@gotgenes/pi-permission-system 7.1.3 → 7.2.0

package/{tests → test}/handlers/gates/tool.test.ts

@@ -1,8 +1,8 @@
 import { describe, expect, it } from "vitest";
 
-import { describeToolGate } from "../../../src/handlers/gates/tool";
-import type { ToolCallContext } from "../../../src/handlers/gates/types";
-import type { PermissionCheckResult } from "../../../src/types";
+import { describeToolGate } from "#src/handlers/gates/tool";
+import type { ToolCallContext } from "#src/handlers/gates/types";
+import type { PermissionCheckResult } from "#src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
@@ -93,7 +93,7 @@ describe("describeToolGate", () => {
   it("populates denialContext with agent name when provided", () => {
     const check = makeCheckResult("ask", { toolName: "read" });
     const desc = describeToolGate(makeTcc({ agentName: "my-agent" }), check);
-    expect(desc.denialContext!.agentName).toBe("my-agent");
+    expect(desc.denialContext.agentName).toBe("my-agent");
   });
 
   it("populates denialContext with input for tool context", () => {

package/{tests → test}/handlers/input-events.test.ts

@@ -4,12 +4,12 @@
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
 
-import { PermissionGateHandler } from "../../src/handlers/permission-gate-handler";
-import type { PermissionDecisionEvent } from "../../src/permission-events";
-import { PERMISSIONS_DECISION_CHANNEL } from "../../src/permission-events";
-import type { PermissionSession } from "../../src/permission-session";
-import type { ToolRegistry } from "../../src/tool-registry";
-import type { PermissionState } from "../../src/types";
+import { PermissionGateHandler } from "#src/handlers/permission-gate-handler";
+import type { PermissionDecisionEvent } from "#src/permission-events";
+import { PERMISSIONS_DECISION_CHANNEL } from "#src/permission-events";
+import type { PermissionSession } from "#src/permission-session";
+import type { ToolRegistry } from "#src/tool-registry";
+import type { PermissionState } from "#src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
@@ -54,7 +54,7 @@ function makeSession(
       origin: "global",
       matchedPattern: "*",
     }),
-    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
     approveSessionRule: vi.fn(),
     canPrompt: vi.fn().mockReturnValue(true),

package/{tests → test}/handlers/input.test.ts

@@ -4,10 +4,10 @@ import { describe, expect, it, vi } from "vitest";
 import {
   extractSkillNameFromInput,
   PermissionGateHandler,
-} from "../../src/handlers/permission-gate-handler";
-import type { PermissionSession } from "../../src/permission-session";
-import type { ToolRegistry } from "../../src/tool-registry";
-import type { PermissionState } from "../../src/types";
+} from "#src/handlers/permission-gate-handler";
+import type { PermissionSession } from "#src/permission-session";
+import type { ToolRegistry } from "#src/tool-registry";
+import type { PermissionState } from "#src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
@@ -42,7 +42,7 @@ function makeSession(
     activate: vi.fn(),
     resolveAgentName: vi.fn().mockReturnValue(null),
     checkPermission: vi.fn().mockReturnValue({ state: "allow" }),
-    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
     approveSessionRule: vi.fn(),
     canPrompt: vi.fn().mockReturnValue(true),

package/{tests → test}/handlers/lifecycle.test.ts

@@ -1,7 +1,7 @@
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
-import { SessionLifecycleHandler } from "../../src/handlers/lifecycle";
-import type { PermissionSession } from "../../src/permission-session";
+import { SessionLifecycleHandler } from "#src/handlers/lifecycle";
+import type { PermissionSession } from "#src/permission-session";
 
 // ── status stub ────────────────────────────────────────────────────────────
 vi.mock("../../src/status", () => ({

package/{tests → test}/handlers/tool-call-events.test.ts

@@ -5,12 +5,12 @@
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
 
-import { PermissionGateHandler } from "../../src/handlers/permission-gate-handler";
-import type { PermissionDecisionEvent } from "../../src/permission-events";
-import { PERMISSIONS_DECISION_CHANNEL } from "../../src/permission-events";
-import type { PermissionSession } from "../../src/permission-session";
-import type { ToolRegistry } from "../../src/tool-registry";
-import type { PermissionCheckResult, PermissionState } from "../../src/types";
+import { PermissionGateHandler } from "#src/handlers/permission-gate-handler";
+import type { PermissionDecisionEvent } from "#src/permission-events";
+import { PERMISSIONS_DECISION_CHANNEL } from "#src/permission-events";
+import type { PermissionSession } from "#src/permission-session";
+import type { ToolRegistry } from "#src/tool-registry";
+import type { PermissionCheckResult, PermissionState } from "#src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
@@ -75,7 +75,7 @@ function makeSession(
     activate: vi.fn(),
     resolveAgentName: vi.fn().mockReturnValue(null),
     checkPermission: vi.fn().mockReturnValue(makeCheckResult("allow")),
-    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
     approveSessionRule: vi.fn(),
     getActiveSkillEntries: vi.fn().mockReturnValue([]),

package/{tests → test}/handlers/tool-call.test.ts

@@ -4,10 +4,10 @@ import { describe, expect, it, vi } from "vitest";
 import {
   getEventInput,
   PermissionGateHandler,
-} from "../../src/handlers/permission-gate-handler";
-import type { PermissionSession } from "../../src/permission-session";
-import type { ToolRegistry } from "../../src/tool-registry";
-import type { PermissionCheckResult, PermissionState } from "../../src/types";
+} from "#src/handlers/permission-gate-handler";
+import type { PermissionSession } from "#src/permission-session";
+import type { ToolRegistry } from "#src/tool-registry";
+import type { PermissionCheckResult, PermissionState } from "#src/types";
 
 // ── SDK stubs ──────────────────────────────────────────────────────────────
 vi.mock("@earendil-works/pi-coding-agent", async (importOriginal) => {
@@ -66,7 +66,7 @@ function makeSession(
     activate: vi.fn(),
     resolveAgentName: vi.fn().mockReturnValue(null),
     checkPermission: vi.fn().mockReturnValue(makePermissionResult("allow")),
-    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
     approveSessionRule: vi.fn(),
     getActiveSkillEntries: vi.fn().mockReturnValue([]),

package/{tests → test}/input-normalizer.test.ts

@@ -1,6 +1,6 @@
 import { describe, expect, it } from "vitest";
-import { normalizeInput } from "../src/input-normalizer";
-import { createMcpPermissionTargets } from "../src/mcp-targets";
+import { normalizeInput } from "#src/input-normalizer";
+import { createMcpPermissionTargets } from "#src/mcp-targets";
 
 describe("normalizeInput — non-MCP surfaces", () => {
   describe("special / path", () => {

package/{tests → test}/mcp-targets.test.ts

@@ -2,7 +2,7 @@ import { describe, expect, it } from "vitest";
 import {
   createMcpPermissionTargets,
   parseQualifiedMcpToolName,
-} from "../src/mcp-targets";
+} from "#src/mcp-targets";
 
 describe("parseQualifiedMcpToolName", () => {
   it("returns server and tool for a valid qualified name", () => {

package/{tests → test}/node-modules-discovery.test.ts

@@ -18,7 +18,7 @@ vi.mock("node:fs", () => ({
   default: { existsSync: mockExistsSync },
 }));
 
-import { discoverGlobalNodeModulesRoot } from "../src/node-modules-discovery";
+import { discoverGlobalNodeModulesRoot } from "#src/node-modules-discovery";
 
 describe("discoverGlobalNodeModulesRoot", () => {
   beforeEach(() => {

package/{tests → test}/normalize.test.ts

@@ -1,5 +1,5 @@
 import { describe, expect, test } from "vitest";
-import { normalizeFlatConfig } from "../src/normalize";
+import { normalizeFlatConfig } from "#src/normalize";
 
 describe("normalizeFlatConfig", () => {
   describe("string shorthand", () => {

package/{tests → test}/path-utils.test.ts

@@ -20,7 +20,7 @@ import {
   PATH_BEARING_TOOLS,
   READ_ONLY_PATH_BEARING_TOOLS,
   SAFE_SYSTEM_PATHS,
-} from "../src/path-utils";
+} from "#src/path-utils";
 
 describe("normalizePathForComparison", () => {
   const cwd = "/projects/my-app";

package/{tests → test}/pattern-suggest.test.ts

@@ -3,7 +3,7 @@ import {
   suggestBashPattern,
   suggestMcpPattern,
   suggestSessionPattern,
-} from "../src/pattern-suggest";
+} from "#src/pattern-suggest";
 
 describe("suggestBashPattern", () => {
   it("returns <command> <subcommand> * using the arity table", () => {

package/{tests → test}/permission-dialog.test.ts

@@ -5,7 +5,7 @@ import {
   normalizePermissionDenialReason,
   type PermissionDecisionUi,
   requestPermissionDecisionFromUi,
-} from "../src/permission-dialog";
+} from "#src/permission-dialog";
 
 describe("isPermissionDecisionState", () => {
   it("accepts approved", () => {

package/{tests → test}/permission-event-rpc.test.ts

@@ -1,18 +1,19 @@
+/* eslint-disable @typescript-eslint/no-deprecated -- tests the deprecated RPC channel implementation */
 import { createEventBus } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
 import {
   type PermissionRpcDeps,
   registerPermissionRpcHandlers,
-} from "../src/permission-event-rpc";
+} from "#src/permission-event-rpc";
 import type {
   PermissionsCheckReplyData,
   PermissionsRpcReply,
-} from "../src/permission-events";
+} from "#src/permission-events";
 import {
   PERMISSIONS_PROTOCOL_VERSION,
   PERMISSIONS_RPC_CHECK_CHANNEL,
   PERMISSIONS_RPC_PROMPT_CHANNEL,
-} from "../src/permission-events";
+} from "#src/permission-events";
 
 // ── Helpers ────────────────────────────────────────────────────────────────
 

package/{tests → test}/permission-events.test.ts

@@ -1,10 +1,11 @@
+/* eslint-disable @typescript-eslint/no-deprecated -- tests the deprecated RPC channel implementation */
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { dirname, join } from "node:path";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 
-import { getGlobalConfigPath } from "../src/config-paths";
-import piPermissionSystemExtension from "../src/index";
+import { getGlobalConfigPath } from "#src/config-paths";
+import piPermissionSystemExtension from "#src/index";
 import type {
   PermissionDecisionEvent,
   PermissionsCheckReplyData,
@@ -13,7 +14,7 @@ import type {
   PermissionsPromptRequest,
   PermissionsReadyEvent,
   PermissionsRpcReply,
-} from "../src/permission-events";
+} from "#src/permission-events";
 import {
   emitDecisionEvent,
   emitReadyEvent,
@@ -22,7 +23,7 @@ import {
   PERMISSIONS_READY_CHANNEL,
   PERMISSIONS_RPC_CHECK_CHANNEL,
   PERMISSIONS_RPC_PROMPT_CHANNEL,
-} from "../src/permission-events";
+} from "#src/permission-events";
 
 // ── Minimal EventBus stub ──────────────────────────────────────────────────
 
@@ -164,6 +165,7 @@ describe("type shapes (PermissionsRpcReply)", () => {
       error: "no_ui",
     };
     expect(reply.success).toBe(false);
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- narrowing on discriminated union
     if (!reply.success) {
       expect(reply.error).toBe("no_ui");
     }

package/{tests → test}/permission-forwarding.test.ts

@@ -3,7 +3,7 @@ import {
   resolvePermissionForwardingTargetSessionId,
   SUBAGENT_PARENT_SESSION_ENV_CANDIDATES,
   SUBAGENT_PARENT_SESSION_ENV_KEY,
-} from "../src/permission-forwarding";
+} from "#src/permission-forwarding";
 
 afterEach(() => {
   vi.unstubAllEnvs();
@@ -24,6 +24,7 @@ describe("SUBAGENT_PARENT_SESSION_ENV_CANDIDATES", () => {
   });
 
   test("deprecated SUBAGENT_PARENT_SESSION_ENV_KEY equals the first candidate", () => {
+    // eslint-disable-next-line @typescript-eslint/no-deprecated -- test verifying the deprecated alias
     expect(SUBAGENT_PARENT_SESSION_ENV_KEY).toBe(
       SUBAGENT_PARENT_SESSION_ENV_CANDIDATES[0],
     );

package/{tests → test}/permission-gate.test.ts

@@ -1,9 +1,9 @@
 import { describe, expect, it, vi } from "vitest";
-import type { PermissionPromptDecision } from "../src/permission-dialog";
+import type { PermissionPromptDecision } from "#src/permission-dialog";
 import {
   applyPermissionGate,
   type PermissionGateParams,
-} from "../src/permission-gate";
+} from "#src/permission-gate";
 
 function makeParams(
   overrides: Partial<PermissionGateParams> = {},

package/{tests → test}/permission-manager-unified.test.ts

@@ -8,8 +8,8 @@ import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { homedir, tmpdir } from "node:os";
 import { join } from "node:path";
 import { describe, expect, it } from "vitest";
-import { PermissionManager } from "../src/permission-manager";
-import type { Rule, Ruleset } from "../src/rule";
+import { PermissionManager } from "#src/permission-manager";
+import type { Rule, Ruleset } from "#src/rule";
 
 // ---------------------------------------------------------------------------
 // Helpers
@@ -666,9 +666,9 @@ describe("checkPermission — rule origin provenance", () => {
 // In-memory PolicyLoader stub tests — no filesystem required
 // ---------------------------------------------------------------------------
 
-import type { PolicyLoader } from "../src/permission-manager";
-import type { ResolvedPolicyPaths } from "../src/policy-loader";
-import type { ScopeConfig } from "../src/types";
+import type { PolicyLoader } from "#src/permission-manager";
+import type { ResolvedPolicyPaths } from "#src/policy-loader";
+import type { ScopeConfig } from "#src/types";
 
 /**
  * Minimal in-memory PolicyLoader for testing merge + evaluation logic
@@ -685,10 +685,12 @@ function createInMemoryPolicyLoader(
 ): PolicyLoader {
   const issues: string[] = [];
   return {
-    loadGlobalConfig: () => scopes.global ?? {},
-    loadProjectConfig: () => scopes.project ?? {},
+    loadGlobalConfig: () => scopes.global ?? ({} as const),
+    loadProjectConfig: () => scopes.project ?? ({} as const),
+    // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing -- || is intentional: handles both falsy name and missing key
     loadAgentConfig: (name?: string) => (name && scopes.agent?.[name]) || {},
     loadProjectAgentConfig: (name?: string) =>
+      // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing -- || is intentional: handles both falsy name and missing key
       (name && scopes.projectAgent?.[name]) || {},
     getConfiguredMcpServerNames: () => mcpServerNames,
     getCacheStamp: () => "in-memory",

package/{tests → test}/permission-merge.test.ts

@@ -1,6 +1,6 @@
 import { describe, expect, test } from "vitest";
 
-import { mergeFlatPermissions } from "../src/permission-merge";
+import { mergeFlatPermissions } from "#src/permission-merge";
 
 describe("mergeFlatPermissions", () => {
   test("string replaces string", () => {

package/{tests → test}/permission-prompter.test.ts

@@ -14,13 +14,13 @@ vi.mock("../src/forwarded-permissions/polling", () => ({
 // ── Imports (after mocks) ───────────────────────────────────────────────────
 
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
-import { DEFAULT_EXTENSION_CONFIG } from "../src/extension-config";
-import type { PermissionPromptDecision } from "../src/permission-dialog";
-import type { PromptPermissionDetails } from "../src/permission-prompter";
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
+import type { PermissionPromptDecision } from "#src/permission-dialog";
+import type { PromptPermissionDetails } from "#src/permission-prompter";
 import {
   PermissionPrompter,
   type PermissionPrompterDeps,
-} from "../src/permission-prompter";
+} from "#src/permission-prompter";
 
 // ── Helpers ─────────────────────────────────────────────────────────────────
 

package/{tests → test}/permission-prompts.test.ts

@@ -11,10 +11,10 @@ import {
   formatSkillAskPrompt,
   formatSkillPathAskPrompt,
   formatUnknownToolReason,
-} from "../src/permission-prompts";
-import type { SkillPromptEntry } from "../src/skill-prompt-sanitizer";
-import { formatToolInputForPrompt } from "../src/tool-input-preview";
-import type { PermissionCheckResult } from "../src/types";
+} from "#src/permission-prompts";
+import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
+import { formatToolInputForPrompt } from "#src/tool-input-preview";
+import type { PermissionCheckResult } from "#src/types";
 
 const mockedFormatToolInput = vi.mocked(formatToolInputForPrompt);
 

package/{tests → test}/permission-session.test.ts

@@ -29,16 +29,16 @@ vi.mock("../src/runtime", async (importOriginal) => {
 
 // ── Test helpers ───────────────────────────────────────────────────────────
 
-import type { ExtensionPaths } from "../src/extension-paths";
-import type { ForwardingController } from "../src/forwarding-manager";
-import type { PermissionManager } from "../src/permission-manager";
+import type { ExtensionPaths } from "#src/extension-paths";
+import type { ForwardingController } from "#src/forwarding-manager";
+import type { PermissionManager } from "#src/permission-manager";
 import {
   PermissionSession,
   type PermissionSessionRuntimeDeps,
-} from "../src/permission-session";
-import type { SessionLogger } from "../src/session-logger";
-import type { SkillPromptEntry } from "../src/skill-prompt-sanitizer";
-import type { PermissionCheckResult } from "../src/types";
+} from "#src/permission-session";
+import type { SessionLogger } from "#src/session-logger";
+import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
+import type { PermissionCheckResult } from "#src/types";
 
 function makeSkillEntry(
   name: string,
@@ -122,7 +122,7 @@ function makePermissionManager(
       toolName: "read",
       source: "tool",
       origin: "builtin",
-    } as PermissionCheckResult),
+    }),
     getToolPermission: vi.fn().mockReturnValue("allow"),
     getConfigIssues: vi.fn().mockReturnValue([]),
     getPolicyCacheStamp: vi.fn().mockReturnValue("stamp-1"),
@@ -260,7 +260,7 @@ describe("PermissionSession", () => {
           toolName: "bash",
           source: "bash",
           origin: "global",
-        } as PermissionCheckResult),
+        }),
       });
       mockCreatePermissionManagerForCwd.mockReturnValue(pm2);
       const { session } = createSession();

package/{tests → test}/permission-system.test.ts

@@ -14,39 +14,39 @@ import {
   createActiveToolsCacheKey,
   createBeforeAgentStartPromptStateKey,
   shouldApplyCachedAgentStartState,
-} from "../src/before-agent-start-cache";
-import { getGlobalConfigPath } from "../src/config-paths";
-import { DEFAULT_EXTENSION_CONFIG } from "../src/extension-config";
-import piPermissionSystemExtension from "../src/index";
-import { createPermissionSystemLogger } from "../src/logging";
+} from "#src/before-agent-start-cache";
+import { getGlobalConfigPath } from "#src/config-paths";
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
+import piPermissionSystemExtension from "#src/index";
+import { createPermissionSystemLogger } from "#src/logging";
 import {
   createPermissionForwardingLocation,
   isForwardedPermissionRequestForSession,
   resolvePermissionForwardingTargetSessionId,
   SUBAGENT_ENV_HINT_KEYS,
   SUBAGENT_PARENT_SESSION_ENV_KEY,
-} from "../src/permission-forwarding";
-import { PermissionManager } from "../src/permission-manager";
+} from "#src/permission-forwarding";
+import { PermissionManager } from "#src/permission-manager";
 import {
   findSkillPathMatch,
   parseAllSkillPromptSections,
   resolveSkillPromptEntries,
-} from "../src/skill-prompt-sanitizer";
-import { getPermissionSystemStatus } from "../src/status";
-import { sanitizeAvailableToolsSection } from "../src/system-prompt-sanitizer";
+} from "#src/skill-prompt-sanitizer";
+import { getPermissionSystemStatus } from "#src/status";
+import { sanitizeAvailableToolsSection } from "#src/system-prompt-sanitizer";
 import {
   checkRequestedToolRegistration,
   getToolNameFromValue,
-} from "../src/tool-registry";
+} from "#src/tool-registry";
 import type {
   PermissionCheckResult,
   PermissionState,
   ScopeConfig,
-} from "../src/types";
+} from "#src/types";
 import {
   canResolveAskPermissionRequest,
   shouldAutoApprovePermissionState,
-} from "../src/yolo-mode";
+} from "#src/yolo-mode";
 
 type CreateManagerOptions = {
   mcpServerNames?: readonly string[];
@@ -112,6 +112,7 @@ type ExtensionHarnessOptions = {
 
 const INHERITED_SUBAGENT_ENV_KEYS = [
   ...SUBAGENT_ENV_HINT_KEYS,
+  // eslint-disable-next-line @typescript-eslint/no-deprecated -- test uses deprecated alias intentionally
   SUBAGENT_PARENT_SESSION_ENV_KEY,
 ] as const;
 
@@ -121,6 +122,7 @@ async function withIsolatedSubagentEnv<T>(
   const originalValues = new Map<string, string | undefined>();
   for (const key of INHERITED_SUBAGENT_ENV_KEYS) {
     originalValues.set(key, process.env[key]);
+    // eslint-disable-next-line @typescript-eslint/no-dynamic-delete -- process.env cleanup requires dynamic delete
     delete process.env[key];
   }
 
@@ -129,6 +131,7 @@ async function withIsolatedSubagentEnv<T>(
   } finally {
     for (const [key, value] of originalValues.entries()) {
       if (value === undefined) {
+        // eslint-disable-next-line @typescript-eslint/no-dynamic-delete -- process.env cleanup requires dynamic delete
         delete process.env[key];
       } else {
         process.env[key] = value;
@@ -143,7 +146,7 @@ function createToolCallHarness(
   options: ExtensionHarnessOptions = {},
 ): ExtensionHarness {
   const baseDir = mkdtempSync(join(tmpdir(), "pi-permission-system-runtime-"));
-  const cwd = options.cwd || baseDir;
+  const cwd = options.cwd ?? baseDir;
   const prompts: string[] = [];
   const handlers: Record<string, MockHandler> = {};
   const originalAgentDir = process.env.PI_CODING_AGENT_DIR;
@@ -188,10 +191,7 @@ function createToolCallHarness(
     prompts,
     cleanup: async (): Promise<void> => {
       await Promise.resolve(
-        handlers.session_shutdown?.(
-          {},
-          createMockContext(cwd, prompts, options),
-        ),
+        handlers.session_shutdown({}, createMockContext(cwd, prompts, options)),
       );
       rmSync(baseDir, { recursive: true, force: true });
     },
@@ -236,7 +236,7 @@ async function runToolCall(
       handler(event, createMockContext(harness.cwd, harness.prompts, options)),
     ),
   );
-  return (result ?? {}) as Record<string, unknown>;
+  return result ?? {};
 }
 
 test("Yolo mode only auto-approves ask-state permissions", () => {
@@ -1515,7 +1515,7 @@ test("REGRESSION: resolveSkillPromptEntries sanitizes every available_skills blo
 
     expect(result.prompt).not.toContain("denied-skill");
     expect(result.prompt).toContain("visible-skill");
-    expect((result.prompt.match(/<available_skills>/g) || []).length).toBe(1);
+    expect((result.prompt.match(/<available_skills>/g) ?? []).length).toBe(1);
     expect(result.entries.map((entry) => entry.name)).toEqual([
       "visible-skill",
     ]);
@@ -2371,7 +2371,7 @@ test("session approval: session_shutdown clears session approvals", async () =>
       hasUI: true,
       selectResponse: "Yes",
     });
-    await Promise.resolve(harness.handlers.session_shutdown?.({}, shutdownCtx));
+    await Promise.resolve(harness.handlers.session_shutdown({}, shutdownCtx));
 
     // Access same path again — should prompt because cache was cleared
     const result = await runToolCall(

package/{tests → test}/pi-infrastructure-read.test.ts

@@ -15,8 +15,8 @@ vi.mock("node:child_process", () => ({
   default: { spawnSync: mockSpawnSync },
 }));
 
-import { discoverGlobalNodeModulesRoot } from "../src/node-modules-discovery";
-import { isPiInfrastructureRead } from "../src/path-utils";
+import { discoverGlobalNodeModulesRoot } from "#src/node-modules-discovery";
+import { isPiInfrastructureRead } from "#src/path-utils";
 
 // ── discoverGlobalNodeModulesRoot ──────────────────────────────────────────
 

package/{tests → test}/policy-loader.test.ts

@@ -2,7 +2,7 @@ import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { describe, expect, it } from "vitest";
-import { FilePolicyLoader } from "../src/policy-loader";
+import { FilePolicyLoader } from "#src/policy-loader";
 
 // ---------------------------------------------------------------------------
 // Helpers

package/{tests → test}/rule.test.ts

@@ -1,6 +1,6 @@
 import { describe, expect, test } from "vitest";
-import type { Rule, RuleOrigin, Ruleset } from "../src/rule";
-import { evaluate, evaluateFirst, evaluateMostRestrictive } from "../src/rule";
+import type { Rule, RuleOrigin, Ruleset } from "#src/rule";
+import { evaluate, evaluateFirst, evaluateMostRestrictive } from "#src/rule";
 
 describe("evaluate", () => {
   const allowBashGit: Rule = {

package/{tests → test}/runtime.test.ts

@@ -71,15 +71,15 @@ import {
   getGlobalConfigPath,
   getGlobalLogsDir,
   getProjectConfigPath,
-} from "../src/config-paths";
-import { DEFAULT_EXTENSION_CONFIG } from "../src/extension-config";
-import { PermissionManager } from "../src/permission-manager";
+} from "#src/config-paths";
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
+import { PermissionManager } from "#src/permission-manager";
 import {
   createExtensionRuntime,
   createPermissionManagerForCwd,
   derivePiProjectPaths,
   refreshExtensionConfig,
-} from "../src/runtime";
+} from "#src/runtime";
 
 // ── test suite ─────────────────────────────────────────────────────────────
 

package/{tests → test}/service.test.ts

@@ -1,12 +1,12 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { buildInputForSurface } from "../src/input-normalizer";
-import type { PermissionsService } from "../src/service";
+import { buildInputForSurface } from "#src/input-normalizer";
+import type { PermissionsService } from "#src/service";
 import {
   getPermissionsService,
   publishPermissionsService,
   unpublishPermissionsService,
-} from "../src/service";
-import type { PermissionCheckResult } from "../src/types";
+} from "#src/service";
+import type { PermissionCheckResult } from "#src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 

package/{tests → test}/session-logger.test.ts

@@ -1,6 +1,6 @@
 import { describe, expect, it, vi } from "vitest";
-import type { ExtensionRuntime } from "../src/runtime";
-import { createSessionLogger } from "../src/session-logger";
+import type { ExtensionRuntime } from "#src/runtime";
+import { createSessionLogger } from "#src/session-logger";
 
 // ── helpers ────────────────────────────────────────────────────────────────