@gotgenes/pi-permission-system 5.5.0 → 5.5.1

package/CHANGELOG.md

@@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [5.5.1](https://github.com/gotgenes/pi-permission-system/compare/v5.5.0...v5.5.1) (2026-05-07)
+
+
+### Documentation
+
+* plan narrow handler dependencies by splitting ExtensionRuntime ([#111](https://github.com/gotgenes/pi-permission-system/issues/111)) ([cb44dee](https://github.com/gotgenes/pi-permission-system/commit/cb44deea383fbcca8c8ba25bd4098f7dd8c35bfb))
+* **retro:** add retro notes for issue [#108](https://github.com/gotgenes/pi-permission-system/issues/108) ([e967fd9](https://github.com/gotgenes/pi-permission-system/commit/e967fd96c6ed0a9ac0a4f0037889f1d9c88ebd97))
+* update target architecture for gate interfaces and SessionState ([#111](https://github.com/gotgenes/pi-permission-system/issues/111)) ([85620c4](https://github.com/gotgenes/pi-permission-system/commit/85620c4486fdcf756c7039c15bdd8a295621ad37))
+
 ## [5.5.0](https://github.com/gotgenes/pi-permission-system/compare/v5.4.0...v5.5.0) (2026-05-07)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gotgenes/pi-permission-system",
-  "version": "5.5.0",
+  "version": "5.5.1",
   "description": "Permission enforcement extension for the Pi coding agent.",
   "type": "module",
   "files": [

package/src/handlers/before-agent-start.ts

@@ -41,12 +41,12 @@ export async function handleBeforeAgentStart(
   event: BeforeAgentStartPayload,
   ctx: ExtensionContext,
 ): Promise<BeforeAgentStartEventResult> {
-  deps.runtime.runtimeContext = ctx;
+  deps.session.runtimeContext = ctx;
   deps.refreshExtensionConfig(ctx);
   deps.startForwardedPermissionPolling(ctx);
 
   const agentName = deps.resolveAgentName(ctx, event.systemPrompt);
-  const { permissionManager } = deps.runtime;
+  const { permissionManager } = deps.session;
   const allTools = deps.getAllTools();
   const allowedTools: string[] = [];
 
@@ -63,12 +63,12 @@ export async function handleBeforeAgentStart(
   const activeToolsCacheKey = createActiveToolsCacheKey(allowedTools);
   if (
     shouldApplyCachedAgentStartState(
-      deps.runtime.lastActiveToolsCacheKey,
+      deps.session.lastActiveToolsCacheKey,
       activeToolsCacheKey,
     )
   ) {
     deps.setActiveTools(allowedTools);
-    deps.runtime.lastActiveToolsCacheKey = activeToolsCacheKey;
+    deps.session.lastActiveToolsCacheKey = activeToolsCacheKey;
   }
 
   const promptStateCacheKey = createBeforeAgentStartPromptStateKey({
@@ -83,14 +83,14 @@ export async function handleBeforeAgentStart(
 
   if (
     !shouldApplyCachedAgentStartState(
-      deps.runtime.lastPromptStateCacheKey,
+      deps.session.lastPromptStateCacheKey,
       promptStateCacheKey,
     )
   ) {
     return {};
   }
 
-  deps.runtime.lastPromptStateCacheKey = promptStateCacheKey;
+  deps.session.lastPromptStateCacheKey = promptStateCacheKey;
 
   const toolPromptResult = sanitizeAvailableToolsSection(
     event.systemPrompt,
@@ -102,7 +102,7 @@ export async function handleBeforeAgentStart(
     agentName,
     ctx.cwd,
   );
-  deps.runtime.activeSkillEntries = skillPromptResult.entries;
+  deps.session.activeSkillEntries = skillPromptResult.entries;
 
   if (skillPromptResult.prompt !== event.systemPrompt) {
     return { systemPrompt: skillPromptResult.prompt };

package/src/handlers/gates/bash-external-directory.ts

@@ -8,8 +8,11 @@ import {
 import type { PermissionPromptDecision } from "../../permission-dialog";
 import { applyPermissionGate } from "../../permission-gate";
 import { deriveApprovalPattern } from "../../session-rules";
-import type { HandlerDeps } from "../types";
-import type { GateOutcome, ToolCallContext } from "./types";
+import type {
+  BashExternalDirectoryGateDeps,
+  GateOutcome,
+  ToolCallContext,
+} from "./types";
 
 /**
  * Evaluate the bash external-directory permission gate.
@@ -20,7 +23,7 @@ import type { GateOutcome, ToolCallContext } from "./types";
  */
 export async function evaluateBashExternalDirectoryGate(
   tcc: ToolCallContext,
-  deps: HandlerDeps,
+  deps: BashExternalDirectoryGateDeps,
 ): Promise<GateOutcome | null> {
   if (tcc.toolName !== "bash" || !tcc.cwd) return null;
 
@@ -33,10 +36,10 @@ export async function evaluateBashExternalDirectoryGate(
   );
   if (externalPaths.length === 0) return null;
 
-  const bashSessionRules = deps.runtime.sessionRules.getRuleset();
+  const bashSessionRules = deps.getSessionRuleset();
   const uncoveredPaths = externalPaths.filter(
     (p) =>
-      deps.runtime.permissionManager.checkPermission(
+      deps.checkPermission(
         "external_directory",
         { path: p },
         tcc.agentName ?? undefined,
@@ -45,7 +48,7 @@ export async function evaluateBashExternalDirectoryGate(
   );
 
   if (uncoveredPaths.length === 0) {
-    deps.runtime.writeReviewLog("permission_request.session_approved", {
+    deps.writeReviewLog("permission_request.session_approved", {
       source: "tool_call",
       toolCallId: tcc.toolCallId,
       toolName: tcc.toolName,
@@ -58,7 +61,7 @@ export async function evaluateBashExternalDirectoryGate(
   }
 
   // Get the config-level policy (no path → no session check).
-  const extCheck = deps.runtime.permissionManager.checkPermission(
+  const extCheck = deps.checkPermission(
     "external_directory",
     {},
     tcc.agentName ?? undefined,
@@ -73,26 +76,21 @@ export async function evaluateBashExternalDirectoryGate(
   );
   const bashExtGate = await applyPermissionGate({
     state: extCheck.state,
-    canConfirm: deps.canRequestPermissionConfirmation(
-      deps.runtime.runtimeContext!,
-    ),
+    canConfirm: deps.canConfirm(),
     promptForApproval: async () => {
-      const decision = await deps.promptPermission(
-        deps.runtime.runtimeContext!,
-        {
-          requestId: tcc.toolCallId,
-          source: "tool_call",
-          agentName: tcc.agentName,
-          message: bashExtMessage,
-          toolCallId: tcc.toolCallId,
-          toolName: tcc.toolName,
-          command,
-        },
-      );
+      const decision = await deps.promptPermission({
+        requestId: tcc.toolCallId,
+        source: "tool_call",
+        agentName: tcc.agentName,
+        message: bashExtMessage,
+        toolCallId: tcc.toolCallId,
+        toolName: tcc.toolName,
+        command,
+      });
       bashExtDecision = decision;
       return decision;
     },
-    writeLog: deps.runtime.writeReviewLog,
+    writeLog: deps.writeReviewLog,
     logContext: {
       source: "tool_call",
       toolCallId: tcc.toolCallId,
@@ -126,7 +124,7 @@ export async function evaluateBashExternalDirectoryGate(
   if (bashExtDecision?.state === "approved_for_session") {
     for (const extPath of uncoveredPaths) {
       const pattern = deriveApprovalPattern(extPath);
-      deps.runtime.sessionRules.approve("external_directory", pattern);
+      deps.approveSessionRule("external_directory", pattern);
     }
   }
 

package/src/handlers/gates/external-directory.ts

@@ -8,12 +8,14 @@ import {
   normalizePathForComparison,
 } from "../../external-directory";
 import type { PermissionPromptDecision } from "../../permission-dialog";
-import { emitDecisionEvent } from "../../permission-events";
 import { applyPermissionGate } from "../../permission-gate";
 import { deriveApprovalPattern } from "../../session-rules";
-import type { HandlerDeps } from "../types";
 import { deriveResolution } from "./helpers";
-import type { GateOutcome, ToolCallContext } from "./types";
+import type {
+  ExternalDirectoryGateDeps,
+  GateOutcome,
+  ToolCallContext,
+} from "./types";
 
 /**
  * Evaluate the external-directory permission gate for file tools.
@@ -23,7 +25,7 @@ import type { GateOutcome, ToolCallContext } from "./types";
  */
 export async function evaluateExternalDirectoryGate(
   tcc: ToolCallContext,
-  deps: HandlerDeps,
+  deps: ExternalDirectoryGateDeps,
 ): Promise<GateOutcome | null> {
   if (!tcc.cwd) return null;
 
@@ -40,10 +42,7 @@ export async function evaluateExternalDirectoryGate(
   );
 
   // ── Pi infrastructure read bypass ──────────────────────────────────────
-  const allInfraDirs = [
-    ...deps.runtime.piInfrastructureDirs,
-    ...(deps.runtime.config.piInfrastructureReadPaths ?? []),
-  ];
+  const allInfraDirs = deps.getInfrastructureDirs();
   if (
     isPiInfrastructureRead(
       tcc.toolName,
@@ -52,17 +51,14 @@ export async function evaluateExternalDirectoryGate(
       tcc.cwd,
     )
   ) {
-    deps.runtime.writeReviewLog(
-      "permission_request.infrastructure_auto_allowed",
-      {
-        source: "tool_call",
-        toolCallId: tcc.toolCallId,
-        toolName: tcc.toolName,
-        agentName: tcc.agentName,
-        path: externalDirectoryPath,
-      },
-    );
-    emitDecisionEvent(deps.events, {
+    deps.writeReviewLog("permission_request.infrastructure_auto_allowed", {
+      source: "tool_call",
+      toolCallId: tcc.toolCallId,
+      toolName: tcc.toolName,
+      agentName: tcc.agentName,
+      path: externalDirectoryPath,
+    });
+    deps.emitDecision({
       surface: tcc.toolName,
       value: externalDirectoryPath,
       result: "allow",
@@ -75,16 +71,16 @@ export async function evaluateExternalDirectoryGate(
   }
 
   // ── Policy check ───────────────────────────────────────────────────────
-  const extCheck = deps.runtime.permissionManager.checkPermission(
+  const extCheck = deps.checkPermission(
     "external_directory",
     { path: normalizedExtPath },
     tcc.agentName ?? undefined,
-    deps.runtime.sessionRules.getRuleset(),
+    deps.getSessionRuleset(),
   );
 
   // Session-rule hit
   if (extCheck.source === "session") {
-    deps.runtime.writeReviewLog("permission_request.session_approved", {
+    deps.writeReviewLog("permission_request.session_approved", {
       source: "tool_call",
       toolCallId: tcc.toolCallId,
       toolName: tcc.toolName,
@@ -93,7 +89,7 @@ export async function evaluateExternalDirectoryGate(
       resolution: "session_approved",
       sessionApprovalPattern: extCheck.matchedPattern,
     });
-    emitDecisionEvent(deps.events, {
+    deps.emitDecision({
       surface: "external_directory",
       value: externalDirectoryPath,
       result: "allow",
@@ -113,29 +109,24 @@ export async function evaluateExternalDirectoryGate(
     tcc.cwd,
     tcc.agentName ?? undefined,
   );
-  const extDirCanConfirm = deps.canRequestPermissionConfirmation(
-    deps.runtime.runtimeContext!,
-  );
+  const extDirCanConfirm = deps.canConfirm();
   const extDirGateResult = await applyPermissionGate({
     state: extCheck.state,
     canConfirm: extDirCanConfirm,
     promptForApproval: async () => {
-      const decision = await deps.promptPermission(
-        deps.runtime.runtimeContext!,
-        {
-          requestId: tcc.toolCallId,
-          source: "tool_call",
-          agentName: tcc.agentName,
-          message: extDirMessage,
-          toolCallId: tcc.toolCallId,
-          toolName: tcc.toolName,
-          path: externalDirectoryPath,
-        },
-      );
+      const decision = await deps.promptPermission({
+        requestId: tcc.toolCallId,
+        source: "tool_call",
+        agentName: tcc.agentName,
+        message: extDirMessage,
+        toolCallId: tcc.toolCallId,
+        toolName: tcc.toolName,
+        path: externalDirectoryPath,
+      });
       extDirDecision = decision;
       return decision;
     },
-    writeLog: deps.runtime.writeReviewLog,
+    writeLog: deps.writeReviewLog,
     logContext: {
       source: "tool_call",
       toolCallId: tcc.toolCallId,
@@ -161,7 +152,7 @@ export async function evaluateExternalDirectoryGate(
     },
   });
 
-  emitDecisionEvent(deps.events, {
+  deps.emitDecision({
     surface: "external_directory",
     value: externalDirectoryPath,
     result: extDirGateResult.action === "allow" ? "allow" : "deny",
@@ -182,7 +173,7 @@ export async function evaluateExternalDirectoryGate(
 
   if (extDirDecision?.state === "approved_for_session") {
     const pattern = deriveApprovalPattern(normalizedExtPath);
-    deps.runtime.sessionRules.approve("external_directory", pattern);
+    deps.approveSessionRule("external_directory", pattern);
   }
 
   return { action: "allow" };

package/src/handlers/gates/skill-read.ts

@@ -1,15 +1,13 @@
 import { toRecord } from "../../common";
 import { normalizePathForComparison } from "../../external-directory";
-import { emitDecisionEvent } from "../../permission-events";
 import { applyPermissionGate } from "../../permission-gate";
 import {
   formatSkillPathAskPrompt,
   formatSkillPathDenyReason,
 } from "../../permission-prompts";
 import { findSkillPathMatch } from "../../skill-prompt-sanitizer";
-import type { HandlerDeps } from "../types";
 import { deriveResolution } from "./helpers";
-import type { GateOutcome, ToolCallContext } from "./types";
+import type { GateOutcome, SkillReadGateDeps, ToolCallContext } from "./types";
 
 /**
  * Evaluate the skill-read permission gate.
@@ -19,10 +17,12 @@ import type { GateOutcome, ToolCallContext } from "./types";
  */
 export async function evaluateSkillReadGate(
   tcc: ToolCallContext,
-  deps: HandlerDeps,
+  deps: SkillReadGateDeps,
 ): Promise<GateOutcome | null> {
+  const activeSkillEntries = deps.getActiveSkillEntries();
+
   // Only applies to read tool calls with active skill entries
-  if (tcc.toolName !== "read" || deps.runtime.activeSkillEntries.length === 0) {
+  if (tcc.toolName !== "read" || activeSkillEntries.length === 0) {
     return null;
   }
 
@@ -35,7 +35,7 @@ export async function evaluateSkillReadGate(
   const normalizedReadPath = normalizePathForComparison(path, tcc.cwd);
   const matchedSkill = findSkillPathMatch(
     normalizedReadPath,
-    deps.runtime.activeSkillEntries,
+    activeSkillEntries,
   );
 
   if (!matchedSkill) {
@@ -47,14 +47,12 @@ export async function evaluateSkillReadGate(
     path,
     tcc.agentName ?? undefined,
   );
-  const skillReadCanConfirm = deps.canRequestPermissionConfirmation(
-    deps.runtime.runtimeContext!,
-  );
+  const skillReadCanConfirm = deps.canConfirm();
   const skillReadGate = await applyPermissionGate({
     state: matchedSkill.state,
     canConfirm: skillReadCanConfirm,
     promptForApproval: () =>
-      deps.promptPermission(deps.runtime.runtimeContext!, {
+      deps.promptPermission({
         requestId: tcc.toolCallId,
         source: "skill_read",
         agentName: tcc.agentName,
@@ -64,7 +62,7 @@ export async function evaluateSkillReadGate(
         skillName: matchedSkill.name,
         path,
       }),
-    writeLog: deps.runtime.writeReviewLog,
+    writeLog: deps.writeReviewLog,
     logContext: {
       source: "skill_read",
       skillName: matchedSkill.name,
@@ -88,7 +86,7 @@ export async function evaluateSkillReadGate(
     },
   });
 
-  emitDecisionEvent(deps.events, {
+  deps.emitDecision({
     surface: "skill",
     value: matchedSkill.name,
     result: skillReadGate.action === "allow" ? "allow" : "deny",

package/src/handlers/gates/tool.ts

@@ -1,6 +1,5 @@
 import { PATH_BEARING_TOOLS } from "../../external-directory";
 import { suggestSessionPattern } from "../../pattern-suggest";
-import { emitDecisionEvent } from "../../permission-events";
 import { applyPermissionGate } from "../../permission-gate";
 import {
   formatAskPrompt,
@@ -8,9 +7,8 @@ import {
   formatUserDeniedReason,
 } from "../../permission-prompts";
 import { getPermissionLogContext } from "../../tool-input-preview";
-import type { HandlerDeps } from "../types";
 import { deriveDecisionValue, deriveResolution } from "./helpers";
-import type { GateOutcome, ToolCallContext } from "./types";
+import type { GateOutcome, ToolCallContext, ToolGateDeps } from "./types";
 
 /**
  * Evaluate the normal tool permission gate.
@@ -19,18 +17,18 @@ import type { GateOutcome, ToolCallContext } from "./types";
  */
 export async function evaluateToolGate(
   tcc: ToolCallContext,
-  deps: HandlerDeps,
+  deps: ToolGateDeps,
 ): Promise<GateOutcome> {
-  const check = deps.runtime.permissionManager.checkPermission(
+  const check = deps.checkPermission(
     tcc.toolName,
     tcc.input,
     tcc.agentName ?? undefined,
-    deps.runtime.sessionRules.getRuleset(),
+    deps.getSessionRuleset(),
   );
 
   // Session-hit: already approved by a session rule — skip the gate entirely.
   if (check.source === "session") {
-    deps.runtime.writeReviewLog("permission_request.session_approved", {
+    deps.writeReviewLog("permission_request.session_approved", {
       source: "tool_call",
       toolCallId: tcc.toolCallId,
       toolName: tcc.toolName,
@@ -38,7 +36,7 @@ export async function evaluateToolGate(
       resolution: "session_approved",
       sessionApprovalPattern: check.matchedPattern,
     });
-    emitDecisionEvent(deps.events, {
+    deps.emitDecision({
       surface: tcc.toolName,
       value: deriveDecisionValue(tcc.toolName, check),
       result: "allow",
@@ -82,9 +80,7 @@ export async function evaluateToolGate(
     tcc.agentName ?? undefined,
     tcc.input,
   );
-  const toolCanConfirm = deps.canRequestPermissionConfirmation(
-    deps.runtime.runtimeContext!,
-  );
+  const toolCanConfirm = deps.canConfirm();
   let toolDecisionAutoApproved = false;
   const toolGate = await applyPermissionGate({
     state: check.state,
@@ -94,23 +90,20 @@ export async function evaluateToolGate(
       pattern: suggestion.pattern,
     },
     promptForApproval: async () => {
-      const decision = await deps.promptPermission(
-        deps.runtime.runtimeContext!,
-        {
-          requestId: tcc.toolCallId,
-          source: "tool_call",
-          agentName: tcc.agentName,
-          message: toolAskMessage,
-          toolCallId: tcc.toolCallId,
-          toolName: tcc.toolName,
-          sessionLabel: suggestion.label,
-          ...permissionLogContext,
-        },
-      );
+      const decision = await deps.promptPermission({
+        requestId: tcc.toolCallId,
+        source: "tool_call",
+        agentName: tcc.agentName,
+        message: toolAskMessage,
+        toolCallId: tcc.toolCallId,
+        toolName: tcc.toolName,
+        sessionLabel: suggestion.label,
+        ...permissionLogContext,
+      });
       toolDecisionAutoApproved = decision.autoApproved === true;
       return decision;
     },
-    writeLog: deps.runtime.writeReviewLog,
+    writeLog: deps.writeReviewLog,
     logContext: {
       source: "tool_call",
       toolCallId: tcc.toolCallId,
@@ -129,7 +122,7 @@ export async function evaluateToolGate(
 
   const toolGateHasSession =
     toolGate.action === "allow" && toolGate.sessionApproval !== undefined;
-  emitDecisionEvent(deps.events, {
+  deps.emitDecision({
     surface: tcc.toolName,
     value: deriveDecisionValue(tcc.toolName, check),
     result: toolGate.action === "allow" ? "allow" : "deny",
@@ -150,7 +143,7 @@ export async function evaluateToolGate(
   }
 
   if (toolGate.sessionApproval) {
-    deps.runtime.sessionRules.approve(
+    deps.approveSessionRule(
       toolGate.sessionApproval.surface,
       toolGate.sessionApproval.pattern,
     );

package/src/handlers/gates/types.ts

@@ -1,5 +1,12 @@
 import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
 
+import type { PermissionPromptDecision } from "../../permission-dialog";
+import type { PermissionDecisionEvent } from "../../permission-events";
+import type { Rule } from "../../rule";
+import type { SkillPromptEntry } from "../../skill-prompt-sanitizer";
+import type { PermissionCheckResult } from "../../types";
+import type { PromptPermissionDetails } from "../types";
+
 /** Outcome of a single permission gate evaluation. */
 export type GateOutcome =
   | { action: "allow" }
@@ -13,3 +20,71 @@ export interface ToolCallContext {
   toolCallId: string;
   cwd: string | undefined;
 }
+
+// ── Per-gate narrow dependency interfaces ──────────────────────────────────
+
+/** Narrow deps for evaluateToolGate — every field is a leaf method. */
+export interface ToolGateDeps {
+  checkPermission(
+    surface: string,
+    input: unknown,
+    agentName?: string,
+    sessionRules?: Rule[],
+  ): PermissionCheckResult;
+  getSessionRuleset(): Rule[];
+  approveSessionRule(surface: string, pattern: string): void;
+  writeReviewLog(event: string, details: Record<string, unknown>): void;
+  emitDecision(event: PermissionDecisionEvent): void;
+  canConfirm(): boolean;
+  promptPermission(
+    details: PromptPermissionDetails,
+  ): Promise<PermissionPromptDecision>;
+}
+
+/** Narrow deps for evaluateExternalDirectoryGate. */
+export interface ExternalDirectoryGateDeps {
+  checkPermission(
+    surface: string,
+    input: unknown,
+    agentName?: string,
+    sessionRules?: Rule[],
+  ): PermissionCheckResult;
+  getSessionRuleset(): Rule[];
+  approveSessionRule(surface: string, pattern: string): void;
+  writeReviewLog(event: string, details: Record<string, unknown>): void;
+  emitDecision(event: PermissionDecisionEvent): void;
+  canConfirm(): boolean;
+  promptPermission(
+    details: PromptPermissionDetails,
+  ): Promise<PermissionPromptDecision>;
+  /** Resolved infrastructure dirs (static + config-based). */
+  getInfrastructureDirs(): string[];
+}
+
+/** Narrow deps for evaluateBashExternalDirectoryGate. */
+export interface BashExternalDirectoryGateDeps {
+  checkPermission(
+    surface: string,
+    input: unknown,
+    agentName?: string,
+    sessionRules?: Rule[],
+  ): PermissionCheckResult;
+  getSessionRuleset(): Rule[];
+  approveSessionRule(surface: string, pattern: string): void;
+  writeReviewLog(event: string, details: Record<string, unknown>): void;
+  canConfirm(): boolean;
+  promptPermission(
+    details: PromptPermissionDetails,
+  ): Promise<PermissionPromptDecision>;
+}
+
+/** Narrow deps for evaluateSkillReadGate. */
+export interface SkillReadGateDeps {
+  getActiveSkillEntries(): SkillPromptEntry[];
+  writeReviewLog(event: string, details: Record<string, unknown>): void;
+  emitDecision(event: PermissionDecisionEvent): void;
+  canConfirm(): boolean;
+  promptPermission(
+    details: PromptPermissionDetails,
+  ): Promise<PermissionPromptDecision>;
+}

package/src/handlers/input.ts

@@ -40,7 +40,7 @@ export async function handleInput(
   event: InputPayload,
   ctx: ExtensionContext,
 ): Promise<InputEventResult> {
-  deps.runtime.runtimeContext = ctx;
+  deps.session.runtimeContext = ctx;
   deps.startForwardedPermissionPolling(ctx);
 
   const skillName = extractSkillNameFromInput(event.text);
@@ -49,7 +49,7 @@ export async function handleInput(
   }
 
   const agentName = deps.resolveAgentName(ctx);
-  const check = deps.runtime.permissionManager.checkPermission(
+  const check = deps.session.permissionManager.checkPermission(
     "skill",
     { name: skillName },
     agentName ?? undefined,
@@ -82,7 +82,7 @@ export async function handleInput(
       skillInputAutoApproved = decision.autoApproved === true;
       return decision;
     },
-    writeLog: deps.runtime.writeReviewLog,
+    writeLog: deps.writeReviewLog,
     logContext: {
       source: "skill_input",
       skillName,