@vellumai/assistant 0.3.16 → 0.3.19

package/src/__tests__/trusted-contact-verification.test.ts

@@ -42,20 +42,20 @@ mock.module('../util/logger.js', () => ({
   }),
 }));
 
-import { initializeDb, resetDb } from '../memory/db.js';
 import {
-  createOutboundSession,
-  validateAndConsumeChallenge,
-} from '../runtime/channel-guardian-service.js';
+  createBinding,
+  getActiveBinding,
+} from '../memory/channel-guardian-store.js';
+import { getDb, initializeDb, resetDb } from '../memory/db.js';
 import {
   findMember,
-  upsertMember,
   revokeMember,
+  upsertMember,
 } from '../memory/ingress-member-store.js';
 import {
-  getActiveBinding,
-  createBinding,
-} from '../memory/channel-guardian-store.js';
+  createOutboundSession,
+  validateAndConsumeChallenge,
+} from '../runtime/channel-guardian-service.js';
 
 initializeDb();
 
@@ -69,7 +69,6 @@ afterAll(() => {
 // ---------------------------------------------------------------------------
 
 function resetTables(): void {
-  const { getDb } = require('../memory/db.js');
   const db = getDb();
   db.run('DELETE FROM channel_guardian_verification_challenges');
   db.run('DELETE FROM channel_guardian_bindings');
@@ -339,6 +338,7 @@ describe('trusted contact verification → member activation', () => {
 
   test('guardian inbound verification still creates binding (backward compat)', () => {
     // Create an inbound challenge (no expected identity — guardian flow)
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
     const { createVerificationChallenge } = require('../runtime/channel-guardian-service.js');
     const { secret } = createVerificationChallenge('self', 'telegram');
 

package/src/__tests__/update-bulletin-state.test.ts

@@ -1,4 +1,4 @@
-import { describe, it, expect, beforeEach, mock } from 'bun:test';
+import { beforeEach, describe, expect, it, mock } from 'bun:test';
 
 const store = new Map<string, string>();
 

package/src/__tests__/update-bulletin.test.ts

@@ -1,7 +1,9 @@
-import { describe, it, expect, beforeEach, afterEach, mock } from 'bun:test';
-import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync, writeFileSync } from 'node:fs';
-import { join } from 'node:path';
+import * as fs from 'node:fs';
+import { existsSync, mkdirSync, readdirSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
 import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+import { afterEach, beforeEach, describe, expect, it, mock, spyOn } from 'bun:test';
 
 // --- In-memory checkpoint store ---
 const store = new Map<string, string>();
@@ -14,6 +16,12 @@ mock.module('../memory/checkpoints.js', () => ({
 // --- Temp directory for workspace paths ---
 let tempDir: string;
 
+// --- Temp directory for template files ---
+// Avoids mutating the real source-controlled UPDATES.md template, preventing
+// race conditions with parallel test execution and working tree corruption
+// if the test process crashes.
+let tempTemplateDir: string;
+
 // Mock platform to avoid env-registry transitive imports.
 // All needed exports are stubbed; getWorkspacePromptPath is the only one
 // exercised by update-bulletin.ts.
@@ -92,17 +100,31 @@ mock.module('../version.js', () => ({
   APP_VERSION: '1.0.0',
 }));
 
+// Mock the template path module so tests read from a temp directory instead
+// of the real source-controlled template file.
+mock.module('../config/update-bulletin-template-path.js', () => ({
+  getTemplatePath: () => join(tempTemplateDir, 'UPDATES.md'),
+}));
+
 const { syncUpdateBulletinOnStartup } = await import('../config/update-bulletin.js');
 
+const TEST_TEMPLATE = '## What\'s New\n\nTest release notes.\n';
+const COMMENT_ONLY_TEMPLATE = '_ This is a comment-only template.\n_ No real content here.\n';
+
 describe('syncUpdateBulletinOnStartup', () => {
   beforeEach(() => {
     store.clear();
     tempDir = join(tmpdir(), `update-bulletin-test-${Date.now()}-${Math.random().toString(36).slice(2)}`);
     mkdirSync(tempDir, { recursive: true });
+    tempTemplateDir = join(tmpdir(), `update-bulletin-tpl-${Date.now()}-${Math.random().toString(36).slice(2)}`);
+    mkdirSync(tempTemplateDir, { recursive: true });
+    // Write a test template with real content so materialization proceeds
+    writeFileSync(join(tempTemplateDir, 'UPDATES.md'), TEST_TEMPLATE, 'utf-8');
   });
 
   afterEach(() => {
     rmSync(tempDir, { recursive: true, force: true });
+    rmSync(tempTemplateDir, { recursive: true, force: true });
   });
 
   it('creates workspace file on first eligible run', () => {
@@ -257,4 +279,45 @@ describe('syncUpdateBulletinOnStartup', () => {
     const tmpFiles = entries.filter((e) => e.includes('.tmp.'));
     expect(tmpFiles).toHaveLength(0);
   });
+
+  it('skips materialization when template is comment-only', () => {
+    // Write a comment-only template fixture (no real content after stripping)
+    writeFileSync(join(tempTemplateDir, 'UPDATES.md'), COMMENT_ONLY_TEMPLATE, 'utf-8');
+
+    const workspacePath = join(tempDir, 'UPDATES.md');
+    syncUpdateBulletinOnStartup();
+
+    expect(existsSync(workspacePath)).toBe(false);
+  });
+
+  it('preserves existing file when atomic write fails', () => {
+    const workspacePath = join(tempDir, 'UPDATES.md');
+    const originalContent = '<!-- vellum-update-release:0.9.0 -->\nOriginal content.\n';
+    writeFileSync(workspacePath, originalContent, 'utf-8');
+
+    // Mock writeFileSync to throw when writing the temp file, simulating a
+    // disk-full or permission error deterministically (chmod-based approaches
+    // are unreliable when running as root or with CAP_DAC_OVERRIDE).
+    const originalWriteFileSync = fs.writeFileSync;
+    const spy = spyOn(fs, 'writeFileSync').mockImplementation((...args: Parameters<typeof fs.writeFileSync>) => {
+      if (typeof args[0] === 'string' && args[0].includes('.tmp.')) {
+        throw new Error('Simulated write failure');
+      }
+      return originalWriteFileSync(...args);
+    });
+    try {
+      expect(() => syncUpdateBulletinOnStartup()).toThrow('Simulated write failure');
+    } finally {
+      spy.mockRestore();
+    }
+
+    // Original content should be preserved (atomic write never renamed over it)
+    const content = readFileSync(workspacePath, 'utf-8');
+    expect(content).toBe(originalContent);
+
+    // No temp file leftovers
+    const entries = readdirSync(tempDir);
+    const tmpFiles = entries.filter((e: string) => e.includes('.tmp.'));
+    expect(tmpFiles).toHaveLength(0);
+  });
 });

package/src/__tests__/update-template-contract.test.ts

@@ -1,13 +1,13 @@
 /**
- * Contract test: ensures the bundled UPDATES.md template exists and meets
- * the format expectations that the bulletin system depends on at runtime.
+ * Contract test: ensures the bundled UPDATES.md template exists and is readable.
  *
- * The "## What's New" heading is a structural contract — bulletin rendering
- * logic expects this section to be present in the template.
+ * The template may be comment-only (no real content) for no-op releases —
+ * the bulletin system treats an empty-after-stripping template as a skip signal.
  */
 
 import { existsSync, readFileSync } from 'node:fs';
 import { join } from 'node:path';
+
 import { describe, expect, test } from 'bun:test';
 
 const TEMPLATE_PATH = join(import.meta.dirname, '..', 'config', 'templates', 'UPDATES.md');
@@ -17,13 +17,8 @@ describe('UPDATES.md template contract', () => {
     expect(existsSync(TEMPLATE_PATH)).toBe(true);
   });
 
-  test('template contains non-whitespace content', () => {
-    const content = readFileSync(TEMPLATE_PATH, 'utf-8');
-    expect(content.trim().length).toBeGreaterThan(0);
-  });
-
-  test('template contains the "## What\'s New" heading', () => {
+  test('template is a readable UTF-8 file', () => {
     const content = readFileSync(TEMPLATE_PATH, 'utf-8');
-    expect(content).toContain("## What's New");
+    expect(typeof content).toBe('string');
   });
 });