@komarspn/pi-permission-system 16.0.2

package/src/config-paths.ts

@@ -0,0 +1,47 @@
+import { join } from "node:path";
+
+const EXTENSION_ID = "pi-permission-system";
+
+export const DEBUG_LOG_FILENAME = `${EXTENSION_ID}-debug.jsonl`;
+export const REVIEW_LOG_FILENAME = `${EXTENSION_ID}-permission-review.jsonl`;
+
+export function getGlobalConfigDir(agentDir: string): string {
+  return join(agentDir, "extensions", EXTENSION_ID);
+}
+
+export function getGlobalConfigPath(agentDir: string): string {
+  return join(getGlobalConfigDir(agentDir), "config.json");
+}
+
+export function getGlobalLogsDir(agentDir: string): string {
+  return join(getGlobalConfigDir(agentDir), "logs");
+}
+
+export function getProjectConfigPath(cwd: string): string {
+  return join(cwd, ".pi", "extensions", EXTENSION_ID, "config.json");
+}
+
+/**
+ * Directory holding project-scoped custom agent definition files.
+ *
+ * `<cwd>/.pi/agents` is a Pi platform convention, also encoded by
+ * `@gotgenes/pi-subagents`' `loadCustomAgents` (`config/custom-agents.ts`).
+ * The two packages encode it independently — pi-permission-system has no
+ * dependency on pi-subagents (ADR-0002) — so this is this package's
+ * authoritative copy.
+ */
+export function getProjectAgentsDir(cwd: string): string {
+  return join(cwd, ".pi", "agents");
+}
+
+export function getLegacyGlobalPolicyPath(agentDir: string): string {
+  return join(agentDir, "pi-permissions.jsonc");
+}
+
+export function getLegacyProjectPolicyPath(cwd: string): string {
+  return join(cwd, ".pi", "agent", "pi-permissions.jsonc");
+}
+
+export function getLegacyExtensionConfigPath(extensionRoot: string): string {
+  return join(extensionRoot, "config.json");
+}

package/src/config-reporter.ts

@@ -0,0 +1,34 @@
+import type { ResolvedPolicyPaths } from "./permission-manager";
+
+export interface ResolvedConfigLogEntry {
+  globalConfigPath: string;
+  globalConfigExists: boolean;
+  projectConfigPath: string | null;
+  projectConfigExists: boolean;
+  agentsDir: string;
+  agentsDirExists: boolean;
+  projectAgentsDir: string | null;
+  projectAgentsDirExists: boolean;
+  legacyGlobalPolicyDetected: boolean;
+  legacyProjectPolicyDetected: boolean;
+  legacyExtensionConfigDetected: boolean;
+}
+
+export interface BuildResolvedConfigLogEntryOptions {
+  policyPaths: ResolvedPolicyPaths;
+  legacyGlobalPolicyDetected?: boolean;
+  legacyProjectPolicyDetected?: boolean;
+  legacyExtensionConfigDetected?: boolean;
+}
+
+export function buildResolvedConfigLogEntry(
+  options: BuildResolvedConfigLogEntryOptions,
+): ResolvedConfigLogEntry {
+  return {
+    ...options.policyPaths,
+    legacyGlobalPolicyDetected: options.legacyGlobalPolicyDetected ?? false,
+    legacyProjectPolicyDetected: options.legacyProjectPolicyDetected ?? false,
+    legacyExtensionConfigDetected:
+      options.legacyExtensionConfigDetected ?? false,
+  };
+}

package/src/config-store.ts

@@ -0,0 +1,222 @@
+import {
+  existsSync,
+  mkdirSync,
+  renameSync,
+  unlinkSync,
+  writeFileSync,
+} from "node:fs";
+import { dirname, normalize } from "node:path";
+import type {
+  ExtensionCommandContext,
+  ExtensionContext,
+} from "@earendil-works/pi-coding-agent";
+
+import { loadAndMergeConfigs, loadUnifiedConfig } from "./config-loader";
+import {
+  getGlobalConfigPath,
+  getLegacyExtensionConfigPath,
+  getLegacyGlobalPolicyPath,
+  getLegacyProjectPolicyPath,
+} from "./config-paths";
+import { buildResolvedConfigLogEntry } from "./config-reporter";
+import {
+  DEFAULT_EXTENSION_CONFIG,
+  EXTENSION_ROOT,
+  normalizePermissionSystemConfig,
+  type PermissionSystemExtensionConfig,
+} from "./extension-config";
+import type { ResolvedPolicyPaths } from "./policy-loader";
+import type { DebugReviewLogger } from "./session-logger";
+import { syncPermissionSystemStatus } from "./status";
+
+/** Read-only view of the current config — for consumers that only read. */
+export interface ConfigReader {
+  current(): PermissionSystemExtensionConfig;
+}
+
+/**
+ * Narrow subset of `ConfigStore` that `PermissionSession` depends on.
+ *
+ * Using an interface rather than the concrete class avoids private-member
+ * coupling between the class and test doubles.
+ */
+export interface SessionConfigStore extends ConfigReader {
+  refresh(ctx?: ExtensionContext): void;
+  logResolvedPaths(cwd?: string): void;
+}
+
+/**
+ * Narrow subset of `ConfigStore` for the `/permission-system` command.
+ *
+ * Using an interface rather than the concrete class avoids private-member
+ * coupling between the class and test doubles.
+ */
+export interface CommandConfigStore extends ConfigReader {
+  save(
+    next: PermissionSystemExtensionConfig,
+    ctx: ExtensionCommandContext,
+  ): void;
+}
+
+/** Narrow view of the manager's resolved policy paths (for `logResolvedPaths`). */
+export interface ResolvedPolicyPathProvider {
+  getResolvedPolicyPaths(): ResolvedPolicyPaths;
+}
+
+export interface ConfigStoreDeps {
+  agentDir: string;
+  policyPaths: ResolvedPolicyPathProvider;
+  logger: DebugReviewLogger;
+}
+
+/**
+ * Owns the mutable extension config and the operations that read/write it.
+ *
+ * Replaces the three `(runtime, …)` config free functions
+ * (`refreshExtensionConfig`, `saveExtensionConfig`, `logResolvedConfigPaths`)
+ * with methods that privately own `config` and `lastConfigWarning`.
+ *
+ * Implements {@link ConfigReader} so consumers that only read the current config
+ * can depend on the narrow interface rather than the full class.
+ */
+export class ConfigStore implements SessionConfigStore, CommandConfigStore {
+  private config: PermissionSystemExtensionConfig;
+  private lastConfigWarning: string | null = null;
+
+  constructor(private readonly deps: ConfigStoreDeps) {
+    this.config = { ...DEFAULT_EXTENSION_CONFIG };
+  }
+
+  /** Return the current extension config. */
+  current(): PermissionSystemExtensionConfig {
+    return this.config;
+  }
+
+  /**
+   * Reload merged config from disk.
+   *
+   * If `ctx` is provided, uses it to derive the cwd and sync UI status.
+   * Equivalent to `refreshExtensionConfig(runtime, ctx?)`.
+   */
+  refresh(ctx?: ExtensionContext): void {
+    const cwd = ctx?.cwd ?? null;
+    const mergeResult = loadAndMergeConfigs(
+      this.deps.agentDir,
+      cwd ?? "",
+      EXTENSION_ROOT,
+    );
+    const runtimeConfig = normalizePermissionSystemConfig(mergeResult.merged);
+    this.config = runtimeConfig;
+
+    if (ctx?.hasUI) {
+      syncPermissionSystemStatus(ctx, runtimeConfig);
+    }
+
+    const warning =
+      mergeResult.issues.length > 0 ? mergeResult.issues.join("\n") : undefined;
+
+    if (warning && warning !== this.lastConfigWarning) {
+      this.lastConfigWarning = warning;
+      ctx?.ui.notify(warning, "warning");
+    } else if (!warning) {
+      this.lastConfigWarning = null;
+    }
+
+    this.deps.logger.debug("config.loaded", {
+      warning: warning ?? null,
+      debugLog: runtimeConfig.debugLog,
+      permissionReviewLog: runtimeConfig.permissionReviewLog,
+      yoloMode: runtimeConfig.yoloMode,
+    });
+  }
+
+  /**
+   * Save updated runtime knobs to the global config file, then update
+   * the current config and sync UI status.
+   *
+   * Equivalent to `saveExtensionConfig(runtime, next, ctx)`.
+   */
+  // Called via the CommandConfigStore interface from config-modal.ts — fallow cannot trace through interfaces.
+  // fallow-ignore-next-line unused-class-member
+  save(
+    next: PermissionSystemExtensionConfig,
+    ctx: ExtensionCommandContext,
+  ): void {
+    const normalized = normalizePermissionSystemConfig(next);
+    const globalPath = getGlobalConfigPath(this.deps.agentDir);
+
+    const existing = loadUnifiedConfig(globalPath);
+    const merged = {
+      ...existing.config,
+      debugLog: normalized.debugLog,
+      permissionReviewLog: normalized.permissionReviewLog,
+      yoloMode: normalized.yoloMode,
+    };
+
+    const tmpPath = `${globalPath}.tmp`;
+    try {
+      mkdirSync(dirname(globalPath), { recursive: true });
+      writeFileSync(tmpPath, `${JSON.stringify(merged, null, 2)}\n`, "utf-8");
+      renameSync(tmpPath, globalPath);
+    } catch (error) {
+      try {
+        if (existsSync(tmpPath)) {
+          unlinkSync(tmpPath);
+        }
+      } catch {
+        // Ignore cleanup failures.
+      }
+      const message = error instanceof Error ? error.message : String(error);
+      ctx.ui.notify(
+        `Failed to save permission-system config at '${globalPath}': ${message}`,
+        "error",
+      );
+      return;
+    }
+
+    this.config = normalized;
+    syncPermissionSystemStatus(ctx, normalized);
+    this.lastConfigWarning = null;
+
+    this.deps.logger.debug("config.saved", {
+      debugLog: normalized.debugLog,
+      permissionReviewLog: normalized.permissionReviewLog,
+      yoloMode: normalized.yoloMode,
+    });
+  }
+
+  /**
+   * Write the resolved config path set to the review and debug logs.
+   *
+   * Equivalent to `logResolvedConfigPaths(runtime)`.
+   */
+  logResolvedPaths(cwd?: string): void {
+    const policyPaths = this.deps.policyPaths.getResolvedPolicyPaths();
+    const { agentDir } = this.deps;
+    const legacyGlobalPolicyDetected = existsSync(
+      getLegacyGlobalPolicyPath(agentDir),
+    );
+    const legacyProjectPolicyDetected = cwd
+      ? existsSync(getLegacyProjectPolicyPath(cwd))
+      : false;
+    const legacyExtConfigPath = getLegacyExtensionConfigPath(EXTENSION_ROOT);
+    const newGlobalPath = getGlobalConfigPath(agentDir);
+    const legacyExtensionConfigDetected =
+      normalize(legacyExtConfigPath) !== normalize(newGlobalPath) &&
+      existsSync(legacyExtConfigPath);
+    const entry = buildResolvedConfigLogEntry({
+      policyPaths,
+      legacyGlobalPolicyDetected,
+      legacyProjectPolicyDetected,
+      legacyExtensionConfigDetected,
+    });
+    this.deps.logger.review(
+      "config.resolved",
+      entry as unknown as Record<string, unknown>,
+    );
+    this.deps.logger.debug(
+      "config.resolved",
+      entry as unknown as Record<string, unknown>,
+    );
+  }
+}

package/src/decision-audit.ts

@@ -0,0 +1,75 @@
+/**
+ * Records the per-call terminal decision so an evaluated-and-allowed call is
+ * distinguishable from a never-evaluated one. The fail-closed boundary owns the
+ * recorder and calls exactly one of `recordDecision` / `recordError` per call.
+ */
+export interface DecisionRecorder {
+  /** Record a terminal allow/block decision (also bumps the tool-call count). */
+  recordDecision(action: "allow" | "block"): void;
+  /** Record a gate error that blocked fail-closed (also bumps the count). */
+  recordError(): void;
+}
+
+/** Narrow logging surface the summary needs: a debug line and a warning. */
+export interface AuditLogger {
+  debug(event: string, details?: Record<string, unknown>): void;
+  warn(message: string): void;
+}
+
+/** Narrow surface the session-shutdown handler depends on. */
+export interface DecisionSummaryWriter {
+  writeSummary(logger: AuditLogger): void;
+}
+
+/**
+ * In-process, per-session decision counters.
+ *
+ * The boundary produces exactly one terminal decision per tool call, so
+ * `toolCalls` must always equal `allowed + blocked + errors`. `writeSummary`
+ * emits the counters on `session_shutdown` and flags any mismatch as a cheap
+ * structural self-check — a mismatch means a code path re-opened a silent
+ * (never-recorded) exit.
+ */
+export class DecisionAudit implements DecisionRecorder {
+  private toolCalls = 0;
+  private allowed = 0;
+  private blocked = 0;
+  private errors = 0;
+
+  recordDecision(action: "allow" | "block"): void {
+    this.toolCalls++;
+    if (action === "allow") {
+      this.allowed++;
+    } else {
+      this.blocked++;
+    }
+  }
+
+  recordError(): void {
+    this.toolCalls++;
+    this.errors++;
+  }
+
+  /**
+   * Emit one `permission.session_summary` debug line with the counters. When
+   * `toolCalls !== allowed + blocked + errors`, also emit a warning — the
+   * invariant violation means a tool call resolved without a recorded terminal
+   * decision (a re-opened silent path).
+   */
+  writeSummary(logger: AuditLogger): void {
+    const counts = {
+      toolCalls: this.toolCalls,
+      allowed: this.allowed,
+      blocked: this.blocked,
+      errors: this.errors,
+    };
+    logger.debug("permission.session_summary", counts);
+    if (this.toolCalls !== this.allowed + this.blocked + this.errors) {
+      logger.warn(
+        `[pi-permission-system] decision audit invariant violated: ${this.toolCalls} tool calls != ` +
+          `${this.allowed} allowed + ${this.blocked} blocked + ${this.errors} errors. ` +
+          "A tool call resolved without a recorded terminal decision.",
+      );
+    }
+  }
+}

package/src/decision-reporter.ts

@@ -0,0 +1,41 @@
+import {
+  emitDecisionEvent,
+  type PermissionDecisionEvent,
+  type PermissionEventBus,
+} from "./permission-events";
+import type { SessionLogger } from "./session-logger";
+
+/**
+ * Reports a permission gate's outcome to the review log and the decision
+ * channel. Groups the two side effects that always travel together:
+ * writing a structured review-log entry and broadcasting a decision event.
+ */
+export interface DecisionReporter {
+  writeReviewLog(event: string, details: Record<string, unknown>): void;
+  emitDecision(event: PermissionDecisionEvent): void;
+}
+
+/**
+ * Owns the `SessionLogger` and the event bus so neither the handler nor
+ * the runner has to reach through the session to its logger or close over
+ * the event bus directly.
+ *
+ * Built once in `PermissionGateHandler`'s constructor; shared between
+ * `handleToolCall` (gate runner + bypass branch) and `handleInput`.
+ *
+ * Answers "who owns the event bus" — the reporter does, not the session.
+ */
+export class GateDecisionReporter implements DecisionReporter {
+  constructor(
+    private readonly logger: SessionLogger,
+    private readonly events: PermissionEventBus,
+  ) {}
+
+  writeReviewLog(event: string, details: Record<string, unknown>): void {
+    this.logger.review(event, details);
+  }
+
+  emitDecision(event: PermissionDecisionEvent): void {
+    emitDecisionEvent(this.events, event);
+  }
+}

package/src/denial-messages.ts

@@ -0,0 +1,232 @@
+import { EXTENSION_ID } from "./extension-config";
+import type { BashCommandContext, PermissionCheckResult } from "./types";
+
+// ── Extension attribution tag ──────────────────────────────────────────────
+
+export const EXTENSION_TAG = `[${EXTENSION_ID}]`;
+
+// ── Denial context discriminated union ─────────────────────────────────────
+
+export type DenialContext =
+  | {
+      kind: "tool";
+      check: PermissionCheckResult;
+      agentName?: string;
+      input?: unknown;
+    }
+  | {
+      kind: "path";
+      toolName: string;
+      pathValue: string;
+      agentName?: string;
+    }
+  | {
+      kind: "external_directory";
+      toolName: string;
+      pathValue: string;
+      cwd: string;
+      agentName?: string;
+    }
+  | {
+      kind: "bash_external_directory";
+      command: string;
+      externalPaths: string[];
+      cwd: string;
+      agentName?: string;
+    }
+  | {
+      kind: "bash_path";
+      command: string;
+      pathValue: string;
+      agentName?: string;
+    }
+  | {
+      kind: "skill_read";
+      skillName: string;
+      readPath: string;
+      agentName?: string;
+    }
+  | {
+      kind: "skill_input";
+      skillName: string;
+      agentName?: string;
+    };
+
+// ── Public formatter API ───────────────────────────────────────────────────
+
+/** Format the block reason when permission policy denies an operation. */
+export function formatDenyReason(ctx: DenialContext): string {
+  return `${EXTENSION_TAG} ${buildDenyBody(ctx)}`;
+}
+
+/** Format the block reason when no interactive UI is available to prompt. */
+export function formatUnavailableReason(ctx: DenialContext): string {
+  return `${EXTENSION_TAG} ${buildUnavailableBody(ctx)}`;
+}
+
+/** Format the block reason when the user denies at an interactive prompt. */
+export function formatUserDeniedReason(
+  ctx: DenialContext,
+  denialReason?: string,
+): string {
+  return `${EXTENSION_TAG} ${buildUserDeniedBody(ctx, denialReason)}`;
+}
+
+// ── Private body builders ──────────────────────────────────────────────────
+
+function subject(agentName?: string): string {
+  return agentName ? `Agent '${agentName}'` : "Current agent";
+}
+
+function reasonSuffix(denialReason?: string): string {
+  return denialReason ? ` Reason: ${denialReason}.` : "";
+}
+
+function buildDenyBody(ctx: DenialContext): string {
+  switch (ctx.kind) {
+    case "tool":
+      return buildToolDenyBody(ctx);
+    case "path":
+      return `${subject(ctx.agentName)} is not permitted to access path '${ctx.pathValue}' via tool '${ctx.toolName}'.`;
+    case "external_directory":
+      return `${subject(ctx.agentName)} is not permitted to run tool '${ctx.toolName}' for path '${ctx.pathValue}' outside working directory '${ctx.cwd}'.`;
+    case "bash_external_directory":
+      return `${subject(ctx.agentName)} is not permitted to run bash command '${ctx.command}' which references path(s) outside working directory '${ctx.cwd}': ${ctx.externalPaths.join(", ")}.`;
+    case "bash_path":
+      return `${subject(ctx.agentName)} is not permitted to access path '${ctx.pathValue}' via tool 'bash'.`;
+    case "skill_read":
+      return `${subject(ctx.agentName)} is not permitted to access skill '${ctx.skillName}' via '${ctx.readPath}'.`;
+    case "skill_input":
+      return `${subject(ctx.agentName)} is not permitted to access skill '${ctx.skillName}'.`;
+  }
+}
+
+function buildToolDenyBody(
+  ctx: Extract<DenialContext, { kind: "tool" }>,
+): string {
+  const parts: string[] = [];
+  const { check, agentName } = ctx;
+
+  if (agentName) {
+    parts.push(`Agent '${agentName}'`);
+  }
+
+  if (isMcpCheck(check)) {
+    parts.push(`is not permitted to run MCP target '${check.target}'`);
+  } else {
+    parts.push(`is not permitted to run '${check.toolName}'`);
+  }
+
+  if (check.command) {
+    parts.push(`command '${check.command}'`);
+  }
+
+  const qualifier = matchQualifier(check.matchedPattern, check.commandContext);
+  if (qualifier) {
+    parts.push(qualifier);
+  }
+
+  // reasonSuffix appends ` Reason: <reason>.` after the sentence-ending period.
+  return `${parts.join(" ")}.${reasonSuffix(check.reason)}`;
+}
+
+/**
+ * Human-readable label for a nested bash execution context, or `undefined` for
+ * a current-shell (top-level) command.
+ */
+export function describeBashCommandContext(
+  context?: BashCommandContext,
+): string | undefined {
+  switch (context) {
+    case "command_substitution":
+      return "command substitution";
+    case "process_substitution":
+      return "process substitution";
+    case "subshell":
+      return "subshell";
+    default:
+      return undefined;
+  }
+}
+
+/**
+ * Build the parenthetical qualifier for a bash decision, folding the matched
+ * rule and (for a nested command) its execution context into one clause, e.g.
+ * `(matched 'rm *', inside command substitution)`. Returns `""` when neither
+ * applies.
+ */
+export function matchQualifier(
+  matchedPattern?: string,
+  context?: BashCommandContext,
+): string {
+  const parts: string[] = [];
+  if (matchedPattern) {
+    parts.push(`matched '${matchedPattern}'`);
+  }
+  const label = describeBashCommandContext(context);
+  if (label) {
+    parts.push(`inside ${label}`);
+  }
+  return parts.length > 0 ? `(${parts.join(", ")})` : "";
+}
+
+function buildUnavailableBody(ctx: DenialContext): string {
+  switch (ctx.kind) {
+    case "tool": {
+      const { check } = ctx;
+      if (check.toolName === "bash" && check.command) {
+        return `Running bash command '${check.command}' requires approval, but no interactive UI is available.`;
+      }
+      if (isMcpCheck(check)) {
+        return "Using tool 'mcp' requires approval, but no interactive UI is available.";
+      }
+      return `Using tool '${check.toolName}' requires approval, but no interactive UI is available.`;
+    }
+    case "path":
+      return `Accessing '${ctx.pathValue}' requires approval, but no interactive UI is available.`;
+    case "external_directory":
+      return `Accessing '${ctx.pathValue}' outside the working directory requires approval, but no interactive UI is available.`;
+    case "bash_external_directory":
+      return `Bash command '${ctx.command}' references path(s) outside the working directory and requires approval, but no interactive UI is available.`;
+    case "bash_path":
+      return `Bash command '${ctx.command}' accesses path '${ctx.pathValue}' which requires approval, but no interactive UI is available.`;
+    case "skill_read":
+      return `Accessing skill '${ctx.skillName}' requires approval, but no interactive UI is available.`;
+    case "skill_input":
+      return `Accessing skill '${ctx.skillName}' requires approval, but no interactive UI is available.`;
+  }
+}
+
+function buildUserDeniedBody(
+  ctx: DenialContext,
+  denialReason?: string,
+): string {
+  switch (ctx.kind) {
+    case "tool": {
+      const { check } = ctx;
+      if (isMcpCheck(check)) {
+        return `User denied MCP target '${check.target}'.${reasonSuffix(denialReason)}`;
+      }
+      if (check.toolName === "bash" && check.command) {
+        return `User denied bash command '${check.command}'.${reasonSuffix(denialReason)}`;
+      }
+      return `User denied tool '${check.toolName}'.${reasonSuffix(denialReason)}`;
+    }
+    case "path":
+      return `User denied access to path '${ctx.pathValue}'.${reasonSuffix(denialReason)}`;
+    case "external_directory":
+      return `User denied external directory access for tool '${ctx.toolName}' path '${ctx.pathValue}'.${reasonSuffix(denialReason)}`;
+    case "bash_external_directory":
+      return `User denied external directory access for bash command '${ctx.command}'.${reasonSuffix(denialReason)}`;
+    case "bash_path":
+      return `User denied path access for bash command '${ctx.command}' (path '${ctx.pathValue}').${reasonSuffix(denialReason)}`;
+    case "skill_read":
+      return `User denied access to skill '${ctx.skillName}'.${reasonSuffix(denialReason)}`;
+    case "skill_input":
+      return `User denied access to skill '${ctx.skillName}'.${reasonSuffix(denialReason)}`;
+  }
+}
+
+function isMcpCheck(check: PermissionCheckResult): boolean {
+  return (check.source === "mcp" || check.toolName === "mcp") && !!check.target;
+}

package/src/expand-home.ts

@@ -0,0 +1,28 @@
+import { homedir } from "node:os";
+import { join } from "node:path";
+
+/**
+ * Expand `~` and `$HOME` prefixes in a pattern to the OS home directory.
+ *
+ * Supported forms:
+ * - `~`          → `homedir()`
+ * - `~/path`     → `homedir()/path`
+ * - `~\path`     → `homedir()\path` (Windows)
+ * - `$HOME`      → `homedir()`
+ * - `$HOME/path` → `homedir()/path`
+ * - `$HOME\path` → `homedir()\path` (Windows)
+ *
+ * All other patterns are returned unchanged.
+ */
+export function expandHomePath(pattern: string): string {
+  if (pattern === "~" || pattern === "$HOME") {
+    return homedir();
+  }
+  if (pattern.startsWith("~/") || pattern.startsWith("~\\")) {
+    return join(homedir(), pattern.slice(2));
+  }
+  if (pattern.startsWith("$HOME/") || pattern.startsWith("$HOME\\")) {
+    return join(homedir(), pattern.slice(6));
+  }
+  return pattern;
+}