@gotgenes/pi-permission-system 7.4.1 → 8.1.0

package/test/handlers/validate-requested-tool.test.ts

@@ -0,0 +1,92 @@
+import { describe, expect, it } from "vitest";
+
+import {
+  type RequestedToolValidation,
+  validateRequestedTool,
+} from "#src/handlers/permission-gate-handler";
+
+// ── helpers ────────────────────────────────────────────────────────────────
+
+function makeTools(names: string[]): { name: string }[] {
+  return names.map((name) => ({ name }));
+}
+
+const TOOLS = makeTools(["read", "bash", "edit"]);
+
+// ── validateRequestedTool ──────────────────────────────────────────────────
+
+describe("validateRequestedTool", () => {
+  describe("missing / unresolvable tool name", () => {
+    it("blocks when event has no name field", () => {
+      const result = validateRequestedTool({ type: "tool_call" }, TOOLS);
+      expect(result.status).toBe("block");
+      expect(
+        (result as Extract<RequestedToolValidation, { status: "block" }>)
+          .reason,
+      ).toBeTruthy();
+    });
+
+    it("blocks when name field is an empty string", () => {
+      const result = validateRequestedTool({ name: "" }, TOOLS);
+      expect(result.status).toBe("block");
+    });
+
+    it("blocks when name field is null", () => {
+      const result = validateRequestedTool({ name: null }, TOOLS);
+      expect(result.status).toBe("block");
+    });
+
+    it("blocks when event is a primitive", () => {
+      const result = validateRequestedTool("not-an-object", TOOLS);
+      expect(result.status).toBe("block");
+    });
+  });
+
+  describe("unregistered tool", () => {
+    it("blocks when the tool name is not in the registered list", () => {
+      const result = validateRequestedTool({ name: "unknown-tool" }, TOOLS);
+      expect(result.status).toBe("block");
+    });
+
+    it("includes available tool names in the block reason", () => {
+      const result = validateRequestedTool({ name: "unknown-tool" }, TOOLS);
+      expect(result.status).toBe("block");
+      const { reason } = result as Extract<
+        RequestedToolValidation,
+        { status: "block" }
+      >;
+      expect(reason).toContain("read");
+      expect(reason).toContain("bash");
+      expect(reason).toContain("edit");
+    });
+
+    it("blocks with empty available list when no tools are registered", () => {
+      const result = validateRequestedTool({ name: "anything" }, []);
+      expect(result.status).toBe("block");
+    });
+  });
+
+  describe("registered tool (ok path)", () => {
+    it("returns ok with the raw tool name for a known tool", () => {
+      const result = validateRequestedTool({ name: "read" }, TOOLS);
+      expect(result).toEqual({ status: "ok", toolName: "read" });
+    });
+
+    it("returns the raw name as it appeared in the event (not normalised)", () => {
+      // If an alias mechanism were to normalise "Read" → "read",
+      // validateRequestedTool still returns the raw value from the event.
+      // Without aliases the raw name and registered name are the same; this
+      // asserts the contract that toolName comes from the event, not from the
+      // registration lookup's normalizedToolName field.
+      const result = validateRequestedTool({ name: "bash" }, TOOLS);
+      expect(result).toEqual({ status: "ok", toolName: "bash" });
+    });
+
+    it("resolves tool name via the `arguments` field naming convention", () => {
+      // getToolNameFromValue reads `.name` then falls back to other fields;
+      // a plain `{ name: "edit" }` event is sufficient here.
+      const result = validateRequestedTool({ name: "edit" }, TOOLS);
+      expect(result).toEqual({ status: "ok", toolName: "edit" });
+    });
+  });
+});

package/test/permission-prompts.test.ts

@@ -1,9 +1,4 @@
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-
-// Mock tool-input-preview collaborator before importing the module under test.
-vi.mock("../src/tool-input-preview.js", () => ({
-  formatToolInputForPrompt: vi.fn(() => "mocked preview"),
-}));
+import { describe, expect, test } from "vitest";
 
 import {
   formatAskPrompt,
@@ -13,18 +8,21 @@ import {
   formatUnknownToolReason,
 } from "#src/permission-prompts";
 import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
-import { formatToolInputForPrompt } from "#src/tool-input-preview";
+import {
+  TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
+  TOOL_INPUT_PREVIEW_MAX_LENGTH,
+  TOOL_TEXT_SUMMARY_MAX_LENGTH,
+} from "#src/tool-input-preview";
+import { ToolPreviewFormatter } from "#src/tool-preview-formatter";
 import type { PermissionCheckResult } from "#src/types";
 
-const mockedFormatToolInput = vi.mocked(formatToolInputForPrompt);
-
-beforeEach(() => {
-  mockedFormatToolInput.mockReset();
-});
-
-afterEach(() => {
-  vi.restoreAllMocks();
-});
+function makeFormatter(): ToolPreviewFormatter {
+  return new ToolPreviewFormatter({
+    toolInputPreviewMaxLength: TOOL_INPUT_PREVIEW_MAX_LENGTH,
+    toolTextSummaryMaxLength: TOOL_TEXT_SUMMARY_MAX_LENGTH,
+    toolInputLogPreviewMaxLength: TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
+  });
+}
 
 function toolResult(
   toolName: string,
@@ -104,66 +102,96 @@ describe("formatUnknownToolReason", () => {
 
 describe("formatAskPrompt", () => {
   test("uses 'Current agent' when no agent name given", () => {
-    const result = formatAskPrompt(toolResult("read"), undefined, {
-      path: "/src",
-    });
+    const result = formatAskPrompt(
+      toolResult("read"),
+      undefined,
+      { path: "/src" },
+      makeFormatter(),
+    );
     expect(result).toContain("Current agent");
   });
 
   test("uses agent name when provided", () => {
-    const result = formatAskPrompt(toolResult("read"), "my-agent", {
-      path: "/src",
-    });
+    const result = formatAskPrompt(
+      toolResult("read"),
+      "my-agent",
+      { path: "/src" },
+      makeFormatter(),
+    );
     expect(result).toContain("Agent 'my-agent'");
   });
 
-  test("formats bash prompt with command and no tool-input-preview call", () => {
+  test("formats bash prompt with command and does not use formatter", () => {
     const result = formatAskPrompt(
       toolResult("bash", { command: "git status" }),
+      undefined,
+      undefined,
+      makeFormatter(),
     );
     expect(result).toContain("git status");
     expect(result).toContain("Allow this command?");
-    expect(mockedFormatToolInput).not.toHaveBeenCalled();
   });
 
   test("formats bash prompt with matched pattern", () => {
     const result = formatAskPrompt(
       toolResult("bash", { command: "git push", matchedPattern: "git *" }),
+      undefined,
+      undefined,
+      makeFormatter(),
     );
     expect(result).toContain("matched 'git *'");
   });
 
   test("formats MCP prompt with target", () => {
-    const result = formatAskPrompt(mcpResult("server:query"));
+    const result = formatAskPrompt(
+      mcpResult("server:query"),
+      undefined,
+      undefined,
+      makeFormatter(),
+    );
     expect(result).toContain("server:query");
     expect(result).toContain("Allow this call?");
-    expect(mockedFormatToolInput).not.toHaveBeenCalled();
   });
 
   test("formats MCP prompt with matched pattern", () => {
     const result = formatAskPrompt(
       mcpResult("server:query", { matchedPattern: "server:*" }),
+      undefined,
+      undefined,
+      makeFormatter(),
     );
     expect(result).toContain("matched 'server:*'");
   });
 
-  test("calls formatToolInputForPrompt for non-bash non-mcp tools", () => {
-    mockedFormatToolInput.mockReturnValue("for '/src/foo.ts'");
-    const result = formatAskPrompt(toolResult("read"), undefined, {
-      path: "/src/foo.ts",
-    });
-    expect(mockedFormatToolInput).toHaveBeenCalledWith("read", {
-      path: "/src/foo.ts",
-    });
-    expect(result).toContain("for '/src/foo.ts'");
+  test("includes real input preview for non-bash non-mcp tools", () => {
+    const result = formatAskPrompt(
+      toolResult("read"),
+      undefined,
+      { path: "/src/foo.ts" },
+      makeFormatter(),
+    );
+    expect(result).toContain("path '/src/foo.ts'");
     expect(result).toContain("Allow this call?");
   });
 
-  test("omits input suffix when formatToolInputForPrompt returns empty string", () => {
-    mockedFormatToolInput.mockReturnValue("");
-    const result = formatAskPrompt(toolResult("task"));
+  test("omits input suffix when formatter returns empty string for input", () => {
+    const result = formatAskPrompt(
+      toolResult("task"),
+      undefined,
+      {},
+      makeFormatter(),
+    );
+    expect(result).toContain("task");
+    expect(result).not.toContain("undefined");
+  });
+
+  test("omits input suffix when no formatter provided", () => {
+    const result = formatAskPrompt(toolResult("task"), undefined, {
+      path: "/src",
+    });
     expect(result).toContain("task");
     expect(result).not.toContain("undefined");
+    expect(result).toContain("Allow this call?");
   });
 });
 

package/test/service.test.ts

@@ -6,7 +6,6 @@ import {
   publishPermissionsService,
   unpublishPermissionsService,
 } from "#src/service";
-import { SubagentSessionRegistry } from "#src/subagent-registry";
 import type { PermissionCheckResult } from "#src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
@@ -16,8 +15,6 @@ function makeService(
 ): PermissionsService {
   return {
     checkPermission: vi.fn(),
-    registerSubagentSession: vi.fn(),
-    unregisterSubagentSession: vi.fn(),
     getToolPermission: vi.fn(),
     ...overrides,
   };
@@ -130,61 +127,12 @@ describe("service adapter delegation", () => {
     );
   });
 
-  it("registerSubagentSession delegates to the registry", () => {
-    const registry = new SubagentSessionRegistry();
-    const service: PermissionsService = {
-      checkPermission: vi.fn(),
-      registerSubagentSession(key, info) {
-        registry.register(key, info);
-      },
-      unregisterSubagentSession(key) {
-        registry.unregister(key);
-      },
-      getToolPermission: vi.fn((): "allow" => "allow"),
-    };
-
-    publishPermissionsService(service);
-    getPermissionsService()!.registerSubagentSession("/sessions/task-1", {
-      agentName: "Explore",
-      parentSessionId: "parent-abc",
-    });
-
-    expect(registry.has("/sessions/task-1")).toBe(true);
-    expect(registry.get("/sessions/task-1")).toEqual({
-      agentName: "Explore",
-      parentSessionId: "parent-abc",
-    });
-  });
-
-  it("unregisterSubagentSession delegates to the registry", () => {
-    const registry = new SubagentSessionRegistry();
-    const service: PermissionsService = {
-      checkPermission: vi.fn(),
-      registerSubagentSession(key, info) {
-        registry.register(key, info);
-      },
-      unregisterSubagentSession(key) {
-        registry.unregister(key);
-      },
-      getToolPermission: vi.fn((): "allow" => "allow"),
-    };
-
-    publishPermissionsService(service);
-    const svc = getPermissionsService()!;
-    svc.registerSubagentSession("/sessions/task-1", { agentName: "Explore" });
-    svc.unregisterSubagentSession("/sessions/task-1");
-
-    expect(registry.has("/sessions/task-1")).toBe(false);
-  });
-
   it("getToolPermission delegates to the permission manager", () => {
     const getToolPermissionFn = vi.fn(
       (_t: string, _a?: string): "deny" => "deny",
     );
     const service: PermissionsService = {
       checkPermission: vi.fn(),
-      registerSubagentSession: vi.fn(),
-      unregisterSubagentSession: vi.fn(),
       getToolPermission(toolName, agentName) {
         return getToolPermissionFn(toolName, agentName);
       },
@@ -206,8 +154,6 @@ describe("service adapter delegation", () => {
     );
     const service: PermissionsService = {
       checkPermission: vi.fn(),
-      registerSubagentSession: vi.fn(),
-      unregisterSubagentSession: vi.fn(),
       getToolPermission(toolName, agentName) {
         return getToolPermissionFn(toolName, agentName);
       },

package/test/tool-input-preview.test.ts

@@ -10,22 +10,15 @@ import {
   countTextLines,
   formatCount,
   formatEditInputForPrompt,
-  formatGenericToolInputForLog,
   formatReadInputForPrompt,
-  formatSearchInputForPrompt,
-  formatToolInputForPrompt,
   formatWriteInputForPrompt,
-  getPermissionLogContext,
   getPromptPath,
-  getToolInputPreviewForLog,
-  sanitizeInlineText,
   serializeToolInputPreview,
   TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
   TOOL_INPUT_PREVIEW_MAX_LENGTH,
   TOOL_TEXT_SUMMARY_MAX_LENGTH,
   truncateInlineText,
 } from "#src/tool-input-preview";
-import type { PermissionCheckResult } from "#src/types";
 
 const mockedStringify = vi.mocked(safeJsonStringify);
 
@@ -73,29 +66,6 @@ describe("truncateInlineText", () => {
   });
 });
 
-describe("sanitizeInlineText", () => {
-  test("collapses whitespace and trims", () => {
-    expect(sanitizeInlineText("  hello   world  ")).toBe("hello world");
-  });
-
-  test("returns 'empty text' for blank string", () => {
-    expect(sanitizeInlineText("")).toBe("empty text");
-    expect(sanitizeInlineText("   ")).toBe("empty text");
-  });
-
-  test("truncates to default TOOL_TEXT_SUMMARY_MAX_LENGTH", () => {
-    const long = "x".repeat(100);
-    const result = sanitizeInlineText(long);
-    expect(result.length).toBeLessThanOrEqual(TOOL_TEXT_SUMMARY_MAX_LENGTH + 1); // +1 for ellipsis char
-    expect(result).toContain("…");
-  });
-
-  test("respects custom maxLength", () => {
-    const result = sanitizeInlineText("hello world", 5);
-    expect(result).toBe("hello…");
-  });
-});
-
 describe("countTextLines", () => {
   test("returns 0 for empty string", () => {
     expect(countTextLines("")).toBe(0);
@@ -239,33 +209,6 @@ describe("formatReadInputForPrompt", () => {
   });
 });
 
-describe("formatSearchInputForPrompt", () => {
-  test("includes pattern and path", () => {
-    const result = formatSearchInputForPrompt("grep", {
-      pattern: "TODO",
-      path: "/src",
-    });
-    expect(result).toContain("pattern 'TODO'");
-    expect(result).toContain("path '/src'");
-  });
-
-  test("includes glob when present", () => {
-    const result = formatSearchInputForPrompt("find", { glob: "*.ts" });
-    expect(result).toContain("glob '*.ts'");
-  });
-
-  test("uses 'current working directory' for find/grep/ls without path", () => {
-    for (const toolName of ["find", "grep", "ls"]) {
-      const result = formatSearchInputForPrompt(toolName, {});
-      expect(result).toContain("current working directory");
-    }
-  });
-
-  test("returns empty string for other tools with no input", () => {
-    expect(formatSearchInputForPrompt("other", {})).toBe("");
-  });
-});
-
 describe("serializeToolInputPreview", () => {
   test("delegates serialization to safeJsonStringify", () => {
     mockedStringify.mockReturnValue('{"key":"value"}');
@@ -295,190 +238,3 @@ describe("serializeToolInputPreview", () => {
     expect(result).toBe('{ "key": "val" }');
   });
 });
-
-describe("formatToolInputForPrompt", () => {
-  test("dispatches 'edit' to formatEditInputForPrompt", () => {
-    mockedStringify.mockReturnValue(undefined);
-    const result = formatToolInputForPrompt("edit", {
-      path: "/foo.ts",
-      edits: [],
-    });
-    expect(result).toContain("for '/foo.ts'");
-  });
-
-  test("dispatches 'write' to formatWriteInputForPrompt", () => {
-    const result = formatToolInputForPrompt("write", {
-      path: "/out.ts",
-      content: "hi",
-    });
-    expect(result).toContain("for '/out.ts'");
-  });
-
-  test("dispatches 'read' to formatReadInputForPrompt", () => {
-    const result = formatToolInputForPrompt("read", { path: "/src/x.ts" });
-    expect(result).toContain("path '/src/x.ts'");
-  });
-
-  test("dispatches 'find'/'grep'/'ls' to formatSearchInputForPrompt", () => {
-    for (const tool of ["find", "grep", "ls"]) {
-      const result = formatToolInputForPrompt(tool, {});
-      expect(result).toContain("current working directory");
-    }
-  });
-
-  test("falls back to JSON preview for unknown tools", () => {
-    mockedStringify.mockReturnValue('{"x":1}');
-    const result = formatToolInputForPrompt("unknown", { x: 1 });
-    expect(result).toContain('{"x":1}');
-  });
-});
-
-describe("formatGenericToolInputForLog", () => {
-  test("returns undefined when serialization yields empty string", () => {
-    mockedStringify.mockReturnValue(undefined);
-    expect(formatGenericToolInputForLog({})).toBeUndefined();
-  });
-
-  test("returns prefixed input preview", () => {
-    mockedStringify.mockReturnValue('{"k":"v"}');
-    expect(formatGenericToolInputForLog({ k: "v" })).toBe('input {"k":"v"}');
-  });
-
-  test("truncates to TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH", () => {
-    const longJson = `{"k":"${"x".repeat(2000)}"}`;
-    mockedStringify.mockReturnValue(longJson);
-    const result = formatGenericToolInputForLog({});
-    expect(result).toBeDefined();
-    // result is "input " + truncated, so total > TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH by "input ".length
-    const preview = result!.slice("input ".length);
-    expect(preview.length).toBeLessThanOrEqual(
-      TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH + 1,
-    );
-  });
-});
-
-describe("getToolInputPreviewForLog", () => {
-  const pathBearingTools = new Set(["read", "write", "edit"]);
-
-  test("returns undefined for bash tool", () => {
-    const result: PermissionCheckResult = {
-      toolName: "bash",
-      state: "allow",
-      source: "tool",
-      origin: "builtin",
-    };
-    expect(
-      getToolInputPreviewForLog(result, { command: "ls" }, pathBearingTools),
-    ).toBeUndefined();
-  });
-
-  test("returns undefined for mcp tool", () => {
-    const result: PermissionCheckResult = {
-      toolName: "mcp",
-      state: "allow",
-      source: "tool",
-      origin: "builtin",
-    };
-    expect(
-      getToolInputPreviewForLog(result, {}, pathBearingTools),
-    ).toBeUndefined();
-  });
-
-  test("returns undefined for mcp source", () => {
-    const result: PermissionCheckResult = {
-      toolName: "some-server:some-tool",
-      state: "allow",
-      source: "mcp",
-      origin: "builtin",
-    };
-    expect(
-      getToolInputPreviewForLog(result, {}, pathBearingTools),
-    ).toBeUndefined();
-  });
-
-  test("returns path-based preview for path-bearing tools", () => {
-    const result: PermissionCheckResult = {
-      toolName: "read",
-      state: "allow",
-      source: "tool",
-      origin: "builtin",
-    };
-    const preview = getToolInputPreviewForLog(
-      result,
-      { path: "/src/foo.ts" },
-      pathBearingTools,
-    );
-    expect(preview).toContain("/src/foo.ts");
-  });
-
-  test("returns generic JSON preview for non-path-bearing tools", () => {
-    mockedStringify.mockReturnValue('{"n":1}');
-    const result: PermissionCheckResult = {
-      toolName: "task",
-      state: "allow",
-      source: "tool",
-      origin: "builtin",
-    };
-    const preview = getToolInputPreviewForLog(
-      result,
-      { n: 1 },
-      pathBearingTools,
-    );
-    expect(preview).toContain('{"n":1}');
-  });
-});
-
-describe("getPermissionLogContext", () => {
-  const pathBearingTools = new Set(["read", "write", "edit"]);
-
-  test("returns command, target, and toolInputPreview", () => {
-    const result: PermissionCheckResult = {
-      toolName: "bash",
-      state: "allow",
-      source: "tool",
-      origin: "builtin",
-      command: "ls -la",
-    };
-    const ctx = getPermissionLogContext(result, {}, pathBearingTools);
-    expect(ctx.command).toBe("ls -la");
-    expect(ctx.target).toBeUndefined();
-    expect(ctx.toolInputPreview).toBeUndefined();
-  });
-
-  test("includes toolInputPreview for non-bash path-bearing tools", () => {
-    const result: PermissionCheckResult = {
-      toolName: "read",
-      state: "allow",
-      source: "tool",
-      origin: "builtin",
-    };
-    const ctx = getPermissionLogContext(
-      result,
-      { path: "/foo.ts" },
-      pathBearingTools,
-    );
-    expect(ctx.toolInputPreview).toContain("/foo.ts");
-  });
-
-  test("includes origin from check result when present", () => {
-    const result: PermissionCheckResult = {
-      toolName: "read",
-      state: "allow",
-      source: "tool",
-      origin: "project",
-    };
-    const ctx = getPermissionLogContext(result, {}, pathBearingTools);
-    expect(ctx.origin).toBe("project");
-  });
-
-  test("origin is 'builtin' when check result has builtin origin", () => {
-    const result: PermissionCheckResult = {
-      toolName: "read",
-      state: "allow",
-      source: "tool",
-      origin: "builtin",
-    };
-    const ctx = getPermissionLogContext(result, {}, pathBearingTools);
-    expect(ctx.origin).toBe("builtin");
-  });
-});