleanup();
+  }
+});
+
+test("checkPermission returns source 'session' for skill when session rules match", () => {
+  const { manager, cleanup } = createManager({ permission: {} });
+
+  try {
+    const sessionRules = [
+      {
+        surface: "skill",
+        pattern: "librarian",
+        action: "allow" as const,
+        layer: "session" as const,
+      },
+    ];
+
+    const result = manager.checkPermission(
+      "skill",
+      { name: "librarian" },
+      undefined,
+      sessionRules,
+    );
+    assert.equal(result.state, "allow");
+    assert.equal(result.source, "session");
+    assert.equal(result.matchedPattern, "librarian");
+  } finally {
+    cleanup();
+  }
+});
+
+test("checkPermission returns source 'session' for tool surface when session rules match", () => {
+  const { manager, cleanup } = createManager({ permission: {} });
+
+  try {
+    const sessionRules = [
+      {
+        surface: "read",
+        pattern: "*",
+        action: "allow" as const,
+        layer: "session" as const,
+      },
+    ];
+
+    const result = manager.checkPermission("read", {}, undefined, sessionRules);
+    assert.equal(result.state, "allow");
+    assert.equal(result.source, "session");
+  } finally {
+    cleanup();
+  }
+});
+
+test("bash session rules do not bleed into mcp checks", () => {
+  const { manager, cleanup } = createManager({ permission: {} });
+
+  try {
+    const sessionRules = [
+      {
+        surface: "bash",
+        pattern: "git *",
+        action: "allow" as const,
+        layer: "session" as const,
+      },
+    ];
+
+    const result = manager.checkPermission(
+      "mcp",
+      { tool: "exa:search" },
+      undefined,
+      sessionRules,
+    );
+    // bash session rule must not affect mcp surface
+    assert.notEqual(result.source, "session");
+  } finally {
+    cleanup();
+  }
+});
+
 // Suppress unused import warning — PermissionState used in type annotations
 const _unused: PermissionState = "ask";
 void _unused;