@gotgenes/pi-permission-system 5.4.0 → 5.5.1

package/tests/handlers/tool-call.test.ts

@@ -3,7 +3,7 @@ import { describe, expect, it, vi } from "vitest";
 
 import { getEventInput, handleToolCall } from "../../src/handlers/tool-call";
 import type { HandlerDeps } from "../../src/handlers/types";
-import type { ExtensionRuntime } from "../../src/runtime";
+import type { SessionState } from "../../src/runtime";
 import type { PermissionCheckResult } from "../../src/types";
 
 // ── SDK stubs ──────────────────────────────────────────────────────────────
@@ -55,43 +55,32 @@ function makePermissionResult(
   return { state, toolName: "read", source: "tool", origin: "builtin" };
 }
 
-function makeRuntime(
-  overrides: Partial<ExtensionRuntime> = {},
-): ExtensionRuntime {
+function makeSession(overrides: Partial<SessionState> = {}): SessionState {
   return {
-    agentDir: "/test/agent",
-    sessionsDir: "/test/agent/sessions",
-    subagentSessionsDir: "/test/agent/subagent-sessions",
-    forwardingDir: "/test/agent/sessions/permission-forwarding",
-    globalLogsDir: "/test/agent/extensions/pi-permission-system/logs",
-    piInfrastructureDirs: ["/test/agent", "/test/agent/git"],
-    config: { debugLog: false, permissionReviewLog: true, yoloMode: false },
     runtimeContext: null,
     permissionManager: {
       checkPermission: vi.fn().mockReturnValue(makePermissionResult("allow")),
-    } as unknown as ExtensionRuntime["permissionManager"],
+    } as unknown as SessionState["permissionManager"],
     activeSkillEntries: [],
     lastKnownActiveAgentName: null,
     lastActiveToolsCacheKey: null,
     lastPromptStateCacheKey: null,
-    lastConfigWarning: null,
     sessionRules: {
       approve: vi.fn(),
       getRuleset: vi.fn().mockReturnValue([]),
       clear: vi.fn(),
-    } as unknown as ExtensionRuntime["sessionRules"],
-    permissionForwardingContext: null,
-    permissionForwardingTimer: null,
-    isProcessingForwardedRequests: false,
-    writeDebugLog: vi.fn(),
-    writeReviewLog: vi.fn(),
+    } as unknown as SessionState["sessionRules"],
     ...overrides,
-  } as ExtensionRuntime;
+  };
 }
 
 function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
   return {
-    runtime: makeRuntime(),
+    session: makeSession(),
+    writeDebugLog: vi.fn(),
+    writeReviewLog: vi.fn(),
+    piInfrastructureDirs: ["/test/agent", "/test/agent/git"],
+    getPiInfrastructureReadPaths: vi.fn().mockReturnValue([]),
     createPermissionManagerForCwd: vi.fn(),
     refreshExtensionConfig: vi.fn(),
     notifyWarning: vi.fn(),
@@ -145,7 +134,7 @@ describe("handleToolCall", () => {
     const ctx = makeCtx();
     const deps = makeDeps();
     await handleToolCall(deps, makeToolCallEvent("read"), ctx);
-    expect(deps.runtime.runtimeContext).toBe(ctx);
+    expect(deps.session.runtimeContext).toBe(ctx);
   });
 
   it("starts forwarded permission polling", async () => {
@@ -190,12 +179,12 @@ describe("handleToolCall", () => {
 
   it("blocks when tool is denied by policy", async () => {
     const deps = makeDeps({
-      runtime: makeRuntime({
+      session: makeSession({
         permissionManager: {
           checkPermission: vi
             .fn()
             .mockReturnValue(makePermissionResult("deny")),
-        } as unknown as ExtensionRuntime["permissionManager"],
+        } as unknown as SessionState["permissionManager"],
       }),
     });
     const result = await handleToolCall(
@@ -220,7 +209,7 @@ describe("handleToolCall — skill-read gate", () => {
       normalizedBaseDir: "/skills/librarian",
     };
     const deps = makeDeps({
-      runtime: makeRuntime({ activeSkillEntries: [skillEntry] }),
+      session: makeSession({ activeSkillEntries: [skillEntry] }),
       getAllTools: vi.fn().mockReturnValue([{ toolName: "read" }]),
     });
     const event = {
@@ -243,7 +232,7 @@ describe("handleToolCall — skill-read gate", () => {
       normalizedBaseDir: "/skills/librarian",
     };
     const deps = makeDeps({
-      runtime: makeRuntime({ activeSkillEntries: [skillEntry] }),
+      session: makeSession({ activeSkillEntries: [skillEntry] }),
       getAllTools: vi.fn().mockReturnValue([{ toolName: "read" }]),
     });
     const event = {
@@ -262,12 +251,12 @@ describe("handleToolCall — skill-read gate", () => {
 describe("handleToolCall — external-directory gate", () => {
   it("blocks a read of a path outside cwd when policy is deny", async () => {
     const deps = makeDeps({
-      runtime: makeRuntime({
+      session: makeSession({
         permissionManager: {
           checkPermission: vi
             .fn()
             .mockReturnValue(makePermissionResult("deny")),
-        } as unknown as ExtensionRuntime["permissionManager"],
+        } as unknown as SessionState["permissionManager"],
       }),
       getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
     });
@@ -287,12 +276,12 @@ describe("handleToolCall — external-directory gate", () => {
 describe("handleToolCall — bash external-directory gate", () => {
   it("blocks a bash command referencing an external path when policy is deny", async () => {
     const deps = makeDeps({
-      runtime: makeRuntime({
+      session: makeSession({
         permissionManager: {
           checkPermission: vi
             .fn()
             .mockReturnValue(makePermissionResult("deny")),
-        } as unknown as ExtensionRuntime["permissionManager"],
+        } as unknown as SessionState["permissionManager"],
       }),
       getAllTools: vi.fn().mockReturnValue([{ name: "bash" }]),
     });

package/tests/permission-manager-unified.test.ts

@@ -661,3 +661,322 @@ describe("checkPermission — rule origin provenance", () => {
     expect(result.origin).toBe("builtin");
   });
 });
+
+// ---------------------------------------------------------------------------
+// In-memory PolicyLoader stub tests — no filesystem required
+// ---------------------------------------------------------------------------
+
+import type { PolicyLoader } from "../src/permission-manager";
+import type { ResolvedPolicyPaths } from "../src/policy-loader";
+import type { ScopeConfig } from "../src/types";
+
+/**
+ * Minimal in-memory PolicyLoader for testing merge + evaluation logic
+ * without touching the filesystem.
+ */
+function createInMemoryPolicyLoader(
+  scopes: {
+    global?: ScopeConfig;
+    project?: ScopeConfig;
+    agent?: Record<string, ScopeConfig>;
+    projectAgent?: Record<string, ScopeConfig>;
+  } = {},
+  mcpServerNames: readonly string[] = [],
+): PolicyLoader {
+  const issues: string[] = [];
+  return {
+    loadGlobalConfig: () => scopes.global ?? {},
+    loadProjectConfig: () => scopes.project ?? {},
+    loadAgentConfig: (name?: string) => (name && scopes.agent?.[name]) || {},
+    loadProjectAgentConfig: (name?: string) =>
+      (name && scopes.projectAgent?.[name]) || {},
+    getConfiguredMcpServerNames: () => mcpServerNames,
+    getCacheStamp: () => "in-memory",
+    getConfigIssues: () => issues,
+    getResolvedPolicyPaths: (): ResolvedPolicyPaths => ({
+      globalConfigPath: "/in-memory/config.json",
+      globalConfigExists: true,
+      projectConfigPath: null,
+      projectConfigExists: false,
+      agentsDir: "/in-memory/agents",
+      agentsDirExists: false,
+      projectAgentsDir: null,
+      projectAgentsDirExists: false,
+    }),
+  };
+}
+
+/** Create a PermissionManager backed by an in-memory PolicyLoader. */
+function makeInMemoryManager(
+  scopes: Parameters<typeof createInMemoryPolicyLoader>[0] = {},
+  mcpServerNames: readonly string[] = [],
+): PermissionManager {
+  return new PermissionManager({
+    policyLoader: createInMemoryPolicyLoader(scopes, mcpServerNames),
+  });
+}
+
+describe("PermissionManager with in-memory PolicyLoader", () => {
+  describe("universal fallback", () => {
+    it("defaults to ask when no config is provided", () => {
+      const manager = makeInMemoryManager();
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("ask");
+      expect(result.origin).toBe("builtin");
+    });
+
+    it("respects permission['*'] = 'allow' from global config", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { "*": "allow" } },
+      });
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("global");
+    });
+
+    it("respects permission['*'] = 'deny' from global config", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { "*": "deny" } },
+      });
+      const result = manager.checkPermission("write", {});
+      expect(result.state).toBe("deny");
+    });
+  });
+
+  describe("surface routing", () => {
+    it("bash surface routes correctly", () => {
+      const manager = makeInMemoryManager({
+        global: {
+          permission: { "*": "ask", bash: { "git *": "allow" } },
+        },
+      });
+      const result = manager.checkPermission("bash", {
+        command: "git status",
+      });
+      expect(result.state).toBe("allow");
+      expect(result.source).toBe("bash");
+      expect(result.matchedPattern).toBe("git *");
+    });
+
+    it("tool surface routes correctly for built-in tools", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { "*": "deny", read: "allow" } },
+      });
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.source).toBe("tool");
+    });
+
+    it("skill surface routes correctly", () => {
+      const manager = makeInMemoryManager({
+        global: {
+          permission: { "*": "ask", skill: { librarian: "allow" } },
+        },
+      });
+      const result = manager.checkPermission("skill", { name: "librarian" });
+      expect(result.state).toBe("allow");
+      expect(result.source).toBe("skill");
+    });
+
+    it("mcp surface routes correctly", () => {
+      const manager = makeInMemoryManager(
+        {
+          global: {
+            permission: { "*": "ask", mcp: { exa_search: "allow" } },
+          },
+        },
+        ["exa"],
+      );
+      const result = manager.checkPermission("mcp", {
+        tool: "exa:search",
+        server: "exa",
+      });
+      expect(result.state).toBe("allow");
+      expect(result.source).toBe("mcp");
+    });
+
+    it("external_directory surface routes correctly", () => {
+      const manager = makeInMemoryManager({
+        global: {
+          permission: {
+            "*": "ask",
+            external_directory: { "/trusted/*": "allow" },
+          },
+        },
+      });
+      const result = manager.checkPermission("external_directory", {
+        path: "/trusted/repo",
+      });
+      expect(result.state).toBe("allow");
+      expect(result.source).toBe("special");
+    });
+
+    it("extension tools use 'default' source when no config rule matches", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { "*": "ask" } },
+      });
+      const result = manager.checkPermission("my_custom_tool", {});
+      expect(result.state).toBe("ask");
+      expect(result.source).toBe("default");
+    });
+  });
+
+  describe("multi-scope merge", () => {
+    it("project overrides global", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { read: "ask" } },
+        project: { permission: { read: "allow" } },
+      });
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    });
+
+    it("agent overrides project", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { read: "ask" } },
+        project: { permission: { read: "allow" } },
+        agent: { coder: { permission: { read: "deny" } } },
+      });
+      const result = manager.checkPermission("read", {}, "coder");
+      expect(result.state).toBe("deny");
+      expect(result.origin).toBe("agent");
+    });
+
+    it("project-agent overrides agent", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { read: "deny" } },
+        agent: { coder: { permission: { read: "deny" } } },
+        projectAgent: { coder: { permission: { read: "allow" } } },
+      });
+      const result = manager.checkPermission("read", {}, "coder");
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project-agent");
+    });
+
+    it("deep-shallow merge preserves patterns from different scopes", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { bash: { "git *": "allow" } } },
+        project: { permission: { bash: { "rm *": "deny" } } },
+      });
+      const gitResult = manager.checkPermission("bash", {
+        command: "git status",
+      });
+      expect(gitResult.state).toBe("allow");
+      expect(gitResult.origin).toBe("global");
+
+      const rmResult = manager.checkPermission("bash", {
+        command: "rm -rf /",
+      });
+      expect(rmResult.state).toBe("deny");
+      expect(rmResult.origin).toBe("project");
+    });
+
+    it("string replaces object in override scope", () => {
+      const manager = makeInMemoryManager({
+        global: {
+          permission: { bash: { "git *": "ask", "npm *": "ask" } },
+        },
+        project: { permission: { bash: "allow" } },
+      });
+      const result = manager.checkPermission("bash", { command: "anything" });
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    });
+  });
+
+  describe("session rule composition", () => {
+    it("session rule wins over config", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { "*": "deny" } },
+      });
+      const sessionRules: Ruleset = [sessionAllow("read", "*")];
+      const result = manager.checkPermission(
+        "read",
+        {},
+        undefined,
+        sessionRules,
+      );
+      expect(result.state).toBe("allow");
+      expect(result.source).toBe("session");
+    });
+
+    it("session rule does not bleed across surfaces", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { "*": "ask" } },
+      });
+      const sessionRules: Ruleset = [sessionAllow("bash", "git *")];
+      const bashResult = manager.checkPermission(
+        "bash",
+        { command: "git status" },
+        undefined,
+        sessionRules,
+      );
+      expect(bashResult.state).toBe("allow");
+
+      const readResult = manager.checkPermission(
+        "read",
+        {},
+        undefined,
+        sessionRules,
+      );
+      expect(readResult.state).toBe("ask");
+    });
+  });
+
+  describe("origin tracking", () => {
+    it("universal fallback from project carries origin 'project'", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { "*": "ask" } },
+        project: { permission: { "*": "allow" } },
+      });
+      const result = manager.checkPermission("read", {});
+      expect(result.state).toBe("allow");
+      expect(result.origin).toBe("project");
+    });
+
+    it("session origin is 'session'", () => {
+      const manager = makeInMemoryManager();
+      const sessionRules: Ruleset = [sessionAllow("read", "*")];
+      const result = manager.checkPermission(
+        "read",
+        {},
+        undefined,
+        sessionRules,
+      );
+      expect(result.origin).toBe("session");
+    });
+  });
+
+  describe("getToolPermission", () => {
+    it("returns tool-level state for built-in tools", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { "*": "deny", read: "allow" } },
+      });
+      expect(manager.getToolPermission("read")).toBe("allow");
+      expect(manager.getToolPermission("write")).toBe("deny");
+    });
+
+    it("returns tool-level state for bash surface", () => {
+      const manager = makeInMemoryManager({
+        global: { permission: { "*": "deny", bash: "allow" } },
+      });
+      expect(manager.getToolPermission("bash")).toBe("allow");
+    });
+  });
+
+  describe("getComposedConfigRules", () => {
+    it("returns only config-layer rules", () => {
+      const manager = makeInMemoryManager({
+        global: {
+          permission: { "*": "ask", bash: { "git *": "allow" } },
+        },
+      });
+      const rules = manager.getComposedConfigRules();
+      expect(rules.every((r) => r.layer === "config")).toBe(true);
+      expect(
+        rules.some((r) => r.surface === "bash" && r.pattern === "git *"),
+      ).toBe(true);
+    });
+  });
+});