@gotgenes/pi-permission-system 7.1.4 → 7.3.0

package/src/permission-prompter.ts

@@ -9,6 +9,7 @@ import type {
   PermissionPromptDecision,
   RequestPermissionOptions,
 } from "./permission-dialog";
+import type { SubagentSessionRegistry } from "./subagent-registry";
 import { shouldAutoApprovePermissionState } from "./yolo-mode";
 
 export type PermissionReviewSource = "tool_call" | "skill_input" | "skill_read";
@@ -54,6 +55,8 @@ export interface PermissionPrompterDeps {
   subagentSessionsDir: string;
   /** Directory used for file-based permission forwarding requests/responses. */
   forwardingDir: string;
+  /** In-process subagent session registry for detection and forwarding target resolution. */
+  registry?: SubagentSessionRegistry;
   /** Show the interactive permission dialog in the UI. */
   requestPermissionDecisionFromUi(
     ui: ExtensionContext["ui"],
@@ -148,14 +151,18 @@ export class PermissionPrompter implements PermissionPrompterApi {
   private buildForwardingDeps(): PermissionForwardingDeps {
     const { deps } = this;
     const logger: ForwardedPermissionLogger = {
+      // eslint-disable-next-line @typescript-eslint/unbound-method -- logger methods are plain function closures; no this-binding issue
       writeReviewLog: deps.writeReviewLog,
       writeDebugLog: () => undefined,
     };
     return {
       forwardingDir: deps.forwardingDir,
       subagentSessionsDir: deps.subagentSessionsDir,
+      registry: deps.registry,
       logger,
+      // eslint-disable-next-line @typescript-eslint/unbound-method -- logger methods are plain function closures; no this-binding issue
       writeReviewLog: deps.writeReviewLog,
+      // eslint-disable-next-line @typescript-eslint/unbound-method -- same as above
       requestPermissionDecisionFromUi: deps.requestPermissionDecisionFromUi,
       shouldAutoApprove: () => false,
     };

package/src/permission-prompts.ts

@@ -38,7 +38,7 @@ export function formatAskPrompt(
     const patternInfo = result.matchedPattern
       ? ` (matched '${result.matchedPattern}')`
       : "";
-    return `${subject} requested bash command '${result.command || ""}'${patternInfo}. Allow this command?`;
+    return `${subject} requested bash command '${result.command ?? ""}'${patternInfo}. Allow this command?`;
   }
 
   if ((result.source === "mcp" || result.toolName === "mcp") && result.target) {

package/src/policy-loader.ts

@@ -169,12 +169,12 @@ export class FilePolicyLoader implements PolicyLoader {
 
   constructor(options: PolicyLoaderOptions = {}) {
     this.globalConfigPath =
-      options.globalConfigPath || defaultGlobalConfigPath();
-    this.agentsDir = options.agentsDir || defaultAgentsDir();
-    this.projectGlobalConfigPath = options.projectGlobalConfigPath || null;
-    this.projectAgentsDir = options.projectAgentsDir || null;
+      options.globalConfigPath ?? defaultGlobalConfigPath();
+    this.agentsDir = options.agentsDir ?? defaultAgentsDir();
+    this.projectGlobalConfigPath = options.projectGlobalConfigPath ?? null;
+    this.projectAgentsDir = options.projectAgentsDir ?? null;
     this.globalMcpConfigPath =
-      options.globalMcpConfigPath || defaultGlobalMcpConfigPath();
+      options.globalMcpConfigPath ?? defaultGlobalMcpConfigPath();
     this.configuredMcpServerNamesOverride = options.mcpServerNames
       ? [
           ...new Set(

package/src/service.ts

@@ -11,9 +11,10 @@
  * reference — this ensures resilience across `/reload` and load-order edge cases.
  */
 
+import type { SubagentSessionInfo } from "./subagent-registry";
 import type { PermissionCheckResult, PermissionState } from "./types";
 
-export type { PermissionCheckResult, PermissionState };
+export type { PermissionCheckResult, PermissionState, SubagentSessionInfo };
 
 /** Process-global key for the service slot. */
 const SERVICE_KEY = Symbol.for("@gotgenes/pi-permission-system:service");
@@ -42,6 +43,40 @@ export interface PermissionsService {
     value?: string,
     agentName?: string,
   ): PermissionCheckResult;
+
+  /**
+   * Register an in-process subagent session.
+   *
+   * Call this before `bindExtensions()` so that `isSubagentExecutionContext()`
+   * and permission-forwarding target resolution can detect the child session.
+   * Always pair with `unregisterSubagentSession()` in a `finally` block.
+   *
+   * @param sessionKey - Unique session identifier (use the session directory path).
+   * @param info       - Agent name and optional parent session ID.
+   */
+  registerSubagentSession(sessionKey: string, info: SubagentSessionInfo): void;
+
+  /**
+   * Remove a previously registered in-process subagent session.
+   *
+   * Safe to call even if `registerSubagentSession` was never called for this key.
+   *
+   * @param sessionKey - The same key passed to `registerSubagentSession`.
+   */
+  unregisterSubagentSession(sessionKey: string): void;
+
+  /**
+   * Query the tool-level permission state for pre-filtering tools before
+   * creating a child session.
+   *
+   * Returns `"deny"` | `"allow"` | `"ask"` based on the composed policy.
+   * Does not consider command-level rules (e.g. per-bash-command patterns) —
+   * use `checkPermission` for runtime invocation gates.
+   *
+   * @param toolName  - Tool name (e.g. `"bash"`, `"read"`, `"my-extension:tool"`).
+   * @param agentName - Optional agent name for per-agent policy resolution.
+   */
+  getToolPermission(toolName: string, agentName?: string): PermissionState;
 }
 
 /**
@@ -71,5 +106,6 @@ export function getPermissionsService(): PermissionsService | undefined {
  * extension is torn down.
  */
 export function unpublishPermissionsService(): void {
+  // eslint-disable-next-line @typescript-eslint/no-dynamic-delete -- Symbol-keyed global property; Map.delete() is not applicable
   delete (globalThis as Record<symbol, unknown>)[SERVICE_KEY];
 }

package/src/skill-prompt-sanitizer.ts

@@ -70,9 +70,9 @@ function parseSkillEntries(sectionBody: string): ParsedSkillPromptEntry[] {
 
   for (const match of sectionBody.matchAll(skillBlockRegex)) {
     const block = match[1];
-    const nameMatch = block.match(SKILL_NAME_REGEX);
-    const descriptionMatch = block.match(SKILL_DESCRIPTION_REGEX);
-    const locationMatch = block.match(SKILL_LOCATION_REGEX);
+    const nameMatch = SKILL_NAME_REGEX.exec(block);
+    const descriptionMatch = SKILL_DESCRIPTION_REGEX.exec(block);
+    const locationMatch = SKILL_LOCATION_REGEX.exec(block);
 
     if (!nameMatch || !descriptionMatch || !locationMatch) {
       continue;

package/src/subagent-context.ts

@@ -2,6 +2,7 @@ import { normalize } from "node:path";
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 
 import { SUBAGENT_ENV_HINT_KEYS } from "./permission-forwarding";
+import type { SubagentSessionRegistry } from "./subagent-registry";
 
 export function normalizeFilesystemPath(pathValue: string): string {
   const normalizedPath = normalize(pathValue);
@@ -30,7 +31,18 @@ function isPathWithinDirectoryForSubagent(
 export function isSubagentExecutionContext(
   ctx: ExtensionContext,
   subagentSessionsDir: string,
+  registry?: SubagentSessionRegistry,
 ): boolean {
+  const sessionDir = ctx.sessionManager.getSessionDir();
+
+  // 1. Explicit registry — in-process subagent extensions register before
+  //    bindExtensions(); checked first so it takes priority over heuristics.
+  if (registry && sessionDir && registry.has(sessionDir)) {
+    return true;
+  }
+
+  // 2. Env vars — process-based subagent extensions (nicobailon/pi-subagents,
+  //    HazAT/pi-interactive-subagents, pi-agent-router, etc.).
   for (const key of SUBAGENT_ENV_HINT_KEYS) {
     const value = process.env[key];
     if (typeof value === "string" && value.trim()) {
@@ -38,7 +50,8 @@ export function isSubagentExecutionContext(
     }
   }
 
-  const sessionDir = ctx.sessionManager.getSessionDir();
+  // 3. Filesystem path — fallback heuristic for extensions that store sessions
+  //    under a known subagent root directory.
   if (!sessionDir) {
     return false;
   }

package/src/subagent-registry.ts

@@ -0,0 +1,60 @@
+/**
+ * subagent-registry.ts — In-process subagent session registry.
+ *
+ * In-process subagent extensions (e.g. `@gotgenes/pi-subagents`) register
+ * each child session here before calling `bindExtensions()` so that
+ * `isSubagentExecutionContext()` and permission-forwarding target resolution
+ * can detect them without relying on environment variables or filesystem
+ * heuristics.
+ *
+ * The registry is keyed by session directory path, which is unique per
+ * session and available to both producer and consumer via
+ * `ctx.sessionManager.getSessionDir()`.
+ */
+
+/** Signal stored per registered in-process subagent session. */
+export interface SubagentSessionInfo {
+  /** Parent session ID for permission forwarding. Omit when unknown. */
+  parentSessionId?: string;
+  /** Agent name for per-agent policy resolution. */
+  agentName: string;
+}
+
+/**
+ * Registry of active in-process subagent sessions.
+ *
+ * Owned by `ExtensionRuntime`; exposed to external callers through the
+ * `PermissionsService` interface (`registerSubagentSession` /
+ * `unregisterSubagentSession`).
+ *
+ * Concurrent background agents are safe because each session has a unique
+ * directory path as its key — no scalar global flag is needed.
+ */
+export class SubagentSessionRegistry {
+  private readonly sessions = new Map<string, SubagentSessionInfo>();
+
+  /**
+   * Register an in-process subagent session.
+   *
+   * If a previous entry exists for `sessionKey`, it is overwritten
+   * (last-write-wins; single-writer expected per key).
+   */
+  register(sessionKey: string, info: SubagentSessionInfo): void {
+    this.sessions.set(sessionKey, info);
+  }
+
+  /** Remove a previously registered session. No-op if the key is absent. */
+  unregister(sessionKey: string): void {
+    this.sessions.delete(sessionKey);
+  }
+
+  /** Return the registered info for `sessionKey`, or `undefined` if absent. */
+  get(sessionKey: string): SubagentSessionInfo | undefined {
+    return this.sessions.get(sessionKey);
+  }
+
+  /** Return `true` when `sessionKey` has a registered entry. */
+  has(sessionKey: string): boolean {
+    return this.sessions.has(sessionKey);
+  }
+}

package/src/tool-registry.ts

@@ -35,7 +35,7 @@ function buildReverseAliases(
   const reverse = new Map<string, string[]>();
 
   for (const [alias, canonical] of Object.entries(aliases)) {
-    const existing = reverse.get(canonical) || [];
+    const existing = reverse.get(canonical) ?? [];
     if (!existing.includes(alias)) {
       existing.push(alias);
     }

package/src/yolo-mode.ts

@@ -10,7 +10,8 @@ export interface AskPermissionResolutionOptions {
 export function isYoloModeEnabled(
   config: PermissionSystemExtensionConfig,
 ): boolean {
-  return config.yoloMode === true;
+  // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-conversion -- typed as boolean but may be undefined at runtime (untyped callers); Boolean() guards against that
+  return Boolean(config.yoloMode);
 }
 
 export function shouldAutoApprovePermissionState(

package/test/config-modal.test.ts

@@ -68,7 +68,7 @@ function createCommandContext(hasUI: boolean): {
 }
 
 function lastNotification(notifications: Notification[]): Notification {
-  return notifications[notifications.length - 1] as Notification;
+  return notifications[notifications.length - 1];
 }
 
 test("permission-system command completions expose top-level config actions", () => {
@@ -101,7 +101,7 @@ test("permission-system command completions expose top-level config actions", ()
           definition = nextDefinition;
         },
       } as never,
-      controller as never,
+      controller,
     );
 
     expect(definition!.getArgumentCompletions).toBeTypeOf("function");
@@ -172,13 +172,11 @@ test("permission-system command handlers manage config summary, persistence, and
           definition = nextDefinition;
         },
       } as never,
-      controller as never,
+      controller,
     );
 
     expect(registeredName).toBe("permission-system");
-    expect(definition!.description ?? "").toContain(
-      "Configure pi-permission-system",
-    );
+    expect(definition!.description).toContain("Configure pi-permission-system");
 
     const infoCtx = createCommandContext(true);
     await definition!.handler("show", infoCtx.ctx);
@@ -267,7 +265,7 @@ test("show output includes rule origins when getComposedRules is provided", asyn
         definition = nextDef;
       },
     } as never,
-    controller as never,
+    controller,
   );
 
   const ctx = createCommandContext(true);
@@ -300,7 +298,7 @@ test("show output omits rule summary when getComposedRules is not provided", asy
         definition = nextDef;
       },
     } as never,
-    controller as never,
+    controller,
   );
 
   const ctx = createCommandContext(true);

package/test/forwarding-manager.test.ts

@@ -205,6 +205,7 @@ describe("ForwardingManager", () => {
       expect(mockIsSubagentExecutionContext).toHaveBeenCalledWith(
         ctx,
         "/custom/subagent-dir",
+        undefined,
       );
     });
   });

package/test/handlers/before-agent-start.test.ts

@@ -52,7 +52,7 @@ function makeSession(
     activate: vi.fn(),
     refreshConfig: vi.fn(),
     resolveAgentName: vi.fn().mockReturnValue(null),
-    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getToolPermission: vi.fn().mockReturnValue("allow"),
     checkPermission: vi.fn().mockReturnValue({ state: "allow" }),
     shouldUpdateActiveTools: vi.fn().mockReturnValue(true),
     commitActiveToolsCacheKey: vi.fn(),

package/test/handlers/external-directory-integration.test.ts

@@ -110,7 +110,7 @@ function makeSession(
     activate: vi.fn(),
     resolveAgentName: vi.fn().mockReturnValue(null),
     checkPermission: makeCheckPermission("deny"),
-    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
     approveSessionRule: vi.fn(),
     getActiveSkillEntries: vi.fn().mockReturnValue([]),

package/test/handlers/gates/skill-read.test.ts

@@ -74,7 +74,7 @@ describe("describeSkillReadGate", () => {
       makeSkillEntry({ state: "ask" }),
     ]);
     expect(result).not.toBeNull();
-    const desc = result as GateDescriptor;
+    const desc = result!;
     expect(desc.preResolved).toEqual({ state: "ask" });
   });
 
@@ -83,7 +83,7 @@ describe("describeSkillReadGate", () => {
       makeSkillEntry({ state: "allow" }),
     ]);
     expect(result).not.toBeNull();
-    const desc = result as GateDescriptor;
+    const desc = result!;
     expect(desc.preResolved).toEqual({ state: "allow" });
   });
 
@@ -92,14 +92,14 @@ describe("describeSkillReadGate", () => {
       makeSkillEntry({ state: "deny" }),
     ]);
     expect(result).not.toBeNull();
-    const desc = result as GateDescriptor;
+    const desc = result!;
     expect(desc.preResolved).toEqual({ state: "deny" });
   });
 
   it("decision surface is 'skill' and decision value is the skill name", () => {
     const result = describeSkillReadGate(makeTcc(), () => [
       makeSkillEntry({ name: "my-skill" }),
-    ]) as GateDescriptor;
+    ])!;
     expect(result.decision.surface).toBe("skill");
     expect(result.decision.value).toBe("my-skill");
   });
@@ -107,7 +107,7 @@ describe("describeSkillReadGate", () => {
   it("denialContext contains the skill name and read path", () => {
     const result = describeSkillReadGate(makeTcc(), () => [
       makeSkillEntry({ name: "librarian" }),
-    ]) as GateDescriptor;
+    ])!;
     expect(result.denialContext).toEqual({
       kind: "skill_read",
       skillName: "librarian",
@@ -120,7 +120,7 @@ describe("describeSkillReadGate", () => {
     const result = describeSkillReadGate(
       makeTcc({ agentName: "test-agent", toolCallId: "tc-42" }),
       () => [makeSkillEntry({ name: "my-skill" })],
-    ) as GateDescriptor;
+    )!;
     expect(result.promptDetails).toMatchObject({
       source: "skill_read",
       agentName: "test-agent",
@@ -135,7 +135,7 @@ describe("describeSkillReadGate", () => {
     const result = describeSkillReadGate(
       makeTcc({ agentName: "agent-1" }),
       () => [makeSkillEntry({ name: "librarian" })],
-    ) as GateDescriptor;
+    )!;
     expect(result.logContext).toMatchObject({
       source: "skill_read",
       skillName: "librarian",
@@ -144,9 +144,7 @@ describe("describeSkillReadGate", () => {
   });
 
   it("surface is 'skill' on the descriptor", () => {
-    const result = describeSkillReadGate(makeTcc(), () => [
-      makeSkillEntry(),
-    ]) as GateDescriptor;
+    const result = describeSkillReadGate(makeTcc(), () => [makeSkillEntry()])!;
     expect(result.surface).toBe("skill");
   });
 });

package/test/handlers/gates/tool.test.ts

@@ -93,7 +93,7 @@ describe("describeToolGate", () => {
   it("populates denialContext with agent name when provided", () => {
     const check = makeCheckResult("ask", { toolName: "read" });
     const desc = describeToolGate(makeTcc({ agentName: "my-agent" }), check);
-    expect(desc.denialContext!.agentName).toBe("my-agent");
+    expect(desc.denialContext.agentName).toBe("my-agent");
   });
 
   it("populates denialContext with input for tool context", () => {

package/test/handlers/input-events.test.ts

@@ -54,7 +54,7 @@ function makeSession(
       origin: "global",
       matchedPattern: "*",
     }),
-    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
     approveSessionRule: vi.fn(),
     canPrompt: vi.fn().mockReturnValue(true),

package/test/handlers/input.test.ts

@@ -42,7 +42,7 @@ function makeSession(
     activate: vi.fn(),
     resolveAgentName: vi.fn().mockReturnValue(null),
     checkPermission: vi.fn().mockReturnValue({ state: "allow" }),
-    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
     approveSessionRule: vi.fn(),
     canPrompt: vi.fn().mockReturnValue(true),

package/test/handlers/tool-call-events.test.ts

@@ -75,7 +75,7 @@ function makeSession(
     activate: vi.fn(),
     resolveAgentName: vi.fn().mockReturnValue(null),
     checkPermission: vi.fn().mockReturnValue(makeCheckResult("allow")),
-    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
     approveSessionRule: vi.fn(),
     getActiveSkillEntries: vi.fn().mockReturnValue([]),

package/test/handlers/tool-call.test.ts

@@ -66,7 +66,7 @@ function makeSession(
     activate: vi.fn(),
     resolveAgentName: vi.fn().mockReturnValue(null),
     checkPermission: vi.fn().mockReturnValue(makePermissionResult("allow")),
-    getToolPermission: vi.fn().mockReturnValue("allow" as PermissionState),
+    getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
     approveSessionRule: vi.fn(),
     getActiveSkillEntries: vi.fn().mockReturnValue([]),

package/test/permission-event-rpc.test.ts

@@ -1,3 +1,4 @@
+/* eslint-disable @typescript-eslint/no-deprecated -- tests the deprecated RPC channel implementation */
 import { createEventBus } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
 import {

package/test/permission-events.test.ts

@@ -1,3 +1,4 @@
+/* eslint-disable @typescript-eslint/no-deprecated -- tests the deprecated RPC channel implementation */
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { dirname, join } from "node:path";
@@ -164,6 +165,7 @@ describe("type shapes (PermissionsRpcReply)", () => {
       error: "no_ui",
     };
     expect(reply.success).toBe(false);
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- narrowing on discriminated union
     if (!reply.success) {
       expect(reply.error).toBe("no_ui");
     }

package/test/permission-forwarding.test.ts

@@ -4,6 +4,7 @@ import {
   SUBAGENT_PARENT_SESSION_ENV_CANDIDATES,
   SUBAGENT_PARENT_SESSION_ENV_KEY,
 } from "#src/permission-forwarding";
+import { SubagentSessionRegistry } from "#src/subagent-registry";
 
 afterEach(() => {
   vi.unstubAllEnvs();
@@ -24,6 +25,7 @@ describe("SUBAGENT_PARENT_SESSION_ENV_CANDIDATES", () => {
   });
 
   test("deprecated SUBAGENT_PARENT_SESSION_ENV_KEY equals the first candidate", () => {
+    // eslint-disable-next-line @typescript-eslint/no-deprecated -- test verifying the deprecated alias
     expect(SUBAGENT_PARENT_SESSION_ENV_KEY).toBe(
       SUBAGENT_PARENT_SESSION_ENV_CANDIDATES[0],
     );
@@ -145,3 +147,99 @@ describe("resolvePermissionForwardingTargetSessionId", () => {
     ).toBe("env-session-abc");
   });
 });
+
+describe("resolvePermissionForwardingTargetSessionId — registry resolution", () => {
+  const sessionDir =
+    "/home/user/projects/.pi/sessions/parent/tasks/session-abc";
+
+  test("returns parentSessionId from registry when env vars are absent", () => {
+    const registry = new SubagentSessionRegistry();
+    registry.register(sessionDir, {
+      agentName: "Explore",
+      parentSessionId: "parent-from-registry",
+    });
+
+    expect(
+      resolvePermissionForwardingTargetSessionId({
+        hasUI: false,
+        isSubagent: true,
+        sessionDir,
+        registry,
+        env: {},
+      }),
+    ).toBe("parent-from-registry");
+  });
+
+  test("registry takes priority over env vars", () => {
+    const registry = new SubagentSessionRegistry();
+    registry.register(sessionDir, {
+      agentName: "Explore",
+      parentSessionId: "parent-from-registry",
+    });
+
+    expect(
+      resolvePermissionForwardingTargetSessionId({
+        hasUI: false,
+        isSubagent: true,
+        sessionDir,
+        registry,
+        env: { PI_AGENT_ROUTER_PARENT_SESSION_ID: "parent-from-env" },
+      }),
+    ).toBe("parent-from-registry");
+  });
+
+  test("falls through to env vars when registry entry has no parentSessionId", () => {
+    const registry = new SubagentSessionRegistry();
+    registry.register(sessionDir, { agentName: "Explore" }); // no parentSessionId
+
+    expect(
+      resolvePermissionForwardingTargetSessionId({
+        hasUI: false,
+        isSubagent: true,
+        sessionDir,
+        registry,
+        env: { PI_AGENT_ROUTER_PARENT_SESSION_ID: "parent-from-env" },
+      }),
+    ).toBe("parent-from-env");
+  });
+
+  test("falls through to env vars when sessionDir is not in registry", () => {
+    const registry = new SubagentSessionRegistry(); // empty
+
+    expect(
+      resolvePermissionForwardingTargetSessionId({
+        hasUI: false,
+        isSubagent: true,
+        sessionDir,
+        registry,
+        env: { PI_AGENT_ROUTER_PARENT_SESSION_ID: "parent-from-env" },
+      }),
+    ).toBe("parent-from-env");
+  });
+
+  test("returns null when registry entry has no parentSessionId and no env vars set", () => {
+    const registry = new SubagentSessionRegistry();
+    registry.register(sessionDir, { agentName: "Explore" }); // no parentSessionId
+
+    expect(
+      resolvePermissionForwardingTargetSessionId({
+        hasUI: false,
+        isSubagent: true,
+        sessionDir,
+        registry,
+        env: {},
+      }),
+    ).toBeNull();
+  });
+
+  test("omitting registry preserves existing behaviour", () => {
+    expect(
+      resolvePermissionForwardingTargetSessionId({
+        hasUI: false,
+        isSubagent: true,
+        sessionDir,
+        env: { PI_AGENT_ROUTER_PARENT_SESSION_ID: "parent-from-env" },
+      }),
+    ).toBe("parent-from-env");
+  });
+});

package/test/permission-manager-unified.test.ts

@@ -685,10 +685,12 @@ function createInMemoryPolicyLoader(
 ): PolicyLoader {
   const issues: string[] = [];
   return {
-    loadGlobalConfig: () => scopes.global ?? {},
-    loadProjectConfig: () => scopes.project ?? {},
+    loadGlobalConfig: () => scopes.global ?? ({} as const),
+    loadProjectConfig: () => scopes.project ?? ({} as const),
+    // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing -- || is intentional: handles both falsy name and missing key
     loadAgentConfig: (name?: string) => (name && scopes.agent?.[name]) || {},
     loadProjectAgentConfig: (name?: string) =>
+      // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing -- || is intentional: handles both falsy name and missing key
       (name && scopes.projectAgent?.[name]) || {},
     getConfiguredMcpServerNames: () => mcpServerNames,
     getCacheStamp: () => "in-memory",

package/test/permission-session.test.ts

@@ -122,7 +122,7 @@ function makePermissionManager(
       toolName: "read",
       source: "tool",
       origin: "builtin",
-    } as PermissionCheckResult),
+    }),
     getToolPermission: vi.fn().mockReturnValue("allow"),
     getConfigIssues: vi.fn().mockReturnValue([]),
     getPolicyCacheStamp: vi.fn().mockReturnValue("stamp-1"),
@@ -260,7 +260,7 @@ describe("PermissionSession", () => {
           toolName: "bash",
           source: "bash",
           origin: "global",
-        } as PermissionCheckResult),
+        }),
       });
       mockCreatePermissionManagerForCwd.mockReturnValue(pm2);
       const { session } = createSession();