From 6d5d250f8fedfed22d9e5be9535e742eb1e67c47 Mon Sep 17 00:00:00 2001
From: gustavosmendes <87918773+gustavosmendes@users.noreply.github.com>
Date: Wed, 18 Feb 2026 16:24:20 -0300
Subject: [PATCH] Update src/hooks/write-existing-file-guard/index.test.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .../write-existing-file-guard/index.test.ts   | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/src/hooks/write-existing-file-guard/index.test.ts b/src/hooks/write-existing-file-guard/index.test.ts
index a2700de0b..5e41b76a8 100644
--- a/src/hooks/write-existing-file-guard/index.test.ts
+++ b/src/hooks/write-existing-file-guard/index.test.ts
@@ -340,4 +340,41 @@ describe("createWriteExistingFileGuardHook", () => {
       })
     ).resolves.toBeDefined()
   })
+
+  test("#given session permissions #when session deleted #then subsequent writes are blocked", async () => {
+    const existingFile = createFile("cleanup.txt")
+    const sessionID = "ses_cleanup"
+
+    // establish permission by reading the existing file
+    await invoke({
+      tool: "read",
+      sessionID,
+      outputArgs: { filePath: existingFile },
+    })
+
+    // sanity check: write should be allowed while the session is active
+    await expect(
+      invoke({
+        tool: "write",
+        sessionID,
+        outputArgs: { filePath: existingFile, content: "first write" },
+      })
+    ).resolves.toBeDefined()
+
+    // delete the session to trigger cleanup of any stored permissions/state
+    await invoke({
+      tool: "session.deleted",
+      sessionID,
+      outputArgs: {},
+    })
+
+    // after session deletion, the previous permissions must no longer apply
+    await expect(
+      invoke({
+        tool: "write",
+        sessionID,
+        outputArgs: { filePath: existingFile, content: "second write after delete" },
+      })
+    ).rejects.toThrow(BLOCK_MESSAGE)
+  })
 })