@komarspn/pi-permission-system 16.0.2

package/src/tool-preview-formatter.ts

@@ -0,0 +1,207 @@
+import { getNonEmptyString, toRecord } from "./common";
+import type { PermissionSystemExtensionConfig } from "./extension-config";
+import type { ToolInputFormatterLookup } from "./tool-input-formatter-registry";
+import {
+  serializeToolInputPreview,
+  TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
+  TOOL_INPUT_PREVIEW_MAX_LENGTH,
+  TOOL_TEXT_SUMMARY_MAX_LENGTH,
+  truncateInlineText,
+} from "./tool-input-preview";
+import {
+  formatEditInputForPrompt,
+  formatReadInputForPrompt,
+  formatWriteInputForPrompt,
+  getPromptPath,
+} from "./tool-input-prompt-formatters";
+import type { PermissionCheckResult } from "./types";
+
+export interface ToolPreviewFormatterOptions {
+  toolInputPreviewMaxLength: number;
+  toolTextSummaryMaxLength: number;
+  toolInputLogPreviewMaxLength: number;
+}
+
+type ConfigurablePreviewLimits = Pick<
+  PermissionSystemExtensionConfig,
+  "toolInputPreviewMaxLength" | "toolTextSummaryMaxLength"
+>;
+
+/**
+ * Resolve `ToolPreviewFormatterOptions` from a config object, falling back to
+ * the built-in defaults for any field that is absent.
+ */
+export function resolveToolPreviewLimits(
+  config: ConfigurablePreviewLimits,
+): ToolPreviewFormatterOptions {
+  return {
+    toolInputPreviewMaxLength:
+      config.toolInputPreviewMaxLength ?? TOOL_INPUT_PREVIEW_MAX_LENGTH,
+    toolTextSummaryMaxLength:
+      config.toolTextSummaryMaxLength ?? TOOL_TEXT_SUMMARY_MAX_LENGTH,
+    toolInputLogPreviewMaxLength: TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
+  };
+}
+
+/**
+ * Formats tool inputs for permission prompts and review logs.
+ *
+ * Accepts configurable limits in its constructor — the single injection
+ * point for preview-length configuration (#266).
+ */
+export class ToolPreviewFormatter {
+  constructor(
+    private readonly options: ToolPreviewFormatterOptions,
+    private readonly customFormatters?: ToolInputFormatterLookup,
+  ) {}
+
+  // ── Prompt formatting ───────────────────────────────────────────────────
+
+  /**
+   * Collapse whitespace, trim, and truncate a string to fit inline.
+   * An explicit `maxLength` overrides the constructor default.
+   */
+  sanitizeInlineText(value: string, maxLength?: number): string {
+    const limit = maxLength ?? this.options.toolTextSummaryMaxLength;
+    const normalized = value.replace(/\s+/g, " ").trim();
+    return normalized ? truncateInlineText(normalized, limit) : "empty text";
+  }
+
+  /** Serialize `input` to inline JSON and truncate at `toolInputPreviewMaxLength`. */
+  formatJsonInputForPrompt(input: unknown): string {
+    const inline = serializeToolInputPreview(input);
+    return inline
+      ? `with input ${truncateInlineText(inline, this.options.toolInputPreviewMaxLength)}`
+      : "";
+  }
+
+  /** Format search-tool (grep/find/ls) input for a permission prompt. */
+  formatSearchInputForPrompt(
+    toolName: string,
+    input: Record<string, unknown>,
+  ): string {
+    const parts: string[] = [];
+    const path = getPromptPath(input);
+    const pattern = getNonEmptyString(input.pattern);
+    const glob = getNonEmptyString(input.glob);
+
+    if (pattern) {
+      parts.push(`pattern '${this.sanitizeInlineText(pattern)}'`);
+    }
+    if (glob) {
+      parts.push(`glob '${this.sanitizeInlineText(glob)}'`);
+    }
+    if (path) {
+      parts.push(`path '${path}'`);
+    } else if (
+      toolName === "find" ||
+      toolName === "grep" ||
+      toolName === "ls"
+    ) {
+      parts.push("current working directory");
+    }
+
+    return parts.length > 0 ? `for ${parts.join(", ")}` : "";
+  }
+
+  /**
+   * Format any tool input for display in a permission ask-prompt.
+   *
+   * Dispatches to the appropriate pure formatter for known tools
+   * and falls back to inline JSON for everything else.
+   */
+  formatToolInputForPrompt(toolName: string, input: unknown): string {
+    const inputRecord = toRecord(input);
+
+    const custom = this.customFormatters?.get(toolName);
+    if (custom) {
+      const rendered = custom(inputRecord);
+      if (rendered !== undefined) {
+        return rendered;
+      }
+    }
+
+    switch (toolName) {
+      case "edit":
+        return formatEditInputForPrompt(inputRecord);
+      case "write":
+        return formatWriteInputForPrompt(inputRecord);
+      case "read":
+        return formatReadInputForPrompt(inputRecord);
+      case "find":
+      case "grep":
+      case "ls":
+        return this.formatSearchInputForPrompt(toolName, inputRecord);
+      case "mcp":
+        // The MCP target is already surfaced in formatAskPrompt's MCP branch.
+        // When no custom formatter is registered (or it declines), produce no
+        // additional preview rather than leaking the raw event JSON.
+        return "";
+      default:
+        return this.formatJsonInputForPrompt(input);
+    }
+  }
+
+  // ── Log formatting ──────────────────────────────────────────────────────
+
+  /** Serialize `input` to inline JSON and truncate at `toolInputLogPreviewMaxLength`. */
+  formatGenericToolInputForLog(input: unknown): string | undefined {
+    const inline = serializeToolInputPreview(input);
+    return inline
+      ? `input ${truncateInlineText(inline, this.options.toolInputLogPreviewMaxLength)}`
+      : undefined;
+  }
+
+  /** Derive a loggable input preview string for the review log. */
+  getToolInputPreviewForLog(
+    result: PermissionCheckResult,
+    input: unknown,
+    pathBearingTools: ReadonlySet<string>,
+  ): string | undefined {
+    if (
+      result.toolName === "bash" ||
+      result.toolName === "mcp" ||
+      result.source === "mcp"
+    ) {
+      return undefined;
+    }
+
+    if (pathBearingTools.has(result.toolName)) {
+      const inputPreview = this.formatToolInputForPrompt(
+        result.toolName,
+        input,
+      );
+      return inputPreview
+        ? truncateInlineText(
+            inputPreview,
+            this.options.toolInputLogPreviewMaxLength,
+          )
+        : undefined;
+    }
+
+    return this.formatGenericToolInputForLog(input);
+  }
+
+  /** Build the structured log context object for a permission review log entry. */
+  getPermissionLogContext(
+    result: PermissionCheckResult,
+    input: unknown,
+    pathBearingTools: ReadonlySet<string>,
+  ): {
+    command?: string;
+    target?: string;
+    toolInputPreview?: string;
+    origin?: string;
+  } {
+    return {
+      command: result.command,
+      target: result.target,
+      toolInputPreview: this.getToolInputPreviewForLog(
+        result,
+        input,
+        pathBearingTools,
+      ),
+      origin: result.origin,
+    };
+  }
+}

package/src/tool-registry.ts

@@ -0,0 +1,148 @@
+import { getNonEmptyString, toRecord } from "./common";
+
+/** Narrow interface for the Pi tool API subset used by handler classes. */
+export interface ToolRegistry {
+  /** All registered tools (`pi.getAllTools()` — `ToolInfo[]`); kept defensively wide. */
+  getAll(): unknown[];
+  /** Currently active tool names (`pi.getActiveTools()`). */
+  getActive(): string[];
+  setActive(names: string[]): void;
+}
+
+export type ToolRegistrationCheckResult =
+  | {
+      status: "missing-tool-name";
+    }
+  | {
+      status: "registered";
+      requestedToolName: string;
+      normalizedToolName: string;
+    }
+  | {
+      status: "unregistered";
+      requestedToolName: string;
+      normalizedToolName: string;
+      availableToolNames: string[];
+    };
+
+function normalizeToolName(
+  toolName: string,
+  aliases: Record<string, string>,
+): string {
+  return aliases[toolName] || toolName;
+}
+
+function buildReverseAliases(
+  aliases: Record<string, string>,
+): Map<string, string[]> {
+  const reverse = new Map<string, string[]>();
+
+  for (const [alias, canonical] of Object.entries(aliases)) {
+    const existing = reverse.get(canonical) ?? [];
+    if (!existing.includes(alias)) {
+      existing.push(alias);
+    }
+    reverse.set(canonical, existing);
+  }
+
+  return reverse;
+}
+
+function addToolNameVariants(
+  value: string,
+  names: Set<string>,
+  aliases: Record<string, string>,
+  reverseAliases: ReadonlyMap<string, readonly string[]>,
+): void {
+  names.add(value);
+
+  const normalized = normalizeToolName(value, aliases);
+  names.add(normalized);
+
+  const canonicalFromAlias = aliases[value];
+  if (canonicalFromAlias) {
+    names.add(canonicalFromAlias);
+  }
+
+  const aliasValues = reverseAliases.get(value);
+  if (aliasValues) {
+    for (const alias of aliasValues) {
+      names.add(alias);
+    }
+  }
+
+  const aliasValuesForNormalized = reverseAliases.get(normalized);
+  if (aliasValuesForNormalized) {
+    for (const alias of aliasValuesForNormalized) {
+      names.add(alias);
+    }
+  }
+}
+
+export function getToolNameFromValue(value: unknown): string | null {
+  const direct = getNonEmptyString(value);
+  if (direct) {
+    return direct;
+  }
+
+  const record = toRecord(value);
+  const candidates = [record.toolName, record.name, record.tool];
+
+  for (const candidate of candidates) {
+    const stringValue = getNonEmptyString(candidate);
+    if (stringValue) {
+      return stringValue;
+    }
+  }
+
+  return null;
+}
+
+export function checkRequestedToolRegistration(
+  requestedToolName: string | null,
+  registeredTools: readonly unknown[],
+  aliases: Record<string, string> = {},
+): ToolRegistrationCheckResult {
+  const requested = getNonEmptyString(requestedToolName);
+  if (!requested) {
+    return {
+      status: "missing-tool-name",
+    };
+  }
+
+  const normalizedToolName = normalizeToolName(requested, aliases);
+  const reverseAliases = buildReverseAliases(aliases);
+
+  const registeredLookup = new Set<string>();
+  const availableToolNames = new Set<string>();
+
+  for (const tool of registeredTools) {
+    const name = getToolNameFromValue(tool);
+    if (!name) {
+      continue;
+    }
+
+    availableToolNames.add(name);
+    addToolNameVariants(name, registeredLookup, aliases, reverseAliases);
+  }
+
+  const isRegistered =
+    registeredLookup.has(requested) || registeredLookup.has(normalizedToolName);
+
+  if (isRegistered) {
+    return {
+      status: "registered",
+      requestedToolName: requested,
+      normalizedToolName,
+    };
+  }
+
+  return {
+    status: "unregistered",
+    requestedToolName: requested,
+    normalizedToolName,
+    availableToolNames: [...availableToolNames].sort((a, b) =>
+      a.localeCompare(b),
+    ),
+  };
+}

package/src/types.ts

@@ -0,0 +1,64 @@
+export type PermissionState = "allow" | "deny" | "ask";
+
+import type { RuleOrigin } from "./rule";
+
+export type { RuleOrigin };
+
+/**
+ * A deny action with an optional reason annotation, used when a pattern maps
+ * to an object instead of a plain PermissionState string.
+ */
+export interface DenyWithReason {
+  action: "deny";
+  reason?: string;
+}
+
+/** A pattern value: a PermissionState string OR a DenyWithReason object. */
+export type PatternValue = PermissionState | DenyWithReason;
+
+/**
+ * The on-disk permission shape inside the `"permission"` key.
+ * A surface value is a PermissionState string (shorthand for `{ "*": action }`)
+ * or a pattern→value map. Pattern values may be a PermissionState string or a
+ * DenyWithReason object. A top-level value is never a bare DenyWithReason.
+ */
+export type FlatPermissionConfig = Record<
+  string,
+  PermissionState | Record<string, PatternValue>
+>;
+
+/**
+ * Per-scope permission config shape after loading and validation.
+ * Holds only the flat permission map — all policy is expressed there.
+ */
+export interface ScopeConfig {
+  permission?: FlatPermissionConfig;
+}
+
+/**
+ * Execution context of a bash command nested inside a substitution or subshell.
+ * Absent for current-shell (top-level) commands.
+ */
+export type BashCommandContext =
+  | "command_substitution"
+  | "process_substitution"
+  | "subshell";
+
+export interface PermissionCheckResult {
+  toolName: string;
+  state: PermissionState;
+  /** Custom denial reason from a deny-with-reason pattern, when present. */
+  reason?: string;
+  matchedPattern?: string;
+  command?: string;
+  target?: string;
+  source: "tool" | "bash" | "mcp" | "skill" | "special" | "default" | "session";
+  /** Which source contributed the winning rule. */
+  origin: RuleOrigin;
+  /**
+   * Execution context of the offending nested command, when the winning bash
+   * unit came from a substitution or subshell. Absent for current-shell
+   * (top-level) commands.
+   */
+  commandContext?: BashCommandContext;
+}

package/src/wildcard-matcher.ts

@@ -0,0 +1,120 @@
+import { expandHomePath } from "./expand-home";
+
+export type CompiledWildcardPattern<TState> = {
+  pattern: string;
+  state: TState;
+  regex: RegExp;
+};
+
+export type WildcardPatternMatch<TState> = {
+  state: TState;
+  matchedPattern: string;
+  matchedName: string;
+};
+
+/**
+ * Optional folding applied when matching path-surface patterns on Windows.
+ *
+ * - `caseInsensitive` compiles the pattern with the `i` flag so a mixed-case
+ *   pattern matches a lowercased (canonicalized) path value.
+ * - `windowsSeparators` rewrites `/` to `\` in the expanded pattern so a
+ *   forward-slash pattern matches a backslash-separated path value.
+ */
+export interface WildcardMatchOptions {
+  caseInsensitive?: boolean;
+  windowsSeparators?: boolean;
+}
+
+function escapeRegExp(value: string): string {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
+export function compileWildcardPattern<TState>(
+  pattern: string,
+  state: TState,
+  options?: WildcardMatchOptions,
+): CompiledWildcardPattern<TState> {
+  let expanded = expandHomePath(pattern);
+  if (options?.windowsSeparators) {
+    expanded = expanded.replaceAll("/", "\\");
+  }
+  let escaped = expanded
+    .split("*")
+    .map((part) => escapeRegExp(part).replaceAll("\\?", "."))
+    .join(".*");
+
+  // If the pattern ends with " *" (space + wildcard), make the trailing
+  // space-and-arguments portion optional so that e.g. "git *" matches both
+  // "git status" and bare "git". Mirrors OpenCode wildcard semantics.
+  if (escaped.endsWith(" .*")) {
+    escaped = `${escaped.slice(0, -3)}( .*)?`;
+  }
+
+  return {
+    pattern,
+    state,
+    regex: new RegExp(`^${escaped}$`, options?.caseInsensitive ? "si" : "s"),
+  };
+}
+
+export function compileWildcardPatternEntries<TState>(
+  entries: Iterable<readonly [string, TState]>,
+): CompiledWildcardPattern<TState>[] {
+  return Array.from(entries, ([pattern, state]) =>
+    compileWildcardPattern(pattern, state),
+  );
+}
+
+function _compileWildcardPatterns<TState>(
+  patterns: Record<string, TState>,
+): CompiledWildcardPattern<TState>[] {
+  return compileWildcardPatternEntries(Object.entries(patterns));
+}
+
+export function findCompiledWildcardMatch<TState>(
+  patterns: readonly CompiledWildcardPattern<TState>[],
+  name: string,
+): WildcardPatternMatch<TState> | null {
+  const match = patterns.findLast((p) => p.regex.test(name));
+  if (match === undefined) return null;
+  return {
+    state: match.state,
+    matchedPattern: match.pattern,
+    matchedName: name,
+  };
+}
+
+/**
+ * Test whether `value` matches `pattern` using wildcard rules.
+ * `*` matches any sequence of characters (including empty).
+ * `?` matches exactly one character.
+ * Used by evaluate() for rule matching.
+ */
+export function wildcardMatch(
+  pattern: string,
+  value: string,
+  options?: WildcardMatchOptions,
+): boolean {
+  return compileWildcardPattern(pattern, null, options).regex.test(value);
+}
+
+export function findCompiledWildcardMatchForNames<TState>(
+  patterns: readonly CompiledWildcardPattern<TState>[],
+  names: readonly string[],
+): WildcardPatternMatch<TState> | null {
+  const normalizedNames = names
+    .map((value) => value.trim())
+    .filter((value) => value.length > 0);
+  if (normalizedNames.length === 0) {
+    return null;
+  }
+
+  for (const name of normalizedNames) {
+    const match = findCompiledWildcardMatch(patterns, name);
+    if (match) {
+      return match;
+    }
+  }
+
+  return null;
+}

package/src/yolo-mode.ts

@@ -0,0 +1,30 @@
+import type { PermissionSystemExtensionConfig } from "./extension-config";
+import type { PermissionState } from "./types";
+
+export interface AskPermissionResolutionOptions {
+  config: PermissionSystemExtensionConfig;
+  hasUI: boolean;
+  isSubagent: boolean;
+}
+
+export function isYoloModeEnabled(
+  config: PermissionSystemExtensionConfig,
+): boolean {
+  // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-conversion -- typed as boolean but may be undefined at runtime (untyped callers); Boolean() guards against that
+  return Boolean(config.yoloMode);
+}
+
+export function shouldAutoApprovePermissionState(
+  state: PermissionState,
+  config: PermissionSystemExtensionConfig,
+): boolean {
+  return state === "ask" && isYoloModeEnabled(config);
+}
+
+export function canResolveAskPermissionRequest(
+  options: AskPermissionResolutionOptions,
+): boolean {
+  return (
+    options.hasUI || options.isSubagent || isYoloModeEnabled(options.config)
+  );
+}