@komarspn/pi-permission-system 16.0.2

package/test/config-modal.test.ts

@@ -0,0 +1,320 @@
+import { mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { expect, test, vi } from "vitest";
+import { loadUnifiedConfig } from "#src/config-loader";
+import { registerPermissionSystemCommand } from "#src/config-modal";
+import type { CommandConfigStore } from "#src/config-store";
+import {
+  DEFAULT_EXTENSION_CONFIG,
+  normalizePermissionSystemConfig,
+  type PermissionSystemExtensionConfig,
+} from "#src/extension-config";
+import type { Rule, Ruleset } from "#src/rule";
+
+vi.mock("@earendil-works/pi-coding-agent", () => ({
+  getSettingsListTheme: () => ({}),
+}));
+
+vi.mock("@earendil-works/pi-tui", () => ({
+  SettingsList: class {
+    handleInput(): void {}
+    updateValue(): void {}
+    render(): string[] {
+      return [];
+    }
+    invalidate(): void {}
+  },
+}));
+
+type Notification = { message: string; level: "info" | "warning" | "error" };
+
+type CommandContextStub = {
+  hasUI: boolean;
+  ui: {
+    notify(message: string, level: "info" | "warning" | "error"): void;
+    custom<T>(
+      renderer: (...args: unknown[]) => unknown,
+      options?: unknown,
+    ): Promise<T>;
+  };
+};
+
+function createCommandContext(hasUI: boolean): {
+  ctx: CommandContextStub;
+  notifications: Notification[];
+  getCustomCalls(): number;
+} {
+  const notifications: Notification[] = [];
+  let customCalls = 0;
+
+  return {
+    ctx: {
+      hasUI,
+      ui: {
+        notify(message: string, level: "info" | "warning" | "error") {
+          notifications.push({ message, level });
+        },
+        async custom<T>(
+          _renderer: (...args: unknown[]) => unknown,
+          _options?: unknown,
+        ): Promise<T> {
+          customCalls += 1;
+          return undefined as T;
+        },
+      },
+    },
+    notifications,
+    getCustomCalls: () => customCalls,
+  };
+}
+
+function lastNotification(notifications: Notification[]): Notification {
+  return notifications[notifications.length - 1];
+}
+
+test("permission-system command completions expose top-level config actions", () => {
+  const baseDir = mkdtempSync(
+    join(tmpdir(), "pi-permission-system-command-completions-"),
+  );
+  const configPath = join(baseDir, "config.json");
+  let config: PermissionSystemExtensionConfig = { ...DEFAULT_EXTENSION_CONFIG };
+
+  try {
+    const configStore: CommandConfigStore = {
+      current: () => config,
+      save: (next) => {
+        config = next;
+      },
+    };
+    const controller = {
+      config: configStore,
+      configPath,
+      getActiveAgentConfigRules: () => [] as Ruleset,
+    };
+
+    let definition: {
+      description: string;
+      getArgumentCompletions?: (
+        argumentPrefix: string,
+      ) => Array<{ value: string; label: string; description?: string }> | null;
+      handler: (args: string, ctx: CommandContextStub) => Promise<void>;
+    } | null = null;
+
+    registerPermissionSystemCommand(
+      {
+        registerCommand(_name: string, nextDefinition: typeof definition) {
+          definition = nextDefinition;
+        },
+      } as never,
+      controller,
+    );
+
+    expect(definition!.getArgumentCompletions).toBeTypeOf("function");
+
+    const topLevel = definition!.getArgumentCompletions?.("");
+    expect(Array.isArray(topLevel)).toBeTruthy();
+    expect(topLevel?.some((item) => item.value === "show")).toBeTruthy();
+    expect(topLevel?.some((item) => item.value === "reset")).toBeTruthy();
+
+    const filtered = definition!.getArgumentCompletions?.("pa");
+    expect(filtered?.map((item) => item.value)).toEqual(["path"]);
+    expect(definition!.getArgumentCompletions?.("path extra")).toBe(null);
+    expect(definition!.getArgumentCompletions?.("zzz")).toBe(null);
+  } finally {
+    rmSync(baseDir, { recursive: true, force: true });
+  }
+});
+
+test("permission-system command handlers manage config summary, persistence, and modal routing", async () => {
+  const baseDir = mkdtempSync(join(tmpdir(), "pi-permission-system-command-"));
+  const configPath = join(baseDir, "config.json");
+  let config: PermissionSystemExtensionConfig = {
+    debugLog: true,
+    permissionReviewLog: false,
+    yoloMode: true,
+  };
+
+  try {
+    writeFileSync(
+      configPath,
+      `${JSON.stringify(normalizePermissionSystemConfig(config), null, 2)}\n`,
+      "utf-8",
+    );
+
+    const configStore: CommandConfigStore = {
+      current: () => config,
+      save: (next) => {
+        const currentConfig = normalizePermissionSystemConfig(
+          loadUnifiedConfig(configPath).config,
+        );
+        const normalized = normalizePermissionSystemConfig(next);
+        writeFileSync(
+          configPath,
+          `${JSON.stringify(normalized, null, 2)}\n`,
+          "utf-8",
+        );
+        config = normalizePermissionSystemConfig(
+          loadUnifiedConfig(configPath).config,
+        );
+        expect(config).not.toEqual(currentConfig);
+      },
+    };
+    const controller = {
+      config: configStore,
+      configPath,
+      getActiveAgentConfigRules: () => [] as Ruleset,
+    };
+
+    let registeredName = "";
+    let definition: {
+      description: string;
+      getArgumentCompletions?: (
+        argumentPrefix: string,
+      ) => Array<{ value: string; label: string; description?: string }> | null;
+      handler: (args: string, ctx: CommandContextStub) => Promise<void>;
+    } | null = null;
+
+    registerPermissionSystemCommand(
+      {
+        registerCommand(name: string, nextDefinition: typeof definition) {
+          registeredName = name;
+          definition = nextDefinition;
+        },
+      } as never,
+      controller,
+    );
+
+    expect(registeredName).toBe("permission-system");
+    expect(definition!.description).toContain("Configure pi-permission-system");
+
+    const infoCtx = createCommandContext(true);
+    await definition!.handler("show", infoCtx.ctx);
+    expect(lastNotification(infoCtx.notifications).message).toContain(
+      "yoloMode=on",
+    );
+    expect(lastNotification(infoCtx.notifications).message).toContain(
+      "debugLog=on",
+    );
+
+    await definition!.handler("path", infoCtx.ctx);
+    expect(lastNotification(infoCtx.notifications).message).toBe(
+      `permission-system config: ${configPath}`,
+    );
+
+    await definition!.handler("help", infoCtx.ctx);
+    expect(lastNotification(infoCtx.notifications).message).toContain(
+      "Usage: /permission-system",
+    );
+
+    await definition!.handler("reset", infoCtx.ctx);
+    expect(config).toEqual(DEFAULT_EXTENSION_CONFIG);
+    expect(lastNotification(infoCtx.notifications).message).toBe(
+      "Permission system settings reset to defaults.",
+    );
+
+    const persisted = JSON.parse(readFileSync(configPath, "utf8")) as Record<
+      string,
+      unknown
+    >;
+    expect(persisted).toEqual(DEFAULT_EXTENSION_CONFIG);
+
+    await definition!.handler("unknown", infoCtx.ctx);
+    expect(lastNotification(infoCtx.notifications).level).toBe("warning");
+    expect(lastNotification(infoCtx.notifications).message).toContain(
+      "Usage: /permission-system",
+    );
+
+    const headlessCtx = createCommandContext(false);
+    await definition!.handler("", headlessCtx.ctx);
+    expect(lastNotification(headlessCtx.notifications).message).toBe(
+      "/permission-system requires interactive TUI mode.",
+    );
+
+    const modalCtx = createCommandContext(true);
+    await definition!.handler("", modalCtx.ctx);
+    expect(modalCtx.getCustomCalls()).toBe(1);
+  } finally {
+    rmSync(baseDir, { recursive: true, force: true });
+  }
+});
+
+test("show output includes rule origins when getComposedRules is provided", async () => {
+  const config = { ...DEFAULT_EXTENSION_CONFIG };
+  const composedRules: Rule[] = [
+    {
+      surface: "read",
+      pattern: "*",
+      action: "allow",
+      layer: "config",
+      origin: "global",
+    },
+    {
+      surface: "bash",
+      pattern: "rm *",
+      action: "deny",
+      layer: "config",
+      origin: "project",
+    },
+  ];
+
+  const controller = {
+    config: { current: () => config, save: () => {} } as CommandConfigStore,
+    configPath: "/fake/config.json",
+    getActiveAgentConfigRules: () => composedRules,
+  };
+
+  let definition: {
+    handler: (args: string, ctx: CommandContextStub) => Promise<void>;
+  } | null = null;
+
+  registerPermissionSystemCommand(
+    {
+      registerCommand(_name: string, nextDef: typeof definition) {
+        definition = nextDef;
+      },
+    } as never,
+    controller,
+  );
+
+  const ctx = createCommandContext(true);
+  await definition!.handler("show", ctx.ctx);
+  const msg = lastNotification(ctx.notifications).message;
+
+  expect(msg).toContain("global");
+  expect(msg).toContain("project");
+  expect(msg).toContain("read");
+  expect(msg).toContain("bash");
+});
+
+test("show output omits rule summary when getComposedRules is not provided", async () => {
+  const config = { ...DEFAULT_EXTENSION_CONFIG, yoloMode: true };
+
+  const controller = {
+    config: { current: () => config, save: () => {} } as CommandConfigStore,
+    configPath: "/fake/config.json",
+    getActiveAgentConfigRules: () => [] as Ruleset,
+  };
+
+  let definition: {
+    handler: (args: string, ctx: CommandContextStub) => Promise<void>;
+  } | null = null;
+
+  registerPermissionSystemCommand(
+    {
+      registerCommand(_name: string, nextDef: typeof definition) {
+        definition = nextDef;
+      },
+    } as never,
+    controller,
+  );
+
+  const ctx = createCommandContext(true);
+  await definition!.handler("show", ctx.ctx);
+  const msg = lastNotification(ctx.notifications).message;
+
+  // Config knobs still present.
+  expect(msg).toContain("yoloMode=on");
+  // No rule annotation lines.
+  expect(msg).not.toContain("(global)");
+});

package/test/config-paths.test.ts

@@ -0,0 +1,83 @@
+import { join } from "node:path";
+import { describe, expect, it } from "vitest";
+
+import {
+  DEBUG_LOG_FILENAME,
+  getGlobalConfigDir,
+  getGlobalConfigPath,
+  getGlobalLogsDir,
+  getLegacyExtensionConfigPath,
+  getLegacyGlobalPolicyPath,
+  getLegacyProjectPolicyPath,
+  getProjectAgentsDir,
+  getProjectConfigPath,
+  REVIEW_LOG_FILENAME,
+} from "#src/config-paths";
+
+describe("config-paths", () => {
+  const agentDir = "/home/user/.pi/agent";
+  const cwd = "/projects/my-app";
+  const extensionRoot = "/opt/extensions/pi-permission-system";
+
+  describe("new layout paths", () => {
+    it("getGlobalConfigDir returns extensions/pi-permission-system under agentDir", () => {
+      expect(getGlobalConfigDir(agentDir)).toBe(
+        join(agentDir, "extensions", "pi-permission-system"),
+      );
+    });
+
+    it("getGlobalConfigPath returns config.json under the global config dir", () => {
+      expect(getGlobalConfigPath(agentDir)).toBe(
+        join(agentDir, "extensions", "pi-permission-system", "config.json"),
+      );
+    });
+
+    it("getGlobalLogsDir returns logs under the global config dir", () => {
+      expect(getGlobalLogsDir(agentDir)).toBe(
+        join(agentDir, "extensions", "pi-permission-system", "logs"),
+      );
+    });
+
+    it("getProjectConfigPath returns .pi/extensions/pi-permission-system/config.json under cwd", () => {
+      expect(getProjectConfigPath(cwd)).toBe(
+        join(cwd, ".pi", "extensions", "pi-permission-system", "config.json"),
+      );
+    });
+
+    it("getProjectAgentsDir returns .pi/agents under cwd", () => {
+      expect(getProjectAgentsDir(cwd)).toBe(join(cwd, ".pi", "agents"));
+    });
+  });
+
+  describe("legacy paths", () => {
+    it("getLegacyGlobalPolicyPath returns pi-permissions.jsonc under agentDir", () => {
+      expect(getLegacyGlobalPolicyPath(agentDir)).toBe(
+        join(agentDir, "pi-permissions.jsonc"),
+      );
+    });
+
+    it("getLegacyProjectPolicyPath returns .pi/agent/pi-permissions.jsonc under cwd", () => {
+      expect(getLegacyProjectPolicyPath(cwd)).toBe(
+        join(cwd, ".pi", "agent", "pi-permissions.jsonc"),
+      );
+    });
+
+    it("getLegacyExtensionConfigPath returns config.json under extensionRoot", () => {
+      expect(getLegacyExtensionConfigPath(extensionRoot)).toBe(
+        join(extensionRoot, "config.json"),
+      );
+    });
+  });
+
+  describe("log filenames", () => {
+    it("DEBUG_LOG_FILENAME is a .jsonl file", () => {
+      expect(DEBUG_LOG_FILENAME).toBe("pi-permission-system-debug.jsonl");
+    });
+
+    it("REVIEW_LOG_FILENAME is a .jsonl file", () => {
+      expect(REVIEW_LOG_FILENAME).toBe(
+        "pi-permission-system-permission-review.jsonl",
+      );
+    });
+  });
+});

package/test/config-pipeline.test.ts

@@ -0,0 +1,90 @@
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterEach, beforeEach, describe, expect, it } from "vitest";
+
+import { loadAndMergeConfigs } from "#src/config-loader";
+import { normalizePermissionSystemConfig } from "#src/extension-config";
+
+/**
+ * Full-pipeline seam tests: write a temp config.json → loadAndMergeConfigs →
+ * normalizePermissionSystemConfig → assert values survive end to end.
+ *
+ * These tests guard the seam between the two normalizers — the class of bug
+ * fixed in #332, where a field declared on PermissionSystemExtensionConfig was
+ * silently dropped by the UnifiedPermissionConfig intermediate.
+ */
+describe("config pipeline seam", () => {
+  let tempDir: string;
+  let agentDir: string;
+  let cwd: string;
+  let extensionRoot: string;
+
+  beforeEach(() => {
+    tempDir = mkdtempSync(join(tmpdir(), "config-pipeline-test-"));
+    agentDir = join(tempDir, "agent");
+    cwd = join(tempDir, "project");
+    extensionRoot = join(tempDir, "ext");
+  });
+
+  afterEach(() => {
+    rmSync(tempDir, { recursive: true, force: true });
+  });
+
+  function writeGlobal(content: Record<string, unknown>): void {
+    const dir = join(agentDir, "extensions", "pi-permission-system");
+    mkdirSync(dir, { recursive: true });
+    writeFileSync(join(dir, "config.json"), JSON.stringify(content));
+  }
+
+  it("runtime knob and preview-length field both survive the full pipeline", () => {
+    writeGlobal({
+      debugLog: true,
+      toolInputPreviewMaxLength: 1000,
+    });
+
+    const mergeResult = loadAndMergeConfigs(agentDir, cwd, extensionRoot);
+    const config = normalizePermissionSystemConfig(mergeResult.merged);
+
+    expect(config.debugLog).toBe(true);
+    expect(config.toolInputPreviewMaxLength).toBe(1000);
+  });
+
+  it("text summary length field survives the full pipeline", () => {
+    writeGlobal({
+      toolTextSummaryMaxLength: 250,
+    });
+
+    const mergeResult = loadAndMergeConfigs(agentDir, cwd, extensionRoot);
+    const config = normalizePermissionSystemConfig(mergeResult.merged);
+
+    expect(config.toolTextSummaryMaxLength).toBe(250);
+  });
+
+  it("project config overrides global preview-length field end to end", () => {
+    writeGlobal({ toolInputPreviewMaxLength: 200 });
+    const projectDir = join(cwd, ".pi", "extensions", "pi-permission-system");
+    mkdirSync(projectDir, { recursive: true });
+    writeFileSync(
+      join(projectDir, "config.json"),
+      JSON.stringify({ toolInputPreviewMaxLength: 500 }),
+    );
+
+    const mergeResult = loadAndMergeConfigs(agentDir, cwd, extensionRoot);
+    const config = normalizePermissionSystemConfig(mergeResult.merged);
+
+    expect(config.toolInputPreviewMaxLength).toBe(500);
+  });
+
+  it("defaults apply when config file is absent", () => {
+    // No config files written — agentDir and cwd directories don't exist.
+    const mergeResult = loadAndMergeConfigs(agentDir, cwd, extensionRoot);
+    const config = normalizePermissionSystemConfig(mergeResult.merged);
+
+    expect(config.debugLog).toBe(false);
+    expect(config.permissionReviewLog).toBe(true);
+    expect(config.yoloMode).toBe(false);
+    expect(config.toolInputPreviewMaxLength).toBeUndefined();
+    expect(config.toolTextSummaryMaxLength).toBeUndefined();
+  });
+});

package/test/config-reporter.test.ts

@@ -0,0 +1,147 @@
+import {
+  mkdirSync,
+  mkdtempSync,
+  readFileSync,
+  rmSync,
+  writeFileSync,
+} from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { expect, test } from "vitest";
+import { buildResolvedConfigLogEntry } from "#src/config-reporter";
+import { createPermissionSystemLogger } from "#src/logging";
+import type { ResolvedPolicyPaths } from "#src/permission-manager";
+import { PermissionManager } from "#src/permission-manager";
+
+test("buildResolvedConfigLogEntry includes policy paths and legacy detection flags", () => {
+  const policyPaths: ResolvedPolicyPaths = {
+    globalConfigPath:
+      "/home/user/.pi/agent/extensions/pi-permission-system/config.json",
+    globalConfigExists: true,
+    projectConfigPath:
+      "/projects/my-app/.pi/extensions/pi-permission-system/config.json",
+    projectConfigExists: false,
+    agentsDir: "/home/user/.pi/agent/agents",
+    agentsDirExists: true,
+    projectAgentsDir: "/projects/my-app/.pi/agent/agents",
+    projectAgentsDirExists: false,
+  };
+
+  const result = buildResolvedConfigLogEntry({ policyPaths });
+
+  expect(result.globalConfigPath).toBe(
+    "/home/user/.pi/agent/extensions/pi-permission-system/config.json",
+  );
+  expect(result.globalConfigExists).toBe(true);
+  expect(result.projectConfigPath).toBe(
+    "/projects/my-app/.pi/extensions/pi-permission-system/config.json",
+  );
+  expect(result.projectConfigExists).toBe(false);
+  expect(result.agentsDir).toBe("/home/user/.pi/agent/agents");
+  expect(result.agentsDirExists).toBe(true);
+  expect(result.projectAgentsDir).toBe("/projects/my-app/.pi/agent/agents");
+  expect(result.projectAgentsDirExists).toBe(false);
+  expect(result.legacyGlobalPolicyDetected).toBe(false);
+  expect(result.legacyProjectPolicyDetected).toBe(false);
+  expect(result.legacyExtensionConfigDetected).toBe(false);
+});
+
+test("buildResolvedConfigLogEntry handles null project paths", () => {
+  const policyPaths: ResolvedPolicyPaths = {
+    globalConfigPath:
+      "/home/user/.pi/agent/extensions/pi-permission-system/config.json",
+    globalConfigExists: false,
+    projectConfigPath: null,
+    projectConfigExists: false,
+    agentsDir: "/home/user/.pi/agent/agents",
+    agentsDirExists: false,
+    projectAgentsDir: null,
+    projectAgentsDirExists: false,
+  };
+
+  const result = buildResolvedConfigLogEntry({ policyPaths });
+
+  expect(result.projectConfigPath).toBe(null);
+  expect(result.projectConfigExists).toBe(false);
+  expect(result.projectAgentsDir).toBe(null);
+  expect(result.projectAgentsDirExists).toBe(false);
+});
+
+test("buildResolvedConfigLogEntry surfaces legacy detection flags", () => {
+  const policyPaths: ResolvedPolicyPaths = {
+    globalConfigPath:
+      "/home/user/.pi/agent/extensions/pi-permission-system/config.json",
+    globalConfigExists: true,
+    projectConfigPath: null,
+    projectConfigExists: false,
+    agentsDir: "/home/user/.pi/agent/agents",
+    agentsDirExists: false,
+    projectAgentsDir: null,
+    projectAgentsDirExists: false,
+  };
+
+  const result = buildResolvedConfigLogEntry({
+    policyPaths,
+    legacyGlobalPolicyDetected: true,
+    legacyExtensionConfigDetected: true,
+  });
+
+  expect(result.legacyGlobalPolicyDetected).toBe(true);
+  expect(result.legacyProjectPolicyDetected).toBe(false);
+  expect(result.legacyExtensionConfigDetected).toBe(true);
+});
+
+test("config.resolved entry appears in review log via logger", () => {
+  const tempDir = mkdtempSync(join(tmpdir(), "config-resolved-log-"));
+  try {
+    const logsDir = join(tempDir, "logs");
+    mkdirSync(logsDir, { recursive: true });
+    const reviewLogPath = join(logsDir, "review.jsonl");
+    const debugLogPath = join(logsDir, "debug.jsonl");
+
+    const globalConfigPath = join(tempDir, "pi-permissions.jsonc");
+    writeFileSync(globalConfigPath, "{}", "utf-8");
+    const agentsDir = join(tempDir, "agents");
+
+    const pm = new PermissionManager({
+      globalConfigPath,
+      agentsDir,
+    });
+
+    const logger = createPermissionSystemLogger({
+      getConfig: () => ({
+        debugLog: false,
+        permissionReviewLog: true,
+        yoloMode: false,
+      }),
+      debugLogPath,
+      reviewLogPath,
+      ensureLogsDirectory: () => undefined,
+    });
+
+    const policyPaths = pm.getResolvedPolicyPaths();
+    const entry = buildResolvedConfigLogEntry({ policyPaths });
+    logger.review(
+      "config.resolved",
+      entry as unknown as Record<string, unknown>,
+    );
+
+    const logContent = readFileSync(reviewLogPath, "utf-8").trim();
+    const parsed = JSON.parse(logContent) as Record<string, unknown>;
+
+    expect(parsed.event).toBe("config.resolved");
+    expect(parsed.globalConfigPath).toBe(globalConfigPath);
+    expect(parsed.globalConfigExists).toBe(true);
+    expect(parsed.agentsDir).toBe(agentsDir);
+    expect(parsed.agentsDirExists).toBe(false);
+    expect(parsed.projectConfigPath).toBe(null);
+    expect(parsed.projectConfigExists).toBe(false);
+    expect(parsed.projectAgentsDir).toBe(null);
+    expect(parsed.projectAgentsDirExists).toBe(false);
+    expect(parsed.legacyGlobalPolicyDetected).toBe(false);
+    expect(parsed.legacyProjectPolicyDetected).toBe(false);
+    expect(parsed.legacyExtensionConfigDetected).toBe(false);
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true });
+  }
+});