npm - @gotgenes/pi-permission-system - Versions diffs - 4.9.0 → 5.1.0 - Mend

@gotgenes/pi-permission-system 4.9.0 → 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/CHANGELOG.md +37 -0
package/package.json +1 -1
package/src/config-modal.ts +25 -3
package/src/external-directory.ts +238 -14
package/src/index.ts +4 -0
package/src/normalize.ts +2 -2
package/src/permission-manager.ts +72 -17
package/src/rule.ts +26 -2
package/src/session-rules.ts +7 -1
package/src/synthesize.ts +7 -2
package/src/tool-input-preview.ts +7 -1
package/src/types.ts +6 -0
package/tests/bash-external-directory.test.ts +227 -0
package/tests/config-modal.test.ts +83 -0
package/tests/handlers/tool-call.test.ts +2 -1
package/tests/normalize.test.ts +64 -22
package/tests/permission-manager-unified.test.ts +215 -0
package/tests/permission-prompts.test.ts +8 -1
package/tests/permission-system.test.ts +12 -0
package/tests/rule.test.ts +76 -8
package/tests/session-rules.test.ts +7 -1
package/tests/skill-prompt-sanitizer.test.ts +1 -1
package/tests/synthesize.test.ts +64 -4
package/tests/tool-input-preview.test.ts +29 -0

package/tests/permission-manager-unified.test.ts CHANGED Viewed

@@ -55,6 +55,7 @@ const sessionAllow = (surface: string, pattern: string): Rule => ({
   pattern,
   action: "allow",
   layer: "session",
+  origin: "session",
 });
 // ---------------------------------------------------------------------------
@@ -446,3 +447,217 @@ describe("checkPermission — home path expansion in external_directory rules",
     }
   });
 });
+// ---------------------------------------------------------------------------
+// Rule origin provenance
+// ---------------------------------------------------------------------------
+/**
+ * Build a manager with a global config and an optional project config.
+ * Returns the manager and a cleanup function.
+ */
+function makeManagerWithScopes(
+  globalPermission: Record<string, unknown>,
+  projectPermission?: Record<string, unknown>,
+): { manager: PermissionManager; cleanup: () => void } {
+  const baseDir = mkdtempSync(join(tmpdir(), "pm-provenance-test-"));
+  const agentsDir = join(baseDir, "agents");
+  mkdirSync(agentsDir, { recursive: true });
+  const globalConfigPath = join(baseDir, "global-config.json");
+  writeFileSync(
+    globalConfigPath,
+    JSON.stringify({ permission: globalPermission }, null, 2),
+  );
+  let projectGlobalConfigPath: string | undefined;
+  if (projectPermission !== undefined) {
+    projectGlobalConfigPath = join(baseDir, "project-config.json");
+    writeFileSync(
+      projectGlobalConfigPath,
+      JSON.stringify({ permission: projectPermission }, null, 2),
+    );
+  }
+  const manager = new PermissionManager({
+    globalConfigPath,
+    agentsDir,
+    projectGlobalConfigPath,
+  });
+  return {
+    manager,
+    cleanup: () => rmSync(baseDir, { recursive: true, force: true }),
+  };
+}
+describe("checkPermission — rule origin provenance", () => {
+  it("single-scope global: config rule has origin 'global'", () => {
+    const { manager, cleanup } = makeManagerWithScopes({ read: "allow" });
+    try {
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("global");
+    } finally {
+      cleanup();
+    }
+  });
+  it("single-scope global with pattern map: origin is 'global'", () => {
+    const { manager, cleanup } = makeManagerWithScopes({
+      bash: { "git *": "allow" },
+    });
+    try {
+      const result = manager.checkPermission("bash", { command: "git status" });
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("global");
+    } finally {
+      cleanup();
+    }
+  });
+  it("project overrides global: winning rule has origin 'project'", () => {
+    const { manager, cleanup } = makeManagerWithScopes(
+      { read: "ask" },
+      { read: "allow" },
+    );
+    try {
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    } finally {
+      cleanup();
+    }
+  });
+  it("both-object merge: patterns retain their own origins", () => {
+    // global defines bash["git *"] = allow; project adds bash["rm *"] = deny.
+    // Both patterns should survive with their own origins.
+    const { manager, cleanup } = makeManagerWithScopes(
+      { bash: { "git *": "allow" } },
+      { bash: { "rm *": "deny" } },
+    );
+    try {
+      const gitResult = manager.checkPermission("bash", {
+        command: "git status",
+      });
+      expect(gitResult.state).toBe("allow");
+      expect(gitResult.origin).toBe("global");
+      const rmResult = manager.checkPermission("bash", {
+        command: "rm -rf /",
+      });
+      expect(rmResult.state).toBe("deny");
+      expect(rmResult.origin).toBe("project");
+    } finally {
+      cleanup();
+    }
+  });
+  it("both-object merge: project pattern overrides global pattern for same key", () => {
+    // Both scopes define bash["git *"]; project wins for that pattern.
+    const { manager, cleanup } = makeManagerWithScopes(
+      { bash: { "git *": "ask" } },
+      { bash: { "git *": "allow" } },
+    );
+    try {
+      const result = manager.checkPermission("bash", {
+        command: "git status",
+      });
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    } finally {
+      cleanup();
+    }
+  });
+  it("string replaces object: all patterns from replacing scope get origin 'project'", () => {
+    // global defines bash as an object; project replaces with string "allow".
+    const { manager, cleanup } = makeManagerWithScopes(
+      { bash: { "git *": "ask", "npm *": "ask" } },
+      { bash: "allow" },
+    );
+    try {
+      // The catch-all "*" now comes from the project scope.
+      const result = manager.checkPermission("bash", {
+        command: "anything",
+      });
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    } finally {
+      cleanup();
+    }
+  });
+  it("object replaces string: all patterns from replacing scope get origin 'project'", () => {
+    // global defines read as a string "ask"; project replaces with object.
+    const { manager, cleanup } = makeManagerWithScopes(
+      { read: "ask" },
+      { read: { "*": "allow" } },
+    );
+    try {
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    } finally {
+      cleanup();
+    }
+  });
+  it("no config match: origin is 'builtin' (default layer)", () => {
+    // No config — falls back to synthesized default.
+    const manager = makeManager();
+    const result = manager.checkPermission("read", {});
+    expect(result.state).toBe("ask");
+    expect(result.origin).toBe("builtin");
+  });
+  it("session rule: origin is 'session'", () => {
+    const manager = makeManager();
+    const sessionRules: Ruleset = [
+      {
+        surface: "read",
+        pattern: "*",
+        action: "allow",
+        layer: "session",
+        origin: "session",
+      },
+    ];
+    const result = manager.checkPermission("read", {}, undefined, sessionRules);
+    expect(result.state).toBe("allow");
+    expect(result.source).toBe("session");
+    expect(result.origin).toBe("session");
+  });
+  it("universal fallback (*) set in global config carries origin 'global'", () => {
+    const { manager, cleanup } = makeManagerWithScopes({ "*": "allow" });
+    try {
+      // No explicit surface rule — hits the synthesized default derived from "*".
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("global");
+    } finally {
+      cleanup();
+    }
+  });
+  it("universal fallback (*) overridden by project carries origin 'project'", () => {
+    const { manager, cleanup } = makeManagerWithScopes(
+      { "*": "ask" },
+      { "*": "allow" },
+    );
+    try {
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    } finally {
+      cleanup();
+    }
+  });
+  it("built-in fallback (no * in any config): origin is 'builtin'", () => {
+    // Manager with no config file — built-in "ask" default.
+    const manager = makeManager();
+    const result = manager.checkPermission("read", {});
+    expect(result.state).toBe("ask");
+    expect(result.origin).toBe("builtin");
+  });
+});

package/tests/permission-prompts.test.ts CHANGED Viewed

@@ -34,7 +34,13 @@ function toolResult(
   toolName: string,
   overrides: Partial<PermissionCheckResult> = {},
 ): PermissionCheckResult {
-  return { toolName, state: "ask", source: "tool", ...overrides };
+  return {
+    toolName,
+    state: "ask",
+    source: "tool",
+    origin: "builtin",
+    ...overrides,
+  };
 }
 function mcpResult(
@@ -46,6 +52,7 @@ function mcpResult(
     target,
     state: "ask",
     source: "tool",
+    origin: "builtin",
     ...overrides,
   };
 }

package/tests/permission-system.test.ts CHANGED Viewed

@@ -2477,6 +2477,7 @@ test("checkPermission returns source 'session' when session rules cover the exte
         pattern: "/other/project/*",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
@@ -2506,6 +2507,7 @@ test("checkPermission falls back to config policy when session rules do not cove
         pattern: "/other/project/*",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
@@ -2543,6 +2545,7 @@ test("checkPermission with empty session rules is identical to call without sess
       state: "deny",
       matchedPattern: "*",
       source: "special",
+      origin: "global",
     };
     assert.deepEqual(withEmpty, expected);
     assert.deepEqual(withoutArg, expected);
@@ -2564,6 +2567,7 @@ test("session rules for one surface do not affect checks on other surfaces", ()
         pattern: "/other/project/*",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
@@ -2603,6 +2607,7 @@ test("session rules override config deny for external_directory", () => {
         pattern: "/other/project/*",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
@@ -2632,6 +2637,7 @@ test("checkPermission returns source 'session' for bash when session rules match
         pattern: "git *",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
@@ -2659,6 +2665,7 @@ test("checkPermission returns source 'session' for bash when session rule is exa
         pattern: "ls",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
@@ -2685,6 +2692,7 @@ test("checkPermission falls back to config for bash when session rules do not ma
         pattern: "git *",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
@@ -2711,6 +2719,7 @@ test("checkPermission returns source 'session' for mcp when session rules match
         pattern: "exa:*",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
@@ -2737,6 +2746,7 @@ test("checkPermission returns source 'session' for skill when session rules matc
         pattern: "librarian",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
@@ -2764,6 +2774,7 @@ test("checkPermission returns source 'session' for tool surface when session rul
         pattern: "*",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];
@@ -2785,6 +2796,7 @@ test("bash session rules do not bleed into mcp checks", () => {
         pattern: "git *",
         action: "allow" as const,
         layer: "session" as const,
+        origin: "session" as const,
       },
     ];

package/tests/rule.test.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { describe, expect, test } from "vitest";
-import type { Rule, Ruleset } from "../src/rule";
+import type { Rule, RuleOrigin, Ruleset } from "../src/rule";
 import { evaluate, evaluateFirst } from "../src/rule";
 describe("evaluate", () => {
@@ -7,23 +7,37 @@ describe("evaluate", () => {
     surface: "bash",
     pattern: "git *",
     action: "allow",
+    origin: "global",
   };
   const denyBashGitPush: Rule = {
     surface: "bash",
     pattern: "git push *",
     action: "deny",
+    origin: "global",
+  };
+  const allowRead: Rule = {
+    surface: "read",
+    pattern: "*",
+    action: "allow",
+    origin: "global",
+  };
+  const askMcp: Rule = {
+    surface: "mcp",
+    pattern: "*",
+    action: "ask",
+    origin: "global",
   };
-  const allowRead: Rule = { surface: "read", pattern: "*", action: "allow" };
-  const askMcp: Rule = { surface: "mcp", pattern: "*", action: "ask" };
   const allowSkillLibrarian: Rule = {
     surface: "skill",
     pattern: "librarian",
     action: "allow",
+    origin: "global",
   };
   const askSpecialExtDir: Rule = {
     surface: "special",
     pattern: "external_directory",
     action: "ask",
+    origin: "global",
   };
   test("returns matching rule when a rule matches", () => {
@@ -76,11 +90,17 @@ describe("evaluate", () => {
   });
   test("last-match-wins: broad deny followed by specific allow", () => {
-    const denyAll: Rule = { surface: "bash", pattern: "*", action: "deny" };
+    const denyAll: Rule = {
+      surface: "bash",
+      pattern: "*",
+      action: "deny",
+      origin: "global",
+    };
     const allowStatus: Rule = {
       surface: "bash",
       pattern: "git status",
       action: "allow",
+      origin: "global",
     };
     const result = evaluate("bash", "git status", [denyAll, allowStatus]);
     expect(result).toEqual(allowStatus);
@@ -91,6 +111,7 @@ describe("evaluate", () => {
       surface: "*",
       pattern: "*",
       action: "allow",
+      origin: "global",
     };
     expect(evaluate("bash", "anything", [universalAllow]).action).toBe("allow");
     expect(evaluate("mcp", "something", [universalAllow]).action).toBe("allow");
@@ -108,10 +129,10 @@ describe("evaluate", () => {
   test("merged rulesets: rules from later scope take priority", () => {
     const globalRules: Ruleset = [
-      { surface: "bash", pattern: "git *", action: "ask" },
+      { surface: "bash", pattern: "git *", action: "ask", origin: "global" },
     ];
     const agentRules: Ruleset = [
-      { surface: "bash", pattern: "git *", action: "allow" },
+      { surface: "bash", pattern: "git *", action: "allow", origin: "agent" },
     ];
     const merged = [...globalRules, ...agentRules];
     const result = evaluate("bash", "git status", merged);
@@ -120,10 +141,10 @@ describe("evaluate", () => {
   test("merged rulesets: earlier scope used when later scope has no match", () => {
     const globalRules: Ruleset = [
-      { surface: "bash", pattern: "git *", action: "allow" },
+      { surface: "bash", pattern: "git *", action: "allow", origin: "global" },
     ];
     const agentRules: Ruleset = [
-      { surface: "bash", pattern: "npm *", action: "deny" },
+      { surface: "bash", pattern: "npm *", action: "deny", origin: "agent" },
     ];
     // git status matches global but not agent rule
     const merged = [...globalRules, ...agentRules];
@@ -144,17 +165,20 @@ describe("evaluate", () => {
       pattern: "git *",
       action: "allow",
       layer: "config",
+      origin: "global",
     };
     const withoutLayer: Rule = {
       surface: "bash",
       pattern: "git *",
       action: "allow",
+      origin: "global",
     };
     const withDefault: Rule = {
       surface: "bash",
       pattern: "*",
       action: "ask",
       layer: "default",
+      origin: "builtin",
     };
     // Both rules with and without layer field produce the same match.
     expect(evaluate("bash", "git status", [withLayer]).action).toBe("allow");
@@ -168,6 +192,46 @@ describe("evaluate", () => {
       withDefault,
     );
   });
+  test("evaluate() preserves origin on a matched rule", () => {
+    const origin: RuleOrigin = "project";
+    const rule: Rule = {
+      surface: "bash",
+      pattern: "git *",
+      action: "allow",
+      layer: "config",
+      origin,
+    };
+    const result = evaluate("bash", "git status", [rule]);
+    expect(result.origin).toBe("project");
+  });
+  test("evaluate() synthetic fallback rule has origin 'builtin'", () => {
+    const result = evaluate("bash", "npm install", []);
+    expect(result.origin).toBe("builtin");
+  });
+  test("RuleOrigin covers all seven provenance values", () => {
+    const origins: RuleOrigin[] = [
+      "global",
+      "project",
+      "agent",
+      "project-agent",
+      "builtin",
+      "baseline",
+      "session",
+    ];
+    for (const origin of origins) {
+      const rule: Rule = {
+        surface: "read",
+        pattern: "*",
+        action: "allow",
+        layer: "config",
+        origin,
+      };
+      expect(evaluate("read", "*", [rule]).origin).toBe(origin);
+    }
+  });
 });
 describe("evaluateFirst", () => {
@@ -176,18 +240,21 @@ describe("evaluateFirst", () => {
     pattern: "*",
     action: "ask",
     layer: "default",
+    origin: "builtin",
   };
   const allowBash: Rule = {
     surface: "bash",
     pattern: "git *",
     action: "allow",
     layer: "config",
+    origin: "global",
   };
   const denyMcp: Rule = {
     surface: "mcp",
     pattern: "exa_search",
     action: "deny",
     layer: "config",
+    origin: "global",
   };
   test("returns the first candidate that matches a non-default rule", () => {
@@ -220,6 +287,7 @@ describe("evaluateFirst", () => {
       pattern: "mcp",
       action: "allow",
       layer: "config",
+      origin: "global",
     };
     const rules: Ruleset = [defaultRule, denyMcp, allowMcpCatchAll];
     const result = evaluateFirst("mcp", ["exa_search", "mcp"], rules);

package/tests/session-rules.test.ts CHANGED Viewed

@@ -21,6 +21,7 @@ describe("SessionRules", () => {
           pattern: "/other/project/*",
           action: "allow",
           layer: "session",
+          origin: "session",
         },
       ]);
     });
@@ -29,7 +30,12 @@ describe("SessionRules", () => {
       const rules = new SessionRules();
       rules.approve("external_directory", "/other/project/*");
       const copy = rules.getRuleset();
-      copy.push({ surface: "bash", pattern: "*", action: "deny" });
+      copy.push({
+        surface: "bash",
+        pattern: "*",
+        action: "deny",
+        origin: "session",
+      });
       expect(rules.getRuleset()).toHaveLength(1);
     });

package/tests/skill-prompt-sanitizer.test.ts CHANGED Viewed

@@ -23,7 +23,7 @@ function makeManager(
       (_surface: string, input: { name?: string }): PermissionCheckResult => {
         const name = input.name ?? "";
         const state = overrides[name] ?? defaultState;
-        return { toolName: "skill", state, source: "tool" };
+        return { toolName: "skill", state, source: "tool", origin: "builtin" };
       },
     ),
   } as unknown as PermissionManager;