npm - @komarspn/pi-permission-system - Versions diffs - 16.0.2 - Mend

@komarspn/pi-permission-system 16.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (203) hide show

package/CHANGELOG.md +2234 -0
package/LICENSE +21 -0
package/README.md +158 -0
package/config/config.example.json +39 -0
package/package.json +82 -0
package/schemas/permissions.schema.json +158 -0
package/src/active-agent.ts +72 -0
package/src/async-cache.ts +21 -0
package/src/bash-arity.ts +210 -0
package/src/builtin-tool-input-formatters.ts +82 -0
package/src/canonicalize-path.ts +30 -0
package/src/common.ts +121 -0
package/src/config-loader.ts +432 -0
package/src/config-modal.ts +259 -0
package/src/config-paths.ts +47 -0
package/src/config-reporter.ts +34 -0
package/src/config-store.ts +222 -0
package/src/decision-audit.ts +75 -0
package/src/decision-reporter.ts +41 -0
package/src/denial-messages.ts +232 -0
package/src/expand-home.ts +28 -0
package/src/extension-config.ts +79 -0
package/src/extension-paths.ts +66 -0
package/src/forwarded-permissions/io.ts +404 -0
package/src/forwarded-permissions/permission-forwarder.ts +580 -0
package/src/forwarding-manager.ts +74 -0
package/src/gate-prompter.ts +12 -0
package/src/handlers/before-agent-start.ts +94 -0
package/src/handlers/gates/bash-command.ts +75 -0
package/src/handlers/gates/bash-external-directory.ts +127 -0
package/src/handlers/gates/bash-path-extractor.ts +15 -0
package/src/handlers/gates/bash-path.ts +152 -0
package/src/handlers/gates/bash-program.ts +1143 -0
package/src/handlers/gates/bash-token-classification.ts +105 -0
package/src/handlers/gates/candidate-check.ts +32 -0
package/src/handlers/gates/descriptor.ts +81 -0
package/src/handlers/gates/external-directory-messages.ts +20 -0
package/src/handlers/gates/external-directory.ts +133 -0
package/src/handlers/gates/helpers.ts +76 -0
package/src/handlers/gates/path.ts +91 -0
package/src/handlers/gates/runner.ts +186 -0
package/src/handlers/gates/skill-input-gate-pipeline.ts +104 -0
package/src/handlers/gates/skill-input.ts +46 -0
package/src/handlers/gates/skill-read.ts +87 -0
package/src/handlers/gates/tool-call-gate-pipeline.ts +129 -0
package/src/handlers/gates/tool.ts +102 -0
package/src/handlers/gates/types.ts +13 -0
package/src/handlers/index.ts +3 -0
package/src/handlers/lifecycle.ts +95 -0
package/src/handlers/permission-gate-handler.ts +190 -0
package/src/handlers/tool-call-boundary.ts +91 -0
package/src/index.ts +225 -0
package/src/input-normalizer.ts +157 -0
package/src/logging.ts +113 -0
package/src/mcp-targets.ts +170 -0
package/src/node-modules-discovery.ts +76 -0
package/src/normalize.ts +43 -0
package/src/path-utils.ts +355 -0
package/src/pattern-suggest.ts +132 -0
package/src/permission-dialog.ts +138 -0
package/src/permission-event-rpc.ts +223 -0
package/src/permission-events.ts +266 -0
package/src/permission-forwarding.ts +188 -0
package/src/permission-gate.ts +94 -0
package/src/permission-manager.ts +392 -0
package/src/permission-merge.ts +32 -0
package/src/permission-prompter.ts +142 -0
package/src/permission-prompts.ts +93 -0
package/src/permission-resolver.ts +109 -0
package/src/permission-session.ts +189 -0
package/src/permission-ui-prompt.ts +127 -0
package/src/permissions-service.ts +63 -0
package/src/persistent-approval-recorder.ts +139 -0
package/src/policy-loader.ts +350 -0
package/src/prompting-gateway.ts +104 -0
package/src/rule.ts +188 -0
package/src/scope-merge.ts +72 -0
package/src/service-lifecycle.ts +49 -0
package/src/service.ts +163 -0
package/src/session-approval-recorder.ts +6 -0
package/src/session-approval.ts +43 -0
package/src/session-logger.ts +91 -0
package/src/session-rules.ts +79 -0
package/src/skill-prompt-sanitizer.ts +292 -0
package/src/status.ts +35 -0
package/src/subagent-context.ts +104 -0
package/src/subagent-lifecycle-events.ts +72 -0
package/src/subagent-registry.ts +105 -0
package/src/synthesize.ts +92 -0
package/src/system-prompt-sanitizer.ts +274 -0
package/src/tool-access-extractor-registry.ts +68 -0
package/src/tool-input-formatter-registry.ts +67 -0
package/src/tool-input-preview.ts +34 -0
package/src/tool-input-prompt-formatters.ts +63 -0
package/src/tool-preview-formatter.ts +207 -0
package/src/tool-registry.ts +148 -0
package/src/types.ts +64 -0
package/src/wildcard-matcher.ts +120 -0
package/src/yolo-mode.ts +30 -0
package/test/active-agent.test.ts +155 -0
package/test/async-cache.test.ts +48 -0
package/test/bash-arity.test.ts +144 -0
package/test/bash-external-directory.test.ts +956 -0
package/test/builtin-tool-input-formatters.test.ts +109 -0
package/test/canonicalize-path.test.ts +93 -0
package/test/common.test.ts +287 -0
package/test/composition-root.test.ts +603 -0
package/test/config-loader.test.ts +740 -0
package/test/config-modal.test.ts +320 -0
package/test/config-paths.test.ts +83 -0
package/test/config-pipeline.test.ts +90 -0
package/test/config-reporter.test.ts +147 -0
package/test/config-store.test.ts +466 -0
package/test/decision-audit.test.ts +72 -0
package/test/decision-reporter.test.ts +112 -0
package/test/denial-messages.test.ts +656 -0
package/test/detect-permissive-bash-fallback.test.ts +56 -0
package/test/expand-home.test.ts +93 -0
package/test/extension-config.test.ts +129 -0
package/test/extension-paths.test.ts +108 -0
package/test/forwarded-permissions/io.test.ts +251 -0
package/test/forwarding-manager.test.ts +194 -0
package/test/handlers/before-agent-start.test.ts +317 -0
package/test/handlers/external-directory-integration.test.ts +623 -0
package/test/handlers/external-directory-session-dedup.test.ts +430 -0
package/test/handlers/external-directory-symlink-acceptance.test.ts +149 -0
package/test/handlers/gates/bash-command-metamorphic.test.ts +83 -0
package/test/handlers/gates/bash-command.test.ts +191 -0
package/test/handlers/gates/bash-external-directory.test.ts +269 -0
package/test/handlers/gates/bash-path.test.ts +337 -0
package/test/handlers/gates/bash-program.test.ts +410 -0
package/test/handlers/gates/bash-token-classification.test.ts +241 -0
package/test/handlers/gates/candidate-check.test.ts +52 -0
package/test/handlers/gates/external-directory-messages.test.ts +61 -0
package/test/handlers/gates/external-directory.test.ts +259 -0
package/test/handlers/gates/helpers.test.ts +177 -0
package/test/handlers/gates/path.test.ts +294 -0
package/test/handlers/gates/runner.test.ts +447 -0
package/test/handlers/gates/skill-input-gate-pipeline.test.ts +176 -0
package/test/handlers/gates/skill-input.test.ts +131 -0
package/test/handlers/gates/skill-read.test.ts +158 -0
package/test/handlers/gates/tool-call-gate-pipeline.test.ts +252 -0
package/test/handlers/gates/tool.test.ts +223 -0
package/test/handlers/input-events.test.ts +168 -0
package/test/handlers/input.test.ts +199 -0
package/test/handlers/lifecycle.test.ts +221 -0
package/test/handlers/tool-call-boundary.test.ts +145 -0
package/test/handlers/tool-call-events.test.ts +277 -0
package/test/handlers/tool-call.test.ts +395 -0
package/test/handlers/validate-requested-tool.test.ts +92 -0
package/test/helpers/gate-fixtures.ts +323 -0
package/test/helpers/handler-fixtures.ts +335 -0
package/test/helpers/make-fake-pi.ts +100 -0
package/test/helpers/manager-harness.ts +112 -0
package/test/helpers/session-fixtures.ts +204 -0
package/test/input-normalizer.test.ts +367 -0
package/test/logging.test.ts +51 -0
package/test/mcp-targets.test.ts +233 -0
package/test/node-modules-discovery.test.ts +97 -0
package/test/normalize.test.ts +247 -0
package/test/path-utils.test.ts +650 -0
package/test/pattern-suggest.test.ts +248 -0
package/test/permission-dialog.test.ts +241 -0
package/test/permission-event-rpc.test.ts +541 -0
package/test/permission-events.test.ts +402 -0
package/test/permission-forwarder.test.ts +369 -0
package/test/permission-forwarding.test.ts +315 -0
package/test/permission-gate.test.ts +305 -0
package/test/permission-manager-unified.test.ts +3368 -0
package/test/permission-merge.test.ts +61 -0
package/test/permission-prompter.test.ts +518 -0
package/test/permission-prompts.test.ts +363 -0
package/test/permission-resolver.test.ts +265 -0
package/test/permission-session.test.ts +363 -0
package/test/permission-ui-prompt.test.ts +146 -0
package/test/permissions-service.test.ts +177 -0
package/test/persistent-approval-recorder.test.ts +133 -0
package/test/pi-infrastructure-read.test.ts +369 -0
package/test/policy-loader.test.ts +561 -0
package/test/prompting-gateway.test.ts +230 -0
package/test/rule.test.ts +604 -0
package/test/scope-merge.test.ts +116 -0
package/test/service-lifecycle.test.ts +163 -0
package/test/service.test.ts +308 -0
package/test/session-approval.test.ts +75 -0
package/test/session-logger.test.ts +200 -0
package/test/session-rules.test.ts +304 -0
package/test/session-start.test.ts +112 -0
package/test/skill-prompt-sanitizer.test.ts +374 -0
package/test/status.test.ts +10 -0
package/test/subagent-context.test.ts +326 -0
package/test/subagent-lifecycle-events.test.ts +132 -0
package/test/subagent-registry.test.ts +145 -0
package/test/synthesize.test.ts +300 -0
package/test/system-prompt-sanitizer.test.ts +382 -0
package/test/tool-access-extractor-registry.test.ts +77 -0
package/test/tool-input-formatter-registry.test.ts +75 -0
package/test/tool-input-preview.test.ts +129 -0
package/test/tool-input-prompt-formatters.test.ts +115 -0
package/test/tool-preview-formatter.test.ts +458 -0
package/test/tool-registry.test.ts +197 -0
package/test/wildcard-matcher.test.ts +424 -0
package/test/yolo-mode.test.ts +188 -0

package/test/prompting-gateway.test.ts ADDED Viewed

@@ -0,0 +1,230 @@
+/**
+ * Unit tests for PromptingGateway.
+ *
+ * The gateway owns the stored ExtensionContext and is the sole implementation
+ * of the GatePrompter role. These tests exercise canConfirm() across all
+ * policy permutations and verify the prompt/reject contract for promptPermission().
+ */
+import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
+import { afterEach, describe, expect, it, vi } from "vitest";
+import type { ConfigReader } from "#src/config-store";
+import { DEFAULT_EXTENSION_CONFIG } from "#src/extension-config";
+import type { PermissionPromptDecision } from "#src/permission-dialog";
+import type {
+  PermissionPrompterApi,
+  PromptPermissionDetails,
+} from "#src/permission-prompter";
+import {
+  PromptingGateway,
+  type PromptingGatewayDeps,
+} from "#src/prompting-gateway";
+// ── Test helpers ──────────────────────────────────────────────────────────
+function makeCtx(overrides: Partial<ExtensionContext> = {}): ExtensionContext {
+  return {
+    cwd: "/test/project",
+    hasUI: true,
+    ui: {
+      setStatus: vi.fn(),
+      notify: vi.fn(),
+      select: vi.fn(),
+      input: vi.fn(),
+    },
+    sessionManager: {
+      getEntries: vi.fn().mockReturnValue([]),
+      getSessionDir: vi.fn().mockReturnValue("/sessions/test"),
+      getSessionId: vi.fn().mockReturnValue(null),
+      addEntry: vi.fn(),
+    },
+    ...overrides,
+  } as unknown as ExtensionContext;
+}
+function makeConfigReader(
+  overrides: Partial<typeof DEFAULT_EXTENSION_CONFIG> = {},
+): ConfigReader {
+  return {
+    current: vi
+      .fn<() => typeof DEFAULT_EXTENSION_CONFIG>()
+      .mockReturnValue({ ...DEFAULT_EXTENSION_CONFIG, ...overrides }),
+  };
+}
+function makePrompterApi(): PermissionPrompterApi & {
+  prompt: ReturnType<typeof vi.fn>;
+} {
+  return {
+    prompt: vi
+      .fn<PermissionPrompterApi["prompt"]>()
+      .mockResolvedValue({ approved: true, state: "approved" }),
+  };
+}
+function makeDetails(): PromptPermissionDetails {
+  return {
+    requestId: "req-1",
+    source: "tool_call",
+    agentName: null,
+    message: "Allow this?",
+  };
+}
+function makeDeps(
+  overrides: Partial<PromptingGatewayDeps> = {},
+): PromptingGatewayDeps {
+  return {
+    config: overrides.config ?? makeConfigReader(),
+    subagentSessionsDir:
+      overrides.subagentSessionsDir ?? "/test/agent/subagent-sessions",
+    registry: overrides.registry,
+    prompter: overrides.prompter ?? makePrompterApi(),
+  };
+}
+// ── Tests ─────────────────────────────────────────────────────────────────
+describe("PromptingGateway", () => {
+  describe("canConfirm", () => {
+    it("returns false before activate", () => {
+      const gateway = new PromptingGateway(makeDeps());
+      expect(gateway.canConfirm()).toBe(false);
+    });
+    it("returns true after activate when context has UI", () => {
+      const gateway = new PromptingGateway(makeDeps());
+      gateway.activate(makeCtx({ hasUI: true }));
+      expect(gateway.canConfirm()).toBe(true);
+    });
+    it("returns false when context has no UI, is not a subagent, and yolo mode is off", () => {
+      const gateway = new PromptingGateway(
+        makeDeps({ config: makeConfigReader({ yoloMode: false }) }),
+      );
+      gateway.activate(makeCtx({ hasUI: false }));
+      expect(gateway.canConfirm()).toBe(false);
+    });
+    it("returns true when yolo mode is enabled (no UI, not subagent)", () => {
+      const gateway = new PromptingGateway(
+        makeDeps({ config: makeConfigReader({ yoloMode: true }) }),
+      );
+      gateway.activate(makeCtx({ hasUI: false }));
+      expect(gateway.canConfirm()).toBe(true);
+    });
+    it("returns true when running as a subagent (env hint)", () => {
+      vi.stubEnv("PI_IS_SUBAGENT", "1");
+      const gateway = new PromptingGateway(
+        makeDeps({ config: makeConfigReader({ yoloMode: false }) }),
+      );
+      gateway.activate(makeCtx({ hasUI: false }));
+      expect(gateway.canConfirm()).toBe(true);
+      vi.unstubAllEnvs();
+    });
+    it("returns false after deactivate", () => {
+      const gateway = new PromptingGateway(makeDeps());
+      gateway.activate(makeCtx({ hasUI: true }));
+      gateway.deactivate();
+      expect(gateway.canConfirm()).toBe(false);
+    });
+    it("returns true after re-activate following deactivate", () => {
+      const gateway = new PromptingGateway(makeDeps());
+      gateway.activate(makeCtx({ hasUI: true }));
+      gateway.deactivate();
+      gateway.activate(makeCtx({ hasUI: true }));
+      expect(gateway.canConfirm()).toBe(true);
+    });
+  });
+  describe("prompt", () => {
+    it("rejects before activate", async () => {
+      const gateway = new PromptingGateway(makeDeps());
+      await expect(gateway.prompt(makeDetails())).rejects.toThrow(
+        "prompt called before the session was activated",
+      );
+    });
+    it("delegates to deps.prompter.prompt with the stored context", async () => {
+      const prompter = makePrompterApi();
+      const gateway = new PromptingGateway(makeDeps({ prompter }));
+      const ctx = makeCtx();
+      gateway.activate(ctx);
+      const details = makeDetails();
+      const result = await gateway.prompt(details);
+      expect(prompter.prompt).toHaveBeenCalledWith(ctx, details);
+      expect(result).toEqual({ approved: true, state: "approved" });
+    });
+    it("uses the most recently activated context", async () => {
+      const prompter = makePrompterApi();
+      const gateway = new PromptingGateway(makeDeps({ prompter }));
+      const firstCtx = makeCtx({ cwd: "/first" });
+      const secondCtx = makeCtx({ cwd: "/second" });
+      gateway.activate(firstCtx);
+      gateway.activate(secondCtx);
+      await gateway.prompt(makeDetails());
+      expect(prompter.prompt).toHaveBeenCalledWith(
+        secondCtx,
+        expect.anything(),
+      );
+    });
+    it("rejects after deactivate", async () => {
+      const gateway = new PromptingGateway(makeDeps());
+      gateway.activate(makeCtx());
+      gateway.deactivate();
+      await expect(gateway.prompt(makeDetails())).rejects.toThrow(
+        "prompt called before the session was activated",
+      );
+    });
+    it("returns the prompter decision", async () => {
+      const decision: PermissionPromptDecision = {
+        approved: false,
+        state: "denied",
+        denialReason: "user declined",
+      };
+      const prompter = makePrompterApi();
+      prompter.prompt.mockResolvedValue(decision);
+      const gateway = new PromptingGateway(makeDeps({ prompter }));
+      gateway.activate(makeCtx());
+      const result = await gateway.prompt(makeDetails());
+      expect(result).toEqual(decision);
+    });
+  });
+  describe("lifecycle", () => {
+    afterEach(() => {
+      vi.unstubAllEnvs();
+    });
+    it("activate then deactivate clears the stored context", () => {
+      const gateway = new PromptingGateway(makeDeps());
+      gateway.activate(makeCtx());
+      gateway.deactivate();
+      expect(gateway.canConfirm()).toBe(false);
+    });
+    it("multiple activate calls update the stored context", () => {
+      const prompter = makePrompterApi();
+      const gateway = new PromptingGateway(makeDeps({ prompter }));
+      const ctx2 = makeCtx({ cwd: "/new" });
+      gateway.activate(makeCtx({ cwd: "/old" }));
+      gateway.activate(ctx2);
+      // canConfirm still works (context set)
+      expect(gateway.canConfirm()).toBe(true);
+    });
+  });
+});