@gotgenes/pi-permission-system 5.9.0 → 5.10.0

package/src/permission-session.ts

@@ -0,0 +1,252 @@
+import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
+
+import {
+  getActiveAgentName,
+  getActiveAgentNameFromSystemPrompt,
+} from "./active-agent";
+import type { PermissionSystemExtensionConfig } from "./extension-config";
+import type { ExtensionPaths } from "./extension-paths";
+import type { ForwardingController } from "./forwarding-manager";
+import type { PermissionManager } from "./permission-manager";
+import type { Rule } from "./rule";
+import { createPermissionManagerForCwd } from "./runtime";
+import type { SessionLogger } from "./session-logger";
+import { SessionRules } from "./session-rules";
+import type { SkillPromptEntry } from "./skill-prompt-sanitizer";
+import type { PermissionCheckResult, PermissionState } from "./types";
+
+/**
+ * Runtime operations that `PermissionSession` delegates to but does not own.
+ *
+ * Injected at construction time from the composition root (`index.ts`),
+ * where the `ExtensionRuntime` is available.
+ */
+export interface PermissionSessionRuntimeDeps {
+  /** Reload merged config from disk; optionally update the stored runtime context. */
+  refreshExtensionConfig(ctx?: ExtensionContext): void;
+  /** Write the resolved config path set to the review and debug logs. */
+  logResolvedConfigPaths(): void;
+  /** Read current extension config (called at query time). */
+  getConfig(): PermissionSystemExtensionConfig;
+}
+
+/**
+ * Encapsulates all mutable session state and exposes operations instead of
+ * fields.
+ *
+ * Replaces the `SessionState` interface + scattered handler field mutations
+ * with a single class that owns the `PermissionManager`, `SessionRules`,
+ * cache keys, skill entries, and runtime context.
+ *
+ * Constructor deps:
+ * - `ExtensionPaths` — immutable path constants
+ * - `SessionLogger` — debug + review + warn
+ * - `ForwardingController` — polling lifecycle
+ * - `PermissionSessionRuntimeDeps` — config refresh + log delegates
+ */
+export class PermissionSession {
+  private context: ExtensionContext | null = null;
+  private permissionManager: PermissionManager;
+  private readonly sessionRules = new SessionRules();
+  private skillEntries: SkillPromptEntry[] = [];
+  private knownAgentName: string | null = null;
+  private toolsCacheKey: string | null = null;
+  private promptCacheKey: string | null = null;
+
+  constructor(
+    private readonly paths: ExtensionPaths,
+    readonly logger: SessionLogger,
+    private readonly forwarding: ForwardingController,
+    private readonly runtimeDeps: PermissionSessionRuntimeDeps,
+  ) {
+    this.permissionManager = createPermissionManagerForCwd(
+      paths.agentDir,
+      undefined,
+    );
+  }
+
+  // ── Context lifecycle ──────────────────────────────────────────────────
+
+  /** Store the current extension context and start forwarding. */
+  activate(ctx: ExtensionContext): void {
+    this.context = ctx;
+    this.forwarding.start(ctx);
+  }
+
+  /** Clear the context and stop forwarding. */
+  deactivate(): void {
+    this.context = null;
+    this.forwarding.stop();
+  }
+
+  /** Return the current runtime context, or null if not activated. */
+  getRuntimeContext(): ExtensionContext | null {
+    return this.context;
+  }
+
+  // ── Permission checking (delegates to PermissionManager) ───────────────
+
+  checkPermission(
+    surface: string,
+    input: unknown,
+    agentName?: string,
+    sessionRules?: Rule[],
+  ): PermissionCheckResult {
+    return this.permissionManager.checkPermission(
+      surface,
+      input,
+      agentName,
+      sessionRules,
+    );
+  }
+
+  getToolPermission(toolName: string, agentName?: string): PermissionState {
+    return this.permissionManager.getToolPermission(toolName, agentName);
+  }
+
+  getConfigIssues(agentName?: string): string[] {
+    return this.permissionManager.getConfigIssues(agentName);
+  }
+
+  getPolicyCacheStamp(agentName?: string): string {
+    return this.permissionManager.getPolicyCacheStamp(agentName);
+  }
+
+  // ── Session rules (delegates to SessionRules) ──────────────────────────
+
+  getSessionRuleset(): Rule[] {
+    return this.sessionRules.getRuleset();
+  }
+
+  approveSessionRule(surface: string, pattern: string): void {
+    this.sessionRules.approve(surface, pattern);
+  }
+
+  // ── Session lifecycle ────────────────────────────────────────────────────
+
+  /**
+   * Reset all mutable state for a new session.
+   *
+   * Creates a fresh PermissionManager scoped to `ctx.cwd`, clears caches,
+   * skill entries, and activates the new context.
+   */
+  resetForNewSession(ctx: ExtensionContext): void {
+    this.permissionManager = createPermissionManagerForCwd(
+      this.paths.agentDir,
+      ctx.cwd,
+    );
+    this.skillEntries = [];
+    this.toolsCacheKey = null;
+    this.promptCacheKey = null;
+    this.activate(ctx);
+  }
+
+  /**
+   * Shut down the session: clear rules, caches, skill entries, and
+   * deactivate context + forwarding.
+   */
+  shutdown(): void {
+    this.sessionRules.clear();
+    this.skillEntries = [];
+    this.toolsCacheKey = null;
+    this.promptCacheKey = null;
+    this.deactivate();
+  }
+
+  /**
+   * Reload permission manager and clear caches for the current context.
+   * Used on config reload (e.g. `resources_discover` with reason "reload").
+   */
+  reload(): void {
+    this.permissionManager = createPermissionManagerForCwd(
+      this.paths.agentDir,
+      this.context?.cwd,
+    );
+    this.skillEntries = [];
+    this.toolsCacheKey = null;
+    this.promptCacheKey = null;
+  }
+
+  // ── Agent-start caching ────────────────────────────────────────────────
+
+  shouldUpdateActiveTools(cacheKey: string): boolean {
+    return this.toolsCacheKey !== cacheKey;
+  }
+
+  commitActiveToolsCacheKey(cacheKey: string): void {
+    this.toolsCacheKey = cacheKey;
+  }
+
+  shouldUpdatePromptState(cacheKey: string): boolean {
+    return this.promptCacheKey !== cacheKey;
+  }
+
+  commitPromptStateCacheKey(cacheKey: string): void {
+    this.promptCacheKey = cacheKey;
+  }
+
+  // ── Skill entries ──────────────────────────────────────────────────────
+
+  getActiveSkillEntries(): SkillPromptEntry[] {
+    return this.skillEntries;
+  }
+
+  setActiveSkillEntries(entries: SkillPromptEntry[]): void {
+    this.skillEntries = entries;
+  }
+
+  // ── Agent name ─────────────────────────────────────────────────────────
+
+  /**
+   * Resolve the active agent name from the session context, system prompt,
+   * or last known name. Updates lastKnownActiveAgentName as a side effect.
+   */
+  resolveAgentName(
+    ctx: ExtensionContext,
+    systemPrompt?: string,
+  ): string | null {
+    const fromSession = getActiveAgentName(ctx);
+    if (fromSession) {
+      this.knownAgentName = fromSession;
+      return fromSession;
+    }
+    const fromSystemPrompt = getActiveAgentNameFromSystemPrompt(systemPrompt);
+    if (fromSystemPrompt) {
+      this.knownAgentName = fromSystemPrompt;
+      return fromSystemPrompt;
+    }
+    return this.knownAgentName;
+  }
+
+  get lastKnownActiveAgentName(): string | null {
+    return this.knownAgentName;
+  }
+
+  // ── Config ─────────────────────────────────────────────────────────────
+
+  /** Reload merged config from disk; optionally update the stored runtime context. */
+  refreshConfig(ctx?: ExtensionContext): void {
+    this.runtimeDeps.refreshExtensionConfig(ctx);
+  }
+
+  /** Write the resolved config path set to the review and debug logs. */
+  logResolvedConfigPaths(): void {
+    this.runtimeDeps.logResolvedConfigPaths();
+  }
+
+  /** Read current extension config. */
+  get config(): PermissionSystemExtensionConfig {
+    return this.runtimeDeps.getConfig();
+  }
+
+  // ── Infrastructure paths ───────────────────────────────────────────────
+
+  getInfrastructureDirs(): readonly string[] {
+    return this.paths.piInfrastructureDirs;
+  }
+
+  /** Config-derived infrastructure read paths (current at call time). */
+  getInfrastructureReadPaths(): string[] {
+    return this.config.piInfrastructureReadPaths ?? [];
+  }
+}

package/src/runtime.ts

@@ -12,10 +12,6 @@ import {
   getAgentDir,
 } from "@mariozechner/pi-coding-agent";
 
-import {
-  getActiveAgentName,
-  getActiveAgentNameFromSystemPrompt,
-} from "./active-agent";
 import { loadAndMergeConfigs, loadUnifiedConfig } from "./config-loader";
 import {
   DEBUG_LOG_FILENAME,
@@ -45,11 +41,12 @@ import type { SkillPromptEntry } from "./skill-prompt-sanitizer";
 import { syncPermissionSystemStatus } from "./status";
 
 /**
- * Mutable session state — the subset of ExtensionRuntime that handlers
- * read and write. Lifecycle handlers reset fields here on session
- * start/shutdown; gate adapters read permissionManager and sessionRules.
+ * Mutable session state — the subset of ExtensionRuntime that holds
+ * per-session fields. `PermissionSession` now owns these for handler
+ * use; this interface remains so `ExtensionRuntime` can still serve
+ * as the internal composition root (config-modal, RPC handlers).
  */
-export interface SessionState {
+interface SessionState {
   runtimeContext: ExtensionContext | null;
   permissionManager: PermissionManager;
   readonly sessionRules: SessionRules;
@@ -209,28 +206,6 @@ export function saveExtensionConfig(
   });
 }
 
-/**
- * Resolve the active agent name from the Pi session, system prompt, or last
- * known name. Updates `runtime.lastKnownActiveAgentName` as a side effect.
- */
-export function resolveAgentName(
-  runtime: ExtensionRuntime,
-  ctx: ExtensionContext,
-  systemPrompt?: string,
-): string | null {
-  const fromSession = getActiveAgentName(ctx);
-  if (fromSession) {
-    runtime.lastKnownActiveAgentName = fromSession;
-    return fromSession;
-  }
-  const fromSystemPrompt = getActiveAgentNameFromSystemPrompt(systemPrompt);
-  if (fromSystemPrompt) {
-    runtime.lastKnownActiveAgentName = fromSystemPrompt;
-    return fromSystemPrompt;
-  }
-  return runtime.lastKnownActiveAgentName;
-}
-
 /**
  * Write the resolved config path set (global, project, legacy) to the review
  * and debug logs.

package/src/skill-prompt-sanitizer.ts

@@ -4,8 +4,19 @@ import {
   isPathWithinDirectory,
   normalizePathForComparison,
 } from "./path-utils";
-import type { PermissionManager } from "./permission-manager";
-import type { PermissionState } from "./types";
+import type { PermissionCheckResult, PermissionState } from "./types";
+
+/**
+ * Narrow interface for the permission checker used by skill prompt resolution.
+ * Both `PermissionManager` and `PermissionSession` satisfy this structurally.
+ */
+export interface SkillPermissionChecker {
+  checkPermission(
+    surface: string,
+    input: unknown,
+    agentName?: string,
+  ): PermissionCheckResult;
+}
 
 const AVAILABLE_SKILLS_OPEN_TAG = "<available_skills>";
 const AVAILABLE_SKILLS_CLOSE_TAG = "</available_skills>";
@@ -148,7 +159,7 @@ export function parseAllSkillPromptSections(
 
 function resolvePermissionState(
   skillName: string,
-  permissionManager: PermissionManager,
+  permissionManager: SkillPermissionChecker,
   agentName: string | null,
   cache: Map<string, PermissionState>,
 ): PermissionState {
@@ -205,7 +216,7 @@ function removePromptRange(prompt: string, start: number, end: number): string {
 
 export function resolveSkillPromptEntries(
   prompt: string,
-  permissionManager: PermissionManager,
+  permissionManager: SkillPermissionChecker,
   agentName: string | null,
   cwd: string,
 ): { prompt: string; entries: SkillPromptEntry[] } {

package/tests/handlers/before-agent-start.test.ts

@@ -6,9 +6,8 @@ import {
   shouldExposeTool,
 } from "../../src/handlers/before-agent-start";
 import type { HandlerDeps } from "../../src/handlers/types";
-import type { PermissionManager } from "../../src/permission-manager";
-import type { SessionState } from "../../src/runtime";
-import type { SkillPromptEntry } from "../../src/skill-prompt-sanitizer";
+import type { PermissionSession } from "../../src/permission-session";
+import type { PermissionState } from "../../src/types";
 
 // ── SDK stubs ──────────────────────────────────────────────────────────────
 vi.mock("@mariozechner/pi-coding-agent", async (importOriginal) => {
@@ -45,52 +44,36 @@ function makeEvent(systemPrompt = "You are an assistant.") {
   return { systemPrompt };
 }
 
-/** Minimal PermissionManager stub for shouldExposeTool / policy-cache tests. */
-function makePm(
-  toolPermission: "allow" | "deny" | "ask" = "allow",
-): PermissionManager {
+function makeSession(
+  overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
+): PermissionSession {
   return {
-    getToolPermission: vi.fn().mockReturnValue(toolPermission),
-    getPolicyCacheStamp: vi.fn().mockReturnValue("stamp-1"),
-    getConfigIssues: vi.fn().mockReturnValue([]),
+    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
+    activate: vi.fn(),
+    refreshConfig: vi.fn(),
+    resolveAgentName: vi.fn().mockReturnValue(null),
+    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
     checkPermission: vi.fn().mockReturnValue({ state: "allow" }),
-  } as unknown as PermissionManager;
-}
-
-function makeSession(overrides: Partial<SessionState> = {}): SessionState {
-  return {
-    runtimeContext: null,
-    permissionManager: makePm() as unknown as PermissionManager,
-    activeSkillEntries: [] as SkillPromptEntry[],
-    lastKnownActiveAgentName: null,
-    lastActiveToolsCacheKey: null,
-    lastPromptStateCacheKey: null,
-    sessionRules: {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    } as unknown as SessionState["sessionRules"],
+    shouldUpdateActiveTools: vi.fn().mockReturnValue(true),
+    commitActiveToolsCacheKey: vi.fn(),
+    getPolicyCacheStamp: vi.fn().mockReturnValue("stamp-1"),
+    shouldUpdatePromptState: vi.fn().mockReturnValue(true),
+    commitPromptStateCacheKey: vi.fn(),
+    setActiveSkillEntries: vi.fn(),
+    getActiveSkillEntries: vi.fn().mockReturnValue([]),
     ...overrides,
-  };
+  } as unknown as PermissionSession;
 }
 
 function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
   return {
     session: makeSession(),
-    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    piInfrastructureDirs: ["/test/agent", "/test/agent/git"],
-    getPiInfrastructureReadPaths: vi.fn().mockReturnValue([]),
-    createPermissionManagerForCwd: vi.fn().mockReturnValue(makePm()),
-    refreshExtensionConfig: vi.fn(),
-    logResolvedConfigPaths: vi.fn(),
-    resolveAgentName: vi.fn().mockReturnValue(null),
+    events: { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) },
     canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
     promptPermission: vi
       .fn()
       .mockResolvedValue({ approved: true, state: "approved" }),
     createPermissionRequestId: vi.fn().mockReturnValue("test-id"),
-    events: { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) },
-    forwarding: { start: vi.fn(), stop: vi.fn() },
     stopPermissionRpcHandlers: vi.fn(),
     getAllTools: vi.fn().mockReturnValue([]),
     setActiveTools: vi.fn(),
@@ -102,48 +85,48 @@ function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
 
 describe("shouldExposeTool", () => {
   it("returns true when tool permission is allow", () => {
-    const pm = makePm("allow");
-    expect(shouldExposeTool("read", null, pm)).toBe(true);
+    const getter = vi.fn().mockReturnValue("allow");
+    expect(shouldExposeTool("read", null, getter)).toBe(true);
   });
 
   it("returns true when tool permission is ask", () => {
-    const pm = makePm("ask");
-    expect(shouldExposeTool("bash", "agent-x", pm)).toBe(true);
+    const getter = vi.fn().mockReturnValue("ask");
+    expect(shouldExposeTool("bash", "agent-x", getter)).toBe(true);
   });
 
   it("returns false when tool permission is deny", () => {
-    const pm = makePm("deny");
-    expect(shouldExposeTool("write", null, pm)).toBe(false);
+    const getter = vi.fn().mockReturnValue("deny");
+    expect(shouldExposeTool("write", null, getter)).toBe(false);
   });
 
   it("passes agentName through to getToolPermission", () => {
-    const pm = makePm("allow");
-    shouldExposeTool("read", "my-agent", pm);
-    expect(pm.getToolPermission).toHaveBeenCalledWith("read", "my-agent");
+    const getter = vi.fn().mockReturnValue("allow");
+    shouldExposeTool("read", "my-agent", getter);
+    expect(getter).toHaveBeenCalledWith("read", "my-agent");
   });
 
   it("converts null agentName to undefined for getToolPermission", () => {
-    const pm = makePm("allow");
-    shouldExposeTool("read", null, pm);
-    expect(pm.getToolPermission).toHaveBeenCalledWith("read", undefined);
+    const getter = vi.fn().mockReturnValue("allow");
+    shouldExposeTool("read", null, getter);
+    expect(getter).toHaveBeenCalledWith("read", undefined);
   });
 });
 
 // ── handleBeforeAgentStart ─────────────────────────────────────────────────
 
 describe("handleBeforeAgentStart", () => {
-  it("refreshes extension config with ctx", async () => {
+  it("activates the session with ctx", async () => {
     const ctx = makeCtx();
     const deps = makeDeps();
     await handleBeforeAgentStart(deps, makeEvent(), ctx);
-    expect(deps.refreshExtensionConfig).toHaveBeenCalledWith(ctx);
+    expect(deps.session.activate).toHaveBeenCalledWith(ctx);
   });
 
-  it("starts forwarded permission polling", async () => {
+  it("refreshes config with ctx", async () => {
     const ctx = makeCtx();
     const deps = makeDeps();
     await handleBeforeAgentStart(deps, makeEvent(), ctx);
-    expect(deps.forwarding.start).toHaveBeenCalledWith(ctx);
+    expect(deps.session.refreshConfig).toHaveBeenCalledWith(ctx);
   });
 
   it("resolves agent name using systemPrompt", async () => {
@@ -154,33 +137,28 @@ describe("handleBeforeAgentStart", () => {
       makeEvent("<active_agent name='x'>"),
       ctx,
     );
-    expect(deps.resolveAgentName).toHaveBeenCalledWith(
+    expect(deps.session.resolveAgentName).toHaveBeenCalledWith(
       ctx,
       "<active_agent name='x'>",
     );
   });
 
   it("filters out denied tools from allowed list", async () => {
-    const pm = makePm("deny");
+    const session = makeSession({
+      getToolPermission: vi.fn().mockReturnValue("deny"),
+    });
     const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as PermissionManager,
-      }),
+      session,
       getAllTools: vi
         .fn()
         .mockReturnValue([{ name: "write" }, { name: "read" }]),
     });
-    // write is deny, read is deny (same pm stub — both denied)
     await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
     expect(deps.setActiveTools).toHaveBeenCalledWith([]);
   });
 
   it("includes allowed and ask tools in the active list", async () => {
-    const pm = makePm("allow");
     const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as PermissionManager,
-      }),
       getAllTools: vi
         .fn()
         .mockReturnValue([{ name: "read" }, { name: "write" }]),
@@ -189,31 +167,59 @@ describe("handleBeforeAgentStart", () => {
     expect(deps.setActiveTools).toHaveBeenCalledWith(["read", "write"]);
   });
 
-  it("updates the active-tools cache key after applying", async () => {
+  it("commits active-tools cache key after applying", async () => {
     const deps = makeDeps({
       getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
     });
     await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
-    expect(deps.session.lastActiveToolsCacheKey).not.toBeNull();
+    expect(deps.session.commitActiveToolsCacheKey).toHaveBeenCalled();
   });
 
   it("skips setActiveTools when cache key is unchanged", async () => {
-    // Pre-populate the cache key to match what would be computed for ["read"]
-    const { createActiveToolsCacheKey } = await import(
-      "../../src/before-agent-start-cache"
-    );
-    const key = createActiveToolsCacheKey(["read"]);
+    const session = makeSession({
+      shouldUpdateActiveTools: vi.fn().mockReturnValue(false),
+    });
     const deps = makeDeps({
-      session: makeSession({ lastActiveToolsCacheKey: key }),
+      session,
       getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
     });
     await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
     expect(deps.setActiveTools).not.toHaveBeenCalled();
+    expect(session.commitActiveToolsCacheKey).not.toHaveBeenCalled();
+  });
+
+  it("returns empty object when prompt cache is unchanged", async () => {
+    const session = makeSession({
+      shouldUpdatePromptState: vi.fn().mockReturnValue(false),
+    });
+    const deps = makeDeps({
+      session,
+      getAllTools: vi.fn().mockReturnValue([]),
+    });
+    const result = await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
+    expect(result).toEqual({});
+    expect(session.commitPromptStateCacheKey).not.toHaveBeenCalled();
   });
 
-  it("updates the prompt-state cache key and returns modified systemPrompt", async () => {
-    // Provide a systemPrompt that sanitizeAvailableToolsSection will modify:
-    // it strips denied tools from the "Available tools:" section.
+  it("commits prompt-state cache key and processes prompt when cache is new", async () => {
+    const deps = makeDeps({
+      getAllTools: vi.fn().mockReturnValue([]),
+    });
+    await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
+    expect(deps.session.commitPromptStateCacheKey).toHaveBeenCalled();
+  });
+
+  it("stores resolved skill entries on the session", async () => {
+    const deps = makeDeps({
+      getAllTools: vi.fn().mockReturnValue([]),
+    });
+    await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
+    expect(deps.session.setActiveSkillEntries).toHaveBeenCalledWith(
+      expect.any(Array),
+    );
+  });
+
+  it("returns modified systemPrompt when prompt changes", async () => {
     const systemPrompt = `You are an assistant.\n\nAvailable tools:\n- read\n- write\n`;
     const deps = makeDeps({
       getAllTools: vi.fn().mockReturnValue([]),
@@ -223,9 +229,7 @@ describe("handleBeforeAgentStart", () => {
       makeEvent(systemPrompt),
       makeCtx(),
     );
-    // The prompt was modified, so systemPrompt should be returned
     expect(result).toHaveProperty("systemPrompt");
-    expect(deps.session.lastPromptStateCacheKey).not.toBeNull();
   });
 
   it("returns empty object when systemPrompt is unchanged", async () => {
@@ -240,39 +244,4 @@ describe("handleBeforeAgentStart", () => {
     );
     expect(result).toEqual({});
   });
-
-  it("stores resolved skill entries on deps", async () => {
-    const deps = makeDeps({
-      getAllTools: vi.fn().mockReturnValue([]),
-    });
-    await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
-    expect(deps.session.activeSkillEntries).toEqual(expect.any(Array));
-  });
-
-  it("returns empty object and skips prompt work when prompt cache key is unchanged", async () => {
-    const { createBeforeAgentStartPromptStateKey } = await import(
-      "../../src/before-agent-start-cache"
-    );
-    const pm = makePm("allow");
-    const ctx = makeCtx({ cwd: "/proj" });
-    const allowedTools: string[] = ["read"];
-    const key = createBeforeAgentStartPromptStateKey({
-      agentName: null,
-      cwd: "/proj",
-      permissionStamp: "stamp-1",
-      systemPrompt: "hello",
-      allowedToolNames: allowedTools,
-    });
-    const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as PermissionManager,
-        lastPromptStateCacheKey: key,
-      }),
-      getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
-    });
-    const result = await handleBeforeAgentStart(deps, makeEvent("hello"), ctx);
-    expect(result).toEqual({});
-    // activeSkillEntries was not assigned by the handler (early return)
-    expect(deps.session.activeSkillEntries).toEqual([]);
-  });
 });