@gotgenes/pi-permission-system 7.3.0 → 7.3.2

package/CHANGELOG.md

@@ -5,6 +5,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [7.3.2](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v7.3.1...pi-permission-system-v7.3.2) (2026-05-27)
+
+
+### Documentation
+
+* replace \n with <br/> in Mermaid node labels ([3312a45](https://github.com/gotgenes/pi-packages/commit/3312a4559100cf9ae923f67819653b5a99fceb12))
+
+## [7.3.1](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v7.3.0...pi-permission-system-v7.3.1) (2026-05-26)
+
+
+### Bug Fixes
+
+* resolve pre-existing lint errors in pi-autoformat and pi-permission-system ([68fd516](https://github.com/gotgenes/pi-packages/commit/68fd516e33ddbb9a5e37ef19e949ee9ecdc37252))
+
+
+### Documentation
+
+* update subagent integration docs for native permission bridge ([#101](https://github.com/gotgenes/pi-packages/issues/101)) ([0bd456b](https://github.com/gotgenes/pi-packages/commit/0bd456befa8ea6918e74f4393d844868795edc77))
+
 ## [7.3.0](https://github.com/gotgenes/pi-packages/compare/pi-permission-system-v7.2.0...pi-permission-system-v7.3.0) (2026-05-25)
 
 

package/README.md

@@ -20,6 +20,7 @@ Permission enforcement extension for the [Pi](https://pi.mariozechner.at/) codin
 - **Protects sensitive file patterns** — cross-cutting `path` rules deny `.env`, `~/.ssh/*`, etc. across all tools and bash at once
 - **Guards external paths** — prompts before file tools or bash commands reach outside `cwd`
 - **Forwards prompts from subagents** — `ask` policies work even in non-UI execution contexts
+- **Native [`@gotgenes/pi-subagents`](https://github.com/gotgenes/pi-subagents) integration** — in-process child sessions register with the permission system automatically, enabling per-agent policy enforcement and `ask`-state forwarding to the parent UI without configuration
 
 ## Install
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gotgenes/pi-permission-system",
-  "version": "7.3.0",
+  "version": "7.3.2",
   "description": "Permission enforcement extension for the Pi coding agent.",
   "type": "module",
   "exports": {

package/src/extension-config.ts

@@ -1,4 +1,4 @@
-import { existsSync, mkdirSync } from "node:fs";
+import { mkdirSync } from "node:fs";
 import { dirname, join } from "node:path";
 import { fileURLToPath } from "node:url";
 

package/src/handlers/before-agent-start.ts

@@ -50,11 +50,10 @@ export class AgentPrepHandler {
     event: BeforeAgentStartPayload,
     ctx: ExtensionContext,
   ): Promise<BeforeAgentStartEventResult> {
-    const { session } = this;
-    session.activate(ctx);
-    session.refreshConfig(ctx);
+    this.session.activate(ctx);
+    this.session.refreshConfig(ctx);
 
-    const agentName = session.resolveAgentName(ctx, event.systemPrompt);
+    const agentName = this.session.resolveAgentName(ctx, event.systemPrompt);
     const allTools = this.toolRegistry.getAll();
     const allowedTools: string[] = [];
 
@@ -65,7 +64,7 @@ export class AgentPrepHandler {
       }
       if (
         shouldExposeTool(toolName, agentName, (t, a) =>
-          session.getToolPermission(t, a),
+          this.session.getToolPermission(t, a),
         )
       ) {
         allowedTools.push(toolName);
@@ -73,24 +72,24 @@ export class AgentPrepHandler {
     }
 
     const activeToolsCacheKey = createActiveToolsCacheKey(allowedTools);
-    if (session.shouldUpdateActiveTools(activeToolsCacheKey)) {
+    if (this.session.shouldUpdateActiveTools(activeToolsCacheKey)) {
       this.toolRegistry.setActive(allowedTools);
-      session.commitActiveToolsCacheKey(activeToolsCacheKey);
+      this.session.commitActiveToolsCacheKey(activeToolsCacheKey);
     }
 
     const promptStateCacheKey = createBeforeAgentStartPromptStateKey({
       agentName,
       cwd: ctx.cwd,
-      permissionStamp: session.getPolicyCacheStamp(agentName ?? undefined),
+      permissionStamp: this.session.getPolicyCacheStamp(agentName ?? undefined),
       systemPrompt: event.systemPrompt,
       allowedToolNames: allowedTools,
     });
 
-    if (!session.shouldUpdatePromptState(promptStateCacheKey)) {
+    if (!this.session.shouldUpdatePromptState(promptStateCacheKey)) {
       return {};
     }
 
-    session.commitPromptStateCacheKey(promptStateCacheKey);
+    this.session.commitPromptStateCacheKey(promptStateCacheKey);
 
     const toolPromptResult = sanitizeAvailableToolsSection(
       event.systemPrompt,
@@ -98,11 +97,11 @@ export class AgentPrepHandler {
     );
     const skillPromptResult = resolveSkillPromptEntries(
       toolPromptResult.prompt,
-      session,
+      this.session,
       agentName,
       ctx.cwd,
     );
-    session.setActiveSkillEntries(skillPromptResult.entries);
+    this.session.setActiveSkillEntries(skillPromptResult.entries);
 
     if (skillPromptResult.prompt !== event.systemPrompt) {
       return { systemPrompt: skillPromptResult.prompt };

package/src/handlers/gates/bash-path-extractor.ts

@@ -48,14 +48,6 @@ function getParser(): Promise<TSParser> {
   return parserPromise;
 }
 
-/**
- * Reset the cached parser promise.  Only used by tests to avoid
- * cross-test pollution or to inject a mock parser.
- */
-function resetParserForTesting(): void {
-  parserPromise = null;
-}
-
 // ── AST walker ─────────────────────────────────────────────────────────────
 
 /**

package/src/handlers/lifecycle.ts

@@ -30,19 +30,18 @@ export class SessionLifecycleHandler {
     event: SessionStartPayload,
     ctx: ExtensionContext,
   ): Promise<void> {
-    const { session } = this;
-    session.refreshConfig(ctx);
-    session.resetForNewSession(ctx);
-    session.logResolvedConfigPaths();
+    this.session.refreshConfig(ctx);
+    this.session.resetForNewSession(ctx);
+    this.session.logResolvedConfigPaths();
 
-    const agentName = session.resolveAgentName(ctx);
-    const policyIssues = session.getConfigIssues(agentName ?? undefined);
+    const agentName = this.session.resolveAgentName(ctx);
+    const policyIssues = this.session.getConfigIssues(agentName ?? undefined);
     for (const issue of policyIssues) {
-      session.logger.warn(issue);
+      this.session.logger.warn(issue);
     }
 
     if (event.reason === "reload") {
-      session.logger.debug("lifecycle.reload", {
+      this.session.logger.debug("lifecycle.reload", {
         triggeredBy: "session_start",
         reason: event.reason,
         cwd: ctx.cwd,
@@ -56,23 +55,21 @@ export class SessionLifecycleHandler {
       return Promise.resolve();
     }
 
-    const { session } = this;
-    session.reload();
-    session.logger.debug("lifecycle.reload", {
+    this.session.reload();
+    this.session.logger.debug("lifecycle.reload", {
       triggeredBy: "resources_discover",
       reason: event.reason,
-      cwd: session.getRuntimeContext()?.cwd ?? null,
+      cwd: this.session.getRuntimeContext()?.cwd ?? null,
     });
     return Promise.resolve();
   }
 
   handleSessionShutdown(): Promise<void> {
-    const { session } = this;
-    const ctx = session.getRuntimeContext();
+    const ctx = this.session.getRuntimeContext();
     if (ctx) {
       ctx.ui.setStatus(PERMISSION_SYSTEM_STATUS_KEY, undefined);
     }
-    session.shutdown();
+    this.session.shutdown();
     this.cleanupRpc();
     return Promise.resolve();
   }

package/src/handlers/permission-gate-handler.ts

@@ -56,10 +56,9 @@ export class PermissionGateHandler {
     event: unknown,
     ctx: ExtensionContext,
   ): Promise<{ block?: true; reason?: string }> {
-    const { session } = this;
-    session.activate(ctx);
+    this.session.activate(ctx);
 
-    const agentName = session.resolveAgentName(ctx);
+    const agentName = this.session.resolveAgentName(ctx);
     const toolName = getToolNameFromValue(event);
 
     if (!toolName) {
@@ -99,22 +98,22 @@ export class PermissionGateHandler {
     };
 
     // ── Shared gate adapter closures ─────────────────────────────────────
-    const canConfirm = () => session.canPrompt(ctx);
+    const canConfirm = () => this.session.canPrompt(ctx);
     const promptPermission = (details: PromptPermissionDetails) =>
-      session.prompt(ctx, details);
+      this.session.prompt(ctx, details);
     const emitDecision: GateRunnerDeps["emitDecision"] = (e) =>
       emitDecisionEvent(this.events, e);
     // eslint-disable-next-line @typescript-eslint/unbound-method -- logger.review is a plain function closure; no this-binding issue
-    const writeReviewLog = session.logger.review;
+    const writeReviewLog = this.session.logger.review;
     const checkPermission: GateRunnerDeps["checkPermission"] = (
       surface,
       input,
       agent,
       sessionRules,
-    ) => session.checkPermission(surface, input, agent, sessionRules);
-    const getSessionRuleset = () => session.getSessionRuleset();
+    ) => this.session.checkPermission(surface, input, agent, sessionRules);
+    const getSessionRuleset = () => this.session.getSessionRuleset();
     const approveSessionRule = (surface: string, pattern: string) =>
-      session.approveSessionRule(surface, pattern);
+      this.session.approveSessionRule(surface, pattern);
 
     // ── Shared runner deps (built once, reused for all gates) ────────────
     const runnerDeps: GateRunnerDeps = {
@@ -129,7 +128,7 @@ export class PermissionGateHandler {
 
     // ── Skill-read gate (descriptor + runner) ───────────────────────────────
     const skillDescriptor = describeSkillReadGate(tcc, () =>
-      session.getActiveSkillEntries(),
+      this.session.getActiveSkillEntries(),
     );
     if (skillDescriptor) {
       const skillResult = await runGateCheck(
@@ -165,8 +164,8 @@ export class PermissionGateHandler {
 
     // ── External-directory gate (descriptor + runner) ────────────────────────
     const infraDirs = [
-      ...session.getInfrastructureDirs(),
-      ...session.getInfrastructureReadPaths(),
+      ...this.session.getInfrastructureDirs(),
+      ...this.session.getInfrastructureReadPaths(),
     ];
     const extDirDesc = describeExternalDirectoryGate(tcc, infraDirs);
     if (extDirDesc) {
@@ -264,16 +263,15 @@ export class PermissionGateHandler {
     event: InputPayload,
     ctx: ExtensionContext,
   ): Promise<InputEventResult> {
-    const { session } = this;
-    session.activate(ctx);
+    this.session.activate(ctx);
 
     const skillName = extractSkillNameFromInput(event.text);
     if (!skillName) {
       return { action: "continue" };
     }
 
-    const agentName = session.resolveAgentName(ctx);
-    const check = session.checkPermission(
+    const agentName = this.session.resolveAgentName(ctx);
+    const check = this.session.checkPermission(
       "skill",
       { name: skillName },
       agentName ?? undefined,
@@ -290,14 +288,14 @@ export class PermissionGateHandler {
       skillName,
       agentName ?? undefined,
     );
-    const skillInputCanConfirm = session.canPrompt(ctx);
+    const skillInputCanConfirm = this.session.canPrompt(ctx);
     let skillInputAutoApproved = false;
     const skillInputGate = await applyPermissionGate({
       state: check.state,
       canConfirm: skillInputCanConfirm,
       promptForApproval: async () => {
-        const decision = await session.prompt(ctx, {
-          requestId: session.createPermissionRequestId("skill-input"),
+        const decision = await this.session.prompt(ctx, {
+          requestId: this.session.createPermissionRequestId("skill-input"),
           source: "skill_input",
           agentName,
           message: skillInputMessage,
@@ -307,7 +305,7 @@ export class PermissionGateHandler {
         return decision;
       },
       // eslint-disable-next-line @typescript-eslint/unbound-method -- logger.review is a plain function closure; no this-binding issue
-      writeLog: session.logger.review,
+      writeLog: this.session.logger.review,
       logContext: {
         source: "skill_input",
         skillName,

package/src/permission-dialog.ts

@@ -25,12 +25,6 @@ const APPROVE_OPTION = "Yes";
 const APPROVE_FOR_SESSION_OPTION = "Yes, for this session";
 const DENY_OPTION = "No";
 const DENY_WITH_REASON_OPTION = "No, provide reason";
-const PERMISSION_DECISION_OPTIONS = [
-  APPROVE_OPTION,
-  APPROVE_FOR_SESSION_OPTION,
-  DENY_OPTION,
-  DENY_WITH_REASON_OPTION,
-] as const;
 
 export function normalizePermissionDenialReason(
   value: unknown,

package/src/permission-manager.ts

@@ -120,7 +120,7 @@ export class PermissionManager {
           // existing patterns from lower scopes keep their earlier origin.
           if (!origins.has(surface)) origins.set(surface, new Map());
           for (const pattern of Object.keys(value)) {
-            origins.get(surface)!.set(pattern, scopeName);
+            origins.get(surface)?.set(pattern, scopeName);
           }
         } else {
           // Full replacement: this scope takes over the entire surface entry.

package/src/permission-merge.ts

@@ -1,4 +1,4 @@
-import type { FlatPermissionConfig, PermissionState } from "./types";
+import type { FlatPermissionConfig } from "./types";
 
 /**
  * Deep-shallow merge two flat permission configs.

package/src/skill-prompt-sanitizer.ts

@@ -92,33 +92,6 @@ function parseSkillEntries(sectionBody: string): ParsedSkillPromptEntry[] {
   return entries;
 }
 
-function parseSkillPromptSection(prompt: string): SkillPromptSection | null {
-  const start = prompt.indexOf(AVAILABLE_SKILLS_OPEN_TAG);
-  if (start === -1) {
-    return null;
-  }
-
-  const closeStart = prompt.indexOf(
-    AVAILABLE_SKILLS_CLOSE_TAG,
-    start + AVAILABLE_SKILLS_OPEN_TAG.length,
-  );
-  if (closeStart === -1) {
-    return null;
-  }
-
-  const end = closeStart + AVAILABLE_SKILLS_CLOSE_TAG.length;
-  const sectionBody = prompt.slice(
-    start + AVAILABLE_SKILLS_OPEN_TAG.length,
-    closeStart,
-  );
-
-  return {
-    start,
-    end,
-    entries: parseSkillEntries(sectionBody),
-  };
-}
-
 export function parseAllSkillPromptSections(
   prompt: string,
 ): SkillPromptSection[] {

package/src/types.ts

@@ -14,17 +14,6 @@ export type FlatPermissionConfig = Record<
   PermissionState | Record<string, PermissionState>
 >;
 
-type BuiltInToolName =
-  | "bash"
-  | "read"
-  | "write"
-  | "edit"
-  | "grep"
-  | "find"
-  | "ls";
-
-type SpecialPermissionName = "external_directory";
-
 /**
  * Per-scope permission config shape after loading and validation.
  * Holds only the flat permission map — all policy is expressed there.

package/test/handlers/before-agent-start.test.ts

@@ -7,7 +7,6 @@ import {
 } from "#src/handlers/before-agent-start";
 import type { PermissionSession } from "#src/permission-session";
 import type { ToolRegistry } from "#src/tool-registry";
-import type { PermissionState } from "#src/types";
 
 // ── SDK stubs ──────────────────────────────────────────────────────────────
 vi.mock("@earendil-works/pi-coding-agent", async (importOriginal) => {

package/test/handlers/gates/bash-external-directory.test.ts

@@ -101,12 +101,15 @@ describe("describeBashExternalDirectoryGate", () => {
   it("uses config-level checkPermission for the policy state", async () => {
     const checkPermission = vi
       .fn()
-      .mockImplementation((surface: string, input: Record<string, unknown>) => {
-        // Path-specific check returns session for coverage filtering
-        if (input.path) return makeCheckResult("allow", { source: "special" });
-        // Config-level check (no path) returns deny
-        return makeCheckResult("deny");
-      });
+      .mockImplementation(
+        (_surface: string, input: Record<string, unknown>) => {
+          // Path-specific check returns session for coverage filtering
+          if (input.path)
+            return makeCheckResult("allow", { source: "special" });
+          // Config-level check (no path) returns deny
+          return makeCheckResult("deny");
+        },
+      );
     const result = await describeBashExternalDirectoryGate(
       makeTcc(),
       checkPermission,
@@ -172,12 +175,14 @@ describe("describeBashExternalDirectoryGate", () => {
   it("only includes uncovered paths when some are session-covered", async () => {
     const checkPermission = vi
       .fn()
-      .mockImplementation((surface: string, input: Record<string, unknown>) => {
-        if (input.path === "/outside/a.ts") {
-          return makeCheckResult("allow", { source: "session" });
-        }
-        return makeCheckResult("ask");
-      });
+      .mockImplementation(
+        (_surface: string, input: Record<string, unknown>) => {
+          if (input.path === "/outside/a.ts") {
+            return makeCheckResult("allow", { source: "session" });
+          }
+          return makeCheckResult("ask");
+        },
+      );
     const result = await describeBashExternalDirectoryGate(
       makeTcc({ input: { command: "diff /outside/a.ts /outside/b.ts" } }),
       checkPermission,

package/test/handlers/gates/skill-read.test.ts

@@ -1,6 +1,4 @@
 import { describe, expect, it, vi } from "vitest";
-
-import type { GateDescriptor } from "#src/handlers/gates/descriptor";
 import { describeSkillReadGate } from "#src/handlers/gates/skill-read";
 import type { ToolCallContext } from "#src/handlers/gates/types";
 import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";

package/test/handlers/input-events.test.ts

@@ -9,7 +9,6 @@ import type { PermissionDecisionEvent } from "#src/permission-events";
 import { PERMISSIONS_DECISION_CHANNEL } from "#src/permission-events";
 import type { PermissionSession } from "#src/permission-session";
 import type { ToolRegistry } from "#src/tool-registry";
-import type { PermissionState } from "#src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 

package/test/handlers/input.test.ts

@@ -7,7 +7,6 @@ import {
 } from "#src/handlers/permission-gate-handler";
 import type { PermissionSession } from "#src/permission-session";
 import type { ToolRegistry } from "#src/tool-registry";
-import type { PermissionState } from "#src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 

package/test/handlers/tool-call-events.test.ts

@@ -10,7 +10,7 @@ import type { PermissionDecisionEvent } from "#src/permission-events";
 import { PERMISSIONS_DECISION_CHANNEL } from "#src/permission-events";
 import type { PermissionSession } from "#src/permission-session";
 import type { ToolRegistry } from "#src/tool-registry";
-import type { PermissionCheckResult, PermissionState } from "#src/types";
+import type { PermissionCheckResult } from "#src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 

package/test/handlers/tool-call.test.ts

@@ -7,7 +7,7 @@ import {
 } from "#src/handlers/permission-gate-handler";
 import type { PermissionSession } from "#src/permission-session";
 import type { ToolRegistry } from "#src/tool-registry";
-import type { PermissionCheckResult, PermissionState } from "#src/types";
+import type { PermissionCheckResult } from "#src/types";
 
 // ── SDK stubs ──────────────────────────────────────────────────────────────
 vi.mock("@earendil-works/pi-coding-agent", async (importOriginal) => {

package/test/permission-events.test.ts

@@ -264,7 +264,7 @@ describe("piPermissionSystemExtension ready event wiring", () => {
     mkdirSync(join(baseDir, "agents"), { recursive: true });
     writeFileSync(
       globalConfigPath,
-      JSON.stringify({ permission: { "*": "ask" } }) + "\n",
+      `${JSON.stringify({ permission: { "*": "ask" } })}\n`,
       "utf8",
     );
     process.env.PI_CODING_AGENT_DIR = baseDir;

package/test/permission-session.test.ts

@@ -38,7 +38,6 @@ import {
 } from "#src/permission-session";
 import type { SessionLogger } from "#src/session-logger";
 import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
-import type { PermissionCheckResult } from "#src/types";
 
 function makeSkillEntry(
   name: string,