@gotgenes/pi-permission-system 5.15.0 → 5.17.0

package/tests/handlers/gates/path.test.ts

@@ -0,0 +1,149 @@
+import { describe, expect, it, vi } from "vitest";
+
+import type { GateDescriptor } from "../../../src/handlers/gates/descriptor";
+import { isGateDescriptor } from "../../../src/handlers/gates/descriptor";
+import { describePathGate } from "../../../src/handlers/gates/path";
+import type { ToolCallContext } from "../../../src/handlers/gates/types";
+import type { PermissionCheckResult } from "../../../src/types";
+
+// ── helpers ────────────────────────────────────────────────────────────────
+
+function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
+  return {
+    toolName: "read",
+    agentName: null,
+    input: { path: ".env" },
+    toolCallId: "tc-1",
+    cwd: "/test/project",
+    ...overrides,
+  };
+}
+
+function makeCheckResult(
+  overrides: Partial<PermissionCheckResult> = {},
+): PermissionCheckResult {
+  return {
+    toolName: "path",
+    state: "allow",
+    source: "special",
+    origin: "global",
+    ...overrides,
+  };
+}
+
+type CheckPermissionFn = (
+  surface: string,
+  input: unknown,
+  agentName?: string,
+  sessionRules?: unknown[],
+) => PermissionCheckResult;
+
+// ── tests ──────────────────────────────────────────────────────────────────
+
+describe("describePathGate", () => {
+  it("returns null for non-path-bearing tools", () => {
+    const checkPermission = vi.fn<CheckPermissionFn>();
+    const result = describePathGate(
+      makeTcc({ toolName: "bash", input: { command: "ls" } }),
+      checkPermission,
+    );
+    expect(result).toBeNull();
+    expect(checkPermission).not.toHaveBeenCalled();
+  });
+
+  it("returns null when tool has no extractable path", () => {
+    const checkPermission = vi.fn<CheckPermissionFn>();
+    const result = describePathGate(
+      makeTcc({ toolName: "read", input: {} }),
+      checkPermission,
+    );
+    expect(result).toBeNull();
+  });
+
+  it("returns null when path check result is allow", () => {
+    const checkPermission = vi
+      .fn<CheckPermissionFn>()
+      .mockReturnValue(makeCheckResult({ state: "allow" }));
+    const result = describePathGate(makeTcc(), checkPermission);
+    expect(result).toBeNull();
+  });
+
+  it("returns GateDescriptor when path check result is deny", () => {
+    const checkPermission = vi.fn<CheckPermissionFn>().mockReturnValue(
+      makeCheckResult({
+        state: "deny",
+        matchedPattern: "*.env",
+      }),
+    );
+    const result = describePathGate(makeTcc(), checkPermission);
+    expect(result).not.toBeNull();
+    expect(isGateDescriptor(result)).toBe(true);
+    const desc = result as GateDescriptor;
+    expect(desc.surface).toBe("path");
+    expect(desc.preCheck?.state).toBe("deny");
+  });
+
+  it("returns GateDescriptor when path check result is ask", () => {
+    const checkPermission = vi.fn<CheckPermissionFn>().mockReturnValue(
+      makeCheckResult({
+        state: "ask",
+        matchedPattern: "*.env",
+      }),
+    );
+    const result = describePathGate(makeTcc(), checkPermission);
+    expect(result).not.toBeNull();
+    expect(isGateDescriptor(result)).toBe(true);
+    const desc = result as GateDescriptor;
+    expect(desc.surface).toBe("path");
+    expect(desc.preCheck?.state).toBe("ask");
+  });
+
+  it("descriptor has correct session approval surface and pattern", () => {
+    const checkPermission = vi
+      .fn<CheckPermissionFn>()
+      .mockReturnValue(makeCheckResult({ state: "ask" }));
+    const result = describePathGate(
+      makeTcc({ input: { path: "/test/project/src/.env" } }),
+      checkPermission,
+    ) as GateDescriptor;
+    expect(result.sessionApproval).toBeDefined();
+    expect(result.sessionApproval).toHaveProperty("surface", "path");
+    expect(result.sessionApproval).toHaveProperty("pattern");
+  });
+
+  it("descriptor messages reference the file path", () => {
+    const checkPermission = vi
+      .fn<CheckPermissionFn>()
+      .mockReturnValue(makeCheckResult({ state: "deny" }));
+    const result = describePathGate(
+      makeTcc(),
+      checkPermission,
+    ) as GateDescriptor;
+    expect(result.messages.denyReason).toContain(".env");
+    expect(result.messages.unavailableReason).toContain(".env");
+  });
+
+  it("descriptor decision uses surface 'path' and the file path as value", () => {
+    const checkPermission = vi
+      .fn<CheckPermissionFn>()
+      .mockReturnValue(makeCheckResult({ state: "deny" }));
+    const result = describePathGate(
+      makeTcc(),
+      checkPermission,
+    ) as GateDescriptor;
+    expect(result.decision.surface).toBe("path");
+    expect(result.decision.value).toBe(".env");
+  });
+
+  it("passes agentName to checkPermission", () => {
+    const checkPermission = vi
+      .fn<CheckPermissionFn>()
+      .mockReturnValue(makeCheckResult({ state: "allow" }));
+    describePathGate(makeTcc({ agentName: "my-agent" }), checkPermission);
+    expect(checkPermission).toHaveBeenCalledWith(
+      "path",
+      { path: ".env" },
+      "my-agent",
+    );
+  });
+});

package/tests/handlers/tool-call.test.ts

@@ -297,3 +297,81 @@ describe("handleToolCall — bash external-directory gate", () => {
     expect(result).toMatchObject({ block: true });
   });
 });
+
+// ── path gate (tools) ─────────────────────────────────────────────────────
+
+describe("handleToolCall — path gate (tools)", () => {
+  it("blocks a read of .env when path surface denies *.env", async () => {
+    const checkPermission = vi
+      .fn()
+      .mockImplementation(
+        (surface: string, _input: unknown, _agentName?: string) => {
+          if (surface === "path") {
+            return makePermissionResult("deny");
+          }
+          return makePermissionResult("allow");
+        },
+      );
+    const { handler } = makeHandler({
+      session: { checkPermission },
+      toolRegistry: {
+        getAll: vi.fn().mockReturnValue([{ name: "read" }]),
+      },
+    });
+    const event = {
+      type: "tool_call",
+      toolCallId: "tc-path",
+      name: "read",
+      input: { path: ".env" },
+    };
+    const result = await handler.handleToolCall(event, makeCtx());
+    expect(result).toMatchObject({ block: true });
+  });
+
+  it("allows a read when path surface allows", async () => {
+    const { handler } = makeHandler({
+      toolRegistry: {
+        getAll: vi.fn().mockReturnValue([{ name: "read" }]),
+      },
+    });
+    const event = {
+      type: "tool_call",
+      toolCallId: "tc-path-ok",
+      name: "read",
+      input: { path: "src/index.ts" },
+    };
+    const result = await handler.handleToolCall(event, makeCtx());
+    expect(result).toEqual({});
+  });
+});
+
+// ── bash path gate ────────────────────────────────────────────────────────
+
+describe("handleToolCall — bash path gate", () => {
+  it("blocks a bash command accessing .env when path surface denies", async () => {
+    const checkPermission = vi
+      .fn()
+      .mockImplementation(
+        (surface: string, _input: unknown, _agentName?: string) => {
+          if (surface === "path") {
+            return makePermissionResult("deny");
+          }
+          return makePermissionResult("allow");
+        },
+      );
+    const { handler } = makeHandler({
+      session: { checkPermission },
+      toolRegistry: {
+        getAll: vi.fn().mockReturnValue([{ name: "bash" }]),
+      },
+    });
+    const event = {
+      type: "tool_call",
+      toolCallId: "tc-bash-path",
+      name: "bash",
+      input: { command: "cat .env" },
+    };
+    const result = await handler.handleToolCall(event, makeCtx());
+    expect(result).toMatchObject({ block: true });
+  });
+});

package/tests/input-normalizer.test.ts

@@ -3,6 +3,30 @@ import { normalizeInput } from "../src/input-normalizer";
 import { createMcpPermissionTargets } from "../src/mcp-targets";
 
 describe("normalizeInput — non-MCP surfaces", () => {
+  describe("special / path", () => {
+    it("uses path from input as the lookup value", () => {
+      const result = normalizeInput("path", { path: ".env" }, []);
+      expect(result.surface).toBe("path");
+      expect(result.values).toEqual([".env"]);
+      expect(result.resultExtras).toEqual({});
+    });
+
+    it("falls back to '*' when path is missing", () => {
+      const result = normalizeInput("path", {}, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("falls back to '*' when path is not a string", () => {
+      const result = normalizeInput("path", { path: 42 }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("handles null input", () => {
+      const result = normalizeInput("path", null, []);
+      expect(result.values).toEqual(["*"]);
+    });
+  });
+
   describe("special / external_directory", () => {
     it("uses path from input as the lookup value", () => {
       const result = normalizeInput(
@@ -71,22 +95,59 @@ describe("normalizeInput — non-MCP surfaces", () => {
     });
   });
 
-  describe("tool surfaces (read, write, edit, grep, find, ls, extension tools)", () => {
-    it("uses '*' as the lookup value for built-in tools", () => {
+  describe("path-bearing tools (read, write, edit, grep, find, ls)", () => {
+    it("uses input.path as the lookup value when path is present", () => {
       for (const tool of ["read", "write", "edit", "grep", "find", "ls"]) {
-        const result = normalizeInput(tool, {}, []);
+        const result = normalizeInput(
+          tool,
+          { path: "/project/src/main.ts" },
+          [],
+        );
         expect(result.surface).toBe(tool);
-        expect(result.values).toEqual(["*"]);
+        expect(result.values).toEqual(["/project/src/main.ts"]);
         expect(result.resultExtras).toEqual({});
       }
     });
 
+    it("falls back to '*' when input.path is missing", () => {
+      for (const tool of ["read", "write", "edit", "grep", "find", "ls"]) {
+        const result = normalizeInput(tool, {}, []);
+        expect(result.values).toEqual(["*"]);
+      }
+    });
+
+    it("falls back to '*' when input.path is empty string", () => {
+      const result = normalizeInput("read", { path: "" }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("falls back to '*' when input.path is not a string", () => {
+      const result = normalizeInput("write", { path: 42 }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("falls back to '*' when input is null", () => {
+      const result = normalizeInput("edit", null, []);
+      expect(result.values).toEqual(["*"]);
+    });
+  });
+
+  describe("extension tools (non-path-bearing)", () => {
     it("uses '*' as the lookup value for extension tools", () => {
       const result = normalizeInput("my_extension_tool", { some: "input" }, []);
       expect(result.surface).toBe("my_extension_tool");
       expect(result.values).toEqual(["*"]);
       expect(result.resultExtras).toEqual({});
     });
+
+    it("uses '*' even when extension tool has a path field", () => {
+      const result = normalizeInput(
+        "my_extension_tool",
+        { path: "/some/path" },
+        [],
+      );
+      expect(result.values).toEqual(["*"]);
+    });
   });
 });
 

package/tests/pattern-suggest.test.ts

@@ -121,28 +121,51 @@ describe("suggestSessionPattern", () => {
     });
   });
 
-  describe("tool surfaces", () => {
-    it("returns * for read surface", () => {
-      const result = suggestSessionPattern("read", "*");
-      expect(result).toMatchObject({ surface: "read", pattern: "*" });
+  describe("path-bearing tool surfaces", () => {
+    it("returns directory-scoped pattern for read with a file path", () => {
+      const result = suggestSessionPattern("read", "/outside/project/file.ts");
+      expect(result).toMatchObject({
+        surface: "read",
+        pattern: "/outside/project/*",
+      });
     });
 
-    it("returns * for write surface", () => {
-      const result = suggestSessionPattern("write", "*");
-      expect(result).toMatchObject({ surface: "write", pattern: "*" });
+    it("returns directory-scoped pattern for write with a file path", () => {
+      const result = suggestSessionPattern("write", "src/main.ts");
+      expect(result).toMatchObject({
+        surface: "write",
+        pattern: "src/*",
+      });
     });
 
-    it("returns * for edit surface", () => {
-      const result = suggestSessionPattern("edit", "*");
-      expect(result).toMatchObject({ surface: "edit", pattern: "*" });
+    it("returns * when value is '*' (fallback)", () => {
+      const result = suggestSessionPattern("read", "*");
+      expect(result).toMatchObject({ surface: "read", pattern: "*" });
+    });
+
+    it("label includes the path pattern for path-bearing tools", () => {
+      const result = suggestSessionPattern("read", "/tmp/data/file.txt");
+      expect(result.label).toBe(
+        'Yes, allow read "/tmp/data/*" for this session',
+      );
     });
 
-    it("label shows tool name instead of bare wildcard", () => {
+    it("label shows tool name when pattern is *", () => {
       const result = suggestSessionPattern("find", "*");
       expect(result.label).toBe('Yes, allow tool "find" for this session');
     });
   });
 
+  describe("non-path-bearing tool surfaces", () => {
+    it("returns * for extension tools", () => {
+      const result = suggestSessionPattern("my_extension_tool", "*");
+      expect(result).toMatchObject({
+        surface: "my_extension_tool",
+        pattern: "*",
+      });
+    });
+  });
+
   describe("label field", () => {
     it("bash label includes surface prefix and pattern", () => {
       const result = suggestSessionPattern("bash", "git status");
@@ -173,7 +196,12 @@ describe("suggestSessionPattern", () => {
       );
     });
 
-    it("tool label shows tool name, not wildcard pattern", () => {
+    it("path-bearing tool label includes path pattern", () => {
+      const result = suggestSessionPattern("edit", "src/file.ts");
+      expect(result.label).toBe('Yes, allow edit "src/*" for this session');
+    });
+
+    it("tool label shows tool name when value is *", () => {
       const result = suggestSessionPattern("edit", "*");
       expect(result.label).toBe('Yes, allow tool "edit" for this session');
     });