npm - @vellumai/assistant - Versions diffs - 0.10.1 → 0.10.2-dev.202606241651.2d2b40d - Mend

@vellumai/assistant 0.10.1 → 0.10.2-dev.202606241651.2d2b40d

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (367) hide show

package/src/__tests__/host-bash-routes.test.ts CHANGED Viewed

@@ -95,7 +95,7 @@ afterAll(() => {
 const handleHostBashResult = ROUTES.find(
   (r) => r.endpoint === "host-bash-result",
-)!.handler;
+)!.handler as (args: Record<string, unknown>) => Promise<unknown>;
 // ── Helpers ──────────────────────────────────────────────────────────
@@ -244,22 +244,20 @@ describe("handleHostBashResult", () => {
       ).toThrow(ForbiddenError);
     });
-    test("interaction is NOT resolved on cross-actor 403 (still pending)", () => {
+    test("interaction is NOT resolved on cross-actor 403 (still pending)", async () => {
       const requestId = "req-actor-mismatch-stays";
       clientActorPrincipals.set("client-abc", "principal-victim");
       registerPending(requestId, { targetClientId: "client-abc" });
-      try {
-        handleHostBashResult({
-          body: bashBody(requestId),
-          headers: {
-            "x-vellum-client-id": "client-abc",
-            "x-vellum-actor-principal-id": "principal-attacker",
-          },
-        });
-      } catch {
+      await handleHostBashResult({
+        body: bashBody(requestId),
+        headers: {
+          "x-vellum-client-id": "client-abc",
+          "x-vellum-actor-principal-id": "principal-attacker",
+        },
+      }).catch(() => {
         // expected
-      }
+      });
       expect(resolvedIds).not.toContain(requestId);
       expect(pendingStore.has(requestId)).toBe(true);
@@ -278,19 +276,17 @@ describe("handleHostBashResult", () => {
       ).toThrow(ForbiddenError);
     });
-    test("interaction is NOT resolved when submitting actor is missing (still pending)", () => {
+    test("interaction is NOT resolved when submitting actor is missing (still pending)", async () => {
       const requestId = "req-actor-missing-stays";
       clientActorPrincipals.set("client-abc", "principal-victim");
       registerPending(requestId, { targetClientId: "client-abc" });
-      try {
-        handleHostBashResult({
-          body: bashBody(requestId),
-          headers: { "x-vellum-client-id": "client-abc" },
-        });
-      } catch {
+      await handleHostBashResult({
+        body: bashBody(requestId),
+        headers: { "x-vellum-client-id": "client-abc" },
+      }).catch(() => {
         // expected
-      }
+      });
       expect(resolvedIds).not.toContain(requestId);
       expect(pendingStore.has(requestId)).toBe(true);
@@ -358,15 +354,13 @@ describe("handleHostBashResult", () => {
       ).toThrow(BadRequestError);
     });
-    test("interaction is NOT resolved on 400 (still pending)", () => {
+    test("interaction is NOT resolved on 400 (still pending)", async () => {
       const requestId = "req-targeted-no-header-stays";
       registerPending(requestId, { targetClientId: "client-abc" });
-      try {
-        handleHostBashResult({ body: bashBody(requestId) });
-      } catch {
+      await handleHostBashResult({ body: bashBody(requestId) }).catch(() => {
         // expected
-      }
+      });
       expect(resolvedIds).not.toContain(requestId);
       expect(pendingStore.has(requestId)).toBe(true);
@@ -388,19 +382,17 @@ describe("handleHostBashResult", () => {
       ).toThrow(ForbiddenError);
     });
-    test("ForbiddenError message names both the submitting and expected client", () => {
+    test("ForbiddenError message names both the submitting and expected client", async () => {
       const requestId = "req-targeted-mismatch-msg";
       registerPending(requestId, { targetClientId: "client-abc" });
       let caught: unknown;
-      try {
-        handleHostBashResult({
-          body: bashBody(requestId),
-          headers: { "x-vellum-client-id": "client-xyz" },
-        });
-      } catch (e) {
+      await handleHostBashResult({
+        body: bashBody(requestId),
+        headers: { "x-vellum-client-id": "client-xyz" },
+      }).catch((e: unknown) => {
         caught = e;
-      }
+      });
       expect(caught).toBeInstanceOf(ForbiddenError);
       const msg = (caught as ForbiddenError).message;
@@ -408,18 +400,16 @@ describe("handleHostBashResult", () => {
       expect(msg).toContain("client-abc");
     });
-    test("interaction is NOT resolved on 403 (still pending)", () => {
+    test("interaction is NOT resolved on 403 (still pending)", async () => {
       const requestId = "req-targeted-mismatch-stays";
       registerPending(requestId, { targetClientId: "client-abc" });
-      try {
-        handleHostBashResult({
-          body: bashBody(requestId),
-          headers: { "x-vellum-client-id": "client-xyz" },
-        });
-      } catch {
+      await handleHostBashResult({
+        body: bashBody(requestId),
+        headers: { "x-vellum-client-id": "client-xyz" },
+      }).catch(() => {
         // expected
-      }
+      });
       expect(resolvedIds).not.toContain(requestId);
       expect(pendingStore.has(requestId)).toBe(true);

package/src/__tests__/host-browser-routes.test.ts CHANGED Viewed

@@ -39,7 +39,7 @@ afterAll(() => {
 const handleHostBrowserResult = ROUTES.find(
   (r) => r.endpoint === "host-browser-result",
-)!.handler;
+)!.handler as (args: Record<string, unknown>) => Promise<unknown>;
 // ── Tests ────────────────────────────────────────────────────────────
@@ -212,7 +212,7 @@ describe("handleHostBrowserResult — same-actor guard", () => {
       ).toThrow(BadRequestError);
     });
-    test("interaction is NOT consumed on 400 (still pending)", () => {
+    test("interaction is NOT consumed on 400 (still pending)", async () => {
       const requestId = "browser-req-targeted-no-header-stays";
       pendingInteractions.register(requestId, {
         conversationId: "conv-1",
@@ -221,13 +221,11 @@ describe("handleHostBrowserResult — same-actor guard", () => {
         targetActorPrincipalId: "user-1",
       });
-      try {
-        handleHostBrowserResult({
-          body: { requestId, content: "ok", isError: false },
-        });
-      } catch {
+      await handleHostBrowserResult({
+        body: { requestId, content: "ok", isError: false },
+      }).catch(() => {
         // expected
-      }
+      });
       expect(pendingInteractions.get(requestId)).toBeDefined();
     });
@@ -256,7 +254,7 @@ describe("handleHostBrowserResult — same-actor guard", () => {
       ).toThrow(ForbiddenError);
     });
-    test("ForbiddenError message names both submitting and expected client", () => {
+    test("ForbiddenError message names both submitting and expected client", async () => {
       const requestId = "browser-req-targeted-mismatch-msg";
       pendingInteractions.register(requestId, {
         conversationId: "conv-1",
@@ -267,7 +265,7 @@ describe("handleHostBrowserResult — same-actor guard", () => {
       let caught: unknown;
       try {
-        handleHostBrowserResult({
+        await handleHostBrowserResult({
           body: { requestId, content: "ok", isError: false },
           headers: {
             "x-vellum-client-id": "client-B",
@@ -284,7 +282,7 @@ describe("handleHostBrowserResult — same-actor guard", () => {
       expect(msg).toContain("client-B");
     });
-    test("interaction is NOT consumed on 403 (still pending)", () => {
+    test("interaction is NOT consumed on 403 (still pending)", async () => {
       const requestId = "browser-req-targeted-mismatch-stays";
       pendingInteractions.register(requestId, {
         conversationId: "conv-1",
@@ -293,17 +291,15 @@ describe("handleHostBrowserResult — same-actor guard", () => {
         targetActorPrincipalId: "user-1",
       });
-      try {
-        handleHostBrowserResult({
-          body: { requestId, content: "ok", isError: false },
-          headers: {
-            "x-vellum-client-id": "client-B",
-            "x-vellum-actor-principal-id": "user-1",
-          },
-        });
-      } catch {
+      await handleHostBrowserResult({
+        body: { requestId, content: "ok", isError: false },
+        headers: {
+          "x-vellum-client-id": "client-B",
+          "x-vellum-actor-principal-id": "user-1",
+        },
+      }).catch(() => {
         // expected
-      }
+      });
       expect(pendingInteractions.get(requestId)).toBeDefined();
     });
@@ -369,7 +365,7 @@ describe("handleHostBrowserResult — same-actor guard", () => {
       ).toThrow(ForbiddenError);
     });
-    test("interaction NOT consumed on actor-mismatch 403", () => {
+    test("interaction NOT consumed on actor-mismatch 403", async () => {
       const requestId = "browser-req-actor-mismatch-stays";
       pendingInteractions.register(requestId, {
         conversationId: "conv-1",
@@ -378,17 +374,15 @@ describe("handleHostBrowserResult — same-actor guard", () => {
         targetActorPrincipalId: "user-1",
       });
-      try {
-        handleHostBrowserResult({
-          body: { requestId, content: "ok", isError: false },
-          headers: {
-            "x-vellum-client-id": "client-A",
-            "x-vellum-actor-principal-id": "user-2",
-          },
-        });
-      } catch {
+      await handleHostBrowserResult({
+        body: { requestId, content: "ok", isError: false },
+        headers: {
+          "x-vellum-client-id": "client-A",
+          "x-vellum-actor-principal-id": "user-2",
+        },
+      }).catch(() => {
         // expected
-      }
+      });
       expect(pendingInteractions.get(requestId)).toBeDefined();
     });

package/src/__tests__/host-cu-proxy.test.ts CHANGED Viewed

@@ -477,6 +477,305 @@ describe("HostCuProxy", () => {
       expect(result2.content).not.toContain("NO VISIBLE EFFECT");
     });
+    test("skips unchanged warning and counter after a selection-only key (cmd+a)", async () => {
+      setup();
+      // Establish previous AX tree
+      const p1 = proxy.request(
+        "computer_use_click",
+        { element_id: 1 },
+        "session-1",
+        1,
+      );
+      proxy.recordAction("computer_use_click", { element_id: 1 });
+      const sent1 = sentMessages[0] as Record<string, unknown>;
+      proxy.processObservation(sent1.requestId as string, {
+        axTree: "TextField [1]",
+      });
+      await p1;
+      // cmd+a only changes selection — AX tree can't show it, so empty diff
+      // is expected and must NOT warn or bump the unchanged counter.
+      const p2 = proxy.request(
+        "computer_use_key",
+        { key: "cmd+a" },
+        "session-1",
+        2,
+      );
+      proxy.recordAction("computer_use_key", { key: "cmd+a" });
+      const sent2 = sentMessages[1] as Record<string, unknown>;
+      proxy.processObservation(sent2.requestId as string, {
+        axTree: "TextField [1]",
+        // No axDiff — selection change is invisible in the AX tree
+      });
+      const result2 = await p2;
+      expect(result2.content).not.toContain("NO VISIBLE EFFECT");
+      expect(proxy.consecutiveUnchangedSteps).toBe(0);
+    });
+    test("exempts key combos regardless of spacing, case, alias, or modifier order", async () => {
+      // All of these normalize to an exempt combo the mac helper would execute
+      // identically: spaced, uppercase, alt->option alias, command->cmd alias,
+      // and reversed modifier order.
+      const variants = ["cmd + a", "CMD+A", "alt+tab", "command+c", "tab+shift"];
+      for (const [i, variant] of variants.entries()) {
+        setup();
+        // Establish previous AX tree
+        const p1 = proxy.request(
+          "computer_use_click",
+          { element_id: 1 },
+          `session-${i}`,
+          1,
+        );
+        proxy.recordAction("computer_use_click", { element_id: 1 });
+        const sent1 = sentMessages[0] as Record<string, unknown>;
+        proxy.processObservation(sent1.requestId as string, {
+          axTree: "TextField [1]",
+        });
+        await p1;
+        const p2 = proxy.request(
+          "computer_use_key",
+          { key: variant },
+          `session-${i}`,
+          2,
+        );
+        proxy.recordAction("computer_use_key", { key: variant });
+        const sent2 = sentMessages[1] as Record<string, unknown>;
+        proxy.processObservation(sent2.requestId as string, {
+          axTree: "TextField [1]",
+          // No axDiff — invisible-by-design change
+        });
+        const result2 = await p2;
+        expect(result2.content).not.toContain("NO VISIBLE EFFECT");
+        expect(proxy.consecutiveUnchangedSteps).toBe(0);
+      }
+    });
+    test("exempt key clears the no-effect streak between non-exempt no-ops", async () => {
+      setup();
+      // Establish previous AX tree
+      const p1 = proxy.request(
+        "computer_use_click",
+        { element_id: 1 },
+        "session-1",
+        1,
+      );
+      proxy.recordAction("computer_use_click", { element_id: 1 });
+      const sent1 = sentMessages[0] as Record<string, unknown>;
+      proxy.processObservation(sent1.requestId as string, {
+        axTree: "TextField [1]",
+      });
+      await p1;
+      // Non-exempt no-diff click — streak = 1
+      const p2 = proxy.request(
+        "computer_use_click",
+        { element_id: 1 },
+        "session-1",
+        2,
+      );
+      proxy.recordAction("computer_use_click", { element_id: 1 });
+      const sent2 = sentMessages[1] as Record<string, unknown>;
+      proxy.processObservation(sent2.requestId as string, {
+        axTree: "TextField [1]",
+      });
+      await p2;
+      expect(proxy.consecutiveUnchangedSteps).toBe(1);
+      // Exempt cmd+a no-diff — must CLEAR the streak, not just skip it
+      const p3 = proxy.request(
+        "computer_use_key",
+        { key: "cmd+a" },
+        "session-1",
+        3,
+      );
+      proxy.recordAction("computer_use_key", { key: "cmd+a" });
+      const sent3 = sentMessages[2] as Record<string, unknown>;
+      proxy.processObservation(sent3.requestId as string, {
+        axTree: "TextField [1]",
+      });
+      await p3;
+      expect(proxy.consecutiveUnchangedSteps).toBe(0);
+      // Next non-exempt no-diff click — streak = 1 again, NOT a "2 consecutive"
+      // escalation bridged across the exempt keypress.
+      const p4 = proxy.request(
+        "computer_use_click",
+        { element_id: 1 },
+        "session-1",
+        4,
+      );
+      proxy.recordAction("computer_use_click", { element_id: 1 });
+      const sent4 = sentMessages[3] as Record<string, unknown>;
+      proxy.processObservation(sent4.requestId as string, {
+        axTree: "TextField [1]",
+      });
+      const result4 = await p4;
+      expect(proxy.consecutiveUnchangedSteps).toBe(1);
+      expect(result4.content).not.toContain("2 consecutive");
+    });
+    test("still warns for a non-exempt key (enter) with no diff", async () => {
+      setup();
+      // Establish previous AX tree
+      const p1 = proxy.request(
+        "computer_use_click",
+        { element_id: 1 },
+        "session-1",
+        1,
+      );
+      proxy.recordAction("computer_use_click", { element_id: 1 });
+      const sent1 = sentMessages[0] as Record<string, unknown>;
+      proxy.processObservation(sent1.requestId as string, {
+        axTree: "Button [1]",
+      });
+      await p1;
+      // enter is not in the exempt set — an empty diff should still warn.
+      const p2 = proxy.request(
+        "computer_use_key",
+        { key: "enter" },
+        "session-1",
+        2,
+      );
+      proxy.recordAction("computer_use_key", { key: "enter" });
+      const sent2 = sentMessages[1] as Record<string, unknown>;
+      proxy.processObservation(sent2.requestId as string, {
+        axTree: "Button [1]",
+      });
+      const result2 = await p2;
+      expect(result2.content).toContain("NO VISIBLE EFFECT");
+      expect(proxy.consecutiveUnchangedSteps).toBe(1);
+    });
+    test("still warns for a non-exempt action (click) with no diff", async () => {
+      setup();
+      // Establish previous AX tree
+      const p1 = proxy.request(
+        "computer_use_click",
+        { element_id: 1 },
+        "session-1",
+        1,
+      );
+      proxy.recordAction("computer_use_click", { element_id: 1 });
+      const sent1 = sentMessages[0] as Record<string, unknown>;
+      proxy.processObservation(sent1.requestId as string, {
+        axTree: "Button [1]",
+      });
+      await p1;
+      const p2 = proxy.request(
+        "computer_use_click",
+        { element_id: 1 },
+        "session-1",
+        2,
+      );
+      proxy.recordAction("computer_use_click", { element_id: 1 });
+      const sent2 = sentMessages[1] as Record<string, unknown>;
+      proxy.processObservation(sent2.requestId as string, {
+        axTree: "Button [1]",
+      });
+      const result2 = await p2;
+      expect(result2.content).toContain("NO VISIBLE EFFECT");
+      expect(proxy.consecutiveUnchangedSteps).toBe(1);
+    });
+    test("loop detection still fires for repeated identical exempt keys", () => {
+      setup();
+      // Even though `up` is exempt from the unchanged-effect warning, repeating
+      // the same key must still be caught by loop detection.
+      proxy.recordAction("computer_use_key", { key: "up" });
+      proxy.recordAction("computer_use_key", { key: "up" });
+      proxy.recordAction("computer_use_key", { key: "up" });
+      const result = proxy.formatObservation({
+        axTree: "Button [1]",
+      });
+      expect(result.content).toContain(
+        "WARNING: You've repeated the same action (computer_use_key) 3 times",
+      );
+      expect(result.content).not.toContain("NO VISIBLE EFFECT");
+    });
+    test("loop detection fires for the same exempt combo spelled differently", () => {
+      setup();
+      // Equivalent spellings the mac helper executes identically must count as
+      // the same action — otherwise a stuck session could repeat cmd+a forever
+      // (no-effect warning is suppressed for exempt keys, so loop detection is
+      // the only remaining guard).
+      proxy.recordAction("computer_use_key", { key: "cmd+a" });
+      proxy.recordAction("computer_use_key", { key: "command+a" });
+      proxy.recordAction("computer_use_key", { key: "cmd + a" });
+      const result = proxy.formatObservation({
+        axTree: "Button [1]",
+      });
+      expect(result.content).toContain(
+        "WARNING: You've repeated the same action (computer_use_key) 3 times",
+      );
+    });
+    test("loop detection ignores the same combo sent to different clients", () => {
+      setup();
+      // Same key, different target desktops — not a repeat on one UI, so loop
+      // detection must NOT fire. Routing fields are kept in the signature.
+      proxy.recordAction("computer_use_key", {
+        key: "cmd+a",
+        target_client_id: "client-a",
+      });
+      proxy.recordAction("computer_use_key", {
+        key: "cmd+a",
+        target_client_id: "client-b",
+      });
+      proxy.recordAction("computer_use_key", {
+        key: "cmd+a",
+        target_client_id: "client-c",
+      });
+      const result = proxy.formatObservation({
+        axTree: "Button [1]",
+      });
+      expect(result.content).not.toContain("WARNING: You've repeated");
+    });
+    test("loop detection fires for the same combo+client across spellings", () => {
+      setup();
+      // Same target client, equivalent spellings — still a repeat on one UI.
+      proxy.recordAction("computer_use_key", {
+        key: "cmd+a",
+        target_client_id: "client-a",
+      });
+      proxy.recordAction("computer_use_key", {
+        key: "command+a",
+        target_client_id: "client-a",
+      });
+      proxy.recordAction("computer_use_key", {
+        key: "cmd + a",
+        target_client_id: "client-a",
+      });
+      const result = proxy.formatObservation({
+        axTree: "Button [1]",
+      });
+      expect(result.content).toContain(
+        "WARNING: You've repeated the same action (computer_use_key) 3 times",
+      );
+    });
     test("resets consecutive count when diff is present", async () => {
       setup();

package/src/__tests__/host-cu-routes-targeted.test.ts CHANGED Viewed

@@ -104,7 +104,7 @@ afterAll(() => {
 const handleHostCuResult = ROUTES.find(
   (r: { endpoint: string }) => r.endpoint === "host-cu-result",
-)!.handler;
+)!.handler as (args: Record<string, unknown>) => Promise<unknown>;
 // ── Helpers ──────────────────────────────────────────────────────────────────
@@ -226,15 +226,13 @@ describe("handleHostCuResult — Phase 2 targetClientId guard", () => {
       ).toThrow(BadRequestError);
     });
-    test("interaction is NOT resolved on 400 (still pending)", () => {
+    test("interaction is NOT resolved on 400 (still pending)", async () => {
       const requestId = "req-cu-targeted-no-header-stays";
       registerPending(requestId, { targetClientId: "client-A" });
-      try {
-        handleHostCuResult({ body: cuBody(requestId) });
-      } catch {
+      await handleHostCuResult({ body: cuBody(requestId) }).catch(() => {
         // expected
-      }
+      });
       expect(resolvedIds).not.toContain(requestId);
       expect(pendingStore.has(requestId)).toBe(true);
@@ -256,19 +254,17 @@ describe("handleHostCuResult — Phase 2 targetClientId guard", () => {
       ).toThrow(ForbiddenError);
     });
-    test("ForbiddenError message names both submitting and expected client", () => {
+    test("ForbiddenError message names both submitting and expected client", async () => {
       const requestId = "req-cu-targeted-mismatch-msg";
       registerPending(requestId, { targetClientId: "client-A" });
       let caught: unknown;
-      try {
-        handleHostCuResult({
-          body: cuBody(requestId),
-          headers: { "x-vellum-client-id": "client-B" },
-        });
-      } catch (e) {
+      await handleHostCuResult({
+        body: cuBody(requestId),
+        headers: { "x-vellum-client-id": "client-B" },
+      }).catch((e: unknown) => {
         caught = e;
-      }
+      });
       expect(caught).toBeInstanceOf(ForbiddenError);
       const msg = (caught as ForbiddenError).message;
@@ -276,18 +272,16 @@ describe("handleHostCuResult — Phase 2 targetClientId guard", () => {
       expect(msg).toContain("client-A");
     });
-    test("interaction is NOT consumed on 403 (pendingInteractions.get still returns it)", () => {
+    test("interaction is NOT consumed on 403 (pendingInteractions.get still returns it)", async () => {
       const requestId = "req-cu-targeted-mismatch-stays";
       registerPending(requestId, { targetClientId: "client-A" });
-      try {
-        handleHostCuResult({
-          body: cuBody(requestId),
-          headers: { "x-vellum-client-id": "client-B" },
-        });
-      } catch {
+      await handleHostCuResult({
+        body: cuBody(requestId),
+        headers: { "x-vellum-client-id": "client-B" },
+      }).catch(() => {
         // expected
-      }
+      });
       expect(resolvedIds).not.toContain(requestId);
       expect(pendingStore.has(requestId)).toBe(true);
@@ -331,22 +325,20 @@ describe("handleHostCuResult — Phase 2 targetClientId guard", () => {
       ).toThrow(ForbiddenError);
     });
-    test("interaction NOT consumed on 403 actor mismatch", () => {
+    test("interaction NOT consumed on 403 actor mismatch", async () => {
       const requestId = "req-cu-actor-mismatch-stays";
       actorPrincipalByClient.set("client-A", "user-1");
       registerPending(requestId, { targetClientId: "client-A" });
-      try {
-        handleHostCuResult({
-          body: cuBody(requestId),
-          headers: {
-            "x-vellum-client-id": "client-A",
-            "x-vellum-actor-principal-id": "user-2",
-          },
-        });
-      } catch {
+      await handleHostCuResult({
+        body: cuBody(requestId),
+        headers: {
+          "x-vellum-client-id": "client-A",
+          "x-vellum-actor-principal-id": "user-2",
+        },
+      }).catch(() => {
         // expected
-      }
+      });
       expect(resolvedIds).not.toContain(requestId);
       expect(pendingStore.has(requestId)).toBe(true);