@gotgenes/pi-permission-system 5.3.4 → 5.4.0

package/tests/handlers/gates/bash-external-directory.test.ts

@@ -0,0 +1,247 @@
+import { describe, expect, it, vi } from "vitest";
+
+import { evaluateBashExternalDirectoryGate } from "../../../src/handlers/gates/bash-external-directory";
+import type { ToolCallContext } from "../../../src/handlers/gates/types";
+import type { HandlerDeps } from "../../../src/handlers/types";
+import type { PermissionEventBus } from "../../../src/permission-events";
+import type { PermissionCheckResult } from "../../../src/types";
+
+// ── helpers ────────────────────────────────────────────────────────────────
+
+function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
+  return {
+    toolName: "bash",
+    agentName: null,
+    input: { command: "cat /outside/project/file.ts" },
+    toolCallId: "tc-1",
+    cwd: "/test/project",
+    ...overrides,
+  };
+}
+
+function makeCheckResult(
+  state: "allow" | "deny" | "ask",
+  overrides: Partial<PermissionCheckResult> = {},
+): PermissionCheckResult {
+  return {
+    state,
+    toolName: "external_directory",
+    source: "special",
+    origin: "builtin",
+    ...overrides,
+  };
+}
+
+function makeEvents(): PermissionEventBus {
+  return { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) };
+}
+
+function makeRuntime(
+  overrides: Record<string, unknown> = {},
+): HandlerDeps["runtime"] {
+  return {
+    config: { debugLog: false, permissionReviewLog: true, yoloMode: false },
+    runtimeContext: {} as HandlerDeps["runtime"]["runtimeContext"],
+    permissionManager: {
+      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+    },
+    sessionRules: {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    },
+    writeReviewLog: vi.fn(),
+    ...overrides,
+  } as unknown as HandlerDeps["runtime"];
+}
+
+function makeDeps(overrides: Record<string, unknown> = {}): HandlerDeps {
+  const { runtime: runtimeOverrides, events, ...rest } = overrides;
+  return {
+    runtime: makeRuntime(runtimeOverrides as Record<string, unknown>),
+    events: events ?? makeEvents(),
+    canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
+    promptPermission: vi
+      .fn()
+      .mockResolvedValue({ approved: true, state: "approved" }),
+    ...rest,
+  } as unknown as HandlerDeps;
+}
+
+// ── tests ──────────────────────────────────────────────────────────────────
+
+describe("evaluateBashExternalDirectoryGate", () => {
+  it("returns null when tool is not bash", async () => {
+    const tcc = makeTcc({ toolName: "read" });
+    const result = await evaluateBashExternalDirectoryGate(tcc, makeDeps());
+    expect(result).toBeNull();
+  });
+
+  it("returns null when no CWD", async () => {
+    const tcc = makeTcc({ cwd: undefined });
+    const result = await evaluateBashExternalDirectoryGate(tcc, makeDeps());
+    expect(result).toBeNull();
+  });
+
+  it("returns null when command has no external paths", async () => {
+    const tcc = makeTcc({ input: { command: "ls -la" } });
+    const result = await evaluateBashExternalDirectoryGate(tcc, makeDeps());
+    expect(result).toBeNull();
+  });
+
+  it("returns null and logs when all external paths are session-covered", async () => {
+    const writeReviewLog = vi.fn();
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi
+            .fn()
+            .mockReturnValue(makeCheckResult("allow", { source: "session" })),
+        },
+        writeReviewLog,
+      },
+    });
+    const tcc = makeTcc();
+    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
+    expect(result).toBeNull();
+    expect(writeReviewLog).toHaveBeenCalledWith(
+      "permission_request.session_approved",
+      expect.objectContaining({ resolution: "session_approved" }),
+    );
+  });
+
+  it("blocks when policy is deny", async () => {
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
+        },
+      },
+    });
+    const tcc = makeTcc();
+    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+  });
+
+  it("allows without recording session rules when user approves once", async () => {
+    const sessionRules = {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    };
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        },
+        sessionRules,
+      },
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved" }),
+    });
+    const tcc = makeTcc();
+    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+    expect(sessionRules.approve).not.toHaveBeenCalled();
+  });
+
+  it("records one session rule per uncovered path on approved_for_session", async () => {
+    const sessionRules = {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    };
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        },
+        sessionRules,
+      },
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
+    });
+    // Command referencing two external paths
+    const tcc = makeTcc({
+      input: {
+        command: "diff /outside/a.ts /outside/b.ts",
+      },
+    });
+    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+    // Each uncovered path gets its own session rule
+    expect(sessionRules.approve).toHaveBeenCalledTimes(2);
+    for (const call of (sessionRules.approve as ReturnType<typeof vi.fn>).mock
+      .calls) {
+      expect(call[0]).toBe("external_directory");
+    }
+  });
+
+  it("blocks when user denies", async () => {
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        },
+      },
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: false, state: "denied" }),
+    });
+    const tcc = makeTcc();
+    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+  });
+
+  it("blocks when no UI available", async () => {
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        },
+      },
+      canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
+    });
+    const tcc = makeTcc();
+    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+  });
+
+  it("only prompts about uncovered paths when some are session-covered", async () => {
+    // First call (for getRuleset path filter): session covers /outside/a.ts
+    // Second call (for config-level policy): returns ask
+    const checkPermission = vi
+      .fn()
+      .mockImplementation(
+        (
+          surface: string,
+          input: Record<string, unknown>,
+        ): PermissionCheckResult => {
+          if (
+            surface === "external_directory" &&
+            input.path === "/outside/a.ts"
+          ) {
+            return makeCheckResult("allow", { source: "session" });
+          }
+          return makeCheckResult("ask");
+        },
+      );
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: { checkPermission },
+      },
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved" }),
+    });
+    const tcc = makeTcc({
+      input: { command: "diff /outside/a.ts /outside/b.ts" },
+    });
+    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+    // The prompt should have been called (for uncovered /outside/b.ts)
+    expect(deps.promptPermission).toHaveBeenCalled();
+  });
+});

package/tests/handlers/gates/external-directory.test.ts

@@ -0,0 +1,320 @@
+import { describe, expect, it, vi } from "vitest";
+
+import { evaluateExternalDirectoryGate } from "../../../src/handlers/gates/external-directory";
+import type { ToolCallContext } from "../../../src/handlers/gates/types";
+import type { HandlerDeps } from "../../../src/handlers/types";
+import type { PermissionEventBus } from "../../../src/permission-events";
+import type { PermissionCheckResult } from "../../../src/types";
+
+// ── helpers ────────────────────────────────────────────────────────────────
+
+function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
+  return {
+    toolName: "read",
+    agentName: null,
+    input: { path: "/outside/project/file.ts" },
+    toolCallId: "tc-1",
+    cwd: "/test/project",
+    ...overrides,
+  };
+}
+
+function makeCheckResult(
+  state: "allow" | "deny" | "ask",
+  overrides: Partial<PermissionCheckResult> = {},
+): PermissionCheckResult {
+  return {
+    state,
+    toolName: "external_directory",
+    source: "special",
+    origin: "builtin",
+    ...overrides,
+  };
+}
+
+function makeEvents(): PermissionEventBus {
+  return { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) };
+}
+
+function makeRuntime(
+  overrides: Record<string, unknown> = {},
+): HandlerDeps["runtime"] {
+  return {
+    piInfrastructureDirs: ["/test/agent", "/test/agent/git"],
+    config: { debugLog: false, permissionReviewLog: true, yoloMode: false },
+    runtimeContext: {} as HandlerDeps["runtime"]["runtimeContext"],
+    permissionManager: {
+      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+    },
+    sessionRules: {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    },
+    writeReviewLog: vi.fn(),
+    ...overrides,
+  } as unknown as HandlerDeps["runtime"];
+}
+
+function makeDeps(overrides: Record<string, unknown> = {}): HandlerDeps {
+  const { runtime: runtimeOverrides, events, ...rest } = overrides;
+  return {
+    runtime: makeRuntime(runtimeOverrides as Record<string, unknown>),
+    events: events ?? makeEvents(),
+    canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
+    promptPermission: vi
+      .fn()
+      .mockResolvedValue({ approved: true, state: "approved" }),
+    ...rest,
+  } as unknown as HandlerDeps;
+}
+
+// ── tests ──────────────────────────────────────────────────────────────────
+
+describe("evaluateExternalDirectoryGate", () => {
+  it("returns null when no CWD", async () => {
+    const tcc = makeTcc({ cwd: undefined });
+    const result = await evaluateExternalDirectoryGate(tcc, makeDeps());
+    expect(result).toBeNull();
+  });
+
+  it("returns null when tool is not path-bearing", async () => {
+    const tcc = makeTcc({ toolName: "bash", input: { command: "ls" } });
+    const result = await evaluateExternalDirectoryGate(tcc, makeDeps());
+    expect(result).toBeNull();
+  });
+
+  it("returns null when path is inside CWD", async () => {
+    const tcc = makeTcc({ input: { path: "/test/project/src/index.ts" } });
+    const result = await evaluateExternalDirectoryGate(tcc, makeDeps());
+    expect(result).toBeNull();
+  });
+
+  // ── Pi infrastructure read bypass ──────────────────────────────────────
+
+  it("allows and emits infrastructure_auto_allowed for read targeting infra dir", async () => {
+    const events = makeEvents();
+    const deps = makeDeps({ events });
+    const tcc = makeTcc({
+      toolName: "read",
+      input: { path: "/test/agent/git/some-package/SKILL.md" },
+    });
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+    expect(events.emit).toHaveBeenCalledWith(
+      "permissions:decision",
+      expect.objectContaining({
+        resolution: "infrastructure_auto_allowed",
+        result: "allow",
+      }),
+    );
+  });
+
+  it("respects config.piInfrastructureReadPaths for bypass", async () => {
+    const events = makeEvents();
+    const deps = makeDeps({
+      runtime: {
+        piInfrastructureDirs: [],
+        config: {
+          debugLog: false,
+          permissionReviewLog: true,
+          yoloMode: false,
+          piInfrastructureReadPaths: ["/custom/infra"],
+        },
+      },
+      events,
+    });
+    const tcc = makeTcc({
+      toolName: "read",
+      input: { path: "/custom/infra/SKILL.md" },
+    });
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+  });
+
+  it("does NOT bypass for write tools targeting infra dirs", async () => {
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
+        },
+      },
+    });
+    const tcc = makeTcc({
+      toolName: "write",
+      input: { path: "/test/agent/git/some-file.ts", content: "x" },
+    });
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+  });
+
+  // ── Session-rule hit ─────────────────────────────────────────────────────
+
+  it("allows and emits session_approved when session rule covers the path", async () => {
+    const events = makeEvents();
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(
+            makeCheckResult("allow", {
+              source: "session",
+              matchedPattern: "/outside/project/*",
+            }),
+          ),
+        },
+        sessionRules: {
+          approve: vi.fn(),
+          getRuleset: vi.fn().mockReturnValue([
+            {
+              surface: "external_directory",
+              pattern: "/outside/project/*",
+              action: "allow",
+            },
+          ]),
+          clear: vi.fn(),
+        },
+      },
+      events,
+    });
+    const tcc = makeTcc();
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+    expect(events.emit).toHaveBeenCalledWith(
+      "permissions:decision",
+      expect.objectContaining({
+        resolution: "session_approved",
+        matchedPattern: "/outside/project/*",
+      }),
+    );
+  });
+
+  // ── Policy deny ──────────────────────────────────────────────────────────
+
+  it("blocks and emits policy_deny when policy is deny", async () => {
+    const events = makeEvents();
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
+        },
+      },
+      events,
+    });
+    const tcc = makeTcc();
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+    expect(events.emit).toHaveBeenCalledWith(
+      "permissions:decision",
+      expect.objectContaining({
+        surface: "external_directory",
+        result: "deny",
+        resolution: "policy_deny",
+      }),
+    );
+  });
+
+  // ── Policy ask — user approves once ──────────────────────────────────────
+
+  it("allows without recording session rule when user approves once", async () => {
+    const sessionRules = {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    };
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        },
+        sessionRules,
+      },
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved" }),
+    });
+    const tcc = makeTcc();
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+    expect(sessionRules.approve).not.toHaveBeenCalled();
+  });
+
+  // ── Policy ask — user approves for session ───────────────────────────────
+
+  it("records session rule when user approves for session", async () => {
+    const sessionRules = {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    };
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        },
+        sessionRules,
+      },
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
+    });
+    const tcc = makeTcc();
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+    expect(sessionRules.approve).toHaveBeenCalledWith(
+      "external_directory",
+      expect.any(String),
+    );
+  });
+
+  // ── Policy ask — user denies ─────────────────────────────────────────────
+
+  it("blocks and emits user_denied when user denies", async () => {
+    const events = makeEvents();
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        },
+      },
+      events,
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: false, state: "denied" }),
+    });
+    const tcc = makeTcc();
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+    expect(events.emit).toHaveBeenCalledWith(
+      "permissions:decision",
+      expect.objectContaining({
+        result: "deny",
+        resolution: "user_denied",
+      }),
+    );
+  });
+
+  // ── Policy ask — no UI ───────────────────────────────────────────────────
+
+  it("blocks and emits confirmation_unavailable when no UI", async () => {
+    const events = makeEvents();
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        },
+      },
+      events,
+      canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
+    });
+    const tcc = makeTcc();
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+    expect(events.emit).toHaveBeenCalledWith(
+      "permissions:decision",
+      expect.objectContaining({
+        result: "deny",
+        resolution: "confirmation_unavailable",
+      }),
+    );
+  });
+});

package/tests/handlers/gates/helpers.test.ts

@@ -0,0 +1,71 @@
+import { describe, expect, it } from "vitest";
+
+import {
+  deriveDecisionValue,
+  deriveResolution,
+} from "../../../src/handlers/gates/helpers";
+
+describe("deriveDecisionValue", () => {
+  it("returns command for bash", () => {
+    expect(deriveDecisionValue("bash", { command: "git status" })).toBe(
+      "git status",
+    );
+  });
+
+  it("falls back to toolName when bash has no command", () => {
+    expect(deriveDecisionValue("bash", {})).toBe("bash");
+  });
+
+  it("returns target for mcp", () => {
+    expect(deriveDecisionValue("mcp", { target: "exa:search" })).toBe(
+      "exa:search",
+    );
+  });
+
+  it("falls back to toolName when mcp has no target", () => {
+    expect(deriveDecisionValue("mcp", {})).toBe("mcp");
+  });
+
+  it("returns toolName for other tools", () => {
+    expect(deriveDecisionValue("read", {})).toBe("read");
+    expect(deriveDecisionValue("write", { command: "ignored" })).toBe("write");
+  });
+});
+
+describe("deriveResolution", () => {
+  it("returns policy_allow for allow state", () => {
+    expect(deriveResolution("allow", "allow", false, true)).toBe(
+      "policy_allow",
+    );
+  });
+
+  it("returns policy_deny for deny state", () => {
+    expect(deriveResolution("deny", "block", false, true)).toBe("policy_deny");
+  });
+
+  it("returns user_approved for ask + allow without session", () => {
+    expect(deriveResolution("ask", "allow", false, true)).toBe("user_approved");
+  });
+
+  it("returns user_approved_for_session for ask + allow with session", () => {
+    expect(deriveResolution("ask", "allow", true, true)).toBe(
+      "user_approved_for_session",
+    );
+  });
+
+  it("returns auto_approved when autoApproved flag is set", () => {
+    expect(deriveResolution("ask", "allow", false, true, true)).toBe(
+      "auto_approved",
+    );
+  });
+
+  it("returns user_denied for ask + block with canConfirm", () => {
+    expect(deriveResolution("ask", "block", false, true)).toBe("user_denied");
+  });
+
+  it("returns confirmation_unavailable for ask + block without canConfirm", () => {
+    expect(deriveResolution("ask", "block", false, false)).toBe(
+      "confirmation_unavailable",
+    );
+  });
+});