@gotgenes/pi-permission-system 5.9.0 → 5.11.0

package/tests/handlers/before-agent-start.test.ts

@@ -2,13 +2,12 @@ import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
 
 import {
-  handleBeforeAgentStart,
+  AgentPrepHandler,
   shouldExposeTool,
 } from "../../src/handlers/before-agent-start";
-import type { HandlerDeps } from "../../src/handlers/types";
-import type { PermissionManager } from "../../src/permission-manager";
-import type { SessionState } from "../../src/runtime";
-import type { SkillPromptEntry } from "../../src/skill-prompt-sanitizer";
+import type { PermissionSession } from "../../src/permission-session";
+import type { ToolRegistry } from "../../src/tool-registry";
+import type { PermissionState } from "../../src/types";
 
 // ── SDK stubs ──────────────────────────────────────────────────────────────
 vi.mock("@mariozechner/pi-coding-agent", async (importOriginal) => {
@@ -45,234 +44,184 @@ function makeEvent(systemPrompt = "You are an assistant.") {
   return { systemPrompt };
 }
 
-/** Minimal PermissionManager stub for shouldExposeTool / policy-cache tests. */
-function makePm(
-  toolPermission: "allow" | "deny" | "ask" = "allow",
-): PermissionManager {
+function makeSession(
+  overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
+): PermissionSession {
   return {
-    getToolPermission: vi.fn().mockReturnValue(toolPermission),
-    getPolicyCacheStamp: vi.fn().mockReturnValue("stamp-1"),
-    getConfigIssues: vi.fn().mockReturnValue([]),
+    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
+    activate: vi.fn(),
+    refreshConfig: vi.fn(),
+    resolveAgentName: vi.fn().mockReturnValue(null),
+    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
     checkPermission: vi.fn().mockReturnValue({ state: "allow" }),
-  } as unknown as PermissionManager;
+    shouldUpdateActiveTools: vi.fn().mockReturnValue(true),
+    commitActiveToolsCacheKey: vi.fn(),
+    getPolicyCacheStamp: vi.fn().mockReturnValue("stamp-1"),
+    shouldUpdatePromptState: vi.fn().mockReturnValue(true),
+    commitPromptStateCacheKey: vi.fn(),
+    setActiveSkillEntries: vi.fn(),
+    getActiveSkillEntries: vi.fn().mockReturnValue([]),
+    ...overrides,
+  } as unknown as PermissionSession;
 }
 
-function makeSession(overrides: Partial<SessionState> = {}): SessionState {
+function makeToolRegistry(overrides: Partial<ToolRegistry> = {}): ToolRegistry {
   return {
-    runtimeContext: null,
-    permissionManager: makePm() as unknown as PermissionManager,
-    activeSkillEntries: [] as SkillPromptEntry[],
-    lastKnownActiveAgentName: null,
-    lastActiveToolsCacheKey: null,
-    lastPromptStateCacheKey: null,
-    sessionRules: {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    } as unknown as SessionState["sessionRules"],
+    getAll: vi.fn().mockReturnValue([]),
+    setActive: vi.fn(),
     ...overrides,
   };
 }
 
-function makeDeps(overrides: Partial<HandlerDeps> = {}): HandlerDeps {
-  return {
-    session: makeSession(),
-    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    piInfrastructureDirs: ["/test/agent", "/test/agent/git"],
-    getPiInfrastructureReadPaths: vi.fn().mockReturnValue([]),
-    createPermissionManagerForCwd: vi.fn().mockReturnValue(makePm()),
-    refreshExtensionConfig: vi.fn(),
-    logResolvedConfigPaths: vi.fn(),
-    resolveAgentName: vi.fn().mockReturnValue(null),
-    canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
-    promptPermission: vi
-      .fn()
-      .mockResolvedValue({ approved: true, state: "approved" }),
-    createPermissionRequestId: vi.fn().mockReturnValue("test-id"),
-    events: { emit: vi.fn(), on: vi.fn().mockReturnValue(() => undefined) },
-    forwarding: { start: vi.fn(), stop: vi.fn() },
-    stopPermissionRpcHandlers: vi.fn(),
-    getAllTools: vi.fn().mockReturnValue([]),
-    setActiveTools: vi.fn(),
-    ...overrides,
-  };
+function makeHandler(overrides?: {
+  session?: Partial<Record<keyof PermissionSession, unknown>>;
+  toolRegistry?: Partial<ToolRegistry>;
+}): {
+  handler: AgentPrepHandler;
+  session: PermissionSession;
+  toolRegistry: ToolRegistry;
+} {
+  const session = makeSession(overrides?.session);
+  const toolRegistry = makeToolRegistry(overrides?.toolRegistry);
+  const handler = new AgentPrepHandler(session, toolRegistry);
+  return { handler, session, toolRegistry };
 }
 
 // ── shouldExposeTool (pure helper) ─────────────────────────────────────────
 
 describe("shouldExposeTool", () => {
   it("returns true when tool permission is allow", () => {
-    const pm = makePm("allow");
-    expect(shouldExposeTool("read", null, pm)).toBe(true);
+    const getter = vi.fn().mockReturnValue("allow");
+    expect(shouldExposeTool("read", null, getter)).toBe(true);
   });
 
   it("returns true when tool permission is ask", () => {
-    const pm = makePm("ask");
-    expect(shouldExposeTool("bash", "agent-x", pm)).toBe(true);
+    const getter = vi.fn().mockReturnValue("ask");
+    expect(shouldExposeTool("bash", "agent-x", getter)).toBe(true);
   });
 
   it("returns false when tool permission is deny", () => {
-    const pm = makePm("deny");
-    expect(shouldExposeTool("write", null, pm)).toBe(false);
+    const getter = vi.fn().mockReturnValue("deny");
+    expect(shouldExposeTool("write", null, getter)).toBe(false);
   });
 
   it("passes agentName through to getToolPermission", () => {
-    const pm = makePm("allow");
-    shouldExposeTool("read", "my-agent", pm);
-    expect(pm.getToolPermission).toHaveBeenCalledWith("read", "my-agent");
+    const getter = vi.fn().mockReturnValue("allow");
+    shouldExposeTool("read", "my-agent", getter);
+    expect(getter).toHaveBeenCalledWith("read", "my-agent");
   });
 
   it("converts null agentName to undefined for getToolPermission", () => {
-    const pm = makePm("allow");
-    shouldExposeTool("read", null, pm);
-    expect(pm.getToolPermission).toHaveBeenCalledWith("read", undefined);
+    const getter = vi.fn().mockReturnValue("allow");
+    shouldExposeTool("read", null, getter);
+    expect(getter).toHaveBeenCalledWith("read", undefined);
   });
 });
 
-// ── handleBeforeAgentStart ─────────────────────────────────────────────────
+// ── AgentPrepHandler.handle ────────────────────────────────────────────────
 
-describe("handleBeforeAgentStart", () => {
-  it("refreshes extension config with ctx", async () => {
+describe("AgentPrepHandler.handle", () => {
+  it("activates the session with ctx", async () => {
     const ctx = makeCtx();
-    const deps = makeDeps();
-    await handleBeforeAgentStart(deps, makeEvent(), ctx);
-    expect(deps.refreshExtensionConfig).toHaveBeenCalledWith(ctx);
+    const { handler, session } = makeHandler();
+    await handler.handle(makeEvent(), ctx);
+    expect(session.activate).toHaveBeenCalledWith(ctx);
   });
 
-  it("starts forwarded permission polling", async () => {
+  it("refreshes config with ctx", async () => {
     const ctx = makeCtx();
-    const deps = makeDeps();
-    await handleBeforeAgentStart(deps, makeEvent(), ctx);
-    expect(deps.forwarding.start).toHaveBeenCalledWith(ctx);
+    const { handler, session } = makeHandler();
+    await handler.handle(makeEvent(), ctx);
+    expect(session.refreshConfig).toHaveBeenCalledWith(ctx);
   });
 
   it("resolves agent name using systemPrompt", async () => {
     const ctx = makeCtx();
-    const deps = makeDeps();
-    await handleBeforeAgentStart(
-      deps,
-      makeEvent("<active_agent name='x'>"),
-      ctx,
-    );
-    expect(deps.resolveAgentName).toHaveBeenCalledWith(
+    const { handler, session } = makeHandler();
+    await handler.handle(makeEvent("<active_agent name='x'>"), ctx);
+    expect(session.resolveAgentName).toHaveBeenCalledWith(
       ctx,
       "<active_agent name='x'>",
     );
   });
 
   it("filters out denied tools from allowed list", async () => {
-    const pm = makePm("deny");
-    const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as PermissionManager,
-      }),
-      getAllTools: vi
-        .fn()
-        .mockReturnValue([{ name: "write" }, { name: "read" }]),
+    const { handler, toolRegistry } = makeHandler({
+      session: { getToolPermission: vi.fn().mockReturnValue("deny") },
+      toolRegistry: {
+        getAll: vi.fn().mockReturnValue([{ name: "write" }, { name: "read" }]),
+      },
     });
-    // write is deny, read is deny (same pm stub — both denied)
-    await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
-    expect(deps.setActiveTools).toHaveBeenCalledWith([]);
+    await handler.handle(makeEvent(), makeCtx());
+    expect(toolRegistry.setActive).toHaveBeenCalledWith([]);
   });
 
   it("includes allowed and ask tools in the active list", async () => {
-    const pm = makePm("allow");
-    const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as PermissionManager,
-      }),
-      getAllTools: vi
-        .fn()
-        .mockReturnValue([{ name: "read" }, { name: "write" }]),
+    const { handler, toolRegistry } = makeHandler({
+      toolRegistry: {
+        getAll: vi.fn().mockReturnValue([{ name: "read" }, { name: "write" }]),
+      },
     });
-    await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
-    expect(deps.setActiveTools).toHaveBeenCalledWith(["read", "write"]);
+    await handler.handle(makeEvent(), makeCtx());
+    expect(toolRegistry.setActive).toHaveBeenCalledWith(["read", "write"]);
   });
 
-  it("updates the active-tools cache key after applying", async () => {
-    const deps = makeDeps({
-      getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
+  it("commits active-tools cache key after applying", async () => {
+    const { handler, session } = makeHandler({
+      toolRegistry: {
+        getAll: vi.fn().mockReturnValue([{ name: "read" }]),
+      },
     });
-    await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
-    expect(deps.session.lastActiveToolsCacheKey).not.toBeNull();
+    await handler.handle(makeEvent(), makeCtx());
+    expect(session.commitActiveToolsCacheKey).toHaveBeenCalled();
   });
 
-  it("skips setActiveTools when cache key is unchanged", async () => {
-    // Pre-populate the cache key to match what would be computed for ["read"]
-    const { createActiveToolsCacheKey } = await import(
-      "../../src/before-agent-start-cache"
-    );
-    const key = createActiveToolsCacheKey(["read"]);
-    const deps = makeDeps({
-      session: makeSession({ lastActiveToolsCacheKey: key }),
-      getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
+  it("skips setActive when cache key is unchanged", async () => {
+    const { handler, session, toolRegistry } = makeHandler({
+      session: { shouldUpdateActiveTools: vi.fn().mockReturnValue(false) },
+      toolRegistry: {
+        getAll: vi.fn().mockReturnValue([{ name: "read" }]),
+      },
     });
-    await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
-    expect(deps.setActiveTools).not.toHaveBeenCalled();
+    await handler.handle(makeEvent(), makeCtx());
+    expect(toolRegistry.setActive).not.toHaveBeenCalled();
+    expect(session.commitActiveToolsCacheKey).not.toHaveBeenCalled();
   });
 
-  it("updates the prompt-state cache key and returns modified systemPrompt", async () => {
-    // Provide a systemPrompt that sanitizeAvailableToolsSection will modify:
-    // it strips denied tools from the "Available tools:" section.
-    const systemPrompt = `You are an assistant.\n\nAvailable tools:\n- read\n- write\n`;
-    const deps = makeDeps({
-      getAllTools: vi.fn().mockReturnValue([]),
+  it("returns empty object when prompt cache is unchanged", async () => {
+    const { handler, session } = makeHandler({
+      session: { shouldUpdatePromptState: vi.fn().mockReturnValue(false) },
     });
-    const result = await handleBeforeAgentStart(
-      deps,
-      makeEvent(systemPrompt),
-      makeCtx(),
-    );
-    // The prompt was modified, so systemPrompt should be returned
-    expect(result).toHaveProperty("systemPrompt");
-    expect(deps.session.lastPromptStateCacheKey).not.toBeNull();
+    const result = await handler.handle(makeEvent(), makeCtx());
+    expect(result).toEqual({});
+    expect(session.commitPromptStateCacheKey).not.toHaveBeenCalled();
   });
 
-  it("returns empty object when systemPrompt is unchanged", async () => {
-    const prompt = "No tools section here.";
-    const deps = makeDeps({
-      getAllTools: vi.fn().mockReturnValue([]),
-    });
-    const result = await handleBeforeAgentStart(
-      deps,
-      makeEvent(prompt),
-      makeCtx(),
+  it("commits prompt-state cache key and processes prompt when cache is new", async () => {
+    const { handler, session } = makeHandler();
+    await handler.handle(makeEvent(), makeCtx());
+    expect(session.commitPromptStateCacheKey).toHaveBeenCalled();
+  });
+
+  it("stores resolved skill entries on the session", async () => {
+    const { handler, session } = makeHandler();
+    await handler.handle(makeEvent(), makeCtx());
+    expect(session.setActiveSkillEntries).toHaveBeenCalledWith(
+      expect.any(Array),
     );
-    expect(result).toEqual({});
   });
 
-  it("stores resolved skill entries on deps", async () => {
-    const deps = makeDeps({
-      getAllTools: vi.fn().mockReturnValue([]),
-    });
-    await handleBeforeAgentStart(deps, makeEvent(), makeCtx());
-    expect(deps.session.activeSkillEntries).toEqual(expect.any(Array));
+  it("returns modified systemPrompt when prompt changes", async () => {
+    const systemPrompt = `You are an assistant.\n\nAvailable tools:\n- read\n- write\n`;
+    const { handler } = makeHandler();
+    const result = await handler.handle(makeEvent(systemPrompt), makeCtx());
+    expect(result).toHaveProperty("systemPrompt");
   });
 
-  it("returns empty object and skips prompt work when prompt cache key is unchanged", async () => {
-    const { createBeforeAgentStartPromptStateKey } = await import(
-      "../../src/before-agent-start-cache"
-    );
-    const pm = makePm("allow");
-    const ctx = makeCtx({ cwd: "/proj" });
-    const allowedTools: string[] = ["read"];
-    const key = createBeforeAgentStartPromptStateKey({
-      agentName: null,
-      cwd: "/proj",
-      permissionStamp: "stamp-1",
-      systemPrompt: "hello",
-      allowedToolNames: allowedTools,
-    });
-    const deps = makeDeps({
-      session: makeSession({
-        permissionManager: pm as unknown as PermissionManager,
-        lastPromptStateCacheKey: key,
-      }),
-      getAllTools: vi.fn().mockReturnValue([{ name: "read" }]),
-    });
-    const result = await handleBeforeAgentStart(deps, makeEvent("hello"), ctx);
+  it("returns empty object when systemPrompt is unchanged", async () => {
+    const prompt = "No tools section here.";
+    const { handler } = makeHandler();
+    const result = await handler.handle(makeEvent(prompt), makeCtx());
     expect(result).toEqual({});
-    // activeSkillEntries was not assigned by the handler (early return)
-    expect(deps.session.activeSkillEntries).toEqual([]);
   });
 });

package/tests/handlers/input-events.test.ts

@@ -4,11 +4,12 @@
 import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
 
-import { handleInput } from "../../src/handlers/input";
-import type { HandlerDeps } from "../../src/handlers/types";
+import { PermissionGateHandler } from "../../src/handlers/permission-gate-handler";
 import type { PermissionDecisionEvent } from "../../src/permission-events";
 import { PERMISSIONS_DECISION_CHANNEL } from "../../src/permission-events";
-import type { SessionState } from "../../src/runtime";
+import type { PermissionSession } from "../../src/permission-session";
+import type { ToolRegistry } from "../../src/tool-registry";
+import type { PermissionState } from "../../src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
@@ -38,60 +39,60 @@ function makeCtx(overrides: Partial<ExtensionContext> = {}): ExtensionContext {
   } as unknown as ExtensionContext;
 }
 
-function makeSession(state: "allow" | "deny" | "ask" = "allow"): SessionState {
-  return {
-    runtimeContext: null,
-    permissionManager: {
-      checkPermission: vi.fn().mockReturnValue({
-        state,
-        toolName: "skill",
-        source: "skill",
-        origin: "global",
-        matchedPattern: "*",
-      }),
-    } as unknown as SessionState["permissionManager"],
-    activeSkillEntries: [],
-    lastKnownActiveAgentName: null,
-    lastActiveToolsCacheKey: null,
-    lastPromptStateCacheKey: null,
-    sessionRules: {
-      approve: vi.fn(),
-      getRuleset: vi.fn().mockReturnValue([]),
-      clear: vi.fn(),
-    } as unknown as SessionState["sessionRules"],
-  };
-}
-
-function makeDeps(
+function makeSession(
   state: "allow" | "deny" | "ask" = "allow",
-  overrides: Partial<HandlerDeps> = {},
-): HandlerDeps {
+  overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
+): PermissionSession {
   return {
-    session: makeSession(state),
     logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    piInfrastructureDirs: ["/test/agent"],
-    getPiInfrastructureReadPaths: vi.fn().mockReturnValue([]),
-    events: makeEvents(),
-    createPermissionManagerForCwd: vi.fn(),
-    refreshExtensionConfig: vi.fn(),
-    logResolvedConfigPaths: vi.fn(),
+    activate: vi.fn(),
     resolveAgentName: vi.fn().mockReturnValue(null),
-    canRequestPermissionConfirmation: vi.fn().mockReturnValue(true),
-    promptPermission: vi
-      .fn()
-      .mockResolvedValue({ approved: true, state: "approved" }),
+    checkPermission: vi.fn().mockReturnValue({
+      state,
+      toolName: "skill",
+      source: "skill",
+      origin: "global",
+      matchedPattern: "*",
+    }),
+    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getSessionRuleset: vi.fn().mockReturnValue([]),
+    approveSessionRule: vi.fn(),
+    canPrompt: vi.fn().mockReturnValue(true),
+    prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
     createPermissionRequestId: vi.fn().mockReturnValue("req-id"),
-    forwarding: { start: vi.fn(), stop: vi.fn() },
-    stopPermissionRpcHandlers: vi.fn(),
-    getAllTools: vi.fn().mockReturnValue([]),
-    setActiveTools: vi.fn(),
     ...overrides,
+  } as unknown as PermissionSession;
+}
+
+function makeToolRegistry(): ToolRegistry {
+  return {
+    getAll: vi.fn().mockReturnValue([]),
+    setActive: vi.fn(),
   };
 }
 
-function getDecisionEvents(deps: HandlerDeps): PermissionDecisionEvent[] {
-  const emitMock = (deps.events as ReturnType<typeof makeEvents>).emit;
-  return emitMock.mock.calls
+function makeHandler(
+  state: "allow" | "deny" | "ask" = "allow",
+  sessionOverrides: Partial<Record<keyof PermissionSession, unknown>> = {},
+): {
+  handler: PermissionGateHandler;
+  events: ReturnType<typeof makeEvents>;
+} {
+  const session = makeSession(state, sessionOverrides);
+  const events = makeEvents();
+  const handler = new PermissionGateHandler(
+    session,
+    events,
+    makeToolRegistry(),
+  );
+  return { handler, events };
+}
+
+/** Extract all permissions:decision payloads from the events.emit mock. */
+function getDecisionEvents(
+  events: ReturnType<typeof makeEvents>,
+): PermissionDecisionEvent[] {
+  return events.emit.mock.calls
     .filter(([channel]) => channel === PERMISSIONS_DECISION_CHANNEL)
     .map(([, payload]) => payload as PermissionDecisionEvent);
 }
@@ -100,18 +101,18 @@ function getDecisionEvents(deps: HandlerDeps): PermissionDecisionEvent[] {
 
 describe("handleInput decision events — skill gate", () => {
   it("does not emit when input is not a skill invocation", async () => {
-    const deps = makeDeps();
-    await handleInput(deps, { text: "hello world" }, makeCtx());
-    expect(getDecisionEvents(deps)).toHaveLength(0);
+    const { handler, events } = makeHandler();
+    await handler.handleInput({ text: "hello world" }, makeCtx());
+    expect(getDecisionEvents(events)).toHaveLength(0);
   });
 
   it("emits allow with policy_allow for an allowed skill", async () => {
-    const deps = makeDeps("allow");
-    await handleInput(deps, { text: "/skill:librarian" }, makeCtx());
+    const { handler, events } = makeHandler("allow");
+    await handler.handleInput({ text: "/skill:librarian" }, makeCtx());
 
-    const events = getDecisionEvents(deps);
-    expect(events).toHaveLength(1);
-    expect(events[0]).toMatchObject({
+    const decisions = getDecisionEvents(events);
+    expect(decisions).toHaveLength(1);
+    expect(decisions[0]).toMatchObject({
       surface: "skill",
       value: "librarian",
       result: "allow",
@@ -120,12 +121,12 @@ describe("handleInput decision events — skill gate", () => {
   });
 
   it("emits deny with policy_deny for a denied skill", async () => {
-    const deps = makeDeps("deny");
-    await handleInput(deps, { text: "/skill:restricted" }, makeCtx());
+    const { handler, events } = makeHandler("deny");
+    await handler.handleInput({ text: "/skill:restricted" }, makeCtx());
 
-    const events = getDecisionEvents(deps);
-    expect(events).toHaveLength(1);
-    expect(events[0]).toMatchObject({
+    const decisions = getDecisionEvents(events);
+    expect(decisions).toHaveLength(1);
+    expect(decisions[0]).toMatchObject({
       surface: "skill",
       value: "restricted",
       result: "deny",
@@ -134,16 +135,14 @@ describe("handleInput decision events — skill gate", () => {
   });
 
   it("emits allow with user_approved when state=ask and user approves", async () => {
-    const deps = makeDeps("ask", {
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: true, state: "approved" }),
+    const { handler, events } = makeHandler("ask", {
+      prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
     });
-    await handleInput(deps, { text: "/skill:explorer" }, makeCtx());
+    await handler.handleInput({ text: "/skill:explorer" }, makeCtx());
 
-    const events = getDecisionEvents(deps);
-    expect(events).toHaveLength(1);
-    expect(events[0]).toMatchObject({
+    const decisions = getDecisionEvents(events);
+    expect(decisions).toHaveLength(1);
+    expect(decisions[0]).toMatchObject({
       surface: "skill",
       value: "explorer",
       result: "allow",
@@ -152,16 +151,14 @@ describe("handleInput decision events — skill gate", () => {
   });
 
   it("emits deny with user_denied when state=ask and user denies", async () => {
-    const deps = makeDeps("ask", {
-      promptPermission: vi
-        .fn()
-        .mockResolvedValue({ approved: false, state: "denied" }),
+    const { handler, events } = makeHandler("ask", {
+      prompt: vi.fn().mockResolvedValue({ approved: false, state: "denied" }),
     });
-    await handleInput(deps, { text: "/skill:explorer" }, makeCtx());
+    await handler.handleInput({ text: "/skill:explorer" }, makeCtx());
 
-    const events = getDecisionEvents(deps);
-    expect(events).toHaveLength(1);
-    expect(events[0]).toMatchObject({
+    const decisions = getDecisionEvents(events);
+    expect(decisions).toHaveLength(1);
+    expect(decisions[0]).toMatchObject({
       surface: "skill",
       value: "explorer",
       result: "deny",
@@ -170,18 +167,17 @@ describe("handleInput decision events — skill gate", () => {
   });
 
   it("emits deny with confirmation_unavailable when state=ask but no UI", async () => {
-    const deps = makeDeps("ask", {
-      canRequestPermissionConfirmation: vi.fn().mockReturnValue(false),
+    const { handler, events } = makeHandler("ask", {
+      canPrompt: vi.fn().mockReturnValue(false),
     });
-    await handleInput(
-      deps,
+    await handler.handleInput(
       { text: "/skill:explorer" },
       makeCtx({ hasUI: false }),
     );
 
-    const events = getDecisionEvents(deps);
-    expect(events).toHaveLength(1);
-    expect(events[0]).toMatchObject({
+    const decisions = getDecisionEvents(events);
+    expect(decisions).toHaveLength(1);
+    expect(decisions[0]).toMatchObject({
       surface: "skill",
       value: "explorer",
       result: "deny",
@@ -189,20 +185,19 @@ describe("handleInput decision events — skill gate", () => {
     });
   });
 
-  it("emits allow with auto_approved when promptPermission returns autoApproved:true", async () => {
-    const deps = makeDeps("ask", {
-      // Simulate what PermissionPrompter returns in yolo mode
-      promptPermission: vi.fn().mockResolvedValue({
+  it("emits allow with auto_approved when prompt returns autoApproved:true", async () => {
+    const { handler, events } = makeHandler("ask", {
+      prompt: vi.fn().mockResolvedValue({
         approved: true,
         state: "approved",
         autoApproved: true,
       }),
     });
-    await handleInput(deps, { text: "/skill:explorer" }, makeCtx());
+    await handler.handleInput({ text: "/skill:explorer" }, makeCtx());
 
-    const events = getDecisionEvents(deps);
-    expect(events).toHaveLength(1);
-    expect(events[0]).toMatchObject({
+    const decisions = getDecisionEvents(events);
+    expect(decisions).toHaveLength(1);
+    expect(decisions[0]).toMatchObject({
       surface: "skill",
       value: "explorer",
       result: "allow",