@gotgenes/pi-permission-system 8.1.0 → 8.2.1

package/test/handlers/gates/runner.test.ts

@@ -2,75 +2,11 @@ import { describe, expect, it, vi } from "vitest";
 
 import type { DenialContext } from "#src/denial-messages";
 import { EXTENSION_TAG } from "#src/denial-messages";
-import type {
-  GateDescriptor,
-  GateRunnerDeps,
-} from "#src/handlers/gates/descriptor";
+import type { GateDescriptor } from "#src/handlers/gates/descriptor";
 import { runGateCheck } from "#src/handlers/gates/runner";
-import type { PermissionCheckResult } from "#src/types";
-
-// ── helpers ────────────────────────────────────────────────────────────────
-
-function makeDescriptor(
-  overrides: Partial<GateDescriptor> = {},
-): GateDescriptor {
-  return {
-    surface: "read",
-    input: {},
-    denialContext: {
-      kind: "tool",
-      check: makeCheckResult("deny"),
-    },
-    promptDetails: {
-      source: "tool_call",
-      agentName: null,
-      message: "Allow tool 'read'?",
-      toolCallId: "tc-1",
-      toolName: "read",
-    },
-    logContext: {
-      source: "tool_call",
-      toolCallId: "tc-1",
-      toolName: "read",
-    },
-    decision: {
-      surface: "read",
-      value: "read",
-    },
-    ...overrides,
-  };
-}
-
-function makeCheckResult(
-  state: "allow" | "deny" | "ask",
-  overrides: Partial<PermissionCheckResult> = {},
-): PermissionCheckResult {
-  return {
-    state,
-    toolName: "read",
-    source: "tool",
-    origin: "builtin",
-    matchedPattern: "*",
-    ...overrides,
-  };
-}
-
-function makeRunnerDeps(
-  overrides: Partial<GateRunnerDeps> = {},
-): GateRunnerDeps {
-  return {
-    checkPermission: vi.fn().mockReturnValue(makeCheckResult("allow")),
-    getSessionRuleset: vi.fn().mockReturnValue([]),
-    approveSessionRule: vi.fn(),
-    writeReviewLog: vi.fn(),
-    emitDecision: vi.fn(),
-    canConfirm: vi.fn().mockReturnValue(true),
-    promptPermission: vi
-      .fn()
-      .mockResolvedValue({ approved: true, state: "approved" }),
-    ...overrides,
-  };
-}
+import { SessionApproval } from "#src/session-approval";
+import { makeDescriptor, makeRunnerDeps } from "#test/helpers/gate-fixtures";
+import { makeCheckResult } from "#test/helpers/handler-fixtures";
 
 // ── tests ──────────────────────────────────────────────────────────────────
 
@@ -91,7 +27,11 @@ describe("runGateCheck", () => {
 
   it("returns block and emits policy_deny when policy is deny", async () => {
     const deps = makeRunnerDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
+      checkPermission: vi
+        .fn()
+        .mockReturnValue(
+          makeCheckResult({ state: "deny", matchedPattern: "*" }),
+        ),
     });
     const result = await runGateCheck(makeDescriptor(), null, "tc-1", deps);
     expect(result).toMatchObject({ action: "block" });
@@ -109,12 +49,11 @@ describe("runGateCheck", () => {
 
   it("returns allow and emits session_approved on session hit", async () => {
     const deps = makeRunnerDeps({
-      checkPermission: vi.fn().mockReturnValue(
-        makeCheckResult("allow", {
-          source: "session",
-          matchedPattern: "git *",
-        }),
-      ),
+      checkPermission: vi
+        .fn()
+        .mockReturnValue(
+          makeCheckResult({ source: "session", matchedPattern: "git *" }),
+        ),
     });
     const result = await runGateCheck(
       makeDescriptor({
@@ -144,7 +83,11 @@ describe("runGateCheck", () => {
 
   it("returns allow and emits user_approved when ask + user approves", async () => {
     const deps = makeRunnerDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+      checkPermission: vi
+        .fn()
+        .mockReturnValue(
+          makeCheckResult({ state: "ask", matchedPattern: "*" }),
+        ),
       promptPermission: vi
         .fn()
         .mockResolvedValue({ approved: true, state: "approved" }),
@@ -161,13 +104,17 @@ describe("runGateCheck", () => {
 
   it("returns allow, emits user_approved_for_session, and records session rule on approved_for_session", async () => {
     const deps = makeRunnerDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+      checkPermission: vi
+        .fn()
+        .mockReturnValue(
+          makeCheckResult({ state: "ask", matchedPattern: "*" }),
+        ),
       promptPermission: vi
         .fn()
         .mockResolvedValue({ approved: true, state: "approved_for_session" }),
     });
     const descriptor = makeDescriptor({
-      sessionApproval: { surface: "read", pattern: "*" },
+      sessionApproval: SessionApproval.single("read", "*"),
     });
     const result = await runGateCheck(descriptor, null, "tc-1", deps);
     expect(result).toEqual({ action: "allow" });
@@ -176,38 +123,40 @@ describe("runGateCheck", () => {
         resolution: "user_approved_for_session",
       }),
     );
-    expect(deps.approveSessionRule).toHaveBeenCalledWith("read", "*");
+    expect(deps.recordSessionApproval).toHaveBeenCalledWith(
+      SessionApproval.single("read", "*"),
+    );
   });
 
-  it("calls approveSessionRule once per pattern when sessionApproval has multiple patterns", async () => {
+  it("calls recordSessionApproval once with the full SessionApproval when sessionApproval has multiple patterns", async () => {
     const deps = makeRunnerDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+      checkPermission: vi
+        .fn()
+        .mockReturnValue(
+          makeCheckResult({ state: "ask", matchedPattern: "*" }),
+        ),
       promptPermission: vi
         .fn()
         .mockResolvedValue({ approved: true, state: "approved_for_session" }),
     });
-    const descriptor = makeDescriptor({
-      sessionApproval: {
-        surface: "external_directory",
-        patterns: ["/outside/a/*", "/outside/b/*"],
-      },
-    });
-    const result = await runGateCheck(descriptor, null, "tc-1", deps);
-    expect(result).toEqual({ action: "allow" });
-    expect(deps.approveSessionRule).toHaveBeenCalledTimes(2);
-    expect(deps.approveSessionRule).toHaveBeenCalledWith(
-      "external_directory",
+    const approval = SessionApproval.multiple("external_directory", [
       "/outside/a/*",
-    );
-    expect(deps.approveSessionRule).toHaveBeenCalledWith(
-      "external_directory",
       "/outside/b/*",
-    );
+    ]);
+    const descriptor = makeDescriptor({ sessionApproval: approval });
+    const result = await runGateCheck(descriptor, null, "tc-1", deps);
+    expect(result).toEqual({ action: "allow" });
+    expect(deps.recordSessionApproval).toHaveBeenCalledTimes(1);
+    expect(deps.recordSessionApproval).toHaveBeenCalledWith(approval);
   });
 
   it("returns block and emits user_denied when ask + user denies", async () => {
     const deps = makeRunnerDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+      checkPermission: vi
+        .fn()
+        .mockReturnValue(
+          makeCheckResult({ state: "ask", matchedPattern: "*" }),
+        ),
       promptPermission: vi
         .fn()
         .mockResolvedValue({ approved: false, state: "denied" }),
@@ -224,7 +173,11 @@ describe("runGateCheck", () => {
 
   it("returns block and emits confirmation_unavailable when ask + no UI", async () => {
     const deps = makeRunnerDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+      checkPermission: vi
+        .fn()
+        .mockReturnValue(
+          makeCheckResult({ state: "ask", matchedPattern: "*" }),
+        ),
       canConfirm: vi.fn().mockReturnValue(false),
     });
     const result = await runGateCheck(makeDescriptor(), null, "tc-1", deps);
@@ -239,7 +192,11 @@ describe("runGateCheck", () => {
 
   it("emits auto_approved resolution when decision has autoApproved flag", async () => {
     const deps = makeRunnerDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+      checkPermission: vi
+        .fn()
+        .mockReturnValue(
+          makeCheckResult({ state: "ask", matchedPattern: "*" }),
+        ),
       promptPermission: vi.fn().mockResolvedValue({
         approved: true,
         state: "approved",
@@ -309,7 +266,11 @@ describe("runGateCheck", () => {
 
   it("passes requestId from toolCallId to promptPermission", async () => {
     const deps = makeRunnerDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+      checkPermission: vi
+        .fn()
+        .mockReturnValue(
+          makeCheckResult({ state: "ask", matchedPattern: "*" }),
+        ),
     });
     await runGateCheck(makeDescriptor(), null, "tc-42", deps);
     expect(deps.promptPermission).toHaveBeenCalledWith(
@@ -317,21 +278,26 @@ describe("runGateCheck", () => {
     );
   });
 
-  it("does not call approveSessionRule when user approves once (no sessionApproval)", async () => {
+  it("does not call recordSessionApproval when user approves once (no sessionApproval)", async () => {
     const deps = makeRunnerDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+      checkPermission: vi
+        .fn()
+        .mockReturnValue(
+          makeCheckResult({ state: "ask", matchedPattern: "*" }),
+        ),
       promptPermission: vi
         .fn()
         .mockResolvedValue({ approved: true, state: "approved" }),
     });
     await runGateCheck(makeDescriptor(), null, "tc-1", deps);
-    expect(deps.approveSessionRule).not.toHaveBeenCalled();
+    expect(deps.recordSessionApproval).not.toHaveBeenCalled();
   });
 
   it("uses preCheck result directly instead of calling checkPermission", async () => {
     const deps = makeRunnerDeps();
     const descriptor = makeDescriptor({
-      preCheck: makeCheckResult("deny", {
+      preCheck: makeCheckResult({
+        state: "deny",
         origin: "global",
         matchedPattern: "rm *",
       }),
@@ -348,16 +314,20 @@ describe("runGateCheck", () => {
     );
   });
 
-  it("does not call approveSessionRule when user approves for session but no sessionApproval on descriptor", async () => {
+  it("does not call recordSessionApproval when user approves for session but no sessionApproval on descriptor", async () => {
     const deps = makeRunnerDeps({
-      checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+      checkPermission: vi
+        .fn()
+        .mockReturnValue(
+          makeCheckResult({ state: "ask", matchedPattern: "*" }),
+        ),
       promptPermission: vi
         .fn()
         .mockResolvedValue({ approved: true, state: "approved_for_session" }),
     });
     // No sessionApproval on descriptor
     await runGateCheck(makeDescriptor(), null, "tc-1", deps);
-    expect(deps.approveSessionRule).not.toHaveBeenCalled();
+    expect(deps.recordSessionApproval).not.toHaveBeenCalled();
   });
 
   describe("denialContext formatting", () => {
@@ -391,11 +361,15 @@ describe("runGateCheck", () => {
 
     it("uses denialContext to format denyReason with extension tag", async () => {
       const deps = makeRunnerDeps({
-        checkPermission: vi.fn().mockReturnValue(makeCheckResult("deny")),
+        checkPermission: vi
+          .fn()
+          .mockReturnValue(
+            makeCheckResult({ state: "deny", matchedPattern: "*" }),
+          ),
       });
       const ctx: DenialContext = {
         kind: "tool",
-        check: makeCheckResult("deny"),
+        check: makeCheckResult({ state: "deny", matchedPattern: "*" }),
         agentName: "test-agent",
       };
       const result = await runGateCheck(
@@ -413,12 +387,16 @@ describe("runGateCheck", () => {
 
     it("uses denialContext to format unavailableReason with extension tag", async () => {
       const deps = makeRunnerDeps({
-        checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        checkPermission: vi
+          .fn()
+          .mockReturnValue(
+            makeCheckResult({ state: "ask", matchedPattern: "*" }),
+          ),
         canConfirm: vi.fn().mockReturnValue(false),
       });
       const ctx: DenialContext = {
         kind: "tool",
-        check: makeCheckResult("ask"),
+        check: makeCheckResult({ state: "ask", matchedPattern: "*" }),
       };
       const result = await runGateCheck(
         makeDenialContextDescriptor(ctx),
@@ -435,7 +413,11 @@ describe("runGateCheck", () => {
 
     it("uses denialContext to format userDeniedReason with extension tag", async () => {
       const deps = makeRunnerDeps({
-        checkPermission: vi.fn().mockReturnValue(makeCheckResult("ask")),
+        checkPermission: vi
+          .fn()
+          .mockReturnValue(
+            makeCheckResult({ state: "ask", matchedPattern: "*" }),
+          ),
         promptPermission: vi.fn().mockResolvedValue({
           approved: false,
           state: "denied",
@@ -444,7 +426,7 @@ describe("runGateCheck", () => {
       });
       const ctx: DenialContext = {
         kind: "tool",
-        check: makeCheckResult("ask"),
+        check: makeCheckResult({ state: "ask", matchedPattern: "*" }),
       };
       const result = await runGateCheck(
         makeDenialContextDescriptor(ctx),

package/test/handlers/gates/tool.test.ts

@@ -142,8 +142,8 @@ describe("describeToolGate", () => {
       makeFormatter(),
     );
     expect(desc.sessionApproval).toBeDefined();
-    expect(desc.sessionApproval!).toHaveProperty("surface", "bash");
-    expect(desc.sessionApproval!).toHaveProperty("pattern");
+    expect(desc.sessionApproval?.surface).toBe("bash");
+    expect(desc.sessionApproval?.representativePattern).toBeDefined();
   });
 
   it("populates promptDetails with correct fields", () => {

package/test/handlers/input-events.test.ts

@@ -1,99 +1,28 @@
 /**
  * Tests that handleInput emits permissions:decision events for skill input gates.
  */
-import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
 
-import { PermissionGateHandler } from "#src/handlers/permission-gate-handler";
-import type { PermissionDecisionEvent } from "#src/permission-events";
-import { PERMISSIONS_DECISION_CHANNEL } from "#src/permission-events";
-import type { PermissionSession } from "#src/permission-session";
-import type { ToolRegistry } from "#src/tool-registry";
+import {
+  getDecisionEvents,
+  makeCheckResult,
+  makeCtx,
+  makeHandler,
+} from "#test/helpers/handler-fixtures";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
-function makeEvents() {
-  return {
-    emit: vi.fn(),
-    on: vi.fn().mockReturnValue(() => undefined),
-  };
-}
-
-function makeCtx(overrides: Partial<ExtensionContext> = {}): ExtensionContext {
-  return {
-    cwd: "/test/project",
-    hasUI: true,
-    ui: {
-      setStatus: vi.fn(),
-      notify: vi.fn(),
-      select: vi.fn(),
-      input: vi.fn(),
-    },
-    sessionManager: {
-      getEntries: vi.fn().mockReturnValue([]),
-      getSessionDir: vi.fn().mockReturnValue("/sessions/test"),
-      addEntry: vi.fn(),
-    },
-    ...overrides,
-  } as unknown as ExtensionContext;
-}
-
-function makeSession(
-  state: "allow" | "deny" | "ask" = "allow",
-  overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
-): PermissionSession {
-  return {
-    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    activate: vi.fn(),
-    resolveAgentName: vi.fn().mockReturnValue(null),
-    checkPermission: vi.fn().mockReturnValue({
+/** Build a checkPermission mock returning a skill-surface result. */
+function makeSkillCheckPermission(state: "allow" | "deny" | "ask") {
+  return vi.fn().mockReturnValue(
+    makeCheckResult({
       state,
       toolName: "skill",
       source: "skill",
       origin: "global",
       matchedPattern: "*",
     }),
-    getToolPermission: vi.fn().mockReturnValue("allow"),
-    getSessionRuleset: vi.fn().mockReturnValue([]),
-    approveSessionRule: vi.fn(),
-    canPrompt: vi.fn().mockReturnValue(true),
-    prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
-    createPermissionRequestId: vi.fn().mockReturnValue("req-id"),
-    ...overrides,
-  } as unknown as PermissionSession;
-}
-
-function makeToolRegistry(): ToolRegistry {
-  return {
-    getAll: vi.fn().mockReturnValue([]),
-    setActive: vi.fn(),
-  };
-}
-
-function makeHandler(
-  state: "allow" | "deny" | "ask" = "allow",
-  sessionOverrides: Partial<Record<keyof PermissionSession, unknown>> = {},
-): {
-  handler: PermissionGateHandler;
-  events: ReturnType<typeof makeEvents>;
-} {
-  const session = makeSession(state, sessionOverrides);
-  const events = makeEvents();
-  const handler = new PermissionGateHandler(
-    session,
-    events,
-    makeToolRegistry(),
   );
-  return { handler, events };
-}
-
-/** Extract all permissions:decision payloads from the events.emit mock. */
-function getDecisionEvents(
-  events: ReturnType<typeof makeEvents>,
-): PermissionDecisionEvent[] {
-  return events.emit.mock.calls
-    .filter(([channel]) => channel === PERMISSIONS_DECISION_CHANNEL)
-    .map(([, payload]) => payload as PermissionDecisionEvent);
 }
 
 // ── tests ──────────────────────────────────────────────────────────────────
@@ -106,7 +35,9 @@ describe("handleInput decision events — skill gate", () => {
   });
 
   it("emits allow with policy_allow for an allowed skill", async () => {
-    const { handler, events } = makeHandler("allow");
+    const { handler, events } = makeHandler({
+      session: { checkPermission: makeSkillCheckPermission("allow") },
+    });
     await handler.handleInput({ text: "/skill:librarian" }, makeCtx());
 
     const decisions = getDecisionEvents(events);
@@ -120,7 +51,9 @@ describe("handleInput decision events — skill gate", () => {
   });
 
   it("emits deny with policy_deny for a denied skill", async () => {
-    const { handler, events } = makeHandler("deny");
+    const { handler, events } = makeHandler({
+      session: { checkPermission: makeSkillCheckPermission("deny") },
+    });
     await handler.handleInput({ text: "/skill:restricted" }, makeCtx());
 
     const decisions = getDecisionEvents(events);
@@ -134,8 +67,13 @@ describe("handleInput decision events — skill gate", () => {
   });
 
   it("emits allow with user_approved when state=ask and user approves", async () => {
-    const { handler, events } = makeHandler("ask", {
-      prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
+    const { handler, events } = makeHandler({
+      session: {
+        checkPermission: makeSkillCheckPermission("ask"),
+        prompt: vi
+          .fn()
+          .mockResolvedValue({ approved: true, state: "approved" }),
+      },
     });
     await handler.handleInput({ text: "/skill:explorer" }, makeCtx());
 
@@ -150,8 +88,11 @@ describe("handleInput decision events — skill gate", () => {
   });
 
   it("emits deny with user_denied when state=ask and user denies", async () => {
-    const { handler, events } = makeHandler("ask", {
-      prompt: vi.fn().mockResolvedValue({ approved: false, state: "denied" }),
+    const { handler, events } = makeHandler({
+      session: {
+        checkPermission: makeSkillCheckPermission("ask"),
+        prompt: vi.fn().mockResolvedValue({ approved: false, state: "denied" }),
+      },
     });
     await handler.handleInput({ text: "/skill:explorer" }, makeCtx());
 
@@ -166,8 +107,11 @@ describe("handleInput decision events — skill gate", () => {
   });
 
   it("emits deny with confirmation_unavailable when state=ask but no UI", async () => {
-    const { handler, events } = makeHandler("ask", {
-      canPrompt: vi.fn().mockReturnValue(false),
+    const { handler, events } = makeHandler({
+      session: {
+        checkPermission: makeSkillCheckPermission("ask"),
+        canPrompt: vi.fn().mockReturnValue(false),
+      },
     });
     await handler.handleInput(
       { text: "/skill:explorer" },
@@ -185,12 +129,15 @@ describe("handleInput decision events — skill gate", () => {
   });
 
   it("emits allow with auto_approved when prompt returns autoApproved:true", async () => {
-    const { handler, events } = makeHandler("ask", {
-      prompt: vi.fn().mockResolvedValue({
-        approved: true,
-        state: "approved",
-        autoApproved: true,
-      }),
+    const { handler, events } = makeHandler({
+      session: {
+        checkPermission: makeSkillCheckPermission("ask"),
+        prompt: vi.fn().mockResolvedValue({
+          approved: true,
+          state: "approved",
+          autoApproved: true,
+        }),
+      },
     });
     await handler.handleInput({ text: "/skill:explorer" }, makeCtx());
 

package/test/handlers/input.test.ts

@@ -1,83 +1,15 @@
-import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
 
-import {
-  extractSkillNameFromInput,
-  PermissionGateHandler,
-} from "#src/handlers/permission-gate-handler";
-import type { PermissionSession } from "#src/permission-session";
-import type { ToolRegistry } from "#src/tool-registry";
+import { extractSkillNameFromInput } from "#src/handlers/permission-gate-handler";
 
-// ── helpers ────────────────────────────────────────────────────────────────
+import { makeCtx, makeHandler } from "#test/helpers/handler-fixtures";
 
-function makeCtx(overrides: Partial<ExtensionContext> = {}): ExtensionContext {
-  return {
-    cwd: "/test/project",
-    hasUI: true,
-    ui: {
-      setStatus: vi.fn(),
-      notify: vi.fn(),
-      select: vi.fn(),
-      input: vi.fn(),
-    },
-    sessionManager: {
-      getEntries: vi.fn().mockReturnValue([]),
-      getSessionDir: vi.fn().mockReturnValue("/sessions/test"),
-      addEntry: vi.fn(),
-    },
-    ...overrides,
-  } as unknown as ExtensionContext;
-}
+// ── helpers ────────────────────────────────────────────────────────────────
 
 function makeInputEvent(text: string) {
   return { text };
 }
 
-function makeSession(
-  overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
-): PermissionSession {
-  return {
-    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    activate: vi.fn(),
-    resolveAgentName: vi.fn().mockReturnValue(null),
-    checkPermission: vi.fn().mockReturnValue({ state: "allow" }),
-    getToolPermission: vi.fn().mockReturnValue("allow"),
-    getSessionRuleset: vi.fn().mockReturnValue([]),
-    approveSessionRule: vi.fn(),
-    canPrompt: vi.fn().mockReturnValue(true),
-    prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
-    createPermissionRequestId: vi.fn().mockReturnValue("req-id"),
-    ...overrides,
-  } as unknown as PermissionSession;
-}
-
-function makeEvents() {
-  return {
-    emit: vi.fn(),
-    on: vi.fn().mockReturnValue(() => undefined),
-  };
-}
-
-function makeToolRegistry(): ToolRegistry {
-  return {
-    getAll: vi.fn().mockReturnValue([]),
-    setActive: vi.fn(),
-  };
-}
-
-function makeHandler(overrides?: {
-  session?: Partial<Record<keyof PermissionSession, unknown>>;
-}): {
-  handler: PermissionGateHandler;
-  session: PermissionSession;
-} {
-  const session = makeSession(overrides?.session);
-  const events = makeEvents();
-  const toolRegistry = makeToolRegistry();
-  const handler = new PermissionGateHandler(session, events, toolRegistry);
-  return { handler, session };
-}
-
 // ── extractSkillNameFromInput ──────────────────────────────────────────────
 
 describe("extractSkillNameFromInput", () => {

package/test/handlers/lifecycle.test.ts

@@ -1,8 +1,10 @@
-import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { describe, expect, it, vi } from "vitest";
+
 import { SessionLifecycleHandler } from "#src/handlers/lifecycle";
 import type { PermissionSession } from "#src/permission-session";
 
+import { makeCtx } from "#test/helpers/handler-fixtures";
+
 // ── status stub ────────────────────────────────────────────────────────────
 vi.mock("../../src/status", () => ({
   PERMISSION_SYSTEM_STATUS_KEY: "permission-system",
@@ -12,25 +14,6 @@ vi.mock("../../src/status", () => ({
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
-function makeCtx(overrides: Partial<ExtensionContext> = {}): ExtensionContext {
-  return {
-    cwd: "/test/project",
-    hasUI: true,
-    ui: {
-      setStatus: vi.fn(),
-      notify: vi.fn(),
-      select: vi.fn(),
-      input: vi.fn(),
-    },
-    sessionManager: {
-      getEntries: vi.fn().mockReturnValue([]),
-      getSessionDir: vi.fn().mockReturnValue("/sessions/test"),
-      addEntry: vi.fn(),
-    },
-    ...overrides,
-  } as unknown as ExtensionContext;
-}
-
 function makeSession(
   overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
 ): PermissionSession {