fix: deny-by-default when ctx.ui.custom() returns undefined in RPC mode#25
Merged
fix: deny-by-default when ctx.ui.custom() returns undefined in RPC mode#25
Conversation
- Add test harness utilities (pi-context, pi-test-harness, matchers, theme, tmpdir, load-extension, pi-internal types) - Add 14 unit tests for permission gate covering TUI, RPC fallback, and no-UI scenarios - Update vitest.config.ts with alias and setupFiles - Update tsconfig.json to include tests/ and vitest.config.ts - Document test conventions in AGENTS.md - Add development section to README.md
In RPC mode, ctx.ui.custom() returns undefined (Pi's RPC runtime stubs
it as async custom() { return undefined; }). The permission gate only
checked for result === 'deny', so undefined fell through and dangerous
commands were silently allowed.
Fall back to ctx.ui.select() (which works over RPC) when custom()
returns undefined. If select() also returns undefined or unrecognized,
deny by default.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #19. Rewrites PR #20 on top of current main (which now includes the path-access feature, causing massive conflicts on the old branch).
Bug:
ctx.ui.custom()returnsundefinedin RPC mode (Pi's RPC runtime stubs it asasync custom() { return undefined; }). The permission gate only checked forresult === "deny", soundefinedfell through and dangerous commands were silently allowed.Fix:
ctx.ui.select()(which works over the RPC protocol) whencustom()returnsundefinedselect()also returnsundefinedor an unrecognized value, deny by defaultSELECT_ALLOW_ONCE,SELECT_ALLOW_SESSION,SELECT_DENY)Test coverage (14 tests, all passing):
custom()select()"deny""allow"undefined"Allow once"undefined"Allow for session"undefined"Deny"undefinedundefinedundefined"maybe"hasUI=false)Also adds vitest test infrastructure (test harness, spy-based context builders, custom matchers) for future test development.
Note
This PR was made by
pi (synthetic/hf:zai-org/GLM-5.1)