@gotgenes/pi-permission-system 5.5.0 → 5.6.0

package/tests/handlers/gates/external-directory.test.ts

@@ -1,12 +1,17 @@
 import { describe, expect, it, vi } from "vitest";
 
-import { evaluateExternalDirectoryGate } from "../../../src/handlers/gates/external-directory";
+import type {
+  GateBypass,
+  GateDescriptor,
+} from "../../../src/handlers/gates/descriptor";
+import {
+  isGateBypass,
+  isGateDescriptor,
+} from "../../../src/handlers/gates/descriptor";
+import { describeExternalDirectoryGate } from "../../../src/handlers/gates/external-directory";
 import type { ToolCallContext } from "../../../src/handlers/gates/types";
-import type { HandlerDeps } from "../../../src/handlers/types";
-import type { PermissionEventBus } from "../../../src/permission-events";
-import type { PermissionCheckResult } from "../../../src/types";
 
-// ── helpers ────────────────────────────────────────────────────────────────
+// ── helpers ───────────────────────────��────────────────────────────��───────
 
 function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
   return {
@@ -19,302 +24,151 @@ function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
   };
 }
 
-function makeCheckResult(
-  state: "allow" | "deny" | "ask",
-  overrides: Partial<PermissionCheckResult> = {},
-): PermissionCheckResult {
-  return {
-    state,
-    toolName: "external_directory",
-    source: "special",
-    origin: "builtin",
-    ...overrides,
-  };
-}
-
-function makeEvents(): PermissionEventBus {
-  return { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) };
-}
+// ── tests ────────────────────��────────────────────────────────────��────────
 
-function makeRuntime(
-  overrides: Record<string, unknown> = {},
-): HandlerDeps["runtime"] {
-  return {
-    piInfrastructureDirs: ["/test/agent", "/test/agent/git"],
-    config: { debugLog: false, permissionReviewLog: true, yoloMode: false },
-    runtimeContext: {} as HandlerDeps["runtime"]["runtimeContext"],
-    permissionManager: {
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-    },
-    sessionRules: {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    },
-    writeReviewLog: vi.fn(),
-    ...overrides,
-  } as unknown as HandlerDeps["runtime"];
-}
-
-function makeDeps(overrides: Record<string, unknown> = {}): HandlerDeps {
-  const { runtime: runtimeOverrides, events, ...rest } = overrides;
-  return {
-    runtime: makeRuntime(runtimeOverrides as Record<string, unknown>),
-    events: events ?? makeEvents(),
-    canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
-    promptPermission: vi
-      .fn()
-      .mockResolvedValue({ approved: true, state: "approved" }),
-    ...rest,
-  } as unknown as HandlerDeps;
-}
-
-// ── tests ──────────────────────────────────────────────────────────────────
-
-describe("evaluateExternalDirectoryGate", () => {
-  it("returns null when no CWD", async () => {
-    const tcc = makeTcc({ cwd: undefined });
-    const result = await evaluateExternalDirectoryGate(tcc, makeDeps());
+describe("describeExternalDirectoryGate", () => {
+  it("returns null when no CWD", () => {
+    const result = describeExternalDirectoryGate(makeTcc({ cwd: undefined }), [
+      "/test/agent",
+    ]);
     expect(result).toBeNull();
   });
 
-  it("returns null when tool is not path-bearing", async () => {
-    const tcc = makeTcc({ toolName: "bash", input: { command: "ls" } });
-    const result = await evaluateExternalDirectoryGate(tcc, makeDeps());
+  it("returns null when tool is not path-bearing", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ toolName: "bash", input: { command: "ls" } }),
+      ["/test/agent"],
+    );
     expect(result).toBeNull();
   });
 
-  it("returns null when path is inside CWD", async () => {
-    const tcc = makeTcc({ input: { path: "/test/project/src/index.ts" } });
-    const result = await evaluateExternalDirectoryGate(tcc, makeDeps());
+  it("returns null when path is inside CWD", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ input: { path: "/test/project/src/index.ts" } }),
+      ["/test/agent"],
+    );
     expect(result).toBeNull();
   });
 
-  // ── Pi infrastructure read bypass ──────────────────────────────────────
+  // ── Pi infrastructure read bypass ─────────────────���────────────────────
 
-  it("allows and emits infrastructure_auto_allowed for read targeting infra dir", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({ events });
-    const tcc = makeTcc({
-      toolName: "read",
-      input: { path: "/test/agent/git/some-package/SKILL.md" },
-    });
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        resolution: "infrastructure_auto_allowed",
-        result: "allow",
+  it("returns GateBypass for read targeting an infra dir", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({
+        toolName: "read",
+        input: { path: "/test/agent/git/some-package/SKILL.md" },
       }),
+      ["/test/agent", "/test/agent/git"],
     );
-  });
-
-  it("respects config.piInfrastructureReadPaths for bypass", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        piInfrastructureDirs: [],
-        config: {
-          debugLog: false,
-          permissionReviewLog: true,
-          yoloMode: false,
-          piInfrastructureReadPaths: ["/custom/infra"],
-        },
-      },
-      events,
-    });
-    const tcc = makeTcc({
-      toolName: "read",
-      input: { path: "/custom/infra/SKILL.md" },
-    });
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-  });
-
-  it("does NOT bypass for write tools targeting infra dirs", async () => {
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
-        },
-      },
+    expect(result).not.toBeNull();
+    expect(isGateBypass(result)).toBe(true);
+    const bypass = result as GateBypass;
+    expect(bypass.action).toBe("allow");
+    expect(bypass.decision).toMatchObject({
+      resolution: "infrastructure_auto_allowed",
+      result: "allow",
     });
-    const tcc = makeTcc({
-      toolName: "write",
-      input: { path: "/test/agent/git/some-file.ts", content: "x" },
+    expect(bypass.log).toMatchObject({
+      event: "permission_request.infrastructure_auto_allowed",
     });
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
   });
 
-  // ── Session-rule hit ─────────────────────────────────────────────────────
-
-  it("allows and emits session_approved when session rule covers the path", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(
-            makeCheckResult("allow", {
-              source: "session",
-              matchedPattern: "/outside/project/*",
-            }),
-          ),
-        },
-        sessionRules: {
-          approve: vi.fn(),
-          getRuleset: vi.fn().mockReturnValue([
-            {
-              surface: "external_directory",
-              pattern: "/outside/project/*",
-              action: "allow",
-            },
-          ]),
-          clear: vi.fn(),
-        },
-      },
-      events,
-    });
-    const tcc = makeTcc();
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        resolution: "session_approved",
-        matchedPattern: "/outside/project/*",
+  it("returns GateBypass respecting custom infraDirs", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({
+        toolName: "read",
+        input: { path: "/custom/infra/SKILL.md" },
       }),
+      ["/custom/infra"],
     );
+    expect(isGateBypass(result)).toBe(true);
   });
 
-  // ── Policy deny ──────────────────────────────────────────────────────────
-
-  it("blocks and emits policy_deny when policy is deny", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
-        },
-      },
-      events,
-    });
-    const tcc = makeTcc();
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        surface: "external_directory",
-        result: "deny",
-        resolution: "policy_deny",
+  it("does NOT bypass for write tools targeting infra dirs", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({
+        toolName: "write",
+        input: { path: "/test/agent/git/some-file.ts", content: "x" },
       }),
+      ["/test/agent", "/test/agent/git"],
     );
+    // Should be a GateDescriptor (needs permission check), not a bypass
+    expect(result).not.toBeNull();
+    expect(isGateDescriptor(result)).toBe(true);
   });
 
-  // ── Policy ask — user approves once ──────────────────────────────────────
+  // ── GateDescriptor for external paths ─────────────────────────────────��
 
-  it("allows without recording session rule when user approves once", async () => {
-    const sessionRules = {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    };
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-        sessionRules,
-      },
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved" }),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(sessionRules.approve).not.toHaveBeenCalled();
+  it("returns GateDescriptor with surface 'external_directory'", () => {
+    const result = describeExternalDirectoryGate(makeTcc(), ["/test/agent"]);
+    expect(isGateDescriptor(result)).toBe(true);
+    const desc = result as GateDescriptor;
+    expect(desc.surface).toBe("external_directory");
   });
 
-  // ── Policy ask — user approves for session ───────────────────────────────
+  it("decision value is the external path", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ input: { path: "/outside/project/file.ts" } }),
+      ["/test/agent"],
+    ) as GateDescriptor;
+    expect(result.decision.value).toBe("/outside/project/file.ts");
+    expect(result.decision.surface).toBe("external_directory");
+  });
 
-  it("records session rule when user approves for session", async () => {
-    const sessionRules = {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    };
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-        sessionRules,
-      },
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(sessionRules.approve).toHaveBeenCalledWith(
+  it("input contains normalized path for checkPermission", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ input: { path: "/outside/project/file.ts" } }),
+      ["/test/agent"],
+    ) as GateDescriptor;
+    expect(result.input).toHaveProperty("path");
+  });
+
+  it("sessionApproval uses deriveApprovalPattern", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ input: { path: "/outside/project/file.ts" } }),
+      ["/test/agent"],
+    ) as GateDescriptor;
+    expect(result.sessionApproval).toBeDefined();
+    expect(result.sessionApproval).toHaveProperty(
+      "surface",
       "external_directory",
-      expect.any(String),
     );
+    expect(result.sessionApproval).toHaveProperty("pattern");
   });
 
-  // ── Policy ask — user denies ─────────────────────────────────────────────
-
-  it("blocks and emits user_denied when user denies", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-      },
-      events,
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: false, state: "denied" }),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        result: "deny",
-        resolution: "user_denied",
-      }),
+  it("messages contain the external path", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ input: { path: "/outside/project/file.ts" } }),
+      ["/test/agent"],
+    ) as GateDescriptor;
+    expect(result.messages.denyReason).toContain("/outside/project/file.ts");
+    expect(result.messages.unavailableReason).toContain(
+      "/outside/project/file.ts",
     );
   });
 
-  // ── Policy ask — no UI ───────────────────────────────────────────────────
+  it("promptDetails includes path and tool_call source", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ toolName: "read", agentName: "agent-1", toolCallId: "tc-5" }),
+      ["/test/agent"],
+    ) as GateDescriptor;
+    expect(result.promptDetails).toMatchObject({
+      source: "tool_call",
+      agentName: "agent-1",
+      toolCallId: "tc-5",
+      toolName: "read",
+      path: "/outside/project/file.ts",
+    });
+  });
 
-  it("blocks and emits confirmation_unavailable when no UI", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-      },
-      events,
-      canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
+  it("logContext includes path and message", () => {
+    const result = describeExternalDirectoryGate(makeTcc(), [
+      "/test/agent",
+    ]) as GateDescriptor;
+    expect(result.logContext).toMatchObject({
+      source: "tool_call",
+      path: "/outside/project/file.ts",
     });
-    const tcc = makeTcc();
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        result: "deny",
-        resolution: "confirmation_unavailable",
-      }),
-    );
+    expect(result.logContext.message).toBeDefined();
   });
 });