@gotgenes/pi-permission-system 5.5.1 → 5.6.1

package/tests/handlers/gates/external-directory.test.ts

@@ -1,13 +1,17 @@
 import { describe, expect, it, vi } from "vitest";
 
-import { evaluateExternalDirectoryGate } from "../../../src/handlers/gates/external-directory";
 import type {
-  ExternalDirectoryGateDeps,
-  ToolCallContext,
-} from "../../../src/handlers/gates/types";
-import type { PermissionCheckResult } from "../../../src/types";
-
-// ── helpers ────────────────────────────────────────────────────────────────
+  GateBypass,
+  GateDescriptor,
+} from "../../../src/handlers/gates/descriptor";
+import {
+  isGateBypass,
+  isGateDescriptor,
+} from "../../../src/handlers/gates/descriptor";
+import { describeExternalDirectoryGate } from "../../../src/handlers/gates/external-directory";
+import type { ToolCallContext } from "../../../src/handlers/gates/types";
+
+// ── helpers ───────────────────────────��────────────────────────────��───────
 
 function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
   return {
@@ -20,226 +24,151 @@ function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
   };
 }
 
-function makeCheckResult(
-  state: "allow" | "deny" | "ask",
-  overrides: Partial<PermissionCheckResult> = {},
-): PermissionCheckResult {
-  return {
-    state,
-    toolName: "external_directory",
-    source: "special",
-    origin: "builtin",
-    ...overrides,
-  };
-}
-
-function makeExtDirGateDeps(
-  overrides: Partial<ExternalDirectoryGateDeps> = {},
-): ExternalDirectoryGateDeps {
-  return {
-    checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-    getSessionRuleset: vi.fn().mockReturnValue([]),
-    approveSessionRule: vi.fn(),
-    writeReviewLog: vi.fn(),
-    emitDecision: vi.fn(),
-    canConfirm: vi.fn().mockReturnValue(true),
-    promptPermission: vi
-      .fn()
-      .mockResolvedValue({ approved: true, state: "approved" }),
-    getInfrastructureDirs: vi
-      .fn()
-      .mockReturnValue(["/test/agent", "/test/agent/git"]),
-    ...overrides,
-  };
-}
+// ── tests ────────────────────��────────────────────────────────────��────────
 
-// ── tests ──────────────────────────────────────────────────────────────────
-
-describe("evaluateExternalDirectoryGate", () => {
-  it("returns null when no CWD", async () => {
-    const tcc = makeTcc({ cwd: undefined });
-    const result = await evaluateExternalDirectoryGate(
-      tcc,
-      makeExtDirGateDeps(),
-    );
+describe("describeExternalDirectoryGate", () => {
+  it("returns null when no CWD", () => {
+    const result = describeExternalDirectoryGate(makeTcc({ cwd: undefined }), [
+      "/test/agent",
+    ]);
     expect(result).toBeNull();
   });
 
-  it("returns null when tool is not path-bearing", async () => {
-    const tcc = makeTcc({ toolName: "bash", input: { command: "ls" } });
-    const result = await evaluateExternalDirectoryGate(
-      tcc,
-      makeExtDirGateDeps(),
+  it("returns null when tool is not path-bearing", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ toolName: "bash", input: { command: "ls" } }),
+      ["/test/agent"],
     );
     expect(result).toBeNull();
   });
 
-  it("returns null when path is inside CWD", async () => {
-    const tcc = makeTcc({ input: { path: "/test/project/src/index.ts" } });
-    const result = await evaluateExternalDirectoryGate(
-      tcc,
-      makeExtDirGateDeps(),
+  it("returns null when path is inside CWD", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ input: { path: "/test/project/src/index.ts" } }),
+      ["/test/agent"],
     );
     expect(result).toBeNull();
   });
 
-  // ── Pi infrastructure read bypass ──────────────────────────────────────
+  // ── Pi infrastructure read bypass ─────────────────���────────────────────
 
-  it("allows and emits infrastructure_auto_allowed for read targeting infra dir", async () => {
-    const deps = makeExtDirGateDeps();
-    const tcc = makeTcc({
-      toolName: "read",
-      input: { path: "/test/agent/git/some-package/SKILL.md" },
-    });
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(deps.emitDecision).toHaveBeenCalledWith(
-      expect.objectContaining({
-        resolution: "infrastructure_auto_allowed",
-        result: "allow",
+  it("returns GateBypass for read targeting an infra dir", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({
+        toolName: "read",
+        input: { path: "/test/agent/git/some-package/SKILL.md" },
       }),
+      ["/test/agent", "/test/agent/git"],
     );
-  });
-
-  it("respects config.piInfrastructureReadPaths for bypass", async () => {
-    const deps = makeExtDirGateDeps({
-      getInfrastructureDirs: vi.fn().mockReturnValue(["/custom/infra"]),
+    expect(result).not.toBeNull();
+    expect(isGateBypass(result)).toBe(true);
+    const bypass = result as GateBypass;
+    expect(bypass.action).toBe("allow");
+    expect(bypass.decision).toMatchObject({
+      resolution: "infrastructure_auto_allowed",
+      result: "allow",
     });
-    const tcc = makeTcc({
-      toolName: "read",
-      input: { path: "/custom/infra/SKILL.md" },
+    expect(bypass.log).toMatchObject({
+      event: "permission_request.infrastructure_auto_allowed",
     });
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
   });
 
-  it("does NOT bypass for write tools targeting infra dirs", async () => {
-    const deps = makeExtDirGateDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
-    });
-    const tcc = makeTcc({
-      toolName: "write",
-      input: { path: "/test/agent/git/some-file.ts", content: "x" },
-    });
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
-  });
-
-  // ── Session-rule hit ─────────────────────────────────────────────────────
-
-  it("allows and emits session_approved when session rule covers the path", async () => {
-    const deps = makeExtDirGateDeps({
-      checkPermission: vi.fn().mockReturnValue(
-        makeCheckResult("allow", {
-          source: "session",
-          matchedPattern: "/outside/project/*",
-        }),
-      ),
-      getSessionRuleset: vi.fn().mockReturnValue([
-        {
-          surface: "external_directory",
-          pattern: "/outside/project/*",
-          action: "allow",
-        },
-      ]),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(deps.emitDecision).toHaveBeenCalledWith(
-      expect.objectContaining({
-        resolution: "session_approved",
-        matchedPattern: "/outside/project/*",
+  it("returns GateBypass respecting custom infraDirs", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({
+        toolName: "read",
+        input: { path: "/custom/infra/SKILL.md" },
       }),
+      ["/custom/infra"],
     );
+    expect(isGateBypass(result)).toBe(true);
   });
 
-  // ── Policy deny ──────────────────────────────────────────────────────────
-
-  it("blocks and emits policy_deny when policy is deny", async () => {
-    const deps = makeExtDirGateDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
-    expect(deps.emitDecision).toHaveBeenCalledWith(
-      expect.objectContaining({
-        surface: "external_directory",
-        result: "deny",
-        resolution: "policy_deny",
+  it("does NOT bypass for write tools targeting infra dirs", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({
+        toolName: "write",
+        input: { path: "/test/agent/git/some-file.ts", content: "x" },
       }),
+      ["/test/agent", "/test/agent/git"],
     );
+    // Should be a GateDescriptor (needs permission check), not a bypass
+    expect(result).not.toBeNull();
+    expect(isGateDescriptor(result)).toBe(true);
   });
 
-  // ── Policy ask — user approves once ──────────────────────────────────────
+  // ── GateDescriptor for external paths ─────────────────────────────────��
 
-  it("allows without recording session rule when user approves once", async () => {
-    const deps = makeExtDirGateDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved" }),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(deps.approveSessionRule).not.toHaveBeenCalled();
+  it("returns GateDescriptor with surface 'external_directory'", () => {
+    const result = describeExternalDirectoryGate(makeTcc(), ["/test/agent"]);
+    expect(isGateDescriptor(result)).toBe(true);
+    const desc = result as GateDescriptor;
+    expect(desc.surface).toBe("external_directory");
   });
 
-  // ── Policy ask — user approves for session ───────────────────────────────
+  it("decision value is the external path", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ input: { path: "/outside/project/file.ts" } }),
+      ["/test/agent"],
+    ) as GateDescriptor;
+    expect(result.decision.value).toBe("/outside/project/file.ts");
+    expect(result.decision.surface).toBe("external_directory");
+  });
 
-  it("records session rule when user approves for session", async () => {
-    const deps = makeExtDirGateDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved_for_session" }),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(deps.approveSessionRule).toHaveBeenCalledWith(
+  it("input contains normalized path for checkPermission", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ input: { path: "/outside/project/file.ts" } }),
+      ["/test/agent"],
+    ) as GateDescriptor;
+    expect(result.input).toHaveProperty("path");
+  });
+
+  it("sessionApproval uses deriveApprovalPattern", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ input: { path: "/outside/project/file.ts" } }),
+      ["/test/agent"],
+    ) as GateDescriptor;
+    expect(result.sessionApproval).toBeDefined();
+    expect(result.sessionApproval).toHaveProperty(
+      "surface",
       "external_directory",
-      expect.any(String),
     );
+    expect(result.sessionApproval).toHaveProperty("pattern");
   });
 
-  // ── Policy ask — user denies ─────────────────────────────────────────────
-
-  it("blocks and emits user_denied when user denies", async () => {
-    const deps = makeExtDirGateDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: false, state: "denied" }),
-    });
-    const tcc = makeTcc();
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
-    expect(deps.emitDecision).toHaveBeenCalledWith(
-      expect.objectContaining({
-        result: "deny",
-        resolution: "user_denied",
-      }),
+  it("messages contain the external path", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ input: { path: "/outside/project/file.ts" } }),
+      ["/test/agent"],
+    ) as GateDescriptor;
+    expect(result.messages.denyReason).toContain("/outside/project/file.ts");
+    expect(result.messages.unavailableReason).toContain(
+      "/outside/project/file.ts",
     );
   });
 
-  // ── Policy ask — no UI ───────────────────────────────────────────────────
+  it("promptDetails includes path and tool_call source", () => {
+    const result = describeExternalDirectoryGate(
+      makeTcc({ toolName: "read", agentName: "agent-1", toolCallId: "tc-5" }),
+      ["/test/agent"],
+    ) as GateDescriptor;
+    expect(result.promptDetails).toMatchObject({
+      source: "tool_call",
+      agentName: "agent-1",
+      toolCallId: "tc-5",
+      toolName: "read",
+      path: "/outside/project/file.ts",
+    });
+  });
 
-  it("blocks and emits confirmation_unavailable when no UI", async () => {
-    const deps = makeExtDirGateDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
-      canConfirm: vi.fn().mockReturnValue(false),
+  it("logContext includes path and message", () => {
+    const result = describeExternalDirectoryGate(makeTcc(), [
+      "/test/agent",
+    ]) as GateDescriptor;
+    expect(result.logContext).toMatchObject({
+      source: "tool_call",
+      path: "/outside/project/file.ts",
     });
-    const tcc = makeTcc();
-    const result = await evaluateExternalDirectoryGate(tcc, deps);
-    expect(result).toMatchObject({ action: "block" });
-    expect(deps.emitDecision).toHaveBeenCalledWith(
-      expect.objectContaining({
-        result: "deny",
-        resolution: "confirmation_unavailable",
-      }),
-    );
+    expect(result.logContext.message).toBeDefined();
   });
 });