@gotgenes/pi-permission-system 5.8.0 → 5.10.0

package/tests/handlers/before-agent-start.test.ts

@@ -6,9 +6,8 @@ import {
   shouldExposeTool,
 } from "../../src/handlers/before-agent-start";
 import type { HandlerDeps } from "../../src/handlers/types";
-import type { PermissionManager } from "../../src/permission-manager";
-import type { SessionState } from "../../src/runtime";
-import type { SkillPromptEntry } from "../../src/skill-prompt-sanitizer";
+import type { PermissionSession } from "../../src/permission-session";
+import type { PermissionState } from "../../src/types";
 
 // ── SDK stubs ──────────────────────────────────────────────────────────────
 vi.mock("@mariozechner/pi-coding-agent", async (importOriginal) => {
@@ -45,53 +44,36 @@ function makeEvent(systemPrompt = "You are an assistant.") {
   return { systemPrompt };
 }
 
-/** Minimal PermissionManager stub for shouldExposeTool / policy-cache tests. */
-function makePm(
-  toolPermission: "allow" | "deny" | "ask" = "allow",
-): PermissionManager {
+function makeSession(
+  overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
+): PermissionSession {
   return {
-    getToolPermission: vi.fn().mockReturnValue(toolPermission),
-    getPolicyCacheStamp: vi.fn().mockReturnValue("stamp-1"),
-    getConfigIssues: vi.fn().mockReturnValue([]),
+    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
+    activate: vi.fn(),
+    refreshConfig: vi.fn(),
+    resolveAgentName: vi.fn().mockReturnValue(null),
+    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
     checkPermission: vi.fn().mockReturnValue({ state: "allow" }),
-  } as unknown as PermissionManager;
-}
-
-function makeSession(overrides: Partial<SessionState> = {}): SessionState {
-  return {
-    runtimeContext: null,
-    permissionManager: makePm() as unknown as PermissionManager,
-    activeSkillEntries: [] as SkillPromptEntry[],
-    lastKnownActiveAgentName: null,
-    lastActiveToolsCacheKey: null,
-    lastPromptStateCacheKey: null,
-    sessionRules: {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    } as unknown as SessionState["sessionRules"],
+    shouldUpdateActiveTools: vi.fn().mockReturnValue(true),
+    commitActiveToolsCacheKey: vi.fn(),
+    getPolicyCacheStamp: vi.fn().mockReturnValue("stamp-1"),
+    shouldUpdatePromptState: vi.fn().mockReturnValue(true),
+    commitPromptStateCacheKey: vi.fn(),
+    setActiveSkillEntries: vi.fn(),
+    getActiveSkillEntries: vi.fn().mockReturnValue([]),
     ...overrides,
-  };
+  } as unknown as PermissionSession;
 }
 
 function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
   return {
     session: makeSession(),
-    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    piInfrastructureDirs: ["/test/agent", "/test/agent/git"],
-    getPiInfrastructureReadPaths: vi.fn().mockReturnValue([]),
-    createPermissionManagerForCwd: vi.fn().mockReturnValue(makePm()),
-    refreshExtensionConfig: vi.fn(),
-    logResolvedConfigPaths: vi.fn(),
-    resolveAgentName: vi.fn().mockReturnValue(null),
+    events: { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) },
     canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
     promptPermission: vi
       .fn()
       .mockResolvedValue({ approved: true, state: "approved" }),
     createPermissionRequestId: vi.fn().mockReturnValue("test-id"),
-    events: { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) },
-    startForwardedPermissionPolling: vi.fn(),
-    stopForwardedPermissionPolling: vi.fn(),
     stopPermissionRpcHandlers: vi.fn(),
     getAllTools: vi.fn().mockReturnValue([]),
     setActiveTools: vi.fn(),
@@ -103,48 +85,48 @@ function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
 
 describe("shouldExposeTool", () => {
   it("returns true when tool permission is allow", () => {
-    const pm = makePm("allow");
-    expect(shouldExposeTool("read", null, pm)).toBe(true);
+    const getter = vi.fn().mockReturnValue("allow");
+    expect(shouldExposeTool("read", null, getter)).toBe(true);
   });
 
   it("returns true when tool permission is ask", () => {
-    const pm = makePm("ask");
-    expect(shouldExposeTool("bash", "agent-x", pm)).toBe(true);
+    const getter = vi.fn().mockReturnValue("ask");
+    expect(shouldExposeTool("bash", "agent-x", getter)).toBe(true);
   });
 
   it("returns false when tool permission is deny", () => {
-    const pm = makePm("deny");
-    expect(shouldExposeTool("write", null, pm)).toBe(false);
+    const getter = vi.fn().mockReturnValue("deny");
+    expect(shouldExposeTool("write", null, getter)).toBe(false);
   });
 
   it("passes agentName through to getToolPermission", () => {
-    const pm = makePm("allow");
-    shouldExposeTool("read", "my-agent", pm);
-    expect(pm.getToolPermission).toHaveBeenCalledWith("read", "my-agent");
+    const getter = vi.fn().mockReturnValue("allow");
+    shouldExposeTool("read", "my-agent", getter);
+    expect(getter).toHaveBeenCalledWith("read", "my-agent");
   });
 
   it("converts null agentName to undefined for getToolPermission", () => {
-    const pm = makePm("allow");
-    shouldExposeTool("read", null, pm);
-    expect(pm.getToolPermission).toHaveBeenCalledWith("read", undefined);
+    const getter = vi.fn().mockReturnValue("allow");
+    shouldExposeTool("read", null, getter);
+    expect(getter).toHaveBeenCalledWith("read", undefined);
   });
 });
 
 // ── handleBeforeAgentStart ─────────────────────────────────────────────────
 
 describe("handleBeforeAgentStart", () => {
-  it("refreshes extension config with ctx", async () => {
+  it("activates the session with ctx", async () => {
     const ctx = makeCtx();
     const deps = makeDeps();
     await handleBeforeAgentStart(deps, makeEvent(), ctx);
-    expect(deps.refreshExtensionConfig).toHaveBeenCalledWith(ctx);
+    expect(deps.session.activate).toHaveBeenCalledWith(ctx);
   });
 
-  it("starts forwarded permission polling", async () => {
+  it("refreshes config with ctx", async () => {
     const ctx = makeCtx();
     const deps = makeDeps();
     await handleBeforeAgentStart(deps, makeEvent(), ctx);
-    expect(deps.startForwardedPermissionPolling).toHaveBeenCalledWith(ctx);
+    expect(deps.session.refreshConfig).toHaveBeenCalledWith(ctx);
   });
 
   it("resolves agent name using systemPrompt", async () => {
@@ -155,33 +137,28 @@ describe("handleBeforeAgentStart", () => {
       makeEvent("<active_agent name='x'>"),
       ctx,
     );
-    expect(deps.resolveAgentName).toHaveBeenCalledWith(
+    expect(deps.session.resolveAgentName).toHaveBeenCalledWith(
       ctx,
       "<active_agent name='x'>",
     );
   });
 
   it("filters out denied tools from allowed list", async () => {
-    const pm = makePm("deny");
+    const session = makeSession({
+      getToolPermission: vi.fn().mockReturnValue("deny"),
+    });
     const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as PermissionManager,
-      }),
+      session,
       getAllTools: vi
         .fn()
         .mockReturnValue([{ name: "write" }, { name: "read" }]),
     });
-    // write is deny, read is deny (same pm stub — both denied)
     await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
     expect(deps.setActiveTools).toHaveBeenCalledWith([]);
   });
 
   it("includes allowed and ask tools in the active list", async () => {
-    const pm = makePm("allow");
     const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as PermissionManager,
-      }),
       getAllTools: vi
         .fn()
         .mockReturnValue([{ name: "read" }, { name: "write" }]),
@@ -190,31 +167,59 @@ describe("handleBeforeAgentStart", () => {
     expect(deps.setActiveTools).toHaveBeenCalledWith(["read", "write"]);
   });
 
-  it("updates the active-tools cache key after applying", async () => {
+  it("commits active-tools cache key after applying", async () => {
     const deps = makeDeps({
       getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
     });
     await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
-    expect(deps.session.lastActiveToolsCacheKey).not.toBeNull();
+    expect(deps.session.commitActiveToolsCacheKey).toHaveBeenCalled();
   });
 
   it("skips setActiveTools when cache key is unchanged", async () => {
-    // Pre-populate the cache key to match what would be computed for ["read"]
-    const { createActiveToolsCacheKey } = await import(
-      "../../src/before-agent-start-cache"
-    );
-    const key = createActiveToolsCacheKey(["read"]);
+    const session = makeSession({
+      shouldUpdateActiveTools: vi.fn().mockReturnValue(false),
+    });
     const deps = makeDeps({
-      session: makeSession({ lastActiveToolsCacheKey: key }),
+      session,
       getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
     });
     await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
     expect(deps.setActiveTools).not.toHaveBeenCalled();
+    expect(session.commitActiveToolsCacheKey).not.toHaveBeenCalled();
+  });
+
+  it("returns empty object when prompt cache is unchanged", async () => {
+    const session = makeSession({
+      shouldUpdatePromptState: vi.fn().mockReturnValue(false),
+    });
+    const deps = makeDeps({
+      session,
+      getAllTools: vi.fn().mockReturnValue([]),
+    });
+    const result = await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
+    expect(result).toEqual({});
+    expect(session.commitPromptStateCacheKey).not.toHaveBeenCalled();
   });
 
-  it("updates the prompt-state cache key and returns modified systemPrompt", async () => {
-    // Provide a systemPrompt that sanitizeAvailableToolsSection will modify:
-    // it strips denied tools from the "Available tools:" section.
+  it("commits prompt-state cache key and processes prompt when cache is new", async () => {
+    const deps = makeDeps({
+      getAllTools: vi.fn().mockReturnValue([]),
+    });
+    await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
+    expect(deps.session.commitPromptStateCacheKey).toHaveBeenCalled();
+  });
+
+  it("stores resolved skill entries on the session", async () => {
+    const deps = makeDeps({
+      getAllTools: vi.fn().mockReturnValue([]),
+    });
+    await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
+    expect(deps.session.setActiveSkillEntries).toHaveBeenCalledWith(
+      expect.any(Array),
+    );
+  });
+
+  it("returns modified systemPrompt when prompt changes", async () => {
     const systemPrompt = `You are an assistant.\n\nAvailable tools:\n- read\n- write\n`;
     const deps = makeDeps({
       getAllTools: vi.fn().mockReturnValue([]),
@@ -224,9 +229,7 @@ describe("handleBeforeAgentStart", () => {
       makeEvent(systemPrompt),
       makeCtx(),
     );
-    // The prompt was modified, so systemPrompt should be returned
     expect(result).toHaveProperty("systemPrompt");
-    expect(deps.session.lastPromptStateCacheKey).not.toBeNull();
   });
 
   it("returns empty object when systemPrompt is unchanged", async () => {
@@ -241,39 +244,4 @@ describe("handleBeforeAgentStart", () => {
     );
     expect(result).toEqual({});
   });
-
-  it("stores resolved skill entries on deps", async () => {
-    const deps = makeDeps({
-      getAllTools: vi.fn().mockReturnValue([]),
-    });
-    await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
-    expect(deps.session.activeSkillEntries).toEqual(expect.any(Array));
-  });
-
-  it("returns empty object and skips prompt work when prompt cache key is unchanged", async () => {
-    const { createBeforeAgentStartPromptStateKey } = await import(
-      "../../src/before-agent-start-cache"
-    );
-    const pm = makePm("allow");
-    const ctx = makeCtx({ cwd: "/proj" });
-    const allowedTools: string[] = ["read"];
-    const key = createBeforeAgentStartPromptStateKey({
-      agentName: null,
-      cwd: "/proj",
-      permissionStamp: "stamp-1",
-      systemPrompt: "hello",
-      allowedToolNames: allowedTools,
-    });
-    const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as PermissionManager,
-        lastPromptStateCacheKey: key,
-      }),
-      getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
-    });
-    const result = await handleBeforeAgentStart(deps, makeEvent("hello"), ctx);
-    expect(result).toEqual({});
-    // activeSkillEntries was not assigned by the handler (early return)
-    expect(deps.session.activeSkillEntries).toEqual([]);
-  });
 });

package/tests/handlers/input-events.test.ts

@@ -8,7 +8,8 @@ import { handleInput } from "../../src/handlers/input";
 import type { HandlerDeps } from "../../src/handlers/types";
 import type { PermissionDecisionEvent } from "../../src/permission-events";
 import { PERMISSIONS_DECISION_CHANNEL } from "../../src/permission-events";
-import type { SessionState } from "../../src/runtime";
+import type { PermissionSession } from "../../src/permission-session";
+import type { PermissionState } from "../../src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
@@ -38,28 +39,24 @@ function makeCtx(overrides: Partial<ExtensionContext> = {}): ExtensionContext {
   } as unknown as ExtensionContext;
 }
 
-function makeSession(state: "allow" | "deny" | "ask" = "allow"): SessionState {
+function makeSession(
+  state: "allow" | "deny" | "ask" = "allow",
+): PermissionSession {
   return {
-    runtimeContext: null,
-    permissionManager: {
-      checkPermission: vi.fn().mockReturnValue({
-        state,
-        toolName: "skill",
-        source: "skill",
-        origin: "global",
-        matchedPattern: "*",
-      }),
-    } as unknown as SessionState["permissionManager"],
-    activeSkillEntries: [],
-    lastKnownActiveAgentName: null,
-    lastActiveToolsCacheKey: null,
-    lastPromptStateCacheKey: null,
-    sessionRules: {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    } as unknown as SessionState["sessionRules"],
-  };
+    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
+    activate: vi.fn(),
+    resolveAgentName: vi.fn().mockReturnValue(null),
+    checkPermission: vi.fn().mockReturnValue({
+      state,
+      toolName: "skill",
+      source: "skill",
+      origin: "global",
+      matchedPattern: "*",
+    }),
+    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getSessionRuleset: vi.fn().mockReturnValue([]),
+    approveSessionRule: vi.fn(),
+  } as unknown as PermissionSession;
 }
 
 function makeDeps(
@@ -68,21 +65,12 @@ function makeDeps(
 ): HandlerDeps {
   return {
     session: makeSession(state),
-    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    piInfrastructureDirs: ["/test/agent"],
-    getPiInfrastructureReadPaths: vi.fn().mockReturnValue([]),
     events: makeEvents(),
-    createPermissionManagerForCwd: vi.fn(),
-    refreshExtensionConfig: vi.fn(),
-    logResolvedConfigPaths: vi.fn(),
-    resolveAgentName: vi.fn().mockReturnValue(null),
     canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
     promptPermission: vi
       .fn()
       .mockResolvedValue({ approved: true, state: "approved" }),
     createPermissionRequestId: vi.fn().mockReturnValue("req-id"),
-    startForwardedPermissionPolling: vi.fn(),
-    stopForwardedPermissionPolling: vi.fn(),
     stopPermissionRpcHandlers: vi.fn(),
     getAllTools: vi.fn().mockReturnValue([]),
     setActiveTools: vi.fn(),
@@ -192,7 +180,6 @@ describe("handleInput decision events — skill gate", () => {
 
   it("emits allow with auto_approved when promptPermission returns autoApproved:true", async () => {
     const deps = makeDeps("ask", {
-      // Simulate what PermissionPrompter returns in yolo mode
       promptPermission: vi.fn().mockResolvedValue({
         approved: true,
         state: "approved",

package/tests/handlers/input.test.ts

@@ -6,8 +6,8 @@ import {
   handleInput,
 } from "../../src/handlers/input";
 import type { HandlerDeps } from "../../src/handlers/types";
-import type { SessionState } from "../../src/runtime";
-import type { SkillPromptEntry } from "../../src/skill-prompt-sanitizer";
+import type { PermissionSession } from "../../src/permission-session";
+import type { PermissionState } from "../../src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
@@ -34,43 +34,30 @@ function makeInputEvent(text: string) {
   return { text };
 }
 
-function makeSession(overrides: Partial<SessionState> = {}): SessionState {
+function makeSession(
+  overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
+): PermissionSession {
   return {
-    runtimeContext: null,
-    permissionManager: {
-      checkPermission: vi.fn().mockReturnValue({ state: "allow" }),
-    } as unknown as SessionState["permissionManager"],
-    activeSkillEntries: [] as SkillPromptEntry[],
-    lastKnownActiveAgentName: null,
-    lastActiveToolsCacheKey: null,
-    lastPromptStateCacheKey: null,
-    sessionRules: {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    } as unknown as SessionState["sessionRules"],
+    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
+    activate: vi.fn(),
+    resolveAgentName: vi.fn().mockReturnValue(null),
+    checkPermission: vi.fn().mockReturnValue({ state: "allow" }),
+    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getSessionRuleset: vi.fn().mockReturnValue([]),
+    approveSessionRule: vi.fn(),
     ...overrides,
-  };
+  } as unknown as PermissionSession;
 }
 
 function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
   return {
     session: makeSession(),
-    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    piInfrastructureDirs: ["/test/agent", "/test/agent/git"],
-    getPiInfrastructureReadPaths: vi.fn().mockReturnValue([]),
-    createPermissionManagerForCwd: vi.fn(),
-    refreshExtensionConfig: vi.fn(),
-    logResolvedConfigPaths: vi.fn(),
-    resolveAgentName: vi.fn().mockReturnValue(null),
+    events: { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) },
     canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
     promptPermission: vi
       .fn()
       .mockResolvedValue({ approved: true, state: "approved" }),
     createPermissionRequestId: vi.fn().mockReturnValue("req-id"),
-    events: { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) },
-    startForwardedPermissionPolling: vi.fn(),
-    stopForwardedPermissionPolling: vi.fn(),
     stopPermissionRpcHandlers: vi.fn(),
     getAllTools: vi.fn().mockReturnValue([]),
     setActiveTools: vi.fn(),
@@ -115,18 +102,11 @@ describe("extractSkillNameFromInput", () => {
 // ── handleInput ───────────────────────────────────────────────────────────
 
 describe("handleInput", () => {
-  it("sets runtime context", async () => {
+  it("activates session with ctx", async () => {
     const ctx = makeCtx();
     const deps = makeDeps();
     await handleInput(deps, makeInputEvent("hello"), ctx);
-    expect(deps.session.runtimeContext).toBe(ctx);
-  });
-
-  it("starts forwarded permission polling", async () => {
-    const ctx = makeCtx();
-    const deps = makeDeps();
-    await handleInput(deps, makeInputEvent("hello"), ctx);
-    expect(deps.startForwardedPermissionPolling).toHaveBeenCalledWith(ctx);
+    expect(deps.session.activate).toHaveBeenCalledWith(ctx);
   });
 
   it("returns continue for non-skill input", async () => {
@@ -142,14 +122,11 @@ describe("handleInput", () => {
   it("does not check permissions for non-skill input", async () => {
     const deps = makeDeps();
     await handleInput(deps, makeInputEvent("just a message"), makeCtx());
-    expect(
-      deps.session.permissionManager.checkPermission,
-    ).not.toHaveBeenCalled();
+    expect(deps.session.checkPermission).not.toHaveBeenCalled();
   });
 
   it("returns continue when skill is allowed", async () => {
     const deps = makeDeps();
-    // default makeRuntime() has checkPermission → { state: "allow" }
     const result = await handleInput(
       deps,
       makeInputEvent("/skill:librarian"),
@@ -159,14 +136,10 @@ describe("handleInput", () => {
   });
 
   it("returns handled when skill is denied", async () => {
-    const pm = {
+    const session = makeSession({
       checkPermission: vi.fn().mockReturnValue({ state: "deny" }),
-    };
-    const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as SessionState["permissionManager"],
-      }),
     });
+    const deps = makeDeps({ session });
     const result = await handleInput(
       deps,
       makeInputEvent("/skill:librarian"),
@@ -177,14 +150,10 @@ describe("handleInput", () => {
 
   it("shows a warning notification when skill is denied and UI is available", async () => {
     const ctx = makeCtx({ hasUI: true });
-    const pm = {
+    const session = makeSession({
       checkPermission: vi.fn().mockReturnValue({ state: "deny" }),
-    };
-    const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as SessionState["permissionManager"],
-      }),
     });
+    const deps = makeDeps({ session });
     await handleInput(deps, makeInputEvent("/skill:librarian"), ctx);
     expect(ctx.ui.notify).toHaveBeenCalledWith(
       expect.stringContaining("librarian"),
@@ -194,22 +163,20 @@ describe("handleInput", () => {
 
   it("does not show a warning notification when skill is denied and UI is absent", async () => {
     const ctx = makeCtx({ hasUI: false });
-    const pm = { checkPermission: vi.fn().mockReturnValue({ state: "deny" }) };
-    const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as SessionState["permissionManager"],
-      }),
+    const session = makeSession({
+      checkPermission: vi.fn().mockReturnValue({ state: "deny" }),
     });
+    const deps = makeDeps({ session });
     await handleInput(deps, makeInputEvent("/skill:librarian"), ctx);
     expect(ctx.ui.notify).not.toHaveBeenCalled();
   });
 
   it("returns handled when skill requires approval but no UI is available", async () => {
-    const pm = { checkPermission: vi.fn().mockReturnValue({ state: "ask" }) };
+    const session = makeSession({
+      checkPermission: vi.fn().mockReturnValue({ state: "ask" }),
+    });
     const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as SessionState["permissionManager"],
-      }),
+      session,
       canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
     });
     const result = await handleInput(
@@ -221,11 +188,11 @@ describe("handleInput", () => {
   });
 
   it("prompts and returns continue when skill ask is approved", async () => {
-    const pm = { checkPermission: vi.fn().mockReturnValue({ state: "ask" }) };
+    const session = makeSession({
+      checkPermission: vi.fn().mockReturnValue({ state: "ask" }),
+    });
     const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as SessionState["permissionManager"],
-      }),
+      session,
       canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
       promptPermission: vi
         .fn()
@@ -241,11 +208,11 @@ describe("handleInput", () => {
   });
 
   it("returns handled when skill ask is denied by user", async () => {
-    const pm = { checkPermission: vi.fn().mockReturnValue({ state: "ask" }) };
+    const session = makeSession({
+      checkPermission: vi.fn().mockReturnValue({ state: "ask" }),
+    });
     const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as SessionState["permissionManager"],
-      }),
+      session,
       canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
       promptPermission: vi
         .fn()
@@ -260,12 +227,12 @@ describe("handleInput", () => {
   });
 
   it("passes agentName in the prompt permission request", async () => {
-    const pm = { checkPermission: vi.fn().mockReturnValue({ state: "ask" }) };
-    const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as SessionState["permissionManager"],
-      }),
+    const session = makeSession({
+      checkPermission: vi.fn().mockReturnValue({ state: "ask" }),
       resolveAgentName: vi.fn().mockReturnValue("code-agent"),
+    });
+    const deps = makeDeps({
+      session,
       canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
       promptPermission: vi
         .fn()