@gotgenes/pi-permission-system 5.6.2 → 5.7.0

package/src/runtime.ts

@@ -11,6 +11,7 @@ import {
   type ExtensionContext,
   getAgentDir,
 } from "@mariozechner/pi-coding-agent";
+
 import {
   getActiveAgentName,
   getActiveAgentNameFromSystemPrompt,
@@ -19,7 +20,6 @@ import { loadAndMergeConfigs, loadUnifiedConfig } from "./config-loader";
 import {
   DEBUG_LOG_FILENAME,
   getGlobalConfigPath,
-  getGlobalLogsDir,
   getLegacyExtensionConfigPath,
   getLegacyGlobalPolicyPath,
   getLegacyProjectPolicyPath,
@@ -34,7 +34,10 @@ import {
   normalizePermissionSystemConfig,
   type PermissionSystemExtensionConfig,
 } from "./extension-config";
-import { discoverGlobalNodeModulesRoot } from "./external-directory";
+import { computeExtensionPaths, type ExtensionPaths } from "./extension-paths";
+
+export type { ExtensionPaths } from "./extension-paths";
+
 import {
   type PermissionForwardingDeps,
   processForwardedPermissionRequests,
@@ -73,22 +76,7 @@ export interface SessionState {
  * Tests construct this via `createExtensionRuntime({ agentDir: tmpDir })`
  * without timing issues around `PI_CODING_AGENT_DIR`.
  */
-export interface ExtensionRuntime extends SessionState {
-  // ── Immutable paths (derived from agentDir at construction) ───────────
-  readonly agentDir: string;
-  readonly sessionsDir: string;
-  readonly subagentSessionsDir: string;
-  readonly forwardingDir: string;
-  readonly globalLogsDir: string;
-  /**
-   * Static Pi infrastructure directories used for external-directory
-   * read auto-allow. Computed once at construction from `agentDir` and
-   * `discoverGlobalNodeModulesRoot()`. Config-based extras
-   * (`piInfrastructureReadPaths`) are read from `runtime.config` at
-   * call time in the handler so they pick up config reloads.
-   */
-  readonly piInfrastructureDirs: string[];
-
+export interface ExtensionRuntime extends ExtensionPaths, SessionState {
   // ── Mutable state (beyond SessionState) ───────────────────────────────────
   config: PermissionSystemExtensionConfig;
   lastConfigWarning: string | null;
@@ -353,27 +341,12 @@ export function createExtensionRuntime(options?: {
   agentDir?: string;
 }): ExtensionRuntime {
   const agentDir = options?.agentDir ?? getAgentDir();
-  const sessionsDir = join(agentDir, "sessions");
-  const subagentSessionsDir = join(agentDir, "subagent-sessions");
-  const forwardingDir = join(sessionsDir, "permission-forwarding");
-  const globalLogsDir = getGlobalLogsDir(agentDir);
-
-  const globalNodeModulesRoot = discoverGlobalNodeModulesRoot();
-  const piInfrastructureDirs: string[] = [
-    agentDir,
-    join(agentDir, "git"),
-    ...(globalNodeModulesRoot ? [globalNodeModulesRoot] : []),
-  ];
+  const paths = computeExtensionPaths(agentDir);
 
   // Build a plain-object runtime first so the logger's `getConfig` closure
   // can reference `runtime.config` directly (always reads current value).
   const runtime: ExtensionRuntime = {
-    agentDir,
-    sessionsDir,
-    subagentSessionsDir,
-    forwardingDir,
-    globalLogsDir,
-    piInfrastructureDirs,
+    ...paths,
     config: { ...DEFAULT_EXTENSION_CONFIG },
     runtimeContext: null,
     permissionManager: createPermissionManagerForCwd(agentDir, undefined),
@@ -395,10 +368,10 @@ export function createExtensionRuntime(options?: {
   const logger = createPermissionSystemLogger({
     // Reads runtime.config at call time — always current.
     getConfig: () => runtime.config,
-    debugLogPath: join(globalLogsDir, DEBUG_LOG_FILENAME),
-    reviewLogPath: join(globalLogsDir, REVIEW_LOG_FILENAME),
+    debugLogPath: join(paths.globalLogsDir, DEBUG_LOG_FILENAME),
+    reviewLogPath: join(paths.globalLogsDir, REVIEW_LOG_FILENAME),
     ensureLogsDirectory: () =>
-      ensurePermissionSystemLogsDirectory(globalLogsDir),
+      ensurePermissionSystemLogsDirectory(paths.globalLogsDir),
   });
 
   const reportLoggingWarning = (message: string): void => {

package/tests/bash-external-directory.test.ts

@@ -9,11 +9,11 @@ vi.mock("node:os", () => {
   };
 });
 
+import { extractExternalPathsFromBashCommand } from "../src/handlers/gates/bash-path-extractor";
 import {
-  extractExternalPathsFromBashCommand,
   formatBashExternalDirectoryAskPrompt,
   formatBashExternalDirectoryDenyReason,
-} from "../src/external-directory";
+} from "../src/handlers/gates/external-directory-messages";
 
 afterEach(() => {
   vi.restoreAllMocks();

package/tests/extension-paths.test.ts

@@ -0,0 +1,89 @@
+import { join } from "node:path";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+
+const { mockDiscoverGlobalNodeModulesRoot } = vi.hoisted(() => ({
+  mockDiscoverGlobalNodeModulesRoot: vi.fn<() => string | null>(),
+}));
+
+vi.mock("../src/node-modules-discovery", () => ({
+  discoverGlobalNodeModulesRoot: mockDiscoverGlobalNodeModulesRoot,
+}));
+
+import { getGlobalLogsDir } from "../src/config-paths";
+import { computeExtensionPaths } from "../src/extension-paths";
+
+describe("computeExtensionPaths", () => {
+  beforeEach(() => {
+    mockDiscoverGlobalNodeModulesRoot.mockReset();
+    mockDiscoverGlobalNodeModulesRoot.mockReturnValue(
+      "/mock/global/node_modules",
+    );
+  });
+
+  it("sets agentDir from argument", () => {
+    const paths = computeExtensionPaths("/test/agent");
+    expect(paths.agentDir).toBe("/test/agent");
+  });
+
+  it("derives sessionsDir as agentDir/sessions", () => {
+    const paths = computeExtensionPaths("/test/agent");
+    expect(paths.sessionsDir).toBe("/test/agent/sessions");
+  });
+
+  it("derives subagentSessionsDir as agentDir/subagent-sessions", () => {
+    const paths = computeExtensionPaths("/test/agent");
+    expect(paths.subagentSessionsDir).toBe("/test/agent/subagent-sessions");
+  });
+
+  it("derives forwardingDir as sessionsDir/permission-forwarding", () => {
+    const paths = computeExtensionPaths("/test/agent");
+    expect(paths.forwardingDir).toBe(
+      join("/test/agent/sessions", "permission-forwarding"),
+    );
+  });
+
+  it("derives globalLogsDir via getGlobalLogsDir(agentDir)", () => {
+    const paths = computeExtensionPaths("/test/agent");
+    expect(paths.globalLogsDir).toBe(getGlobalLogsDir("/test/agent"));
+  });
+
+  it("includes agentDir in piInfrastructureDirs", () => {
+    const paths = computeExtensionPaths("/test/agent");
+    expect(paths.piInfrastructureDirs).toContain("/test/agent");
+  });
+
+  it("includes agentDir/git in piInfrastructureDirs", () => {
+    const paths = computeExtensionPaths("/test/agent");
+    expect(paths.piInfrastructureDirs).toContain("/test/agent/git");
+  });
+
+  it("includes discovered global node_modules root in piInfrastructureDirs", () => {
+    const paths = computeExtensionPaths("/test/agent");
+    expect(paths.piInfrastructureDirs).toContain("/mock/global/node_modules");
+  });
+
+  it("omits global node_modules from piInfrastructureDirs when discovery returns null", () => {
+    mockDiscoverGlobalNodeModulesRoot.mockReturnValue(null);
+    const paths = computeExtensionPaths("/test/agent");
+    expect(paths.piInfrastructureDirs).toHaveLength(2);
+    expect(paths.piInfrastructureDirs).toContain("/test/agent");
+    expect(paths.piInfrastructureDirs).toContain("/test/agent/git");
+  });
+
+  it("all entries in piInfrastructureDirs are strings (no null)", () => {
+    mockDiscoverGlobalNodeModulesRoot.mockReturnValue(null);
+    const paths = computeExtensionPaths("/test/agent");
+    for (const dir of paths.piInfrastructureDirs) {
+      expect(typeof dir).toBe("string");
+    }
+  });
+
+  it("two calls with different agentDirs produce independent results", () => {
+    const a = computeExtensionPaths("/agent/a");
+    const b = computeExtensionPaths("/agent/b");
+    expect(a.agentDir).toBe("/agent/a");
+    expect(b.agentDir).toBe("/agent/b");
+    expect(a.sessionsDir).toBe("/agent/a/sessions");
+    expect(b.sessionsDir).toBe("/agent/b/sessions");
+  });
+});

package/tests/handlers/gates/external-directory-messages.test.ts

@@ -0,0 +1,137 @@
+import { describe, expect, test } from "vitest";
+
+import {
+  formatBashExternalDirectoryAskPrompt,
+  formatBashExternalDirectoryDenyReason,
+  formatExternalDirectoryAskPrompt,
+  formatExternalDirectoryDenyReason,
+  formatExternalDirectoryHardStopHint,
+  formatExternalDirectoryUserDeniedReason,
+} from "../../../src/handlers/gates/external-directory-messages";
+
+describe("formatExternalDirectoryHardStopHint", () => {
+  test("returns the hard stop instruction string", () => {
+    const hint = formatExternalDirectoryHardStopHint();
+    expect(hint).toContain("Hard stop");
+    expect(hint).toContain("external directory");
+  });
+});
+
+describe("formatExternalDirectoryAskPrompt", () => {
+  test("uses 'Current agent' when no agent name provided", () => {
+    const result = formatExternalDirectoryAskPrompt(
+      "read",
+      "/etc/passwd",
+      "/projects/my-app",
+    );
+    expect(result).toContain("Current agent");
+    expect(result).toContain("read");
+    expect(result).toContain("/etc/passwd");
+    expect(result).toContain("/projects/my-app");
+  });
+
+  test("uses agent name when provided", () => {
+    const result = formatExternalDirectoryAskPrompt(
+      "write",
+      "/tmp/out.txt",
+      "/projects/my-app",
+      "my-agent",
+    );
+    expect(result).toContain("Agent 'my-agent'");
+    expect(result).toContain("write");
+    expect(result).toContain("/tmp/out.txt");
+  });
+});
+
+describe("formatExternalDirectoryDenyReason", () => {
+  test("includes tool name, path, cwd, agent name, and hard stop hint", () => {
+    const result = formatExternalDirectoryDenyReason(
+      "read",
+      "/etc/passwd",
+      "/projects/my-app",
+      "sec-agent",
+    );
+    expect(result).toContain("Agent 'sec-agent'");
+    expect(result).toContain("read");
+    expect(result).toContain("/etc/passwd");
+    expect(result).toContain("/projects/my-app");
+    expect(result).toContain("Hard stop");
+  });
+
+  test("uses 'Current agent' without agent name", () => {
+    const result = formatExternalDirectoryDenyReason(
+      "read",
+      "/etc",
+      "/projects",
+    );
+    expect(result).toContain("Current agent");
+  });
+});
+
+describe("formatExternalDirectoryUserDeniedReason", () => {
+  test("includes tool name and path", () => {
+    const result = formatExternalDirectoryUserDeniedReason(
+      "edit",
+      "/etc/hosts",
+    );
+    expect(result).toContain("edit");
+    expect(result).toContain("/etc/hosts");
+    expect(result).toContain("Hard stop");
+  });
+
+  test("appends denial reason when provided", () => {
+    const result = formatExternalDirectoryUserDeniedReason(
+      "edit",
+      "/etc/hosts",
+      "too risky",
+    );
+    expect(result).toContain("Reason: too risky");
+  });
+
+  test("omits reason suffix when not provided", () => {
+    const result = formatExternalDirectoryUserDeniedReason(
+      "edit",
+      "/etc/hosts",
+    );
+    expect(result).not.toContain("Reason:");
+  });
+});
+
+describe("formatBashExternalDirectoryAskPrompt", () => {
+  test("includes command, paths, cwd, and agent name", () => {
+    const result = formatBashExternalDirectoryAskPrompt(
+      "cat /etc/passwd",
+      ["/etc/passwd"],
+      "/projects/my-app",
+      "my-agent",
+    );
+    expect(result).toContain("Agent 'my-agent'");
+    expect(result).toContain("cat /etc/passwd");
+    expect(result).toContain("/etc/passwd");
+    expect(result).toContain("/projects/my-app");
+  });
+
+  test("uses 'Current agent' when no agent name provided", () => {
+    const result = formatBashExternalDirectoryAskPrompt(
+      "ls /tmp",
+      ["/tmp"],
+      "/projects/my-app",
+    );
+    expect(result).toContain("Current agent");
+  });
+});
+
+describe("formatBashExternalDirectoryDenyReason", () => {
+  test("includes command, paths, cwd, agent name, and hard stop hint", () => {
+    const result = formatBashExternalDirectoryDenyReason(
+      "rm /etc/hosts",
+      ["/etc/hosts"],
+      "/projects/my-app",
+      "sec-agent",
+    );
+    expect(result).toContain("Agent 'sec-agent'");
+    expect(result).toContain("rm /etc/hosts");
+    expect(result).toContain("/etc/hosts");
+    expect(result).toContain("Hard stop");
+  });
+});

package/tests/node-modules-discovery.test.ts

@@ -0,0 +1,97 @@
+import { beforeEach, describe, expect, test, vi } from "vitest";
+
+// Hoisted stubs for mocks that reference them in vi.mock factories.
+const { mockSpawnSync, mockExistsSync } = vi.hoisted(() => ({
+  mockSpawnSync: vi.fn(),
+  mockExistsSync: vi.fn(),
+}));
+
+// Mock node:child_process so tests don't spawn real subprocesses.
+vi.mock("node:child_process", () => ({
+  spawnSync: mockSpawnSync,
+  default: { spawnSync: mockSpawnSync },
+}));
+
+// Mock node:fs so existsSync is controllable.
+vi.mock("node:fs", () => ({
+  existsSync: mockExistsSync,
+  default: { existsSync: mockExistsSync },
+}));
+
+import { discoverGlobalNodeModulesRoot } from "../src/node-modules-discovery";
+
+describe("discoverGlobalNodeModulesRoot", () => {
+  beforeEach(() => {
+    mockSpawnSync.mockReset();
+    mockExistsSync.mockReset();
+  });
+
+  test("returns node_modules root when URL is inside a node_modules tree", () => {
+    const fakeUrl =
+      "file:///opt/homebrew/lib/node_modules/@gotgenes/pi-permission-system/dist/external-directory.js";
+    const result = discoverGlobalNodeModulesRoot(fakeUrl);
+    expect(result).toBe("/opt/homebrew/lib/node_modules");
+    expect(mockSpawnSync).not.toHaveBeenCalled();
+  });
+
+  test("calls npm root -g as fallback when walk-up finds no node_modules ancestor", () => {
+    const npmRootPath = "/opt/homebrew/lib/node_modules";
+    mockSpawnSync.mockReturnValue({
+      status: 0,
+      stdout: `${npmRootPath}\n`,
+    });
+    mockExistsSync.mockReturnValue(true);
+
+    const fakeUrl = "file:///Users/dev/my-project/src/external-directory.ts";
+    const result = discoverGlobalNodeModulesRoot(fakeUrl);
+
+    expect(mockSpawnSync).toHaveBeenCalledWith(
+      "npm",
+      ["root", "-g"],
+      expect.objectContaining({ encoding: "utf-8" }),
+    );
+    expect(result).toBe(npmRootPath);
+  });
+
+  test("returns null when walk-up fails and npm root -g returns non-zero exit", () => {
+    mockSpawnSync.mockReturnValue({ status: 1, stdout: "" });
+
+    const fakeUrl = "file:///Users/dev/my-project/src/external-directory.ts";
+    const result = discoverGlobalNodeModulesRoot(fakeUrl);
+
+    expect(result).toBeNull();
+  });
+
+  test("returns null when walk-up fails and spawnSync throws", () => {
+    mockSpawnSync.mockImplementation(() => {
+      throw new Error("ENOENT");
+    });
+
+    const fakeUrl = "file:///Users/dev/my-project/src/external-directory.ts";
+    const result = discoverGlobalNodeModulesRoot(fakeUrl);
+
+    expect(result).toBeNull();
+  });
+
+  test("returns null when walk-up fails and npm root -g returns non-existent path", () => {
+    mockSpawnSync.mockReturnValue({
+      status: 0,
+      stdout: "/some/nonexistent/node_modules\n",
+    });
+    mockExistsSync.mockReturnValue(false);
+
+    const fakeUrl = "file:///Users/dev/my-project/src/external-directory.ts";
+    const result = discoverGlobalNodeModulesRoot(fakeUrl);
+
+    expect(result).toBeNull();
+  });
+
+  test("returns null when walk-up fails and npm root -g returns empty stdout", () => {
+    mockSpawnSync.mockReturnValue({ status: 0, stdout: "   " });
+
+    const fakeUrl = "file:///Users/dev/my-project/src/external-directory.ts";
+    const result = discoverGlobalNodeModulesRoot(fakeUrl);
+
+    expect(result).toBeNull();
+  });
+});

package/tests/path-utils.test.ts

@@ -11,8 +11,15 @@ vi.mock("node:os", () => {
 });
 
 import {
+  getPathBearingToolPath,
+  isPathOutsideWorkingDirectory,
   isPathWithinDirectory,
+  isPiInfrastructureRead,
+  isSafeSystemPath,
   normalizePathForComparison,
+  PATH_BEARING_TOOLS,
+  READ_ONLY_PATH_BEARING_TOOLS,
+  SAFE_SYSTEM_PATHS,
 } from "../src/path-utils";
 
 describe("normalizePathForComparison", () => {
@@ -90,3 +97,197 @@ describe("isPathWithinDirectory", () => {
     expect(isPathWithinDirectory("/a/b", "")).toBe(false);
   });
 });
+
+describe("PATH_BEARING_TOOLS", () => {
+  test("contains the expected tool names", () => {
+    for (const tool of ["read", "write", "edit", "find", "grep", "ls"]) {
+      expect(PATH_BEARING_TOOLS.has(tool)).toBe(true);
+    }
+  });
+
+  test("does not contain bash or mcp", () => {
+    expect(PATH_BEARING_TOOLS.has("bash")).toBe(false);
+    expect(PATH_BEARING_TOOLS.has("mcp")).toBe(false);
+  });
+});
+
+describe("READ_ONLY_PATH_BEARING_TOOLS", () => {
+  test("contains read, find, grep, ls", () => {
+    for (const tool of ["read", "find", "grep", "ls"]) {
+      expect(READ_ONLY_PATH_BEARING_TOOLS.has(tool)).toBe(true);
+    }
+  });
+
+  test("does not contain write or edit", () => {
+    expect(READ_ONLY_PATH_BEARING_TOOLS.has("write")).toBe(false);
+    expect(READ_ONLY_PATH_BEARING_TOOLS.has("edit")).toBe(false);
+  });
+});
+
+describe("SAFE_SYSTEM_PATHS", () => {
+  test("contains /dev/null, /dev/stdin, /dev/stdout, /dev/stderr", () => {
+    expect(SAFE_SYSTEM_PATHS.has("/dev/null")).toBe(true);
+    expect(SAFE_SYSTEM_PATHS.has("/dev/stdin")).toBe(true);
+    expect(SAFE_SYSTEM_PATHS.has("/dev/stdout")).toBe(true);
+    expect(SAFE_SYSTEM_PATHS.has("/dev/stderr")).toBe(true);
+  });
+});
+
+describe("isSafeSystemPath", () => {
+  test("returns true for /dev/null", () => {
+    expect(isSafeSystemPath("/dev/null")).toBe(true);
+  });
+
+  test("returns true for /dev/stdin", () => {
+    expect(isSafeSystemPath("/dev/stdin")).toBe(true);
+  });
+
+  test("returns true for /dev/stdout", () => {
+    expect(isSafeSystemPath("/dev/stdout")).toBe(true);
+  });
+
+  test("returns true for /dev/stderr", () => {
+    expect(isSafeSystemPath("/dev/stderr")).toBe(true);
+  });
+
+  test("returns false for an arbitrary absolute path", () => {
+    expect(isSafeSystemPath("/etc/passwd")).toBe(false);
+  });
+
+  test("returns false for a path prefixed with a safe system path", () => {
+    expect(isSafeSystemPath("/dev/null/subdir")).toBe(false);
+  });
+
+  test("returns false for an empty string", () => {
+    expect(isSafeSystemPath("")).toBe(false);
+  });
+
+  test("returns false for a relative path", () => {
+    expect(isSafeSystemPath("dev/null")).toBe(false);
+  });
+});
+
+describe("getPathBearingToolPath", () => {
+  test("returns path for a path-bearing tool", () => {
+    expect(getPathBearingToolPath("read", { path: "/src/foo.ts" })).toBe(
+      "/src/foo.ts",
+    );
+  });
+
+  test("returns null for a non-path-bearing tool", () => {
+    expect(getPathBearingToolPath("bash", { path: "/src/foo.ts" })).toBeNull();
+    expect(getPathBearingToolPath("mcp", { path: "/src/foo.ts" })).toBeNull();
+    expect(getPathBearingToolPath("task", { path: "/src/foo.ts" })).toBeNull();
+  });
+
+  test("returns null when input has no path", () => {
+    expect(getPathBearingToolPath("read", {})).toBeNull();
+    expect(getPathBearingToolPath("read", { path: "" })).toBeNull();
+    expect(getPathBearingToolPath("read", null)).toBeNull();
+  });
+});
+
+describe("isPathOutsideWorkingDirectory", () => {
+  const cwd = "/projects/my-app";
+
+  test("returns false when path is inside cwd", () => {
+    expect(isPathOutsideWorkingDirectory("/projects/my-app/src", cwd)).toBe(
+      false,
+    );
+  });
+
+  test("returns false when path equals cwd", () => {
+    expect(isPathOutsideWorkingDirectory("/projects/my-app", cwd)).toBe(false);
+  });
+
+  test("returns true when path is outside cwd", () => {
+    expect(isPathOutsideWorkingDirectory("/etc/passwd", cwd)).toBe(true);
+  });
+
+  test("returns true for home directory when outside cwd", () => {
+    expect(isPathOutsideWorkingDirectory("~/secrets", cwd)).toBe(true);
+  });
+
+  test("returns false for relative path resolving inside cwd", () => {
+    expect(isPathOutsideWorkingDirectory("src/index.ts", cwd)).toBe(false);
+  });
+
+  test("returns false for empty path (normalizes to empty string)", () => {
+    expect(isPathOutsideWorkingDirectory("", cwd)).toBe(false);
+  });
+
+  test("returns false for /dev/null regardless of cwd", () => {
+    expect(isPathOutsideWorkingDirectory("/dev/null", cwd)).toBe(false);
+  });
+
+  test("returns false for /dev/stdin regardless of cwd", () => {
+    expect(isPathOutsideWorkingDirectory("/dev/stdin", cwd)).toBe(false);
+  });
+
+  test("returns false for /dev/stdout regardless of cwd", () => {
+    expect(isPathOutsideWorkingDirectory("/dev/stdout", cwd)).toBe(false);
+  });
+
+  test("returns false for /dev/stderr regardless of cwd", () => {
+    expect(isPathOutsideWorkingDirectory("/dev/stderr", cwd)).toBe(false);
+  });
+
+  test("returns true for /dev/null/subdir (not a safe path)", () => {
+    expect(isPathOutsideWorkingDirectory("/dev/null/subdir", cwd)).toBe(true);
+  });
+});
+
+describe("isPiInfrastructureRead", () => {
+  const cwd = "/projects/my-app";
+  const infraDirs = ["/mock/home/.pi/agent"];
+
+  test("returns true for read-only tool reading from infra dir", () => {
+    expect(
+      isPiInfrastructureRead(
+        "read",
+        "/mock/home/.pi/agent/config.json",
+        infraDirs,
+        cwd,
+      ),
+    ).toBe(true);
+  });
+
+  test("returns false for write tool even in infra dir", () => {
+    expect(
+      isPiInfrastructureRead(
+        "write",
+        "/mock/home/.pi/agent/config.json",
+        infraDirs,
+        cwd,
+      ),
+    ).toBe(false);
+  });
+
+  test("returns true for read-only tool reading from project .pi/npm", () => {
+    expect(
+      isPiInfrastructureRead(
+        "read",
+        "/projects/my-app/.pi/npm/package.json",
+        [],
+        cwd,
+      ),
+    ).toBe(true);
+  });
+
+  test("returns true for read-only tool reading from project .pi/git", () => {
+    expect(
+      isPiInfrastructureRead(
+        "grep",
+        "/projects/my-app/.pi/git/some-file",
+        [],
+        cwd,
+      ),
+    ).toBe(true);
+  });
+
+  test("returns false for path outside all infra dirs and project dirs", () => {
+    expect(isPiInfrastructureRead("read", "/etc/passwd", infraDirs, cwd)).toBe(
+      false,
+    );
+  });
+});

package/tests/pi-infrastructure-read.test.ts

@@ -14,10 +14,8 @@ vi.mock("node:child_process", () => ({
   default: { spawnSync: mockSpawnSync },
 }));
 
-import {
-  discoverGlobalNodeModulesRoot,
-  isPiInfrastructureRead,
-} from "../src/external-directory";
+import { discoverGlobalNodeModulesRoot } from "../src/node-modules-discovery";
+import { isPiInfrastructureRead } from "../src/path-utils";
 
 // ── discoverGlobalNodeModulesRoot ──────────────────────────────────────────
 

package/tests/runtime.test.ts

@@ -67,7 +67,7 @@ vi.mock("../src/subagent-context", () => ({
   isSubagentExecutionContext: vi.fn().mockReturnValue(false),
 }));
 
-vi.mock("../src/external-directory", () => ({
+vi.mock("../src/node-modules-discovery", () => ({
   discoverGlobalNodeModulesRoot: mockDiscoverGlobalNodeModulesRoot,
 }));