@gotgenes/pi-permission-system 4.8.0 → 5.0.0

package/tests/normalize.test.ts

@@ -6,27 +6,34 @@ describe("normalizeFlatConfig", () => {
     test("string value produces a single catch-all rule for the surface", () => {
       const result = normalizeFlatConfig({ read: "allow" });
       expect(result).toEqual([
-        { surface: "read", pattern: "*", action: "allow" },
+        { surface: "read", pattern: "*", action: "allow", origin: "builtin" },
       ]);
     });
 
     test("string shorthand works for multiple surfaces", () => {
       const result = normalizeFlatConfig({ read: "allow", write: "deny" });
       expect(result).toEqual([
-        { surface: "read", pattern: "*", action: "allow" },
-        { surface: "write", pattern: "*", action: "deny" },
+        { surface: "read", pattern: "*", action: "allow", origin: "builtin" },
+        { surface: "write", pattern: "*", action: "deny", origin: "builtin" },
       ]);
     });
 
     test("universal fallback '*' becomes a catch-all rule with surface '*'", () => {
       const result = normalizeFlatConfig({ "*": "ask" });
-      expect(result).toEqual([{ surface: "*", pattern: "*", action: "ask" }]);
+      expect(result).toEqual([
+        { surface: "*", pattern: "*", action: "ask", origin: "builtin" },
+      ]);
     });
 
     test("external_directory string shorthand maps directly to its surface", () => {
       const result = normalizeFlatConfig({ external_directory: "ask" });
       expect(result).toEqual([
-        { surface: "external_directory", pattern: "*", action: "ask" },
+        {
+          surface: "external_directory",
+          pattern: "*",
+          action: "ask",
+          origin: "builtin",
+        },
       ]);
     });
 
@@ -36,7 +43,7 @@ describe("normalizeFlatConfig", () => {
         write: "invalid" as never,
       });
       expect(result).toEqual([
-        { surface: "read", pattern: "*", action: "allow" },
+        { surface: "read", pattern: "*", action: "allow", origin: "builtin" },
       ]);
     });
   });
@@ -47,8 +54,13 @@ describe("normalizeFlatConfig", () => {
         bash: { "*": "ask", "git *": "allow" },
       });
       expect(result).toEqual([
-        { surface: "bash", pattern: "*", action: "ask" },
-        { surface: "bash", pattern: "git *", action: "allow" },
+        { surface: "bash", pattern: "*", action: "ask", origin: "builtin" },
+        {
+          surface: "bash",
+          pattern: "git *",
+          action: "allow",
+          origin: "builtin",
+        },
       ]);
     });
 
@@ -57,8 +69,13 @@ describe("normalizeFlatConfig", () => {
         mcp: { "*": "ask", mcp_status: "allow" },
       });
       expect(result).toEqual([
-        { surface: "mcp", pattern: "*", action: "ask" },
-        { surface: "mcp", pattern: "mcp_status", action: "allow" },
+        { surface: "mcp", pattern: "*", action: "ask", origin: "builtin" },
+        {
+          surface: "mcp",
+          pattern: "mcp_status",
+          action: "allow",
+          origin: "builtin",
+        },
       ]);
     });
 
@@ -67,8 +84,13 @@ describe("normalizeFlatConfig", () => {
         skill: { "*": "ask", librarian: "allow" },
       });
       expect(result).toEqual([
-        { surface: "skill", pattern: "*", action: "ask" },
-        { surface: "skill", pattern: "librarian", action: "allow" },
+        { surface: "skill", pattern: "*", action: "ask", origin: "builtin" },
+        {
+          surface: "skill",
+          pattern: "librarian",
+          action: "allow",
+          origin: "builtin",
+        },
       ]);
     });
 
@@ -77,7 +99,12 @@ describe("normalizeFlatConfig", () => {
         bash: { "git *": "allow", "rm -rf *": "bad" as never },
       });
       expect(result).toEqual([
-        { surface: "bash", pattern: "git *", action: "allow" },
+        {
+          surface: "bash",
+          pattern: "git *",
+          action: "allow",
+          origin: "builtin",
+        },
       ]);
     });
   });
@@ -94,14 +121,29 @@ describe("normalizeFlatConfig", () => {
         external_directory: "ask",
       });
       expect(result).toEqual([
-        { surface: "*", pattern: "*", action: "ask" },
-        { surface: "read", pattern: "*", action: "allow" },
-        { surface: "write", pattern: "*", action: "deny" },
-        { surface: "bash", pattern: "*", action: "ask" },
-        { surface: "bash", pattern: "git *", action: "allow" },
-        { surface: "mcp", pattern: "mcp_status", action: "allow" },
-        { surface: "skill", pattern: "*", action: "ask" },
-        { surface: "external_directory", pattern: "*", action: "ask" },
+        { surface: "*", pattern: "*", action: "ask", origin: "builtin" },
+        { surface: "read", pattern: "*", action: "allow", origin: "builtin" },
+        { surface: "write", pattern: "*", action: "deny", origin: "builtin" },
+        { surface: "bash", pattern: "*", action: "ask", origin: "builtin" },
+        {
+          surface: "bash",
+          pattern: "git *",
+          action: "allow",
+          origin: "builtin",
+        },
+        {
+          surface: "mcp",
+          pattern: "mcp_status",
+          action: "allow",
+          origin: "builtin",
+        },
+        { surface: "skill", pattern: "*", action: "ask", origin: "builtin" },
+        {
+          surface: "external_directory",
+          pattern: "*",
+          action: "ask",
+          origin: "builtin",
+        },
       ]);
     });
   });
@@ -117,7 +159,7 @@ describe("normalizeFlatConfig", () => {
         read: "allow",
       });
       expect(result).toEqual([
-        { surface: "read", pattern: "*", action: "allow" },
+        { surface: "read", pattern: "*", action: "allow", origin: "builtin" },
       ]);
     });
   });

package/tests/permission-manager-unified.test.ts

@@ -55,6 +55,7 @@ const sessionAllow = (surface: string, pattern: string): Rule => ({
   pattern,
   action: "allow",
   layer: "session",
+  origin: "session",
 });
 
 // ---------------------------------------------------------------------------
@@ -446,3 +447,217 @@ describe("checkPermission — home path expansion in external_directory rules",
     }
   });
 });
+
+// ---------------------------------------------------------------------------
+// Rule origin provenance
+// ---------------------------------------------------------------------------
+
+/**
+ * Build a manager with a global config and an optional project config.
+ * Returns the manager and a cleanup function.
+ */
+function makeManagerWithScopes(
+  globalPermission: Record<string, unknown>,
+  projectPermission?: Record<string, unknown>,
+): { manager: PermissionManager; cleanup: () => void } {
+  const baseDir = mkdtempSync(join(tmpdir(), "pm-provenance-test-"));
+  const agentsDir = join(baseDir, "agents");
+  mkdirSync(agentsDir, { recursive: true });
+  const globalConfigPath = join(baseDir, "global-config.json");
+  writeFileSync(
+    globalConfigPath,
+    JSON.stringify({ permission: globalPermission }, null, 2),
+  );
+
+  let projectGlobalConfigPath: string | undefined;
+  if (projectPermission !== undefined) {
+    projectGlobalConfigPath = join(baseDir, "project-config.json");
+    writeFileSync(
+      projectGlobalConfigPath,
+      JSON.stringify({ permission: projectPermission }, null, 2),
+    );
+  }
+
+  const manager = new PermissionManager({
+    globalConfigPath,
+    agentsDir,
+    projectGlobalConfigPath,
+  });
+  return {
+    manager,
+    cleanup: () => rmSync(baseDir, { recursive: true, force: true }),
+  };
+}
+
+describe("checkPermission — rule origin provenance", () => {
+  it("single-scope global: config rule has origin 'global'", () => {
+    const { manager, cleanup } = makeManagerWithScopes({ read: "allow" });
+    try {
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("global");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("single-scope global with pattern map: origin is 'global'", () => {
+    const { manager, cleanup } = makeManagerWithScopes({
+      bash: { "git *": "allow" },
+    });
+    try {
+      const result = manager.checkPermission("bash", { command: "git status" });
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("global");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("project overrides global: winning rule has origin 'project'", () => {
+    const { manager, cleanup } = makeManagerWithScopes(
+      { read: "ask" },
+      { read: "allow" },
+    );
+    try {
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("both-object merge: patterns retain their own origins", () => {
+    // global defines bash["git *"] = allow; project adds bash["rm *"] = deny.
+    // Both patterns should survive with their own origins.
+    const { manager, cleanup } = makeManagerWithScopes(
+      { bash: { "git *": "allow" } },
+      { bash: { "rm *": "deny" } },
+    );
+    try {
+      const gitResult = manager.checkPermission("bash", {
+        command: "git status",
+      });
+      expect(gitResult.state).toBe("allow");
+      expect(gitResult.origin).toBe("global");
+
+      const rmResult = manager.checkPermission("bash", {
+        command: "rm -rf /",
+      });
+      expect(rmResult.state).toBe("deny");
+      expect(rmResult.origin).toBe("project");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("both-object merge: project pattern overrides global pattern for same key", () => {
+    // Both scopes define bash["git *"]; project wins for that pattern.
+    const { manager, cleanup } = makeManagerWithScopes(
+      { bash: { "git *": "ask" } },
+      { bash: { "git *": "allow" } },
+    );
+    try {
+      const result = manager.checkPermission("bash", {
+        command: "git status",
+      });
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("string replaces object: all patterns from replacing scope get origin 'project'", () => {
+    // global defines bash as an object; project replaces with string "allow".
+    const { manager, cleanup } = makeManagerWithScopes(
+      { bash: { "git *": "ask", "npm *": "ask" } },
+      { bash: "allow" },
+    );
+    try {
+      // The catch-all "*" now comes from the project scope.
+      const result = manager.checkPermission("bash", {
+        command: "anything",
+      });
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("object replaces string: all patterns from replacing scope get origin 'project'", () => {
+    // global defines read as a string "ask"; project replaces with object.
+    const { manager, cleanup } = makeManagerWithScopes(
+      { read: "ask" },
+      { read: { "*": "allow" } },
+    );
+    try {
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("no config match: origin is 'builtin' (default layer)", () => {
+    // No config — falls back to synthesized default.
+    const manager = makeManager();
+    const result = manager.checkPermission("read", {});
+    expect(result.state).toBe("ask");
+    expect(result.origin).toBe("builtin");
+  });
+
+  it("session rule: origin is 'session'", () => {
+    const manager = makeManager();
+    const sessionRules: Ruleset = [
+      {
+        surface: "read",
+        pattern: "*",
+        action: "allow",
+        layer: "session",
+        origin: "session",
+      },
+    ];
+    const result = manager.checkPermission("read", {}, undefined, sessionRules);
+    expect(result.state).toBe("allow");
+    expect(result.source).toBe("session");
+    expect(result.origin).toBe("session");
+  });
+
+  it("universal fallback (*) set in global config carries origin 'global'", () => {
+    const { manager, cleanup } = makeManagerWithScopes({ "*": "allow" });
+    try {
+      // No explicit surface rule — hits the synthesized default derived from "*".
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("global");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("universal fallback (*) overridden by project carries origin 'project'", () => {
+    const { manager, cleanup } = makeManagerWithScopes(
+      { "*": "ask" },
+      { "*": "allow" },
+    );
+    try {
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("built-in fallback (no * in any config): origin is 'builtin'", () => {
+    // Manager with no config file — built-in "ask" default.
+    const manager = makeManager();
+    const result = manager.checkPermission("read", {});
+    expect(result.state).toBe("ask");
+    expect(result.origin).toBe("builtin");
+  });
+});

package/tests/permission-prompts.test.ts

@@ -34,7 +34,13 @@ function toolResult(
   toolName: string,
   overrides: Partial<PermissionCheckResult> = {},
 ): PermissionCheckResult {
-  return { toolName, state: "ask", source: "tool", ...overrides };
+  return {
+    toolName,
+    state: "ask",
+    source: "tool",
+    origin: "builtin",
+    ...overrides,
+  };
 }
 
 function mcpResult(
@@ -46,6 +52,7 @@ function mcpResult(
     target,
     state: "ask",
     source: "tool",
+    origin: "builtin",
     ...overrides,
   };
 }

package/tests/permission-system.test.ts

@@ -2477,6 +2477,7 @@ test("checkPermission returns source 'session' when session rules cover the exte
         pattern: "/other/project/*",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
 
@@ -2506,6 +2507,7 @@ test("checkPermission falls back to config policy when session rules do not cove
         pattern: "/other/project/*",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
 
@@ -2543,6 +2545,7 @@ test("checkPermission with empty session rules is identical to call without sess
       state: "deny",
       matchedPattern: "*",
       source: "special",
+      origin: "global",
     };
     assert.deepEqual(withEmpty, expected);
     assert.deepEqual(withoutArg, expected);
@@ -2564,6 +2567,7 @@ test("session rules for one surface do not affect checks on other surfaces", ()
         pattern: "/other/project/*",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
 
@@ -2603,6 +2607,7 @@ test("session rules override config deny for external_directory", () => {
         pattern: "/other/project/*",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
 
@@ -2632,6 +2637,7 @@ test("checkPermission returns source 'session' for bash when session rules match
         pattern: "git *",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
 
@@ -2659,6 +2665,7 @@ test("checkPermission returns source 'session' for bash when session rule is exa
         pattern: "ls",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
 
@@ -2685,6 +2692,7 @@ test("checkPermission falls back to config for bash when session rules do not ma
         pattern: "git *",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
 
@@ -2711,6 +2719,7 @@ test("checkPermission returns source 'session' for mcp when session rules match
         pattern: "exa:*",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
 
@@ -2737,6 +2746,7 @@ test("checkPermission returns source 'session' for skill when session rules matc
         pattern: "librarian",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
 
@@ -2764,6 +2774,7 @@ test("checkPermission returns source 'session' for tool surface when session rul
         pattern: "*",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
 
@@ -2785,6 +2796,7 @@ test("bash session rules do not bleed into mcp checks", () => {
         pattern: "git *",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];