@gotgenes/pi-permission-system 9.2.0 → 10.1.0

package/test/handlers/gates/bash-path.test.ts

@@ -19,11 +19,11 @@ import type {
 } from "#src/handlers/gates/descriptor";
 import { isGateBypass, isGateDescriptor } from "#src/handlers/gates/descriptor";
 import type { ToolCallContext } from "#src/handlers/gates/types";
-import type { Rule } from "#src/rule";
-import type { PermissionCheckResult } from "#src/types";
+import type { PermissionResolver } from "#src/permission-resolver";
 
 import {
   makeGateCheckResult as makeCheckResult,
+  makeResolver,
   makeTcc,
 } from "#test/helpers/gate-fixtures";
 
@@ -31,13 +31,6 @@ afterEach(() => {
   vi.restoreAllMocks();
 });
 
-type CheckPermissionFn = (
-  surface: string,
-  input: unknown,
-  agentName?: string,
-  sessionRules?: Rule[],
-) => PermissionCheckResult;
-
 /**
  * Mirror the handler's parse-once derivation: parse the bash command into a
  * shared `BashProgram` and inject it, exactly as `permission-gate-handler.ts`
@@ -45,72 +38,47 @@ type CheckPermissionFn = (
  */
 async function describeGate(
   tcc: ToolCallContext,
-  checkPermission: CheckPermissionFn,
-  getSessionRuleset: () => Rule[],
+  resolver: PermissionResolver,
 ): Promise<GateResult> {
   const command = getNonEmptyString(toRecord(tcc.input).command);
   const bashProgram =
     tcc.toolName === "bash" && command
       ? await BashProgram.parse(command)
       : null;
-  return describeBashPathGate(
-    tcc,
-    bashProgram,
-    checkPermission,
-    getSessionRuleset,
-  );
+  return describeBashPathGate(tcc, bashProgram, resolver);
 }
 
 // ── tests ──────────────────────────────────────────────────────────────────
 
 describe("describeBashPathGate", () => {
   it("returns null for non-bash tools", async () => {
-    const checkPermission = vi.fn<CheckPermissionFn>();
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
     const result = await describeGate(
       makeTcc({ toolName: "read", input: { path: ".env" } }),
-      checkPermission,
-      getSessionRuleset,
+      makeResolver(),
     );
     expect(result).toBeNull();
   });
 
   it("returns null when no tokens are extracted", async () => {
-    const checkPermission = vi.fn<CheckPermissionFn>();
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
     const result = await describeGate(
       makeTcc({ input: { command: "echo hello" } }),
-      checkPermission,
-      getSessionRuleset,
+      makeResolver(),
     );
     expect(result).toBeNull();
   });
 
   it("returns null when all tokens evaluate to allow", async () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(makeCheckResult({ state: "allow" }));
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
     const result = await describeGate(
       makeTcc({ input: { command: "cat .env" } }),
-      checkPermission,
-      getSessionRuleset,
+      makeResolver(makeCheckResult({ state: "allow" })),
     );
     expect(result).toBeNull();
   });
 
   it("returns GateDescriptor when a token evaluates to deny", async () => {
-    const checkPermission = vi.fn<CheckPermissionFn>().mockReturnValue(
-      makeCheckResult({
-        state: "deny",
-        matchedPattern: "*.env",
-      }),
-    );
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
     const result = await describeGate(
       makeTcc({ input: { command: "cat .env" } }),
-      checkPermission,
-      getSessionRuleset,
+      makeResolver(makeCheckResult({ state: "deny", matchedPattern: "*.env" })),
     );
     expect(result).not.toBeNull();
     expect(isGateDescriptor(result)).toBe(true);
@@ -120,14 +88,9 @@ describe("describeBashPathGate", () => {
   });
 
   it("returns GateDescriptor when a token evaluates to ask", async () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(makeCheckResult({ state: "ask", matchedPattern: "*" }));
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
     const result = await describeGate(
       makeTcc({ input: { command: "cat .env" } }),
-      checkPermission,
-      getSessionRuleset,
+      makeResolver(makeCheckResult({ state: "ask", matchedPattern: "*" })),
     );
     expect(result).not.toBeNull();
     expect(isGateDescriptor(result)).toBe(true);
@@ -136,16 +99,9 @@ describe("describeBashPathGate", () => {
   });
 
   it("descriptor includes triggering token in prompt message", async () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(
-        makeCheckResult({ state: "deny", matchedPattern: "*.env" }),
-      );
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
     const result = (await describeGate(
       makeTcc({ input: { command: "cat .env" } }),
-      checkPermission,
-      getSessionRuleset,
+      makeResolver(makeCheckResult({ state: "deny", matchedPattern: "*.env" })),
     )) as GateDescriptor;
     expect(result.denialContext).toMatchObject({
       kind: "bash_path",
@@ -156,37 +112,17 @@ describe("describeBashPathGate", () => {
   });
 
   it("descriptor decision uses surface 'path'", async () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(
-        makeCheckResult({ state: "deny", matchedPattern: "*.env" }),
-      );
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
     const result = (await describeGate(
       makeTcc({ input: { command: "cat .env" } }),
-      checkPermission,
-      getSessionRuleset,
+      makeResolver(makeCheckResult({ state: "deny", matchedPattern: "*.env" })),
     )) as GateDescriptor;
     expect(result.decision.surface).toBe("path");
   });
 
   it("returns GateBypass when session rule covers the path", async () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(makeCheckResult({ state: "allow", source: "session" }));
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([
-      {
-        surface: "path",
-        pattern: "*",
-        action: "allow",
-        layer: "session",
-        origin: "session",
-      },
-    ]);
     const result = await describeGate(
       makeTcc({ input: { command: "cat .env" } }),
-      checkPermission,
-      getSessionRuleset,
+      makeResolver(makeCheckResult({ state: "allow", source: "session" })),
     );
     expect(result).not.toBeNull();
     expect(isGateBypass(result)).toBe(true);
@@ -194,31 +130,22 @@ describe("describeBashPathGate", () => {
   });
 
   it("returns null when command is missing", async () => {
-    const checkPermission = vi.fn<CheckPermissionFn>();
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
-    const result = await describeGate(
-      makeTcc({ input: {} }),
-      checkPermission,
-      getSessionRuleset,
-    );
+    const result = await describeGate(makeTcc({ input: {} }), makeResolver());
     expect(result).toBeNull();
   });
 
   it("evaluates most restrictive across multiple tokens", async () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockImplementation((_surface, input) => {
-        const record = input as Record<string, unknown>;
-        if (record.path === "src/foo.ts") {
-          return makeCheckResult({ state: "allow" });
-        }
-        return makeCheckResult({ state: "deny", matchedPattern: "*.env" });
-      });
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface, input) => {
+      const record = input as Record<string, unknown>;
+      if (record.path === "src/foo.ts") {
+        return makeCheckResult({ state: "allow" });
+      }
+      return makeCheckResult({ state: "deny", matchedPattern: "*.env" });
+    });
     const result = await describeGate(
       makeTcc({ input: { command: "cat src/foo.ts .env" } }),
-      checkPermission,
-      getSessionRuleset,
+      resolver,
     );
     expect(result).not.toBeNull();
     expect(isGateDescriptor(result)).toBe(true);
@@ -226,20 +153,17 @@ describe("describeBashPathGate", () => {
   });
 
   it("deny wins in multi-token: cp .env README.md", async () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockImplementation((_surface, input) => {
-        const record = input as Record<string, unknown>;
-        if (record.path === ".env") {
-          return makeCheckResult({ state: "deny", matchedPattern: "*.env" });
-        }
-        return makeCheckResult({ state: "allow" });
-      });
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface, input) => {
+      const record = input as Record<string, unknown>;
+      if (record.path === ".env") {
+        return makeCheckResult({ state: "deny", matchedPattern: "*.env" });
+      }
+      return makeCheckResult({ state: "allow" });
+    });
     const result = await describeGate(
       makeTcc({ input: { command: "cp .env README.md" } }),
-      checkPermission,
-      getSessionRuleset,
+      resolver,
     );
     expect(result).not.toBeNull();
     expect(isGateDescriptor(result)).toBe(true);
@@ -249,20 +173,17 @@ describe("describeBashPathGate", () => {
   });
 
   it("extracts redirect target: echo test > .env triggers deny", async () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockImplementation((_surface, input) => {
-        const record = input as Record<string, unknown>;
-        if (record.path === ".env") {
-          return makeCheckResult({ state: "deny", matchedPattern: "*.env" });
-        }
-        return makeCheckResult({ state: "allow" });
-      });
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface, input) => {
+      const record = input as Record<string, unknown>;
+      if (record.path === ".env") {
+        return makeCheckResult({ state: "deny", matchedPattern: "*.env" });
+      }
+      return makeCheckResult({ state: "allow" });
+    });
     const result = await describeGate(
       makeTcc({ input: { command: "echo test > .env" } }),
-      checkPermission,
-      getSessionRuleset,
+      resolver,
     );
     expect(result).not.toBeNull();
     expect(isGateDescriptor(result)).toBe(true);
@@ -270,47 +191,41 @@ describe("describeBashPathGate", () => {
   });
 
   it("returns null when all tokens match only the universal default", async () => {
-    const checkPermission = vi.fn<CheckPermissionFn>().mockReturnValue(
-      makeCheckResult({
-        state: "ask",
-        matchedPattern: undefined,
-        source: "special",
-        origin: "builtin",
-      }),
-    );
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
     const result = await describeGate(
       makeTcc({ input: { command: "cat .env" } }),
-      checkPermission,
-      getSessionRuleset,
+      makeResolver(
+        makeCheckResult({
+          state: "ask",
+          matchedPattern: undefined,
+          source: "special",
+          origin: "builtin",
+        }),
+      ),
     );
     expect(result).toBeNull();
   });
 
   it("ignores tokens matching universal default but fires for explicit rule matches", async () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockImplementation((_surface, input) => {
-        const record = input as Record<string, unknown>;
-        if (record.path === ".env") {
-          return makeCheckResult({
-            state: "deny",
-            matchedPattern: "*.env",
-          });
-        }
-        // Other tokens match only the universal default
+    const resolver = makeResolver();
+    resolver.resolve.mockImplementation((_surface, input) => {
+      const record = input as Record<string, unknown>;
+      if (record.path === ".env") {
         return makeCheckResult({
-          state: "ask",
-          matchedPattern: undefined,
-          source: "special",
-          origin: "builtin",
+          state: "deny",
+          matchedPattern: "*.env",
         });
+      }
+      // Other tokens match only the universal default
+      return makeCheckResult({
+        state: "ask",
+        matchedPattern: undefined,
+        source: "special",
+        origin: "builtin",
       });
-    const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
+    });
     const result = await describeGate(
       makeTcc({ input: { command: "cat src/foo.ts .env" } }),
-      checkPermission,
-      getSessionRuleset,
+      resolver,
     );
     expect(result).not.toBeNull();
     expect(isGateDescriptor(result)).toBe(true);

package/test/handlers/gates/path.test.ts

@@ -1,13 +1,14 @@
-import { describe, expect, it, vi } from "vitest";
+import { describe, expect, it } from "vitest";
 
 import type { GateDescriptor } from "#src/handlers/gates/descriptor";
 import { isGateDescriptor } from "#src/handlers/gates/descriptor";
 import { describePathGate } from "#src/handlers/gates/path";
 import type { ToolCallContext } from "#src/handlers/gates/types";
-import type { Rule } from "#src/rule";
-import type { PermissionCheckResult } from "#src/types";
 
-import { makeGateCheckResult as makeCheckResult } from "#test/helpers/gate-fixtures";
+import {
+  makeGateCheckResult as makeCheckResult,
+  makeResolver,
+} from "#test/helpers/gate-fixtures";
 
 // ── helpers ────────────────────────────────────────────────────────────────
 
@@ -23,53 +24,36 @@ function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
   };
 }
 
-type CheckPermissionFn = (
-  surface: string,
-  input: unknown,
-  agentName?: string,
-  sessionRules?: Rule[],
-) => PermissionCheckResult;
-
 // ── tests ──────────────────────────────────────────────────────────────────
 
 describe("describePathGate", () => {
-  const getSessionRuleset = vi.fn<() => Rule[]>().mockReturnValue([]);
-
   it("returns null for non-path-bearing tools", () => {
-    const checkPermission = vi.fn<CheckPermissionFn>();
+    const resolver = makeResolver();
     const result = describePathGate(
       makeTcc({ toolName: "bash", input: { command: "ls" } }),
-      checkPermission,
-      getSessionRuleset,
+      resolver,
     );
     expect(result).toBeNull();
-    expect(checkPermission).not.toHaveBeenCalled();
+    expect(resolver.resolve).not.toHaveBeenCalled();
   });
 
   it("returns null when tool has no extractable path", () => {
-    const checkPermission = vi.fn<CheckPermissionFn>();
+    const resolver = makeResolver();
     const result = describePathGate(
       makeTcc({ toolName: "read", input: {} }),
-      checkPermission,
-      getSessionRuleset,
+      resolver,
     );
     expect(result).toBeNull();
   });
 
   it("returns null when path check result is allow", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(makeCheckResult({ state: "allow" }));
-    const result = describePathGate(
-      makeTcc(),
-      checkPermission,
-      getSessionRuleset,
-    );
+    const resolver = makeResolver(makeCheckResult({ state: "allow" }));
+    const result = describePathGate(makeTcc(), resolver);
     expect(result).toBeNull();
   });
 
   it("returns null when matchedPattern is undefined (universal default)", () => {
-    const checkPermission = vi.fn<CheckPermissionFn>().mockReturnValue(
+    const resolver = makeResolver(
       makeCheckResult({
         state: "ask",
         matchedPattern: undefined,
@@ -77,16 +61,12 @@ describe("describePathGate", () => {
         origin: "builtin",
       }),
     );
-    const result = describePathGate(
-      makeTcc(),
-      checkPermission,
-      getSessionRuleset,
-    );
+    const result = describePathGate(makeTcc(), resolver);
     expect(result).toBeNull();
   });
 
   it("returns GateDescriptor when matchedPattern is defined (explicit path rule)", () => {
-    const checkPermission = vi.fn<CheckPermissionFn>().mockReturnValue(
+    const resolver = makeResolver(
       makeCheckResult({
         state: "ask",
         matchedPattern: "*.env",
@@ -94,27 +74,16 @@ describe("describePathGate", () => {
         origin: "global",
       }),
     );
-    const result = describePathGate(
-      makeTcc(),
-      checkPermission,
-      getSessionRuleset,
-    );
+    const result = describePathGate(makeTcc(), resolver);
     expect(result).not.toBeNull();
     expect(isGateDescriptor(result)).toBe(true);
   });
 
   it("returns GateDescriptor when path check result is deny", () => {
-    const checkPermission = vi.fn<CheckPermissionFn>().mockReturnValue(
-      makeCheckResult({
-        state: "deny",
-        matchedPattern: "*.env",
-      }),
-    );
-    const result = describePathGate(
-      makeTcc(),
-      checkPermission,
-      getSessionRuleset,
+    const resolver = makeResolver(
+      makeCheckResult({ state: "deny", matchedPattern: "*.env" }),
     );
+    const result = describePathGate(makeTcc(), resolver);
     expect(result).not.toBeNull();
     expect(isGateDescriptor(result)).toBe(true);
     const desc = result as GateDescriptor;
@@ -123,17 +92,10 @@ describe("describePathGate", () => {
   });
 
   it("returns GateDescriptor when path check result is ask", () => {
-    const checkPermission = vi.fn<CheckPermissionFn>().mockReturnValue(
-      makeCheckResult({
-        state: "ask",
-        matchedPattern: "*.env",
-      }),
-    );
-    const result = describePathGate(
-      makeTcc(),
-      checkPermission,
-      getSessionRuleset,
+    const resolver = makeResolver(
+      makeCheckResult({ state: "ask", matchedPattern: "*.env" }),
     );
+    const result = describePathGate(makeTcc(), resolver);
     expect(result).not.toBeNull();
     expect(isGateDescriptor(result)).toBe(true);
     const desc = result as GateDescriptor;
@@ -142,13 +104,12 @@ describe("describePathGate", () => {
   });
 
   it("descriptor has correct session approval surface and pattern", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(makeCheckResult({ state: "ask", matchedPattern: "*" }));
+    const resolver = makeResolver(
+      makeCheckResult({ state: "ask", matchedPattern: "*" }),
+    );
     const result = describePathGate(
       makeTcc({ input: { path: "/test/project/src/.env" } }),
-      checkPermission,
-      getSessionRuleset,
+      resolver,
     ) as GateDescriptor;
     expect(result.sessionApproval).toBeDefined();
     expect(result.sessionApproval?.surface).toBe("path");
@@ -156,16 +117,10 @@ describe("describePathGate", () => {
   });
 
   it("descriptor denialContext references the file path and tool name", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(
-        makeCheckResult({ state: "deny", matchedPattern: "*.env" }),
-      );
-    const result = describePathGate(
-      makeTcc(),
-      checkPermission,
-      getSessionRuleset,
-    ) as GateDescriptor;
+    const resolver = makeResolver(
+      makeCheckResult({ state: "deny", matchedPattern: "*.env" }),
+    );
+    const result = describePathGate(makeTcc(), resolver) as GateDescriptor;
     expect(result.denialContext).toEqual({
       kind: "path",
       toolName: "read",
@@ -175,43 +130,21 @@ describe("describePathGate", () => {
   });
 
   it("descriptor decision uses surface 'path' and the file path as value", () => {
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(
-        makeCheckResult({ state: "deny", matchedPattern: "*.env" }),
-      );
-    const result = describePathGate(
-      makeTcc(),
-      checkPermission,
-      getSessionRuleset,
-    ) as GateDescriptor;
+    const resolver = makeResolver(
+      makeCheckResult({ state: "deny", matchedPattern: "*.env" }),
+    );
+    const result = describePathGate(makeTcc(), resolver) as GateDescriptor;
     expect(result.decision.surface).toBe("path");
     expect(result.decision.value).toBe(".env");
   });
 
-  it("passes agentName and session rules to checkPermission", () => {
-    const sessionRules: Rule[] = [
-      {
-        surface: "path",
-        pattern: "/project/*",
-        action: "allow",
-        origin: "session",
-      },
-    ];
-    const getSession = vi.fn<() => Rule[]>().mockReturnValue(sessionRules);
-    const checkPermission = vi
-      .fn<CheckPermissionFn>()
-      .mockReturnValue(makeCheckResult({ state: "allow" }));
-    describePathGate(
-      makeTcc({ agentName: "my-agent" }),
-      checkPermission,
-      getSession,
-    );
-    expect(checkPermission).toHaveBeenCalledWith(
+  it("resolves the path surface with the file path and agent name", () => {
+    const resolver = makeResolver(makeCheckResult({ state: "allow" }));
+    describePathGate(makeTcc({ agentName: "my-agent" }), resolver);
+    expect(resolver.resolve).toHaveBeenCalledWith(
       "path",
       { path: ".env" },
       "my-agent",
-      sessionRules,
     );
   });
 });