npm - @vellumai/assistant - Versions diffs - 0.3.15 → 0.3.16 - Mend

@vellumai/assistant 0.3.15 → 0.3.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (290) hide show

package/ARCHITECTURE.md +142 -0
package/Dockerfile +1 -1
package/README.md +5 -5
package/docs/architecture/http-token-refresh.md +252 -0
package/docs/architecture/memory.md +5 -4
package/docs/architecture/scheduling.md +4 -88
package/docs/runbook-trusted-contacts.md +283 -0
package/docs/trusted-contact-access.md +247 -0
package/package.json +1 -1
package/scripts/ipc/check-swift-decoder-drift.ts +2 -0
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +2 -6
package/src/__tests__/access-request-decision.test.ts +331 -0
package/src/__tests__/asset-materialize-tool.test.ts +7 -7
package/src/__tests__/asset-search-tool.test.ts +15 -15
package/src/__tests__/attachments-store.test.ts +13 -13
package/src/__tests__/call-controller.test.ts +150 -4
package/src/__tests__/call-conversation-messages.test.ts +2 -2
package/src/__tests__/call-pointer-messages.test.ts +28 -0
package/src/__tests__/call-start-guardian-guard.test.ts +93 -0
package/src/__tests__/channel-approval-routes.test.ts +108 -12
package/src/__tests__/channel-guardian.test.ts +16 -14
package/src/__tests__/checker.test.ts +24 -0
package/src/__tests__/computer-use-skill-manifest-regression.test.ts +2 -2
package/src/__tests__/config-watcher.test.ts +358 -0
package/src/__tests__/conversation-pairing.test.ts +24 -24
package/src/__tests__/conversation-store.test.ts +36 -36
package/src/__tests__/date-context.test.ts +179 -1
package/src/__tests__/db-migration-rollback.test.ts +4 -7
package/src/__tests__/deterministic-verification-control-plane.test.ts +5 -5
package/src/__tests__/emit-signal-routing-intent.test.ts +179 -0
package/src/__tests__/gateway-only-guard.test.ts +188 -0
package/src/__tests__/guardian-action-conversation-turn.test.ts +451 -0
package/src/__tests__/guardian-action-copy-generator.test.ts +197 -0
package/src/__tests__/guardian-action-followup-executor.test.ts +379 -0
package/src/__tests__/guardian-action-followup-store.test.ts +376 -0
package/src/__tests__/guardian-action-late-reply.test.ts +294 -0
package/src/__tests__/guardian-action-no-hardcoded-copy.test.ts +71 -0
package/src/__tests__/guardian-action-sweep.test.ts +9 -9
package/src/__tests__/guardian-outbound-http.test.ts +194 -2
package/src/__tests__/guardian-verification-intent-routing.test.ts +179 -0
package/src/__tests__/guardian-verify-setup-skill-regression.test.ts +141 -0
package/src/__tests__/handlers-telegram-config.test.ts +6 -6
package/src/__tests__/hooks-runner.test.ts +13 -4
package/src/__tests__/ingress-routes-http.test.ts +443 -0
package/src/__tests__/intent-routing.test.ts +14 -0
package/src/__tests__/ipc-snapshot.test.ts +2 -5
package/src/__tests__/media-reuse-story.e2e.test.ts +7 -7
package/src/__tests__/memory-regressions.test.ts +16 -12
package/src/__tests__/non-member-access-request.test.ts +282 -0
package/src/__tests__/notification-decision-strategy.test.ts +136 -0
package/src/__tests__/notification-routing-intent.test.ts +11 -1
package/src/__tests__/notification-thread-candidates.test.ts +166 -0
package/src/__tests__/recording-intent.test.ts +1 -0
package/src/__tests__/recording-state-machine.test.ts +328 -17
package/src/__tests__/registry.test.ts +17 -8
package/src/__tests__/relay-server.test.ts +105 -0
package/src/__tests__/reminder.test.ts +13 -0
package/src/__tests__/runtime-attachment-metadata.test.ts +4 -4
package/src/__tests__/scheduler-recurrence.test.ts +50 -0
package/src/__tests__/server-history-render.test.ts +8 -8
package/src/__tests__/session-agent-loop.test.ts +1 -0
package/src/__tests__/session-runtime-assembly.test.ts +49 -0
package/src/__tests__/session-skill-tools.test.ts +1 -0
package/src/__tests__/skill-projection.benchmark.test.ts +11 -3
package/src/__tests__/slack-channel-config.test.ts +230 -0
package/src/__tests__/subagent-manager-notify.test.ts +4 -4
package/src/__tests__/swarm-session-integration.test.ts +2 -2
package/src/__tests__/system-prompt.test.ts +43 -0
package/src/__tests__/task-management-tools.test.ts +3 -3
package/src/__tests__/task-tools.test.ts +3 -3
package/src/__tests__/trust-store.test.ts +17 -1
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +491 -0
package/src/__tests__/trusted-contact-multichannel.test.ts +409 -0
package/src/__tests__/trusted-contact-verification.test.ts +360 -0
package/src/__tests__/update-bulletin-format.test.ts +119 -0
package/src/__tests__/update-bulletin-state.test.ts +129 -0
package/src/__tests__/update-bulletin.test.ts +260 -0
package/src/__tests__/update-template-contract.test.ts +29 -0
package/src/agent/loop.ts +2 -2
package/src/amazon/client.ts +2 -3
package/src/calls/call-controller.ts +115 -34
package/src/calls/call-conversation-messages.ts +2 -2
package/src/calls/call-domain.ts +10 -3
package/src/calls/call-pointer-messages.ts +17 -5
package/src/calls/guardian-action-sweep.ts +77 -36
package/src/calls/relay-server.ts +51 -12
package/src/calls/twilio-routes.ts +3 -1
package/src/calls/types.ts +1 -1
package/src/calls/voice-session-bridge.ts +4 -4
package/src/cli/core-commands.ts +3 -3
package/src/cli/map.ts +8 -5
package/src/config/bundled-skills/phone-calls/SKILL.md +16 -1
package/src/config/bundled-skills/tasks/SKILL.md +1 -1
package/src/config/bundled-skills/tasks/TOOLS.json +4 -4
package/src/config/bundled-skills/time-based-actions/SKILL.md +11 -1
package/src/config/computer-use-prompt.ts +1 -0
package/src/config/core-schema.ts +16 -0
package/src/config/env-registry.ts +1 -0
package/src/config/env.ts +16 -1
package/src/config/memory-schema.ts +5 -0
package/src/config/schema.ts +4 -0
package/src/config/system-prompt.ts +69 -2
package/src/config/templates/BOOTSTRAP.md +1 -1
package/src/config/templates/IDENTITY.md +8 -4
package/src/config/templates/SOUL.md +14 -0
package/src/config/templates/UPDATES.md +16 -0
package/src/config/templates/USER.md +5 -1
package/src/config/types.ts +1 -0
package/src/config/update-bulletin-format.ts +52 -0
package/src/config/update-bulletin-state.ts +49 -0
package/src/config/update-bulletin.ts +82 -0
package/src/config/vellum-skills/catalog.json +6 -0
package/src/config/vellum-skills/chatgpt-import/tools/chatgpt-import.ts +1 -1
package/src/config/vellum-skills/guardian-verify-setup/SKILL.md +44 -10
package/src/config/vellum-skills/telegram-setup/SKILL.md +4 -4
package/src/config/vellum-skills/trusted-contacts/SKILL.md +147 -0
package/src/config/vellum-skills/twilio-setup/SKILL.md +2 -2
package/src/context/window-manager.ts +43 -3
package/src/daemon/config-watcher.ts +1 -0
package/src/daemon/connection-policy.ts +21 -1
package/src/daemon/daemon-control.ts +164 -7
package/src/daemon/date-context.ts +174 -1
package/src/daemon/guardian-action-generators.ts +175 -0
package/src/daemon/guardian-verification-intent.ts +120 -0
package/src/daemon/handlers/apps.ts +1 -3
package/src/daemon/handlers/config-channels.ts +2 -2
package/src/daemon/handlers/config-heartbeat.ts +1 -1
package/src/daemon/handlers/config-inbox.ts +55 -159
package/src/daemon/handlers/config-ingress.ts +1 -1
package/src/daemon/handlers/config-integrations.ts +1 -1
package/src/daemon/handlers/config-platform.ts +1 -1
package/src/daemon/handlers/config-scheduling.ts +2 -2
package/src/daemon/handlers/config-slack-channel.ts +190 -0
package/src/daemon/handlers/config-telegram.ts +1 -1
package/src/daemon/handlers/config-twilio.ts +1 -1
package/src/daemon/handlers/config-voice.ts +100 -0
package/src/daemon/handlers/config.ts +3 -0
package/src/daemon/handlers/misc.ts +83 -5
package/src/daemon/handlers/navigate-settings.ts +27 -0
package/src/daemon/handlers/recording.ts +270 -144
package/src/daemon/handlers/sessions.ts +100 -17
package/src/daemon/handlers/subagents.ts +3 -3
package/src/daemon/handlers/work-items.ts +10 -7
package/src/daemon/ipc-contract/integrations.ts +9 -1
package/src/daemon/ipc-contract/messages.ts +4 -0
package/src/daemon/ipc-contract/sessions.ts +1 -1
package/src/daemon/ipc-contract/settings.ts +26 -0
package/src/daemon/ipc-contract/shared.ts +2 -0
package/src/daemon/ipc-contract/work-items.ts +1 -7
package/src/daemon/ipc-contract-inventory.json +5 -1
package/src/daemon/ipc-contract.ts +5 -1
package/src/daemon/lifecycle.ts +306 -266
package/src/daemon/recording-intent.ts +0 -41
package/src/daemon/response-tier.ts +2 -2
package/src/daemon/server.ts +6 -6
package/src/daemon/session-agent-loop-handlers.ts +34 -9
package/src/daemon/session-agent-loop.ts +15 -8
package/src/daemon/session-history.ts +3 -2
package/src/daemon/session-media-retry.ts +3 -0
package/src/daemon/session-messaging.ts +38 -4
package/src/daemon/session-notifiers.ts +2 -2
package/src/daemon/session-process.ts +256 -23
package/src/daemon/session-queue-manager.ts +2 -0
package/src/daemon/session-runtime-assembly.ts +39 -0
package/src/daemon/session-skill-tools.ts +13 -4
package/src/daemon/session-tool-setup.ts +5 -6
package/src/daemon/session.ts +19 -8
package/src/daemon/tls-certs.ts +55 -13
package/src/daemon/tool-side-effects.ts +13 -5
package/src/gallery/default-gallery.ts +32 -9
package/src/influencer/client.ts +2 -1
package/src/memory/channel-delivery-store.ts +37 -567
package/src/memory/channel-guardian-store.ts +66 -1317
package/src/memory/conflict-store.ts +4 -4
package/src/memory/conversation-attention-store.ts +0 -3
package/src/memory/conversation-crud.ts +668 -0
package/src/memory/conversation-queries.ts +361 -0
package/src/memory/conversation-store.ts +45 -983
package/src/memory/db-connection.ts +3 -0
package/src/memory/db-init.ts +25 -0
package/src/memory/delivery-channels.ts +175 -0
package/src/memory/delivery-crud.ts +211 -0
package/src/memory/delivery-status.ts +199 -0
package/src/memory/embedding-backend.ts +70 -4
package/src/memory/embedding-local.ts +12 -2
package/src/memory/entity-extractor.ts +3 -8
package/src/memory/fts-reconciler.ts +121 -0
package/src/memory/guardian-action-store.ts +366 -3
package/src/memory/guardian-approvals.ts +569 -0
package/src/memory/guardian-bindings.ts +130 -0
package/src/memory/guardian-rate-limits.ts +196 -0
package/src/memory/guardian-verification.ts +520 -0
package/src/memory/job-handlers/index-maintenance.ts +2 -1
package/src/memory/job-utils.ts +8 -5
package/src/memory/jobs-store.ts +66 -6
package/src/memory/jobs-worker.ts +23 -1
package/src/memory/migrations/030-guardian-action-followup.ts +21 -0
package/src/memory/migrations/030-guardian-verification-purpose.ts +17 -0
package/src/memory/migrations/031-conversations-thread-type-index.ts +5 -0
package/src/memory/migrations/100-core-tables.ts +1 -1
package/src/memory/migrations/101-watchers-and-logs.ts +4 -0
package/src/memory/migrations/108-tasks-and-work-items.ts +1 -1
package/src/memory/migrations/112-assistant-inbox.ts +1 -1
package/src/memory/migrations/113-late-migrations.ts +1 -1
package/src/memory/migrations/116-messages-fts.ts +13 -0
package/src/memory/migrations/119-schema-indexes-and-columns.ts +37 -0
package/src/memory/migrations/120-fk-cascade-rebuilds.ts +161 -0
package/src/memory/migrations/index.ts +8 -3
package/src/memory/migrations/validate-migration-state.ts +114 -15
package/src/memory/qdrant-circuit-breaker.ts +105 -0
package/src/memory/retriever.ts +46 -13
package/src/memory/schema-migration.ts +3 -0
package/src/memory/schema.ts +25 -7
package/src/memory/search/semantic.ts +8 -90
package/src/notifications/README.md +1 -1
package/src/notifications/broadcaster.ts +20 -2
package/src/notifications/conversation-pairing.ts +3 -3
package/src/notifications/decision-engine.ts +173 -8
package/src/notifications/deliveries-store.ts +27 -8
package/src/notifications/preferences-store.ts +7 -7
package/src/notifications/thread-candidates.ts +234 -0
package/src/notifications/types.ts +18 -0
package/src/permissions/defaults.ts +11 -1
package/src/permissions/prompter.ts +17 -0
package/src/permissions/trust-store.ts +2 -0
package/src/providers/failover.ts +19 -0
package/src/providers/registry.ts +46 -1
package/src/runtime/approval-message-composer.ts +1 -1
package/src/runtime/channel-guardian-service.ts +15 -3
package/src/runtime/channel-retry-sweep.ts +7 -2
package/src/runtime/guardian-action-conversation-turn.ts +85 -0
package/src/runtime/guardian-action-followup-executor.ts +301 -0
package/src/runtime/guardian-action-message-composer.ts +245 -0
package/src/runtime/guardian-outbound-actions.ts +26 -6
package/src/runtime/guardian-verification-templates.ts +15 -9
package/src/runtime/http-errors.ts +93 -0
package/src/runtime/http-server.ts +133 -44
package/src/runtime/http-types.ts +53 -0
package/src/runtime/ingress-service.ts +237 -0
package/src/runtime/middleware/error-handler.ts +4 -3
package/src/runtime/middleware/rate-limiter.ts +160 -0
package/src/runtime/middleware/request-logger.ts +71 -0
package/src/runtime/middleware/twilio-validation.ts +7 -6
package/src/runtime/pending-interactions.ts +12 -0
package/src/runtime/routes/access-request-decision.ts +215 -0
package/src/runtime/routes/app-routes.ts +25 -18
package/src/runtime/routes/approval-routes.ts +18 -47
package/src/runtime/routes/attachment-routes.ts +15 -41
package/src/runtime/routes/call-routes.ts +20 -20
package/src/runtime/routes/channel-delivery-routes.ts +6 -5
package/src/runtime/routes/contact-routes.ts +4 -9
package/src/runtime/routes/conversation-attention-routes.ts +2 -1
package/src/runtime/routes/conversation-routes.ts +26 -57
package/src/runtime/routes/debug-routes.ts +71 -0
package/src/runtime/routes/events-routes.ts +3 -2
package/src/runtime/routes/guardian-approval-interception.ts +221 -0
package/src/runtime/routes/identity-routes.ts +14 -10
package/src/runtime/routes/inbound-conversation.ts +3 -2
package/src/runtime/routes/inbound-message-handler.ts +527 -62
package/src/runtime/routes/ingress-routes.ts +174 -0
package/src/runtime/routes/integration-routes.ts +78 -16
package/src/runtime/routes/pairing-routes.ts +11 -10
package/src/runtime/routes/secret-routes.ts +10 -18
package/src/runtime/verification-rate-limiter.ts +83 -0
package/src/schedule/schedule-store.ts +13 -1
package/src/schedule/scheduler.ts +1 -1
package/src/security/secret-ingress.ts +5 -2
package/src/security/secret-scanner.ts +72 -6
package/src/subagent/manager.ts +6 -4
package/src/swarm/plan-validator.ts +4 -1
package/src/tasks/task-runner.ts +3 -1
package/src/tools/browser/api-map.ts +9 -6
package/src/tools/calls/call-start.ts +20 -0
package/src/tools/executor.ts +50 -568
package/src/tools/permission-checker.ts +272 -0
package/src/tools/registry.ts +14 -6
package/src/tools/reminder/reminder-store.ts +7 -7
package/src/tools/reminder/reminder.ts +6 -3
package/src/tools/secret-detection-handler.ts +301 -0
package/src/tools/subagent/message.ts +1 -1
package/src/tools/system/voice-config.ts +62 -0
package/src/tools/tasks/index.ts +3 -3
package/src/tools/tasks/work-item-list.ts +3 -3
package/src/tools/tasks/work-item-update.ts +4 -5
package/src/tools/tool-approval-handler.ts +192 -0
package/src/tools/tool-manifest.ts +2 -0
package/src/watcher/watcher-store.ts +9 -9
package/src/work-items/work-item-runner.ts +9 -6
/package/src/memory/migrations/{026-embeddings-nullable-vector-json.ts → 026a-embeddings-nullable-vector-json.ts} +0 -0
/package/src/memory/migrations/{027-guardian-bootstrap-token.ts → 027a-guardian-bootstrap-token.ts} +0 -0

package/src/__tests__/relay-server.test.ts CHANGED Viewed

@@ -1519,4 +1519,109 @@ describe('relay-server', () => {
     relay.destroy();
   });
+  // ── Outbound guardian verification pointer messages ─────────────────
+  test('outbound guardian verification success emits pointer to origin conversation', async () => {
+    ensureConversation('conv-gv-pointer-success');
+    ensureConversation('conv-gv-pointer-success-origin');
+    const session = createCallSession({
+      conversationId: 'conv-gv-pointer-success',
+      provider: 'twilio',
+      fromNumber: '+15551111111',
+      toNumber: '+15559999999',
+      assistantId: 'test-assistant',
+      callMode: 'guardian_verification',
+      guardianVerificationSessionId: 'gv-session-ptr-success',
+      initiatedFromConversationId: 'conv-gv-pointer-success-origin',
+    });
+    const challenge = createVerificationChallenge('test-assistant', 'voice');
+    const secret = challenge.secret;
+    const { relay } = createMockWs(session.id);
+    await relay.handleMessage(JSON.stringify({
+      type: 'setup',
+      callSid: 'CA_gv_pointer_success',
+      from: '+15551111111',
+      to: '+15559999999',
+      customParameters: { guardianVerificationSessionId: 'gv-session-ptr-success' },
+    }));
+    expect(relay.isGuardianVerificationActive()).toBe(true);
+    // Enter the correct code via DTMF
+    for (const digit of secret) {
+      await relay.handleMessage(JSON.stringify({ type: 'dtmf', digit }));
+    }
+    // Verification should have succeeded
+    expect(relay.isGuardianVerificationActive()).toBe(false);
+    // Origin conversation should have a pointer message
+    const originText = getLatestAssistantText('conv-gv-pointer-success-origin');
+    expect(originText).not.toBeNull();
+    expect(originText).toContain('Guardian verification');
+    expect(originText).toContain('+15559999999');
+    expect(originText).toContain('succeeded');
+    // Let the delayed endSession callback flush
+    await new Promise((resolve) => setTimeout(resolve, 3100));
+    relay.destroy();
+  });
+  test('outbound guardian verification failure emits pointer to origin conversation', async () => {
+    ensureConversation('conv-gv-pointer-fail');
+    ensureConversation('conv-gv-pointer-fail-origin');
+    const session = createCallSession({
+      conversationId: 'conv-gv-pointer-fail',
+      provider: 'twilio',
+      fromNumber: '+15551111111',
+      toNumber: '+15559999999',
+      assistantId: 'test-assistant',
+      callMode: 'guardian_verification',
+      guardianVerificationSessionId: 'gv-session-ptr-fail',
+      initiatedFromConversationId: 'conv-gv-pointer-fail-origin',
+    });
+    createVerificationChallenge('test-assistant', 'voice');
+    const { relay } = createMockWs(session.id);
+    await relay.handleMessage(JSON.stringify({
+      type: 'setup',
+      callSid: 'CA_gv_pointer_fail',
+      from: '+15551111111',
+      to: '+15559999999',
+      customParameters: { guardianVerificationSessionId: 'gv-session-ptr-fail' },
+    }));
+    expect(relay.isGuardianVerificationActive()).toBe(true);
+    // Enter wrong codes 3 times (max attempts = 3)
+    for (let attempt = 0; attempt < 3; attempt++) {
+      for (const digit of '000000') {
+        await relay.handleMessage(JSON.stringify({ type: 'dtmf', digit }));
+      }
+    }
+    // Call should be marked as failed
+    const updated = getCallSession(session.id);
+    expect(updated).not.toBeNull();
+    expect(updated!.status).toBe('failed');
+    // Origin conversation should have a failure pointer message
+    const originText = getLatestAssistantText('conv-gv-pointer-fail-origin');
+    expect(originText).not.toBeNull();
+    expect(originText).toContain('Guardian verification');
+    expect(originText).toContain('+15559999999');
+    expect(originText).toContain('failed');
+    // Let the delayed endSession callback flush
+    await new Promise((resolve) => setTimeout(resolve, 2100));
+    relay.destroy();
+  });
 });

package/src/__tests__/reminder.test.ts CHANGED Viewed

@@ -219,6 +219,19 @@ describe('reminder tool', () => {
     expect(result.content).toContain('Routing: multi_channel');
   });
+  test('create with routing_hints null returns error', async () => {
+    const future = new Date(Date.now() + 60_000).toISOString();
+    const result = executeReminderCreate({
+      fire_at: future,
+      label: 'Bad hints',
+      message: 'Null hints should fail',
+      routing_hints: null,
+    });
+    expect(result.isError).toBe(true);
+    expect(result.content).toContain('routing_hints must be a JSON object');
+  });
   test('create without routing fields still works (backward compat)', async () => {
     const future = new Date(Date.now() + 60_000).toISOString();
     const result = executeReminderCreate({

package/src/__tests__/runtime-attachment-metadata.test.ts CHANGED Viewed

@@ -85,8 +85,8 @@ describe('Runtime attachment metadata', () => {
     // Set up conversation and messages using "self" as the assistantId
     const mapping = getOrCreateConversation(conversationKey);
-    conversationStore.addMessage(mapping.conversationId, 'user', 'Hello');
-    const assistantMsg = conversationStore.addMessage(
+    await conversationStore.addMessage(mapping.conversationId, 'user', 'Hello');
+    const assistantMsg = await conversationStore.addMessage(
       mapping.conversationId,
       'assistant',
       JSON.stringify([{ type: 'text', text: 'Here is a chart' }]),
@@ -124,8 +124,8 @@ describe('Runtime attachment metadata', () => {
     const conversationKey = 'test-conv-2';
     const mapping = getOrCreateConversation(conversationKey);
-    conversationStore.addMessage(mapping.conversationId, 'user', 'Hello');
-    conversationStore.addMessage(
+    await conversationStore.addMessage(mapping.conversationId, 'user', 'Hello');
+    await conversationStore.addMessage(
       mapping.conversationId,
       'assistant',
       JSON.stringify([{ type: 'text', text: 'No attachments here' }]),

package/src/__tests__/scheduler-recurrence.test.ts CHANGED Viewed

@@ -36,6 +36,7 @@ import {
 } from '../schedule/schedule-store.js';
 import { startScheduler } from '../schedule/scheduler.js';
 import { createTask } from '../tasks/task-store.js';
+import { getReminder, insertReminder } from '../tools/reminder/reminder-store.js';
 initializeDb();
@@ -79,6 +80,7 @@ describe('scheduler RRULE execution', () => {
     const db = getDb();
     db.run('DELETE FROM cron_runs');
     db.run('DELETE FROM cron_jobs');
+    db.run('DELETE FROM reminders');
     db.run('DELETE FROM task_runs');
     db.run('DELETE FROM tasks');
     db.run('DELETE FROM messages');
@@ -437,4 +439,52 @@ describe('scheduler RRULE execution', () => {
     expect(Math.abs(after!.nextRunAt - originalNextRunAt)).toBeLessThan(65000);
     expect(after!.lastRunAt).not.toBeNull();
   });
+  test('notify reminder passes routing metadata to notifyReminder callback', async () => {
+    const reminder = insertReminder({
+      label: 'Route this reminder',
+      message: 'Reminder body',
+      fireAt: Date.now() - 1000,
+      mode: 'notify',
+      routingIntent: 'multi_channel',
+      routingHints: {
+        requestedByUser: true,
+        channelMentions: ['telegram', 'sms'],
+      },
+    });
+    const notifyCalls: Array<{
+      id: string;
+      label: string;
+      message: string;
+      routingIntent: 'single_channel' | 'multi_channel' | 'all_channels';
+      routingHints: Record<string, unknown>;
+    }> = [];
+    const notifyReminder = (payload: {
+      id: string;
+      label: string;
+      message: string;
+      routingIntent: 'single_channel' | 'multi_channel' | 'all_channels';
+      routingHints: Record<string, unknown>;
+    }) => {
+      notifyCalls.push(payload);
+    };
+    const scheduler = startScheduler(async () => {}, notifyReminder, () => {});
+    await new Promise(resolve => setTimeout(resolve, 500));
+    scheduler.stop();
+    expect(notifyCalls).toHaveLength(1);
+    expect(notifyCalls[0]).toEqual({
+      id: reminder.id,
+      label: reminder.label,
+      message: reminder.message,
+      routingIntent: 'multi_channel',
+      routingHints: {
+        requestedByUser: true,
+        channelMentions: ['telegram', 'sms'],
+      },
+    });
+    expect(getReminder(reminder.id)?.status).toBe('fired');
+  });
 });

package/src/__tests__/server-history-render.test.ts CHANGED Viewed

@@ -381,14 +381,14 @@ describe('getAttachmentsForMessage', () => {
     db.run('DELETE FROM conversations');
   });
-  function createMessage(role: string, content: string): string {
+  async function createMessage(role: string, content: string): Promise<string> {
     const conv = createConversation('test');
-    const msg = addMessage(conv.id, role, content);
+    const msg = await addMessage(conv.id, role, content);
     return msg.id;
   }
-  test('returns attachments linked to a message', () => {
-    const msgId = createMessage('assistant', 'Here is a chart');
+  test('returns attachments linked to a message', async () => {
+    const msgId = await createMessage('assistant', 'Here is a chart');
     const stored = uploadAttachment('chart.png', 'image/png', 'iVBOR');
     linkAttachmentToMessage(msgId, stored.id, 0);
@@ -404,8 +404,8 @@ describe('getAttachmentsForMessage', () => {
     expect(getAttachmentsForMessage('msg-nonexistent')).toEqual([]);
   });
-  test('returns multiple attachments in position order', () => {
-    const msgId = createMessage('assistant', 'Two files');
+  test('returns multiple attachments in position order', async () => {
+    const msgId = await createMessage('assistant', 'Two files');
     const a1 = uploadAttachment('first.txt', 'text/plain', 'AAAA');
     const a2 = uploadAttachment('second.txt', 'text/plain', 'BBBB');
@@ -418,8 +418,8 @@ describe('getAttachmentsForMessage', () => {
     expect(result[1].originalFilename).toBe('second.txt');
   });
-  test('returns all attachments linked to a message', () => {
-    const msgId = createMessage('assistant', 'Mixed');
+  test('returns all attachments linked to a message', async () => {
+    const msgId = await createMessage('assistant', 'Mixed');
     const a1 = uploadAttachment('a.png', 'image/png', 'AAAA');
     const a2 = uploadAttachment('b.png', 'image/png', 'BBBB');

package/src/__tests__/session-agent-loop.test.ts CHANGED Viewed

@@ -30,6 +30,7 @@ mock.module('../config/loader.js', () => ({
     rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
     apiKeys: {},
     workspaceGit: { turnCommitMaxWaitMs: 10 },
+    ui: {},
   }),
   loadRawConfig: () => ({}),
   saveRawConfig: () => {},

package/src/__tests__/session-runtime-assembly.test.ts CHANGED Viewed

@@ -10,6 +10,7 @@ import {
   injectGuardianContext,
   injectTemporalContext,
   resolveChannelCapabilities,
+  sanitizePttActivationKey,
   stripChannelCapabilityContext,
   stripChannelTurnContext,
   stripGuardianContext,
@@ -787,3 +788,51 @@ describe('applyRuntimeInjections with channelTurnContext', () => {
     expect(result[0].content.length).toBe(1);
   });
 });
+// ---------------------------------------------------------------------------
+// sanitizePttActivationKey
+// ---------------------------------------------------------------------------
+describe('sanitizePttActivationKey', () => {
+  test('returns undefined for null/undefined input', () => {
+    expect(sanitizePttActivationKey(null)).toBeUndefined();
+    expect(sanitizePttActivationKey(undefined)).toBeUndefined();
+  });
+  test('passes through valid keys', () => {
+    expect(sanitizePttActivationKey('fn')).toBe('fn');
+    expect(sanitizePttActivationKey('ctrl')).toBe('ctrl');
+    expect(sanitizePttActivationKey('fn_shift')).toBe('fn_shift');
+    expect(sanitizePttActivationKey('none')).toBe('none');
+  });
+  test('returns "unknown" for invalid keys', () => {
+    expect(sanitizePttActivationKey('malicious\nprompt injection')).toBe('unknown');
+    expect(sanitizePttActivationKey('arbitrary_value')).toBe('unknown');
+    expect(sanitizePttActivationKey('')).toBe('unknown');
+  });
+});
+// ---------------------------------------------------------------------------
+// resolveChannelCapabilities sanitizes pttActivationKey
+// ---------------------------------------------------------------------------
+describe('resolveChannelCapabilities with PTT metadata', () => {
+  test('sanitizes valid pttActivationKey', () => {
+    const caps = resolveChannelCapabilities('macos', 'macos', { pttActivationKey: 'fn' });
+    expect(caps.pttActivationKey).toBe('fn');
+  });
+  test('sanitizes invalid pttActivationKey to unknown', () => {
+    const caps = resolveChannelCapabilities('macos', 'macos', { pttActivationKey: 'evil\nprompt' });
+    expect(caps.pttActivationKey).toBe('unknown');
+  });
+  test('passes through microphonePermissionGranted', () => {
+    const caps = resolveChannelCapabilities('macos', 'macos', {
+      pttActivationKey: 'fn',
+      microphonePermissionGranted: true,
+    });
+    expect(caps.microphonePermissionGranted).toBe(true);
+  });
+});

package/src/__tests__/session-skill-tools.test.ts CHANGED Viewed

@@ -134,6 +134,7 @@ mock.module('../tools/registry.js', () => ({
     for (const id of skillIds) {
       mockSkillRefCount.set(id, (mockSkillRefCount.get(id) ?? 0) + 1);
     }
+    return tools;
   },
   unregisterSkillTools: (skillId: string) => {
     mockUnregisteredSkillIds.push(skillId);

package/src/__tests__/skill-projection.benchmark.test.ts CHANGED Viewed

@@ -96,10 +96,18 @@ mock.module('node:fs', () => ({
   existsSync: () => true,
 }));
+const benchmarkRegistry = new Map<string, unknown>();
 mock.module('../tools/registry.js', () => ({
-  registerSkillTools: () => {},
-  unregisterSkillTools: () => {},
-  getTool: () => undefined,
+  registerSkillTools: (tools: Array<{ name: string; [k: string]: unknown }>) => {
+    for (const t of tools) benchmarkRegistry.set(t.name, t);
+    return tools;
+  },
+  unregisterSkillTools: (skillId: string) => {
+    for (const [name, t] of benchmarkRegistry) {
+      if ((t as { ownerSkillId?: string }).ownerSkillId === skillId) benchmarkRegistry.delete(name);
+    }
+  },
+  getTool: (name: string) => benchmarkRegistry.get(name),
 }));
 // ---------------------------------------------------------------------------

package/src/__tests__/slack-channel-config.test.ts ADDED Viewed

@@ -0,0 +1,230 @@
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { afterAll, beforeEach, describe, expect, mock, test } from 'bun:test';
+const testDir = mkdtempSync(join(tmpdir(), 'slack-channel-cfg-test-'));
+mock.module('../config/loader.js', () => ({
+  getConfig: () => ({}),
+  loadConfig: () => ({}),
+  loadRawConfig: () => ({}),
+  saveRawConfig: () => {},
+  saveConfig: () => {},
+  invalidateConfigCache: () => {},
+}));
+mock.module('../util/platform.js', () => ({
+  getRootDir: () => testDir,
+  getDataDir: () => testDir,
+  getIpcBlobDir: () => join(testDir, 'ipc-blobs'),
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getDbPath: () => join(testDir, 'test.db'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+  readHttpToken: () => undefined,
+}));
+mock.module('../util/logger.js', () => ({
+  getLogger: () => ({
+    info: () => {},
+    warn: () => {},
+    error: () => {},
+    debug: () => {},
+    trace: () => {},
+    fatal: () => {},
+    isDebug: () => false,
+    child: () => ({
+      info: () => {},
+      warn: () => {},
+      error: () => {},
+      debug: () => {},
+      isDebug: () => false,
+    }),
+  }),
+}));
+// Mock secure key storage
+let secureKeyStore: Record<string, string> = {};
+mock.module('../security/secure-keys.js', () => ({
+  getSecureKey: (account: string) => secureKeyStore[account] ?? undefined,
+  setSecureKey: (account: string, value: string) => {
+    secureKeyStore[account] = value;
+    return true;
+  },
+  deleteSecureKey: (account: string) => {
+    if (account in secureKeyStore) {
+      delete secureKeyStore[account];
+      return true;
+    }
+    return false;
+  },
+  listSecureKeys: () => Object.keys(secureKeyStore),
+  getBackendType: () => 'encrypted',
+  isDowngradedFromKeychain: () => false,
+  _resetBackend: () => {},
+  _setBackend: () => {},
+}));
+// Mock credential metadata store
+let credentialMetadataStore: Array<{ service: string; field: string; accountInfo?: string }> = [];
+mock.module('../tools/credentials/metadata-store.js', () => ({
+  getCredentialMetadata: (service: string, field: string) =>
+    credentialMetadataStore.find((m) => m.service === service && m.field === field) ?? undefined,
+  upsertCredentialMetadata: (service: string, field: string, policy?: Record<string, unknown>) => {
+    const existing = credentialMetadataStore.find((m) => m.service === service && m.field === field);
+    if (existing) {
+      if (policy?.accountInfo !== undefined) existing.accountInfo = policy.accountInfo as string;
+      return existing;
+    }
+    const record = { service, field, accountInfo: policy?.accountInfo as string | undefined };
+    credentialMetadataStore.push(record);
+    return record;
+  },
+  deleteCredentialMetadata: (service: string, field: string) => {
+    const idx = credentialMetadataStore.findIndex((m) => m.service === service && m.field === field);
+    if (idx !== -1) {
+      credentialMetadataStore.splice(idx, 1);
+      return true;
+    }
+    return false;
+  },
+  listCredentialMetadata: () => credentialMetadataStore,
+  assertMetadataWritable: () => {},
+  _setMetadataPath: () => {},
+}));
+// Mock fetch for Slack API validation
+const originalFetch = globalThis.fetch;
+import {
+  getSlackChannelConfig,
+  setSlackChannelConfig,
+  clearSlackChannelConfig,
+} from '../daemon/handlers/config-slack-channel.js';
+afterAll(() => {
+  globalThis.fetch = originalFetch;
+  try { rmSync(testDir, { recursive: true }); } catch { /* best effort */ }
+});
+describe('Slack channel config handler', () => {
+  beforeEach(() => {
+    secureKeyStore = {};
+    credentialMetadataStore = [];
+    globalThis.fetch = originalFetch;
+  });
+  test('GET returns correct shape when not configured', () => {
+    const result = getSlackChannelConfig();
+    expect(result.success).toBe(true);
+    expect(result.hasBotToken).toBe(false);
+    expect(result.hasAppToken).toBe(false);
+    expect(result.connected).toBe(false);
+  });
+  test('GET returns connected: true when both tokens are set', () => {
+    secureKeyStore['credential:slack_channel:bot_token'] = 'xoxb-test';
+    secureKeyStore['credential:slack_channel:app_token'] = 'xapp-test';
+    const result = getSlackChannelConfig();
+    expect(result.success).toBe(true);
+    expect(result.hasBotToken).toBe(true);
+    expect(result.hasAppToken).toBe(true);
+    expect(result.connected).toBe(true);
+  });
+  test('GET returns metadata when available', () => {
+    secureKeyStore['credential:slack_channel:bot_token'] = 'xoxb-test';
+    credentialMetadataStore.push({
+      service: 'slack_channel',
+      field: 'bot_token',
+      accountInfo: JSON.stringify({
+        teamId: 'T123',
+        teamName: 'TestTeam',
+        botUserId: 'U_BOT',
+        botUsername: 'testbot',
+      }),
+    });
+    const result = getSlackChannelConfig();
+    expect(result.teamId).toBe('T123');
+    expect(result.teamName).toBe('TestTeam');
+    expect(result.botUserId).toBe('U_BOT');
+    expect(result.botUsername).toBe('testbot');
+  });
+  test('POST validates app token shape (xapp- prefix required)', async () => {
+    const result = await setSlackChannelConfig(undefined, 'invalid-token');
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('xapp-');
+  });
+  test('POST accepts valid app token with xapp- prefix', async () => {
+    const result = await setSlackChannelConfig(undefined, 'xapp-valid-token-123');
+    expect(result.success).toBe(true);
+    expect(result.hasAppToken).toBe(true);
+    expect(secureKeyStore['credential:slack_channel:app_token']).toBe('xapp-valid-token-123');
+  });
+  test('POST validates bot token via Slack auth.test API', async () => {
+    globalThis.fetch = (async () => {
+      return new Response(JSON.stringify({
+        ok: true,
+        team_id: 'T_TEAM',
+        team: 'MyTeam',
+        user_id: 'U_BOT',
+        user: 'mybot',
+      }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' },
+      });
+    }) as typeof globalThis.fetch;
+    const result = await setSlackChannelConfig('xoxb-valid-bot-token');
+    expect(result.success).toBe(true);
+    expect(result.hasBotToken).toBe(true);
+    expect(result.teamId).toBe('T_TEAM');
+    expect(result.teamName).toBe('MyTeam');
+  });
+  test('POST returns error when Slack auth.test rejects bot token', async () => {
+    globalThis.fetch = (async () => {
+      return new Response(JSON.stringify({
+        ok: false,
+        error: 'invalid_auth',
+      }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' },
+      });
+    }) as typeof globalThis.fetch;
+    const result = await setSlackChannelConfig('xoxb-bad-token');
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('invalid_auth');
+  });
+  test('DELETE clears credentials', () => {
+    secureKeyStore['credential:slack_channel:bot_token'] = 'xoxb-test';
+    secureKeyStore['credential:slack_channel:app_token'] = 'xapp-test';
+    credentialMetadataStore.push({ service: 'slack_channel', field: 'bot_token' });
+    credentialMetadataStore.push({ service: 'slack_channel', field: 'app_token' });
+    const result = clearSlackChannelConfig();
+    expect(result.success).toBe(true);
+    expect(result.hasBotToken).toBe(false);
+    expect(result.hasAppToken).toBe(false);
+    expect(result.connected).toBe(false);
+    expect(secureKeyStore['credential:slack_channel:bot_token']).toBeUndefined();
+    expect(secureKeyStore['credential:slack_channel:app_token']).toBeUndefined();
+    expect(credentialMetadataStore).toHaveLength(0);
+  });
+});

package/src/__tests__/subagent-manager-notify.test.ts CHANGED Viewed

@@ -393,13 +393,13 @@ describe('SubagentManager abort race guard', () => {
 });
 describe('SubagentManager sendMessage validation', () => {
-  test('rejects empty content without throwing', () => {
+  test('rejects empty content without throwing', async () => {
     const manager = new SubagentManager();
     const subagentId = 'sub-1';
     injectFakeSubagent(manager, subagentId, makeState(subagentId));
-    expect(manager.sendMessage(subagentId, '')).toBe('empty');
-    expect(manager.sendMessage(subagentId, '   ')).toBe('empty');
-    expect(manager.sendMessage(subagentId, '\n\t')).toBe('empty');
+    expect(await manager.sendMessage(subagentId, '')).toBe('empty');
+    expect(await manager.sendMessage(subagentId, '   ')).toBe('empty');
+    expect(await manager.sendMessage(subagentId, '\n\t')).toBe('empty');
   });
 });

package/src/__tests__/swarm-session-integration.test.ts CHANGED Viewed

@@ -134,7 +134,7 @@ describe('swarm through AgentLoop', () => {
     const loop = new AgentLoop(mockProvider, 'system prompt', {}, tools, toolExecutor);
     const messages: Message[] = [{ role: 'user', content: [{ type: 'text', text: 'Build a feature' }] }];
-    const history = await loop.run(messages, (e) => events.push(e));
+    const history = await loop.run(messages, (e) => { events.push(e); });
     // Should have tool_use event
     const toolUseEvents = events.filter(e => e.type === 'tool_use');
@@ -186,7 +186,7 @@ describe('swarm through AgentLoop', () => {
     const messages: Message[] = [{ role: 'user', content: [{ type: 'text', text: 'go' }] }];
     // Should not hang or throw
-    const history = await loop.run(messages, (e) => events.push(e), controller.signal);
+    const history = await loop.run(messages, (e) => { events.push(e); }, controller.signal);
     expect(history.length).toBeGreaterThanOrEqual(1);
   });
 });