@komarspn/pi-permission-system 16.0.2

package/src/persistent-approval-recorder.ts

@@ -0,0 +1,139 @@
+import {
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  renameSync,
+  unlinkSync,
+  writeFileSync,
+} from "node:fs";
+import { dirname } from "node:path";
+import { stripJsonComments } from "./config-loader";
+import { getGlobalConfigPath, getProjectConfigPath } from "./config-paths";
+import type { SessionApproval } from "./session-approval";
+import type { SessionLogger } from "./session-logger";
+
+type PersistentApprovalScope = "project" | "global";
+
+export interface PersistentApprovalRecorderDeps {
+  agentDir: string;
+  getCwd: () => string | undefined | null;
+  logger: SessionLogger;
+}
+
+/** Records user-approved allow rules into project/global permission config. */
+export class PersistentApprovalRecorder {
+  constructor(private readonly deps: PersistentApprovalRecorderDeps) {}
+
+  recordApproval(scope: PersistentApprovalScope, approval: SessionApproval): void {
+    const configPath = this.getConfigPath(scope);
+    if (!configPath) {
+      this.deps.logger.warn(
+        "Cannot persist project permission approval because current project directory is unknown.",
+      );
+      this.deps.logger.review("permission_request.persistent_approval_failed", {
+        scope,
+        surface: approval.surface,
+        patterns: approval.patterns,
+        reason: "missing_project_directory",
+      });
+      return;
+    }
+
+    try {
+      const config = readConfigObject(configPath);
+      addAllowPatterns(config, approval.surface, approval.patterns);
+      writeConfigAtomic(configPath, config);
+      this.deps.logger.review("permission_request.persistent_approval_recorded", {
+        scope,
+        configPath,
+        surface: approval.surface,
+        patterns: approval.patterns,
+      });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      this.deps.logger.warn(
+        `Failed to persist ${scope} permission approval at '${configPath}': ${message}`,
+      );
+      this.deps.logger.review("permission_request.persistent_approval_failed", {
+        scope,
+        configPath,
+        surface: approval.surface,
+        patterns: approval.patterns,
+        reason: message,
+      });
+    }
+  }
+
+  private getConfigPath(scope: PersistentApprovalScope): string | null {
+    if (scope === "global") {
+      return getGlobalConfigPath(this.deps.agentDir);
+    }
+
+    const cwd = this.deps.getCwd();
+    return typeof cwd === "string" && cwd.trim().length > 0
+      ? getProjectConfigPath(cwd)
+      : null;
+  }
+}
+
+function readConfigObject(path: string): Record<string, unknown> {
+  if (!existsSync(path)) {
+    return {};
+  }
+
+  const raw = readFileSync(path, "utf-8");
+  const parsed = JSON.parse(stripJsonComments(raw)) as unknown;
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    return {};
+  }
+
+  return parsed as Record<string, unknown>;
+}
+
+function addAllowPatterns(
+  config: Record<string, unknown>,
+  surface: string,
+  patterns: readonly string[],
+): void {
+  const permission =
+    config.permission &&
+    typeof config.permission === "object" &&
+    !Array.isArray(config.permission)
+      ? (config.permission as Record<string, unknown>)
+      : {};
+
+  const currentSurface = permission[surface];
+  const nextSurface: Record<string, unknown> =
+    currentSurface &&
+    typeof currentSurface === "object" &&
+    !Array.isArray(currentSurface)
+      ? { ...(currentSurface as Record<string, unknown>) }
+      : typeof currentSurface === "string"
+        ? { "*": currentSurface }
+        : {};
+
+  for (const pattern of patterns) {
+    nextSurface[pattern] = "allow";
+  }
+
+  permission[surface] = nextSurface;
+  config.permission = permission;
+}
+
+function writeConfigAtomic(path: string, config: Record<string, unknown>): void {
+  const tmpPath = `${path}.tmp`;
+  try {
+    mkdirSync(dirname(path), { recursive: true });
+    writeFileSync(tmpPath, `${JSON.stringify(config, null, 2)}\n`, "utf-8");
+    renameSync(tmpPath, path);
+  } catch (error) {
+    try {
+      if (existsSync(tmpPath)) {
+        unlinkSync(tmpPath);
+      }
+    } catch {
+      // Ignore cleanup failures.
+    }
+    throw error;
+  }
+}

package/src/policy-loader.ts

@@ -0,0 +1,350 @@
+import { existsSync, readFileSync, statSync } from "node:fs";
+import { join } from "node:path";
+import { getAgentDir } from "@earendil-works/pi-coding-agent";
+
+import { extractFrontmatter, parseSimpleYamlMap, toRecord } from "./common";
+import {
+  loadUnifiedConfig,
+  normalizeUnifiedConfig,
+  stripJsonComments,
+} from "./config-loader";
+import { getGlobalConfigPath } from "./config-paths";
+import type { ScopeConfig } from "./types";
+
+// ---------------------------------------------------------------------------
+// File-stamp helper
+// ---------------------------------------------------------------------------
+
+function getFileStamp(path: string): string {
+  try {
+    return String(statSync(path).mtimeMs);
+  } catch {
+    return "missing";
+  }
+}
+
+// ---------------------------------------------------------------------------
+// MCP server-name reading helpers
+// ---------------------------------------------------------------------------
+
+function readConfiguredMcpServerNamesFromConfigPath(
+  configPath: string,
+): string[] {
+  try {
+    const raw = readFileSync(configPath, "utf-8");
+    const parsed = JSON.parse(stripJsonComments(raw)) as unknown;
+    const root = toRecord(parsed);
+    const serverRecord = toRecord(root.mcpServers ?? root["mcp-servers"]);
+
+    return Object.keys(serverRecord)
+      .map((name) => name.trim())
+      .filter((name) => name.length > 0);
+  } catch {
+    return [];
+  }
+}
+
+function getConfiguredMcpServerNamesFromPaths(
+  paths: readonly string[],
+): string[] {
+  const seen = new Set<string>();
+
+  for (const path of paths) {
+    for (const name of readConfiguredMcpServerNamesFromConfigPath(path)) {
+      seen.add(name);
+    }
+  }
+
+  return [...seen].sort(
+    (left, right) => right.length - left.length || left.localeCompare(right),
+  );
+}
+
+// ---------------------------------------------------------------------------
+// Resolved policy paths
+// ---------------------------------------------------------------------------
+
+export interface ResolvedPolicyPaths {
+  globalConfigPath: string;
+  globalConfigExists: boolean;
+  projectConfigPath: string | null;
+  projectConfigExists: boolean;
+  agentsDir: string;
+  agentsDirExists: boolean;
+  projectAgentsDir: string | null;
+  projectAgentsDirExists: boolean;
+}
+
+// ---------------------------------------------------------------------------
+// PolicyLoader interface
+// ---------------------------------------------------------------------------
+
+/**
+ * Abstraction over file I/O for loading permission policy from disk.
+ * Implementations handle caching, path resolution, and config-issue
+ * accumulation.  `PermissionManager` depends on this interface so that
+ * merge + evaluation logic can be tested with an in-memory stub.
+ */
+export interface PolicyLoader {
+  loadGlobalConfig(): ScopeConfig;
+  loadProjectConfig(): ScopeConfig;
+  loadAgentConfig(agentName?: string): ScopeConfig;
+  loadProjectAgentConfig(agentName?: string): ScopeConfig;
+  getConfiguredMcpServerNames(): readonly string[];
+  /** Combined mtime stamp for cache invalidation. */
+  getCacheStamp(agentName?: string): string;
+  /** Accumulated config-parse issues across all loads. */
+  getConfigIssues(): string[];
+  /** Resolved paths for the /permission-system show command. */
+  getResolvedPolicyPaths(): ResolvedPolicyPaths;
+}
+
+// ---------------------------------------------------------------------------
+// Default path factories (deferred until call-time, not module scope)
+// ---------------------------------------------------------------------------
+
+function defaultGlobalConfigPath(): string {
+  return getGlobalConfigPath(getAgentDir());
+}
+function defaultAgentsDir(): string {
+  return join(getAgentDir(), "agents");
+}
+function defaultGlobalMcpConfigPath(): string {
+  return join(getAgentDir(), "mcp.json");
+}
+
+// ---------------------------------------------------------------------------
+// File cache helper type
+// ---------------------------------------------------------------------------
+
+type FileCacheEntry<TValue> = {
+  stamp: string;
+  value: TValue;
+};
+
+// ---------------------------------------------------------------------------
+// Options shared between FilePolicyLoader and the backward-compat
+// PermissionManager constructor.
+// ---------------------------------------------------------------------------
+
+export interface PolicyLoaderOptions {
+  globalConfigPath?: string;
+  agentsDir?: string;
+  projectGlobalConfigPath?: string;
+  projectAgentsDir?: string;
+  globalMcpConfigPath?: string;
+  mcpServerNames?: readonly string[];
+}
+
+// ---------------------------------------------------------------------------
+// FilePolicyLoader — the production implementation
+// ---------------------------------------------------------------------------
+
+/**
+ * Production `PolicyLoader` that reads config files from disk with
+ * mtime-based caching.
+ */
+export class FilePolicyLoader implements PolicyLoader {
+  private readonly globalConfigPath: string;
+  private readonly agentsDir: string;
+  private readonly projectGlobalConfigPath: string | null;
+  private readonly projectAgentsDir: string | null;
+  private readonly globalMcpConfigPath: string;
+  private readonly configuredMcpServerNamesOverride: readonly string[] | null;
+
+  private globalConfigCache: FileCacheEntry<ScopeConfig> | null = null;
+  private projectGlobalConfigCache: FileCacheEntry<ScopeConfig> | null = null;
+  private readonly agentConfigCache = new Map<
+    string,
+    FileCacheEntry<ScopeConfig>
+  >();
+  private readonly projectAgentConfigCache = new Map<
+    string,
+    FileCacheEntry<ScopeConfig>
+  >();
+  private configuredMcpServerNamesCache: FileCacheEntry<
+    readonly string[]
+  > | null = null;
+  private accumulatedConfigIssues: string[] = [];
+
+  constructor(options: PolicyLoaderOptions = {}) {
+    this.globalConfigPath =
+      options.globalConfigPath ?? defaultGlobalConfigPath();
+    this.agentsDir = options.agentsDir ?? defaultAgentsDir();
+    this.projectGlobalConfigPath = options.projectGlobalConfigPath ?? null;
+    this.projectAgentsDir = options.projectAgentsDir ?? null;
+    this.globalMcpConfigPath =
+      options.globalMcpConfigPath ?? defaultGlobalMcpConfigPath();
+    this.configuredMcpServerNamesOverride = options.mcpServerNames
+      ? [
+          ...new Set(
+            options.mcpServerNames
+              .map((name) => name.trim())
+              .filter((name) => name.length > 0),
+          ),
+        ]
+      : null;
+  }
+
+  // ── Config issue accumulation ────────────────────────────────────────
+
+  private accumulateConfigIssues(issues: string[]): void {
+    for (const issue of issues) {
+      if (!this.accumulatedConfigIssues.includes(issue)) {
+        this.accumulatedConfigIssues.push(issue);
+      }
+    }
+  }
+
+  getConfigIssues(): string[] {
+    return [...this.accumulatedConfigIssues];
+  }
+
+  // ── Scope loaders ────────────────────────────────────────────────────
+
+  loadGlobalConfig(): ScopeConfig {
+    const stamp = getFileStamp(this.globalConfigPath);
+    if (this.globalConfigCache?.stamp === stamp) {
+      return this.globalConfigCache.value;
+    }
+
+    const { config, issues } = loadUnifiedConfig(this.globalConfigPath);
+    this.accumulateConfigIssues(issues);
+
+    const value: ScopeConfig = {
+      permission: config.permission,
+    };
+
+    this.globalConfigCache = { stamp, value };
+    return value;
+  }
+
+  loadProjectConfig(): ScopeConfig {
+    if (!this.projectGlobalConfigPath) {
+      return {};
+    }
+
+    const stamp = getFileStamp(this.projectGlobalConfigPath);
+    if (this.projectGlobalConfigCache?.stamp === stamp) {
+      return this.projectGlobalConfigCache.value;
+    }
+
+    const { config, issues } = loadUnifiedConfig(this.projectGlobalConfigPath);
+    this.accumulateConfigIssues(issues);
+
+    const value: ScopeConfig = {
+      permission: config.permission,
+    };
+
+    this.projectGlobalConfigCache = { stamp, value };
+    return value;
+  }
+
+  private loadScopeConfigFrom(
+    dir: string | null,
+    cache: Map<string, FileCacheEntry<ScopeConfig>>,
+    agentName?: string,
+  ): ScopeConfig {
+    if (!dir || !agentName) {
+      return {};
+    }
+
+    const filePath = join(dir, `${agentName}.md`);
+    const stamp = getFileStamp(filePath);
+    const cached = cache.get(agentName);
+    if (cached?.stamp === stamp) {
+      return cached.value;
+    }
+
+    let value: ScopeConfig;
+    try {
+      const markdown = readFileSync(filePath, "utf-8");
+      const frontmatter = extractFrontmatter(markdown);
+      if (!frontmatter) {
+        value = {};
+      } else {
+        const parsed = parseSimpleYamlMap(frontmatter);
+        const { config, issues } = normalizeUnifiedConfig(parsed);
+        this.accumulateConfigIssues(issues);
+        value = { permission: config.permission };
+      }
+    } catch {
+      value = {};
+    }
+
+    cache.set(agentName, { stamp, value });
+    return value;
+  }
+
+  loadAgentConfig(agentName?: string): ScopeConfig {
+    return this.loadScopeConfigFrom(
+      this.agentsDir,
+      this.agentConfigCache,
+      agentName,
+    );
+  }
+
+  loadProjectAgentConfig(agentName?: string): ScopeConfig {
+    return this.loadScopeConfigFrom(
+      this.projectAgentsDir,
+      this.projectAgentConfigCache,
+      agentName,
+    );
+  }
+
+  // ── MCP server names ─────────────────────────────────────────────────
+
+  getConfiguredMcpServerNames(): readonly string[] {
+    if (this.configuredMcpServerNamesOverride) {
+      return this.configuredMcpServerNamesOverride;
+    }
+
+    const paths = [this.globalMcpConfigPath];
+    const stamp = paths
+      .map((path) => `${path}:${getFileStamp(path)}`)
+      .join("|");
+    if (this.configuredMcpServerNamesCache?.stamp === stamp) {
+      return this.configuredMcpServerNamesCache.value;
+    }
+
+    const value = getConfiguredMcpServerNamesFromPaths(paths);
+    this.configuredMcpServerNamesCache = { stamp, value };
+    return value;
+  }
+
+  // ── Cache stamp ───────────────────────────────────────────────────────
+
+  getCacheStamp(agentName?: string): string {
+    const agentStamp = agentName
+      ? getFileStamp(join(this.agentsDir, `${agentName}.md`))
+      : "missing";
+    const projectStamp = this.projectGlobalConfigPath
+      ? getFileStamp(this.projectGlobalConfigPath)
+      : "none";
+    const projectAgentStamp =
+      this.projectAgentsDir && agentName
+        ? getFileStamp(join(this.projectAgentsDir, `${agentName}.md`))
+        : "none";
+
+    return `${getFileStamp(this.globalConfigPath)}|${projectStamp}|${agentStamp}|${projectAgentStamp}`;
+  }
+
+  // ── Resolved paths ────────────────────────────────────────────────────
+
+  getResolvedPolicyPaths(): ResolvedPolicyPaths {
+    return {
+      globalConfigPath: this.globalConfigPath,
+      globalConfigExists: existsSync(this.globalConfigPath),
+      projectConfigPath: this.projectGlobalConfigPath,
+      projectConfigExists: this.projectGlobalConfigPath
+        ? existsSync(this.projectGlobalConfigPath)
+        : false,
+      agentsDir: this.agentsDir,
+      agentsDirExists: existsSync(this.agentsDir),
+      projectAgentsDir: this.projectAgentsDir,
+      projectAgentsDirExists: this.projectAgentsDir
+        ? existsSync(this.projectAgentsDir)
+        : false,
+    };
+  }
+}

package/src/prompting-gateway.ts

@@ -0,0 +1,104 @@
+import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
+
+import type { ConfigReader } from "./config-store";
+import type { GatePrompter } from "./gate-prompter";
+import type { PermissionPromptDecision } from "./permission-dialog";
+import type {
+  PermissionPrompterApi,
+  PromptPermissionDetails,
+} from "./permission-prompter";
+import { isSubagentExecutionContext } from "./subagent-context";
+import type { SubagentSessionRegistry } from "./subagent-registry";
+import { canResolveAskPermissionRequest } from "./yolo-mode";
+
+/**
+ * Dependencies required by PromptingGateway.
+ *
+ * All four fields are actively consumed:
+ * - `config` + `subagentSessionsDir` + `registry` drive `canConfirm()`.
+ * - `prompter` is called by `prompt()`.
+ */
+export interface PromptingGatewayDeps {
+  /** Read current config for the yolo-mode branch of the can-prompt policy. */
+  config: ConfigReader;
+  /** Static path used to detect a forwarding subagent context. */
+  subagentSessionsDir: string;
+  /** Process-global registry used to detect a registered child session. */
+  registry?: SubagentSessionRegistry;
+  /** Resolves the permission decision: direct UI dialog or forwarded to parent. */
+  prompter: PermissionPrompterApi;
+}
+
+/**
+ * The lifecycle slice of the gateway that PermissionSession drives.
+ *
+ * PermissionSession calls activate/deactivate to keep the gateway's stored
+ * context in sync with its own — the same pattern used for ForwardingController.
+ */
+export interface PromptingGatewayLifecycle {
+  activate(ctx: ExtensionContext): void;
+  deactivate(): void;
+}
+
+/**
+ * Context-owning implementation of the GatePrompter role.
+ *
+ * Owns the stored ExtensionContext and the "can we prompt?" policy
+ * (UI / subagent / yolo-mode), replacing the four twin methods
+ * that previously lived on PermissionSession.
+ *
+ * Lifecycle: PermissionSession drives activate/deactivate so the stored
+ * context mirrors the session context without independent call-site changes.
+ */
+export class PromptingGateway
+  implements GatePrompter, PromptingGatewayLifecycle
+{
+  private context: ExtensionContext | null = null;
+
+  constructor(private readonly deps: PromptingGatewayDeps) {}
+
+  /** Store the current extension context. */
+  activate(ctx: ExtensionContext): void {
+    this.context = ctx;
+  }
+
+  /** Clear the stored context. */
+  deactivate(): void {
+    this.context = null;
+  }
+
+  /**
+   * Whether an interactive permission prompt can be shown.
+   *
+   * Returns false when no context is active. Otherwise delegates to
+   * canResolveAskPermissionRequest, which checks hasUI, subagent status,
+   * and yolo-mode — relocating the policy from the index.ts closure.
+   */
+  canConfirm(): boolean {
+    if (this.context === null) return false;
+    return canResolveAskPermissionRequest({
+      config: this.deps.config.current(),
+      hasUI: this.context.hasUI,
+      isSubagent: isSubagentExecutionContext(
+        this.context,
+        this.deps.subagentSessionsDir,
+        this.deps.registry,
+      ),
+    });
+  }
+
+  /**
+   * Prompt the user for a permission decision using the stored context.
+   *
+   * Rejects if no context is active — canConfirm() guards this in normal use.
+   * Implements {@link GatePrompter}.
+   */
+  prompt(details: PromptPermissionDetails): Promise<PermissionPromptDecision> {
+    if (this.context === null) {
+      return Promise.reject(
+        new Error("prompt called before the session was activated"),
+      );
+    }
+    return this.deps.prompter.prompt(this.context, details);
+  }
+}