feat: expand auto trust setting to support more agents (pi,gemini)

[janburzinski]

Description

• expands auto trust worktree dicretories support to pi and gemini
• refacotr shared json trust-file read/write logic for claude,copilot,pi
• update ui copy to reflect broader support

Screenshot/Recording (if applicable)

https://streamable.com/y8pcxx

Checklist

• I kept this PR small and focused
• I ran a self-review before opening this PR
• I ran the relevant local checks or explained why not
• I updated docs when behavior or setup changed
• I added or updated tests when behavior changed, or explained why not
• I only added comments where the logic is not obvious
• I used Conventional Commits for commit
  messages and, when possible, the PR title

[greptile-apps]

Greptile Summary

This PR extends the auto-trust worktree feature to two new agents: Pi (via a new file-based trust service) and Gemini (via the existing GEMINI_CLI_TRUST_WORKSPACE env var), and extracts the previously inline JSON read/write/lock logic from ClaudeTrustService into a shared json-workspace-trust-config.ts module reused by both Claude/Copilot and Pi.

• New PiTrustService: uses a directory-based file lock (trust.json.lock) with retry-only-on-EEXIST semantics, fs.realpath canonicalization, and safe handling of null/denied/parent-folder trust decisions; covered by a comprehensive test suite.
• Gemini support: resolveProviderEnv now sets GEMINI_CLI_TRUST_WORKSPACE=true when autoTrustWorktrees is enabled (in addition to the existing autoApprove path); both LocalConversationProvider and SshConversationProvider fetch taskSettings and forward the flag.
• Refactor: ClaudeTrustService is slimmed down to provider selection + delegation, with all file I/O, locking, and serialization moved to the shared module.

Confidence Score: 5/5

Safe to merge — the refactor is well-scoped and the new Pi trust service is backed by thorough tests covering all trust edge cases.

All changed code paths are either clearly equivalent refactors of existing logic or new, well-tested functionality. The shared locking module correctly gates retries to EEXIST-only errors, the Gemini env-var path is a straightforward conditional extension, and both local and SSH conversation providers fetch settings once and forward them consistently. The one cosmetic issue (Copilot failures logging under the ClaudeTrustService name) has no effect on correctness.

No files require special attention beyond the copilotTrustConfig.serviceName nit in claude-trust-service.ts.

Important Files Changed

Filename	Overview
apps/emdash-desktop/src/main/core/agent-hooks/json-workspace-trust-config.ts	New shared module extracted from claude-trust-service; implements in-memory promise-chain locking for Claude/Copilot and directory-based file locking for Pi, with correct retry-only-on-EEXIST logic.
apps/emdash-desktop/src/main/core/agent-hooks/pi-trust-service.ts	New Pi trust service using the shared JSON workspace trust logic with file-lock, realpath canonicalization, and safe handling of null/false/existing parent trust decisions.
apps/emdash-desktop/src/main/core/agent-hooks/claude-trust-service.ts	Refactored to delegate local/SSH trust operations to shared helpers; copilotTrustConfig incorrectly carries serviceName 'ClaudeTrustService' which produces misleading log messages on Copilot failures.
apps/emdash-desktop/src/main/core/conversations/impl/provider-env.ts	GEMINI_CLI_TRUST_WORKSPACE is now set when autoTrustWorktrees is enabled (in addition to autoApprove), with correct undefined-safe fallback behaviour.
apps/emdash-desktop/src/main/core/agent-hooks/pi-trust-service.test.ts	Comprehensive tests covering local file-lock flow, symlink canonicalization, existing/denied/parent trust, corrupt config, and SSH atomic rename for Pi.

Sequence Diagram

sequenceDiagram
    participant Conv as LocalConversation / SshConversation
    participant WTS as WorkspaceTrustService
    participant CTS as ClaudeTrustService
    participant PTS as PiTrustService
    participant JWTC as json-workspace-trust-config
    participant FS as FileSystem

    Conv->>WTS: maybeAutoTrustLocal(providerId, cwd, homedir)
    WTS->>CTS: maybeAutoTrustLocal (claude / copilot)
    CTS->>JWTC: ensureLocalJsonWorkspaceTrust(cwd, homedir, trustConfig, locks)
    JWTC->>FS: readLocalConfig → writeLocalConfigAtomic
    WTS->>PTS: maybeAutoTrustLocal (pi)
    PTS->>JWTC: ensureLocalJsonWorkspaceTrust(cwd, homedir, piTrustConfig, locks)
    Note over JWTC: useFileLock=true → acquireLocalFileLock
    JWTC->>FS: mkdir trust.json.lock
    JWTC->>FS: readLocalConfig → writeLocalConfigAtomic
    JWTC->>FS: rmdir trust.json.lock
    Conv->>Conv: resolveProviderEnv(config, autoTrustWorktrees)
    Note over Conv: gemini → GEMINI_CLI_TRUST_WORKSPACE=true

Loading

_{Reviews (2): Last reviewed commit: "fix(agent-hooks): limit trust lock retri..." | Re-trigger Greptile}

[janburzinski]

@greptileai