@vellumai/assistant 0.3.18 → 0.3.20

package/src/__tests__/ipc-snapshot.test.ts

@@ -731,6 +731,27 @@ const clientMessages: Record<ClientMessageType, ClientMessage> = {
     type: 'voice_config_update',
     activationKey: 'fn',
   },
+  generate_avatar: {
+    type: 'generate_avatar',
+    description: 'a friendly purple cat with green eyes wearing a tiny hat',
+  },
+  guardian_actions_pending_request: {
+    type: 'guardian_actions_pending_request',
+    conversationId: 'conv-guardian-001',
+  },
+  guardian_action_decision: {
+    type: 'guardian_action_decision',
+    requestId: 'req-guardian-001',
+    action: 'approve_once',
+    conversationId: 'conv-guardian-001',
+  },
+  reorder_threads: {
+    type: 'reorder_threads',
+    updates: [
+      { sessionId: 'sess-001', displayOrder: 0, isPinned: false },
+      { sessionId: 'sess-002', displayOrder: 1, isPinned: true },
+    ],
+  },
 };
 
 // ---------------------------------------------------------------------------
@@ -1081,6 +1102,7 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
         degraded: false,
         updateAvailable: false,
         userInvocable: true,
+        provenance: { kind: 'first-party', provider: 'Vellum' },
       },
     ],
   },
@@ -2019,6 +2041,42 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
     emoji: '',
     home: '',
   },
+  avatar_updated: {
+    type: 'avatar_updated',
+    avatarPath: '/Users/test/.vellum/workspace/data/avatar/custom-avatar.png',
+  },
+  generate_avatar_response: {
+    type: 'generate_avatar_response',
+    success: true,
+    error: undefined,
+  },
+  guardian_actions_pending_response: {
+    type: 'guardian_actions_pending_response',
+    conversationId: 'conv-guardian-001',
+    prompts: [
+      {
+        requestId: 'req-guardian-001',
+        requestCode: 'REQ-GU',
+        state: 'pending',
+        questionText: 'Approve tool: bash',
+        toolName: 'bash',
+        actions: [
+          { action: 'approve_once', label: 'Approve once' },
+          { action: 'reject', label: 'Reject' },
+        ],
+        expiresAt: 1700100000000,
+        conversationId: 'conv-guardian-001',
+        callSessionId: null,
+      },
+    ],
+  },
+  guardian_action_decision_response: {
+    type: 'guardian_action_decision_response',
+    applied: true,
+    reason: undefined,
+    requestId: 'req-guardian-001',
+    userText: undefined,
+  },
 };
 
 // ---------------------------------------------------------------------------

package/src/__tests__/notification-decision-fallback.test.ts

@@ -0,0 +1,88 @@
+/**
+ * Regression tests for notification decision fallback copy.
+ *
+ * Ensures fallback decisions still produce human-friendly copy when the
+ * decision-model call is unavailable.
+ */
+
+import { describe, expect, mock, test } from 'bun:test';
+
+mock.module('../channels/config.js', () => ({
+  getDeliverableChannels: () => ['vellum', 'telegram', 'sms'],
+}));
+
+mock.module('../config/loader.js', () => ({
+  getConfig: () => ({
+    notifications: {
+      decisionModelIntent: 'latency-optimized',
+    },
+  }),
+}));
+
+mock.module('../notifications/decisions-store.js', () => ({
+  createDecision: () => {},
+}));
+
+mock.module('../notifications/preference-summary.js', () => ({
+  getPreferenceSummary: () => undefined,
+}));
+
+mock.module('../notifications/thread-candidates.js', () => ({
+  buildThreadCandidates: () => undefined,
+  serializeCandidatesForPrompt: () => undefined,
+}));
+
+mock.module('../providers/provider-send-message.js', () => ({
+  getConfiguredProvider: () => null,
+  createTimeout: () => ({
+    signal: new AbortController().signal,
+    cleanup: () => {},
+  }),
+  extractToolUse: () => null,
+  userMessage: (text: string) => ({ role: 'user', content: text }),
+}));
+
+mock.module('../util/logger.js', () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+import { evaluateSignal } from '../notifications/decision-engine.js';
+import type { NotificationSignal } from '../notifications/signal.js';
+import type { NotificationChannel } from '../notifications/types.js';
+
+function makeSignal(overrides?: Partial<NotificationSignal>): NotificationSignal {
+  return {
+    signalId: 'sig-fallback-guardian-1',
+    assistantId: 'self',
+    createdAt: Date.now(),
+    sourceChannel: 'voice',
+    sourceSessionId: 'call-session-1',
+    sourceEventName: 'guardian.question',
+    contextPayload: {
+      questionText: 'What is the gate code?',
+    },
+    attentionHints: {
+      requiresAction: true,
+      urgency: 'high',
+      isAsyncBackground: false,
+      visibleInSourceNow: false,
+    },
+    ...overrides,
+  };
+}
+
+describe('notification decision fallback copy', () => {
+  test('uses human-friendly template copy for guardian.question', async () => {
+    const signal = makeSignal();
+    const decision = await evaluateSignal(signal, ['vellum'] as NotificationChannel[]);
+
+    expect(decision.fallbackUsed).toBe(true);
+    expect(decision.renderedCopy.vellum?.title).toBe('Guardian Question');
+    expect(decision.renderedCopy.vellum?.body).toBe('What is the gate code?');
+    expect(decision.renderedCopy.vellum?.title).not.toBe('guardian.question');
+    expect(decision.renderedCopy.vellum?.body).not.toContain('Action required: guardian.question');
+  });
+});

package/src/__tests__/remote-skill-policy.test.ts

@@ -0,0 +1,215 @@
+import { describe, expect, test } from 'bun:test';
+
+import {
+  evaluateRemoteSkillInstall,
+  filterInstallableRemoteSkills,
+  type RemoteSkillPolicy,
+} from '../skills/remote-skill-policy.js';
+
+describe('remote skill policy — clawhub', () => {
+  const policy: RemoteSkillPolicy = {
+    blockSuspicious: true,
+    blockMalware: true,
+    maxSkillsShRisk: 'medium',
+  };
+
+  test('suspicious skills are excluded from installable list', () => {
+    const candidates = [
+      {
+        provider: 'clawhub' as const,
+        slug: 'safe-skill',
+        moderation: { isSuspicious: false, isMalwareBlocked: false },
+      },
+      {
+        provider: 'clawhub' as const,
+        slug: 'suspicious-skill',
+        moderation: { isSuspicious: true, isMalwareBlocked: false },
+      },
+    ];
+
+    const installable = filterInstallableRemoteSkills(candidates, policy);
+    expect(installable.map((skill) => skill.slug)).toEqual(['safe-skill']);
+  });
+
+  test('suspicious skills are not installable when installation is attempted', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'clawhub',
+        slug: 'suspicious-skill',
+        moderation: { isSuspicious: true, isMalwareBlocked: false },
+      },
+      policy,
+    );
+
+    expect(decision).toEqual({ ok: false, reason: 'clawhub_suspicious' });
+  });
+
+  test('malware-blocked skills are excluded from installable list and blocked on install', () => {
+    const candidates = [
+      {
+        provider: 'clawhub' as const,
+        slug: 'malware-skill',
+        moderation: { isSuspicious: false, isMalwareBlocked: true },
+      },
+    ];
+
+    expect(filterInstallableRemoteSkills(candidates, policy)).toEqual([]);
+
+    const decision = evaluateRemoteSkillInstall(candidates[0], policy);
+    expect(decision).toEqual({ ok: false, reason: 'clawhub_malware_blocked' });
+  });
+
+  test('clawhub skill with undefined moderation is blocked (fail-closed)', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'clawhub',
+        slug: 'no-moderation-skill',
+        moderation: undefined,
+      },
+      policy,
+    );
+
+    expect(decision).toEqual({ ok: false, reason: 'clawhub_moderation_missing' });
+  });
+
+  test('clawhub skill with null moderation is blocked (fail-closed)', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'clawhub',
+        slug: 'null-moderation-skill',
+        moderation: null,
+      },
+      policy,
+    );
+
+    expect(decision).toEqual({ ok: false, reason: 'clawhub_moderation_missing' });
+  });
+
+  test('clawhub skill without moderation property is blocked (fail-closed)', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'clawhub',
+        slug: 'missing-moderation-skill',
+      },
+      policy,
+    );
+
+    expect(decision).toEqual({ ok: false, reason: 'clawhub_moderation_missing' });
+  });
+
+  test('clawhub skills with missing moderation are excluded from installable list', () => {
+    const candidates = [
+      {
+        provider: 'clawhub' as const,
+        slug: 'safe-skill',
+        moderation: { isSuspicious: false, isMalwareBlocked: false },
+      },
+      {
+        provider: 'clawhub' as const,
+        slug: 'no-moderation-skill',
+      },
+    ];
+
+    const installable = filterInstallableRemoteSkills(candidates, policy);
+    expect(installable.map((skill) => skill.slug)).toEqual(['safe-skill']);
+  });
+});
+
+describe('remote skill policy — skills.sh', () => {
+  const policy: RemoteSkillPolicy = {
+    blockSuspicious: true,
+    blockMalware: true,
+    maxSkillsShRisk: 'medium',
+  };
+
+  test('high-risk skills are excluded from installable list', () => {
+    const candidates = [
+      {
+        provider: 'skillssh' as const,
+        slug: 'safe-skill',
+        audit: { risk: 'low' as const },
+      },
+      {
+        provider: 'skillssh' as const,
+        slug: 'suspicious-skill',
+        audit: { risk: 'high' as const },
+      },
+    ];
+
+    const installable = filterInstallableRemoteSkills(candidates, policy);
+    expect(installable.map((skill) => skill.slug)).toEqual(['safe-skill']);
+  });
+
+  test('high-risk skills are not installable when installation is attempted', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'skillssh',
+        slug: 'suspicious-skill',
+        audit: { risk: 'high' },
+      },
+      policy,
+    );
+
+    expect(decision).toEqual({ ok: false, reason: 'skillssh_risk_exceeds_threshold' });
+  });
+
+  test('unknown risk is treated as suspicious and blocked by default', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'skillssh',
+        slug: 'unknown-risk-skill',
+        audit: { risk: 'unknown' },
+      },
+      policy,
+    );
+
+    expect(decision).toEqual({ ok: false, reason: 'skillssh_risk_exceeds_threshold' });
+  });
+
+  test('risk threshold is enforced even when blockSuspicious is false', () => {
+    const permissivePolicy: RemoteSkillPolicy = {
+      blockSuspicious: false,
+      blockMalware: false,
+      maxSkillsShRisk: 'medium',
+    };
+
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'skillssh',
+        slug: 'high-risk-skill',
+        audit: { risk: 'high' },
+      },
+      permissivePolicy,
+    );
+
+    expect(decision).toEqual({ ok: false, reason: 'skillssh_risk_exceeds_threshold' });
+  });
+
+  test('prototype property risk label is treated as unknown and blocked', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'skillssh',
+        slug: 'proto-risk-skill',
+        // "toString" exists on Object.prototype — must not be treated as a known risk label
+        audit: { risk: 'toString' as never },
+      },
+      policy,
+    );
+
+    expect(decision).toEqual({ ok: false, reason: 'skillssh_risk_exceeds_threshold' });
+  });
+
+  test('unrecognized risk string is coerced to unknown and blocked', () => {
+    const decision = evaluateRemoteSkillInstall(
+      {
+        provider: 'skillssh',
+        slug: 'bogus-risk-skill',
+        // Cast to bypass type checking — simulates a provider returning a novel risk label
+        audit: { risk: 'super-duper-risky' as never },
+      },
+      policy,
+    );
+
+    expect(decision).toEqual({ ok: false, reason: 'skillssh_risk_exceeds_threshold' });
+  });
+});

package/src/__tests__/sandbox-diagnostics.test.ts

@@ -3,14 +3,10 @@ import * as realChildProcess from 'node:child_process';
 import { beforeEach, describe, expect, mock, test } from 'bun:test';
 
 const execSyncMock = mock((_command: string, _opts?: unknown): unknown => undefined);
-const execFileSyncMock = mock(
-  (_file: string, _args?: readonly string[], _opts?: unknown): unknown => undefined,
-);
 
 mock.module('node:child_process', () => ({
   ...realChildProcess,
   execSync: execSyncMock,
-  execFileSync: execFileSyncMock,
 }));
 
 // Mock platform detection — default to macOS
@@ -36,18 +32,8 @@ mock.module('../util/platform.js', () => ({
 // Mock config loader — return a config with sandbox settings
 let mockSandboxConfig: {
   enabled: boolean;
-  backend: 'native' | 'docker';
-  docker: { image: string; cpus: number; memoryMb: number; pidsLimit: number; network: 'none' | 'bridge' };
 } = {
   enabled: true,
-  backend: 'native',
-  docker: {
-    image: 'vellum-sandbox:latest',
-    cpus: 1,
-    memoryMb: 512,
-    pidsLimit: 256,
-    network: 'none',
-  },
 };
 
 mock.module('../config/loader.js', () => ({
@@ -72,24 +58,13 @@ const { runSandboxDiagnostics } = await import(
 
 beforeEach(() => {
   execSyncMock.mockReset();
-  execFileSyncMock.mockReset();
   mockIsMacOS = true;
   mockIsLinux = false;
   mockSandboxConfig = {
     enabled: true,
-    backend: 'native',
-    docker: {
-      image: 'vellum-sandbox:latest',
-      cpus: 1,
-      memoryMb: 512,
-      pidsLimit: 256,
-      network: 'none',
-    },
   };
-  // Default: all commands succeed. execSync with encoding returns a string,
-  // so we must return a string to avoid .trim() throwing on undefined.
-  execSyncMock.mockImplementation(() => 'Docker version 24.0.7, build afdd53b');
-  execFileSyncMock.mockImplementation(() => 'ok\n');
+  // Default: all commands succeed.
+  execSyncMock.mockImplementation(() => undefined);
 });
 
 describe('runSandboxDiagnostics — config reporting', () => {
@@ -103,22 +78,6 @@ describe('runSandboxDiagnostics — config reporting', () => {
     const result = runSandboxDiagnostics();
     expect(result.config.enabled).toBe(false);
   });
-
-  test('reports configured backend', () => {
-    const result = runSandboxDiagnostics();
-    expect(result.config.backend).toBe('native');
-  });
-
-  test('reports docker backend when configured', () => {
-    mockSandboxConfig.backend = 'docker';
-    const result = runSandboxDiagnostics();
-    expect(result.config.backend).toBe('docker');
-  });
-
-  test('reports docker image', () => {
-    const result = runSandboxDiagnostics();
-    expect(result.config.dockerImage).toBe('vellum-sandbox:latest');
-  });
 });
 
 describe('runSandboxDiagnostics — active backend reason', () => {
@@ -127,12 +86,6 @@ describe('runSandboxDiagnostics — active backend reason', () => {
     expect(result.activeBackendReason).toContain('Native backend');
   });
 
-  test('explains docker backend selection', () => {
-    mockSandboxConfig.backend = 'docker';
-    const result = runSandboxDiagnostics();
-    expect(result.activeBackendReason).toContain('Docker backend');
-  });
-
   test('explains when sandbox is disabled', () => {
     mockSandboxConfig.enabled = false;
     const result = runSandboxDiagnostics();
@@ -203,207 +156,11 @@ describe('runSandboxDiagnostics — native backend check (unsupported OS)', () =
   });
 });
 
-describe('runSandboxDiagnostics — Docker CLI check', () => {
-  test('passes when docker CLI is available', () => {
-    execSyncMock.mockImplementation((cmd: string) => {
-      if (typeof cmd === 'string' && cmd === 'docker --version') {
-        return 'Docker version 24.0.7, build afdd53b';
-      }
-      return undefined;
-    });
-    const result = runSandboxDiagnostics();
-    const cliCheck = result.checks.find((c) => c.label === 'Docker CLI installed');
-    expect(cliCheck).toBeDefined();
-    expect(cliCheck!.ok).toBe(true);
-    expect(cliCheck!.detail).toContain('Docker version');
-  });
-
-  test('fails when docker CLI is not found', () => {
-    execSyncMock.mockImplementation((cmd: string) => {
-      if (typeof cmd === 'string' && cmd === 'docker --version') {
-        throw new Error('command not found: docker');
-      }
-      return undefined;
-    });
-    const result = runSandboxDiagnostics();
-    const cliCheck = result.checks.find((c) => c.label === 'Docker CLI installed');
-    expect(cliCheck).toBeDefined();
-    expect(cliCheck!.ok).toBe(false);
-    expect(cliCheck!.detail).toContain('not found');
-  });
-});
-
-describe('runSandboxDiagnostics — Docker daemon check', () => {
-  test('passes when daemon is reachable', () => {
-    const result = runSandboxDiagnostics();
-    const daemonCheck = result.checks.find((c) => c.label === 'Docker daemon running');
-    expect(daemonCheck).toBeDefined();
-    expect(daemonCheck!.ok).toBe(true);
-  });
-
-  test('fails when daemon is not running', () => {
-    execSyncMock.mockImplementation((cmd: string) => {
-      if (typeof cmd === 'string' && cmd === 'docker info') {
-        throw new Error('Cannot connect to the Docker daemon');
-      }
-      return 'Docker version 24.0.7';
-    });
-    const result = runSandboxDiagnostics();
-    const daemonCheck = result.checks.find((c) => c.label === 'Docker daemon running');
-    expect(daemonCheck).toBeDefined();
-    expect(daemonCheck!.ok).toBe(false);
-  });
-
-  test('skipped when CLI is not available', () => {
-    execSyncMock.mockImplementation((cmd: string) => {
-      if (typeof cmd === 'string' && cmd.includes('docker')) {
-        throw new Error('command not found');
-      }
-      return undefined;
-    });
-    const result = runSandboxDiagnostics();
-    const daemonCheck = result.checks.find((c) => c.label === 'Docker daemon running');
-    expect(daemonCheck).toBeUndefined();
-  });
-});
-
-describe('runSandboxDiagnostics — Docker image check', () => {
-  test('passes when image is available locally', () => {
-    const result = runSandboxDiagnostics();
-    const imageCheck = result.checks.find((c) => c.label.includes('Docker image available'));
-    expect(imageCheck).toBeDefined();
-    expect(imageCheck!.ok).toBe(true);
-  });
-
-  test('fails when image is not available', () => {
-    execFileSyncMock.mockImplementation(
-      (file: string, args?: readonly string[]) => {
-        if (file === 'docker' && Array.isArray(args) && args.includes('inspect')) {
-          throw new Error('No such image');
-        }
-        return 'ok\n';
-      },
-    );
-    const result = runSandboxDiagnostics();
-    const imageCheck = result.checks.find((c) => c.label.includes('Docker image available'));
-    expect(imageCheck).toBeDefined();
-    expect(imageCheck!.ok).toBe(false);
-    expect(imageCheck!.detail).toContain('docker build');
-  });
-
-  test('includes configured image name in label', () => {
-    mockSandboxConfig.docker.image = 'alpine:3.19';
-    const result = runSandboxDiagnostics();
-    const imageCheck = result.checks.find((c) => c.label.includes('Docker image available'));
-    expect(imageCheck).toBeDefined();
-    expect(imageCheck!.label).toContain('alpine:3.19');
-  });
-
-  test('skipped when daemon is not running', () => {
-    execSyncMock.mockImplementation((cmd: string) => {
-      if (typeof cmd === 'string' && cmd === 'docker info') {
-        throw new Error('Cannot connect');
-      }
-      return 'Docker version 24.0.7';
-    });
-    const result = runSandboxDiagnostics();
-    const imageCheck = result.checks.find((c) => c.label.includes('Docker image available'));
-    expect(imageCheck).toBeUndefined();
-  });
-});
-
-describe('runSandboxDiagnostics — Docker mount writable check', () => {
-  test('passes when mount probe succeeds', () => {
-    const result = runSandboxDiagnostics();
-    const mountCheck = result.checks.find((c) => c.label === 'Docker mount writable');
-    expect(mountCheck).toBeDefined();
-    expect(mountCheck!.ok).toBe(true);
-  });
-
-  test('uses configured image and sandbox working dir for mount probe', () => {
-    mockSandboxConfig.docker.image = 'alpine:3.19';
-    runSandboxDiagnostics();
-    const runCall = execFileSyncMock.mock.calls.find(
-      (call: unknown[]) => call[0] === 'docker' && Array.isArray(call[1]) && call[1].includes('run'),
-    );
-    expect(runCall).toBeDefined();
-    const args = runCall![1] as string[];
-    expect(args).toContain('alpine:3.19');
-    // Mount source should be the sandbox working dir (getSandboxWorkingDir)
-    const mountArg = args.find((a: string) => a.startsWith('type=bind'));
-    expect(mountArg).toContain('/tmp/vellum-test/workspace');
-    // Probe command should be 'test -w /workspace' matching runtime preflight
-    expect(args).toContain('test');
-    expect(args).toContain('-w');
-    expect(args).toContain('/workspace');
-  });
-
-  test('fails when mount probe errors', () => {
-    execFileSyncMock.mockImplementation(
-      (file: string, args?: readonly string[]) => {
-        if (file === 'docker' && Array.isArray(args) && args.includes('run')) {
-          throw new Error('mount failed');
-        }
-        return undefined;
-      },
-    );
-    const result = runSandboxDiagnostics();
-    const mountCheck = result.checks.find((c) => c.label === 'Docker mount writable');
-    expect(mountCheck).toBeDefined();
-    expect(mountCheck!.ok).toBe(false);
-    expect(mountCheck!.detail).toContain('File Sharing');
-  });
-
-  test('skipped when daemon is not running', () => {
-    execSyncMock.mockImplementation((cmd: string) => {
-      if (typeof cmd === 'string' && cmd === 'docker info') {
-        throw new Error('Cannot connect');
-      }
-      return 'Docker version 24.0.7';
-    });
-    const result = runSandboxDiagnostics();
-    const mountCheck = result.checks.find((c) => c.label === 'Docker mount writable');
-    expect(mountCheck).toBeUndefined();
-  });
-});
-
-describe('runSandboxDiagnostics — check cascade', () => {
-  test('Docker daemon, image, and run checks are skipped when CLI is missing', () => {
-    execSyncMock.mockImplementation((cmd: string) => {
-      if (typeof cmd === 'string' && cmd.includes('docker')) {
-        throw new Error('not found');
-      }
-      return undefined;
-    });
-    const result = runSandboxDiagnostics();
-    const labels = result.checks.map((c) => c.label);
-    expect(labels).toContain('Docker CLI installed');
-    expect(labels).not.toContain('Docker daemon running');
-    expect(labels.find((l) => l.includes('Docker image'))).toBeUndefined();
-    expect(labels).not.toContain('Docker mount writable');
-  });
-
-  test('image and run checks are skipped when daemon is down', () => {
-    execSyncMock.mockImplementation((cmd: string) => {
-      if (typeof cmd === 'string' && cmd === 'docker info') {
-        throw new Error('Cannot connect');
-      }
-      return 'Docker version 24.0.7';
-    });
-    const result = runSandboxDiagnostics();
-    const labels = result.checks.map((c) => c.label);
-    expect(labels).toContain('Docker CLI installed');
-    expect(labels).toContain('Docker daemon running');
-    expect(labels.find((l) => l.includes('Docker image'))).toBeUndefined();
-    expect(labels).not.toContain('Docker mount writable');
-  });
-
-  test('all Docker checks run when everything works', () => {
+describe('runSandboxDiagnostics — only native checks', () => {
+  test('only includes native backend check', () => {
     const result = runSandboxDiagnostics();
     const labels = result.checks.map((c) => c.label);
-    expect(labels).toContain('Docker CLI installed');
-    expect(labels).toContain('Docker daemon running');
-    expect(labels.find((l) => l.includes('Docker image'))).toBeDefined();
-    expect(labels).toContain('Docker mount writable');
+    expect(labels).toHaveLength(1);
+    expect(labels[0]).toContain('Native sandbox');
   });
 });