@komarspn/pi-permission-system 16.0.2

package/test/handlers/gates/skill-input.test.ts

@@ -0,0 +1,131 @@
+import { describe, expect, it } from "vitest";
+
+import { describeSkillInputGate } from "#src/handlers/gates/skill-input";
+import { makeCheckResult } from "#test/helpers/handler-fixtures";
+
+// ── helpers ────────────────────────────────────────────────────────────────
+
+function makeSkillCheck(state: "allow" | "deny" | "ask") {
+  return makeCheckResult({
+    state,
+    toolName: "skill",
+    source: "skill",
+    origin: "global",
+    matchedPattern: "*",
+  });
+}
+
+// ── describeSkillInputGate ─────────────────────────────────────────────────
+
+describe("describeSkillInputGate", () => {
+  it("sets surface to 'skill'", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      null,
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.surface).toBe("skill");
+  });
+
+  it("sets input.name to the skill name", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      null,
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.input).toEqual({ name: "librarian" });
+  });
+
+  it("passes preCheck through verbatim", () => {
+    const check = makeSkillCheck("deny");
+    const descriptor = describeSkillInputGate("librarian", null, check);
+    expect(descriptor.preCheck).toBe(check);
+  });
+
+  it("sets denialContext with kind skill_input and skill name", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      null,
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.denialContext).toEqual({
+      kind: "skill_input",
+      skillName: "librarian",
+      agentName: undefined,
+    });
+  });
+
+  it("includes agentName in denialContext when provided", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      "code-agent",
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.denialContext).toEqual({
+      kind: "skill_input",
+      skillName: "librarian",
+      agentName: "code-agent",
+    });
+  });
+
+  it("sets promptDetails source to 'skill_input' with skill name and agent", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      "code-agent",
+      makeSkillCheck("ask"),
+    );
+    expect(descriptor.promptDetails).toMatchObject({
+      source: "skill_input",
+      agentName: "code-agent",
+      skillName: "librarian",
+    });
+  });
+
+  it("includes a non-empty message in promptDetails", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      null,
+      makeSkillCheck("ask"),
+    );
+    expect(typeof descriptor.promptDetails.message).toBe("string");
+    expect(descriptor.promptDetails.message.length).toBeGreaterThan(0);
+  });
+
+  it("sets logContext source to 'skill_input' with skill name and agent", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      "code-agent",
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.logContext).toMatchObject({
+      source: "skill_input",
+      skillName: "librarian",
+      agentName: "code-agent",
+    });
+  });
+
+  it("sets decision surface to 'skill' and value to the skill name", () => {
+    const descriptor = describeSkillInputGate(
+      "my-skill",
+      null,
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.decision).toEqual({
+      surface: "skill",
+      value: "my-skill",
+    });
+  });
+
+  it("does not set preResolved and sets skill sessionApproval", () => {
+    const descriptor = describeSkillInputGate(
+      "librarian",
+      null,
+      makeSkillCheck("allow"),
+    );
+    expect(descriptor.preResolved).toBeUndefined();
+    expect(descriptor.sessionApproval?.toGateApproval()).toEqual({
+      surface: "skill",
+      pattern: "librarian",
+    });
+  });
+});

package/test/handlers/gates/skill-read.test.ts

@@ -0,0 +1,158 @@
+import { describe, expect, it, vi } from "vitest";
+import { describeSkillReadGate } from "#src/handlers/gates/skill-read";
+import type { ToolCallContext } from "#src/handlers/gates/types";
+import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
+
+// ── SDK stubs ──────────────────────────────────────────────────────────────
+vi.mock("@earendil-works/pi-coding-agent", async (importOriginal) => {
+  const original =
+    await importOriginal<typeof import("@earendil-works/pi-coding-agent")>();
+  return { ...original };
+});
+
+// ── helpers ────────────────────────────────────────────────────────────────
+
+function makeSkillEntry(
+  overrides: Partial<SkillPromptEntry> = {},
+): SkillPromptEntry {
+  return {
+    name: "librarian",
+    description: "Research skills",
+    location: "/skills/librarian/SKILL.md",
+    state: "ask",
+    normalizedLocation: "/skills/librarian/SKILL.md",
+    normalizedBaseDir: "/skills/librarian",
+    ...overrides,
+  };
+}
+
+function makeTcc(overrides: Partial<ToolCallContext> = {}): ToolCallContext {
+  return {
+    toolName: "read",
+    agentName: null,
+    input: { path: "/skills/librarian/SKILL.md" },
+    toolCallId: "tc-1",
+    cwd: "/test/project",
+    ...overrides,
+  };
+}
+
+// ── tests ──────────────────────────────────────────────────────────────────
+
+describe("describeSkillReadGate", () => {
+  it("returns null when tool is not read", () => {
+    const result = describeSkillReadGate(makeTcc({ toolName: "write" }), () => [
+      makeSkillEntry(),
+    ]);
+    expect(result).toBeNull();
+  });
+
+  it("returns null when no active skill entries", () => {
+    const result = describeSkillReadGate(makeTcc(), () => []);
+    expect(result).toBeNull();
+  });
+
+  it("returns null when read path does not match any skill", () => {
+    const result = describeSkillReadGate(
+      makeTcc({ input: { path: "/test/project/src/index.ts" } }),
+      () => [makeSkillEntry()],
+    );
+    expect(result).toBeNull();
+  });
+
+  it("returns null when input has no path", () => {
+    const result = describeSkillReadGate(makeTcc({ input: {} }), () => [
+      makeSkillEntry(),
+    ]);
+    expect(result).toBeNull();
+  });
+
+  it("returns GateDescriptor with preResolved.state matching skill entry state (ask)", () => {
+    const result = describeSkillReadGate(makeTcc(), () => [
+      makeSkillEntry({ state: "ask" }),
+    ]);
+    expect(result).not.toBeNull();
+    const desc = result!;
+    expect(desc.preResolved).toEqual({ state: "ask" });
+  });
+
+  it("returns GateDescriptor with preResolved.state matching skill entry state (allow)", () => {
+    const result = describeSkillReadGate(makeTcc(), () => [
+      makeSkillEntry({ state: "allow" }),
+    ]);
+    expect(result).not.toBeNull();
+    const desc = result!;
+    expect(desc.preResolved).toEqual({ state: "allow" });
+  });
+
+  it("returns GateDescriptor with preResolved.state matching skill entry state (deny)", () => {
+    const result = describeSkillReadGate(makeTcc(), () => [
+      makeSkillEntry({ state: "deny" }),
+    ]);
+    expect(result).not.toBeNull();
+    const desc = result!;
+    expect(desc.preResolved).toEqual({ state: "deny" });
+  });
+
+  it("decision surface is 'skill' and decision value is the skill name", () => {
+    const result = describeSkillReadGate(makeTcc(), () => [
+      makeSkillEntry({ name: "my-skill" }),
+    ])!;
+    expect(result.decision.surface).toBe("skill");
+    expect(result.decision.value).toBe("my-skill");
+  });
+
+  it("denialContext contains the skill name and read path", () => {
+    const result = describeSkillReadGate(makeTcc(), () => [
+      makeSkillEntry({ name: "librarian" }),
+    ])!;
+    expect(result.denialContext).toEqual({
+      kind: "skill_read",
+      skillName: "librarian",
+      readPath: "/skills/librarian/SKILL.md",
+      agentName: undefined,
+    });
+  });
+
+  it("promptDetails includes skill_read source and skillName", () => {
+    const result = describeSkillReadGate(
+      makeTcc({ agentName: "test-agent", toolCallId: "tc-42" }),
+      () => [makeSkillEntry({ name: "my-skill" })],
+    )!;
+    expect(result.promptDetails).toMatchObject({
+      source: "skill_read",
+      agentName: "test-agent",
+      toolCallId: "tc-42",
+      toolName: "read",
+      skillName: "my-skill",
+    });
+    expect(result.promptDetails.message).toBeDefined();
+  });
+
+  it("logContext includes skill_read source and skillName", () => {
+    const result = describeSkillReadGate(
+      makeTcc({ agentName: "agent-1" }),
+      () => [makeSkillEntry({ name: "librarian" })],
+    )!;
+    expect(result.logContext).toMatchObject({
+      source: "skill_read",
+      skillName: "librarian",
+      agentName: "agent-1",
+    });
+  });
+
+  it("surface is 'skill' on the descriptor", () => {
+    const result = describeSkillReadGate(makeTcc(), () => [makeSkillEntry()])!;
+    expect(result.surface).toBe("skill");
+  });
+
+  it("sets skill sessionApproval", () => {
+    const result = describeSkillReadGate(makeTcc(), () => [
+      makeSkillEntry({ name: "librarian" }),
+    ])!;
+    expect(result.sessionApproval?.toGateApproval()).toEqual({
+      surface: "skill",
+      pattern: "librarian",
+    });
+  });
+});

package/test/handlers/gates/tool-call-gate-pipeline.test.ts

@@ -0,0 +1,252 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+
+import { ToolCallGatePipeline } from "#src/handlers/gates/tool-call-gate-pipeline";
+
+import {
+  makeGateInputs,
+  makeGateRunner,
+  makeResolver,
+  makeTcc,
+} from "#test/helpers/gate-fixtures";
+import { makeCheckResult } from "#test/helpers/handler-fixtures";
+
+// ── BashProgram.parse mock ─────────────────────────────────────────────────
+
+const { mockBashProgramParse } = vi.hoisted(() => ({
+  mockBashProgramParse: vi.fn(),
+}));
+
+vi.mock("#src/handlers/gates/bash-program", () => ({
+  BashProgram: { parse: mockBashProgramParse },
+}));
+
+function makeMockBashProgram() {
+  return {
+    commands: vi.fn<() => []>(() => []),
+    pathRuleCandidates: vi.fn<() => []>(() => []),
+    externalPaths: vi.fn<() => []>(() => []),
+  };
+}
+
+// ── ToolCallGatePipeline ───────────────────────────────────────────────────
+
+describe("ToolCallGatePipeline", () => {
+  beforeEach(() => {
+    mockBashProgramParse.mockReset();
+    mockBashProgramParse.mockResolvedValue(makeMockBashProgram());
+  });
+
+  // ── non-bash tools ───────────────────────────────────────────────────────
+
+  describe("evaluate — non-bash tool", () => {
+    it("returns allow when all gates pass", async () => {
+      const resolver = makeResolver(makeCheckResult());
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner();
+      const pipeline = new ToolCallGatePipeline(resolver, inputs);
+
+      const result = await pipeline.evaluate(
+        makeTcc({ toolName: "read", input: {} }),
+        runner,
+      );
+
+      expect(result).toEqual({ action: "allow" });
+    });
+
+    it("returns block when the tool gate denies", async () => {
+      const resolver = makeResolver(
+        makeCheckResult({ state: "deny", matchedPattern: "*" }),
+      );
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner();
+      const pipeline = new ToolCallGatePipeline(resolver, inputs);
+
+      const result = await pipeline.evaluate(
+        makeTcc({ toolName: "read", input: {} }),
+        runner,
+      );
+
+      expect(result).toMatchObject({ action: "block" });
+    });
+
+    it("short-circuits after the first blocking gate without evaluating later ones", async () => {
+      const resolver = makeResolver(makeCheckResult());
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner();
+      const runSpy = vi
+        .spyOn(runner, "run")
+        .mockResolvedValue({ action: "block", reason: "first gate blocked" });
+
+      const pipeline = new ToolCallGatePipeline(resolver, inputs);
+      const result = await pipeline.evaluate(
+        makeTcc({ toolName: "read", input: {} }),
+        runner,
+      );
+
+      expect(result).toEqual({ action: "block", reason: "first gate blocked" });
+      // Pipeline looped to the first gate, got block, and stopped — not all 6 gates.
+      expect(runSpy).toHaveBeenCalledTimes(1);
+    });
+
+    it("calls getToolPreviewLimits() during evaluate", async () => {
+      const getToolPreviewLimits = vi.fn(() => ({
+        toolInputPreviewMaxLength: 500,
+        toolTextSummaryMaxLength: 100,
+        toolInputLogPreviewMaxLength: 200,
+      }));
+      const resolver = makeResolver(makeCheckResult());
+      const inputs = makeGateInputs({ getToolPreviewLimits });
+      const { runner } = makeGateRunner();
+      const pipeline = new ToolCallGatePipeline(resolver, inputs);
+
+      await pipeline.evaluate(makeTcc({ toolName: "read", input: {} }), runner);
+
+      expect(getToolPreviewLimits).toHaveBeenCalled();
+    });
+
+    it("calls getInfrastructureReadDirs() during evaluate", async () => {
+      const getInfrastructureReadDirs = vi.fn<() => string[]>(() => []);
+      const resolver = makeResolver(makeCheckResult());
+      const inputs = makeGateInputs({ getInfrastructureReadDirs });
+      const { runner } = makeGateRunner();
+      const pipeline = new ToolCallGatePipeline(resolver, inputs);
+
+      await pipeline.evaluate(makeTcc({ toolName: "read", input: {} }), runner);
+
+      expect(getInfrastructureReadDirs).toHaveBeenCalled();
+    });
+
+    it("calls getActiveSkillEntries() during evaluate", async () => {
+      const getActiveSkillEntries = vi.fn<() => []>(() => []);
+      const resolver = makeResolver(makeCheckResult());
+      const inputs = makeGateInputs({ getActiveSkillEntries });
+      const { runner } = makeGateRunner();
+      const pipeline = new ToolCallGatePipeline(resolver, inputs);
+
+      await pipeline.evaluate(makeTcc({ toolName: "read", input: {} }), runner);
+
+      expect(getActiveSkillEntries).toHaveBeenCalled();
+    });
+
+    it("does not call BashProgram.parse for non-bash tools", async () => {
+      const resolver = makeResolver(makeCheckResult());
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner();
+      const pipeline = new ToolCallGatePipeline(resolver, inputs);
+
+      await pipeline.evaluate(makeTcc({ toolName: "read", input: {} }), runner);
+
+      expect(mockBashProgramParse).not.toHaveBeenCalled();
+    });
+  });
+
+  // ── bash tool ────────────────────────────────────────────────────────────
+
+  describe("evaluate — bash tool", () => {
+    it("returns allow when the bash command is permitted", async () => {
+      const resolver = makeResolver(makeCheckResult());
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner();
+      const pipeline = new ToolCallGatePipeline(resolver, inputs);
+
+      const result = await pipeline.evaluate(
+        makeTcc({ toolName: "bash", input: { command: "echo hello" } }),
+        runner,
+      );
+
+      expect(result).toEqual({ action: "allow" });
+    });
+
+    it("parses BashProgram exactly once per evaluate for bash tools with a command", async () => {
+      const resolver = makeResolver(makeCheckResult());
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner();
+      const pipeline = new ToolCallGatePipeline(resolver, inputs);
+
+      await pipeline.evaluate(
+        makeTcc({ toolName: "bash", input: { command: "echo hello" } }),
+        runner,
+      );
+
+      expect(mockBashProgramParse).toHaveBeenCalledTimes(1);
+      expect(mockBashProgramParse).toHaveBeenCalledWith("echo hello");
+    });
+
+    it("does not parse BashProgram when the bash command is empty", async () => {
+      const resolver = makeResolver(makeCheckResult());
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner();
+      const pipeline = new ToolCallGatePipeline(resolver, inputs);
+
+      await pipeline.evaluate(
+        makeTcc({ toolName: "bash", input: { command: "" } }),
+        runner,
+      );
+
+      expect(mockBashProgramParse).not.toHaveBeenCalled();
+    });
+  });
+
+  // ── customExtractors threading (#352) ────────────────────────────────────
+
+  describe("evaluate — customExtractors threading (#352)", () => {
+    // Deny only the cross-cutting `path` surface; allow everything else, so a
+    // block can only come from the path gate seeing the extracted path.
+    function pathDenyingResolver() {
+      const resolver = makeResolver();
+      resolver.resolve.mockImplementation((surface) =>
+        surface === "path"
+          ? makeCheckResult({ state: "deny", matchedPattern: "*" })
+          : makeCheckResult(),
+      );
+      return resolver;
+    }
+
+    const extractors = {
+      get: (name: string) =>
+        name === "ffgrep"
+          ? (input: Record<string, unknown>) =>
+              typeof input.target === "string" ? input.target : undefined
+          : undefined,
+    };
+
+    it("forwards extractors so a custom-shaped tool is path-gated", async () => {
+      const resolver = pathDenyingResolver();
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner();
+      const pipeline = new ToolCallGatePipeline(
+        resolver,
+        inputs,
+        undefined,
+        extractors,
+      );
+
+      const result = await pipeline.evaluate(
+        makeTcc({
+          toolName: "ffgrep",
+          input: { target: "/test/project/secret.env" },
+        }),
+        runner,
+      );
+
+      expect(result).toMatchObject({ action: "block" });
+    });
+
+    it("without extractors the custom-shaped tool is not path-gated", async () => {
+      const resolver = pathDenyingResolver();
+      const inputs = makeGateInputs();
+      const { runner } = makeGateRunner();
+      const pipeline = new ToolCallGatePipeline(resolver, inputs);
+
+      const result = await pipeline.evaluate(
+        makeTcc({
+          toolName: "ffgrep",
+          input: { target: "/test/project/secret.env" },
+        }),
+        runner,
+      );
+
+      expect(result).toEqual({ action: "allow" });
+    });
+  });
+});