@gotgenes/pi-permission-system 8.0.0 → 8.2.0

package/src/tool-input-preview.ts

@@ -1,6 +1,5 @@
 import { getNonEmptyString, toRecord } from "./common";
 import { safeJsonStringify } from "./logging";
-import type { PermissionCheckResult } from "./types";
 
 export const TOOL_INPUT_PREVIEW_MAX_LENGTH = 200;
 export const TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH = 1000;
@@ -10,14 +9,6 @@ export function truncateInlineText(value: string, maxLength: number): string {
   return value.length > maxLength ? `${value.slice(0, maxLength)}…` : value;
 }
 
-export function sanitizeInlineText(
-  value: string,
-  maxLength = TOOL_TEXT_SUMMARY_MAX_LENGTH,
-): string {
-  const normalized = value.replace(/\s+/g, " ").trim();
-  return normalized ? truncateInlineText(normalized, maxLength) : "empty text";
-}
-
 export function countTextLines(value: string): number {
   if (!value) {
     return 0;
@@ -95,30 +86,6 @@ export function formatReadInputForPrompt(
   return parts.length > 0 ? `for ${parts.join(", ")}` : "";
 }
 
-export function formatSearchInputForPrompt(
-  toolName: string,
-  input: Record<string, unknown>,
-): string {
-  const parts: string[] = [];
-  const path = getPromptPath(input);
-  const pattern = getNonEmptyString(input.pattern);
-  const glob = getNonEmptyString(input.glob);
-
-  if (pattern) {
-    parts.push(`pattern '${sanitizeInlineText(pattern)}'`);
-  }
-  if (glob) {
-    parts.push(`glob '${sanitizeInlineText(glob)}'`);
-  }
-  if (path) {
-    parts.push(`path '${path}'`);
-  } else if (toolName === "find" || toolName === "grep" || toolName === "ls") {
-    parts.push("current working directory");
-  }
-
-  return parts.length > 0 ? `for ${parts.join(", ")}` : "";
-}
-
 export function serializeToolInputPreview(input: unknown): string {
   const serialized = safeJsonStringify(input);
   if (!serialized || serialized === "{}" || serialized === "null") {
@@ -127,86 +94,3 @@ export function serializeToolInputPreview(input: unknown): string {
 
   return serialized.replace(/\s+/g, " ").trim();
 }
-
-export function formatJsonInputForPrompt(input: unknown): string {
-  const inline = serializeToolInputPreview(input);
-  return inline
-    ? `with input ${truncateInlineText(inline, TOOL_INPUT_PREVIEW_MAX_LENGTH)}`
-    : "";
-}
-
-export function formatToolInputForPrompt(
-  toolName: string,
-  input: unknown,
-): string {
-  const inputRecord = toRecord(input);
-
-  switch (toolName) {
-    case "edit":
-      return formatEditInputForPrompt(inputRecord);
-    case "write":
-      return formatWriteInputForPrompt(inputRecord);
-    case "read":
-      return formatReadInputForPrompt(inputRecord);
-    case "find":
-    case "grep":
-    case "ls":
-      return formatSearchInputForPrompt(toolName, inputRecord);
-    default:
-      return formatJsonInputForPrompt(input);
-  }
-}
-
-export function formatGenericToolInputForLog(
-  input: unknown,
-): string | undefined {
-  const inline = serializeToolInputPreview(input);
-  return inline
-    ? `input ${truncateInlineText(inline, TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH)}`
-    : undefined;
-}
-
-export function getToolInputPreviewForLog(
-  result: PermissionCheckResult,
-  input: unknown,
-  pathBearingTools: ReadonlySet<string>,
-): string | undefined {
-  if (
-    result.toolName === "bash" ||
-    result.toolName === "mcp" ||
-    result.source === "mcp"
-  ) {
-    return undefined;
-  }
-
-  if (pathBearingTools.has(result.toolName)) {
-    const inputPreview = formatToolInputForPrompt(result.toolName, input);
-    return inputPreview
-      ? truncateInlineText(inputPreview, TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH)
-      : undefined;
-  }
-
-  return formatGenericToolInputForLog(input);
-}
-
-export function getPermissionLogContext(
-  result: PermissionCheckResult,
-  input: unknown,
-  pathBearingTools: ReadonlySet<string>,
-): {
-  command?: string;
-  target?: string;
-  toolInputPreview?: string;
-  origin?: string;
-} {
-  return {
-    command: result.command,
-    target: result.target,
-    toolInputPreview: getToolInputPreviewForLog(
-      result,
-      input,
-      pathBearingTools,
-    ),
-    origin: result.origin,
-  };
-}

package/src/tool-preview-formatter.ts

@@ -0,0 +1,188 @@
+import { getNonEmptyString, toRecord } from "./common";
+import type { PermissionSystemExtensionConfig } from "./extension-config";
+import {
+  formatEditInputForPrompt,
+  formatReadInputForPrompt,
+  formatWriteInputForPrompt,
+  getPromptPath,
+  serializeToolInputPreview,
+  TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
+  TOOL_INPUT_PREVIEW_MAX_LENGTH,
+  TOOL_TEXT_SUMMARY_MAX_LENGTH,
+  truncateInlineText,
+} from "./tool-input-preview";
+import type { PermissionCheckResult } from "./types";
+
+export interface ToolPreviewFormatterOptions {
+  toolInputPreviewMaxLength: number;
+  toolTextSummaryMaxLength: number;
+  toolInputLogPreviewMaxLength: number;
+}
+
+type ConfigurablePreviewLimits = Pick<
+  PermissionSystemExtensionConfig,
+  "toolInputPreviewMaxLength" | "toolTextSummaryMaxLength"
+>;
+
+/**
+ * Resolve `ToolPreviewFormatterOptions` from a config object, falling back to
+ * the built-in defaults for any field that is absent.
+ */
+export function resolveToolPreviewLimits(
+  config: ConfigurablePreviewLimits,
+): ToolPreviewFormatterOptions {
+  return {
+    toolInputPreviewMaxLength:
+      config.toolInputPreviewMaxLength ?? TOOL_INPUT_PREVIEW_MAX_LENGTH,
+    toolTextSummaryMaxLength:
+      config.toolTextSummaryMaxLength ?? TOOL_TEXT_SUMMARY_MAX_LENGTH,
+    toolInputLogPreviewMaxLength: TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
+  };
+}
+
+/**
+ * Formats tool inputs for permission prompts and review logs.
+ *
+ * Accepts configurable limits in its constructor — the single injection
+ * point for preview-length configuration (#266).
+ */
+export class ToolPreviewFormatter {
+  constructor(private readonly options: ToolPreviewFormatterOptions) {}
+
+  // ── Prompt formatting ───────────────────────────────────────────────────
+
+  /**
+   * Collapse whitespace, trim, and truncate a string to fit inline.
+   * An explicit `maxLength` overrides the constructor default.
+   */
+  sanitizeInlineText(value: string, maxLength?: number): string {
+    const limit = maxLength ?? this.options.toolTextSummaryMaxLength;
+    const normalized = value.replace(/\s+/g, " ").trim();
+    return normalized ? truncateInlineText(normalized, limit) : "empty text";
+  }
+
+  /** Serialize `input` to inline JSON and truncate at `toolInputPreviewMaxLength`. */
+  formatJsonInputForPrompt(input: unknown): string {
+    const inline = serializeToolInputPreview(input);
+    return inline
+      ? `with input ${truncateInlineText(inline, this.options.toolInputPreviewMaxLength)}`
+      : "";
+  }
+
+  /** Format search-tool (grep/find/ls) input for a permission prompt. */
+  formatSearchInputForPrompt(
+    toolName: string,
+    input: Record<string, unknown>,
+  ): string {
+    const parts: string[] = [];
+    const path = getPromptPath(input);
+    const pattern = getNonEmptyString(input.pattern);
+    const glob = getNonEmptyString(input.glob);
+
+    if (pattern) {
+      parts.push(`pattern '${this.sanitizeInlineText(pattern)}'`);
+    }
+    if (glob) {
+      parts.push(`glob '${this.sanitizeInlineText(glob)}'`);
+    }
+    if (path) {
+      parts.push(`path '${path}'`);
+    } else if (
+      toolName === "find" ||
+      toolName === "grep" ||
+      toolName === "ls"
+    ) {
+      parts.push("current working directory");
+    }
+
+    return parts.length > 0 ? `for ${parts.join(", ")}` : "";
+  }
+
+  /**
+   * Format any tool input for display in a permission ask-prompt.
+   *
+   * Dispatches to the appropriate pure formatter for known tools
+   * and falls back to inline JSON for everything else.
+   */
+  formatToolInputForPrompt(toolName: string, input: unknown): string {
+    const inputRecord = toRecord(input);
+
+    switch (toolName) {
+      case "edit":
+        return formatEditInputForPrompt(inputRecord);
+      case "write":
+        return formatWriteInputForPrompt(inputRecord);
+      case "read":
+        return formatReadInputForPrompt(inputRecord);
+      case "find":
+      case "grep":
+      case "ls":
+        return this.formatSearchInputForPrompt(toolName, inputRecord);
+      default:
+        return this.formatJsonInputForPrompt(input);
+    }
+  }
+
+  // ── Log formatting ──────────────────────────────────────────────────────
+
+  /** Serialize `input` to inline JSON and truncate at `toolInputLogPreviewMaxLength`. */
+  formatGenericToolInputForLog(input: unknown): string | undefined {
+    const inline = serializeToolInputPreview(input);
+    return inline
+      ? `input ${truncateInlineText(inline, this.options.toolInputLogPreviewMaxLength)}`
+      : undefined;
+  }
+
+  /** Derive a loggable input preview string for the review log. */
+  getToolInputPreviewForLog(
+    result: PermissionCheckResult,
+    input: unknown,
+    pathBearingTools: ReadonlySet<string>,
+  ): string | undefined {
+    if (
+      result.toolName === "bash" ||
+      result.toolName === "mcp" ||
+      result.source === "mcp"
+    ) {
+      return undefined;
+    }
+
+    if (pathBearingTools.has(result.toolName)) {
+      const inputPreview = this.formatToolInputForPrompt(
+        result.toolName,
+        input,
+      );
+      return inputPreview
+        ? truncateInlineText(
+            inputPreview,
+            this.options.toolInputLogPreviewMaxLength,
+          )
+        : undefined;
+    }
+
+    return this.formatGenericToolInputForLog(input);
+  }
+
+  /** Build the structured log context object for a permission review log entry. */
+  getPermissionLogContext(
+    result: PermissionCheckResult,
+    input: unknown,
+    pathBearingTools: ReadonlySet<string>,
+  ): {
+    command?: string;
+    target?: string;
+    toolInputPreview?: string;
+    origin?: string;
+  } {
+    return {
+      command: result.command,
+      target: result.target,
+      toolInputPreview: this.getToolInputPreviewForLog(
+        result,
+        input,
+        pathBearingTools,
+      ),
+      origin: result.origin,
+    };
+  }
+}

package/test/extension-config.test.ts

@@ -2,6 +2,7 @@ import { describe, expect, it } from "vitest";
 
 import {
   detectMisplacedPermissionKeys,
+  normalizeOptionalPositiveInt,
   normalizePermissionSystemConfig,
 } from "#src/extension-config";
 
@@ -74,6 +75,36 @@ describe("detectMisplacedPermissionKeys", () => {
   });
 });
 
+describe("normalizeOptionalPositiveInt", () => {
+  it("returns the value for a valid positive integer", () => {
+    expect(normalizeOptionalPositiveInt(1)).toBe(1);
+    expect(normalizeOptionalPositiveInt(200)).toBe(200);
+    expect(normalizeOptionalPositiveInt(9999)).toBe(9999);
+  });
+
+  it("returns undefined for zero", () => {
+    expect(normalizeOptionalPositiveInt(0)).toBeUndefined();
+  });
+
+  it("returns undefined for negative integers", () => {
+    expect(normalizeOptionalPositiveInt(-1)).toBeUndefined();
+    expect(normalizeOptionalPositiveInt(-100)).toBeUndefined();
+  });
+
+  it("returns undefined for non-integer numbers (floats)", () => {
+    expect(normalizeOptionalPositiveInt(400.5)).toBeUndefined();
+    expect(normalizeOptionalPositiveInt(1.1)).toBeUndefined();
+  });
+
+  it("returns undefined for non-number types", () => {
+    expect(normalizeOptionalPositiveInt("200")).toBeUndefined();
+    expect(normalizeOptionalPositiveInt(true)).toBeUndefined();
+    expect(normalizeOptionalPositiveInt(null)).toBeUndefined();
+    expect(normalizeOptionalPositiveInt(undefined)).toBeUndefined();
+    expect(normalizeOptionalPositiveInt({})).toBeUndefined();
+  });
+});
+
 describe("normalizePermissionSystemConfig", () => {
   it("normalizes a valid config object", () => {
     const result = normalizePermissionSystemConfig({
@@ -122,4 +153,66 @@ describe("normalizePermissionSystemConfig", () => {
       yoloMode: false,
     });
   });
+
+  it("includes toolInputPreviewMaxLength when a valid positive integer is provided", () => {
+    const result = normalizePermissionSystemConfig({
+      toolInputPreviewMaxLength: 400,
+    });
+    expect(result.toolInputPreviewMaxLength).toBe(400);
+  });
+
+  it("omits toolInputPreviewMaxLength when absent", () => {
+    const result = normalizePermissionSystemConfig({});
+    expect("toolInputPreviewMaxLength" in result).toBe(false);
+  });
+
+  it("omits toolInputPreviewMaxLength for invalid values", () => {
+    expect(
+      normalizePermissionSystemConfig({ toolInputPreviewMaxLength: 0 })
+        .toolInputPreviewMaxLength,
+    ).toBeUndefined();
+    expect(
+      normalizePermissionSystemConfig({ toolInputPreviewMaxLength: -1 })
+        .toolInputPreviewMaxLength,
+    ).toBeUndefined();
+    expect(
+      normalizePermissionSystemConfig({ toolInputPreviewMaxLength: 200.5 })
+        .toolInputPreviewMaxLength,
+    ).toBeUndefined();
+    expect(
+      normalizePermissionSystemConfig({ toolInputPreviewMaxLength: "200" })
+        .toolInputPreviewMaxLength,
+    ).toBeUndefined();
+  });
+
+  it("includes toolTextSummaryMaxLength when a valid positive integer is provided", () => {
+    const result = normalizePermissionSystemConfig({
+      toolTextSummaryMaxLength: 120,
+    });
+    expect(result.toolTextSummaryMaxLength).toBe(120);
+  });
+
+  it("omits toolTextSummaryMaxLength when absent", () => {
+    const result = normalizePermissionSystemConfig({});
+    expect("toolTextSummaryMaxLength" in result).toBe(false);
+  });
+
+  it("omits toolTextSummaryMaxLength for invalid values", () => {
+    expect(
+      normalizePermissionSystemConfig({ toolTextSummaryMaxLength: 0 })
+        .toolTextSummaryMaxLength,
+    ).toBeUndefined();
+    expect(
+      normalizePermissionSystemConfig({ toolTextSummaryMaxLength: -1 })
+        .toolTextSummaryMaxLength,
+    ).toBeUndefined();
+    expect(
+      normalizePermissionSystemConfig({ toolTextSummaryMaxLength: 80.1 })
+        .toolTextSummaryMaxLength,
+    ).toBeUndefined();
+    expect(
+      normalizePermissionSystemConfig({ toolTextSummaryMaxLength: true })
+        .toolTextSummaryMaxLength,
+    ).toBeUndefined();
+  });
 });

package/test/handlers/external-directory-integration.test.ts

@@ -12,6 +12,7 @@ import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
 
 import { EXTENSION_TAG } from "#src/denial-messages";
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
 import { formatExternalDirectoryAskPrompt } from "#src/handlers/gates/external-directory-messages";
 import { PermissionGateHandler } from "#src/handlers/permission-gate-handler";
 import {
@@ -112,10 +113,11 @@ function makeSession(
     checkPermission: makeCheckPermission("deny"),
     getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
-    approveSessionRule: vi.fn(),
+    recordSessionApproval: vi.fn(),
     getActiveSkillEntries: vi.fn().mockReturnValue([]),
     getInfrastructureDirs: vi.fn().mockReturnValue([]),
     getInfrastructureReadPaths: vi.fn().mockReturnValue([]),
+    config: DEFAULT_EXTENSION_CONFIG,
     canPrompt: vi.fn().mockReturnValue(true),
     prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
     ...overrides,

package/test/handlers/external-directory-session-dedup.test.ts

@@ -3,7 +3,7 @@
  * external path only prompt once — the session-approval recorded by the
  * first call covers the second.
  *
- * These tests use stateful mocks: `approveSessionRule` records rules,
+ * These tests use stateful mocks: `recordSessionApproval` records rules,
  * and `checkPermission` consults them via `getSessionRuleset`, mirroring
  * the real interaction between PermissionSession, SessionRules, and
  * PermissionManager.
@@ -11,9 +11,11 @@
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
 
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
 import { PermissionGateHandler } from "#src/handlers/permission-gate-handler";
 import type { PermissionSession } from "#src/permission-session";
 import type { Rule } from "#src/rule";
+import type { SessionApproval } from "#src/session-approval";
 import type { ToolRegistry } from "#src/tool-registry";
 import type { PermissionCheckResult } from "#src/types";
 import { wildcardMatch } from "#src/wildcard-matcher";
@@ -52,7 +54,7 @@ function makeCtx(overrides: Partial<ExtensionContext> = {}): ExtensionContext {
  * Build a PermissionSession mock with stateful session-rule tracking.
  *
  * `checkPermission` returns "ask" for `external_directory` unless a
- * matching session rule exists (via `approveSessionRule`), in which case
+ * matching session rule exists (via `recordSessionApproval`), in which case
  * it returns "allow" with `source: "session"`. All other surfaces return
  * "allow" by default.
  */
@@ -114,16 +116,18 @@ function makeStatefulSession(
       },
     );
 
-  const approveSessionRule = vi
+  const recordSessionApproval = vi
     .fn()
-    .mockImplementation((surface: string, pattern: string) => {
-      sessionRules.push({
-        surface,
-        pattern,
-        action: "allow",
-        layer: "session",
-        origin: "session",
-      });
+    .mockImplementation((approval: SessionApproval) => {
+      for (const pattern of approval.patterns) {
+        sessionRules.push({
+          surface: approval.surface,
+          pattern,
+          action: "allow",
+          layer: "session",
+          origin: "session",
+        });
+      }
     });
 
   const getSessionRuleset = vi.fn().mockImplementation(() => [...sessionRules]);
@@ -135,10 +139,11 @@ function makeStatefulSession(
     checkPermission,
     getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset,
-    approveSessionRule,
+    recordSessionApproval,
     getActiveSkillEntries: vi.fn().mockReturnValue([]),
     getInfrastructureDirs: vi.fn().mockReturnValue([]),
     getInfrastructureReadPaths: vi.fn().mockReturnValue([]),
+    config: DEFAULT_EXTENSION_CONFIG,
     canPrompt: vi.fn().mockReturnValue(true),
     prompt: vi
       .fn()

package/test/handlers/gates/bash-external-directory.test.ts

@@ -93,9 +93,8 @@ describe("describeBashExternalDirectoryGate", () => {
     expect(isGateDescriptor(result)).toBe(true);
     const desc = result as GateDescriptor;
     expect(desc.sessionApproval).toBeDefined();
-    expect(desc.sessionApproval).toHaveProperty("patterns");
-    const patterns = (desc.sessionApproval as { patterns: string[] }).patterns;
-    expect(patterns.length).toBeGreaterThan(0);
+    if (!desc.sessionApproval) return;
+    expect(desc.sessionApproval.patterns.length).toBeGreaterThan(0);
   });
 
   it("returns GateBypass when all external paths are config-level allowed", async () => {
@@ -211,8 +210,9 @@ describe("describeBashExternalDirectoryGate", () => {
     );
     expect(isGateDescriptor(result)).toBe(true);
     const desc = result as GateDescriptor;
-    const patterns = (desc.sessionApproval as { patterns: string[] }).patterns;
-    expect(patterns.length).toBe(1);
+    expect(desc.sessionApproval).toBeDefined();
+    if (!desc.sessionApproval) return;
+    expect(desc.sessionApproval.patterns.length).toBe(1);
     expect(desc.preCheck?.state).toBe("ask");
   });
 
@@ -236,8 +236,9 @@ describe("describeBashExternalDirectoryGate", () => {
     const desc = result as GateDescriptor;
     expect(desc.preCheck?.state).toBe("deny");
     // Both paths are uncovered (neither is allow), so both patterns are included.
-    const patterns = (desc.sessionApproval as { patterns: string[] }).patterns;
-    expect(patterns.length).toBe(2);
+    expect(desc.sessionApproval).toBeDefined();
+    if (!desc.sessionApproval) return;
+    expect(desc.sessionApproval.patterns.length).toBe(2);
   });
 
   it("only includes uncovered paths when some are session-covered", async () => {
@@ -259,7 +260,8 @@ describe("describeBashExternalDirectoryGate", () => {
     expect(isGateDescriptor(result)).toBe(true);
     const desc = result as GateDescriptor;
     // Should have patterns only for the uncovered path
-    const patterns = (desc.sessionApproval as { patterns: string[] }).patterns;
-    expect(patterns.length).toBe(1);
+    expect(desc.sessionApproval).toBeDefined();
+    if (!desc.sessionApproval) return;
+    expect(desc.sessionApproval.patterns.length).toBe(1);
   });
 });

package/test/handlers/gates/external-directory.test.ts

@@ -126,11 +126,8 @@ describe("describeExternalDirectoryGate", () => {
       ["/test/agent"],
     ) as GateDescriptor;
     expect(result.sessionApproval).toBeDefined();
-    expect(result.sessionApproval).toHaveProperty(
-      "surface",
-      "external_directory",
-    );
-    expect(result.sessionApproval).toHaveProperty("pattern");
+    expect(result.sessionApproval?.surface).toBe("external_directory");
+    expect(result.sessionApproval?.representativePattern).toBeDefined();
   });
 
   it("denialContext contains the external path and cwd", () => {

package/test/handlers/gates/helpers.test.ts

@@ -1,9 +1,11 @@
 import { describe, expect, it } from "vitest";
 
 import {
+  buildDecisionEvent,
   deriveDecisionValue,
   deriveResolution,
 } from "#src/handlers/gates/helpers";
+import type { PermissionCheckResult } from "#src/types";
 
 describe("deriveDecisionValue", () => {
   it("returns command for bash", () => {
@@ -82,3 +84,82 @@ describe("deriveResolution", () => {
     );
   });
 });
+
+describe("buildDecisionEvent", () => {
+  function makeCheck(
+    overrides: Partial<PermissionCheckResult> = {},
+  ): PermissionCheckResult {
+    return {
+      state: "allow",
+      toolName: "read",
+      source: "tool",
+      origin: "builtin",
+      matchedPattern: "*",
+      ...overrides,
+    };
+  }
+
+  it("builds a decision event with all fields populated", () => {
+    const event = buildDecisionEvent(
+      { surface: "read", value: "read" },
+      makeCheck({ origin: "global", matchedPattern: "read" }),
+      "test-agent",
+      "allow",
+      "policy_allow",
+    );
+    expect(event).toEqual({
+      surface: "read",
+      value: "read",
+      result: "allow",
+      resolution: "policy_allow",
+      origin: "global",
+      agentName: "test-agent",
+      matchedPattern: "read",
+    });
+  });
+
+  it("normalises undefined origin to null", () => {
+    const event = buildDecisionEvent(
+      { surface: "bash", value: "git status" },
+      makeCheck({ origin: undefined }),
+      null,
+      "allow",
+      "user_approved",
+    );
+    expect(event.origin).toBeNull();
+  });
+
+  it("normalises null agentName to null", () => {
+    const event = buildDecisionEvent(
+      { surface: "read", value: "read" },
+      makeCheck(),
+      null,
+      "deny",
+      "policy_deny",
+    );
+    expect(event.agentName).toBeNull();
+  });
+
+  it("normalises undefined matchedPattern to null", () => {
+    const event = buildDecisionEvent(
+      { surface: "read", value: "read" },
+      makeCheck({ matchedPattern: undefined }),
+      null,
+      "deny",
+      "policy_deny",
+    );
+    expect(event.matchedPattern).toBeNull();
+  });
+
+  it("passes result and resolution through", () => {
+    const event = buildDecisionEvent(
+      { surface: "bash", value: "rm -rf /" },
+      makeCheck(),
+      null,
+      "deny",
+      "user_denied",
+    );
+    expect(event.result).toBe("deny");
+    expect(event.resolution).toBe("user_denied");
+  });
+});