npm - @gotgenes/pi-permission-system - Versions diffs - 7.1.4 → 7.3.0 - Mend

@gotgenes/pi-permission-system 7.1.4 → 7.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

package/CHANGELOG.md +26 -0
package/package.json +2 -2
package/src/active-agent.ts +1 -1
package/src/bash-arity.ts +1 -0
package/src/config-modal.ts +2 -0
package/src/forwarded-permissions/io.ts +4 -2
package/src/forwarded-permissions/polling.ts +22 -9
package/src/forwarding-manager.ts +3 -1
package/src/handlers/before-agent-start.ts +7 -6
package/src/handlers/gates/bash-path-extractor.ts +3 -5
package/src/handlers/gates/bash-path.ts +1 -1
package/src/handlers/gates/runner.ts +3 -0
package/src/handlers/lifecycle.ts +9 -8
package/src/handlers/permission-gate-handler.ts +12 -7
package/src/index.ts +19 -1
package/src/logging.ts +3 -0
package/src/node-modules-discovery.ts +1 -1
package/src/normalize.ts +1 -0
package/src/permission-event-rpc.ts +2 -0
package/src/permission-forwarding.ts +15 -0
package/src/permission-manager.ts +7 -6
package/src/permission-merge.ts +4 -2
package/src/permission-prompter.ts +7 -0
package/src/permission-prompts.ts +1 -1
package/src/policy-loader.ts +5 -5
package/src/service.ts +37 -1
package/src/skill-prompt-sanitizer.ts +3 -3
package/src/subagent-context.ts +14 -1
package/src/subagent-registry.ts +60 -0
package/src/tool-registry.ts +1 -1
package/src/yolo-mode.ts +2 -1
package/test/config-modal.test.ts +6 -8
package/test/forwarding-manager.test.ts +1 -0
package/test/handlers/before-agent-start.test.ts +1 -1
package/test/handlers/external-directory-integration.test.ts +1 -1
package/test/handlers/gates/skill-read.test.ts +8 -10
package/test/handlers/gates/tool.test.ts +1 -1
package/test/handlers/input-events.test.ts +1 -1
package/test/handlers/input.test.ts +1 -1
package/test/handlers/tool-call-events.test.ts +1 -1
package/test/handlers/tool-call.test.ts +1 -1
package/test/permission-event-rpc.test.ts +1 -0
package/test/permission-events.test.ts +2 -0
package/test/permission-forwarding.test.ts +98 -0
package/test/permission-manager-unified.test.ts +4 -2
package/test/permission-session.test.ts +2 -2
package/test/permission-system.test.ts +8 -8
package/test/service.test.ts +100 -6
package/test/subagent-context.test.ts +65 -0
package/test/subagent-registry.test.ts +94 -0

package/test/permission-system.test.ts CHANGED Viewed

@@ -112,6 +112,7 @@ type ExtensionHarnessOptions = {
 const INHERITED_SUBAGENT_ENV_KEYS = [
   ...SUBAGENT_ENV_HINT_KEYS,
+  // eslint-disable-next-line @typescript-eslint/no-deprecated -- test uses deprecated alias intentionally
   SUBAGENT_PARENT_SESSION_ENV_KEY,
 ] as const;
@@ -121,6 +122,7 @@ async function withIsolatedSubagentEnv<T>(
   const originalValues = new Map<string, string | undefined>();
   for (const key of INHERITED_SUBAGENT_ENV_KEYS) {
     originalValues.set(key, process.env[key]);
+    // eslint-disable-next-line @typescript-eslint/no-dynamic-delete -- process.env cleanup requires dynamic delete
     delete process.env[key];
   }
@@ -129,6 +131,7 @@ async function withIsolatedSubagentEnv<T>(
   } finally {
     for (const [key, value] of originalValues.entries()) {
       if (value === undefined) {
+        // eslint-disable-next-line @typescript-eslint/no-dynamic-delete -- process.env cleanup requires dynamic delete
         delete process.env[key];
       } else {
         process.env[key] = value;
@@ -143,7 +146,7 @@ function createToolCallHarness(
   options: ExtensionHarnessOptions = {},
 ): ExtensionHarness {
   const baseDir = mkdtempSync(join(tmpdir(), "pi-permission-system-runtime-"));
-  const cwd = options.cwd || baseDir;
+  const cwd = options.cwd ?? baseDir;
   const prompts: string[] = [];
   const handlers: Record<string, MockHandler> = {};
   const originalAgentDir = process.env.PI_CODING_AGENT_DIR;
@@ -188,10 +191,7 @@ function createToolCallHarness(
     prompts,
     cleanup: async (): Promise<void> => {
       await Promise.resolve(
-        handlers.session_shutdown?.(
-          {},
-          createMockContext(cwd, prompts, options),
-        ),
+        handlers.session_shutdown({}, createMockContext(cwd, prompts, options)),
       );
       rmSync(baseDir, { recursive: true, force: true });
     },
@@ -236,7 +236,7 @@ async function runToolCall(
       handler(event, createMockContext(harness.cwd, harness.prompts, options)),
     ),
   );
-  return (result ?? {}) as Record<string, unknown>;
+  return result ?? {};
 }
 test("Yolo mode only auto-approves ask-state permissions", () => {
@@ -1515,7 +1515,7 @@ test("REGRESSION: resolveSkillPromptEntries sanitizes every available_skills blo
     expect(result.prompt).not.toContain("denied-skill");
     expect(result.prompt).toContain("visible-skill");
-    expect((result.prompt.match(/<available_skills>/g) || []).length).toBe(1);
+    expect((result.prompt.match(/<available_skills>/g) ?? []).length).toBe(1);
     expect(result.entries.map((entry) => entry.name)).toEqual([
       "visible-skill",
     ]);
@@ -2371,7 +2371,7 @@ test("session approval: session_shutdown clears session approvals", async () =>
       hasUI: true,
       selectResponse: "Yes",
     });
-    await Promise.resolve(harness.handlers.session_shutdown?.({}, shutdownCtx));
+    await Promise.resolve(harness.handlers.session_shutdown({}, shutdownCtx));
     // Access same path again — should prompt because cache was cleared
     const result = await runToolCall(

package/test/service.test.ts CHANGED Viewed

@@ -6,6 +6,7 @@ import {
   publishPermissionsService,
   unpublishPermissionsService,
 } from "#src/service";
+import { SubagentSessionRegistry } from "#src/subagent-registry";
 import type { PermissionCheckResult } from "#src/types";
 // ── helpers ────────────────────────────────────────────────────────────────
@@ -15,6 +16,9 @@ function makeService(
 ): PermissionsService {
   return {
     checkPermission: vi.fn(),
+    registerSubagentSession: vi.fn(),
+    unregisterSubagentSession: vi.fn(),
+    getToolPermission: vi.fn(),
     ...overrides,
   };
 }
@@ -85,12 +89,12 @@ describe("service adapter delegation", () => {
     ];
     // Build the adapter the same way index.ts will
-    const service: PermissionsService = {
+    const service = makeService({
       checkPermission(surface, value, agentName) {
         const input = buildInputForSurface(surface, value);
         return checkPermission(surface, input, agentName, sessionRules);
       },
-    };
+    });
     publishPermissionsService(service);
     const retrieved = getPermissionsService()!;
@@ -108,12 +112,12 @@ describe("service adapter delegation", () => {
   it("checkPermission passes agentName through", () => {
     const checkPermission = vi.fn().mockReturnValue(fakeResult);
-    const service: PermissionsService = {
+    const service = makeService({
       checkPermission(surface, value, agentName) {
         const input = buildInputForSurface(surface, value);
         return checkPermission(surface, input, agentName, []);
       },
-    };
+    });
     publishPermissionsService(service);
     getPermissionsService()!.checkPermission("skill", "my-skill", "Explore");
@@ -126,15 +130,105 @@ describe("service adapter delegation", () => {
     );
   });
+  it("registerSubagentSession delegates to the registry", () => {
+    const registry = new SubagentSessionRegistry();
+    const service: PermissionsService = {
+      checkPermission: vi.fn(),
+      registerSubagentSession(key, info) {
+        registry.register(key, info);
+      },
+      unregisterSubagentSession(key) {
+        registry.unregister(key);
+      },
+      getToolPermission: vi.fn((): "allow" => "allow"),
+    };
+    publishPermissionsService(service);
+    getPermissionsService()!.registerSubagentSession("/sessions/task-1", {
+      agentName: "Explore",
+      parentSessionId: "parent-abc",
+    });
+    expect(registry.has("/sessions/task-1")).toBe(true);
+    expect(registry.get("/sessions/task-1")).toEqual({
+      agentName: "Explore",
+      parentSessionId: "parent-abc",
+    });
+  });
+  it("unregisterSubagentSession delegates to the registry", () => {
+    const registry = new SubagentSessionRegistry();
+    const service: PermissionsService = {
+      checkPermission: vi.fn(),
+      registerSubagentSession(key, info) {
+        registry.register(key, info);
+      },
+      unregisterSubagentSession(key) {
+        registry.unregister(key);
+      },
+      getToolPermission: vi.fn((): "allow" => "allow"),
+    };
+    publishPermissionsService(service);
+    const svc = getPermissionsService()!;
+    svc.registerSubagentSession("/sessions/task-1", { agentName: "Explore" });
+    svc.unregisterSubagentSession("/sessions/task-1");
+    expect(registry.has("/sessions/task-1")).toBe(false);
+  });
+  it("getToolPermission delegates to the permission manager", () => {
+    const getToolPermissionFn = vi.fn(
+      (_t: string, _a?: string): "deny" => "deny",
+    );
+    const service: PermissionsService = {
+      checkPermission: vi.fn(),
+      registerSubagentSession: vi.fn(),
+      unregisterSubagentSession: vi.fn(),
+      getToolPermission(toolName, agentName) {
+        return getToolPermissionFn(toolName, agentName);
+      },
+    };
+    publishPermissionsService(service);
+    const result = getPermissionsService()!.getToolPermission(
+      "bash",
+      "Explore",
+    );
+    expect(result).toBe("deny");
+    expect(getToolPermissionFn).toHaveBeenCalledWith("bash", "Explore");
+  });
+  it("getToolPermission works without agentName", () => {
+    const getToolPermissionFn = vi.fn(
+      (_t: string, _a?: string): "ask" => "ask",
+    );
+    const service: PermissionsService = {
+      checkPermission: vi.fn(),
+      registerSubagentSession: vi.fn(),
+      unregisterSubagentSession: vi.fn(),
+      getToolPermission(toolName, agentName) {
+        return getToolPermissionFn(toolName, agentName);
+      },
+    };
+    publishPermissionsService(service);
+    const result = getPermissionsService()!.getToolPermission("write");
+    expect(result).toBe("ask");
+    expect(getToolPermissionFn).toHaveBeenCalledWith("write", undefined);
+  });
   it("checkPermission uses empty object for unknown surfaces", () => {
     const checkPermission = vi.fn().mockReturnValue(fakeResult);
-    const service: PermissionsService = {
+    const service = makeService({
       checkPermission(surface, value, agentName) {
         const input = buildInputForSurface(surface, value);
         return checkPermission(surface, input, agentName, []);
       },
-    };
+    });
     publishPermissionsService(service);
     getPermissionsService()!.checkPermission("read", "/tmp/file");

package/test/subagent-context.test.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import {
   isSubagentExecutionContext,
   normalizeFilesystemPath,
 } from "#src/subagent-context";
+import { SubagentSessionRegistry } from "#src/subagent-registry";
 afterEach(() => {
   vi.unstubAllEnvs();
@@ -197,3 +198,67 @@ describe("isSubagentExecutionContext — session dir detection", () => {
     expect(isSubagentExecutionContext(makeCtx(""), subagentRoot)).toBe(false);
   });
 });
+describe("isSubagentExecutionContext — registry detection", () => {
+  const subagentRoot = "/home/user/.pi/agent/sessions/subagents";
+  const outsideDir =
+    "/home/user/projects/my-app/.pi/agent/sessions/parent/tasks";
+  test("returns true when session dir is registered (no env vars, outside filesystem root)", () => {
+    const registry = new SubagentSessionRegistry();
+    registry.register(outsideDir, { agentName: "Explore" });
+    expect(
+      isSubagentExecutionContext(makeCtx(outsideDir), subagentRoot, registry),
+    ).toBe(true);
+  });
+  test("returns true when registered session has a parentSessionId", () => {
+    const registry = new SubagentSessionRegistry();
+    registry.register(outsideDir, {
+      agentName: "Plan",
+      parentSessionId: "parent-123",
+    });
+    expect(
+      isSubagentExecutionContext(makeCtx(outsideDir), subagentRoot, registry),
+    ).toBe(true);
+  });
+  test("returns false when registry is provided but session dir is not registered", () => {
+    const registry = new SubagentSessionRegistry();
+    expect(
+      isSubagentExecutionContext(makeCtx(outsideDir), subagentRoot, registry),
+    ).toBe(false);
+  });
+  test("returns false when session dir is null and registry has no matching entry", () => {
+    const registry = new SubagentSessionRegistry();
+    expect(
+      isSubagentExecutionContext(makeCtx(null), subagentRoot, registry),
+    ).toBe(false);
+  });
+  test("registry check takes priority over env var detection", () => {
+    // Registry says registered; env var not set — should still return true.
+    const registry = new SubagentSessionRegistry();
+    registry.register(outsideDir, { agentName: "Explore" });
+    // Confirm no env var is set
+    expect(process.env.PI_IS_SUBAGENT).toBeUndefined();
+    expect(
+      isSubagentExecutionContext(makeCtx(outsideDir), subagentRoot, registry),
+    ).toBe(true);
+  });
+  test("unregistered session falls through to env var detection", () => {
+    vi.stubEnv("PI_IS_SUBAGENT", "true");
+    const registry = new SubagentSessionRegistry(); // empty — outsideDir not registered
+    // Env var present → still true even without registry entry
+    expect(
+      isSubagentExecutionContext(makeCtx(outsideDir), subagentRoot, registry),
+    ).toBe(true);
+  });
+  test("no registry passed — existing behaviour unchanged", () => {
+    // Ensure the parameter is truly optional (no registry arg)
+    expect(isSubagentExecutionContext(makeCtx(null), subagentRoot)).toBe(false);
+  });
+});

package/test/subagent-registry.test.ts ADDED Viewed

@@ -0,0 +1,94 @@
+import { describe, expect, test } from "vitest";
+import {
+  type SubagentSessionInfo,
+  SubagentSessionRegistry,
+} from "#src/subagent-registry";
+function makeInfo(
+  overrides: Partial<SubagentSessionInfo> = {},
+): SubagentSessionInfo {
+  return {
+    agentName: "Explore",
+    ...overrides,
+  };
+}
+describe("SubagentSessionRegistry", () => {
+  test("has() returns false for an unregistered key", () => {
+    const registry = new SubagentSessionRegistry();
+    expect(registry.has("/sessions/task-abc")).toBe(false);
+  });
+  test("get() returns undefined for an unregistered key", () => {
+    const registry = new SubagentSessionRegistry();
+    expect(registry.get("/sessions/task-abc")).toBeUndefined();
+  });
+  test("has() returns true after register()", () => {
+    const registry = new SubagentSessionRegistry();
+    registry.register("/sessions/task-abc", makeInfo());
+    expect(registry.has("/sessions/task-abc")).toBe(true);
+  });
+  test("get() returns the registered info after register()", () => {
+    const registry = new SubagentSessionRegistry();
+    const info = makeInfo({ parentSessionId: "parent-123" });
+    registry.register("/sessions/task-abc", info);
+    expect(registry.get("/sessions/task-abc")).toEqual(info);
+  });
+  test("register() stores agentName without parentSessionId", () => {
+    const registry = new SubagentSessionRegistry();
+    registry.register("/sessions/task-abc", makeInfo());
+    expect(registry.get("/sessions/task-abc")).toEqual({
+      agentName: "Explore",
+    });
+  });
+  test("has() returns false after unregister()", () => {
+    const registry = new SubagentSessionRegistry();
+    registry.register("/sessions/task-abc", makeInfo());
+    registry.unregister("/sessions/task-abc");
+    expect(registry.has("/sessions/task-abc")).toBe(false);
+  });
+  test("get() returns undefined after unregister()", () => {
+    const registry = new SubagentSessionRegistry();
+    registry.register("/sessions/task-abc", makeInfo());
+    registry.unregister("/sessions/task-abc");
+    expect(registry.get("/sessions/task-abc")).toBeUndefined();
+  });
+  test("unregister() is a no-op for an unknown key", () => {
+    const registry = new SubagentSessionRegistry();
+    expect(() => registry.unregister("/sessions/nonexistent")).not.toThrow();
+  });
+  test("register() overwrites a previous entry for the same key", () => {
+    const registry = new SubagentSessionRegistry();
+    registry.register(
+      "/sessions/task-abc",
+      makeInfo({ parentSessionId: "parent-1" }),
+    );
+    registry.register(
+      "/sessions/task-abc",
+      makeInfo({ parentSessionId: "parent-2" }),
+    );
+    expect(registry.get("/sessions/task-abc")?.parentSessionId).toBe(
+      "parent-2",
+    );
+  });
+  test("multiple keys are independent", () => {
+    const registry = new SubagentSessionRegistry();
+    registry.register("/sessions/task-1", makeInfo({ agentName: "Explore" }));
+    registry.register("/sessions/task-2", makeInfo({ agentName: "Plan" }));
+    expect(registry.get("/sessions/task-1")?.agentName).toBe("Explore");
+    expect(registry.get("/sessions/task-2")?.agentName).toBe("Plan");
+    registry.unregister("/sessions/task-1");
+    expect(registry.has("/sessions/task-1")).toBe(false);
+    expect(registry.has("/sessions/task-2")).toBe(true);
+  });
+});