@komarspn/pi-permission-system 16.0.2

package/test/permission-prompts.test.ts

@@ -0,0 +1,363 @@
+import { describe, expect, test } from "vitest";
+import {
+  formatAskPrompt,
+  formatMissingToolNameReason,
+  formatSkillAskPrompt,
+  formatSkillPathAskPrompt,
+  formatUnknownToolReason,
+} from "#src/permission-prompts";
+import type { SkillPromptEntry } from "#src/skill-prompt-sanitizer";
+import type { ToolInputFormatterLookup } from "#src/tool-input-formatter-registry";
+import {
+  TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
+  TOOL_INPUT_PREVIEW_MAX_LENGTH,
+  TOOL_TEXT_SUMMARY_MAX_LENGTH,
+} from "#src/tool-input-preview";
+import { ToolPreviewFormatter } from "#src/tool-preview-formatter";
+import type { PermissionCheckResult } from "#src/types";
+
+function makeFormatter(
+  lookup?: ToolInputFormatterLookup,
+): ToolPreviewFormatter {
+  return new ToolPreviewFormatter(
+    {
+      toolInputPreviewMaxLength: TOOL_INPUT_PREVIEW_MAX_LENGTH,
+      toolTextSummaryMaxLength: TOOL_TEXT_SUMMARY_MAX_LENGTH,
+      toolInputLogPreviewMaxLength: TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH,
+    },
+    lookup,
+  );
+}
+
+function makeMcpLookup(preview: string): ToolInputFormatterLookup {
+  return { get: (name) => (name === "mcp" ? () => preview : undefined) };
+}
+
+function toolResult(
+  toolName: string,
+  overrides: Partial<PermissionCheckResult> = {},
+): PermissionCheckResult {
+  return {
+    toolName,
+    state: "ask",
+    source: "tool",
+    origin: "builtin",
+    ...overrides,
+  };
+}
+
+function mcpResult(
+  target: string,
+  overrides: Partial<PermissionCheckResult> = {},
+): PermissionCheckResult {
+  return {
+    toolName: "mcp",
+    target,
+    state: "ask",
+    source: "tool",
+    origin: "builtin",
+    ...overrides,
+  };
+}
+
+function skillEntry(name: string): SkillPromptEntry {
+  return {
+    name,
+    description: "A skill",
+    location: `/skills/${name}/SKILL.md`,
+    state: "ask",
+    normalizedLocation: `/skills/${name}/SKILL.md`,
+    normalizedBaseDir: `/skills/${name}`,
+  };
+}
+
+describe("formatMissingToolNameReason", () => {
+  test("mentions missing tool name and pi.getAllTools()", () => {
+    const result = formatMissingToolNameReason();
+    expect(result).toContain("no tool name");
+    expect(result).toContain("pi.getAllTools()");
+  });
+});
+
+describe("formatUnknownToolReason", () => {
+  test("mentions the unknown tool name and lists available tools", () => {
+    const result = formatUnknownToolReason("phantom", ["read", "write"]);
+    expect(result).toContain("phantom");
+    expect(result).toContain("read");
+    expect(result).toContain("write");
+  });
+
+  test("includes MCP hint for non-mcp tool names", () => {
+    const result = formatUnknownToolReason("my-server:tool", ["mcp"]);
+    expect(result).toContain("mcp");
+  });
+
+  test("omits MCP hint when tool name is 'mcp'", () => {
+    const result = formatUnknownToolReason("mcp", []);
+    expect(result).not.toContain("call the registered 'mcp' tool");
+  });
+
+  test("shows 'none' when no tools are registered", () => {
+    const result = formatUnknownToolReason("ghost", []);
+    expect(result).toContain("none");
+  });
+
+  test("caps preview at 10 tools and appends ellipsis for longer lists", () => {
+    const tools = Array.from({ length: 15 }, (_, i) => `tool${i}`);
+    const result = formatUnknownToolReason("ghost", tools);
+    expect(result).toContain("...");
+  });
+});
+
+describe("formatAskPrompt", () => {
+  test("uses 'Current agent' when no agent name given", () => {
+    const result = formatAskPrompt(
+      toolResult("read"),
+      undefined,
+      { path: "/src" },
+      makeFormatter(),
+    );
+    expect(result).toContain("Current agent");
+  });
+
+  test("uses agent name when provided", () => {
+    const result = formatAskPrompt(
+      toolResult("read"),
+      "my-agent",
+      { path: "/src" },
+      makeFormatter(),
+    );
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("formats bash prompt with command and does not use formatter", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", { command: "git status" }),
+      undefined,
+      undefined,
+      makeFormatter(),
+    );
+    expect(result).toContain("git status");
+    expect(result).toContain("Allow this command?");
+  });
+
+  test("formats bash prompt with matched pattern", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", { command: "git push", matchedPattern: "git *" }),
+      undefined,
+      undefined,
+      makeFormatter(),
+    );
+    expect(result).toContain("matched 'git *'");
+  });
+
+  test("appends full command when input contains a chain that differs from the sub-command", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", { command: "rm -rf ." }),
+      undefined,
+      { command: 'echo "hello" && rm -rf .' },
+      makeFormatter(),
+    );
+    expect(result).toBe(
+      `Current agent requested bash command 'rm -rf .' (full command: 'echo "hello" && rm -rf .'). Allow this command?`,
+    );
+  });
+
+  test("suppresses full-command suffix when input command matches the sub-command (no chain)", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", { command: "git push" }),
+      undefined,
+      { command: "git push" },
+      makeFormatter(),
+    );
+    expect(result).not.toContain("full command:");
+    expect(result).toBe(
+      "Current agent requested bash command 'git push'. Allow this command?",
+    );
+  });
+
+  test("suppresses full-command suffix when input is undefined", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", { command: "git push" }),
+      undefined,
+      undefined,
+      makeFormatter(),
+    );
+    expect(result).not.toContain("full command:");
+  });
+
+  test("suppresses full-command suffix when input has no command field", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", { command: "git push" }),
+      undefined,
+      { unrelated: "value" },
+      makeFormatter(),
+    );
+    expect(result).not.toContain("full command:");
+  });
+
+  test("suppresses full-command suffix when input command is empty", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", { command: "git push" }),
+      undefined,
+      { command: "" },
+      makeFormatter(),
+    );
+    expect(result).not.toContain("full command:");
+  });
+
+  test("places full-command suffix after the qualifier and before the terminal sentence", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", { command: "rm -rf foo", matchedPattern: "rm *" }),
+      undefined,
+      { command: "cd /tmp && rm -rf foo" },
+      makeFormatter(),
+    );
+    expect(result).toBe(
+      "Current agent requested bash command 'rm -rf foo' (matched 'rm *') (full command: 'cd /tmp && rm -rf foo'). Allow this command?",
+    );
+  });
+
+  test("formats bash prompt with nested execution context", () => {
+    const result = formatAskPrompt(
+      toolResult("bash", {
+        command: "rm -rf foo",
+        matchedPattern: "rm *",
+        commandContext: "command_substitution",
+      }),
+      undefined,
+      undefined,
+      makeFormatter(),
+    );
+    expect(result).toContain(
+      "bash command 'rm -rf foo' (matched 'rm *', inside command substitution).",
+    );
+  });
+
+  test("formats MCP prompt with target", () => {
+    const result = formatAskPrompt(
+      mcpResult("server:query"),
+      undefined,
+      undefined,
+      makeFormatter(),
+    );
+    expect(result).toContain("server:query");
+    expect(result).toContain("Allow this call?");
+  });
+
+  test("formats MCP prompt with matched pattern", () => {
+    const result = formatAskPrompt(
+      mcpResult("server:query", { matchedPattern: "server:*" }),
+      undefined,
+      undefined,
+      makeFormatter(),
+    );
+    expect(result).toContain("matched 'server:*'");
+  });
+
+  test("appends MCP argument summary when the formatter has an mcp formatter registered", () => {
+    const result = formatAskPrompt(
+      mcpResult("exa:search"),
+      undefined,
+      { tool: "exa:search", arguments: { query: "typescript" } },
+      makeFormatter(makeMcpLookup('with query: "typescript"')),
+    );
+    expect(result).toContain("exa:search");
+    expect(result).toContain('with query: "typescript"');
+    expect(result).toContain("Allow this call?");
+  });
+
+  test("MCP prompt is unchanged when the formatter returns undefined (no arguments)", () => {
+    const noArgsLookup: ToolInputFormatterLookup = {
+      get: (name) => (name === "mcp" ? () => undefined : undefined),
+    };
+    const result = formatAskPrompt(
+      mcpResult("exa:search"),
+      undefined,
+      { tool: "exa:search" },
+      makeFormatter(noArgsLookup),
+    );
+    expect(result).toContain("exa:search");
+    expect(result).not.toMatch(/with /);
+    expect(result).toContain("Allow this call?");
+  });
+
+  test("MCP prompt is unchanged when no formatter is provided", () => {
+    const result = formatAskPrompt(mcpResult("exa:search"), undefined, {
+      tool: "exa:search",
+      arguments: { query: "test" },
+    });
+    expect(result).toContain("exa:search");
+    expect(result).not.toMatch(/with /);
+    expect(result).toContain("Allow this call?");
+  });
+
+  test("includes real input preview for non-bash non-mcp tools", () => {
+    const result = formatAskPrompt(
+      toolResult("read"),
+      undefined,
+      { path: "/src/foo.ts" },
+      makeFormatter(),
+    );
+    expect(result).toContain("path '/src/foo.ts'");
+    expect(result).toContain("Allow this call?");
+  });
+
+  test("omits input suffix when formatter returns empty string for input", () => {
+    const result = formatAskPrompt(
+      toolResult("task"),
+      undefined,
+      {},
+      makeFormatter(),
+    );
+    expect(result).toContain("task");
+    expect(result).not.toContain("undefined");
+  });
+
+  test("omits input suffix when no formatter provided", () => {
+    const result = formatAskPrompt(toolResult("task"), undefined, {
+      path: "/src",
+    });
+    expect(result).toContain("task");
+    expect(result).not.toContain("undefined");
+    expect(result).toContain("Allow this call?");
+  });
+});
+
+describe("formatSkillAskPrompt", () => {
+  test("includes skill name and agent name", () => {
+    const result = formatSkillAskPrompt("librarian", "my-agent");
+    expect(result).toContain("librarian");
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("uses 'Current agent' without agent name", () => {
+    const result = formatSkillAskPrompt("librarian");
+    expect(result).toContain("Current agent");
+    expect(result).toContain("librarian");
+  });
+});
+
+describe("formatSkillPathAskPrompt", () => {
+  test("includes skill name, read path, and agent name", () => {
+    const result = formatSkillPathAskPrompt(
+      skillEntry("librarian"),
+      "/skills/librarian/SKILL.md",
+      "my-agent",
+    );
+    expect(result).toContain("librarian");
+    expect(result).toContain("/skills/librarian/SKILL.md");
+    expect(result).toContain("Agent 'my-agent'");
+  });
+
+  test("uses 'Current agent' without agent name", () => {
+    const result = formatSkillPathAskPrompt(
+      skillEntry("librarian"),
+      "/skills/librarian/SKILL.md",
+    );
+    expect(result).toContain("Current agent");
+  });
+});
+
+// formatSkillPathDenyReason has moved to denial-messages.ts.
+// Its behavior is tested in denial-messages.test.ts.

package/test/permission-resolver.test.ts

@@ -0,0 +1,265 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import type { ScopedPermissionManager } from "#src/permission-manager";
+import { PermissionResolver } from "#src/permission-resolver";
+import type { Ruleset } from "#src/rule";
+import { SessionApproval } from "#src/session-approval";
+import { SessionRules } from "#src/session-rules";
+import type { PermissionCheckResult, PermissionState } from "#src/types";
+
+function makePermissionManager() {
+  return {
+    configureForCwd: vi.fn<(cwd: string | undefined | null) => void>(),
+    checkPermission: vi
+      .fn<
+        (
+          toolName: string,
+          input: unknown,
+          agentName?: string,
+          sessionRules?: Ruleset,
+        ) => PermissionCheckResult
+      >()
+      .mockReturnValue({
+        state: "allow",
+        toolName: "read",
+        source: "tool",
+        origin: "builtin",
+      }),
+    checkPathPolicy: vi
+      .fn<
+        (
+          values: readonly string[],
+          agentName?: string,
+          sessionRules?: Ruleset,
+        ) => PermissionCheckResult
+      >()
+      .mockReturnValue({
+        state: "allow",
+        toolName: "path",
+        source: "special",
+        origin: "builtin",
+      }),
+    getToolPermission: vi
+      .fn<(toolName: string, agentName?: string) => PermissionState>()
+      .mockReturnValue("allow"),
+    getConfigIssues: vi.fn((): string[] => []),
+  };
+}
+
+function makeResolver(
+  pm?: ScopedPermissionManager,
+  sessionRules?: Pick<SessionRules, "getRuleset">,
+) {
+  const permissionManager = pm ?? makePermissionManager();
+  const rules = sessionRules ?? new SessionRules();
+  return {
+    resolver: new PermissionResolver(permissionManager, rules),
+    permissionManager,
+  };
+}
+
+beforeEach(() => {
+  // no module-level vi.fn() stubs to reset
+});
+
+describe("PermissionResolver", () => {
+  describe("resolve", () => {
+    it("forwards surface, input, and agentName, applying the empty session ruleset", () => {
+      const { resolver, permissionManager } = makeResolver();
+
+      resolver.resolve("bash", { command: "ls" }, "agent-x");
+
+      expect(permissionManager.checkPermission).toHaveBeenCalledWith(
+        "bash",
+        { command: "ls" },
+        "agent-x",
+        [],
+      );
+    });
+
+    it("defaults agentName to undefined when omitted", () => {
+      const { resolver, permissionManager } = makeResolver();
+
+      resolver.resolve("read", { path: ".env" });
+
+      expect(permissionManager.checkPermission).toHaveBeenCalledWith(
+        "read",
+        { path: ".env" },
+        undefined,
+        [],
+      );
+    });
+
+    it("applies a recorded session approval on the next resolve", () => {
+      const pm = makePermissionManager();
+      const sessionRules = new SessionRules();
+      const { resolver } = makeResolver(pm, sessionRules);
+
+      // Record an approval directly into the shared SessionRules instance.
+      sessionRules.recordSessionApproval(
+        SessionApproval.single("bash", "git *"),
+      );
+      resolver.resolve("bash", { command: "git status" });
+
+      const passedRules = vi.mocked(pm.checkPermission).mock.calls[0][3];
+      expect(passedRules).toHaveLength(1);
+      expect(passedRules?.[0]).toMatchObject({
+        surface: "bash",
+        pattern: "git *",
+        action: "allow",
+      });
+    });
+
+    it("returns the PermissionManager's check result", () => {
+      const pm = makePermissionManager();
+      vi.mocked(pm.checkPermission).mockReturnValue({
+        state: "deny",
+        toolName: "bash",
+        source: "bash",
+        origin: "global",
+        matchedPattern: "rm *",
+      });
+      const { resolver } = makeResolver(pm);
+
+      const result = resolver.resolve("bash", { command: "rm -rf /" });
+
+      expect(result).toEqual({
+        state: "deny",
+        toolName: "bash",
+        source: "bash",
+        origin: "global",
+        matchedPattern: "rm *",
+      });
+    });
+  });
+
+  describe("resolvePathPolicy", () => {
+    it("forwards values and agentName with the current session ruleset", () => {
+      const { resolver, permissionManager } = makeResolver();
+
+      resolver.resolvePathPolicy(["/proj/src/a.ts", "src/a.ts"], "agent-x");
+
+      expect(permissionManager.checkPathPolicy).toHaveBeenCalledWith(
+        ["/proj/src/a.ts", "src/a.ts"],
+        "agent-x",
+        [],
+        "path",
+      );
+    });
+
+    it("forwards an explicit surface to checkPathPolicy", () => {
+      const { resolver, permissionManager } = makeResolver();
+
+      resolver.resolvePathPolicy(["/tmp/x"], "agent-x", "external_directory");
+
+      expect(permissionManager.checkPathPolicy).toHaveBeenCalledWith(
+        ["/tmp/x"],
+        "agent-x",
+        [],
+        "external_directory",
+      );
+    });
+
+    it("applies a recorded session approval on the next call", () => {
+      const pm = makePermissionManager();
+      const sessionRules = new SessionRules();
+      const { resolver } = makeResolver(pm, sessionRules);
+
+      sessionRules.recordSessionApproval(
+        SessionApproval.single("path", "src/*"),
+      );
+      resolver.resolvePathPolicy(["src/a.ts"]);
+
+      const passedRules = vi.mocked(pm.checkPathPolicy).mock.calls[0][2];
+      expect(passedRules).toHaveLength(1);
+      expect(passedRules?.[0]).toMatchObject({
+        surface: "path",
+        pattern: "src/*",
+        action: "allow",
+      });
+    });
+
+    it("returns the PermissionManager's check result", () => {
+      const pm = makePermissionManager();
+      vi.mocked(pm.checkPathPolicy).mockReturnValue({
+        state: "deny",
+        toolName: "path",
+        source: "special",
+        origin: "global",
+        matchedPattern: "src/*",
+      });
+      const { resolver } = makeResolver(pm);
+
+      const result = resolver.resolvePathPolicy(["src/a.ts"]);
+
+      expect(result).toEqual({
+        state: "deny",
+        toolName: "path",
+        source: "special",
+        origin: "global",
+        matchedPattern: "src/*",
+      });
+    });
+  });
+
+  describe("checkPermission", () => {
+    it("delegates to permissionManager.checkPermission with the given args", () => {
+      const { resolver, permissionManager } = makeResolver();
+
+      resolver.checkPermission("bash", { command: "ls" }, "agent-1");
+
+      expect(permissionManager.checkPermission).toHaveBeenCalledWith(
+        "bash",
+        { command: "ls" },
+        "agent-1",
+        undefined,
+      );
+    });
+
+    it("passes optional sessionRules through when supplied", () => {
+      const { resolver, permissionManager } = makeResolver();
+      const extraRules: Ruleset = [
+        { surface: "bash", pattern: "*", action: "allow", origin: "session" },
+      ];
+
+      resolver.checkPermission(
+        "bash",
+        { command: "ls" },
+        undefined,
+        extraRules,
+      );
+
+      expect(permissionManager.checkPermission).toHaveBeenCalledWith(
+        "bash",
+        { command: "ls" },
+        undefined,
+        extraRules,
+      );
+    });
+  });
+
+  describe("getToolPermission", () => {
+    it("delegates to permissionManager.getToolPermission", () => {
+      const pm = makePermissionManager();
+      vi.mocked(pm.getToolPermission).mockReturnValue("deny");
+      const { resolver } = makeResolver(pm);
+
+      const result = resolver.getToolPermission("write", "my-agent");
+
+      expect(pm.getToolPermission).toHaveBeenCalledWith("write", "my-agent");
+      expect(result).toBe("deny");
+    });
+  });
+
+  describe("getConfigIssues", () => {
+    it("delegates to permissionManager.getConfigIssues", () => {
+      const pm = makePermissionManager();
+      vi.mocked(pm.getConfigIssues).mockReturnValue(["issue-1"]);
+      const { resolver } = makeResolver(pm);
+
+      const result = resolver.getConfigIssues("agent-1");
+
+      expect(pm.getConfigIssues).toHaveBeenCalledWith("agent-1");
+      expect(result).toEqual(["issue-1"]);
+    });
+  });
+});