npm - @gotgenes/pi-permission-system - Versions diffs - 5.4.0 → 5.5.1 - Mend

@gotgenes/pi-permission-system 5.4.0 → 5.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/CHANGELOG.md +28 -0
package/package.json +1 -1
package/src/handlers/before-agent-start.ts +7 -7
package/src/handlers/gates/bash-external-directory.ts +22 -24
package/src/handlers/gates/external-directory.ts +32 -41
package/src/handlers/gates/skill-read.ts +10 -12
package/src/handlers/gates/tool.ts +20 -27
package/src/handlers/gates/types.ts +75 -0
package/src/handlers/input.ts +3 -3
package/src/handlers/lifecycle.ts +21 -21
package/src/handlers/tool-call.ts +77 -7
package/src/handlers/types.ts +20 -7
package/src/index.ts +6 -1
package/src/permission-manager.ts +28 -279
package/src/policy-loader.ts +350 -0
package/src/runtime.ts +17 -9
package/tests/handlers/before-agent-start.test.ts +17 -27
package/tests/handlers/gates/bash-external-directory.test.ts +48 -105
package/tests/handlers/gates/external-directory.test.ts +65 -140
package/tests/handlers/gates/skill-read.test.ts +50 -65
package/tests/handlers/gates/tool.test.ts +90 -334
package/tests/handlers/input-events.test.ts +10 -21
package/tests/handlers/input.test.ts +26 -43
package/tests/handlers/lifecycle.test.ts +47 -66
package/tests/handlers/tool-call-events.test.ts +29 -40
package/tests/handlers/tool-call.test.ts +19 -30
package/tests/permission-manager-unified.test.ts +319 -0
package/tests/policy-loader.test.ts +561 -0

package/tests/handlers/gates/tool.test.ts CHANGED Viewed

@@ -1,25 +1,19 @@
 import { describe, expect, it, vi } from "vitest";
 import { evaluateToolGate } from "../../../src/handlers/gates/tool";
-import type { ToolCallContext } from "../../../src/handlers/gates/types";
-import type { HandlerDeps } from "../../../src/handlers/types";
-import type { PermissionEventBus } from "../../../src/permission-events";
+import type {
+  ToolCallContext,
+  ToolGateDeps,
+} from "../../../src/handlers/gates/types";
 import type { PermissionCheckResult } from "../../../src/types";
-// ── SDK stubs ──────────────────────────────────────────────────────────────
-vi.mock("@mariozechner/pi-coding-agent", async (importOriginal) => {
-  const original =
-    await importOriginal<typeof import("@mariozechner/pi-coding-agent")>();
-  return { ...original };
-});
 // ── helpers ────────────────────────────────────────────────────────────────
 function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
   return {
     toolName: "read",
     agentName: null,
-    input: { path: "/test/project/foo.ts" },
+    input: {},
     toolCallId: "tc-1",
     cwd: "/test/project",
     ...overrides,
@@ -35,383 +29,145 @@ function makeCheckResult(
     toolName: "read",
     source: "tool",
     origin: "builtin",
+    matchedPattern: "*",
     ...overrides,
   };
 }
-function makeEvents(): PermissionEventBus {
-  return { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) };
-}
-function makeRuntime(
-  overrides: Record<string, unknown> = {},
-): HandlerDeps["runtime"] {
+function makeToolGateDeps(overrides: Partial<ToolGateDeps> = {}): ToolGateDeps {
   return {
-    config: { debugLog: false, permissionReviewLog: true, yoloMode: false },
-    runtimeContext: {} as HandlerDeps["runtime"]["runtimeContext"],
-    permissionManager: {
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("allow")),
-    },
-    sessionRules: {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    },
+    checkPermission: vi.fn().mockReturnValue(makeCheckResult("allow")),
+    getSessionRuleset: vi.fn().mockReturnValue([]),
+    approveSessionRule: vi.fn(),
     writeReviewLog: vi.fn(),
-    ...overrides,
-  } as unknown as HandlerDeps["runtime"];
-}
-function makeDeps(overrides: Record<string, unknown> = {}): HandlerDeps {
-  const { runtime: runtimeOverrides, events, ...rest } = overrides;
-  return {
-    runtime: makeRuntime(runtimeOverrides as Record<string, unknown>),
-    events: events ?? makeEvents(),
-    canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
+    emitDecision: vi.fn(),
+    canConfirm: vi.fn().mockReturnValue(true),
     promptPermission: vi
       .fn()
       .mockResolvedValue({ approved: true, state: "approved" }),
-    ...rest,
-  } as unknown as HandlerDeps;
+    ...overrides,
+  };
 }
 // ── tests ──────────────────────────────────────────────────────────────────
 describe("evaluateToolGate", () => {
-  // ── Session-rule hit ─────────────────────────────────────────────────────
-  it("allows and emits session_approved on session hit", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(
-            makeCheckResult("allow", {
-              source: "session",
-              toolName: "bash",
-              command: "git status",
-              matchedPattern: "git *",
-            }),
-          ),
-        },
-      },
-      events,
-    });
-    const tcc = makeTcc({
-      toolName: "bash",
-      input: { command: "git status" },
-    });
-    const result = await evaluateToolGate(tcc, deps);
+  it("allows when policy is allow", async () => {
+    const deps = makeToolGateDeps();
+    const result = await evaluateToolGate(makeTcc(), deps);
     expect(result).toEqual({ action: "allow" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        surface: "bash",
-        value: "git status",
-        result: "allow",
-        resolution: "session_approved",
-        matchedPattern: "git *",
-      }),
-    );
   });
-  it("does NOT record session rule on session hit", async () => {
-    const sessionRules = {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    };
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(
-            makeCheckResult("allow", {
-              source: "session",
-              matchedPattern: "git *",
-            }),
-          ),
-        },
-        sessionRules,
-      },
-    });
-    const tcc = makeTcc({
-      toolName: "bash",
-      input: { command: "git status" },
+  it("blocks when policy is deny", async () => {
+    const deps = makeToolGateDeps({
+      checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
     });
-    await evaluateToolGate(tcc, deps);
-    expect(sessionRules.approve).not.toHaveBeenCalled();
+    const result = await evaluateToolGate(makeTcc(), deps);
+    expect(result).toMatchObject({ action: "block" });
   });
-  // ── Policy allow ─────────────────────────────────────────────────────────
-  it("allows and emits policy_allow", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({ events });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
+  it("allows on session-approved fast path", async () => {
+    const deps = makeToolGateDeps({
+      checkPermission: vi.fn().mockReturnValue(
+        makeCheckResult("allow", {
+          source: "session",
+          matchedPattern: "git *",
+        }),
+      ),
+    });
+    const result = await evaluateToolGate(
+      makeTcc({ toolName: "bash", input: { command: "git status" } }),
+      deps,
+    );
     expect(result).toEqual({ action: "allow" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        result: "allow",
-        resolution: "policy_allow",
-      }),
+    expect(deps.writeReviewLog).toHaveBeenCalledWith(
+      "permission_request.session_approved",
+      expect.objectContaining({ resolution: "session_approved" }),
+    );
+    expect(deps.emitDecision).toHaveBeenCalledWith(
+      expect.objectContaining({ resolution: "session_approved" }),
     );
   });
-  // ── Policy deny ──────────────────────────────────────────────────────────
-  it("blocks and emits policy_deny", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
-        },
-      },
-      events,
+  it("blocks when state is ask but canConfirm is false", async () => {
+    const deps = makeToolGateDeps({
+      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+      canConfirm: vi.fn().mockReturnValue(false),
     });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
+    const result = await evaluateToolGate(makeTcc(), deps);
     expect(result).toMatchObject({ action: "block" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        result: "deny",
-        resolution: "policy_deny",
-      }),
-    );
   });
-  // ── Policy ask — user approves once ──────────────────────────────────────
-  it("allows and emits user_approved when user approves once", async () => {
-    const events = makeEvents();
-    const sessionRules = {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    };
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-        sessionRules,
-      },
-      events,
+  it("allows when state is ask and user approves", async () => {
+    const deps = makeToolGateDeps({
+      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
       promptPermission: vi
         .fn()
         .mockResolvedValue({ approved: true, state: "approved" }),
     });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(sessionRules.approve).not.toHaveBeenCalled();
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        result: "allow",
-        resolution: "user_approved",
-      }),
-    );
-  });
-  // ── Policy ask — user approves for session ───────────────────────────────
-  it("records session rule when user approves for session", async () => {
-    const events = makeEvents();
-    const sessionRules = {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    };
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-        sessionRules,
-      },
-      events,
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
+    const result = await evaluateToolGate(makeTcc(), deps);
     expect(result).toEqual({ action: "allow" });
-    expect(sessionRules.approve).toHaveBeenCalledWith("read", "*");
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        resolution: "user_approved_for_session",
-      }),
-    );
   });
-  // ── Policy ask — user denies ─────────────────────────────────────────────
-  it("blocks and emits user_denied", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-      },
-      events,
+  it("blocks when state is ask and user denies", async () => {
+    const deps = makeToolGateDeps({
+      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
       promptPermission: vi
         .fn()
         .mockResolvedValue({ approved: false, state: "denied" }),
     });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
+    const result = await evaluateToolGate(makeTcc(), deps);
     expect(result).toMatchObject({ action: "block" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        result: "deny",
-        resolution: "user_denied",
-      }),
-    );
   });
-  // ── Policy ask — no UI ───────────────────────────────────────────────────
-  it("blocks and emits confirmation_unavailable when no UI", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-      },
-      events,
-      canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
+  it("approves session rule when user approves for session", async () => {
+    const deps = makeToolGateDeps({
+      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+      promptPermission: vi
+        .fn()
+        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
     });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        result: "deny",
-        resolution: "confirmation_unavailable",
-      }),
-    );
+    await evaluateToolGate(makeTcc(), deps);
+    expect(deps.approveSessionRule).toHaveBeenCalled();
   });
-  // ── Auto-approved ────────────────────────────────────────────────────────
-  it("emits auto_approved resolution when decision is auto-approved", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-      },
-      events,
-      promptPermission: vi.fn().mockResolvedValue({
-        approved: true,
-        state: "approved",
-        autoApproved: true,
-      }),
+  it("emits decision event with correct surface and result", async () => {
+    const deps = makeToolGateDeps({
+      checkPermission: vi
+        .fn()
+        .mockReturnValue(
+          makeCheckResult("allow", { origin: "global", matchedPattern: "*" }),
+        ),
     });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
+    await evaluateToolGate(makeTcc({ toolName: "write" }), deps);
+    expect(deps.emitDecision).toHaveBeenCalledWith(
       expect.objectContaining({
-        resolution: "auto_approved",
+        surface: "write",
+        result: "allow",
+        resolution: "policy_allow",
+        origin: "global",
       }),
     );
   });
-  // ── Bash-specific value ──────────────────────────────────────────────────
-  it("uses command as decision value for bash tool", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(
-            makeCheckResult("allow", {
-              toolName: "bash",
-              command: "git status",
-            }),
-          ),
-        },
-      },
-      events,
-    });
-    const tcc = makeTcc({
-      toolName: "bash",
-      input: { command: "git status" },
-    });
-    await evaluateToolGate(tcc, deps);
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
+  it("passes session ruleset to checkPermission", async () => {
+    const sessionRules = [
+      {
         surface: "bash",
-        value: "git status",
-      }),
-    );
-  });
-  // ── MCP-specific value ───────────────────────────────────────────────────
-  it("uses target as decision value for mcp tool", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(
-            makeCheckResult("allow", {
-              toolName: "mcp",
-              target: "exa:search",
-            }),
-          ),
-        },
+        pattern: "git *",
+        action: "allow" as const,
+        origin: "session" as const,
       },
-      events,
+    ];
+    const deps = makeToolGateDeps({
+      getSessionRuleset: vi.fn().mockReturnValue(sessionRules),
     });
-    const tcc = makeTcc({ toolName: "mcp", input: { tool: "exa:search" } });
-    await evaluateToolGate(tcc, deps);
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        surface: "mcp",
-        value: "exa:search",
-      }),
+    await evaluateToolGate(makeTcc({ toolName: "bash" }), deps);
+    expect(deps.checkPermission).toHaveBeenCalledWith(
+      "bash",
+      expect.anything(),
+      undefined,
+      sessionRules,
     );
   });
-  // ── Bash unavailable message ─────────────────────────────────────────────
-  it("includes command in unavailable message for bash", async () => {
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi
-            .fn()
-            .mockReturnValue(
-              makeCheckResult("ask", { toolName: "bash", command: "rm -rf /" }),
-            ),
-        },
-      },
-      canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
-    });
-    const tcc = makeTcc({
-      toolName: "bash",
-      input: { command: "rm -rf /" },
-    });
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result.action).toBe("block");
-    if (result.action === "block") {
-      expect(result.reason).toContain("rm -rf /");
-    }
-  });
 });

package/tests/handlers/input-events.test.ts CHANGED Viewed

@@ -8,7 +8,7 @@ import { handleInput } from "../../src/handlers/input";
 import type { HandlerDeps } from "../../src/handlers/types";
 import type { PermissionDecisionEvent } from "../../src/permission-events";
 import { PERMISSIONS_DECISION_CHANNEL } from "../../src/permission-events";
-import type { ExtensionRuntime } from "../../src/runtime";
+import type { SessionState } from "../../src/runtime";
 // ── helpers ────────────────────────────────────────────────────────────────
@@ -38,17 +38,8 @@ function makeCtx(overrides: Partial<ExtensionContext> = {}): ExtensionContext {
   } as unknown as ExtensionContext;
 }
-function makeRuntime(
-  state: "allow" | "deny" | "ask" = "allow",
-): ExtensionRuntime {
+function makeSession(state: "allow" | "deny" | "ask" = "allow"): SessionState {
   return {
-    agentDir: "/test/agent",
-    sessionsDir: "/test/agent/sessions",
-    subagentSessionsDir: "/test/agent/subagent-sessions",
-    forwardingDir: "/test/agent/sessions/permission-forwarding",
-    globalLogsDir: "/test/agent/extensions/pi-permission-system/logs",
-    piInfrastructureDirs: ["/test/agent"],
-    config: { debugLog: false, permissionReviewLog: true, yoloMode: false },
     runtimeContext: null,
     permissionManager: {
       checkPermission: vi.fn().mockReturnValue({
@@ -58,23 +49,17 @@ function makeRuntime(
         origin: "global",
         matchedPattern: "*",
       }),
-    } as unknown as ExtensionRuntime["permissionManager"],
+    } as unknown as SessionState["permissionManager"],
     activeSkillEntries: [],
     lastKnownActiveAgentName: null,
     lastActiveToolsCacheKey: null,
     lastPromptStateCacheKey: null,
-    lastConfigWarning: null,
     sessionRules: {
       approve: vi.fn(),
       getRuleset: vi.fn().mockReturnValue([]),
       clear: vi.fn(),
-    } as unknown as ExtensionRuntime["sessionRules"],
-    permissionForwardingContext: null,
-    permissionForwardingTimer: null,
-    isProcessingForwardedRequests: false,
-    writeDebugLog: vi.fn(),
-    writeReviewLog: vi.fn(),
-  } as ExtensionRuntime;
+    } as unknown as SessionState["sessionRules"],
+  };
 }
 function makeDeps(
@@ -82,7 +67,11 @@ function makeDeps(
   overrides: Partial<HandlerDeps> = {},
 ): HandlerDeps {
   return {
-    runtime: makeRuntime(state),
+    session: makeSession(state),
+    writeDebugLog: vi.fn(),
+    writeReviewLog: vi.fn(),
+    piInfrastructureDirs: ["/test/agent"],
+    getPiInfrastructureReadPaths: vi.fn().mockReturnValue([]),
     events: makeEvents(),
     createPermissionManagerForCwd: vi.fn(),
     refreshExtensionConfig: vi.fn(),