@komarspn/pi-permission-system 16.0.2

package/test/input-normalizer.test.ts

@@ -0,0 +1,367 @@
+import { join } from "node:path";
+import { afterEach, describe, expect, it, vi } from "vitest";
+
+const mockHomedir = vi.hoisted(() => vi.fn(() => "/mock/home"));
+
+vi.mock("node:os", () => ({
+  homedir: mockHomedir,
+  default: { homedir: mockHomedir },
+}));
+
+import { normalizeInput } from "#src/input-normalizer";
+import { createMcpPermissionTargets } from "#src/mcp-targets";
+
+afterEach(() => {
+  mockHomedir.mockClear();
+});
+
+describe("normalizeInput — non-MCP surfaces", () => {
+  describe("special / path", () => {
+    it("uses path from input as the lookup value", () => {
+      const result = normalizeInput("path", { path: ".env" }, []);
+      expect(result.surface).toBe("path");
+      expect(result.values).toEqual([".env"]);
+      expect(result.resultExtras).toEqual({});
+    });
+
+    it("falls back to '*' when path is missing", () => {
+      const result = normalizeInput("path", {}, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("falls back to '*' when path is not a string", () => {
+      const result = normalizeInput("path", { path: 42 }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("falls back to '*' when path is an empty string", () => {
+      const result = normalizeInput("path", { path: "" }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("falls back to '*' when path is whitespace-only", () => {
+      const result = normalizeInput("path", { path: "   " }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("handles null input", () => {
+      const result = normalizeInput("path", null, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("expands ~/... path value to absolute home path", () => {
+      const result = normalizeInput("path", { path: "~/.ssh/config" }, []);
+      expect(result.values).toEqual([join("/mock/home", ".ssh/config")]);
+    });
+
+    it("expands $HOME/... path value to absolute home path", () => {
+      const result = normalizeInput("path", { path: "$HOME/.ssh/config" }, []);
+      expect(result.values).toEqual([join("/mock/home", ".ssh/config")]);
+    });
+
+    it("does not expand non-home values", () => {
+      const result = normalizeInput("path", { path: ".env" }, []);
+      expect(result.values).toEqual([".env"]);
+    });
+
+    it("does not expand the '*' fallback", () => {
+      const result = normalizeInput("path", {}, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("adds cwd-normalized and relative aliases when cwd is provided", () => {
+      const result = normalizeInput(
+        "path",
+        { path: "src/App.jsx" },
+        [],
+        "/workspace/project",
+      );
+      expect(result.values).toEqual([
+        "/workspace/project/src/App.jsx",
+        "src/App.jsx",
+      ]);
+    });
+
+    it("ignores a user-supplied string pathPolicyValues field", () => {
+      const result = normalizeInput(
+        "path",
+        { path: "src/App.jsx", pathPolicyValues: ["/etc/shadow"] },
+        [],
+        "/workspace/project",
+      );
+      expect(result.values).toEqual([
+        "/workspace/project/src/App.jsx",
+        "src/App.jsx",
+      ]);
+    });
+  });
+
+  describe("special / external_directory", () => {
+    it("uses path from input as the lookup value", () => {
+      const result = normalizeInput(
+        "external_directory",
+        { path: "/other/project" },
+        [],
+      );
+      expect(result.surface).toBe("external_directory");
+      expect(result.values).toEqual(["/other/project"]);
+      expect(result.resultExtras).toEqual({});
+    });
+
+    it("falls back to '*' when path is missing", () => {
+      const result = normalizeInput("external_directory", {}, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("falls back to '*' when path is not a string", () => {
+      const result = normalizeInput("external_directory", { path: 42 }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("falls back to '*' when path is an empty string", () => {
+      const result = normalizeInput("external_directory", { path: "" }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("handles null input", () => {
+      const result = normalizeInput("external_directory", null, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("expands ~/... path value to absolute home path", () => {
+      const result = normalizeInput(
+        "external_directory",
+        { path: "~/dev/project" },
+        [],
+      );
+      expect(result.values).toEqual([join("/mock/home", "dev/project")]);
+    });
+
+    it("expands $HOME/... path value to absolute home path", () => {
+      const result = normalizeInput(
+        "external_directory",
+        { path: "$HOME/dev/project" },
+        [],
+      );
+      expect(result.values).toEqual([join("/mock/home", "dev/project")]);
+    });
+
+    it("adds cwd-normalized and relative aliases when cwd is provided", () => {
+      const result = normalizeInput(
+        "external_directory",
+        { path: "src/App.jsx" },
+        [],
+        "/workspace/project",
+      );
+      expect(result.values).toEqual([
+        "/workspace/project/src/App.jsx",
+        "src/App.jsx",
+      ]);
+    });
+  });
+
+  describe("skill", () => {
+    it("uses skill name from input.name", () => {
+      const result = normalizeInput("skill", { name: "librarian" }, []);
+      expect(result.surface).toBe("skill");
+      expect(result.values).toEqual(["librarian"]);
+      expect(result.resultExtras).toEqual({});
+    });
+
+    it("falls back to '*' when name is missing", () => {
+      const result = normalizeInput("skill", {}, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("falls back to '*' when name is not a string", () => {
+      const result = normalizeInput("skill", { name: 99 }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+  });
+
+  describe("bash", () => {
+    it("uses command from input.command", () => {
+      const result = normalizeInput("bash", { command: "git status" }, []);
+      expect(result.surface).toBe("bash");
+      expect(result.values).toEqual(["git status"]);
+      expect(result.resultExtras).toEqual({ command: "git status" });
+    });
+
+    it("uses empty string when command is missing", () => {
+      const result = normalizeInput("bash", {}, []);
+      expect(result.values).toEqual([""]);
+      expect(result.resultExtras).toEqual({ command: "" });
+    });
+
+    it("uses empty string when command is not a string", () => {
+      const result = normalizeInput("bash", { command: 42 }, []);
+      expect(result.values).toEqual([""]);
+      expect(result.resultExtras).toEqual({ command: "" });
+    });
+
+    it("strips leading comment lines from values but keeps original in resultExtras", () => {
+      const cmd = "# Check debug logs\nfind /home -path '*debug*' -type f";
+      const result = normalizeInput("bash", { command: cmd }, []);
+      expect(result.values).toEqual(["find /home -path '*debug*' -type f"]);
+      expect(result.resultExtras).toEqual({ command: cmd });
+    });
+
+    it("strips multiple comment lines", () => {
+      const cmd = "# Step 1\n# Step 2\ngit status --short";
+      const result = normalizeInput("bash", { command: cmd }, []);
+      expect(result.values).toEqual(["git status --short"]);
+    });
+
+    it("preserves command when no comment lines present", () => {
+      const result = normalizeInput(
+        "bash",
+        { command: "grep -rn foo src/" },
+        [],
+      );
+      expect(result.values).toEqual(["grep -rn foo src/"]);
+    });
+
+    it("falls back to original when all lines are comments", () => {
+      const cmd = "# just a comment";
+      const result = normalizeInput("bash", { command: cmd }, []);
+      expect(result.values).toEqual(["# just a comment"]);
+    });
+  });
+
+  describe("path-bearing tools (read, write, edit, grep, find, ls)", () => {
+    it("uses input.path as the lookup value when path is present", () => {
+      for (const tool of ["read", "write", "edit", "grep", "find", "ls"]) {
+        const result = normalizeInput(
+          tool,
+          { path: "/project/src/main.ts" },
+          [],
+        );
+        expect(result.surface).toBe(tool);
+        expect(result.values).toEqual(["/project/src/main.ts"]);
+        expect(result.resultExtras).toEqual({});
+      }
+    });
+
+    it("falls back to '*' when input.path is missing", () => {
+      for (const tool of ["read", "write", "edit", "grep", "find", "ls"]) {
+        const result = normalizeInput(tool, {}, []);
+        expect(result.values).toEqual(["*"]);
+      }
+    });
+
+    it("falls back to '*' when input.path is empty string", () => {
+      const result = normalizeInput("read", { path: "" }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("falls back to '*' when input.path is not a string", () => {
+      const result = normalizeInput("write", { path: 42 }, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("falls back to '*' when input is null", () => {
+      const result = normalizeInput("edit", null, []);
+      expect(result.values).toEqual(["*"]);
+    });
+
+    it("expands ~/... path value to absolute home path", () => {
+      const result = normalizeInput("read", { path: "~/.ssh/config" }, []);
+      expect(result.values).toEqual([join("/mock/home", ".ssh/config")]);
+    });
+
+    it("expands $HOME/... path value to absolute home path", () => {
+      const result = normalizeInput("write", { path: "$HOME/.ssh/config" }, []);
+      expect(result.values).toEqual([join("/mock/home", ".ssh/config")]);
+    });
+
+    it("adds cwd-normalized and relative aliases when cwd is provided", () => {
+      const result = normalizeInput(
+        "read",
+        { path: "src/App.jsx" },
+        [],
+        "/workspace/project",
+      );
+      expect(result.values).toEqual([
+        "/workspace/project/src/App.jsx",
+        "src/App.jsx",
+      ]);
+    });
+  });
+
+  describe("extension tools (non-path-bearing)", () => {
+    it("uses '*' as the lookup value for extension tools", () => {
+      const result = normalizeInput("my_extension_tool", { some: "input" }, []);
+      expect(result.surface).toBe("my_extension_tool");
+      expect(result.values).toEqual(["*"]);
+      expect(result.resultExtras).toEqual({});
+    });
+
+    it("uses '*' even when extension tool has a path field", () => {
+      const result = normalizeInput(
+        "my_extension_tool",
+        { path: "/some/path" },
+        [],
+      );
+      expect(result.values).toEqual(["*"]);
+    });
+  });
+});
+
+describe("normalizeInput — MCP surface", () => {
+  it("surface is 'mcp'", () => {
+    const result = normalizeInput("mcp", { tool: "exa:search" }, []);
+    expect(result.surface).toBe("mcp");
+  });
+
+  it("values end with the catch-all 'mcp' target", () => {
+    const result = normalizeInput("mcp", { tool: "exa:search" }, []);
+    expect(result.values.at(-1)).toBe("mcp");
+  });
+
+  it("values include specific targets before the catch-all for a qualified tool call", () => {
+    const result = normalizeInput("mcp", { tool: "exa:search" }, []);
+    expect(result.values).toContain("exa_search");
+    expect(result.values).toContain("exa:search");
+    expect(result.values).toContain("exa");
+    expect(result.values).toContain("mcp_call");
+    // 'mcp' is always last
+    expect(result.values.at(-1)).toBe("mcp");
+  });
+
+  it("matches createMcpPermissionTargets output + 'mcp' appended", () => {
+    const rawTargets = createMcpPermissionTargets({ tool: "exa:search" }, [
+      "exa",
+    ]);
+    const result = normalizeInput("mcp", { tool: "exa:search" }, ["exa"]);
+    expect(result.values).toEqual([...rawTargets, "mcp"]);
+  });
+
+  it("resultExtras.target is the first specific target (most-specific)", () => {
+    const result = normalizeInput("mcp", { tool: "exa:search" }, []);
+    expect(result.resultExtras.target).toBe(result.values[0]);
+  });
+
+  it("resultExtras.target is 'mcp' when no specific targets are derived", () => {
+    // Empty input → only mcp_status then mcp appended
+    const result = normalizeInput("mcp", {}, []);
+    expect(result.resultExtras.target).toBe("mcp_status");
+  });
+
+  it("values contain no duplicates", () => {
+    const result = normalizeInput("mcp", { tool: "exa:search" }, ["exa"]);
+    const unique = [...new Set(result.values)];
+    expect(result.values).toEqual(unique);
+  });
+
+  it("produces mcp_status + mcp for status input", () => {
+    const result = normalizeInput("mcp", {}, []);
+    expect(result.values).toEqual(["mcp_status", "mcp"]);
+  });
+
+  it("produces connect targets + mcp for connect input", () => {
+    const result = normalizeInput("mcp", { connect: "exa" }, []);
+    expect(result.values).toContain("mcp_connect_exa");
+    expect(result.values).toContain("mcp_connect");
+    expect(result.values.at(-1)).toBe("mcp");
+  });
+});

package/test/logging.test.ts

@@ -0,0 +1,51 @@
+import {
+  existsSync,
+  mkdirSync,
+  mkdtempSync,
+  readFileSync,
+  rmSync,
+} from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { expect, test } from "vitest";
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
+import { createPermissionSystemLogger } from "#src/logging";
+
+test("Permission-system logger respects debug toggle and keeps review log enabled by default", () => {
+  const baseDir = mkdtempSync(join(tmpdir(), "pi-permission-system-logs-"));
+  const logsDir = join(baseDir, "logs");
+  const debugLogPath = join(logsDir, "debug.jsonl");
+  const reviewLogPath = join(logsDir, "review.jsonl");
+  const config = { ...DEFAULT_EXTENSION_CONFIG };
+  const logger = createPermissionSystemLogger({
+    getConfig: () => config,
+    debugLogPath,
+    reviewLogPath,
+    ensureLogsDirectory: () => {
+      mkdirSync(logsDir, { recursive: true });
+      return undefined;
+    },
+  });
+
+  try {
+    const initialDebugWarning = logger.debug("debug.disabled", {
+      sample: true,
+    });
+    const reviewWarning = logger.review("permission_request.waiting", {
+      toolName: "write",
+    });
+
+    expect(initialDebugWarning).toBe(undefined);
+    expect(reviewWarning).toBe(undefined);
+    expect(existsSync(debugLogPath)).toBe(false);
+    expect(existsSync(reviewLogPath)).toBe(true);
+
+    config.debugLog = true;
+    const enabledDebugWarning = logger.debug("debug.enabled", { sample: true });
+    expect(enabledDebugWarning).toBe(undefined);
+    expect(existsSync(debugLogPath)).toBe(true);
+    expect(readFileSync(debugLogPath, "utf8")).toMatch(/debug\.enabled/);
+  } finally {
+    rmSync(baseDir, { recursive: true, force: true });
+  }
+});

package/test/mcp-targets.test.ts

@@ -0,0 +1,233 @@
+import { describe, expect, it } from "vitest";
+import {
+  createMcpPermissionTargets,
+  McpTargetList,
+  parseQualifiedMcpToolName,
+} from "#src/mcp-targets";
+
+describe("parseQualifiedMcpToolName", () => {
+  it("returns server and tool for a valid qualified name", () => {
+    expect(parseQualifiedMcpToolName("exa:search")).toEqual({
+      server: "exa",
+      tool: "search",
+    });
+  });
+
+  it("returns server and tool with surrounding whitespace trimmed", () => {
+    expect(parseQualifiedMcpToolName("  exa : search  ")).toEqual({
+      server: "exa",
+      tool: "search",
+    });
+  });
+
+  it("returns null for empty string", () => {
+    expect(parseQualifiedMcpToolName("")).toBeNull();
+  });
+
+  it("returns null for whitespace-only string", () => {
+    expect(parseQualifiedMcpToolName("   ")).toBeNull();
+  });
+
+  it("returns null when colon is the first character", () => {
+    expect(parseQualifiedMcpToolName(":search")).toBeNull();
+  });
+
+  it("returns null when colon is the last character", () => {
+    expect(parseQualifiedMcpToolName("exa:")).toBeNull();
+  });
+
+  it("returns null for a plain tool name with no colon", () => {
+    expect(parseQualifiedMcpToolName("exa_search")).toBeNull();
+  });
+
+  it("returns null when server part is empty after trimming", () => {
+    expect(parseQualifiedMcpToolName(" :search")).toBeNull();
+  });
+
+  it("returns null when tool part is empty after trimming", () => {
+    expect(parseQualifiedMcpToolName("exa: ")).toBeNull();
+  });
+});
+
+describe("createMcpPermissionTargets", () => {
+  describe("tool call (input.tool)", () => {
+    it("produces targets for a bare tool name with no configured servers", () => {
+      const targets = createMcpPermissionTargets({ tool: "exa_search" }, []);
+      expect(targets).toContain("exa_search");
+      expect(targets).toContain("mcp_call");
+    });
+
+    it("produces targets for a qualified tool name (server:tool)", () => {
+      const targets = createMcpPermissionTargets({ tool: "exa:search" }, []);
+      expect(targets).toContain("exa_search");
+      expect(targets).toContain("exa:search");
+      expect(targets).toContain("exa");
+      expect(targets).toContain("mcp_call");
+    });
+
+    it("produces targets for a tool call with explicit server field", () => {
+      const targets = createMcpPermissionTargets(
+        { tool: "search", server: "exa" },
+        [],
+      );
+      expect(targets).toContain("exa_search");
+      expect(targets).toContain("exa:search");
+      expect(targets).toContain("exa");
+      expect(targets).toContain("mcp_call");
+    });
+
+    it("derives server targets from configured server names when tool name ends with _<server>", () => {
+      const targets = createMcpPermissionTargets({ tool: "exa_search" }, [
+        "exa",
+      ]);
+      // exa_search ends with _exa? No — it ends with _search. This tool name
+      // does NOT trigger server derivation because it does not end with _exa.
+      expect(targets).toContain("exa_search");
+    });
+
+    it("does not include duplicate entries", () => {
+      const targets = createMcpPermissionTargets({ tool: "exa:search" }, [
+        "exa",
+      ]);
+      const unique = [...new Set(targets)];
+      expect(targets).toEqual(unique);
+    });
+  });
+
+  describe("connect call (input.connect)", () => {
+    it("produces targets for a connect operation", () => {
+      const targets = createMcpPermissionTargets({ connect: "exa" }, []);
+      expect(targets).toContain("mcp_connect_exa");
+      expect(targets).toContain("exa");
+      expect(targets).toContain("mcp_connect");
+    });
+
+    it("does not include mcp_call for connect operations", () => {
+      const targets = createMcpPermissionTargets({ connect: "exa" }, []);
+      expect(targets).not.toContain("mcp_call");
+    });
+  });
+
+  describe("describe operation (input.describe)", () => {
+    it("produces targets for a describe operation on a qualified tool", () => {
+      const targets = createMcpPermissionTargets(
+        { describe: "exa:search" },
+        [],
+      );
+      expect(targets).toContain("exa_search");
+      expect(targets).toContain("exa:search");
+      expect(targets).toContain("exa");
+      expect(targets).toContain("mcp_describe");
+    });
+  });
+
+  describe("search operation (input.search)", () => {
+    it("produces mcp_search and the search string as targets", () => {
+      const targets = createMcpPermissionTargets({ search: "weather" }, []);
+      expect(targets).toContain("weather");
+      expect(targets).toContain("mcp_search");
+    });
+
+    it("includes server targets when server is provided alongside search", () => {
+      const targets = createMcpPermissionTargets(
+        { search: "weather", server: "exa" },
+        [],
+      );
+      expect(targets).toContain("mcp_server_exa");
+      expect(targets).toContain("exa");
+      expect(targets).toContain("mcp_search");
+    });
+  });
+
+  describe("server listing (input.server only)", () => {
+    it("produces mcp_list and server-specific targets", () => {
+      const targets = createMcpPermissionTargets({ server: "exa" }, []);
+      expect(targets).toContain("mcp_server_exa");
+      expect(targets).toContain("exa");
+      expect(targets).toContain("mcp_list");
+    });
+  });
+
+  describe("status (no meaningful input)", () => {
+    it("produces mcp_status for empty input", () => {
+      const targets = createMcpPermissionTargets({}, []);
+      expect(targets).toContain("mcp_status");
+    });
+
+    it("produces mcp_status for null input", () => {
+      const targets = createMcpPermissionTargets(null, []);
+      expect(targets).toContain("mcp_status");
+    });
+
+    it("produces mcp_status when no server/tool/connect/describe/search present", () => {
+      const targets = createMcpPermissionTargets({ unrelated: "value" }, [
+        "exa",
+      ]);
+      expect(targets).toContain("mcp_status");
+    });
+  });
+
+  describe("priority ordering", () => {
+    it("tool targets appear before mcp_call", () => {
+      const targets = createMcpPermissionTargets({ tool: "exa:search" }, []);
+      const mcpCallIdx = targets.indexOf("mcp_call");
+      const exaSearchIdx = targets.indexOf("exa_search");
+      expect(exaSearchIdx).toBeGreaterThanOrEqual(0);
+      expect(mcpCallIdx).toBeGreaterThan(exaSearchIdx);
+    });
+  });
+});
+
+describe("McpTargetList", () => {
+  describe("add", () => {
+    it("ignores null", () => {
+      const list = new McpTargetList();
+      list.add(null);
+      expect(list.toArray()).toEqual([]);
+    });
+
+    it("ignores empty string", () => {
+      const list = new McpTargetList();
+      list.add("");
+      expect(list.toArray()).toEqual([]);
+    });
+
+    it("appends a new value", () => {
+      const list = new McpTargetList();
+      list.add("exa");
+      expect(list.toArray()).toEqual(["exa"]);
+    });
+
+    it("dedups repeated values", () => {
+      const list = new McpTargetList();
+      list.add("exa");
+      list.add("exa");
+      expect(list.toArray()).toEqual(["exa"]);
+    });
+
+    it("preserves first-insertion order across a mix of values", () => {
+      const list = new McpTargetList();
+      list.add("exa_search");
+      list.add("exa:search");
+      list.add("exa");
+      list.add("exa_search"); // duplicate — must not change order
+      list.add("mcp_call");
+      expect(list.toArray()).toEqual([
+        "exa_search",
+        "exa:search",
+        "exa",
+        "mcp_call",
+      ]);
+    });
+  });
+
+  describe("toArray", () => {
+    it("returns an independent copy that does not mutate the list", () => {
+      const list = new McpTargetList();
+      list.add("exa");
+      const first = list.toArray();
+      first.push("mutated");
+      expect(list.toArray()).toEqual(["exa"]);
+    });
+  });
+});