npm - @gotgenes/pi-permission-system - Versions diffs - 5.5.0 → 5.6.0 - Mend

@gotgenes/pi-permission-system 5.5.0 → 5.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/CHANGELOG.md +23 -0
package/package.json +1 -1
package/src/handlers/before-agent-start.ts +7 -7
package/src/handlers/gates/bash-external-directory.ts +70 -67
package/src/handlers/gates/descriptor.ts +115 -0
package/src/handlers/gates/external-directory.ts +62 -130
package/src/handlers/gates/index.ts +12 -4
package/src/handlers/gates/runner.ts +144 -0
package/src/handlers/gates/skill-read.ts +40 -59
package/src/handlers/gates/tool.ts +35 -104
package/src/handlers/gates/types.ts +0 -2
package/src/handlers/input.ts +3 -3
package/src/handlers/lifecycle.ts +21 -21
package/src/handlers/tool-call.ts +121 -20
package/src/handlers/types.ts +20 -7
package/src/index.ts +6 -1
package/src/runtime.ts +17 -9
package/tests/handlers/before-agent-start.test.ts +17 -27
package/tests/handlers/gates/bash-external-directory.test.ts +129 -184
package/tests/handlers/gates/external-directory.test.ts +118 -264
package/tests/handlers/gates/runner.test.ts +361 -0
package/tests/handlers/gates/skill-read.test.ts +86 -137
package/tests/handlers/gates/tool.test.ts +109 -346
package/tests/handlers/input-events.test.ts +10 -21
package/tests/handlers/input.test.ts +26 -43
package/tests/handlers/lifecycle.test.ts +47 -66
package/tests/handlers/tool-call-events.test.ts +29 -40
package/tests/handlers/tool-call.test.ts +19 -30

package/tests/handlers/gates/tool.test.ts CHANGED Viewed

@@ -1,25 +1,17 @@
 import { describe, expect, it, vi } from "vitest";
-import { evaluateToolGate } from "../../../src/handlers/gates/tool";
+import type { GateDescriptor } from "../../../src/handlers/gates/descriptor";
+import { describeToolGate } from "../../../src/handlers/gates/tool";
 import type { ToolCallContext } from "../../../src/handlers/gates/types";
-import type { HandlerDeps } from "../../../src/handlers/types";
-import type { PermissionEventBus } from "../../../src/permission-events";
 import type { PermissionCheckResult } from "../../../src/types";
-// ── SDK stubs ──────────────────────────────────────────────────────────────
-vi.mock("@mariozechner/pi-coding-agent", async (importOriginal) => {
-  const original =
-    await importOriginal<typeof import("@mariozechner/pi-coding-agent")>();
-  return { ...original };
-});
 // ── helpers ────────────────────────────────────────────────────────────────
 function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
   return {
     toolName: "read",
     agentName: null,
-    input: { path: "/test/project/foo.ts" },
+    input: {},
     toolCallId: "tc-1",
     cwd: "/test/project",
     ...overrides,
@@ -35,383 +27,154 @@ function makeCheckResult(
     toolName: "read",
     source: "tool",
     origin: "builtin",
+    matchedPattern: "*",
     ...overrides,
   };
 }
-function makeEvents(): PermissionEventBus {
-  return { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) };
-}
-function makeRuntime(
-  overrides: Record<string, unknown> = {},
-): HandlerDeps["runtime"] {
-  return {
-    config: { debugLog: false, permissionReviewLog: true, yoloMode: false },
-    runtimeContext: {} as HandlerDeps["runtime"]["runtimeContext"],
-    permissionManager: {
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("allow")),
-    },
-    sessionRules: {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    },
-    writeReviewLog: vi.fn(),
-    ...overrides,
-  } as unknown as HandlerDeps["runtime"];
-}
-function makeDeps(overrides: Record<string, unknown> = {}): HandlerDeps {
-  const { runtime: runtimeOverrides, events, ...rest } = overrides;
-  return {
-    runtime: makeRuntime(runtimeOverrides as Record<string, unknown>),
-    events: events ?? makeEvents(),
-    canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
-    promptPermission: vi
-      .fn()
-      .mockResolvedValue({ approved: true, state: "approved" }),
-    ...rest,
-  } as unknown as HandlerDeps;
-}
 // ── tests ──────────────────────────────────────────────────────────────────
-describe("evaluateToolGate", () => {
-  // ── Session-rule hit ─────────────────────────────────────────────────────
-  it("allows and emits session_approved on session hit", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(
-            makeCheckResult("allow", {
-              source: "session",
-              toolName: "bash",
-              command: "git status",
-              matchedPattern: "git *",
-            }),
-          ),
-        },
-      },
-      events,
-    });
-    const tcc = makeTcc({
-      toolName: "bash",
-      input: { command: "git status" },
-    });
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        surface: "bash",
-        value: "git status",
-        result: "allow",
-        resolution: "session_approved",
-        matchedPattern: "git *",
-      }),
+describe("describeToolGate", () => {
+  it("returns descriptor with tool name as surface for standard tools", () => {
+    const desc = describeToolGate(
+      makeTcc({ toolName: "read" }),
+      makeCheckResult("ask"),
     );
+    expect(desc.surface).toBe("read");
+    expect(desc.decision.surface).toBe("read");
   });
-  it("does NOT record session rule on session hit", async () => {
-    const sessionRules = {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    };
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(
-            makeCheckResult("allow", {
-              source: "session",
-              matchedPattern: "git *",
-            }),
-          ),
-        },
-        sessionRules,
-      },
-    });
-    const tcc = makeTcc({
-      toolName: "bash",
-      input: { command: "git status" },
-    });
-    await evaluateToolGate(tcc, deps);
-    expect(sessionRules.approve).not.toHaveBeenCalled();
-  });
-  // ── Policy allow ─────────────────────────────────────────────────────────
-  it("allows and emits policy_allow", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({ events });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        result: "allow",
-        resolution: "policy_allow",
-      }),
+  it("returns descriptor with tool name as decision value for standard tools", () => {
+    const desc = describeToolGate(
+      makeTcc({ toolName: "write" }),
+      makeCheckResult("ask"),
     );
+    expect(desc.decision.value).toBe("write");
   });
-  // ── Policy deny ──────────────────────────────────────────────────────────
-  it("blocks and emits policy_deny", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
-        },
-      },
-      events,
+  it("returns bash surface with command in decision.value for bash tools", () => {
+    const check = makeCheckResult("ask", {
+      toolName: "bash",
+      command: "git status",
     });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        result: "deny",
-        resolution: "policy_deny",
-      }),
+    const desc = describeToolGate(
+      makeTcc({ toolName: "bash", input: { command: "git status" } }),
+      check,
     );
+    expect(desc.surface).toBe("bash");
+    expect(desc.decision.surface).toBe("bash");
+    expect(desc.decision.value).toBe("git status");
   });
-  // ── Policy ask — user approves once ──────────────────────────────────────
-  it("allows and emits user_approved when user approves once", async () => {
-    const events = makeEvents();
-    const sessionRules = {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    };
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-        sessionRules,
-      },
-      events,
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved" }),
+  it("returns mcp surface with target in decision.value for MCP tools", () => {
+    const check = makeCheckResult("ask", {
+      toolName: "mcp",
+      target: "server:tool",
     });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(sessionRules.approve).not.toHaveBeenCalled();
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        result: "allow",
-        resolution: "user_approved",
-      }),
+    const desc = describeToolGate(
+      makeTcc({ toolName: "mcp", input: { tool: "server:tool" } }),
+      check,
     );
+    expect(desc.surface).toBe("mcp");
+    expect(desc.decision.surface).toBe("mcp");
+    expect(desc.decision.value).toBe("server:tool");
   });
-  // ── Policy ask — user approves for session ───────────────────────────────
-  it("records session rule when user approves for session", async () => {
-    const events = makeEvents();
-    const sessionRules = {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    };
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-        sessionRules,
-      },
-      events,
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(sessionRules.approve).toHaveBeenCalledWith("read", "*");
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        resolution: "user_approved_for_session",
-      }),
-    );
+  it("populates messages.denyReason via formatDenyReason", () => {
+    const check = makeCheckResult("deny", { toolName: "read" });
+    const desc = describeToolGate(makeTcc(), check);
+    expect(desc.messages.denyReason).toContain("read");
+    expect(desc.messages.denyReason).toContain("not permitted");
   });
-  // ── Policy ask — user denies ─────────────────────────────────────────────
-  it("blocks and emits user_denied", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-      },
-      events,
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: false, state: "denied" }),
+  it("populates messages.unavailableReason with bash command when tool is bash", () => {
+    const check = makeCheckResult("ask", {
+      toolName: "bash",
+      command: "rm -rf /",
     });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        result: "deny",
-        resolution: "user_denied",
-      }),
+    const desc = describeToolGate(
+      makeTcc({ toolName: "bash", input: { command: "rm -rf /" } }),
+      check,
     );
+    expect(desc.messages.unavailableReason).toContain("rm -rf /");
+    expect(desc.messages.unavailableReason).toContain("no interactive UI");
   });
-  // ── Policy ask — no UI ───────────────────────────────────────────────────
-  it("blocks and emits confirmation_unavailable when no UI", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-      },
-      events,
-      canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        result: "deny",
-        resolution: "confirmation_unavailable",
-      }),
+  it("populates messages.unavailableReason with tool name for non-bash tools", () => {
+    const desc = describeToolGate(
+      makeTcc({ toolName: "write" }),
+      makeCheckResult("ask"),
     );
+    expect(desc.messages.unavailableReason).toContain("write");
+    expect(desc.messages.unavailableReason).toContain("no interactive UI");
   });
-  // ── Auto-approved ────────────────────────────────────────────────────────
+  it("populates messages.unavailableReason with mcp for mcp tool", () => {
+    const check = makeCheckResult("ask", { toolName: "mcp", target: "s:t" });
+    const desc = describeToolGate(makeTcc({ toolName: "mcp" }), check);
+    expect(desc.messages.unavailableReason).toContain("mcp");
+  });
-  it("emits auto_approved resolution when decision is auto-approved", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-        },
-      },
-      events,
-      promptPermission: vi.fn().mockResolvedValue({
-        approved: true,
-        state: "approved",
-        autoApproved: true,
-      }),
+  it("populates messages.userDeniedReason as a function", () => {
+    const check = makeCheckResult("ask", { toolName: "read" });
+    const desc = describeToolGate(makeTcc(), check);
+    const reason = desc.messages.userDeniedReason({
+      approved: false,
+      state: "denied",
+      denialReason: "too risky",
     });
-    const tcc = makeTcc();
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        resolution: "auto_approved",
-      }),
-    );
+    expect(reason).toContain("too risky");
   });
-  // ── Bash-specific value ──────────────────────────────────────────────────
-  it("uses command as decision value for bash tool", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(
-            makeCheckResult("allow", {
-              toolName: "bash",
-              command: "git status",
-            }),
-          ),
-        },
-      },
-      events,
-    });
-    const tcc = makeTcc({
+  it("populates sessionApproval via suggestSessionPattern", () => {
+    const check = makeCheckResult("ask", {
       toolName: "bash",
-      input: { command: "git status" },
+      command: "git status",
     });
-    await evaluateToolGate(tcc, deps);
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        surface: "bash",
-        value: "git status",
-      }),
+    const desc = describeToolGate(
+      makeTcc({ toolName: "bash", input: { command: "git status" } }),
+      check,
     );
+    expect(desc.sessionApproval).toBeDefined();
+    expect(desc.sessionApproval!).toHaveProperty("surface", "bash");
+    expect(desc.sessionApproval!).toHaveProperty("pattern");
   });
-  // ── MCP-specific value ───────────────────────────────────────────────────
-  it("uses target as decision value for mcp tool", async () => {
-    const events = makeEvents();
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi.fn().mockReturnValue(
-            makeCheckResult("allow", {
-              toolName: "mcp",
-              target: "exa:search",
-            }),
-          ),
-        },
-      },
-      events,
-    });
-    const tcc = makeTcc({ toolName: "mcp", input: { tool: "exa:search" } });
-    await evaluateToolGate(tcc, deps);
-    expect(events.emit).toHaveBeenCalledWith(
-      "permissions:decision",
-      expect.objectContaining({
-        surface: "mcp",
-        value: "exa:search",
-      }),
+  it("populates promptDetails with correct fields", () => {
+    const check = makeCheckResult("ask");
+    const desc = describeToolGate(
+      makeTcc({ toolName: "read", agentName: "my-agent", toolCallId: "tc-42" }),
+      check,
     );
+    expect(desc.promptDetails).toMatchObject({
+      source: "tool_call",
+      agentName: "my-agent",
+      toolCallId: "tc-42",
+      toolName: "read",
+    });
+    expect(desc.promptDetails.message).toBeDefined();
+    expect(desc.promptDetails.sessionLabel).toBeDefined();
   });
-  // ── Bash unavailable message ─────────────────────────────────────────────
-  it("includes command in unavailable message for bash", async () => {
-    const deps = makeDeps({
-      runtime: {
-        permissionManager: {
-          checkPermission: vi
-            .fn()
-            .mockReturnValue(
-              makeCheckResult("ask", { toolName: "bash", command: "rm -rf /" }),
-            ),
-        },
-      },
-      canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
-    });
-    const tcc = makeTcc({
+  it("populates logContext with tool input preview fields", () => {
+    const check = makeCheckResult("ask", { toolName: "bash", command: "ls" });
+    const desc = describeToolGate(
+      makeTcc({ toolName: "bash", input: { command: "ls" } }),
+      check,
+    );
+    expect(desc.logContext).toMatchObject({
+      source: "tool_call",
       toolName: "bash",
-      input: { command: "rm -rf /" },
     });
-    const result = await evaluateToolGate(tcc, deps);
-    expect(result.action).toBe("block");
-    if (result.action === "block") {
-      expect(result.reason).toContain("rm -rf /");
-    }
+    expect(desc.logContext.command).toBe("ls");
+  });
+  it("uses toolName as input for checkPermission surface", () => {
+    const desc = describeToolGate(
+      makeTcc({ toolName: "edit", input: { path: "/a.ts" } }),
+      makeCheckResult("ask", { toolName: "edit" }),
+    );
+    expect(desc.surface).toBe("edit");
+    expect(desc.input).toEqual({ path: "/a.ts" });
   });
 });

package/tests/handlers/input-events.test.ts CHANGED Viewed

@@ -8,7 +8,7 @@ import { handleInput } from "../../src/handlers/input";
 import type { HandlerDeps } from "../../src/handlers/types";
 import type { PermissionDecisionEvent } from "../../src/permission-events";
 import { PERMISSIONS_DECISION_CHANNEL } from "../../src/permission-events";
-import type { ExtensionRuntime } from "../../src/runtime";
+import type { SessionState } from "../../src/runtime";
 // ── helpers ────────────────────────────────────────────────────────────────
@@ -38,17 +38,8 @@ function makeCtx(overrides: Partial<ExtensionContext> = {}): ExtensionContext {
   } as unknown as ExtensionContext;
 }
-function makeRuntime(
-  state: "allow" | "deny" | "ask" = "allow",
-): ExtensionRuntime {
+function makeSession(state: "allow" | "deny" | "ask" = "allow"): SessionState {
   return {
-    agentDir: "/test/agent",
-    sessionsDir: "/test/agent/sessions",
-    subagentSessionsDir: "/test/agent/subagent-sessions",
-    forwardingDir: "/test/agent/sessions/permission-forwarding",
-    globalLogsDir: "/test/agent/extensions/pi-permission-system/logs",
-    piInfrastructureDirs: ["/test/agent"],
-    config: { debugLog: false, permissionReviewLog: true, yoloMode: false },
     runtimeContext: null,
     permissionManager: {
       checkPermission: vi.fn().mockReturnValue({
@@ -58,23 +49,17 @@ function makeRuntime(
         origin: "global",
         matchedPattern: "*",
       }),
-    } as unknown as ExtensionRuntime["permissionManager"],
+    } as unknown as SessionState["permissionManager"],
     activeSkillEntries: [],
     lastKnownActiveAgentName: null,
     lastActiveToolsCacheKey: null,
     lastPromptStateCacheKey: null,
-    lastConfigWarning: null,
     sessionRules: {
       approve: vi.fn(),
       getRuleset: vi.fn().mockReturnValue([]),
       clear: vi.fn(),
-    } as unknown as ExtensionRuntime["sessionRules"],
-    permissionForwardingContext: null,
-    permissionForwardingTimer: null,
-    isProcessingForwardedRequests: false,
-    writeDebugLog: vi.fn(),
-    writeReviewLog: vi.fn(),
-  } as ExtensionRuntime;
+    } as unknown as SessionState["sessionRules"],
+  };
 }
 function makeDeps(
@@ -82,7 +67,11 @@ function makeDeps(
   overrides: Partial<HandlerDeps> = {},
 ): HandlerDeps {
   return {
-    runtime: makeRuntime(state),
+    session: makeSession(state),
+    writeDebugLog: vi.fn(),
+    writeReviewLog: vi.fn(),
+    piInfrastructureDirs: ["/test/agent"],
+    getPiInfrastructureReadPaths: vi.fn().mockReturnValue([]),
     events: makeEvents(),
     createPermissionManagerForCwd: vi.fn(),
     refreshExtensionConfig: vi.fn(),