pi-permission-system 0.4.5 → 0.4.6

package/CHANGELOG.md

@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.4.6] - 2026-04-28
+
+### Added
+- Added bounded, sanitized tool input previews to permission review logs for non-bash/non-MCP tool calls, inspired by PR #10 from @DevkumarPatel.
+
+### Changed
+- Reused the extension's safe JSON serialization path for generic tool approval previews so circular values and BigInts are summarized without raw full-input logging.
+- Updated `@mariozechner/pi-ai`, `@mariozechner/pi-coding-agent`, and `@mariozechner/pi-tui` peer dependencies to `^0.70.5`.
+
 ## [0.4.5] - 2026-04-27
 
 ### Fixed

package/README.md

@@ -93,6 +93,7 @@ The extension integrates via Pi's lifecycle hooks:
 - Extension-provided tools like `task`, `mcp`, and third-party tools are handled by exact registered name instead of private built-in hardcodes
 - When a subagent hits an `ask` permission without direct UI access, the request can be forwarded to the main interactive session for confirmation
 - Generic extension-tool approval prompts include a bounded input preview; built-in file tools use concise human-readable summaries instead of raw multiline JSON
+- Permission review logs include bounded `toolInputPreview` values for non-bash/non-MCP tool calls so approvals can be audited without writing raw full payloads
 - Path-bearing file tools (`read`, `write`, `edit`, `find`, `grep`, `ls`) evaluate `special.external_directory` before their normal tool permission when an explicit path points outside `ctx.cwd`
 
 ## Configuration
@@ -432,7 +433,7 @@ Default global logs directory: ~/.pi/agent/extensions/pi-permission-system/logs/
 Actual global logs directory: $PI_CODING_AGENT_DIR/extensions/pi-permission-system/logs when PI_CODING_AGENT_DIR is set
 ```
 
-- `pi-permission-system-permission-review.jsonl` — enabled by default for permission review/audit history
+- `pi-permission-system-permission-review.jsonl` — enabled by default for permission review/audit history, including bounded `toolInputPreview` values for non-bash/non-MCP tool calls
 - `pi-permission-system-debug.jsonl` — disabled by default and intended for troubleshooting
 
 ### Architecture

package/package.json

@@ -1,66 +1,66 @@
-{
-  "name": "pi-permission-system",
-  "version": "0.4.5",
-  "description": "Permission enforcement extension for the Pi coding agent.",
-  "type": "module",
-  "main": "./index.ts",
-  "exports": {
-    ".": "./index.ts"
-  },
-  "files": [
-    "index.ts",
-    "src",
-    "tests",
-    "config.json",
-    "config/config.example.json",
-    "schemas/permissions.schema.json",
-    "README.md",
-    "CHANGELOG.md",
-    "LICENSE"
-  ],
-  "scripts": {
-    "build": "npx --yes -p typescript@5.7.3 tsc -p tsconfig.json --noCheck",
-    "lint": "npm run build",
-    "test": "bun ./tests/permission-system.test.ts && bun ./tests/config-modal.test.ts",
-    "check": "npm run lint && npm run test"
-  },
-  "keywords": [
-    "pi-package",
-    "pi",
-    "pi-extension",
-    "pi-coding-agent",
-    "coding-agent",
-    "permissions",
-    "policy",
-    "access-control",
-    "authorization",
-    "security"
-  ],
-  "author": "MasuRii",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/MasuRii/pi-permission-system.git"
-  },
-  "homepage": "https://github.com/MasuRii/pi-permission-system#readme",
-  "bugs": {
-    "url": "https://github.com/MasuRii/pi-permission-system/issues"
-  },
-  "engines": {
-    "node": ">=20"
-  },
-  "publishConfig": {
-    "access": "public"
-  },
-  "pi": {
-    "extensions": [
-      "./index.ts"
-    ]
-  },
-  "peerDependencies": {
-    "@mariozechner/pi-ai": "^0.70.2",
-    "@mariozechner/pi-coding-agent": "^0.70.2",
-    "@mariozechner/pi-tui": "^0.70.2",
-    "@sinclair/typebox": "^0.34.49"
-  }
-}
+{
+  "name": "pi-permission-system",
+  "version": "0.4.6",
+  "description": "Permission enforcement extension for the Pi coding agent.",
+  "type": "module",
+  "main": "./index.ts",
+  "exports": {
+    ".": "./index.ts"
+  },
+  "files": [
+    "index.ts",
+    "src",
+    "tests",
+    "config.json",
+    "config/config.example.json",
+    "schemas/permissions.schema.json",
+    "README.md",
+    "CHANGELOG.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "npx --yes -p typescript@5.7.3 tsc -p tsconfig.json --noCheck",
+    "lint": "npm run build",
+    "test": "bun ./tests/permission-system.test.ts && bun ./tests/config-modal.test.ts",
+    "check": "npm run lint && npm run test"
+  },
+  "keywords": [
+    "pi-package",
+    "pi",
+    "pi-extension",
+    "pi-coding-agent",
+    "coding-agent",
+    "permissions",
+    "policy",
+    "access-control",
+    "authorization",
+    "security"
+  ],
+  "author": "MasuRii",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/MasuRii/pi-permission-system.git"
+  },
+  "homepage": "https://github.com/MasuRii/pi-permission-system#readme",
+  "bugs": {
+    "url": "https://github.com/MasuRii/pi-permission-system/issues"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "pi": {
+    "extensions": [
+      "./index.ts"
+    ]
+  },
+  "peerDependencies": {
+    "@mariozechner/pi-ai": "^0.70.5",
+    "@mariozechner/pi-coding-agent": "^0.70.5",
+    "@mariozechner/pi-tui": "^0.70.5",
+    "@sinclair/typebox": "^0.34.49"
+  }
+}

package/src/index.ts

@@ -22,7 +22,7 @@ import {
   savePermissionSystemConfig,
   type PermissionSystemExtensionConfig,
 } from "./extension-config.js";
-import { createPermissionSystemLogger } from "./logging.js";
+import { createPermissionSystemLogger, safeJsonStringify } from "./logging.js";
 import { registerPermissionSystemCommand } from "./config-modal.js";
 import {
   createPermissionForwardingLocation,
@@ -69,6 +69,7 @@ type PermissionRequestEvent = {
   path?: string;
   command?: string;
   target?: string;
+  toolInputPreview?: string;
   agentName?: string | null;
 };
 
@@ -313,6 +314,7 @@ function formatUserDeniedReason(result: PermissionCheckResult, denialReason?: st
 }
 
 const TOOL_INPUT_PREVIEW_MAX_LENGTH = 200;
+const TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH = 1000;
 const TOOL_TEXT_SUMMARY_MAX_LENGTH = 80;
 
 function truncateInlineText(value: string, maxLength: number): string {
@@ -406,30 +408,17 @@ function formatSearchInputForPrompt(toolName: string, input: Record<string, unkn
   return parts.length > 0 ? `for ${parts.join(", ")}` : "";
 }
 
-function formatJsonInputForPrompt(input: unknown): string {
-  if (input === undefined || input === null) {
-    return "";
-  }
-
-  if (typeof input === "object" && !Array.isArray(input) && Object.keys(input as Record<string, unknown>).length === 0) {
-    return "";
-  }
-
-  let serialized: string;
-  try {
-    serialized = JSON.stringify(input);
-  } catch {
-    return "";
-  }
-
+function serializeToolInputPreview(input: unknown): string {
+  const serialized = safeJsonStringify(input);
   if (!serialized || serialized === "{}" || serialized === "null") {
     return "";
   }
 
-  const inline = serialized
-    .replace(/\\r\\n|\\n|\\r|\\t/g, " ")
-    .replace(/\s+/g, " ")
-    .trim();
+  return serialized.replace(/\s+/g, " ").trim();
+}
+
+function formatJsonInputForPrompt(input: unknown): string {
+  const inline = serializeToolInputPreview(input);
   return inline ? `with input ${truncateInlineText(inline, TOOL_INPUT_PREVIEW_MAX_LENGTH)}` : "";
 }
 
@@ -519,10 +508,29 @@ function formatExternalDirectoryUserDeniedReason(
   return `User denied external directory access for tool '${toolName}' path '${pathValue}'.${reasonSuffix} ${formatExternalDirectoryHardStopHint()}`;
 }
 
-function getPermissionLogContext(result: PermissionCheckResult): { command?: string; target?: string } {
+function formatGenericToolInputForLog(input: unknown): string | undefined {
+  const inline = serializeToolInputPreview(input);
+  return inline ? `input ${truncateInlineText(inline, TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH)}` : undefined;
+}
+
+function getToolInputPreviewForLog(result: PermissionCheckResult, input: unknown): string | undefined {
+  if (result.toolName === "bash" || result.toolName === "mcp" || result.source === "mcp") {
+    return undefined;
+  }
+
+  if (PATH_BEARING_TOOLS.has(result.toolName)) {
+    const inputPreview = formatToolInputForPrompt(result.toolName, input);
+    return inputPreview ? truncateInlineText(inputPreview, TOOL_INPUT_LOG_PREVIEW_MAX_LENGTH) : undefined;
+  }
+
+  return formatGenericToolInputForLog(input);
+}
+
+function getPermissionLogContext(result: PermissionCheckResult, input: unknown): { command?: string; target?: string; toolInputPreview?: string } {
   return {
     command: result.command,
     target: result.target,
+    toolInputPreview: getToolInputPreviewForLog(result, input),
   };
 }
 
@@ -1114,6 +1122,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
       path?: string;
       command?: string;
       target?: string;
+      toolInputPreview?: string;
       resolution?: string;
       denialReason?: string;
     },
@@ -1129,6 +1138,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
       path: details.path ?? null,
       command: details.command ?? null,
       target: details.target ?? null,
+      toolInputPreview: details.toolInputPreview ?? null,
       resolution: details.resolution ?? null,
       denialReason: details.denialReason ?? null,
     });
@@ -1147,6 +1157,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
       path?: string;
       command?: string;
       target?: string;
+      toolInputPreview?: string;
     },
   ): Promise<PermissionPromptDecision> => {
     if (shouldAutoApprovePermissionState("ask", extensionConfig)) {
@@ -1162,6 +1173,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
         path: details.path,
         command: details.command,
         target: details.target,
+        toolInputPreview: details.toolInputPreview,
         agentName: details.agentName,
       });
       return { approved: true, state: "approved" };
@@ -1179,6 +1191,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
       path: details.path,
       command: details.command,
       target: details.target,
+      toolInputPreview: details.toolInputPreview,
       agentName: details.agentName,
     });
 
@@ -1199,6 +1212,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
       path: details.path,
       command: details.command,
       target: details.target,
+      toolInputPreview: details.toolInputPreview,
       agentName: details.agentName,
     });
 
@@ -1563,7 +1577,7 @@ export default function piPermissionSystemExtension(pi: ExtensionAPI): void {
     }
 
     const check = permissionManager.checkPermission(toolName, input, agentName ?? undefined);
-    const permissionLogContext = getPermissionLogContext(check);
+    const permissionLogContext = getPermissionLogContext(check, input);
 
     if (check.state === "deny") {
       writeReviewLog("permission_request.blocked", {

package/src/logging.ts

@@ -9,7 +9,7 @@ import {
   type PermissionSystemExtensionConfig,
 } from "./extension-config.js";
 
-function safeJsonStringify(value: unknown): string {
+export function safeJsonStringify(value: unknown): string | undefined {
   const seen = new WeakSet<object>();
   return JSON.stringify(value, (_key, currentValue) => {
     if (currentValue instanceof Error) {
@@ -66,6 +66,9 @@ export function createPermissionSystemLogger(options: PermissionSystemLoggerOpti
         event,
         ...details,
       });
+      if (!line) {
+        return `Failed to write permission-system ${stream} log '${path}': event could not be serialized.`;
+      }
       appendFileSync(path, `${line}\n`, "utf-8");
       return undefined;
     } catch (error) {