Found during v0.9.1 release review (CTO + Tech-Lead). The security fix e7ec6a9 (MCP tools ran with NO permission check — an Effect awaited but never run) has only grep-for-string coverage (v140-merge-adversarial.test.ts), which would pass even with the bug present. Add a test that drives an MCP tool call end-to-end through session/prompt.ts and asserts PermissionNext.ask is actually invoked / the call is gated. Prevents silent reintroduction on refactor.
Found during v0.9.1 release review (CTO + Tech-Lead). The security fix e7ec6a9 (MCP tools ran with NO permission check — an Effect awaited but never run) has only grep-for-string coverage (
v140-merge-adversarial.test.ts), which would pass even with the bug present. Add a test that drives an MCP tool call end-to-end throughsession/prompt.tsand assertsPermissionNext.askis actually invoked / the call is gated. Prevents silent reintroduction on refactor.