@gotgenes/pi-permission-system 8.0.0 → 8.2.0

package/test/handlers/gates/path.test.ts

@@ -160,8 +160,8 @@ describe("describePathGate", () => {
       getSessionRuleset,
     ) as GateDescriptor;
     expect(result.sessionApproval).toBeDefined();
-    expect(result.sessionApproval).toHaveProperty("surface", "path");
-    expect(result.sessionApproval).toHaveProperty("pattern");
+    expect(result.sessionApproval?.surface).toBe("path");
+    expect(result.sessionApproval?.representativePattern).toBeDefined();
   });
 
   it("descriptor denialContext references the file path and tool name", () => {

package/test/handlers/gates/runner.test.ts

@@ -7,6 +7,7 @@ import type {
   GateRunnerDeps,
 } from "#src/handlers/gates/descriptor";
 import { runGateCheck } from "#src/handlers/gates/runner";
+import { SessionApproval } from "#src/session-approval";
 import type { PermissionCheckResult } from "#src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
@@ -61,7 +62,7 @@ function makeRunnerDeps(
   return {
     checkPermission: vi.fn().mockReturnValue(makeCheckResult("allow")),
     getSessionRuleset: vi.fn().mockReturnValue([]),
-    approveSessionRule: vi.fn(),
+    recordSessionApproval: vi.fn(),
     writeReviewLog: vi.fn(),
     emitDecision: vi.fn(),
     canConfirm: vi.fn().mockReturnValue(true),
@@ -167,7 +168,7 @@ describe("runGateCheck", () => {
         .mockResolvedValue({ approved: true, state: "approved_for_session" }),
     });
     const descriptor = makeDescriptor({
-      sessionApproval: { surface: "read", pattern: "*" },
+      sessionApproval: SessionApproval.single("read", "*"),
     });
     const result = await runGateCheck(descriptor, null, "tc-1", deps);
     expect(result).toEqual({ action: "allow" });
@@ -176,33 +177,27 @@ describe("runGateCheck", () => {
         resolution: "user_approved_for_session",
       }),
     );
-    expect(deps.approveSessionRule).toHaveBeenCalledWith("read", "*");
+    expect(deps.recordSessionApproval).toHaveBeenCalledWith(
+      SessionApproval.single("read", "*"),
+    );
   });
 
-  it("calls approveSessionRule once per pattern when sessionApproval has multiple patterns", async () => {
+  it("calls recordSessionApproval once with the full SessionApproval when sessionApproval has multiple patterns", async () => {
     const deps = makeRunnerDeps({
       checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
       promptPermission: vi
         .fn()
         .mockResolvedValue({ approved: true, state: "approved_for_session" }),
     });
-    const descriptor = makeDescriptor({
-      sessionApproval: {
-        surface: "external_directory",
-        patterns: ["/outside/a/*", "/outside/b/*"],
-      },
-    });
-    const result = await runGateCheck(descriptor, null, "tc-1", deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(deps.approveSessionRule).toHaveBeenCalledTimes(2);
-    expect(deps.approveSessionRule).toHaveBeenCalledWith(
-      "external_directory",
+    const approval = SessionApproval.multiple("external_directory", [
       "/outside/a/*",
-    );
-    expect(deps.approveSessionRule).toHaveBeenCalledWith(
-      "external_directory",
       "/outside/b/*",
-    );
+    ]);
+    const descriptor = makeDescriptor({ sessionApproval: approval });
+    const result = await runGateCheck(descriptor, null, "tc-1", deps);
+    expect(result).toEqual({ action: "allow" });
+    expect(deps.recordSessionApproval).toHaveBeenCalledTimes(1);
+    expect(deps.recordSessionApproval).toHaveBeenCalledWith(approval);
   });
 
   it("returns block and emits user_denied when ask + user denies", async () => {
@@ -317,7 +312,7 @@ describe("runGateCheck", () => {
     );
   });
 
-  it("does not call approveSessionRule when user approves once (no sessionApproval)", async () => {
+  it("does not call recordSessionApproval when user approves once (no sessionApproval)", async () => {
     const deps = makeRunnerDeps({
       checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
       promptPermission: vi
@@ -325,7 +320,7 @@ describe("runGateCheck", () => {
         .mockResolvedValue({ approved: true, state: "approved" }),
     });
     await runGateCheck(makeDescriptor(), null, "tc-1", deps);
-    expect(deps.approveSessionRule).not.toHaveBeenCalled();
+    expect(deps.recordSessionApproval).not.toHaveBeenCalled();
   });
 
   it("uses preCheck result directly instead of calling checkPermission", async () => {
@@ -348,7 +343,7 @@ describe("runGateCheck", () => {
     );
   });
 
-  it("does not call approveSessionRule when user approves for session but no sessionApproval on descriptor", async () => {
+  it("does not call recordSessionApproval when user approves for session but no sessionApproval on descriptor", async () => {
     const deps = makeRunnerDeps({
       checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
       promptPermission: vi
@@ -357,7 +352,7 @@ describe("runGateCheck", () => {
     });
     // No sessionApproval on descriptor
     await runGateCheck(makeDescriptor(), null, "tc-1", deps);
-    expect(deps.approveSessionRule).not.toHaveBeenCalled();
+    expect(deps.recordSessionApproval).not.toHaveBeenCalled();
   });
 
   describe("denialContext formatting", () => {

package/test/handlers/gates/tool.test.ts

@@ -2,10 +2,24 @@ import { describe, expect, it } from "vitest";
 
 import { describeToolGate } from "#src/handlers/gates/tool";
 import type { ToolCallContext } from "#src/handlers/gates/types";
+import {
+  TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
+  TOOL_INPUT_PREVIEW_MAX_LENGTH,
+  TOOL_TEXT_SUMMARY_MAX_LENGTH,
+} from "#src/tool-input-preview";
+import { ToolPreviewFormatter } from "#src/tool-preview-formatter";
 import type { PermissionCheckResult } from "#src/types";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
+function makeFormatter(): ToolPreviewFormatter {
+  return new ToolPreviewFormatter({
+    toolInputPreviewMaxLength: TOOL_INPUT_PREVIEW_MAX_LENGTH,
+    toolTextSummaryMaxLength: TOOL_TEXT_SUMMARY_MAX_LENGTH,
+    toolInputLogPreviewMaxLength: TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
+  });
+}
+
 function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
   return {
     toolName: "read",
@@ -38,6 +52,7 @@ describe("describeToolGate", () => {
     const desc = describeToolGate(
       makeTcc({ toolName: "read" }),
       makeCheckResult("ask"),
+      makeFormatter(),
     );
     expect(desc.surface).toBe("read");
     expect(desc.decision.surface).toBe("read");
@@ -47,6 +62,7 @@ describe("describeToolGate", () => {
     const desc = describeToolGate(
       makeTcc({ toolName: "write" }),
       makeCheckResult("ask"),
+      makeFormatter(),
     );
     expect(desc.decision.value).toBe("write");
   });
@@ -59,6 +75,7 @@ describe("describeToolGate", () => {
     const desc = describeToolGate(
       makeTcc({ toolName: "bash", input: { command: "git status" } }),
       check,
+      makeFormatter(),
     );
     expect(desc.surface).toBe("bash");
     expect(desc.decision.surface).toBe("bash");
@@ -73,6 +90,7 @@ describe("describeToolGate", () => {
     const desc = describeToolGate(
       makeTcc({ toolName: "mcp", input: { tool: "server:tool" } }),
       check,
+      makeFormatter(),
     );
     expect(desc.surface).toBe("mcp");
     expect(desc.decision.surface).toBe("mcp");
@@ -81,7 +99,7 @@ describe("describeToolGate", () => {
 
   it("populates denialContext with kind 'tool' and check result", () => {
     const check = makeCheckResult("deny", { toolName: "read" });
-    const desc = describeToolGate(makeTcc(), check);
+    const desc = describeToolGate(makeTcc(), check, makeFormatter());
     expect(desc.denialContext).toEqual({
       kind: "tool",
       check,
@@ -92,7 +110,11 @@ describe("describeToolGate", () => {
 
   it("populates denialContext with agent name when provided", () => {
     const check = makeCheckResult("ask", { toolName: "read" });
-    const desc = describeToolGate(makeTcc({ agentName: "my-agent" }), check);
+    const desc = describeToolGate(
+      makeTcc({ agentName: "my-agent" }),
+      check,
+      makeFormatter(),
+    );
     expect(desc.denialContext.agentName).toBe("my-agent");
   });
 
@@ -101,6 +123,7 @@ describe("describeToolGate", () => {
     const desc = describeToolGate(
       makeTcc({ toolName: "bash", input: { command: "ls" } }),
       check,
+      makeFormatter(),
     );
     expect(desc.denialContext).toMatchObject({
       kind: "tool",
@@ -116,10 +139,11 @@ describe("describeToolGate", () => {
     const desc = describeToolGate(
       makeTcc({ toolName: "bash", input: { command: "git status" } }),
       check,
+      makeFormatter(),
     );
     expect(desc.sessionApproval).toBeDefined();
-    expect(desc.sessionApproval!).toHaveProperty("surface", "bash");
-    expect(desc.sessionApproval!).toHaveProperty("pattern");
+    expect(desc.sessionApproval?.surface).toBe("bash");
+    expect(desc.sessionApproval?.representativePattern).toBeDefined();
   });
 
   it("populates promptDetails with correct fields", () => {
@@ -127,6 +151,7 @@ describe("describeToolGate", () => {
     const desc = describeToolGate(
       makeTcc({ toolName: "read", agentName: "my-agent", toolCallId: "tc-42" }),
       check,
+      makeFormatter(),
     );
     expect(desc.promptDetails).toMatchObject({
       source: "tool_call",
@@ -143,6 +168,7 @@ describe("describeToolGate", () => {
     const desc = describeToolGate(
       makeTcc({ toolName: "bash", input: { command: "ls" } }),
       check,
+      makeFormatter(),
     );
     expect(desc.logContext).toMatchObject({
       source: "tool_call",
@@ -155,6 +181,7 @@ describe("describeToolGate", () => {
     const desc = describeToolGate(
       makeTcc({ toolName: "edit", input: { path: "/a.ts" } }),
       makeCheckResult("ask", { toolName: "edit" }),
+      makeFormatter(),
     );
     expect(desc.surface).toBe("edit");
     expect(desc.input).toEqual({ path: "/a.ts" });

package/test/handlers/input-events.test.ts

@@ -55,7 +55,7 @@ function makeSession(
     }),
     getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
-    approveSessionRule: vi.fn(),
+    recordSessionApproval: vi.fn(),
     canPrompt: vi.fn().mockReturnValue(true),
     prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
     createPermissionRequestId: vi.fn().mockReturnValue("req-id"),

package/test/handlers/input.test.ts

@@ -43,7 +43,7 @@ function makeSession(
     checkPermission: vi.fn().mockReturnValue({ state: "allow" }),
     getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
-    approveSessionRule: vi.fn(),
+    recordSessionApproval: vi.fn(),
     canPrompt: vi.fn().mockReturnValue(true),
     prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
     createPermissionRequestId: vi.fn().mockReturnValue("req-id"),

package/test/handlers/tool-call-events.test.ts

@@ -4,7 +4,7 @@
  */
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
-
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
 import { PermissionGateHandler } from "#src/handlers/permission-gate-handler";
 import type { PermissionDecisionEvent } from "#src/permission-events";
 import { PERMISSIONS_DECISION_CHANNEL } from "#src/permission-events";
@@ -77,12 +77,13 @@ function makeSession(
     checkPermission: vi.fn().mockReturnValue(makeCheckResult("allow")),
     getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
-    approveSessionRule: vi.fn(),
+    recordSessionApproval: vi.fn(),
     getActiveSkillEntries: vi.fn().mockReturnValue([]),
     getInfrastructureDirs: vi
       .fn()
       .mockReturnValue(["/test/agent", "/test/agent/git"]),
     getInfrastructureReadPaths: vi.fn().mockReturnValue([]),
+    config: DEFAULT_EXTENSION_CONFIG,
     canPrompt: vi.fn().mockReturnValue(true),
     prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
     ...overrides,

package/test/handlers/tool-call.test.ts

@@ -1,6 +1,6 @@
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
-
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
 import {
   getEventInput,
   PermissionGateHandler,
@@ -68,12 +68,13 @@ function makeSession(
     checkPermission: vi.fn().mockReturnValue(makePermissionResult("allow")),
     getToolPermission: vi.fn().mockReturnValue("allow"),
     getSessionRuleset: vi.fn().mockReturnValue([]),
-    approveSessionRule: vi.fn(),
+    recordSessionApproval: vi.fn(),
     getActiveSkillEntries: vi.fn().mockReturnValue([]),
     getInfrastructureDirs: vi
       .fn()
       .mockReturnValue(["/test/agent", "/test/agent/git"]),
     getInfrastructureReadPaths: vi.fn().mockReturnValue([]),
+    config: DEFAULT_EXTENSION_CONFIG,
     canPrompt: vi.fn().mockReturnValue(true),
     prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
     ...overrides,

package/test/handlers/validate-requested-tool.test.ts

@@ -0,0 +1,92 @@
+import { describe, expect, it } from "vitest";
+
+import {
+  type RequestedToolValidation,
+  validateRequestedTool,
+} from "#src/handlers/permission-gate-handler";
+
+// ── helpers ────────────────────────────────────────────────────────────────
+
+function makeTools(names: string[]): { name: string }[] {
+  return names.map((name) => ({ name }));
+}
+
+const TOOLS = makeTools(["read", "bash", "edit"]);
+
+// ── validateRequestedTool ──────────────────────────────────────────────────
+
+describe("validateRequestedTool", () => {
+  describe("missing / unresolvable tool name", () => {
+    it("blocks when event has no name field", () => {
+      const result = validateRequestedTool({ type: "tool_call" }, TOOLS);
+      expect(result.status).toBe("block");
+      expect(
+        (result as Extract<RequestedToolValidation, { status: "block" }>)
+          .reason,
+      ).toBeTruthy();
+    });
+
+    it("blocks when name field is an empty string", () => {
+      const result = validateRequestedTool({ name: "" }, TOOLS);
+      expect(result.status).toBe("block");
+    });
+
+    it("blocks when name field is null", () => {
+      const result = validateRequestedTool({ name: null }, TOOLS);
+      expect(result.status).toBe("block");
+    });
+
+    it("blocks when event is a primitive", () => {
+      const result = validateRequestedTool("not-an-object", TOOLS);
+      expect(result.status).toBe("block");
+    });
+  });
+
+  describe("unregistered tool", () => {
+    it("blocks when the tool name is not in the registered list", () => {
+      const result = validateRequestedTool({ name: "unknown-tool" }, TOOLS);
+      expect(result.status).toBe("block");
+    });
+
+    it("includes available tool names in the block reason", () => {
+      const result = validateRequestedTool({ name: "unknown-tool" }, TOOLS);
+      expect(result.status).toBe("block");
+      const { reason } = result as Extract<
+        RequestedToolValidation,
+        { status: "block" }
+      >;
+      expect(reason).toContain("read");
+      expect(reason).toContain("bash");
+      expect(reason).toContain("edit");
+    });
+
+    it("blocks with empty available list when no tools are registered", () => {
+      const result = validateRequestedTool({ name: "anything" }, []);
+      expect(result.status).toBe("block");
+    });
+  });
+
+  describe("registered tool (ok path)", () => {
+    it("returns ok with the raw tool name for a known tool", () => {
+      const result = validateRequestedTool({ name: "read" }, TOOLS);
+      expect(result).toEqual({ status: "ok", toolName: "read" });
+    });
+
+    it("returns the raw name as it appeared in the event (not normalised)", () => {
+      // If an alias mechanism were to normalise "Read" → "read",
+      // validateRequestedTool still returns the raw value from the event.
+      // Without aliases the raw name and registered name are the same; this
+      // asserts the contract that toolName comes from the event, not from the
+      // registration lookup's normalizedToolName field.
+      const result = validateRequestedTool({ name: "bash" }, TOOLS);
+      expect(result).toEqual({ status: "ok", toolName: "bash" });
+    });
+
+    it("resolves tool name via the `arguments` field naming convention", () => {
+      // getToolNameFromValue reads `.name` then falls back to other fields;
+      // a plain `{ name: "edit" }` event is sufficient here.
+      const result = validateRequestedTool({ name: "edit" }, TOOLS);
+      expect(result).toEqual({ status: "ok", toolName: "edit" });
+    });
+  });
+});

package/test/permission-prompts.test.ts

@@ -1,9 +1,4 @@
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-
-// Mock tool-input-preview collaborator before importing the module under test.
-vi.mock("../src/tool-input-preview.js", () => ({
-  formatToolInputForPrompt: vi.fn(() => "mocked preview"),
-}));
+import { describe, expect, test } from "vitest";
 
 import {
   formatAskPrompt,
@@ -13,18 +8,21 @@ import {
   formatUnknownToolReason,
 } from "#src/permission-prompts";
 import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
-import { formatToolInputForPrompt } from "#src/tool-input-preview";
+import {
+  TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
+  TOOL_INPUT_PREVIEW_MAX_LENGTH,
+  TOOL_TEXT_SUMMARY_MAX_LENGTH,
+} from "#src/tool-input-preview";
+import { ToolPreviewFormatter } from "#src/tool-preview-formatter";
 import type { PermissionCheckResult } from "#src/types";
 
-const mockedFormatToolInput = vi.mocked(formatToolInputForPrompt);
-
-beforeEach(() => {
-  mockedFormatToolInput.mockReset();
-});
-
-afterEach(() => {
-  vi.restoreAllMocks();
-});
+function makeFormatter(): ToolPreviewFormatter {
+  return new ToolPreviewFormatter({
+    toolInputPreviewMaxLength: TOOL_INPUT_PREVIEW_MAX_LENGTH,
+    toolTextSummaryMaxLength: TOOL_TEXT_SUMMARY_MAX_LENGTH,
+    toolInputLogPreviewMaxLength: TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
+  });
+}
 
 function toolResult(
   toolName: string,
@@ -104,66 +102,96 @@ describe("formatUnknownToolReason", () => {
 
 describe("formatAskPrompt", () => {
   test("uses 'Current agent' when no agent name given", () => {
-    const result = formatAskPrompt(toolResult("read"), undefined, {
-      path: "/src",
-    });
+    const result = formatAskPrompt(
+      toolResult("read"),
+      undefined,
+      { path: "/src" },
+      makeFormatter(),
+    );
     expect(result).toContain("Current agent");
   });
 
   test("uses agent name when provided", () => {
-    const result = formatAskPrompt(toolResult("read"), "my-agent", {
-      path: "/src",
-    });
+    const result = formatAskPrompt(
+      toolResult("read"),
+      "my-agent",
+      { path: "/src" },
+      makeFormatter(),
+    );
     expect(result).toContain("Agent 'my-agent'");
   });
 
-  test("formats bash prompt with command and no tool-input-preview call", () => {
+  test("formats bash prompt with command and does not use formatter", () => {
     const result = formatAskPrompt(
       toolResult("bash", { command: "git status" }),
+      undefined,
+      undefined,
+      makeFormatter(),
     );
     expect(result).toContain("git status");
     expect(result).toContain("Allow this command?");
-    expect(mockedFormatToolInput).not.toHaveBeenCalled();
   });
 
   test("formats bash prompt with matched pattern", () => {
     const result = formatAskPrompt(
       toolResult("bash", { command: "git push", matchedPattern: "git *" }),
+      undefined,
+      undefined,
+      makeFormatter(),
     );
     expect(result).toContain("matched 'git *'");
   });
 
   test("formats MCP prompt with target", () => {
-    const result = formatAskPrompt(mcpResult("server:query"));
+    const result = formatAskPrompt(
+      mcpResult("server:query"),
+      undefined,
+      undefined,
+      makeFormatter(),
+    );
     expect(result).toContain("server:query");
     expect(result).toContain("Allow this call?");
-    expect(mockedFormatToolInput).not.toHaveBeenCalled();
   });
 
   test("formats MCP prompt with matched pattern", () => {
     const result = formatAskPrompt(
       mcpResult("server:query", { matchedPattern: "server:*" }),
+      undefined,
+      undefined,
+      makeFormatter(),
     );
     expect(result).toContain("matched 'server:*'");
   });
 
-  test("calls formatToolInputForPrompt for non-bash non-mcp tools", () => {
-    mockedFormatToolInput.mockReturnValue("for '/src/foo.ts'");
-    const result = formatAskPrompt(toolResult("read"), undefined, {
-      path: "/src/foo.ts",
-    });
-    expect(mockedFormatToolInput).toHaveBeenCalledWith("read", {
-      path: "/src/foo.ts",
-    });
-    expect(result).toContain("for '/src/foo.ts'");
+  test("includes real input preview for non-bash non-mcp tools", () => {
+    const result = formatAskPrompt(
+      toolResult("read"),
+      undefined,
+      { path: "/src/foo.ts" },
+      makeFormatter(),
+    );
+    expect(result).toContain("path '/src/foo.ts'");
     expect(result).toContain("Allow this call?");
   });
 
-  test("omits input suffix when formatToolInputForPrompt returns empty string", () => {
-    mockedFormatToolInput.mockReturnValue("");
-    const result = formatAskPrompt(toolResult("task"));
+  test("omits input suffix when formatter returns empty string for input", () => {
+    const result = formatAskPrompt(
+      toolResult("task"),
+      undefined,
+      {},
+      makeFormatter(),
+    );
+    expect(result).toContain("task");
+    expect(result).not.toContain("undefined");
+  });
+
+  test("omits input suffix when no formatter provided", () => {
+    const result = formatAskPrompt(toolResult("task"), undefined, {
+      path: "/src",
+    });
     expect(result).toContain("task");
     expect(result).not.toContain("undefined");
+    expect(result).toContain("Allow this call?");
   });
 });
 

package/test/permission-session.test.ts

@@ -36,6 +36,7 @@ import {
   PermissionSession,
   type PermissionSessionRuntimeDeps,
 } from "#src/permission-session";
+import { SessionApproval } from "#src/session-approval";
 import type { SessionLogger } from "#src/session-logger";
 import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
 
@@ -219,9 +220,11 @@ describe("PermissionSession", () => {
       expect(rules).toEqual([]);
     });
 
-    it("delegates approveSessionRule to internal SessionRules", () => {
+    it("delegates recordSessionApproval to internal SessionRules", () => {
       const { session } = createSession();
-      session.approveSessionRule("bash", "/usr/bin/*");
+      session.recordSessionApproval(
+        SessionApproval.single("bash", "/usr/bin/*"),
+      );
       const rules = session.getSessionRuleset();
       expect(rules).toHaveLength(1);
       expect(rules[0]).toMatchObject({
@@ -325,7 +328,7 @@ describe("PermissionSession", () => {
   describe("shutdown", () => {
     it("clears session rules", () => {
       const { session } = createSession();
-      session.approveSessionRule("bash", "*");
+      session.recordSessionApproval(SessionApproval.single("bash", "*"));
       expect(session.getSessionRuleset()).toHaveLength(1);
 
       session.shutdown();