@gotgenes/pi-permission-system 7.1.4 → 7.3.0

package/CHANGELOG.md

@@ -5,6 +5,32 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [7.3.0](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v7.2.0...pi-permission-system-v7.3.0) (2026-05-25)
+
+
+### Features
+
+* **pi-permission-system:** add SubagentSessionRegistry class ([a0ef16b](https://github.com/gotgenes/pi-packages/commit/a0ef16b8302f95b30cc11cb121441dbd164c276c))
+* **pi-permission-system:** detect in-process subagents via session registry ([c90b824](https://github.com/gotgenes/pi-packages/commit/c90b824b4515a1d5ca259348ae0b60c7d70f29d4))
+* **pi-permission-system:** expose registry and getToolPermission on PermissionsService ([984d2bb](https://github.com/gotgenes/pi-packages/commit/984d2bbb76f08cea91b5c0117eb356ae576ad6be))
+* **pi-permission-system:** resolve forwarding target from subagent registry ([5eb15af](https://github.com/gotgenes/pi-packages/commit/5eb15afe680bfd36627c2c21165b59a0ea5e227c))
+
+
+### Documentation
+
+* **pi-permission-system:** document subagent session registry API ([93c5c3e](https://github.com/gotgenes/pi-packages/commit/93c5c3e72b2b757a99eba17d1c6885ea49271403))
+* **pi-permission-system:** update architecture for subagent registry ([7b32e6a](https://github.com/gotgenes/pi-packages/commit/7b32e6a247e789b927e5cb3f19a367db0c110353))
+* plan subagent session registry and tool-level permission query ([#221](https://github.com/gotgenes/pi-packages/issues/221)) ([a11d91a](https://github.com/gotgenes/pi-packages/commit/a11d91aa1e13e846030deb0af37444c44eeda7c8))
+* **retro:** add planning stage notes for issue [#221](https://github.com/gotgenes/pi-packages/issues/221) ([cf434c2](https://github.com/gotgenes/pi-packages/commit/cf434c2f9711f26290a4635aea519f1f56e98cc7))
+* **retro:** add TDD stage notes for issue [#221](https://github.com/gotgenes/pi-packages/issues/221) ([e050898](https://github.com/gotgenes/pi-packages/commit/e05089840ee6bbb07cbeab5c55367e2dcd304866))
+
+## [7.2.0](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v7.1.4...pi-permission-system-v7.2.0) (2026-05-24)
+
+
+### Features
+
+* add eslint config with type-aware rules and import enforcement ([4fb3cc6](https://github.com/gotgenes/pi-packages/commit/4fb3cc678da10d350b85c464318476ba9ae99dca))
+
 ## [7.1.4](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v7.1.3...pi-permission-system-v7.1.4) (2026-05-23)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gotgenes/pi-permission-system",
-  "version": "7.1.4",
+  "version": "7.3.0",
   "description": "Permission enforcement extension for the Pi coding agent.",
   "type": "module",
   "exports": {
@@ -77,6 +77,6 @@
     "test": "vitest run",
     "test:watch": "vitest",
     "lint:md": "rumdl check *.md docs/**/*.md",
-    "lint": "biome check . && pnpm run lint:md"
+    "lint": "biome check . && eslint . && pnpm run lint:md"
   }
 }

package/src/active-agent.ts

@@ -49,7 +49,7 @@ export function getActiveAgentNameFromSystemPrompt(
     return null;
   }
 
-  const match = systemPrompt.match(ACTIVE_AGENT_TAG_REGEX);
+  const match = ACTIVE_AGENT_TAG_REGEX.exec(systemPrompt);
   if (!match?.[1]) {
     return null;
   }

package/src/bash-arity.ts

@@ -175,6 +175,7 @@ export function prefix(tokens: string[]): string[] {
       .map((t) => t.toLowerCase())
       .join(" ");
     const arity = ARITY[key];
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- ARITY record type hides that a key may be absent at runtime
     if (arity !== undefined) {
       return tokens.slice(0, Math.min(arity, tokens.length));
     }

package/src/config-modal.ts

@@ -61,6 +61,7 @@ function toOnOff(value: boolean): string {
 }
 
 function formatRulesSummary(rules: Ruleset): string {
+  // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- origin may be absent despite its type
   const configRules = rules.filter((r) => r.layer === "config" && r.origin);
   if (configRules.length === 0) return "";
   const formatted = configRules
@@ -171,6 +172,7 @@ async function openSettingsModal(
     margin: 1,
   };
 
+  // eslint-disable-next-line @typescript-eslint/no-invalid-void-type -- ctx.ui.custom<void> is valid; rule does not allow void in generic fn call type args
   await ctx.ui.custom<void>(
     (_tui, _theme, _keybindings, done) => {
       let current = controller.getConfig();

package/src/forwarded-permissions/io.ts

@@ -9,13 +9,13 @@ import {
   writeFileSync,
 } from "node:fs";
 
-import { isPermissionDecisionState } from "../permission-dialog";
+import { isPermissionDecisionState } from "#src/permission-dialog";
 import {
   createPermissionForwardingLocation,
   type ForwardedPermissionRequest,
   type ForwardedPermissionResponse,
   type PermissionForwardingLocation,
-} from "../permission-forwarding";
+} from "#src/permission-forwarding";
 
 type LogFn = (event: string, details: Record<string, unknown>) => void;
 
@@ -262,6 +262,7 @@ export function readForwardedPermissionRequest(
     const raw = readFileSync(filePath, "utf-8");
     const parsed = JSON.parse(raw) as Partial<ForwardedPermissionRequest>;
     if (
+      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- JSON.parse can return null for the string "null"
       !parsed ||
       typeof parsed.id !== "string" ||
       typeof parsed.createdAt !== "number" ||
@@ -303,6 +304,7 @@ export function readForwardedPermissionResponse(
     const raw = readFileSync(filePath, "utf-8");
     const parsed = JSON.parse(raw) as Partial<ForwardedPermissionResponse>;
     if (
+      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- JSON.parse can return null for the string "null"
       !parsed ||
       typeof parsed.approved !== "boolean" ||
       !isPermissionDecisionState(parsed.state) ||

package/src/forwarded-permissions/polling.ts

@@ -5,12 +5,12 @@ import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import {
   getActiveAgentName,
   getActiveAgentNameFromSystemPrompt,
-} from "../active-agent";
-import { toRecord } from "../common";
+} from "#src/active-agent";
+import { toRecord } from "#src/common";
 import type {
   PermissionPromptDecision,
   RequestPermissionOptions,
-} from "../permission-dialog";
+} from "#src/permission-dialog";
 import {
   type ForwardedPermissionRequest,
   type ForwardedPermissionResponse,
@@ -19,8 +19,9 @@ import {
   PERMISSION_FORWARDING_TIMEOUT_MS,
   resolvePermissionForwardingTargetSessionId,
   SUBAGENT_PARENT_SESSION_ENV_CANDIDATES,
-} from "../permission-forwarding";
-import { isSubagentExecutionContext } from "../subagent-context";
+} from "#src/permission-forwarding";
+import { isSubagentExecutionContext } from "#src/subagent-context";
+import type { SubagentSessionRegistry } from "#src/subagent-registry";
 
 import {
   cleanupPermissionForwardingLocationIfEmpty,
@@ -40,6 +41,8 @@ import {
 export interface PermissionForwardingDeps {
   forwardingDir: string;
   subagentSessionsDir: string;
+  /** In-process subagent session registry for detection and forwarding target resolution. */
+  registry?: SubagentSessionRegistry;
   logger: ForwardedPermissionLogger;
   writeReviewLog: (event: string, details: Record<string, unknown>) => void;
   requestPermissionDecisionFromUi: (
@@ -69,6 +72,7 @@ function getContextSystemPrompt(ctx: ExtensionContext): string | undefined {
   }
 
   try {
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment -- getSystemPrompt is a Pi SDK accessor returning any
     const systemPrompt = getSystemPrompt.call(ctx);
     return typeof systemPrompt === "string" ? systemPrompt : undefined;
   } catch (error) {
@@ -101,11 +105,18 @@ export async function waitForForwardedPermissionApproval(
   deps: PermissionForwardingDeps,
 ): Promise<PermissionPromptDecision> {
   const requesterSessionId = getSessionId(ctx);
+  const sessionDir = ctx.sessionManager.getSessionDir();
   const targetSessionId = resolvePermissionForwardingTargetSessionId({
     hasUI: ctx.hasUI,
-    isSubagent: isSubagentExecutionContext(ctx, deps.subagentSessionsDir),
+    isSubagent: isSubagentExecutionContext(
+      ctx,
+      deps.subagentSessionsDir,
+      deps.registry,
+    ),
     currentSessionId: requesterSessionId,
     env: process.env,
+    sessionDir,
+    registry: deps.registry,
   });
 
   if (!targetSessionId) {
@@ -135,8 +146,8 @@ export async function waitForForwardedPermissionApproval(
 
   const requestId = `${Date.now()}-${Math.random().toString(36).slice(2, 10)}-${process.pid}`;
   const requesterAgentName =
-    getActiveAgentName(ctx) ||
-    getActiveAgentNameFromSystemPrompt(getContextSystemPrompt(ctx)) ||
+    getActiveAgentName(ctx) ??
+    getActiveAgentNameFromSystemPrompt(getContextSystemPrompt(ctx)) ??
     "unknown";
   const request: ForwardedPermissionRequest = {
     id: requestId,
@@ -359,7 +370,9 @@ export async function confirmPermission(
     );
   }
 
-  if (!isSubagentExecutionContext(ctx, deps.subagentSessionsDir)) {
+  if (
+    !isSubagentExecutionContext(ctx, deps.subagentSessionsDir, deps.registry)
+  ) {
     return { approved: false, state: "denied" };
   }
 

package/src/forwarding-manager.ts

@@ -4,6 +4,7 @@ import type { PermissionForwardingDeps } from "./forwarded-permissions/polling";
 import { processForwardedPermissionRequests } from "./forwarded-permissions/polling";
 import { PERMISSION_FORWARDING_POLL_INTERVAL_MS } from "./permission-forwarding";
 import { isSubagentExecutionContext } from "./subagent-context";
+import type { SubagentSessionRegistry } from "./subagent-registry";
 
 /**
  * Narrow interface for the forwarding lifecycle used by `PermissionSession`.
@@ -30,6 +31,7 @@ export class ForwardingManager {
   constructor(
     private readonly subagentSessionsDir: string,
     private readonly forwardingDeps: PermissionForwardingDeps,
+    private readonly registry?: SubagentSessionRegistry,
   ) {}
 
   /**
@@ -41,7 +43,7 @@ export class ForwardingManager {
   start(ctx: ExtensionContext): void {
     if (
       !ctx.hasUI ||
-      isSubagentExecutionContext(ctx, this.subagentSessionsDir)
+      isSubagentExecutionContext(ctx, this.subagentSessionsDir, this.registry)
     ) {
       this.stop();
       return;

package/src/handlers/before-agent-start.ts

@@ -6,12 +6,12 @@ import type {
 import {
   createActiveToolsCacheKey,
   createBeforeAgentStartPromptStateKey,
-} from "../before-agent-start-cache";
-import type { PermissionSession } from "../permission-session";
-import { resolveSkillPromptEntries } from "../skill-prompt-sanitizer";
-import { sanitizeAvailableToolsSection } from "../system-prompt-sanitizer";
-import { getToolNameFromValue, type ToolRegistry } from "../tool-registry";
-import type { PermissionState } from "../types";
+} from "#src/before-agent-start-cache";
+import type { PermissionSession } from "#src/permission-session";
+import { resolveSkillPromptEntries } from "#src/skill-prompt-sanitizer";
+import { sanitizeAvailableToolsSection } from "#src/system-prompt-sanitizer";
+import { getToolNameFromValue, type ToolRegistry } from "#src/tool-registry";
+import type { PermissionState } from "#src/types";
 
 /** Minimal subset of BeforeAgentStartEvent used by this handler. */
 interface BeforeAgentStartPayload {
@@ -45,6 +45,7 @@ export class AgentPrepHandler {
     private readonly toolRegistry: ToolRegistry,
   ) {}
 
+  // eslint-disable-next-line @typescript-eslint/require-await
   async handle(
     event: BeforeAgentStartPayload,
     ctx: ExtensionContext,

package/src/handlers/gates/bash-path-extractor.ts

@@ -40,13 +40,11 @@ async function initParser(): Promise<TSParser> {
   const bashWasm = req.resolve("tree-sitter-bash/tree-sitter-bash.wasm");
   const bash = await Language.load(bashWasm);
   parser.setLanguage(bash);
-  return parser as TSParser;
+  return parser;
 }
 
 function getParser(): Promise<TSParser> {
-  if (!parserPromise) {
-    parserPromise = initParser();
-  }
+  parserPromise ??= initParser();
   return parserPromise;
 }
 
@@ -83,7 +81,7 @@ function resolveNodeText(node: TSNode): string {
     case "raw_string": {
       // Strip surrounding single quotes: 'content' → content
       const t = node.text;
-      if (t.length >= 2 && t[0] === "'" && t[t.length - 1] === "'") {
+      if (t.length >= 2 && t.startsWith("'") && t.endsWith("'")) {
         return t.slice(1, -1);
       }
       return t;

package/src/handlers/gates/bash-path.ts

@@ -73,7 +73,7 @@ export async function describeBashPathGate(
       worstToken = token;
       break; // Short-circuit on deny.
     }
-    if (check.state === "ask" && (!worstCheck || worstCheck.state !== "ask")) {
+    if (check.state === "ask" && worstCheck?.state !== "ask") {
       worstCheck = check;
       worstToken = token;
     }

package/src/handlers/gates/runner.ts

@@ -61,6 +61,7 @@ export async function runGateCheck(
       value: descriptor.decision.value,
       result: "allow",
       resolution: "session_approved",
+      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- ?? null normalises undefined to null for the log record
       origin: check.origin ?? null,
       agentName: agentName ?? null,
       matchedPattern: check.matchedPattern ?? null,
@@ -107,6 +108,7 @@ export async function runGateCheck(
       autoApproved = decision.autoApproved === true;
       return decision;
     },
+    // eslint-disable-next-line @typescript-eslint/unbound-method -- logger methods are plain functions; no this-binding issue
     writeLog: deps.writeReviewLog,
     logContext: { ...descriptor.logContext, agentName },
     messages,
@@ -128,6 +130,7 @@ export async function runGateCheck(
       canConfirm,
       autoApproved,
     ),
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- ?? null normalises undefined to null for the log record
     origin: check.origin ?? null,
     agentName: agentName ?? null,
     matchedPattern: check.matchedPattern ?? null,

package/src/handlers/lifecycle.ts

@@ -1,7 +1,7 @@
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 
-import type { PermissionSession } from "../permission-session";
-import { PERMISSION_SYSTEM_STATUS_KEY } from "../status";
+import type { PermissionSession } from "#src/permission-session";
+import { PERMISSION_SYSTEM_STATUS_KEY } from "#src/status";
 
 /** Minimal subset of SessionStartEvent used by this handler. */
 interface SessionStartPayload {
@@ -26,7 +26,7 @@ export class SessionLifecycleHandler {
     private readonly cleanupRpc: () => void,
   ) {}
 
-  async handleSessionStart(
+  handleSessionStart(
     event: SessionStartPayload,
     ctx: ExtensionContext,
   ): Promise<void> {
@@ -48,13 +48,12 @@ export class SessionLifecycleHandler {
         cwd: ctx.cwd,
       });
     }
+    return Promise.resolve();
   }
 
-  async handleResourcesDiscover(
-    event: ResourcesDiscoverPayload,
-  ): Promise<void> {
+  handleResourcesDiscover(event: ResourcesDiscoverPayload): Promise<void> {
     if (event.reason !== "reload") {
-      return;
+      return Promise.resolve();
     }
 
     const { session } = this;
@@ -64,9 +63,10 @@ export class SessionLifecycleHandler {
       reason: event.reason,
       cwd: session.getRuntimeContext()?.cwd ?? null,
     });
+    return Promise.resolve();
   }
 
-  async handleSessionShutdown(): Promise<void> {
+  handleSessionShutdown(): Promise<void> {
     const { session } = this;
     const ctx = session.getRuntimeContext();
     if (ctx) {
@@ -74,5 +74,6 @@ export class SessionLifecycleHandler {
     }
     session.shutdown();
     this.cleanupRpc();
+    return Promise.resolve();
   }
 }

package/src/handlers/permission-gate-handler.ts

@@ -3,24 +3,24 @@ import type {
   InputEventResult,
 } from "@earendil-works/pi-coding-agent";
 
-import { toRecord } from "../common";
+import { toRecord } from "#src/common";
 import {
   emitDecisionEvent,
   type PermissionEventBus,
-} from "../permission-events";
-import { applyPermissionGate } from "../permission-gate";
-import type { PromptPermissionDetails } from "../permission-prompter";
+} from "#src/permission-events";
+import { applyPermissionGate } from "#src/permission-gate";
+import type { PromptPermissionDetails } from "#src/permission-prompter";
 import {
   formatMissingToolNameReason,
   formatSkillAskPrompt,
   formatUnknownToolReason,
-} from "../permission-prompts";
-import type { PermissionSession } from "../permission-session";
+} from "#src/permission-prompts";
+import type { PermissionSession } from "#src/permission-session";
 import {
   checkRequestedToolRegistration,
   getToolNameFromValue,
   type ToolRegistry,
-} from "../tool-registry";
+} from "#src/tool-registry";
 import { describeBashExternalDirectoryGate } from "./gates/bash-external-directory";
 import { describeBashPathGate } from "./gates/bash-path";
 import type { GateRunnerDeps } from "./gates/descriptor";
@@ -104,6 +104,7 @@ export class PermissionGateHandler {
       session.prompt(ctx, details);
     const emitDecision: GateRunnerDeps["emitDecision"] = (e) =>
       emitDecisionEvent(this.events, e);
+    // eslint-disable-next-line @typescript-eslint/unbound-method -- logger.review is a plain function closure; no this-binding issue
     const writeReviewLog = session.logger.review;
     const checkPermission: GateRunnerDeps["checkPermission"] = (
       surface,
@@ -305,6 +306,7 @@ export class PermissionGateHandler {
         skillInputAutoApproved = decision.autoApproved === true;
         return decision;
       },
+      // eslint-disable-next-line @typescript-eslint/unbound-method -- logger.review is a plain function closure; no this-binding issue
       writeLog: session.logger.review,
       logContext: {
         source: "skill_input",
@@ -324,6 +326,7 @@ export class PermissionGateHandler {
       surface: "skill",
       value: skillName,
       result: skillInputGate.action === "allow" ? "allow" : "deny",
+      /* eslint-disable @typescript-eslint/no-unnecessary-condition -- defensive fallback; TypeScript narrows check.state before the ternary's else branch */
       resolution:
         check.state === "allow"
           ? "policy_allow"
@@ -336,6 +339,8 @@ export class PermissionGateHandler {
               : skillInputCanConfirm
                 ? "user_denied"
                 : "confirmation_unavailable",
+      /* eslint-enable @typescript-eslint/no-unnecessary-condition */
+      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- ?? null normalises undefined to null for the log record
       origin: check.origin ?? null,
       agentName: agentName ?? null,
       matchedPattern: check.matchedPattern ?? null,

package/src/index.ts

@@ -27,6 +27,7 @@ import {
 } from "./service";
 import { createSessionLogger } from "./session-logger";
 import { isSubagentExecutionContext } from "./subagent-context";
+import { SubagentSessionRegistry } from "./subagent-registry";
 import {
   canResolveAskPermissionRequest,
   shouldAutoApprovePermissionState,
@@ -34,18 +35,21 @@ import {
 
 export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
   const runtime = createExtensionRuntime();
+  const subagentRegistry = new SubagentSessionRegistry();
 
   const prompter = new PermissionPrompter({
     getConfig: () => runtime.config,
     writeReviewLog: runtime.writeReviewLog.bind(runtime),
     subagentSessionsDir: runtime.subagentSessionsDir,
     forwardingDir: runtime.forwardingDir,
+    registry: subagentRegistry,
     requestPermissionDecisionFromUi,
   });
 
   const forwardingDeps: PermissionForwardingDeps = {
     forwardingDir: runtime.forwardingDir,
     subagentSessionsDir: runtime.subagentSessionsDir,
+    registry: subagentRegistry,
     logger: {
       writeReviewLog: runtime.writeReviewLog.bind(runtime),
       writeDebugLog: runtime.writeDebugLog.bind(runtime),
@@ -61,7 +65,11 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
   const session = new PermissionSession(
     runtime,
     createSessionLogger(runtime),
-    new ForwardingManager(runtime.subagentSessionsDir, forwardingDeps),
+    new ForwardingManager(
+      runtime.subagentSessionsDir,
+      forwardingDeps,
+      subagentRegistry,
+    ),
     {
       refreshExtensionConfig: (ctx) => refreshExtensionConfig(runtime, ctx),
       logResolvedConfigPaths: () => logResolvedConfigPaths(runtime),
@@ -73,6 +81,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
           isSubagent: isSubagentExecutionContext(
             ctx,
             runtime.subagentSessionsDir,
+            subagentRegistry,
           ),
         }),
       promptPermission: (ctx, details) => prompter.prompt(ctx, details),
@@ -108,6 +117,15 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
         sessionRules,
       );
     },
+    registerSubagentSession(sessionKey, info) {
+      subagentRegistry.register(sessionKey, info);
+    },
+    unregisterSubagentSession(sessionKey) {
+      subagentRegistry.unregister(sessionKey);
+    },
+    getToolPermission(toolName, agentName) {
+      return runtime.permissionManager.getToolPermission(toolName, agentName);
+    },
   };
   publishPermissionsService(permissionsService);
 

package/src/logging.ts

@@ -21,12 +21,15 @@ export function safeJsonStringify(value: unknown): string | undefined {
     }
 
     if (typeof currentValue === "object" && currentValue !== null) {
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-argument -- JSON.stringify replacer receives any; currentValue is narrowed to object here
       if (seen.has(currentValue)) {
         return "[Circular]";
       }
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-argument -- same as above
       seen.add(currentValue);
     }
 
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-return -- JSON.stringify replacer must return any
     return currentValue;
   });
 }

package/src/node-modules-discovery.ts

@@ -40,7 +40,7 @@ function discoverGlobalNodeModulesViaSubprocess(): string | null {
       timeout: 5000,
       stdio: ["ignore", "pipe", "ignore"],
     });
-    const root = result.stdout?.trim();
+    const root = result.stdout.trim();
     if (result.status === 0 && root && existsSync(root)) {
       return root;
     }

package/src/normalize.ts

@@ -20,6 +20,7 @@ export function normalizeFlatConfig(permission: FlatPermissionConfig): Ruleset {
       if (isPermissionState(value)) {
         rules.push({ surface, pattern: "*", action: value, origin: "builtin" });
       }
+      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- defensive null check; value type does not include null but runtime JSON may
     } else if (typeof value === "object" && value !== null) {
       for (const [pattern, action] of Object.entries(value)) {
         if (isPermissionState(action)) {

package/src/permission-event-rpc.ts

@@ -1,3 +1,4 @@
+/* eslint-disable @typescript-eslint/no-deprecated -- this module implements the deprecated event-bus RPC channel; references to its own deprecated symbols are intentional */
 /**
  * Permission event bus RPC handlers.
  *
@@ -112,6 +113,7 @@ function handleCheckRpc(
     const data: PermissionsCheckReplyData = {
       result: result.state,
       matchedPattern: result.matchedPattern ?? null,
+      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- ?? null normalises undefined to null for the reply record
       origin: result.origin ?? null,
     };
     events.emit(replyChannel, successReply(data));

package/src/permission-forwarding.ts

@@ -1,6 +1,7 @@
 import { join } from "node:path";
 
 import type { PermissionDecisionState } from "./permission-dialog";
+import type { SubagentSessionRegistry } from "./subagent-registry";
 
 export const PERMISSION_FORWARDING_POLL_INTERVAL_MS = 250;
 export const PERMISSION_FORWARDING_TIMEOUT_MS = 10 * 60 * 1000;
@@ -118,6 +119,10 @@ export function resolvePermissionForwardingTargetSessionId(options: {
   isSubagent: boolean;
   currentSessionId?: string | null;
   env?: NodeJS.ProcessEnv;
+  /** Session directory key for registry lookup. */
+  sessionDir?: string;
+  /** In-process subagent session registry (checked before env vars). */
+  registry?: SubagentSessionRegistry;
 }): string | null {
   if (options.hasUI) {
     return normalizePermissionForwardingSessionId(options.currentSessionId);
@@ -127,6 +132,16 @@ export function resolvePermissionForwardingTargetSessionId(options: {
     return null;
   }
 
+  // 1. Registry — in-process subagents register parentSessionId explicitly.
+  if (options.registry && options.sessionDir) {
+    const entry = options.registry.get(options.sessionDir);
+    const resolved = normalizePermissionForwardingSessionId(
+      entry?.parentSessionId,
+    );
+    if (resolved) return resolved;
+  }
+
+  // 2. Env vars — process-based subagent extensions.
   const env = options.env ?? process.env;
   for (const key of SUBAGENT_PARENT_SESSION_ENV_CANDIDATES) {
     const resolved = normalizePermissionForwardingSessionId(env[key]);

package/src/permission-manager.ts

@@ -78,7 +78,7 @@ export class PermissionManager {
   }
 
   private resolvePermissions(agentName?: string): ResolvedPermissions {
-    const cacheKey = agentName || "__global__";
+    const cacheKey = agentName ?? "__global__";
     const stamp = this.loader.getCacheStamp(agentName);
     const cached = this.resolvedPermissionsCache.get(cacheKey);
     if (cached?.stamp === stamp) {
@@ -107,17 +107,19 @@ export class PermissionManager {
 
       for (const [surface, value] of Object.entries(scope.permission)) {
         const baseVal = mergedPermission[surface];
+        /* eslint-disable @typescript-eslint/no-unnecessary-condition -- defensive null/type checks; config values may differ at runtime */
         const bothObjects =
           typeof baseVal === "object" &&
           baseVal !== null &&
           typeof value === "object" &&
           value !== null;
+        /* eslint-enable @typescript-eslint/no-unnecessary-condition */
 
         if (bothObjects) {
           // Shallow-merge: each incoming pattern is attributed to this scope;
           // existing patterns from lower scopes keep their earlier origin.
           if (!origins.has(surface)) origins.set(surface, new Map());
-          for (const pattern of Object.keys(value as Record<string, unknown>)) {
+          for (const pattern of Object.keys(value)) {
             origins.get(surface)!.set(pattern, scopeName);
           }
         } else {
@@ -125,10 +127,9 @@ export class PermissionManager {
           const surfaceOrigins = new Map<string, RuleOrigin>();
           if (typeof value === "string") {
             surfaceOrigins.set("*", scopeName);
+            // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- defensive null check
           } else if (typeof value === "object" && value !== null) {
-            for (const pattern of Object.keys(
-              value as Record<string, unknown>,
-            )) {
+            for (const pattern of Object.keys(value)) {
               surfaceOrigins.set(pattern, scopeName);
             }
           }
@@ -146,7 +147,7 @@ export class PermissionManager {
     // The "*" key feeds synthesizeDefaults() only — it is NOT included as a
     // config rule so that extension tools fall through to source:"default".
     const universalFallback = isPermissionState(mergedPermission["*"])
-      ? (mergedPermission["*"] as PermissionState)
+      ? mergedPermission["*"]
       : DEFAULT_UNIVERSAL_FALLBACK;
     // Track which scope contributed the universal fallback.
     const universalFallbackOrigin: RuleOrigin =

package/src/permission-merge.ts

@@ -12,15 +12,17 @@ export function mergeFlatPermissions(
   const merged: FlatPermissionConfig = { ...base };
   for (const [key, value] of Object.entries(override)) {
     const baseVal = merged[key];
+    /* eslint-disable @typescript-eslint/no-unnecessary-condition -- defensive null/type checks; config values may differ at runtime */
     if (
       typeof baseVal === "object" &&
       baseVal !== null &&
       typeof value === "object" &&
       value !== null
     ) {
+      /* eslint-enable @typescript-eslint/no-unnecessary-condition */
       merged[key] = {
-        ...(baseVal as Record<string, PermissionState>),
-        ...(value as Record<string, PermissionState>),
+        ...baseVal,
+        ...value,
       };
     } else {
       merged[key] = value;