npm - @vellumai/assistant - Versions diffs - 0.3.18 → 0.3.19 - Mend

@vellumai/assistant 0.3.18 → 0.3.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/ARCHITECTURE.md +4 -0
package/docs/architecture/security.md +80 -0
package/package.json +1 -1
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +4 -0
package/src/__tests__/call-controller.test.ts +170 -0
package/src/__tests__/checker.test.ts +60 -0
package/src/__tests__/guardian-action-grant-mint-consume.test.ts +511 -0
package/src/__tests__/guardian-dispatch.test.ts +61 -1
package/src/__tests__/guardian-grant-minting.test.ts +543 -0
package/src/__tests__/ipc-snapshot.test.ts +1 -0
package/src/__tests__/remote-skill-policy.test.ts +215 -0
package/src/__tests__/scoped-approval-grants.test.ts +521 -0
package/src/__tests__/scoped-grant-security-matrix.test.ts +443 -0
package/src/__tests__/trust-store.test.ts +2 -0
package/src/__tests__/voice-scoped-grant-consumer.test.ts +571 -0
package/src/calls/call-controller.ts +27 -6
package/src/calls/call-domain.ts +12 -0
package/src/calls/guardian-dispatch.ts +8 -0
package/src/calls/relay-server.ts +13 -0
package/src/calls/voice-session-bridge.ts +42 -3
package/src/config/bundled-skills/notifications/SKILL.md +18 -0
package/src/config/schema.ts +6 -0
package/src/config/skills-schema.ts +27 -0
package/src/daemon/handlers/config-channels.ts +18 -0
package/src/daemon/handlers/skills.ts +45 -2
package/src/daemon/ipc-contract/skills.ts +1 -0
package/src/daemon/session-process.ts +12 -0
package/src/memory/db-init.ts +9 -1
package/src/memory/embedding-local.ts +16 -7
package/src/memory/guardian-action-store.ts +8 -0
package/src/memory/guardian-verification.ts +1 -1
package/src/memory/migrations/033-scoped-approval-grants.ts +51 -0
package/src/memory/migrations/034-guardian-action-tool-metadata.ts +12 -0
package/src/memory/migrations/index.ts +2 -0
package/src/memory/schema.ts +30 -0
package/src/memory/scoped-approval-grants.ts +509 -0
package/src/permissions/checker.ts +27 -0
package/src/runtime/guardian-action-grant-minter.ts +97 -0
package/src/runtime/routes/guardian-approval-interception.ts +116 -0
package/src/runtime/routes/inbound-message-handler.ts +94 -27
package/src/security/tool-approval-digest.ts +67 -0
package/src/skills/remote-skill-policy.ts +131 -0

package/src/__tests__/remote-skill-policy.test.ts ADDED Viewed

@@ -0,0 +1,215 @@
+import { describe, expect, test } from 'bun:test';
+import {
+  evaluateRemoteSkillInstall,
+  filterInstallableRemoteSkills,
+  type RemoteSkillPolicy,
+} from '../skills/remote-skill-policy.js';
+describe('remote skill policy — clawhub', () => {
+  const policy: RemoteSkillPolicy = {
+    blockSuspicious: true,
+    blockMalware: true,
+    maxSkillsShRisk: 'medium',
+  };
+  test('suspicious skills are excluded from installable list', () => {
+    const candidates = [
+      {
+        provider: 'clawhub' as const,
+        slug: 'safe-skill',
+        moderation: { isSuspicious: false, isMalwareBlocked: false },
+      },
+      {
+        provider: 'clawhub' as const,
+        slug: 'suspicious-skill',
+        moderation: { isSuspicious: true, isMalwareBlocked: false },
+      },
+    ];
+    const installable = filterInstallableRemoteSkills(candidates, policy);
+    expect(installable.map((skill) => skill.slug)).toEqual(['safe-skill']);
+  });
+  test('suspicious skills are not installable when installation is attempted', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'clawhub',
+        slug: 'suspicious-skill',
+        moderation: { isSuspicious: true, isMalwareBlocked: false },
+      },
+      policy,
+    );
+    expect(decision).toEqual({ ok: false, reason: 'clawhub_suspicious' });
+  });
+  test('malware-blocked skills are excluded from installable list and blocked on install', () => {
+    const candidates = [
+      {
+        provider: 'clawhub' as const,
+        slug: 'malware-skill',
+        moderation: { isSuspicious: false, isMalwareBlocked: true },
+      },
+    ];
+    expect(filterInstallableRemoteSkills(candidates, policy)).toEqual([]);
+    const decision = evaluateRemoteSkillInstall(candidates[0], policy);
+    expect(decision).toEqual({ ok: false, reason: 'clawhub_malware_blocked' });
+  });
+  test('clawhub skill with undefined moderation is blocked (fail-closed)', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'clawhub',
+        slug: 'no-moderation-skill',
+        moderation: undefined,
+      },
+      policy,
+    );
+    expect(decision).toEqual({ ok: false, reason: 'clawhub_moderation_missing' });
+  });
+  test('clawhub skill with null moderation is blocked (fail-closed)', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'clawhub',
+        slug: 'null-moderation-skill',
+        moderation: null,
+      },
+      policy,
+    );
+    expect(decision).toEqual({ ok: false, reason: 'clawhub_moderation_missing' });
+  });
+  test('clawhub skill without moderation property is blocked (fail-closed)', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'clawhub',
+        slug: 'missing-moderation-skill',
+      },
+      policy,
+    );
+    expect(decision).toEqual({ ok: false, reason: 'clawhub_moderation_missing' });
+  });
+  test('clawhub skills with missing moderation are excluded from installable list', () => {
+    const candidates = [
+      {
+        provider: 'clawhub' as const,
+        slug: 'safe-skill',
+        moderation: { isSuspicious: false, isMalwareBlocked: false },
+      },
+      {
+        provider: 'clawhub' as const,
+        slug: 'no-moderation-skill',
+      },
+    ];
+    const installable = filterInstallableRemoteSkills(candidates, policy);
+    expect(installable.map((skill) => skill.slug)).toEqual(['safe-skill']);
+  });
+});
+describe('remote skill policy — skills.sh', () => {
+  const policy: RemoteSkillPolicy = {
+    blockSuspicious: true,
+    blockMalware: true,
+    maxSkillsShRisk: 'medium',
+  };
+  test('high-risk skills are excluded from installable list', () => {
+    const candidates = [
+      {
+        provider: 'skillssh' as const,
+        slug: 'safe-skill',
+        audit: { risk: 'low' as const },
+      },
+      {
+        provider: 'skillssh' as const,
+        slug: 'suspicious-skill',
+        audit: { risk: 'high' as const },
+      },
+    ];
+    const installable = filterInstallableRemoteSkills(candidates, policy);
+    expect(installable.map((skill) => skill.slug)).toEqual(['safe-skill']);
+  });
+  test('high-risk skills are not installable when installation is attempted', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'skillssh',
+        slug: 'suspicious-skill',
+        audit: { risk: 'high' },
+      },
+      policy,
+    );
+    expect(decision).toEqual({ ok: false, reason: 'skillssh_risk_exceeds_threshold' });
+  });
+  test('unknown risk is treated as suspicious and blocked by default', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'skillssh',
+        slug: 'unknown-risk-skill',
+        audit: { risk: 'unknown' },
+      },
+      policy,
+    );
+    expect(decision).toEqual({ ok: false, reason: 'skillssh_risk_exceeds_threshold' });
+  });
+  test('risk threshold is enforced even when blockSuspicious is false', () => {
+    const permissivePolicy: RemoteSkillPolicy = {
+      blockSuspicious: false,
+      blockMalware: false,
+      maxSkillsShRisk: 'medium',
+    };
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'skillssh',
+        slug: 'high-risk-skill',
+        audit: { risk: 'high' },
+      },
+      permissivePolicy,
+    );
+    expect(decision).toEqual({ ok: false, reason: 'skillssh_risk_exceeds_threshold' });
+  });
+  test('prototype property risk label is treated as unknown and blocked', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'skillssh',
+        slug: 'proto-risk-skill',
+        // "toString" exists on Object.prototype — must not be treated as a known risk label
+        audit: { risk: 'toString' as never },
+      },
+      policy,
+    );
+    expect(decision).toEqual({ ok: false, reason: 'skillssh_risk_exceeds_threshold' });
+  });
+  test('unrecognized risk string is coerced to unknown and blocked', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'skillssh',
+        slug: 'bogus-risk-skill',
+        // Cast to bypass type checking — simulates a provider returning a novel risk label
+        audit: { risk: 'super-duper-risky' as never },
+      },
+      policy,
+    );
+    expect(decision).toEqual({ ok: false, reason: 'skillssh_risk_exceeds_threshold' });
+  });
+});