npm - @vellumai/assistant - Versions diffs - 0.3.19 → 0.3.20 - Mend

@vellumai/assistant 0.3.19 → 0.3.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (189) hide show

package/ARCHITECTURE.md +151 -15
package/Dockerfile +1 -0
package/README.md +40 -4
package/docs/architecture/integrations.md +7 -11
package/package.json +1 -1
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +54 -0
package/src/__tests__/approval-primitive.test.ts +540 -0
package/src/__tests__/assistant-feature-flag-guard.test.ts +206 -0
package/src/__tests__/assistant-feature-flag-guardrails.test.ts +198 -0
package/src/__tests__/assistant-feature-flags-integration.test.ts +272 -0
package/src/__tests__/call-controller.test.ts +439 -108
package/src/__tests__/channel-invite-transport.test.ts +264 -0
package/src/__tests__/cli.test.ts +42 -1
package/src/__tests__/config-schema.test.ts +11 -127
package/src/__tests__/config-watcher.test.ts +0 -8
package/src/__tests__/daemon-lifecycle.test.ts +1 -0
package/src/__tests__/daemon-server-session-init.test.ts +8 -2
package/src/__tests__/diff.test.ts +22 -0
package/src/__tests__/guardian-action-copy-generator.test.ts +5 -0
package/src/__tests__/guardian-action-grant-mint-consume.test.ts +300 -32
package/src/__tests__/guardian-action-late-reply.test.ts +546 -1
package/src/__tests__/guardian-actions-endpoint.test.ts +774 -0
package/src/__tests__/guardian-control-plane-policy.test.ts +36 -3
package/src/__tests__/guardian-dispatch.test.ts +124 -0
package/src/__tests__/guardian-grant-minting.test.ts +6 -17
package/src/__tests__/inbound-invite-redemption.test.ts +367 -0
package/src/__tests__/invite-redemption-service.test.ts +306 -0
package/src/__tests__/ipc-snapshot.test.ts +57 -0
package/src/__tests__/notification-decision-fallback.test.ts +88 -0
package/src/__tests__/sandbox-diagnostics.test.ts +6 -249
package/src/__tests__/sandbox-host-parity.test.ts +6 -13
package/src/__tests__/scoped-approval-grants.test.ts +6 -6
package/src/__tests__/scoped-grant-security-matrix.test.ts +5 -4
package/src/__tests__/script-proxy-session-manager.test.ts +1 -19
package/src/__tests__/session-load-history-repair.test.ts +169 -2
package/src/__tests__/session-runtime-assembly.test.ts +33 -5
package/src/__tests__/skill-feature-flags-integration.test.ts +171 -0
package/src/__tests__/skill-feature-flags.test.ts +188 -0
package/src/__tests__/skill-load-feature-flag.test.ts +141 -0
package/src/__tests__/skill-mirror-parity.test.ts +1 -0
package/src/__tests__/skill-projection-feature-flag.test.ts +363 -0
package/src/__tests__/system-prompt.test.ts +1 -1
package/src/__tests__/terminal-sandbox.test.ts +142 -9
package/src/__tests__/terminal-tools.test.ts +2 -93
package/src/__tests__/thread-seed-composer.test.ts +18 -0
package/src/__tests__/tool-approval-handler.test.ts +350 -0
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +8 -10
package/src/__tests__/voice-scoped-grant-consumer.test.ts +46 -84
package/src/agent/loop.ts +36 -1
package/src/approvals/approval-primitive.ts +381 -0
package/src/approvals/guardian-decision-primitive.ts +191 -0
package/src/calls/call-controller.ts +252 -209
package/src/calls/call-domain.ts +44 -6
package/src/calls/guardian-dispatch.ts +48 -0
package/src/calls/types.ts +1 -1
package/src/calls/voice-session-bridge.ts +46 -30
package/src/cli/core-commands.ts +0 -4
package/src/cli.ts +76 -34
package/src/config/__tests__/feature-flag-registry-guard.test.ts +179 -0
package/src/config/assistant-feature-flags.ts +162 -0
package/src/config/bundled-skills/api-mapping/icon.svg +18 -0
package/src/config/bundled-skills/messaging/TOOLS.json +30 -0
package/src/config/bundled-skills/messaging/tools/slack-delete-message.ts +24 -0
package/src/config/bundled-skills/notifications/SKILL.md +1 -1
package/src/config/bundled-skills/reminder/SKILL.md +49 -2
package/src/config/bundled-skills/time-based-actions/SKILL.md +49 -2
package/src/config/bundled-skills/voice-setup/SKILL.md +122 -0
package/src/config/core-schema.ts +1 -1
package/src/config/env-registry.ts +10 -0
package/src/config/feature-flag-registry.json +61 -0
package/src/config/loader.ts +22 -1
package/src/config/sandbox-schema.ts +0 -39
package/src/config/schema.ts +6 -2
package/src/config/skill-state.ts +34 -0
package/src/config/skills-schema.ts +0 -1
package/src/config/skills.ts +9 -0
package/src/config/system-prompt.ts +110 -46
package/src/config/templates/SOUL.md +1 -1
package/src/config/types.ts +19 -1
package/src/config/vellum-skills/catalog.json +1 -1
package/src/config/vellum-skills/guardian-verify-setup/SKILL.md +1 -0
package/src/config/vellum-skills/sms-setup/SKILL.md +1 -1
package/src/config/vellum-skills/telegram-setup/SKILL.md +1 -1
package/src/config/vellum-skills/trusted-contacts/SKILL.md +104 -3
package/src/config/vellum-skills/twilio-setup/SKILL.md +1 -1
package/src/daemon/config-watcher.ts +0 -1
package/src/daemon/daemon-control.ts +1 -1
package/src/daemon/guardian-invite-intent.ts +124 -0
package/src/daemon/handlers/avatar.ts +68 -0
package/src/daemon/handlers/browser.ts +2 -2
package/src/daemon/handlers/guardian-actions.ts +120 -0
package/src/daemon/handlers/index.ts +4 -0
package/src/daemon/handlers/sessions.ts +19 -0
package/src/daemon/handlers/shared.ts +3 -1
package/src/daemon/install-cli-launchers.ts +58 -13
package/src/daemon/ipc-contract/guardian-actions.ts +53 -0
package/src/daemon/ipc-contract/sessions.ts +8 -2
package/src/daemon/ipc-contract/settings.ts +25 -2
package/src/daemon/ipc-contract-inventory.json +10 -0
package/src/daemon/ipc-contract.ts +4 -0
package/src/daemon/lifecycle.ts +6 -2
package/src/daemon/main.ts +1 -0
package/src/daemon/server.ts +1 -0
package/src/daemon/session-lifecycle.ts +52 -7
package/src/daemon/session-memory.ts +45 -0
package/src/daemon/session-process.ts +258 -432
package/src/daemon/session-runtime-assembly.ts +12 -0
package/src/daemon/session-skill-tools.ts +14 -1
package/src/daemon/session-tool-setup.ts +5 -0
package/src/daemon/session.ts +11 -0
package/src/daemon/tool-side-effects.ts +35 -9
package/src/index.ts +0 -2
package/src/memory/conversation-display-order-migration.ts +44 -0
package/src/memory/conversation-queries.ts +2 -0
package/src/memory/conversation-store.ts +91 -0
package/src/memory/db-init.ts +5 -1
package/src/memory/embedding-local.ts +13 -8
package/src/memory/guardian-action-store.ts +125 -2
package/src/memory/ingress-invite-store.ts +95 -1
package/src/memory/migrations/035-guardian-action-supersession.ts +23 -0
package/src/memory/migrations/index.ts +2 -1
package/src/memory/schema.ts +5 -1
package/src/memory/scoped-approval-grants.ts +14 -5
package/src/messaging/providers/slack/client.ts +12 -0
package/src/messaging/providers/slack/types.ts +5 -0
package/src/notifications/decision-engine.ts +49 -12
package/src/notifications/emit-signal.ts +7 -0
package/src/notifications/signal.ts +7 -0
package/src/notifications/thread-seed-composer.ts +2 -1
package/src/runtime/channel-approval-types.ts +16 -6
package/src/runtime/channel-approvals.ts +19 -15
package/src/runtime/channel-invite-transport.ts +85 -0
package/src/runtime/channel-invite-transports/telegram.ts +105 -0
package/src/runtime/guardian-action-grant-minter.ts +92 -35
package/src/runtime/guardian-action-message-composer.ts +30 -0
package/src/runtime/guardian-decision-types.ts +91 -0
package/src/runtime/http-server.ts +23 -1
package/src/runtime/ingress-service.ts +22 -0
package/src/runtime/invite-redemption-service.ts +181 -0
package/src/runtime/invite-redemption-templates.ts +39 -0
package/src/runtime/routes/call-routes.ts +2 -1
package/src/runtime/routes/guardian-action-routes.ts +206 -0
package/src/runtime/routes/guardian-approval-interception.ts +66 -190
package/src/runtime/routes/inbound-message-handler.ts +486 -394
package/src/runtime/routes/pairing-routes.ts +4 -0
package/src/security/encrypted-store.ts +31 -17
package/src/security/keychain.ts +176 -2
package/src/security/secure-keys.ts +97 -0
package/src/security/tool-approval-digest.ts +1 -1
package/src/tools/browser/browser-execution.ts +2 -2
package/src/tools/browser/browser-manager.ts +46 -32
package/src/tools/browser/browser-screencast.ts +2 -2
package/src/tools/calls/call-start.ts +1 -1
package/src/tools/executor.ts +22 -17
package/src/tools/network/script-proxy/session-manager.ts +1 -5
package/src/tools/skills/load.ts +22 -8
package/src/tools/system/avatar-generator.ts +119 -0
package/src/tools/system/navigate-settings.ts +65 -0
package/src/tools/system/open-system-settings.ts +75 -0
package/src/tools/system/voice-config.ts +121 -32
package/src/tools/terminal/backends/native.ts +40 -19
package/src/tools/terminal/backends/types.ts +3 -3
package/src/tools/terminal/parser.ts +1 -1
package/src/tools/terminal/sandbox-diagnostics.ts +6 -87
package/src/tools/terminal/sandbox.ts +1 -12
package/src/tools/terminal/shell.ts +3 -31
package/src/tools/tool-approval-handler.ts +141 -3
package/src/tools/tool-manifest.ts +6 -0
package/src/tools/types.ts +6 -0
package/src/util/diff.ts +36 -13
package/Dockerfile.sandbox +0 -5
package/src/__tests__/doordash-client.test.ts +0 -187
package/src/__tests__/doordash-session.test.ts +0 -154
package/src/__tests__/signup-e2e.test.ts +0 -354
package/src/__tests__/terminal-sandbox-docker.test.ts +0 -1065
package/src/__tests__/terminal-sandbox.integration.test.ts +0 -180
package/src/cli/doordash.ts +0 -1057
package/src/config/bundled-skills/doordash/SKILL.md +0 -163
package/src/config/templates/LOOKS.md +0 -25
package/src/doordash/cart-queries.ts +0 -787
package/src/doordash/client.ts +0 -1016
package/src/doordash/order-queries.ts +0 -85
package/src/doordash/queries.ts +0 -13
package/src/doordash/query-extractor.ts +0 -94
package/src/doordash/search-queries.ts +0 -203
package/src/doordash/session.ts +0 -84
package/src/doordash/store-queries.ts +0 -246
package/src/doordash/types.ts +0 -367
package/src/tools/terminal/backends/docker.ts +0 -379

package/src/__tests__/terminal-sandbox.integration.test.ts DELETED Viewed

@@ -1,180 +0,0 @@
-/**
- * Runtime-gated Docker integration tests.
- *
- * These tests run real Docker containers — they are skipped automatically
- * when Docker is not available or the sandbox image is not pulled locally.
- * To run them locally:
- *   1. Install Docker Desktop / Docker Engine
- *   2. docker pull <configured sandbox image>
- *   3. bun test src/__tests__/terminal-sandbox.integration.test.ts
- */
-import { execFileSync, spawnSync } from 'node:child_process';
-import {
-  existsSync,
-  mkdirSync,
-  mkdtempSync,
-  readFileSync,
-  realpathSync,
-  rmSync,
-  statSync,
-  writeFileSync,
-} from 'node:fs';
-import { join } from 'node:path';
-import { afterAll, beforeAll, describe, expect, test } from 'bun:test';
-import { DEFAULT_CONFIG } from '../config/defaults.js';
-import { getSandboxWorkingDir } from '../util/platform.js';
-// ---------------------------------------------------------------------------
-// Runtime gate: skip entire file if Docker is not usable
-// ---------------------------------------------------------------------------
-function dockerAvailable(): boolean {
-  try {
-    execFileSync('docker', ['info'], { stdio: 'ignore', timeout: 10000 });
-    return true;
-  } catch {
-    return false;
-  }
-}
-const IMAGE = DEFAULT_CONFIG.sandbox.docker.image;
-function imageAvailable(): boolean {
-  try {
-    execFileSync('docker', ['image', 'inspect', IMAGE], {
-      stdio: 'ignore',
-      timeout: 10000,
-    });
-    return true;
-  } catch {
-    return false;
-  }
-}
-const DOCKER_OK = dockerAvailable() && imageAvailable();
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-let sandboxRoot: string;
-beforeAll(() => {
-  if (!DOCKER_OK) return;
-  const parent = getSandboxWorkingDir();
-  if (!existsSync(parent)) {
-    mkdirSync(parent, { recursive: true });
-  }
-  sandboxRoot = realpathSync(mkdtempSync(join(parent, 'docker-integ-')));
-});
-afterAll(() => {
-  if (sandboxRoot && existsSync(sandboxRoot)) {
-    rmSync(sandboxRoot, { recursive: true, force: true });
-  }
-});
-interface DockerRunOptions {
-  /** Run as root instead of the host UID:GID. Useful for testing filesystem-level protections. */
-  asRoot?: boolean;
-}
-/** Run a command inside a Docker container with the sandbox root mounted. */
-function dockerRun(cmd: string, opts?: DockerRunOptions): { stdout: string; exitCode: number } {
-  const uid = process.getuid?.() ?? 1000;
-  const gid = process.getgid?.() ?? 1000;
-  const userArgs = opts?.asRoot ? ['--user', '0:0'] : ['--user', `${uid}:${gid}`];
-  const result = spawnSync('docker', [
-    'run', '--rm',
-    '--network=none',
-    '--cap-drop=ALL',
-    '--security-opt=no-new-privileges',
-    '--read-only',
-    '--tmpfs', '/tmp:rw,nosuid,nodev,noexec',
-    '--mount', `type=bind,src=${sandboxRoot},dst=/workspace`,
-    '--workdir', '/workspace',
-    ...userArgs,
-    IMAGE,
-    'bash', '-c', cmd,
-  ], { timeout: 30000, encoding: 'utf-8' });
-  return {
-    stdout: (result.stdout ?? '').trim(),
-    exitCode: result.status ?? -1,
-  };
-}
-// ---------------------------------------------------------------------------
-// Tests
-// ---------------------------------------------------------------------------
-describe.skipIf(!DOCKER_OK)('Docker integration: write inside sandbox', () => {
-  test('writing a file inside /workspace succeeds', () => {
-    const { exitCode } = dockerRun('echo "hello" > /workspace/test-write.txt && cat /workspace/test-write.txt');
-    expect(exitCode).toBe(0);
-    // Verify the file appeared on the host
-    const hostPath = join(sandboxRoot, 'test-write.txt');
-    expect(existsSync(hostPath)).toBe(true);
-    expect(readFileSync(hostPath, 'utf-8').trim()).toBe('hello');
-  });
-  test('creating nested directories inside /workspace succeeds', () => {
-    const { exitCode, stdout } = dockerRun('mkdir -p /workspace/a/b/c && echo ok');
-    expect(exitCode).toBe(0);
-    expect(stdout).toBe('ok');
-    expect(existsSync(join(sandboxRoot, 'a/b/c'))).toBe(true);
-  });
-});
-describe.skipIf(!DOCKER_OK)('Docker integration: write outside workspace fails', () => {
-  // Run as root so Unix permissions are not a factor — the read-only
-  // filesystem mount is the only thing preventing these writes.
-  test('writing to /etc inside container fails (read-only root)', () => {
-    const { exitCode } = dockerRun('touch /etc/evil 2>/dev/null', { asRoot: true });
-    expect(exitCode).not.toBe(0);
-  });
-  test('writing to /home inside container fails (read-only root)', () => {
-    const { exitCode } = dockerRun('touch /home/evil 2>/dev/null', { asRoot: true });
-    expect(exitCode).not.toBe(0);
-  });
-  test('writing to /tmp succeeds (tmpfs mount)', () => {
-    // /tmp is an explicit tmpfs mount so writes should work
-    const { exitCode, stdout } = dockerRun('echo ok > /tmp/test.txt && cat /tmp/test.txt');
-    expect(exitCode).toBe(0);
-    expect(stdout).toBe('ok');
-  });
-});
-describe.skipIf(!DOCKER_OK)('Docker integration: host-writable files', () => {
-  test('files created in container are owned by host UID:GID', () => {
-    const filename = 'host-owner-test.txt';
-    dockerRun(`echo "owned" > /workspace/${filename}`);
-    const hostPath = join(sandboxRoot, filename);
-    expect(existsSync(hostPath)).toBe(true);
-    const stat = statSync(hostPath);
-    const expectedUid = process.getuid?.() ?? 1000;
-    const expectedGid = process.getgid?.() ?? 1000;
-    expect(stat.uid).toBe(expectedUid);
-    expect(stat.gid).toBe(expectedGid);
-  });
-  test('host can read files created by container', () => {
-    const filename = 'host-readable-test.txt';
-    const content = 'container-created-content';
-    dockerRun(`echo "${content}" > /workspace/${filename}`);
-    const hostPath = join(sandboxRoot, filename);
-    expect(readFileSync(hostPath, 'utf-8').trim()).toBe(content);
-  });
-  test('container can read files created by host', () => {
-    const filename = 'host-created.txt';
-    writeFileSync(join(sandboxRoot, filename), 'from-host');
-    const { stdout, exitCode } = dockerRun(`cat /workspace/${filename}`);
-    expect(exitCode).toBe(0);
-    expect(stdout).toBe('from-host');
-  });
-});