@gotgenes/pi-permission-system 5.15.0 → 5.17.0

package/tests/permission-manager-unified.test.ts

@@ -980,3 +980,344 @@ describe("PermissionManager with in-memory PolicyLoader", () => {
     });
   });
 });
+
+// ---------------------------------------------------------------------------
+// Per-tool path patterns (#147)
+// ---------------------------------------------------------------------------
+
+describe("checkPermission — per-tool path patterns", () => {
+  it("denies read of .env when path pattern matches", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      read: { "*": "allow", "*.env": "deny" },
+    });
+    try {
+      const result = manager.checkPermission("read", { path: ".env" });
+      expect(result.state).toBe("deny");
+      expect(result.matchedPattern).toBe("*.env");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("allows read of non-.env file when .env is denied", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      read: { "*": "allow", "*.env": "deny" },
+    });
+    try {
+      const result = manager.checkPermission("read", {
+        path: "src/main.ts",
+      });
+      expect(result.state).toBe("allow");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("allows write to src/ when only src/ is allowed", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      write: { "*": "deny", "src/*": "allow" },
+    });
+    try {
+      const result = manager.checkPermission("write", {
+        path: "src/main.ts",
+      });
+      expect(result.state).toBe("allow");
+      expect(result.matchedPattern).toBe("src/*");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("denies write outside src/ when only src/ is allowed", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      write: { "*": "deny", "src/*": "allow" },
+    });
+    try {
+      const result = manager.checkPermission("write", {
+        path: "vendor/lib.ts",
+      });
+      expect(result.state).toBe("deny");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("backward compat: 'read': 'allow' allows read of any path", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      read: "allow",
+    });
+    try {
+      const result = manager.checkPermission("read", { path: ".env" });
+      expect(result.state).toBe("allow");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("backward compat: 'read': 'deny' denies read of any path", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      read: "deny",
+    });
+    try {
+      const result = manager.checkPermission("read", {
+        path: "src/main.ts",
+      });
+      expect(result.state).toBe("deny");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("session rule for specific path overrides config deny", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      read: { "*": "allow", "*.env": "deny" },
+    });
+    try {
+      const sessionRules: Ruleset = [sessionAllow("read", ".env")];
+      const result = manager.checkPermission(
+        "read",
+        { path: ".env" },
+        undefined,
+        sessionRules,
+      );
+      expect(result.state).toBe("allow");
+      expect(result.source).toBe("session");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("falls back to '*' when input.path is missing", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      read: { "*": "allow", "*.env": "deny" },
+    });
+    try {
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("getToolPermission still returns surface-level state (not path-specific)", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      read: { "*": "allow", "*.env": "deny" },
+    });
+    try {
+      const toolState = manager.getToolPermission("read");
+      expect(toolState).toBe("allow");
+    } finally {
+      cleanup();
+    }
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Cross-cutting path surface (#148)
+// ---------------------------------------------------------------------------
+
+describe("cross-cutting path surface", () => {
+  it("denies .env via the path surface", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      path: { "*": "allow", "*.env": "deny" },
+      read: "allow",
+    });
+    try {
+      const result = manager.checkPermission("path", { path: ".env" });
+      expect(result.state).toBe("deny");
+      expect(result.matchedPattern).toBe("*.env");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("allows non-matching paths via the path surface", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      path: { "*": "allow", "*.env": "deny" },
+      read: "allow",
+    });
+    try {
+      const result = manager.checkPermission("path", { path: "README.md" });
+      expect(result.state).toBe("allow");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("path surface does not interfere with per-tool rules", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      path: { "*": "allow" },
+      read: { "*": "allow", "*.secret": "deny" },
+    });
+    try {
+      // path surface allows, per-tool denies
+      const readResult = manager.checkPermission("read", {
+        path: "data.secret",
+      });
+      expect(readResult.state).toBe("deny");
+      // path surface also allows
+      const pathResult = manager.checkPermission("path", {
+        path: "data.secret",
+      });
+      expect(pathResult.state).toBe("allow");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("getToolPermission('path') returns catch-all action", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      path: { "*": "allow", "*.env": "deny" },
+    });
+    try {
+      const toolState = manager.getToolPermission("path");
+      expect(toolState).toBe("allow");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("session approval on path surface overrides config deny", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      path: { "*": "allow", "*.env": "deny" },
+    });
+    try {
+      const sessionRules: Ruleset = [sessionAllow("path", "/project/.env")];
+      const result = manager.checkPermission(
+        "path",
+        { path: "/project/.env" },
+        undefined,
+        sessionRules,
+      );
+      expect(result.state).toBe("allow");
+      expect(result.source).toBe("session");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("configs without path key behave identically (no path gate fires)", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      read: "allow",
+    });
+    try {
+      // path surface falls through to universal default
+      const result = manager.checkPermission("path", { path: ".env" });
+      expect(result.state).toBe("ask");
+    } finally {
+      cleanup();
+    }
+  });
+
+  // ── Last-match-wins ordering ────────────────────────────────────────────
+
+  it("last-match-wins: catch-all after deny overrides the deny", () => {
+    // Classic misconfiguration: deny is before allow, so allow wins.
+    const { manager, cleanup } = makeManagerWithConfig({
+      path: { "*.env": "deny", "*": "allow" },
+    });
+    try {
+      const result = manager.checkPermission("path", { path: ".env" });
+      // "*" is last and matches .env → allow (the deny is shadowed)
+      expect(result.state).toBe("allow");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("last-match-wins: deny after catch-all blocks the path", () => {
+    // Correct ordering: catch-all first, specific deny after.
+    const { manager, cleanup } = makeManagerWithConfig({
+      path: { "*": "allow", "*.env": "deny" },
+    });
+    try {
+      const result = manager.checkPermission("path", { path: ".env" });
+      expect(result.state).toBe("deny");
+    } finally {
+      cleanup();
+    }
+  });
+
+  // ── .env.example override recipe ────────────────────────────────────────
+
+  it(".env.example override: denies .env and .env.local, allows .env.example", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      path: {
+        "*": "allow",
+        "*.env": "deny",
+        "*.env.*": "deny",
+        "*.env.example": "allow",
+      },
+    });
+    try {
+      expect(manager.checkPermission("path", { path: ".env" }).state).toBe(
+        "deny",
+      );
+      expect(
+        manager.checkPermission("path", { path: ".env.local" }).state,
+      ).toBe("deny");
+      expect(
+        manager.checkPermission("path", { path: ".env.production" }).state,
+      ).toBe("deny");
+      expect(manager.checkPermission("path", { path: "src/.env" }).state).toBe(
+        "deny",
+      );
+      expect(
+        manager.checkPermission("path", { path: ".env.example" }).state,
+      ).toBe("allow");
+      expect(manager.checkPermission("path", { path: "README.md" }).state).toBe(
+        "allow",
+      );
+    } finally {
+      cleanup();
+    }
+  });
+
+  // ── Universal fallback interaction ──────────────────────────────────────
+
+  it("universal '*': 'allow' with no path key makes the path gate transparent", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      "*": "allow",
+    });
+    try {
+      const result = manager.checkPermission("path", { path: ".env" });
+      expect(result.state).toBe("allow");
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("universal '*': 'deny' with no path key denies via path surface too", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      "*": "deny",
+    });
+    try {
+      const result = manager.checkPermission("path", { path: ".env" });
+      expect(result.state).toBe("deny");
+    } finally {
+      cleanup();
+    }
+  });
+
+  // ── Composition: path allows, per-tool denies ──────────────────────────
+
+  it("per-tool deny still blocks even when path surface allows", () => {
+    const { manager, cleanup } = makeManagerWithConfig({
+      path: { "*": "allow" },
+      read: "deny",
+    });
+    try {
+      // path gate passes (allow), but tool gate denies
+      const pathResult = manager.checkPermission("path", {
+        path: "secret.txt",
+      });
+      expect(pathResult.state).toBe("allow");
+      const readResult = manager.checkPermission("read", {
+        path: "secret.txt",
+      });
+      expect(readResult.state).toBe("deny");
+    } finally {
+      cleanup();
+    }
+  });
+});

package/tests/rule.test.ts

@@ -1,6 +1,6 @@
 import { describe, expect, test } from "vitest";
 import type { Rule, RuleOrigin, Ruleset } from "../src/rule";
-import { evaluate, evaluateFirst } from "../src/rule";
+import { evaluate, evaluateFirst, evaluateMostRestrictive } from "../src/rule";
 
 describe("evaluate", () => {
   const allowBashGit: Rule = {
@@ -317,3 +317,79 @@ describe("evaluateFirst", () => {
     expect(result.value).toBe("*");
   });
 });
+
+describe("evaluateMostRestrictive", () => {
+  const denyEnv: Rule = {
+    surface: "path",
+    pattern: "*.env",
+    action: "deny",
+    layer: "config",
+    origin: "global",
+  };
+  const askSsh: Rule = {
+    surface: "path",
+    pattern: "/home/user/.ssh/*",
+    action: "ask",
+    layer: "config",
+    origin: "global",
+  };
+  const allowAll: Rule = {
+    surface: "path",
+    pattern: "*",
+    action: "allow",
+    layer: "config",
+    origin: "global",
+  };
+
+  test("deny short-circuits: returns immediately without evaluating remaining values", () => {
+    const rules: Ruleset = [allowAll, denyEnv];
+    const result = evaluateMostRestrictive(
+      "path",
+      [".env", "README.md"],
+      rules,
+    );
+    expect(result).not.toBeNull();
+    expect(result!.rule.action).toBe("deny");
+    expect(result!.value).toBe(".env");
+  });
+
+  test("ask accumulates: returns first ask when no deny found", () => {
+    const rules: Ruleset = [allowAll, askSsh];
+    const result = evaluateMostRestrictive(
+      "path",
+      ["/home/user/.ssh/id_rsa", "README.md"],
+      rules,
+    );
+    expect(result).not.toBeNull();
+    expect(result!.rule.action).toBe("ask");
+    expect(result!.value).toBe("/home/user/.ssh/id_rsa");
+  });
+
+  test("all allow: returns null", () => {
+    const rules: Ruleset = [allowAll];
+    const result = evaluateMostRestrictive(
+      "path",
+      ["README.md", "src/index.ts"],
+      rules,
+    );
+    expect(result).toBeNull();
+  });
+
+  test("empty values: returns null", () => {
+    const rules: Ruleset = [allowAll, denyEnv];
+    const result = evaluateMostRestrictive("path", [], rules);
+    expect(result).toBeNull();
+  });
+
+  test("deny wins over ask", () => {
+    const rules: Ruleset = [allowAll, askSsh, denyEnv];
+    const result = evaluateMostRestrictive(
+      "path",
+      ["/home/user/.ssh/id_rsa", ".env"],
+      rules,
+    );
+    expect(result).not.toBeNull();
+    expect(result!.rule.action).toBe("deny");
+    expect(result!.value).toBe(".env");
+  });
+});