@gotgenes/pi-permission-system 5.5.0 → 5.6.0

package/tests/handlers/gates/bash-external-directory.test.ts

@@ -1,9 +1,14 @@
 import { describe, expect, it, vi } from "vitest";
-
-import { evaluateBashExternalDirectoryGate } from "../../../src/handlers/gates/bash-external-directory";
+import { describeBashExternalDirectoryGate } from "../../../src/handlers/gates/bash-external-directory";
+import type {
+  GateBypass,
+  GateDescriptor,
+} from "../../../src/handlers/gates/descriptor";
+import {
+  isGateBypass,
+  isGateDescriptor,
+} from "../../../src/handlers/gates/descriptor";
 import type { ToolCallContext } from "../../../src/handlers/gates/types";
-import type { HandlerDeps } from "../../../src/handlers/types";
-import type { PermissionEventBus } from "../../../src/permission-events";
 import type { PermissionCheckResult } from "../../../src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
@@ -32,216 +37,156 @@ function makeCheckResult(
   };
 }
 
-function makeEvents(): PermissionEventBus {
-  return { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) };
-}
-
-function makeRuntime(
-  overrides: Record<string, unknown> = {},
-): HandlerDeps["runtime"] {
-  return {
-    config: { debugLog: false, permissionReviewLog: true, yoloMode: false },
-    runtimeContext: {} as HandlerDeps["runtime"]["runtimeContext"],
-    permissionManager: {
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-    },
-    sessionRules: {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    },
-    writeReviewLog: vi.fn(),
-    ...overrides,
-  } as unknown as HandlerDeps["runtime"];
-}
-
-function makeDeps(overrides: Record<string, unknown> = {}): HandlerDeps {
-  const { runtime: runtimeOverrides, events, ...rest } = overrides;
-  return {
-    runtime: makeRuntime(runtimeOverrides as Record<string, unknown>),
-    events: events ?? makeEvents(),
-    canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
-    promptPermission: vi
-      .fn()
-      .mockResolvedValue({ approved: true, state: "approved" }),
-    ...rest,
-  } as unknown as HandlerDeps;
-}
-
 // ── tests ──────────────────────────────────────────────────────────────────
 
-describe("evaluateBashExternalDirectoryGate", () => {
+describe("describeBashExternalDirectoryGate", () => {
   it("returns null when tool is not bash", async () => {
-    const tcc = makeTcc({ toolName: "read" });
-    const result = await evaluateBashExternalDirectoryGate(tcc, makeDeps());
+    const result = await describeBashExternalDirectoryGate(
+      makeTcc({ toolName: "read" }),
+      vi.fn().mockReturnValue(makeCheckResult("ask")),
+      vi.fn().mockReturnValue([]),
+    );
     expect(result).toBeNull();
   });
 
   it("returns null when no CWD", async () => {
-    const tcc = makeTcc({ cwd: undefined });
-    const result = await evaluateBashExternalDirectoryGate(tcc, makeDeps());
+    const result = await describeBashExternalDirectoryGate(
+      makeTcc({ cwd: undefined }),
+      vi.fn().mockReturnValue(makeCheckResult("ask")),
+      vi.fn().mockReturnValue([]),
+    );
     expect(result).toBeNull();
   });
 
   it("returns null when command has no external paths", async () => {
-    const tcc = makeTcc({ input: { command: "ls -la" } });
-    const result = await evaluateBashExternalDirectoryGate(tcc, makeDeps());
+    const result = await describeBashExternalDirectoryGate(
+      makeTcc({ input: { command: "ls -la" } }),
+      vi.fn().mockReturnValue(makeCheckResult("ask")),
+      vi.fn().mockReturnValue([]),
+    );
     expect(result).toBeNull();
   });
 
-  it("returns null and logs when all external paths are session-covered", async () => {
-    const writeReviewLog = vi.fn();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi
-            .fn()
-            .mockReturnValue(makeCheckResult("allow", { source: "session" })),
-        },
-        writeReviewLog,
-      },
+  it("returns GateBypass when all external paths are session-covered", async () => {
+    const checkPermission = vi
+      .fn()
+      .mockReturnValue(makeCheckResult("allow", { source: "session" }));
+    const result = await describeBashExternalDirectoryGate(
+      makeTcc(),
+      checkPermission,
+      vi.fn().mockReturnValue([]),
+    );
+    expect(result).not.toBeNull();
+    expect(isGateBypass(result)).toBe(true);
+    const bypass = result as GateBypass;
+    expect(bypass.action).toBe("allow");
+    expect(bypass.log).toMatchObject({
+      event: "permission_request.session_approved",
+      details: expect.objectContaining({ resolution: "session_approved" }),
     });
-    const tcc = makeTcc();
-    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
-    expect(result).toBeNull();
-    expect(writeReviewLog).toHaveBeenCalledWith(
-      "permission_request.session_approved",
-      expect.objectContaining({ resolution: "session_approved" }),
+  });
+
+  it("returns GateDescriptor with multi-pattern sessionApproval for uncovered paths", async () => {
+    const checkPermission = vi.fn().mockReturnValue(makeCheckResult("ask"));
+    const result = await describeBashExternalDirectoryGate(
+      makeTcc({ input: { command: "diff /outside/a.ts /outside/b.ts" } }),
+      checkPermission,
+      vi.fn().mockReturnValue([]),
     );
+    expect(isGateDescriptor(result)).toBe(true);
+    const desc = result as GateDescriptor;
+    expect(desc.sessionApproval).toBeDefined();
+    expect(desc.sessionApproval).toHaveProperty("patterns");
+    const patterns = (desc.sessionApproval as { patterns: string[] }).patterns;
+    expect(patterns.length).toBeGreaterThan(0);
   });
 
-  it("blocks when policy is deny", async () => {
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
-        },
-      },
-    });
-    const tcc = makeTcc();
-    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
+  it("uses config-level checkPermission for the policy state", async () => {
+    const checkPermission = vi
+      .fn()
+      .mockImplementation((surface: string, input: Record<string, unknown>) => {
+        // Path-specific check returns session for coverage filtering
+        if (input.path) return makeCheckResult("allow", { source: "special" });
+        // Config-level check (no path) returns deny
+        return makeCheckResult("deny");
+      });
+    const result = await describeBashExternalDirectoryGate(
+      makeTcc(),
+      checkPermission,
+      vi.fn().mockReturnValue([]),
+    );
+    expect(isGateDescriptor(result)).toBe(true);
+    // The descriptor should carry the deny state from the config-level check
+    // (it will be checked as preCheck by the runner)
+    const desc = result as GateDescriptor;
+    expect(desc.preCheck?.state).toBe("deny");
   });
 
-  it("allows without recording session rules when user approves once", async () => {
-    const sessionRules = {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    };
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-        sessionRules,
-      },
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved" }),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(sessionRules.approve).not.toHaveBeenCalled();
+  it("descriptor surface is 'external_directory'", async () => {
+    const result = await describeBashExternalDirectoryGate(
+      makeTcc(),
+      vi.fn().mockReturnValue(makeCheckResult("ask")),
+      vi.fn().mockReturnValue([]),
+    );
+    const desc = result as GateDescriptor;
+    expect(desc.surface).toBe("external_directory");
   });
 
-  it("records one session rule per uncovered path on approved_for_session", async () => {
-    const sessionRules = {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    };
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-        sessionRules,
-      },
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
-    });
-    // Command referencing two external paths
-    const tcc = makeTcc({
-      input: {
-        command: "diff /outside/a.ts /outside/b.ts",
-      },
-    });
-    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    // Each uncovered path gets its own session rule
-    expect(sessionRules.approve).toHaveBeenCalledTimes(2);
-    for (const call of (sessionRules.approve as ReturnType<typeof vi.fn>).mock
-      .calls) {
-      expect(call[0]).toBe("external_directory");
-    }
+  it("descriptor decision surface is 'external_directory'", async () => {
+    const result = await describeBashExternalDirectoryGate(
+      makeTcc(),
+      vi.fn().mockReturnValue(makeCheckResult("ask")),
+      vi.fn().mockReturnValue([]),
+    );
+    const desc = result as GateDescriptor;
+    expect(desc.decision.surface).toBe("external_directory");
   });
 
-  it("blocks when user denies", async () => {
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-      },
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: false, state: "denied" }),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
+  it("messages contain the command", async () => {
+    const result = await describeBashExternalDirectoryGate(
+      makeTcc({ input: { command: "cat /outside/file.ts" } }),
+      vi.fn().mockReturnValue(makeCheckResult("ask")),
+      vi.fn().mockReturnValue([]),
+    );
+    const desc = result as GateDescriptor;
+    expect(desc.messages.denyReason).toContain("cat /outside/file.ts");
+    expect(desc.messages.unavailableReason).toContain("cat /outside/file.ts");
   });
 
-  it("blocks when no UI available", async () => {
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-      },
-      canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
+  it("promptDetails includes command and tool_call source", async () => {
+    const result = await describeBashExternalDirectoryGate(
+      makeTcc({ agentName: "agent-1", toolCallId: "tc-5" }),
+      vi.fn().mockReturnValue(makeCheckResult("ask")),
+      vi.fn().mockReturnValue([]),
+    );
+    const desc = result as GateDescriptor;
+    expect(desc.promptDetails).toMatchObject({
+      source: "tool_call",
+      agentName: "agent-1",
+      toolCallId: "tc-5",
+      toolName: "bash",
+      command: "cat /outside/project/file.ts",
     });
-    const tcc = makeTcc();
-    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
   });
 
-  it("only prompts about uncovered paths when some are session-covered", async () => {
-    // First call (for getRuleset path filter): session covers /outside/a.ts
-    // Second call (for config-level policy): returns ask
+  it("only includes uncovered paths when some are session-covered", async () => {
     const checkPermission = vi
       .fn()
-      .mockImplementation(
-        (
-          surface: string,
-          input: Record<string, unknown>,
-        ): PermissionCheckResult => {
-          if (
-            surface === "external_directory" &&
-            input.path === "/outside/a.ts"
-          ) {
-            return makeCheckResult("allow", { source: "session" });
-          }
-          return makeCheckResult("ask");
-        },
-      );
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: { checkPermission },
-      },
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved" }),
-    });
-    const tcc = makeTcc({
-      input: { command: "diff /outside/a.ts /outside/b.ts" },
-    });
-    const result = await evaluateBashExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    // The prompt should have been called (for uncovered /outside/b.ts)
-    expect(deps.promptPermission).toHaveBeenCalled();
+      .mockImplementation((surface: string, input: Record<string, unknown>) => {
+        if (input.path === "/outside/a.ts") {
+          return makeCheckResult("allow", { source: "session" });
+        }
+        return makeCheckResult("ask");
+      });
+    const result = await describeBashExternalDirectoryGate(
+      makeTcc({ input: { command: "diff /outside/a.ts /outside/b.ts" } }),
+      checkPermission,
+      vi.fn().mockReturnValue([]),
+    );
+    expect(isGateDescriptor(result)).toBe(true);
+    const desc = result as GateDescriptor;
+    // Should have patterns only for the uncovered path
+    const patterns = (desc.sessionApproval as { patterns: string[] }).patterns;
+    expect(patterns.length).toBe(1);
   });
 });