npm - @vellumai/assistant - Versions diffs - 0.3.18 → 0.3.20 - Mend

@vellumai/assistant 0.3.18 → 0.3.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (202) hide show

package/ARCHITECTURE.md +155 -15
package/Dockerfile +1 -0
package/README.md +40 -4
package/docs/architecture/integrations.md +7 -11
package/docs/architecture/security.md +80 -0
package/package.json +1 -1
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +58 -0
package/src/__tests__/approval-primitive.test.ts +540 -0
package/src/__tests__/assistant-feature-flag-guard.test.ts +206 -0
package/src/__tests__/assistant-feature-flag-guardrails.test.ts +198 -0
package/src/__tests__/assistant-feature-flags-integration.test.ts +272 -0
package/src/__tests__/call-controller.test.ts +605 -104
package/src/__tests__/channel-invite-transport.test.ts +264 -0
package/src/__tests__/checker.test.ts +60 -0
package/src/__tests__/cli.test.ts +42 -1
package/src/__tests__/config-schema.test.ts +11 -127
package/src/__tests__/config-watcher.test.ts +0 -8
package/src/__tests__/daemon-lifecycle.test.ts +1 -0
package/src/__tests__/daemon-server-session-init.test.ts +8 -2
package/src/__tests__/diff.test.ts +22 -0
package/src/__tests__/guardian-action-copy-generator.test.ts +5 -0
package/src/__tests__/guardian-action-grant-mint-consume.test.ts +779 -0
package/src/__tests__/guardian-action-late-reply.test.ts +546 -1
package/src/__tests__/guardian-actions-endpoint.test.ts +774 -0
package/src/__tests__/guardian-control-plane-policy.test.ts +36 -3
package/src/__tests__/guardian-dispatch.test.ts +185 -1
package/src/__tests__/guardian-grant-minting.test.ts +532 -0
package/src/__tests__/inbound-invite-redemption.test.ts +367 -0
package/src/__tests__/invite-redemption-service.test.ts +306 -0
package/src/__tests__/ipc-snapshot.test.ts +58 -0
package/src/__tests__/notification-decision-fallback.test.ts +88 -0
package/src/__tests__/remote-skill-policy.test.ts +215 -0
package/src/__tests__/sandbox-diagnostics.test.ts +6 -249
package/src/__tests__/sandbox-host-parity.test.ts +6 -13
package/src/__tests__/scoped-approval-grants.test.ts +521 -0
package/src/__tests__/scoped-grant-security-matrix.test.ts +444 -0
package/src/__tests__/script-proxy-session-manager.test.ts +1 -19
package/src/__tests__/session-load-history-repair.test.ts +169 -2
package/src/__tests__/session-runtime-assembly.test.ts +33 -5
package/src/__tests__/skill-feature-flags-integration.test.ts +171 -0
package/src/__tests__/skill-feature-flags.test.ts +188 -0
package/src/__tests__/skill-load-feature-flag.test.ts +141 -0
package/src/__tests__/skill-mirror-parity.test.ts +1 -0
package/src/__tests__/skill-projection-feature-flag.test.ts +363 -0
package/src/__tests__/system-prompt.test.ts +1 -1
package/src/__tests__/terminal-sandbox.test.ts +142 -9
package/src/__tests__/terminal-tools.test.ts +2 -93
package/src/__tests__/thread-seed-composer.test.ts +18 -0
package/src/__tests__/tool-approval-handler.test.ts +350 -0
package/src/__tests__/trust-store.test.ts +2 -0
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +8 -10
package/src/__tests__/voice-scoped-grant-consumer.test.ts +533 -0
package/src/agent/loop.ts +36 -1
package/src/approvals/approval-primitive.ts +381 -0
package/src/approvals/guardian-decision-primitive.ts +191 -0
package/src/calls/call-controller.ts +276 -212
package/src/calls/call-domain.ts +56 -6
package/src/calls/guardian-dispatch.ts +56 -0
package/src/calls/relay-server.ts +13 -0
package/src/calls/types.ts +1 -1
package/src/calls/voice-session-bridge.ts +59 -4
package/src/cli/core-commands.ts +0 -4
package/src/cli.ts +76 -34
package/src/config/__tests__/feature-flag-registry-guard.test.ts +179 -0
package/src/config/assistant-feature-flags.ts +162 -0
package/src/config/bundled-skills/api-mapping/icon.svg +18 -0
package/src/config/bundled-skills/messaging/TOOLS.json +30 -0
package/src/config/bundled-skills/messaging/tools/slack-delete-message.ts +24 -0
package/src/config/bundled-skills/notifications/SKILL.md +18 -0
package/src/config/bundled-skills/reminder/SKILL.md +49 -2
package/src/config/bundled-skills/time-based-actions/SKILL.md +49 -2
package/src/config/bundled-skills/voice-setup/SKILL.md +122 -0
package/src/config/core-schema.ts +1 -1
package/src/config/env-registry.ts +10 -0
package/src/config/feature-flag-registry.json +61 -0
package/src/config/loader.ts +22 -1
package/src/config/sandbox-schema.ts +0 -39
package/src/config/schema.ts +12 -2
package/src/config/skill-state.ts +34 -0
package/src/config/skills-schema.ts +26 -0
package/src/config/skills.ts +9 -0
package/src/config/system-prompt.ts +110 -46
package/src/config/templates/SOUL.md +1 -1
package/src/config/types.ts +19 -1
package/src/config/vellum-skills/catalog.json +1 -1
package/src/config/vellum-skills/guardian-verify-setup/SKILL.md +1 -0
package/src/config/vellum-skills/sms-setup/SKILL.md +1 -1
package/src/config/vellum-skills/telegram-setup/SKILL.md +1 -1
package/src/config/vellum-skills/trusted-contacts/SKILL.md +104 -3
package/src/config/vellum-skills/twilio-setup/SKILL.md +1 -1
package/src/daemon/config-watcher.ts +0 -1
package/src/daemon/daemon-control.ts +1 -1
package/src/daemon/guardian-invite-intent.ts +124 -0
package/src/daemon/handlers/avatar.ts +68 -0
package/src/daemon/handlers/browser.ts +2 -2
package/src/daemon/handlers/config-channels.ts +18 -0
package/src/daemon/handlers/guardian-actions.ts +120 -0
package/src/daemon/handlers/index.ts +4 -0
package/src/daemon/handlers/sessions.ts +19 -0
package/src/daemon/handlers/shared.ts +3 -1
package/src/daemon/handlers/skills.ts +45 -2
package/src/daemon/install-cli-launchers.ts +58 -13
package/src/daemon/ipc-contract/guardian-actions.ts +53 -0
package/src/daemon/ipc-contract/sessions.ts +8 -2
package/src/daemon/ipc-contract/settings.ts +25 -2
package/src/daemon/ipc-contract/skills.ts +1 -0
package/src/daemon/ipc-contract-inventory.json +10 -0
package/src/daemon/ipc-contract.ts +4 -0
package/src/daemon/lifecycle.ts +6 -2
package/src/daemon/main.ts +1 -0
package/src/daemon/server.ts +1 -0
package/src/daemon/session-lifecycle.ts +52 -7
package/src/daemon/session-memory.ts +45 -0
package/src/daemon/session-process.ts +260 -422
package/src/daemon/session-runtime-assembly.ts +12 -0
package/src/daemon/session-skill-tools.ts +14 -1
package/src/daemon/session-tool-setup.ts +5 -0
package/src/daemon/session.ts +11 -0
package/src/daemon/tool-side-effects.ts +35 -9
package/src/index.ts +0 -2
package/src/memory/conversation-display-order-migration.ts +44 -0
package/src/memory/conversation-queries.ts +2 -0
package/src/memory/conversation-store.ts +91 -0
package/src/memory/db-init.ts +13 -1
package/src/memory/embedding-local.ts +22 -8
package/src/memory/guardian-action-store.ts +133 -2
package/src/memory/guardian-verification.ts +1 -1
package/src/memory/ingress-invite-store.ts +95 -1
package/src/memory/migrations/033-scoped-approval-grants.ts +51 -0
package/src/memory/migrations/034-guardian-action-tool-metadata.ts +12 -0
package/src/memory/migrations/035-guardian-action-supersession.ts +23 -0
package/src/memory/migrations/index.ts +3 -0
package/src/memory/schema.ts +35 -1
package/src/memory/scoped-approval-grants.ts +518 -0
package/src/messaging/providers/slack/client.ts +12 -0
package/src/messaging/providers/slack/types.ts +5 -0
package/src/notifications/decision-engine.ts +49 -12
package/src/notifications/emit-signal.ts +7 -0
package/src/notifications/signal.ts +7 -0
package/src/notifications/thread-seed-composer.ts +2 -1
package/src/permissions/checker.ts +27 -0
package/src/runtime/channel-approval-types.ts +16 -6
package/src/runtime/channel-approvals.ts +19 -15
package/src/runtime/channel-invite-transport.ts +85 -0
package/src/runtime/channel-invite-transports/telegram.ts +105 -0
package/src/runtime/guardian-action-grant-minter.ts +154 -0
package/src/runtime/guardian-action-message-composer.ts +30 -0
package/src/runtime/guardian-decision-types.ts +91 -0
package/src/runtime/http-server.ts +23 -1
package/src/runtime/ingress-service.ts +22 -0
package/src/runtime/invite-redemption-service.ts +181 -0
package/src/runtime/invite-redemption-templates.ts +39 -0
package/src/runtime/routes/call-routes.ts +2 -1
package/src/runtime/routes/guardian-action-routes.ts +206 -0
package/src/runtime/routes/guardian-approval-interception.ts +66 -74
package/src/runtime/routes/inbound-message-handler.ts +568 -409
package/src/runtime/routes/pairing-routes.ts +4 -0
package/src/security/encrypted-store.ts +31 -17
package/src/security/keychain.ts +176 -2
package/src/security/secure-keys.ts +97 -0
package/src/security/tool-approval-digest.ts +67 -0
package/src/skills/remote-skill-policy.ts +131 -0
package/src/tools/browser/browser-execution.ts +2 -2
package/src/tools/browser/browser-manager.ts +46 -32
package/src/tools/browser/browser-screencast.ts +2 -2
package/src/tools/calls/call-start.ts +1 -1
package/src/tools/executor.ts +22 -17
package/src/tools/network/script-proxy/session-manager.ts +1 -5
package/src/tools/skills/load.ts +22 -8
package/src/tools/system/avatar-generator.ts +119 -0
package/src/tools/system/navigate-settings.ts +65 -0
package/src/tools/system/open-system-settings.ts +75 -0
package/src/tools/system/voice-config.ts +121 -32
package/src/tools/terminal/backends/native.ts +40 -19
package/src/tools/terminal/backends/types.ts +3 -3
package/src/tools/terminal/parser.ts +1 -1
package/src/tools/terminal/sandbox-diagnostics.ts +6 -87
package/src/tools/terminal/sandbox.ts +1 -12
package/src/tools/terminal/shell.ts +3 -31
package/src/tools/tool-approval-handler.ts +141 -3
package/src/tools/tool-manifest.ts +6 -0
package/src/tools/types.ts +6 -0
package/src/util/diff.ts +36 -13
package/Dockerfile.sandbox +0 -5
package/src/__tests__/doordash-client.test.ts +0 -187
package/src/__tests__/doordash-session.test.ts +0 -154
package/src/__tests__/signup-e2e.test.ts +0 -354
package/src/__tests__/terminal-sandbox-docker.test.ts +0 -1065
package/src/__tests__/terminal-sandbox.integration.test.ts +0 -180
package/src/cli/doordash.ts +0 -1057
package/src/config/bundled-skills/doordash/SKILL.md +0 -163
package/src/config/templates/LOOKS.md +0 -25
package/src/doordash/cart-queries.ts +0 -787
package/src/doordash/client.ts +0 -1016
package/src/doordash/order-queries.ts +0 -85
package/src/doordash/queries.ts +0 -13
package/src/doordash/query-extractor.ts +0 -94
package/src/doordash/search-queries.ts +0 -203
package/src/doordash/session.ts +0 -84
package/src/doordash/store-queries.ts +0 -246
package/src/doordash/types.ts +0 -367
package/src/tools/terminal/backends/docker.ts +0 -379

package/src/__tests__/guardian-control-plane-policy.test.ts CHANGED Viewed

@@ -484,15 +484,15 @@ describe('ToolExecutor guardian-only policy gate', () => {
     expect(result.content).toBe('ok');
   });
-  test('non-guardian invocation of unrelated endpoint is unaffected', async () => {
+  test('non-guardian invocation of unrelated bash command is blocked by guardian approval gate', async () => {
     const executor = new ToolExecutor(makePrompter());
     const result = await executor.execute(
       'bash',
       { command: 'curl http://localhost:3000/v1/messages' },
       makeContext({ guardianActorRole: 'non-guardian' }),
     );
-    expect(result.isError).toBe(false);
-    expect(result.content).toBe('ok');
+    expect(result.isError).toBe(true);
+    expect(result.content).toContain('requires guardian approval');
   });
   test('non-guardian invocation of unrelated tool is unaffected', async () => {
@@ -579,4 +579,37 @@ describe('ToolExecutor guardian-only policy gate', () => {
       expect(result.content).toContain('restricted to guardian users');
     }
   });
+  test('non-guardian actor is blocked from host read tools (host execution)', async () => {
+    const executor = new ToolExecutor(makePrompter());
+    const result = await executor.execute(
+      'host_file_read',
+      { path: '/Users/noaflaherty/.ssh/config' },
+      makeContext({ guardianActorRole: 'non-guardian' }),
+    );
+    expect(result.isError).toBe(true);
+    expect(result.content).toContain('requires guardian approval');
+  });
+  test('unverified channel actor is blocked from side-effect tools', async () => {
+    const executor = new ToolExecutor(makePrompter());
+    const result = await executor.execute(
+      'reminder_create',
+      { fire_at: '2026-02-27T12:00:00-05:00', label: 'test', message: 'hello' },
+      makeContext({ guardianActorRole: 'unverified_channel' }),
+    );
+    expect(result.isError).toBe(true);
+    expect(result.content).toContain('verified channel identity');
+  });
+  test('guardian actor can execute side-effect tools', async () => {
+    const executor = new ToolExecutor(makePrompter());
+    const result = await executor.execute(
+      'reminder_create',
+      { fire_at: '2026-02-27T12:00:00-05:00', label: 'test', message: 'hello' },
+      makeContext({ guardianActorRole: 'guardian' }),
+    );
+    expect(result.isError).toBe(false);
+    expect(result.content).toBe('ok');
+  });
 });

package/src/__tests__/guardian-dispatch.test.ts CHANGED Viewed

@@ -336,10 +336,70 @@ describe('guardian-dispatch', () => {
     expect(vellumDelivery!.destination_conversation_id).toBe('conv-from-thread-created');
   });
-  test('includes activeGuardianRequestCount in context payload', async () => {
+  test('persists toolName and inputDigest on guardian action request for tool-approval dispatches', async () => {
     const convId = 'conv-dispatch-5';
     ensureConversation(convId);
+    const session = createCallSession({
+      conversationId: convId,
+      provider: 'twilio',
+      fromNumber: '+15550001111',
+      toNumber: '+15550002222',
+    });
+    const pq = createPendingQuestion(session.id, 'Allow send_email to bob@example.com?');
+    await dispatchGuardianQuestion({
+      callSessionId: session.id,
+      conversationId: convId,
+      assistantId: 'self',
+      pendingQuestion: pq,
+      toolName: 'send_email',
+      inputDigest: 'abc123def456',
+    });
+    const db = getDb();
+    const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
+    const request = raw.query('SELECT * FROM guardian_action_requests WHERE call_session_id = ?').get(session.id) as
+      | { id: string; tool_name: string | null; input_digest: string | null }
+      | undefined;
+    expect(request).toBeDefined();
+    expect(request!.tool_name).toBe('send_email');
+    expect(request!.input_digest).toBe('abc123def456');
+  });
+  test('omitting toolName and inputDigest stores null for informational ASK_GUARDIAN dispatches', async () => {
+    const convId = 'conv-dispatch-6';
+    ensureConversation(convId);
+    const session = createCallSession({
+      conversationId: convId,
+      provider: 'twilio',
+      fromNumber: '+15550001111',
+      toNumber: '+15550002222',
+    });
+    const pq = createPendingQuestion(session.id, 'What time works?');
+    await dispatchGuardianQuestion({
+      callSessionId: session.id,
+      conversationId: convId,
+      assistantId: 'self',
+      pendingQuestion: pq,
+    });
+    const db = getDb();
+    const raw = (db as unknown as { $client: import('bun:sqlite').Database }).$client;
+    const request = raw.query('SELECT * FROM guardian_action_requests WHERE call_session_id = ?').get(session.id) as
+      | { id: string; tool_name: string | null; input_digest: string | null }
+      | undefined;
+    expect(request).toBeDefined();
+    expect(request!.tool_name).toBeNull();
+    expect(request!.input_digest).toBeNull();
+  });
+  test('includes activeGuardianRequestCount in context payload', async () => {
+    const convId = 'conv-dispatch-7';
+    ensureConversation(convId);
     const session = createCallSession({
       conversationId: convId,
       provider: 'twilio',
@@ -455,4 +515,128 @@ describe('guardian-dispatch', () => {
     const secondPayload = (emitCalls[0] as Record<string, unknown>).contextPayload as Record<string, unknown>;
     expect(secondPayload.activeGuardianRequestCount).toBe(2);
   });
+  test('second guardian question in same call session passes conversationAffinityHint with first conversation ID', async () => {
+    const convId = 'conv-dispatch-affinity-1';
+    ensureConversation(convId);
+    const sharedConversationId = 'conv-affinity-guardian';
+    const session = createCallSession({
+      conversationId: convId,
+      provider: 'twilio',
+      fromNumber: '+15550001111',
+      toNumber: '+15550002222',
+    });
+    // First dispatch — no affinity hint expected (no prior delivery exists)
+    const pq1 = createPendingQuestion(session.id, 'First question');
+    mockEmitResult = {
+      signalId: 'sig-affinity-1',
+      deduplicated: false,
+      dispatched: true,
+      reason: 'ok',
+      deliveryResults: [
+        {
+          channel: 'vellum',
+          destination: 'vellum',
+          status: 'sent',
+          conversationId: sharedConversationId,
+        },
+      ],
+    };
+    await dispatchGuardianQuestion({
+      callSessionId: session.id,
+      conversationId: convId,
+      assistantId: 'self',
+      pendingQuestion: pq1,
+    });
+    const firstParams = emitCalls[0] as Record<string, unknown>;
+    // First dispatch should not have an affinity hint
+    expect(firstParams.conversationAffinityHint).toBeUndefined();
+    // Second dispatch — should carry the affinity hint from the first delivery
+    emitCalls.length = 0;
+    const pq2 = createPendingQuestion(session.id, 'Second question');
+    mockEmitResult = {
+      signalId: 'sig-affinity-2',
+      deduplicated: false,
+      dispatched: true,
+      reason: 'ok',
+      deliveryResults: [
+        {
+          channel: 'vellum',
+          destination: 'vellum',
+          status: 'sent',
+          conversationId: sharedConversationId,
+        },
+      ],
+    };
+    await dispatchGuardianQuestion({
+      callSessionId: session.id,
+      conversationId: convId,
+      assistantId: 'self',
+      pendingQuestion: pq2,
+    });
+    const secondParams = emitCalls[0] as Record<string, unknown>;
+    expect(secondParams.conversationAffinityHint).toEqual({
+      vellum: sharedConversationId,
+    });
+  });
+  test('third guardian question in same call session also carries affinity hint', async () => {
+    const convId = 'conv-dispatch-affinity-2';
+    ensureConversation(convId);
+    const sharedConversationId = 'conv-affinity-triple';
+    const session = createCallSession({
+      conversationId: convId,
+      provider: 'twilio',
+      fromNumber: '+15550001111',
+      toNumber: '+15550002222',
+    });
+    // Dispatch three guardian questions in the same call session
+    for (let i = 0; i < 3; i++) {
+      emitCalls.length = 0;
+      const pq = createPendingQuestion(session.id, `Question ${i + 1}`);
+      mockEmitResult = {
+        signalId: `sig-triple-${i}`,
+        deduplicated: false,
+        dispatched: true,
+        reason: 'ok',
+        deliveryResults: [
+          {
+            channel: 'vellum',
+            destination: 'vellum',
+            status: 'sent',
+            conversationId: sharedConversationId,
+          },
+        ],
+      };
+      await dispatchGuardianQuestion({
+        callSessionId: session.id,
+        conversationId: convId,
+        assistantId: 'self',
+        pendingQuestion: pq,
+      });
+      const params = emitCalls[0] as Record<string, unknown>;
+      if (i === 0) {
+        // First dispatch — no affinity hint
+        expect(params.conversationAffinityHint).toBeUndefined();
+      } else {
+        // Subsequent dispatches — affinity hint points to the shared conversation
+        expect(params.conversationAffinityHint).toEqual({
+          vellum: sharedConversationId,
+        });
+      }
+    }
+  });
 });