@gotgenes/pi-permission-system 9.2.0 → 10.1.0

package/test/helpers/gate-fixtures.ts

@@ -3,15 +3,35 @@
  */
 import { vi } from "vitest";
 
-import type {
-  GateDescriptor,
-  GateRunnerDeps,
-} from "#src/handlers/gates/descriptor";
+import type { DecisionReporter } from "#src/decision-reporter";
+import type { GatePrompter } from "#src/gate-prompter";
+import type { GateDescriptor } from "#src/handlers/gates/descriptor";
+import { GateRunner } from "#src/handlers/gates/runner";
+import type { SkillInputGateInputs } from "#src/handlers/gates/skill-input-gate-pipeline";
+import type { ToolCallGateInputs } from "#src/handlers/gates/tool-call-gate-pipeline";
 import type { ToolCallContext } from "#src/handlers/gates/types";
+import type { PermissionResolver } from "#src/permission-resolver";
+import type { SessionApprovalRecorder } from "#src/session-approval-recorder";
+import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
+import type { ToolPreviewFormatterOptions } from "#src/tool-preview-formatter";
 import type { PermissionCheckResult } from "#src/types";
 
 import { makeCheckResult } from "#test/helpers/handler-fixtures";
 
+/**
+ * Permission resolver mock with an optional default check result.
+ *
+ * Returns a plain object whose `resolve` is a `vi.fn` so callers retain full
+ * mock access (`mockReturnValue`, `mockImplementation`, `mock.calls`).
+ */
+export function makeResolver(defaultCheck?: PermissionCheckResult) {
+  const resolve = vi.fn<PermissionResolver["resolve"]>();
+  if (defaultCheck) {
+    resolve.mockReturnValue(defaultCheck);
+  }
+  return { resolve };
+}
+
 /**
  * Gate descriptor factory with runner-test defaults.
  *
@@ -48,25 +68,70 @@ export function makeDescriptor(
   };
 }
 
-export function makeRunnerDeps(
-  overrides: Partial<GateRunnerDeps> = {},
-): GateRunnerDeps {
+/**
+ * Reporter mock with independently inspectable vi.fn() stubs.
+ */
+export function makeReporter(
+  overrides: Partial<DecisionReporter> = {},
+): DecisionReporter {
   return {
-    checkPermission: vi
-      .fn()
-      .mockReturnValue(makeCheckResult({ matchedPattern: "*" })),
-    getSessionRuleset: vi.fn().mockReturnValue([]),
-    recordSessionApproval: vi.fn(),
     writeReviewLog: vi.fn(),
     emitDecision: vi.fn(),
-    canConfirm: vi.fn().mockReturnValue(true),
-    promptPermission: vi
-      .fn()
-      .mockResolvedValue({ approved: true, state: "approved" }),
     ...overrides,
   };
 }
 
+/**
+ * Gate runner factory for `GateRunner` unit tests.
+ *
+ * Builds one `GateRunner` from four role mocks and returns `{ runner, deps }`
+ * so tests can both invoke `runner.run(...)` and assert on the individual
+ * mock call records (`deps.reporter.*`, `deps.resolve`, etc.).
+ */
+export function makeGateRunner(
+  overrides: {
+    resolve?: PermissionResolver["resolve"];
+    recordSessionApproval?: SessionApprovalRecorder["recordSessionApproval"];
+    canConfirm?: GatePrompter["canConfirm"];
+    promptPermission?: GatePrompter["promptPermission"];
+    reporter?: Partial<DecisionReporter>;
+  } = {},
+) {
+  const reporter = makeReporter(overrides.reporter);
+  const resolve =
+    overrides.resolve ??
+    vi
+      .fn<PermissionResolver["resolve"]>()
+      .mockReturnValue(makeCheckResult({ matchedPattern: "*" }));
+  const recordSessionApproval =
+    overrides.recordSessionApproval ??
+    (vi.fn() as SessionApprovalRecorder["recordSessionApproval"]);
+  const canConfirm =
+    overrides.canConfirm ??
+    (vi.fn().mockReturnValue(true) as GatePrompter["canConfirm"]);
+  const promptPermission =
+    overrides.promptPermission ??
+    vi
+      .fn<GatePrompter["promptPermission"]>()
+      .mockResolvedValue({ approved: true, state: "approved" });
+  const runner = new GateRunner(
+    { resolve },
+    { recordSessionApproval },
+    { canConfirm, promptPermission },
+    reporter,
+  );
+  return {
+    runner,
+    deps: {
+      resolve,
+      recordSessionApproval,
+      canConfirm,
+      promptPermission,
+      reporter,
+    },
+  };
+}
+
 /**
  * Tool-call context factory with bash defaults.
  *
@@ -103,3 +168,69 @@ export function makeGateCheckResult(
     ...overrides,
   };
 }
+
+/**
+ * Mock of `ToolCallGateInputs` for `ToolCallGatePipeline` unit tests.
+ *
+ * Each method is a `vi.fn()` stub so callers retain full mock access
+ * (`mock.calls`, `mockReturnValue`, etc.) on the returned object.
+ * Pass `overrides` to replace individual stubs without rebuilding the whole
+ * mock from scratch.
+ */
+export function makeGateInputs(
+  overrides: {
+    resolve?: PermissionResolver["resolve"];
+    getActiveSkillEntries?: () => SkillPromptEntry[];
+    getInfrastructureReadDirs?: () => string[];
+    getToolPreviewLimits?: () => ToolPreviewFormatterOptions;
+  } = {},
+): ToolCallGateInputs {
+  return {
+    resolve:
+      overrides.resolve ??
+      vi.fn<PermissionResolver["resolve"]>().mockReturnValue(makeCheckResult()),
+    getActiveSkillEntries:
+      overrides.getActiveSkillEntries ??
+      vi.fn<() => SkillPromptEntry[]>(() => []),
+    getInfrastructureReadDirs:
+      overrides.getInfrastructureReadDirs ?? vi.fn<() => string[]>(() => []),
+    getToolPreviewLimits:
+      overrides.getToolPreviewLimits ??
+      vi.fn<() => ToolPreviewFormatterOptions>(() => ({
+        toolInputPreviewMaxLength: 500,
+        toolTextSummaryMaxLength: 100,
+        toolInputLogPreviewMaxLength: 200,
+      })),
+  };
+}
+
+/**
+ * Mock of `SkillInputGateInputs` for `SkillInputGatePipeline` unit tests.
+ *
+ * Returns a plain object with a `checkPermission` `vi.fn()` stub so callers
+ * retain full mock access (`mockReturnValue`, `mock.calls`, etc.).
+ */
+export function makeSkillInputInputs(
+  overrides: { checkPermission?: SkillInputGateInputs["checkPermission"] } = {},
+): SkillInputGateInputs {
+  return {
+    checkPermission:
+      overrides.checkPermission ??
+      vi
+        .fn<SkillInputGateInputs["checkPermission"]>()
+        .mockReturnValue(makeCheckResult()),
+  };
+}
+
+/**
+ * Mock `GateNotifier` for `SkillInputGatePipeline` unit tests.
+ *
+ * Return type is intentionally unannotated so callers retain full `vi.fn()`
+ * mock access (`mock.calls`, `toHaveBeenCalledWith`, etc.) — annotating with
+ * `GateNotifier` would erase `Mock<...>` methods from the inferred type.
+ */
+export function makeNotifier() {
+  return {
+    warn: vi.fn<(message: string) => void>(),
+  };
+}

package/test/helpers/handler-fixtures.ts

@@ -7,14 +7,67 @@
 import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { vi } from "vitest";
 
+import { GateDecisionReporter } from "#src/decision-reporter";
 import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
+import type { GateHandlerSession } from "#src/gate-handler-session";
+import type { GatePrompter } from "#src/gate-prompter";
+import { GateRunner } from "#src/handlers/gates/runner";
+import {
+  type SkillInputGateInputs,
+  SkillInputGatePipeline,
+} from "#src/handlers/gates/skill-input-gate-pipeline";
+import {
+  type ToolCallGateInputs,
+  ToolCallGatePipeline,
+} from "#src/handlers/gates/tool-call-gate-pipeline";
 import { PermissionGateHandler } from "#src/handlers/permission-gate-handler";
+import type { PermissionPromptDecision } from "#src/permission-dialog";
 import type { PermissionDecisionEvent } from "#src/permission-events";
 import { PERMISSIONS_DECISION_CHANNEL } from "#src/permission-events";
-import type { PermissionSession } from "#src/permission-session";
+import type { PromptPermissionDetails } from "#src/permission-prompter";
+import type { Rule } from "#src/rule";
+import type { SessionApprovalRecorder } from "#src/session-approval-recorder";
+import type { SessionLogger } from "#src/session-logger";
+import { resolveToolPreviewLimits } from "#src/tool-preview-formatter";
 import type { ToolRegistry } from "#src/tool-registry";
 import type { PermissionCheckResult } from "#src/types";
 
+/**
+ * Precise mock boundary for PermissionGateHandler integration tests.
+ *
+ * Intersection of every role the handler and its collaborators require,
+ * plus the context-bound prompting helpers that GatePrompter delegates to.
+ * Without a cast, TypeScript enforces this at the call sites where the
+ * mock is passed to GateRunner / ToolCallGatePipeline / PermissionGateHandler.
+ *
+ * The 4-arg `checkPermission` overrides the 3-arg version from
+ * GateHandlerSession so the `resolve` delegation can forward session rules.
+ */
+export type MockGateHandlerSession = ToolCallGateInputs &
+  SkillInputGateInputs &
+  SessionApprovalRecorder &
+  GatePrompter &
+  GateHandlerSession & {
+    /** Logger source for the reporter the fixture builds. */
+    logger: SessionLogger;
+    /** Session-rule accessor — used by the resolve delegation. */
+    getSessionRuleset(): Rule[];
+    /** 4-arg form so the resolve delegation can pass rules. */
+    checkPermission(
+      surface: string,
+      input: unknown,
+      agentName?: string,
+      rules?: Rule[],
+    ): PermissionCheckResult;
+    /** Context-bound canPrompt — overriding this steers canConfirm. */
+    canPrompt(ctx: ExtensionContext): boolean;
+    /** Context-bound prompt — overriding this steers promptPermission. */
+    prompt(
+      ctx: ExtensionContext,
+      details: PromptPermissionDetails,
+    ): Promise<PermissionPromptDecision>;
+  };
+
 export function makeEvents() {
   return {
     emit: vi.fn(),
@@ -75,33 +128,86 @@ export function makeCheckResult(
 }
 
 /**
- * Full-union session stub.
+ * Full-intersection session stub.
  *
- * Includes every method mocked across handler test files so each file
- * only needs to override the fields that differ from the defaults.
+ * Uses per-field `??` selection (no spread) so TypeScript verifies every
+ * field against `MockGateHandlerSession` individually — a missing field fails
+ * `pnpm run check` instead of failing silently at runtime.
+ *
+ * The `resolve`, `canConfirm`, and `promptPermission` delegations are inlined
+ * as closures that read `session` at call time, so overriding `checkPermission`,
+ * `canPrompt`, or `prompt` automatically steers them without extra guards.
  */
 export function makeSession(
-  overrides: Partial<Record<keyof PermissionSession, unknown>> = {},
-): PermissionSession {
-  return {
-    logger: { debug: vi.fn(), review: vi.fn(), warn: vi.fn() },
-    activate: vi.fn(),
-    resolveAgentName: vi.fn().mockReturnValue(null),
-    checkPermission: vi.fn().mockReturnValue(makeCheckResult()),
-    getToolPermission: vi.fn().mockReturnValue("allow"),
-    getSessionRuleset: vi.fn().mockReturnValue([]),
-    recordSessionApproval: vi.fn(),
-    getActiveSkillEntries: vi.fn().mockReturnValue([]),
-    getInfrastructureDirs: vi
-      .fn()
-      .mockReturnValue(["/test/agent", "/test/agent/git"]),
-    getInfrastructureReadPaths: vi.fn().mockReturnValue([]),
-    config: DEFAULT_EXTENSION_CONFIG,
-    canPrompt: vi.fn().mockReturnValue(true),
-    prompt: vi.fn().mockResolvedValue({ approved: true, state: "approved" }),
-    createPermissionRequestId: vi.fn().mockReturnValue("req-id"),
-    ...overrides,
-  } as unknown as PermissionSession;
+  overrides: Partial<MockGateHandlerSession> = {},
+): MockGateHandlerSession {
+  const session: MockGateHandlerSession = {
+    logger: overrides.logger ?? {
+      debug: vi.fn(),
+      review: vi.fn(),
+      warn: vi.fn(),
+    },
+    activate: overrides.activate ?? vi.fn<MockGateHandlerSession["activate"]>(),
+    resolveAgentName:
+      overrides.resolveAgentName ??
+      vi.fn<MockGateHandlerSession["resolveAgentName"]>().mockReturnValue(null),
+    checkPermission:
+      overrides.checkPermission ??
+      vi
+        .fn<MockGateHandlerSession["checkPermission"]>()
+        .mockReturnValue(makeCheckResult()),
+    getSessionRuleset:
+      overrides.getSessionRuleset ??
+      vi.fn<MockGateHandlerSession["getSessionRuleset"]>().mockReturnValue([]),
+    recordSessionApproval:
+      overrides.recordSessionApproval ??
+      vi.fn<MockGateHandlerSession["recordSessionApproval"]>(),
+    getActiveSkillEntries:
+      overrides.getActiveSkillEntries ??
+      vi
+        .fn<MockGateHandlerSession["getActiveSkillEntries"]>()
+        .mockReturnValue([]),
+    getInfrastructureReadDirs:
+      overrides.getInfrastructureReadDirs ??
+      vi
+        .fn<MockGateHandlerSession["getInfrastructureReadDirs"]>()
+        .mockReturnValue(["/test/agent", "/test/agent/git"]),
+    getToolPreviewLimits:
+      overrides.getToolPreviewLimits ??
+      vi
+        .fn<MockGateHandlerSession["getToolPreviewLimits"]>()
+        .mockReturnValue(resolveToolPreviewLimits(DEFAULT_EXTENSION_CONFIG)),
+    canPrompt:
+      overrides.canPrompt ??
+      vi.fn<MockGateHandlerSession["canPrompt"]>().mockReturnValue(true),
+    prompt:
+      overrides.prompt ??
+      vi
+        .fn<MockGateHandlerSession["prompt"]>()
+        .mockResolvedValue({ approved: true, state: "approved" }),
+    // Delegations — closures read `session` at call time so overrides win.
+    resolve:
+      overrides.resolve ??
+      vi.fn<MockGateHandlerSession["resolve"]>((surface, input, agentName) =>
+        session.checkPermission(
+          surface,
+          input,
+          agentName,
+          session.getSessionRuleset(),
+        ),
+      ),
+    canConfirm:
+      overrides.canConfirm ??
+      vi.fn<MockGateHandlerSession["canConfirm"]>(() =>
+        session.canPrompt(undefined as unknown as ExtensionContext),
+      ),
+    promptPermission:
+      overrides.promptPermission ??
+      vi.fn<MockGateHandlerSession["promptPermission"]>((details) =>
+        session.prompt(undefined as unknown as ExtensionContext, details),
+      ),
+  };
+  return session;
 }
 
 export function makeToolRegistry(
@@ -121,13 +227,23 @@ export function makeToolRegistry(
  * it needs — handler, events, session, and toolRegistry are all available.
  */
 export function makeHandler(overrides?: {
-  session?: Partial<Record<keyof PermissionSession, unknown>>;
+  session?: Partial<MockGateHandlerSession>;
   toolRegistry?: Partial<ToolRegistry>;
 }) {
   const session = makeSession(overrides?.session);
   const events = makeEvents();
   const toolRegistry = makeToolRegistry(overrides?.toolRegistry);
-  const handler = new PermissionGateHandler(session, events, toolRegistry);
+  const pipeline = new ToolCallGatePipeline(session);
+  const skillInputPipeline = new SkillInputGatePipeline(session);
+  const reporter = new GateDecisionReporter(session.logger, events);
+  const runner = new GateRunner(session, session, session, reporter);
+  const handler = new PermissionGateHandler(
+    session,
+    toolRegistry,
+    pipeline,
+    skillInputPipeline,
+    runner,
+  );
   return { handler, events, session, toolRegistry };
 }
 

package/test/mcp-targets.test.ts

@@ -1,6 +1,7 @@
 import { describe, expect, it } from "vitest";
 import {
   createMcpPermissionTargets,
+  McpTargetList,
   parseQualifiedMcpToolName,
 } from "#src/mcp-targets";
 
@@ -176,3 +177,57 @@ describe("createMcpPermissionTargets", () => {
     });
   });
 });
+
+describe("McpTargetList", () => {
+  describe("add", () => {
+    it("ignores null", () => {
+      const list = new McpTargetList();
+      list.add(null);
+      expect(list.toArray()).toEqual([]);
+    });
+
+    it("ignores empty string", () => {
+      const list = new McpTargetList();
+      list.add("");
+      expect(list.toArray()).toEqual([]);
+    });
+
+    it("appends a new value", () => {
+      const list = new McpTargetList();
+      list.add("exa");
+      expect(list.toArray()).toEqual(["exa"]);
+    });
+
+    it("dedups repeated values", () => {
+      const list = new McpTargetList();
+      list.add("exa");
+      list.add("exa");
+      expect(list.toArray()).toEqual(["exa"]);
+    });
+
+    it("preserves first-insertion order across a mix of values", () => {
+      const list = new McpTargetList();
+      list.add("exa_search");
+      list.add("exa:search");
+      list.add("exa");
+      list.add("exa_search"); // duplicate — must not change order
+      list.add("mcp_call");
+      expect(list.toArray()).toEqual([
+        "exa_search",
+        "exa:search",
+        "exa",
+        "mcp_call",
+      ]);
+    });
+  });
+
+  describe("toArray", () => {
+    it("returns an independent copy that does not mutate the list", () => {
+      const list = new McpTargetList();
+      list.add("exa");
+      const first = list.toArray();
+      first.push("mutated");
+      expect(list.toArray()).toEqual(["exa"]);
+    });
+  });
+});

package/test/permission-event-rpc.test.ts

@@ -13,6 +13,7 @@ import {
   PERMISSIONS_PROTOCOL_VERSION,
   PERMISSIONS_RPC_CHECK_CHANNEL,
   PERMISSIONS_RPC_PROMPT_CHANNEL,
+  PERMISSIONS_UI_PROMPT_CHANNEL,
 } from "#src/permission-events";
 
 // ── Helpers ────────────────────────────────────────────────────────────────
@@ -317,6 +318,44 @@ describe("registerPermissionRpcHandlers — permissions:rpc:prompt", () => {
     }
   });
 
+  it("emits a UI prompt broadcast before awaiting the UI decision", async () => {
+    const bus = createEventBus();
+    const ctx = makeCtxWithUi();
+    const requestUi = vi
+      .fn()
+      .mockResolvedValue({ approved: true, state: "approved" as const });
+    const deps = makeDeps({
+      getRuntimeContext: vi.fn().mockReturnValue(ctx),
+      requestPermissionDecisionFromUi: requestUi,
+    });
+    registerPermissionRpcHandlers(bus, deps);
+
+    const promptPromise = waitForReply(bus, PERMISSIONS_UI_PROMPT_CHANNEL);
+    const replyPromise = waitForReply(
+      bus,
+      `${PERMISSIONS_RPC_PROMPT_CHANNEL}:reply:req-prompt-broadcast`,
+    );
+    bus.emit(PERMISSIONS_RPC_PROMPT_CHANNEL, {
+      requestId: "req-prompt-broadcast",
+      surface: "bash",
+      value: "git push",
+      message: "Allow git push?",
+      agentName: "Worker",
+      sessionLabel: "Allow git *",
+    });
+
+    await expect(promptPromise).resolves.toEqual({
+      requestId: "req-prompt-broadcast",
+      source: "rpc_prompt",
+      surface: "bash",
+      value: "git push",
+      agentName: "Worker",
+      message: "Allow git push?",
+      forwarding: null,
+    });
+    await replyPromise;
+  });
+
   it("passes the message to requestPermissionDecisionFromUi", async () => {
     const bus = createEventBus();
     const ctx = makeCtxWithUi();

package/test/permission-events.test.ts

@@ -14,15 +14,18 @@ import type {
   PermissionsPromptRequest,
   PermissionsReadyEvent,
   PermissionsRpcReply,
+  PermissionUiPromptEvent,
 } from "#src/permission-events";
 import {
   emitDecisionEvent,
   emitReadyEvent,
+  emitUiPromptEvent,
   PERMISSIONS_DECISION_CHANNEL,
   PERMISSIONS_PROTOCOL_VERSION,
   PERMISSIONS_READY_CHANNEL,
   PERMISSIONS_RPC_CHECK_CHANNEL,
   PERMISSIONS_RPC_PROMPT_CHANNEL,
+  PERMISSIONS_UI_PROMPT_CHANNEL,
 } from "#src/permission-events";
 
 // ── Minimal EventBus stub ──────────────────────────────────────────────────
@@ -43,6 +46,7 @@ describe("constants", () => {
 
   it("channel names have the correct values", () => {
     expect(PERMISSIONS_READY_CHANNEL).toBe("permissions:ready");
+    expect(PERMISSIONS_UI_PROMPT_CHANNEL).toBe("permissions:ui_prompt");
     expect(PERMISSIONS_DECISION_CHANNEL).toBe("permissions:decision");
     expect(PERMISSIONS_RPC_CHECK_CHANNEL).toBe("permissions:rpc:check");
     expect(PERMISSIONS_RPC_PROMPT_CHANNEL).toBe("permissions:rpc:prompt");
@@ -52,20 +56,75 @@ describe("constants", () => {
 // ── emitReadyEvent ─────────────────────────────────────────────────────────
 
 describe("emitReadyEvent", () => {
-  it("emits on the permissions:ready channel with protocol version", () => {
+  it("emits an empty payload on the permissions:ready channel", () => {
     const bus = makeEventBus();
     emitReadyEvent(bus);
     expect(bus.emit).toHaveBeenCalledOnce();
-    expect(bus.emit).toHaveBeenCalledWith("permissions:ready", {
-      protocolVersion: 1,
-    });
+    expect(bus.emit).toHaveBeenCalledWith("permissions:ready", {});
   });
 
-  it("emitted payload satisfies PermissionsReadyEvent shape", () => {
+  it("carries no protocolVersion (version lives in the RPC envelope)", () => {
     const bus = makeEventBus();
     emitReadyEvent(bus);
     const payload = bus.emit.mock.calls[0][1] as PermissionsReadyEvent;
-    expect(typeof payload.protocolVersion).toBe("number");
+    expect(payload).not.toHaveProperty("protocolVersion");
+  });
+
+  it("swallows event bus errors because broadcasts are best-effort", () => {
+    const bus = {
+      emit: vi.fn(() => {
+        throw new Error("listener failed");
+      }),
+      on: vi.fn().mockReturnValue(() => undefined),
+    };
+
+    expect(() => emitReadyEvent(bus)).not.toThrow();
+  });
+});
+
+// ── emitUiPromptEvent ──────────────────────────────────────────────────────
+
+describe("emitUiPromptEvent", () => {
+  function makeUiPromptEvent(
+    overrides: Partial<PermissionUiPromptEvent> = {},
+  ): PermissionUiPromptEvent {
+    return {
+      requestId: "req-123",
+      source: "tool_call",
+      surface: "bash",
+      value: "git status",
+      agentName: "Explore",
+      message: "Allow git status?",
+      forwarding: null,
+      ...overrides,
+    };
+  }
+
+  it("emits on the permissions:ui_prompt channel", () => {
+    const bus = makeEventBus();
+    emitUiPromptEvent(bus, makeUiPromptEvent());
+    expect(bus.emit).toHaveBeenCalledOnce();
+    expect(bus.emit.mock.calls[0][0]).toBe("permissions:ui_prompt");
+  });
+
+  it("forwards the full payload unchanged", () => {
+    const bus = makeEventBus();
+    const event = makeUiPromptEvent({
+      forwarding: { requesterAgentName: "Worker", requesterSessionId: "child" },
+    });
+    emitUiPromptEvent(bus, event);
+    expect(bus.emit.mock.calls[0][1]).toEqual(event);
+  });
+
+  it("swallows event bus errors because UI prompt broadcasts are observational", () => {
+    const bus = {
+      emit: vi.fn(() => {
+        throw new Error("listener failed");
+      }),
+      on: vi.fn().mockReturnValue(() => undefined),
+    };
+
+    expect(() => emitUiPromptEvent(bus, makeUiPromptEvent())).not.toThrow();
   });
 });
 
@@ -143,6 +202,17 @@ describe("emitDecisionEvent", () => {
     expect(payload.agentName).toBeNull();
     expect(payload.matchedPattern).toBeNull();
   });
+
+  it("swallows event bus errors because broadcasts are best-effort", () => {
+    const bus = {
+      emit: vi.fn(() => {
+        throw new Error("listener failed");
+      }),
+      on: vi.fn().mockReturnValue(() => undefined),
+    };
+
+    expect(() => emitDecisionEvent(bus, makeDecisionEvent())).not.toThrow();
+  });
 });
 
 // ── Type-shape compile-time checks (runtime assertions on literal values) ──
@@ -279,7 +349,7 @@ describe("piPermissionSystemExtension ready event wiring", () => {
     rmSync(baseDir, { recursive: true, force: true });
   });
 
-  it("emits permissions:ready with protocolVersion at session_start", async () => {
+  it("emits permissions:ready at session_start", async () => {
     const emitSpy = vi.fn();
     const handlers = new Map<
       string,
@@ -324,8 +394,6 @@ describe("piPermissionSystemExtension ready event wiring", () => {
       ([channel]) => channel === PERMISSIONS_READY_CHANNEL,
     );
     expect(readyCalls).toHaveLength(1);
-    expect(readyCalls[0][1]).toEqual({
-      protocolVersion: PERMISSIONS_PROTOCOL_VERSION,
-    });
+    expect(readyCalls[0][1]).toEqual({});
   });
 });