@gotgenes/pi-permission-system 9.2.0 → 10.1.0

package/test/handlers/gates/bash-command.test.ts

@@ -1,18 +1,11 @@
-import { describe, expect, it, vi } from "vitest";
+import { describe, expect, it } from "vitest";
 
 import { resolveBashCommandCheck } from "#src/handlers/gates/bash-command";
-import type { Rule } from "#src/rule";
 import type { PermissionCheckResult } from "#src/types";
 
+import { makeResolver } from "#test/helpers/gate-fixtures";
 import { makeCheckResult } from "#test/helpers/handler-fixtures";
 
-type CheckPermissionFn = (
-  surface: string,
-  input: unknown,
-  agentName?: string,
-  sessionRules?: Rule[],
-) => PermissionCheckResult;
-
 /** Build a bash-surface check result for a single command unit. */
 function bashResult(
   state: PermissionCheckResult["state"],
@@ -24,44 +17,40 @@ function bashResult(
 
 describe("resolveBashCommandCheck", () => {
   it("passes a single command straight through", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(bashResult("allow", "npm install pkg", "npm *"));
+    const resolver = makeResolver(
+      bashResult("allow", "npm install pkg", "npm *"),
+    );
 
     const result = resolveBashCommandCheck(
       "npm install pkg",
       [{ text: "npm install pkg" }],
       undefined,
-      [],
-      checkPermission,
+      resolver,
     );
 
     expect(result.state).toBe("allow");
-    expect(checkPermission).toHaveBeenCalledTimes(1);
-    expect(checkPermission).toHaveBeenCalledWith(
+    expect(resolver.resolve).toHaveBeenCalledTimes(1);
+    expect(resolver.resolve).toHaveBeenCalledWith(
       "bash",
       { command: "npm install pkg" },
       undefined,
-      [],
     );
   });
 
   it("denies the chain when any sub-command is denied, reporting that command's pattern", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockImplementation((_surface, input) => {
-        const command = (input as { command: string }).command;
-        return command.startsWith("npm")
-          ? bashResult("deny", command, "npm *")
-          : bashResult("allow", command, "cd *");
-      });
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface, input) => {
+      const command = (input as { command: string }).command;
+      return command.startsWith("npm")
+        ? bashResult("deny", command, "npm *")
+        : bashResult("allow", command, "cd *");
+    });
 
     const result = resolveBashCommandCheck(
       "cd /p && npm install pkg",
       [{ text: "cd /p" }, { text: "npm install pkg" }],
       undefined,
-      [],
-      checkPermission,
+      resolver,
     );
 
     expect(result.state).toBe("deny");
@@ -70,21 +59,19 @@ describe("resolveBashCommandCheck", () => {
   });
 
   it("asks when a sub-command asks and none denies", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockImplementation((_surface, input) => {
-        const command = (input as { command: string }).command;
-        return command.startsWith("git")
-          ? bashResult("ask", command, "git *")
-          : bashResult("allow", command, "cd *");
-      });
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface, input) => {
+      const command = (input as { command: string }).command;
+      return command.startsWith("git")
+        ? bashResult("ask", command, "git *")
+        : bashResult("allow", command, "cd *");
+    });
 
     const result = resolveBashCommandCheck(
       "cd /p && git push",
       [{ text: "cd /p" }, { text: "git push" }],
       undefined,
-      [],
-      checkPermission,
+      resolver,
     );
 
     expect(result.state).toBe("ask");
@@ -93,19 +80,17 @@ describe("resolveBashCommandCheck", () => {
   });
 
   it("returns the first allow result when every sub-command is allowed", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockImplementation((_surface, input) => {
-        const command = (input as { command: string }).command;
-        return bashResult("allow", command, `${command} *`);
-      });
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface, input) => {
+      const command = (input as { command: string }).command;
+      return bashResult("allow", command, `${command} *`);
+    });
 
     const result = resolveBashCommandCheck(
       "a && b",
       [{ text: "a" }, { text: "b" }],
       undefined,
-      [],
-      checkPermission,
+      resolver,
     );
 
     expect(result.state).toBe("allow");
@@ -113,62 +98,40 @@ describe("resolveBashCommandCheck", () => {
   });
 
   it("falls back to the whole command when no top-level commands are found", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(bashResult("ask", "( rm x )", "*"));
+    const resolver = makeResolver(bashResult("ask", "( rm x )", "*"));
 
-    const result = resolveBashCommandCheck(
-      "( rm x )",
-      [],
-      undefined,
-      [],
-      checkPermission,
-    );
+    const result = resolveBashCommandCheck("( rm x )", [], undefined, resolver);
 
     expect(result.state).toBe("ask");
     expect(result.commandContext).toBeUndefined();
-    expect(checkPermission).toHaveBeenCalledTimes(1);
-    expect(checkPermission).toHaveBeenCalledWith(
+    expect(resolver.resolve).toHaveBeenCalledTimes(1);
+    expect(resolver.resolve).toHaveBeenCalledWith(
       "bash",
       { command: "( rm x )" },
       undefined,
-      [],
     );
   });
 
-  it("forwards the agent name and session rules to each sub-command check", () => {
-    const sessionRules: Rule[] = [
-      { surface: "bash", pattern: "npm *", action: "allow", origin: "session" },
-    ];
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(bashResult("allow", "npm i"));
-
-    resolveBashCommandCheck(
-      "npm i",
-      [{ text: "npm i" }],
-      "agent-x",
-      sessionRules,
-      checkPermission,
-    );
+  it("forwards the agent name to each sub-command check", () => {
+    const resolver = makeResolver(bashResult("allow", "npm i"));
+
+    resolveBashCommandCheck("npm i", [{ text: "npm i" }], "agent-x", resolver);
 
-    expect(checkPermission).toHaveBeenCalledWith(
+    expect(resolver.resolve).toHaveBeenCalledWith(
       "bash",
       { command: "npm i" },
       "agent-x",
-      sessionRules,
     );
   });
 
   it("tags the winning result with the offending command's execution context", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockImplementation((_surface, input) => {
-        const command = (input as { command: string }).command;
-        return command.startsWith("rm")
-          ? bashResult("deny", command, "rm *")
-          : bashResult("allow", command, "echo *");
-      });
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface, input) => {
+      const command = (input as { command: string }).command;
+      return command.startsWith("rm")
+        ? bashResult("deny", command, "rm *")
+        : bashResult("allow", command, "echo *");
+    });
 
     const result = resolveBashCommandCheck(
       "echo $(rm -rf foo)",
@@ -177,8 +140,7 @@ describe("resolveBashCommandCheck", () => {
         { text: "rm -rf foo", context: "command_substitution" },
       ],
       undefined,
-      [],
-      checkPermission,
+      resolver,
     );
 
     expect(result.state).toBe("deny");
@@ -187,16 +149,13 @@ describe("resolveBashCommandCheck", () => {
   });
 
   it("leaves commandContext unset when the winning command is top-level", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(bashResult("deny", "rm -rf foo", "rm *"));
+    const resolver = makeResolver(bashResult("deny", "rm -rf foo", "rm *"));
 
     const result = resolveBashCommandCheck(
       "rm -rf foo",
       [{ text: "rm -rf foo" }],
       undefined,
-      [],
-      checkPermission,
+      resolver,
     );
 
     expect(result.state).toBe("deny");

package/test/handlers/gates/bash-external-directory.test.ts

@@ -1,4 +1,4 @@
-import { describe, expect, it, vi } from "vitest";
+import { describe, expect, it } from "vitest";
 import { getNonEmptyString, toRecord } from "#src/common";
 import { describeBashExternalDirectoryGate } from "#src/handlers/gates/bash-external-directory";
 import { BashProgram } from "#src/handlers/gates/bash-program";
@@ -9,8 +9,11 @@ import type {
 } from "#src/handlers/gates/descriptor";
 import { isGateBypass, isGateDescriptor } from "#src/handlers/gates/descriptor";
 import type { ToolCallContext } from "#src/handlers/gates/types";
+import type { PermissionResolver } from "#src/permission-resolver";
 import type { PermissionCheckResult } from "#src/types";
 
+import { makeResolver } from "#test/helpers/gate-fixtures";
+
 // ── helpers ────────────────────────────────────────────────────────────────
 
 function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
@@ -44,20 +47,14 @@ function makeCheckResult(
  */
 async function describeGate(
   tcc: ToolCallContext,
-  checkPermission: Parameters<typeof describeBashExternalDirectoryGate>[2],
-  getSessionRuleset: Parameters<typeof describeBashExternalDirectoryGate>[3],
+  resolver: PermissionResolver,
 ): Promise<GateResult> {
   const command = getNonEmptyString(toRecord(tcc.input).command);
   const bashProgram =
     tcc.toolName === "bash" && command
       ? await BashProgram.parse(command)
       : null;
-  return describeBashExternalDirectoryGate(
-    tcc,
-    bashProgram,
-    checkPermission,
-    getSessionRuleset,
-  );
+  return describeBashExternalDirectoryGate(tcc, bashProgram, resolver);
 }
 
 // ── tests ──────────────────────────────────────────────────────────────────
@@ -66,8 +63,7 @@ describe("describeBashExternalDirectoryGate", () => {
   it("returns null when tool is not bash", async () => {
     const result = await describeGate(
       makeTcc({ toolName: "read" }),
-      vi.fn().mockReturnValue(makeCheckResult("ask")),
-      vi.fn().mockReturnValue([]),
+      makeResolver(makeCheckResult("ask")),
     );
     expect(result).toBeNull();
   });
@@ -75,8 +71,7 @@ describe("describeBashExternalDirectoryGate", () => {
   it("returns null when no CWD", async () => {
     const result = await describeGate(
       makeTcc({ cwd: undefined }),
-      vi.fn().mockReturnValue(makeCheckResult("ask")),
-      vi.fn().mockReturnValue([]),
+      makeResolver(makeCheckResult("ask")),
     );
     expect(result).toBeNull();
   });
@@ -84,21 +79,16 @@ describe("describeBashExternalDirectoryGate", () => {
   it("returns null when command has no external paths", async () => {
     const result = await describeGate(
       makeTcc({ input: { command: "ls -la" } }),
-      vi.fn().mockReturnValue(makeCheckResult("ask")),
-      vi.fn().mockReturnValue([]),
+      makeResolver(makeCheckResult("ask")),
     );
     expect(result).toBeNull();
   });
 
   it("returns GateBypass when all external paths are session-covered", async () => {
-    const checkPermission = vi
-      .fn()
-      .mockReturnValue(makeCheckResult("allow", { source: "session" }));
-    const result = await describeGate(
-      makeTcc(),
-      checkPermission,
-      vi.fn().mockReturnValue([]),
+    const resolver = makeResolver(
+      makeCheckResult("allow", { source: "session" }),
     );
+    const result = await describeGate(makeTcc(), resolver);
     expect(result).not.toBeNull();
     expect(isGateBypass(result)).toBe(true);
     const bypass = result as GateBypass;
@@ -110,11 +100,9 @@ describe("describeBashExternalDirectoryGate", () => {
   });
 
   it("returns GateDescriptor with multi-pattern sessionApproval for uncovered paths", async () => {
-    const checkPermission = vi.fn().mockReturnValue(makeCheckResult("ask"));
     const result = await describeGate(
       makeTcc({ input: { command: "diff /outside/a.ts /outside/b.ts" } }),
-      checkPermission,
-      vi.fn().mockReturnValue([]),
+      makeResolver(makeCheckResult("ask")),
     );
     expect(isGateDescriptor(result)).toBe(true);
     const desc = result as GateDescriptor;
@@ -127,20 +115,13 @@ describe("describeBashExternalDirectoryGate", () => {
     // Config-level allow (source: "special") should suppress the prompt,
     // not just session-level allow. This was the bug: source !== "session"
     // kept config-allowed paths in the uncovered set.
-    const checkPermission = vi
-      .fn()
-      .mockImplementation(
-        (_surface: string, input: Record<string, unknown>) => {
-          if (input.path)
-            return makeCheckResult("allow", { source: "special" });
-          return makeCheckResult("ask");
-        },
-      );
-    const result = await describeGate(
-      makeTcc(),
-      checkPermission,
-      vi.fn().mockReturnValue([]),
-    );
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface: string, input: unknown) => {
+      if ((input as Record<string, unknown>).path)
+        return makeCheckResult("allow", { source: "special" });
+      return makeCheckResult("ask");
+    });
+    const result = await describeGate(makeTcc(), resolver);
     expect(result).not.toBeNull();
     expect(isGateBypass(result)).toBe(true);
   });
@@ -149,20 +130,14 @@ describe("describeBashExternalDirectoryGate", () => {
     // The path-less extCheck used to always return the "*" catch-all (ask),
     // silently downgrading a config-level deny to ask. After the fix, the
     // descriptor's preCheck is derived from the actual path check result.
-    const checkPermission = vi
-      .fn()
-      .mockImplementation(
-        (_surface: string, input: Record<string, unknown>) => {
-          if (input.path) return makeCheckResult("deny", { source: "special" });
-          // Path-less catch-all returns ask — should NOT be used as preCheck.
-          return makeCheckResult("ask");
-        },
-      );
-    const result = await describeGate(
-      makeTcc(),
-      checkPermission,
-      vi.fn().mockReturnValue([]),
-    );
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface: string, input: unknown) => {
+      if ((input as Record<string, unknown>).path)
+        return makeCheckResult("deny", { source: "special" });
+      // Path-less catch-all returns ask — should NOT be used as preCheck.
+      return makeCheckResult("ask");
+    });
+    const result = await describeGate(makeTcc(), resolver);
     expect(isGateDescriptor(result)).toBe(true);
     const desc = result as GateDescriptor;
     expect(desc.preCheck?.state).toBe("deny");
@@ -171,8 +146,7 @@ describe("describeBashExternalDirectoryGate", () => {
   it("descriptor surface is 'external_directory'", async () => {
     const result = await describeGate(
       makeTcc(),
-      vi.fn().mockReturnValue(makeCheckResult("ask")),
-      vi.fn().mockReturnValue([]),
+      makeResolver(makeCheckResult("ask")),
     );
     const desc = result as GateDescriptor;
     expect(desc.surface).toBe("external_directory");
@@ -181,8 +155,7 @@ describe("describeBashExternalDirectoryGate", () => {
   it("descriptor decision surface is 'external_directory'", async () => {
     const result = await describeGate(
       makeTcc(),
-      vi.fn().mockReturnValue(makeCheckResult("ask")),
-      vi.fn().mockReturnValue([]),
+      makeResolver(makeCheckResult("ask")),
     );
     const desc = result as GateDescriptor;
     expect(desc.decision.surface).toBe("external_directory");
@@ -191,8 +164,7 @@ describe("describeBashExternalDirectoryGate", () => {
   it("denialContext contains the command and external paths", async () => {
     const result = await describeGate(
       makeTcc({ input: { command: "cat /outside/file.ts" } }),
-      vi.fn().mockReturnValue(makeCheckResult("ask")),
-      vi.fn().mockReturnValue([]),
+      makeResolver(makeCheckResult("ask")),
     );
     const desc = result as GateDescriptor;
     expect(desc.denialContext).toMatchObject({
@@ -205,8 +177,7 @@ describe("describeBashExternalDirectoryGate", () => {
   it("promptDetails includes command and tool_call source", async () => {
     const result = await describeGate(
       makeTcc({ agentName: "agent-1", toolCallId: "tc-5" }),
-      vi.fn().mockReturnValue(makeCheckResult("ask")),
-      vi.fn().mockReturnValue([]),
+      makeResolver(makeCheckResult("ask")),
     );
     const desc = result as GateDescriptor;
     expect(desc.promptDetails).toMatchObject({
@@ -220,19 +191,15 @@ describe("describeBashExternalDirectoryGate", () => {
 
   it("config-allowed path is excluded; remaining ask path produces a descriptor", async () => {
     // One path config-allowed, one config-ask → descriptor with only the ask path.
-    const checkPermission = vi
-      .fn()
-      .mockImplementation(
-        (_surface: string, input: Record<string, unknown>) => {
-          if (input.path === "/outside/a.ts")
-            return makeCheckResult("allow", { source: "special" });
-          return makeCheckResult("ask");
-        },
-      );
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface: string, input: unknown) => {
+      if ((input as Record<string, unknown>).path === "/outside/a.ts")
+        return makeCheckResult("allow", { source: "special" });
+      return makeCheckResult("ask");
+    });
     const result = await describeGate(
       makeTcc({ input: { command: "diff /outside/a.ts /outside/b.ts" } }),
-      checkPermission,
-      vi.fn().mockReturnValue([]),
+      resolver,
     );
     expect(isGateDescriptor(result)).toBe(true);
     const desc = result as GateDescriptor;
@@ -244,19 +211,15 @@ describe("describeBashExternalDirectoryGate", () => {
 
   it("config-denied path makes worstCheck deny even when another path is ask", async () => {
     // One path config-denied, one config-ask → descriptor with preCheck.state === "deny".
-    const checkPermission = vi
-      .fn()
-      .mockImplementation(
-        (_surface: string, input: Record<string, unknown>) => {
-          if (input.path === "/outside/a.ts")
-            return makeCheckResult("deny", { source: "special" });
-          return makeCheckResult("ask");
-        },
-      );
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface: string, input: unknown) => {
+      if ((input as Record<string, unknown>).path === "/outside/a.ts")
+        return makeCheckResult("deny", { source: "special" });
+      return makeCheckResult("ask");
+    });
     const result = await describeGate(
       makeTcc({ input: { command: "diff /outside/a.ts /outside/b.ts" } }),
-      checkPermission,
-      vi.fn().mockReturnValue([]),
+      resolver,
     );
     expect(isGateDescriptor(result)).toBe(true);
     const desc = result as GateDescriptor;
@@ -268,20 +231,16 @@ describe("describeBashExternalDirectoryGate", () => {
   });
 
   it("only includes uncovered paths when some are session-covered", async () => {
-    const checkPermission = vi
-      .fn()
-      .mockImplementation(
-        (_surface: string, input: Record<string, unknown>) => {
-          if (input.path === "/outside/a.ts") {
-            return makeCheckResult("allow", { source: "session" });
-          }
-          return makeCheckResult("ask");
-        },
-      );
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface: string, input: unknown) => {
+      if ((input as Record<string, unknown>).path === "/outside/a.ts") {
+        return makeCheckResult("allow", { source: "session" });
+      }
+      return makeCheckResult("ask");
+    });
     const result = await describeGate(
       makeTcc({ input: { command: "diff /outside/a.ts /outside/b.ts" } }),
-      checkPermission,
-      vi.fn().mockReturnValue([]),
+      resolver,
     );
     expect(isGateDescriptor(result)).toBe(true);
     const desc = result as GateDescriptor;