@gotgenes/pi-permission-system 5.3.4 → 5.5.0

package/tests/handlers/gates/external-directory.test.ts

@@ -0,0 +1,320 @@
+import { describe, expect, it, vi } from "vitest";
+
+import { evaluateExternalDirectoryGate } from "../../../src/handlers/gates/external-directory";
+import type { ToolCallContext } from "../../../src/handlers/gates/types";
+import type { HandlerDeps } from "../../../src/handlers/types";
+import type { PermissionEventBus } from "../../../src/permission-events";
+import type { PermissionCheckResult } from "../../../src/types";
+
+// ── helpers ────────────────────────────────────────────────────────────────
+
+function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
+  return {
+    toolName: "read",
+    agentName: null,
+    input: { path: "/outside/project/file.ts" },
+    toolCallId: "tc-1",
+    cwd: "/test/project",
+    ...overrides,
+  };
+}
+
+function makeCheckResult(
+  state: "allow" | "deny" | "ask",
+  overrides: Partial<PermissionCheckResult> = {},
+): PermissionCheckResult {
+  return {
+    state,
+    toolName: "external_directory",
+    source: "special",
+    origin: "builtin",
+    ...overrides,
+  };
+}
+
+function makeEvents(): PermissionEventBus {
+  return { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) };
+}
+
+function makeRuntime(
+  overrides: Record<string, unknown> = {},
+): HandlerDeps["runtime"] {
+  return {
+    piInfrastructureDirs: ["/test/agent", "/test/agent/git"],
+    config: { debugLog: false, permissionReviewLog: true, yoloMode: false },
+    runtimeContext: {} as HandlerDeps["runtime"]["runtimeContext"],
+    permissionManager: {
+      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+    },
+    sessionRules: {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    },
+    writeReviewLog: vi.fn(),
+    ...overrides,
+  } as unknown as HandlerDeps["runtime"];
+}
+
+function makeDeps(overrides: Record<string, unknown> = {}): HandlerDeps {
+  const { runtime: runtimeOverrides, events, ...rest } = overrides;
+  return {
+    runtime: makeRuntime(runtimeOverrides as Record<string, unknown>),
+    events: events ?? makeEvents(),
+    canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
+    promptPermission: vi
+      .fn()
+      .mockResolvedValue({ approved: true, state: "approved" }),
+    ...rest,
+  } as unknown as HandlerDeps;
+}
+
+// ── tests ──────────────────────────────────────────────────────────────────
+
+describe("evaluateExternalDirectoryGate", () => {
+  it("returns null when no CWD", async () => {
+    const tcc = makeTcc({ cwd: undefined });
+    const result = await evaluateExternalDirectoryGate(tcc, makeDeps());
+    expect(result).toBeNull();
+  });
+
+  it("returns null when tool is not path-bearing", async () => {
+    const tcc = makeTcc({ toolName: "bash", input: { command: "ls" } });
+    const result = await evaluateExternalDirectoryGate(tcc, makeDeps());
+    expect(result).toBeNull();
+  });
+
+  it("returns null when path is inside CWD", async () => {
+    const tcc = makeTcc({ input: { path: "/test/project/src/index.ts" } });
+    const result = await evaluateExternalDirectoryGate(tcc, makeDeps());
+    expect(result).toBeNull();
+  });
+
+  // ── Pi infrastructure read bypass ──────────────────────────────────────
+
+  it("allows and emits infrastructure_auto_allowed for read targeting infra dir", async () => {
+    const events = makeEvents();
+    const deps = makeDeps({ events });
+    const tcc = makeTcc({
+      toolName: "read",
+      input: { path: "/test/agent/git/some-package/SKILL.md" },
+    });
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+    expect(events.emit).toHaveBeenCalledWith(
+      "permissions:decision",
+      expect.objectContaining({
+        resolution: "infrastructure_auto_allowed",
+        result: "allow",
+      }),
+    );
+  });
+
+  it("respects config.piInfrastructureReadPaths for bypass", async () => {
+    const events = makeEvents();
+    const deps = makeDeps({
+      runtime: {
+        piInfrastructureDirs: [],
+        config: {
+          debugLog: false,
+          permissionReviewLog: true,
+          yoloMode: false,
+          piInfrastructureReadPaths: ["/custom/infra"],
+        },
+      },
+      events,
+    });
+    const tcc = makeTcc({
+      toolName: "read",
+      input: { path: "/custom/infra/SKILL.md" },
+    });
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+  });
+
+  it("does NOT bypass for write tools targeting infra dirs", async () => {
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
+        },
+      },
+    });
+    const tcc = makeTcc({
+      toolName: "write",
+      input: { path: "/test/agent/git/some-file.ts", content: "x" },
+    });
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+  });
+
+  // ── Session-rule hit ─────────────────────────────────────────────────────
+
+  it("allows and emits session_approved when session rule covers the path", async () => {
+    const events = makeEvents();
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(
+            makeCheckResult("allow", {
+              source: "session",
+              matchedPattern: "/outside/project/*",
+            }),
+          ),
+        },
+        sessionRules: {
+          approve: vi.fn(),
+          getRuleset: vi.fn().mockReturnValue([
+            {
+              surface: "external_directory",
+              pattern: "/outside/project/*",
+              action: "allow",
+            },
+          ]),
+          clear: vi.fn(),
+        },
+      },
+      events,
+    });
+    const tcc = makeTcc();
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+    expect(events.emit).toHaveBeenCalledWith(
+      "permissions:decision",
+      expect.objectContaining({
+        resolution: "session_approved",
+        matchedPattern: "/outside/project/*",
+      }),
+    );
+  });
+
+  // ── Policy deny ──────────────────────────────────────────────────────────
+
+  it("blocks and emits policy_deny when policy is deny", async () => {
+    const events = makeEvents();
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
+        },
+      },
+      events,
+    });
+    const tcc = makeTcc();
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+    expect(events.emit).toHaveBeenCalledWith(
+      "permissions:decision",
+      expect.objectContaining({
+        surface: "external_directory",
+        result: "deny",
+        resolution: "policy_deny",
+      }),
+    );
+  });
+
+  // ── Policy ask — user approves once ──────────────────────────────────────
+
+  it("allows without recording session rule when user approves once", async () => {
+    const sessionRules = {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    };
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        },
+        sessionRules,
+      },
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved" }),
+    });
+    const tcc = makeTcc();
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+    expect(sessionRules.approve).not.toHaveBeenCalled();
+  });
+
+  // ── Policy ask — user approves for session ───────────────────────────────
+
+  it("records session rule when user approves for session", async () => {
+    const sessionRules = {
+      approve: vi.fn(),
+      getRuleset: vi.fn().mockReturnValue([]),
+      clear: vi.fn(),
+    };
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        },
+        sessionRules,
+      },
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
+    });
+    const tcc = makeTcc();
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+    expect(sessionRules.approve).toHaveBeenCalledWith(
+      "external_directory",
+      expect.any(String),
+    );
+  });
+
+  // ── Policy ask — user denies ─────────────────────────────────────────────
+
+  it("blocks and emits user_denied when user denies", async () => {
+    const events = makeEvents();
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        },
+      },
+      events,
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: false, state: "denied" }),
+    });
+    const tcc = makeTcc();
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+    expect(events.emit).toHaveBeenCalledWith(
+      "permissions:decision",
+      expect.objectContaining({
+        result: "deny",
+        resolution: "user_denied",
+      }),
+    );
+  });
+
+  // ── Policy ask — no UI ───────────────────────────────────────────────────
+
+  it("blocks and emits confirmation_unavailable when no UI", async () => {
+    const events = makeEvents();
+    const deps = makeDeps({
+      runtime: {
+        permissionManager: {
+          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        },
+      },
+      events,
+      canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
+    });
+    const tcc = makeTcc();
+    const result = await evaluateExternalDirectoryGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+    expect(events.emit).toHaveBeenCalledWith(
+      "permissions:decision",
+      expect.objectContaining({
+        result: "deny",
+        resolution: "confirmation_unavailable",
+      }),
+    );
+  });
+});

package/tests/handlers/gates/helpers.test.ts

@@ -0,0 +1,71 @@
+import { describe, expect, it } from "vitest";
+
+import {
+  deriveDecisionValue,
+  deriveResolution,
+} from "../../../src/handlers/gates/helpers";
+
+describe("deriveDecisionValue", () => {
+  it("returns command for bash", () => {
+    expect(deriveDecisionValue("bash", { command: "git status" })).toBe(
+      "git status",
+    );
+  });
+
+  it("falls back to toolName when bash has no command", () => {
+    expect(deriveDecisionValue("bash", {})).toBe("bash");
+  });
+
+  it("returns target for mcp", () => {
+    expect(deriveDecisionValue("mcp", { target: "exa:search" })).toBe(
+      "exa:search",
+    );
+  });
+
+  it("falls back to toolName when mcp has no target", () => {
+    expect(deriveDecisionValue("mcp", {})).toBe("mcp");
+  });
+
+  it("returns toolName for other tools", () => {
+    expect(deriveDecisionValue("read", {})).toBe("read");
+    expect(deriveDecisionValue("write", { command: "ignored" })).toBe("write");
+  });
+});
+
+describe("deriveResolution", () => {
+  it("returns policy_allow for allow state", () => {
+    expect(deriveResolution("allow", "allow", false, true)).toBe(
+      "policy_allow",
+    );
+  });
+
+  it("returns policy_deny for deny state", () => {
+    expect(deriveResolution("deny", "block", false, true)).toBe("policy_deny");
+  });
+
+  it("returns user_approved for ask + allow without session", () => {
+    expect(deriveResolution("ask", "allow", false, true)).toBe("user_approved");
+  });
+
+  it("returns user_approved_for_session for ask + allow with session", () => {
+    expect(deriveResolution("ask", "allow", true, true)).toBe(
+      "user_approved_for_session",
+    );
+  });
+
+  it("returns auto_approved when autoApproved flag is set", () => {
+    expect(deriveResolution("ask", "allow", false, true, true)).toBe(
+      "auto_approved",
+    );
+  });
+
+  it("returns user_denied for ask + block with canConfirm", () => {
+    expect(deriveResolution("ask", "block", false, true)).toBe("user_denied");
+  });
+
+  it("returns confirmation_unavailable for ask + block without canConfirm", () => {
+    expect(deriveResolution("ask", "block", false, false)).toBe(
+      "confirmation_unavailable",
+    );
+  });
+});

package/tests/handlers/gates/skill-read.test.ts

@@ -0,0 +1,204 @@
+import { describe, expect, it, vi } from "vitest";
+
+import { evaluateSkillReadGate } from "../../../src/handlers/gates/skill-read";
+import type { ToolCallContext } from "../../../src/handlers/gates/types";
+import type { HandlerDeps } from "../../../src/handlers/types";
+import type { PermissionEventBus } from "../../../src/permission-events";
+import type { SkillPromptEntry } from "../../../src/skill-prompt-sanitizer";
+
+// ── SDK stubs ──────────────────────────────────────────────────────────────
+vi.mock("@mariozechner/pi-coding-agent", async (importOriginal) => {
+  const original =
+    await importOriginal<typeof import("@mariozechner/pi-coding-agent")>();
+  return { ...original };
+});
+
+// ── helpers ────────────────────────────────────────────────────────────────
+
+function makeSkillEntry(
+  overrides: Partial<SkillPromptEntry> = {},
+): SkillPromptEntry {
+  return {
+    name: "librarian",
+    description: "Research skills",
+    location: "/skills/librarian/SKILL.md",
+    state: "ask",
+    normalizedLocation: "/skills/librarian/SKILL.md",
+    normalizedBaseDir: "/skills/librarian",
+    ...overrides,
+  };
+}
+
+function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
+  return {
+    toolName: "read",
+    agentName: null,
+    input: { path: "/skills/librarian/SKILL.md" },
+    toolCallId: "tc-1",
+    cwd: "/test/project",
+    ...overrides,
+  };
+}
+
+function makeEvents(): PermissionEventBus {
+  return { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) };
+}
+
+function makeRuntime(
+  overrides: Record<string, unknown> = {},
+): HandlerDeps["runtime"] {
+  return {
+    activeSkillEntries: [],
+    writeReviewLog: vi.fn(),
+    ...overrides,
+  } as unknown as HandlerDeps["runtime"];
+}
+
+function makeDeps(overrides: Record<string, unknown> = {}): HandlerDeps {
+  const { runtime: runtimeOverrides, events, ...rest } = overrides;
+  return {
+    runtime: makeRuntime(runtimeOverrides as Record<string, unknown>),
+    events: events ?? makeEvents(),
+    canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
+    promptPermission: vi
+      .fn()
+      .mockResolvedValue({ approved: true, state: "approved" }),
+    ...rest,
+  } as unknown as HandlerDeps;
+}
+
+// ── tests ──────────────────────────────────────────────────────────────────
+
+describe("evaluateSkillReadGate", () => {
+  it("returns null when tool is not read", async () => {
+    const tcc = makeTcc({ toolName: "write" });
+    const deps = makeDeps({
+      runtime: { activeSkillEntries: [makeSkillEntry()] },
+    });
+    const result = await evaluateSkillReadGate(tcc, deps);
+    expect(result).toBeNull();
+  });
+
+  it("returns null when no active skill entries", async () => {
+    const tcc = makeTcc();
+    const deps = makeDeps({ runtime: { activeSkillEntries: [] } });
+    const result = await evaluateSkillReadGate(tcc, deps);
+    expect(result).toBeNull();
+  });
+
+  it("returns null when read path does not match any skill", async () => {
+    const tcc = makeTcc({ input: { path: "/test/project/src/index.ts" } });
+    const deps = makeDeps({
+      runtime: { activeSkillEntries: [makeSkillEntry()] },
+    });
+    const result = await evaluateSkillReadGate(tcc, deps);
+    expect(result).toBeNull();
+  });
+
+  it("returns allow when skill state is allow", async () => {
+    const tcc = makeTcc();
+    const deps = makeDeps({
+      runtime: {
+        activeSkillEntries: [makeSkillEntry({ state: "allow" })],
+      },
+    });
+    const result = await evaluateSkillReadGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+  });
+
+  it("returns block when skill state is deny", async () => {
+    const tcc = makeTcc();
+    const deps = makeDeps({
+      runtime: {
+        activeSkillEntries: [makeSkillEntry({ state: "deny" })],
+      },
+    });
+    const result = await evaluateSkillReadGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+  });
+
+  it("returns allow when state is ask and user approves", async () => {
+    const tcc = makeTcc();
+    const deps = makeDeps({
+      runtime: {
+        activeSkillEntries: [makeSkillEntry({ state: "ask" })],
+      },
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved" }),
+    });
+    const result = await evaluateSkillReadGate(tcc, deps);
+    expect(result).toEqual({ action: "allow" });
+  });
+
+  it("returns block when state is ask and user denies", async () => {
+    const tcc = makeTcc();
+    const deps = makeDeps({
+      runtime: {
+        activeSkillEntries: [makeSkillEntry({ state: "ask" })],
+      },
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: false, state: "denied" }),
+    });
+    const result = await evaluateSkillReadGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+  });
+
+  it("returns block when state is ask and no UI available", async () => {
+    const tcc = makeTcc();
+    const deps = makeDeps({
+      runtime: {
+        activeSkillEntries: [makeSkillEntry({ state: "ask" })],
+      },
+      canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
+    });
+    const result = await evaluateSkillReadGate(tcc, deps);
+    expect(result).toMatchObject({ action: "block" });
+  });
+
+  it("emits decision event with correct fields on deny", async () => {
+    const events = makeEvents();
+    const tcc = makeTcc({ agentName: "test-agent" });
+    const deps = makeDeps({
+      runtime: {
+        activeSkillEntries: [makeSkillEntry({ state: "deny" })],
+      },
+      events,
+    });
+    await evaluateSkillReadGate(tcc, deps);
+    expect(events.emit).toHaveBeenCalledWith(
+      "permissions:decision",
+      expect.objectContaining({
+        surface: "skill",
+        value: "librarian",
+        result: "deny",
+        resolution: "policy_deny",
+        origin: null,
+        agentName: "test-agent",
+        matchedPattern: null,
+      }),
+    );
+  });
+
+  it("emits decision event with correct fields on allow", async () => {
+    const events = makeEvents();
+    const tcc = makeTcc();
+    const deps = makeDeps({
+      runtime: {
+        activeSkillEntries: [makeSkillEntry({ state: "allow" })],
+      },
+      events,
+    });
+    await evaluateSkillReadGate(tcc, deps);
+    expect(events.emit).toHaveBeenCalledWith(
+      "permissions:decision",
+      expect.objectContaining({
+        surface: "skill",
+        value: "librarian",
+        result: "allow",
+        resolution: "policy_allow",
+      }),
+    );
+  });
+});