@vellumai/assistant 0.3.19 → 0.3.21

package/src/tools/tool-approval-handler.ts

@@ -1,14 +1,42 @@
+import { consumeGrantForInvocation } from '../approvals/approval-primitive.js';
 import { isToolBlocked } from '../security/parental-control-store.js';
+import { computeToolApprovalDigest } from '../security/tool-approval-digest.js';
 import { getTaskRunRules } from '../tasks/ephemeral-permissions.js';
 import { getLogger } from '../util/logger.js';
 import { enforceGuardianOnlyPolicy } from './guardian-control-plane-policy.js';
 import { getAllTools, getTool } from './registry.js';
+import { isSideEffectTool } from './side-effects.js';
 import type { ExecutionTarget, Tool, ToolContext, ToolExecutionResult, ToolLifecycleEvent } from './types.js';
 
 const log = getLogger('tool-approval-handler');
 
+function isUntrustedGuardianActorRole(role: ToolContext['guardianActorRole']): boolean {
+  return role === 'non-guardian' || role === 'unverified_channel';
+}
+
+function requiresGuardianApprovalForActor(
+  toolName: string,
+  input: Record<string, unknown>,
+  executionTarget: ExecutionTarget,
+): boolean {
+  // Side-effect tools always require guardian approval for untrusted actors.
+  // Read-only host execution is also blocked because it can leak sensitive
+  // local information (e.g. shell/file reads).
+  return isSideEffectTool(toolName, input) || executionTarget === 'host';
+}
+
+function guardianApprovalDeniedMessage(
+  actorRole: ToolContext['guardianActorRole'],
+  toolName: string,
+): string {
+  if (actorRole === 'unverified_channel') {
+    return `Permission denied for "${toolName}": this action requires guardian approval from a verified channel identity.`;
+  }
+  return `Permission denied for "${toolName}": this action requires guardian approval and the current actor is not the guardian.`;
+}
+
 export type PreExecutionGateResult =
-  | { allowed: true; tool: Tool }
+  | { allowed: true; tool: Tool; grantConsumed?: boolean }
   | { allowed: false; result: ToolExecutionResult };
 
 /**
@@ -22,7 +50,7 @@ export class ToolApprovalHandler {
    * Returns the resolved Tool if all gates pass, or an early-return
    * ToolExecutionResult if any gate blocks execution.
    */
-  checkPreExecutionGates(
+  async checkPreExecutionGates(
     name: string,
     input: Record<string, unknown>,
     context: ToolContext,
@@ -30,7 +58,7 @@ export class ToolApprovalHandler {
     riskLevel: string,
     startTime: number,
     emitLifecycleEvent: (event: ToolLifecycleEvent) => void,
-  ): PreExecutionGateResult {
+  ): Promise<PreExecutionGateResult> {
     // Bail out immediately if the session was aborted before this tool started.
     if (context.signal?.aborted) {
       const durationMs = Date.now() - startTime;
@@ -111,6 +139,33 @@ export class ToolApprovalHandler {
       return { allowed: false, result: { content: guardianCheck.reason!, isError: true } };
     }
 
+    // Determine whether this invocation requires a scoped grant. Capture
+    // the consume params now but defer the actual atomic consumption until
+    // after all downstream policy gates (allowedToolNames, task-run
+    // preflight, tool registry) pass. This prevents wasting a one-time-use
+    // grant when a subsequent gate rejects the invocation.
+    let needsGrantConsumption = false;
+    let deferredConsumeParams: Parameters<typeof consumeGrantForInvocation>[0] | null = null;
+
+    if (
+      isUntrustedGuardianActorRole(context.guardianActorRole)
+      && requiresGuardianApprovalForActor(name, input, executionTarget)
+    ) {
+      const inputDigest = computeToolApprovalDigest(name, input);
+      needsGrantConsumption = true;
+      deferredConsumeParams = {
+        requestId: context.requestId,
+        toolName: name,
+        inputDigest,
+        consumingRequestId: context.requestId ?? `preexec-${context.sessionId}-${Date.now()}`,
+        assistantId: context.assistantId ?? 'self',
+        executionChannel: context.executionChannel,
+        conversationId: context.conversationId,
+        callSessionId: context.callSessionId,
+        requesterExternalUserId: context.requesterExternalUserId,
+      };
+    }
+
     // Gate tools not active for the current turn
     if (context.allowedToolNames && !context.allowedToolNames.has(name)) {
       const msg = `Tool "${name}" is not currently active. Load the skill that provides this tool first.`;
@@ -187,6 +242,89 @@ export class ToolApprovalHandler {
       return { allowed: false, result: { content: msg, isError: true } };
     }
 
+    // All policy gates passed. Now consume the scoped grant if one is
+    // required. Deferring consumption to this point ensures a downstream
+    // rejection (allowedToolNames, task-run preflight, registry lookup)
+    // does not waste the one-time-use grant.
+    //
+    // Retry polling is scoped to the voice channel where a race condition
+    // exists between fire-and-forget turn execution and LLM fallback grant
+    // minting (2-5s). Non-voice channels get an instant sync lookup so
+    // normal denials are not delayed.
+    if (needsGrantConsumption && deferredConsumeParams) {
+      const isVoice = context.executionChannel === 'voice';
+      const grantResult = await consumeGrantForInvocation(
+        deferredConsumeParams,
+        isVoice ? { signal: context.signal } : { maxWaitMs: 0 },
+      );
+
+      if (grantResult.ok) {
+        log.info({
+          toolName: name,
+          sessionId: context.sessionId,
+          conversationId: context.conversationId,
+          actorRole: context.guardianActorRole,
+          executionTarget,
+          grantId: grantResult.grant.id,
+        }, 'Scoped grant consumed — allowing untrusted actor tool invocation');
+
+        return { allowed: true, tool, grantConsumed: true };
+      }
+
+      // Treat abort as a cancellation — not a grant denial. This matches
+      // the abort check at the top of checkPreExecutionGates so the caller
+      // sees a consistent "Cancelled" result instead of a spurious
+      // guardian_approval_required denial during voice barge-in.
+      if (grantResult.reason === 'aborted') {
+        const durationMs = Date.now() - startTime;
+        emitLifecycleEvent({
+          type: 'error',
+          toolName: name,
+          executionTarget,
+          input,
+          workingDir: context.workingDir,
+          sessionId: context.sessionId,
+          conversationId: context.conversationId,
+          requestId: context.requestId,
+          riskLevel,
+          decision: 'error',
+          durationMs,
+          errorMessage: 'Cancelled',
+          isExpected: true,
+          errorCategory: 'tool_failure',
+        });
+        return { allowed: false, result: { content: 'Cancelled', isError: true } };
+      }
+
+      // No matching grant or race condition — deny.
+      const reason = guardianApprovalDeniedMessage(context.guardianActorRole, name);
+      log.warn({
+        toolName: name,
+        sessionId: context.sessionId,
+        conversationId: context.conversationId,
+        actorRole: context.guardianActorRole,
+        executionTarget,
+        reason: 'guardian_approval_required',
+        grantMissReason: grantResult.reason,
+      }, 'Guardian approval gate blocked untrusted actor tool invocation (no matching grant)');
+      const durationMs = Date.now() - startTime;
+      emitLifecycleEvent({
+        type: 'permission_denied',
+        toolName: name,
+        executionTarget,
+        input,
+        workingDir: context.workingDir,
+        sessionId: context.sessionId,
+        conversationId: context.conversationId,
+        requestId: context.requestId,
+        riskLevel,
+        decision: 'deny',
+        reason,
+        durationMs,
+      });
+      return { allowed: false, result: { content: reason, isError: true } };
+    }
+
     return { allowed: true, tool };
   }
 }

package/src/tools/tool-manifest.ts

@@ -12,6 +12,9 @@ import { credentialStoreTool } from './credentials/vault.js';
 import { memorySaveTool, memorySearchTool, memoryUpdateTool } from './memory/register.js';
 import type { LazyToolDescriptor } from './registry.js';
 import { vellumSkillsCatalogTool } from './skills/vellum-catalog.js';
+import { setAvatarTool } from './system/avatar-generator.js';
+import { navigateSettingsTabTool } from './system/navigate-settings.js';
+import { openSystemSettingsTool } from './system/open-system-settings.js';
 import { voiceConfigUpdateTool } from './system/voice-config.js';
 import type { Tool } from './types.js';
 import { screenWatchTool } from './watch/screen-watch.js';
@@ -68,6 +71,9 @@ export const explicitTools: Tool[] = [
   screenWatchTool,
   vellumSkillsCatalogTool,
   voiceConfigUpdateTool,
+  setAvatarTool,
+  openSystemSettingsTool,
+  navigateSettingsTabTool,
 ];
 
 // ── Lazy tool descriptors ───────────────────────────────────────────

package/src/tools/types.ts

@@ -138,6 +138,12 @@ export interface ToolContext {
   principal?: string;
   /** Guardian actor role for the session — used by the guardian control-plane policy gate. */
   guardianActorRole?: 'guardian' | 'non-guardian' | 'unverified_channel';
+  /** Channel through which the tool invocation originates (e.g. 'telegram', 'voice'). Used for scoped grant consumption. */
+  executionChannel?: string;
+  /** Voice/call session ID, if the invocation originates from a call. Used for scoped grant consumption. */
+  callSessionId?: string;
+  /** External user ID of the requester (non-guardian actor). Used for scoped grant consumption. */
+  requesterExternalUserId?: string;
 }
 
 export interface DiffInfo {
@@ -164,10 +170,12 @@ export interface Tool {
   defaultRiskLevel: RiskLevel;
   /** When set to 'proxy', the tool is forwarded to a connected client rather than executed locally. */
   executionMode?: 'local' | 'proxy';
-  /** Whether this tool is a core built-in or provided by a skill. */
-  origin?: 'core' | 'skill';
+  /** Whether this tool is a core built-in, provided by a skill, or from an MCP server. */
+  origin?: 'core' | 'skill' | 'mcp';
   /** If origin is 'skill', the ID of the owning skill. */
   ownerSkillId?: string;
+  /** If origin is 'mcp', the ID of the owning MCP server. */
+  ownerMcpServerId?: string;
   /** Content-hash of the owning skill's source at registration time. */
   ownerSkillVersionHash?: string;
   /** Whether the owning skill is bundled with the daemon (trusted first-party). */

package/src/util/diff.ts

@@ -54,7 +54,7 @@ interface Hunk {
 }
 
 const CONTEXT_LINES = 3;
-const MAX_DIFF_LINES = 1000;
+const DEFAULT_MAX_EXACT_DIFF_LINES = 1000;
 
 /**
  * Group diff entries into hunks with surrounding context lines.
@@ -108,24 +108,44 @@ const CYAN = '\x1b[36m';
 const DIM = '\x1b[2m';
 const RESET = '\x1b[0m';
 
+export interface FormatDiffOptions {
+  maxExactLines?: number;
+}
+
+function formatLargeDiffFallback(oldLines: string[], newLines: string[], filePath: string): string {
+  let output = `${DIM}--- a/${filePath}${RESET}\n`;
+  output += `${DIM}+++ b/${filePath}${RESET}\n`;
+  output += `${CYAN}@@ -1,${oldLines.length} +1,${newLines.length} @@${RESET}\n`;
+
+  for (const line of oldLines) {
+    output += `${RED}-${line}${RESET}\n`;
+  }
+  for (const line of newLines) {
+    output += `${GREEN}+${line}${RESET}\n`;
+  }
+
+  return output;
+}
+
 /**
  * Format a colored unified diff from old and new file content.
  * Returns an empty string if the contents are identical.
  */
-export function formatDiff(oldContent: string, newContent: string, filePath: string): string {
+export function formatDiff(
+  oldContent: string,
+  newContent: string,
+  filePath: string,
+  options: FormatDiffOptions = {},
+): string {
   if (oldContent === newContent) return '';
 
   const oldLines = oldContent.split('\n');
   const newLines = newContent.split('\n');
+  const maxExactLines = options.maxExactLines ?? DEFAULT_MAX_EXACT_DIFF_LINES;
 
   // Guard against quadratic blowup on large files
-  if (oldLines.length > MAX_DIFF_LINES || newLines.length > MAX_DIFF_LINES) {
-    const removed = oldLines.length;
-    const added = newLines.length;
-    let output = `${DIM}--- a/${filePath}${RESET}\n`;
-    output += `${DIM}+++ b/${filePath}${RESET}\n`;
-    output += `${DIM}[Diff too large to display: ${removed} lines → ${added} lines]${RESET}\n`;
-    return output;
+  if (oldLines.length > maxExactLines || newLines.length > maxExactLines) {
+    return formatLargeDiffFallback(oldLines, newLines, filePath);
   }
 
   const entries = computeLineDiff(oldLines, newLines);
@@ -159,11 +179,14 @@ export function formatDiff(oldContent: string, newContent: string, filePath: str
 /**
  * Format a "new file" diff (everything is added).
  * Truncates to maxLines to avoid flooding the terminal.
+ * Pass `null` for unbounded output.
  */
-export function formatNewFileDiff(content: string, filePath: string, maxLines = 20): string {
+export function formatNewFileDiff(content: string, filePath: string, maxLines: number | null = 20): string {
   const lines = content.split('\n');
-  const truncated = lines.length > maxLines;
-  const displayLines = truncated ? lines.slice(0, maxLines) : lines;
+  const shouldTruncate = typeof maxLines === 'number' && Number.isFinite(maxLines);
+  const boundedMaxLines = shouldTruncate ? Math.max(0, Math.floor(maxLines)) : lines.length;
+  const truncated = lines.length > boundedMaxLines;
+  const displayLines = truncated ? lines.slice(0, boundedMaxLines) : lines;
 
   let output = `${DIM}--- /dev/null${RESET}\n`;
   output += `${DIM}+++ b/${filePath}${RESET}\n`;
@@ -174,7 +197,7 @@ export function formatNewFileDiff(content: string, filePath: string, maxLines =
   }
 
   if (truncated) {
-    output += `${DIM}... ${lines.length - maxLines} more lines${RESET}\n`;
+    output += `${DIM}... ${lines.length - boundedMaxLines} more lines${RESET}\n`;
   }
 
   return output;

package/Dockerfile.sandbox

@@ -1,5 +0,0 @@
-FROM node:20-slim
-
-RUN apt-get update \
- && apt-get install -y --no-install-recommends curl ca-certificates bash jq python3 \
- && rm -rf /var/lib/apt/lists/*

package/src/__tests__/doordash-client.test.ts

@@ -1,187 +0,0 @@
-import { describe, expect,it } from 'bun:test';
-
-import { SessionExpiredError } from '../doordash/client.js';
-
-describe('SessionExpiredError', () => {
-  it('is an instance of Error', () => {
-    const err = new SessionExpiredError('test reason');
-    expect(err).toBeInstanceOf(Error);
-  });
-
-  it('has name set to SessionExpiredError', () => {
-    const err = new SessionExpiredError('test reason');
-    expect(err.name).toBe('SessionExpiredError');
-  });
-
-  it('preserves the reason as the message', () => {
-    const err = new SessionExpiredError('DoorDash session has expired.');
-    expect(err.message).toBe('DoorDash session has expired.');
-  });
-
-  it('can be distinguished from plain Error via instanceof', () => {
-    const sessionErr = new SessionExpiredError('expired');
-    const plainErr = new Error('something else');
-    expect(sessionErr instanceof SessionExpiredError).toBe(true);
-    expect(plainErr instanceof SessionExpiredError).toBe(false);
-  });
-
-  it('produces a useful stack trace', () => {
-    const err = new SessionExpiredError('no session');
-    expect(err.stack).toBeDefined();
-    expect(err.stack).toContain('SessionExpiredError');
-  });
-});
-
-describe('expired session classification', () => {
-  // The CDP response handler in cdpFetch classifies certain HTTP statuses
-  // as session-expired. We test the classification logic by simulating
-  // the parsed response structure that cdpFetch evaluates.
-
-  function classifyResponse(parsed: Record<string, unknown>): Error {
-    // Mirrors the classification logic from cdpFetch (client.ts lines 154-159)
-    if (parsed.__error) {
-      if (parsed.__status === 403 || parsed.__status === 401) {
-        return new SessionExpiredError('DoorDash session has expired.');
-      }
-      return new Error(
-        (parsed.__message as string) ??
-          `HTTP ${parsed.__status}: ${(parsed.__body as string) ?? ''}`,
-      );
-    }
-    return new Error('No error');
-  }
-
-  it('classifies HTTP 401 as SessionExpiredError', () => {
-    const err = classifyResponse({ __error: true, __status: 401, __body: 'Unauthorized' });
-    expect(err).toBeInstanceOf(SessionExpiredError);
-    expect(err.message).toBe('DoorDash session has expired.');
-  });
-
-  it('classifies HTTP 403 as SessionExpiredError', () => {
-    const err = classifyResponse({ __error: true, __status: 403, __body: 'Forbidden' });
-    expect(err).toBeInstanceOf(SessionExpiredError);
-    expect(err.message).toBe('DoorDash session has expired.');
-  });
-
-  it('classifies HTTP 500 as a generic Error, not session expired', () => {
-    const err = classifyResponse({ __error: true, __status: 500, __body: 'Internal Server Error' });
-    expect(err).not.toBeInstanceOf(SessionExpiredError);
-    expect(err.message).toBe('HTTP 500: Internal Server Error');
-  });
-
-  it('classifies HTTP 429 as a generic Error', () => {
-    const err = classifyResponse({ __error: true, __status: 429, __body: 'Rate limited' });
-    expect(err).not.toBeInstanceOf(SessionExpiredError);
-    expect(err.message).toBe('HTTP 429: Rate limited');
-  });
-
-  it('uses __message when available', () => {
-    const err = classifyResponse({ __error: true, __message: 'fetch failed' });
-    expect(err).not.toBeInstanceOf(SessionExpiredError);
-    expect(err.message).toBe('fetch failed');
-  });
-
-  it('handles response with no __body or __message gracefully', () => {
-    const err = classifyResponse({ __error: true, __status: 502 });
-    expect(err).not.toBeInstanceOf(SessionExpiredError);
-    expect(err.message).toBe('HTTP 502: ');
-  });
-});
-
-describe('CDP failure scenarios', () => {
-  // These test the error conditions that cdpFetch can encounter:
-  // 1. CDP protocol error (msg.error present)
-  // 2. Empty CDP response (no value in result)
-  // 3. Timeout (30s)
-  // 4. WebSocket connection failure
-
-  // We can test the error construction logic without connecting to a real CDP
-
-  it('CDP protocol error produces a descriptive message', () => {
-    // Simulates the error path at client.ts line 143
-    const cdpError = { message: 'Cannot find context with specified id' };
-    const err = new Error(`CDP error: ${cdpError.message}`);
-    expect(err.message).toBe('CDP error: Cannot find context with specified id');
-  });
-
-  it('Empty CDP response produces a clear error', () => {
-    // Simulates the error path at client.ts line 149
-    const value = undefined;
-    const err = !value ? new Error('Empty CDP response') : null;
-    expect(err).not.toBeNull();
-    expect(err!.message).toBe('Empty CDP response');
-  });
-
-  it('CDP timeout error message includes the timeout duration', () => {
-    // Simulates the timeout error at client.ts line 92
-    const err = new Error('CDP fetch timed out after 30s');
-    expect(err.message).toContain('30s');
-  });
-
-  it('WebSocket connection failure produces SessionExpiredError', () => {
-    // Simulates ws.onerror at client.ts line 172
-    const err = new SessionExpiredError('CDP connection failed.');
-    expect(err).toBeInstanceOf(SessionExpiredError);
-    expect(err.message).toBe('CDP connection failed.');
-  });
-
-  it('findDoordashTab failure when CDP is unavailable', () => {
-    // Simulates findDoordashTab at client.ts line 67
-    const err = new SessionExpiredError(
-      'Chrome CDP not available. Run `vellum doordash refresh` first.',
-    );
-    expect(err).toBeInstanceOf(SessionExpiredError);
-    expect(err.message).toContain('Chrome CDP not available');
-  });
-
-  it('findDoordashTab failure when no tab is available', () => {
-    // Simulates findDoordashTab at client.ts line 76
-    const err = new SessionExpiredError(
-      'No Chrome tab available for DoorDash requests.',
-    );
-    expect(err).toBeInstanceOf(SessionExpiredError);
-    expect(err.message).toContain('No Chrome tab available');
-  });
-
-  it('requireSession throws SessionExpiredError when no session exists', () => {
-    // Simulates requireSession at client.ts line 56
-    const session = null;
-    const err = !session
-      ? new SessionExpiredError('No DoorDash session found.')
-      : null;
-    expect(err).toBeInstanceOf(SessionExpiredError);
-    expect(err!.message).toBe('No DoorDash session found.');
-  });
-
-  it('GraphQL errors are joined with semicolons', () => {
-    // Simulates the error handling at client.ts lines 192-194
-    const errors = [
-      { message: 'Field "x" not found' },
-      { message: 'Unauthorized' },
-    ];
-    const msgs = errors.map(e => e.message || JSON.stringify(e)).join('; ');
-    const err = new Error(`GraphQL errors: ${msgs}`);
-    expect(err.message).toBe(
-      'GraphQL errors: Field "x" not found; Unauthorized',
-    );
-  });
-
-  it('GraphQL errors use JSON.stringify for errors without message', () => {
-    const errors = [{ extensions: { code: 'INTERNAL_ERROR' } }];
-    const msgs = errors
-      .map(e => (e as Record<string, unknown>).message || JSON.stringify(e))
-      .join('; ');
-    const err = new Error(`GraphQL errors: ${msgs}`);
-    expect(err.message).toContain('INTERNAL_ERROR');
-  });
-
-  it('Empty GraphQL response throws', () => {
-    // Simulates client.ts lines 196-198
-    const data = undefined;
-    const err = !data
-      ? new Error('Empty response from DoorDash API')
-      : null;
-    expect(err).not.toBeNull();
-    expect(err!.message).toBe('Empty response from DoorDash API');
-  });
-});

package/src/__tests__/doordash-session.test.ts

@@ -1,154 +0,0 @@
-import { existsSync, mkdirSync, rmSync,writeFileSync } from 'node:fs';
-import { tmpdir } from 'node:os';
-import { join } from 'node:path';
-
-import { afterEach,beforeEach, describe, expect, it } from 'bun:test';
-
-import {
-  type DoorDashSession,
-  getCookieHeader,
-  getCsrfToken,
-  importFromRecording,
-} from '../doordash/session.js';
-
-// Override getDataDir to use a temp directory during tests
-const TEST_DIR = join(tmpdir(), `vellum-dd-test-${process.pid}`);
-let originalDataDir: string | undefined;
-
-// We mock getDataDir by patching the module at the fs level:
-// session.ts calls getSessionDir() -> join(getDataDir(), 'doordash')
-// We'll test session.ts helpers that don't depend on getDataDir directly,
-// and test the persistence functions via the actual file system with a known path.
-
-function makeCookie(name: string, value: string): {
-  name: string;
-  value: string;
-  domain: string;
-  path: string;
-  httpOnly: boolean;
-  secure: boolean;
-} {
-  return { name, value, domain: '.doordash.com', path: '/', httpOnly: false, secure: false };
-}
-
-function makeSession(overrides?: Partial<DoorDashSession>): DoorDashSession {
-  return {
-    cookies: [
-      makeCookie('dd_session', 'abc123'),
-      makeCookie('csrf_token', 'tok456'),
-    ],
-    importedAt: '2025-01-15T12:00:00.000Z',
-    recordingId: 'rec-001',
-    ...overrides,
-  };
-}
-
-describe('DoorDash session helpers', () => {
-  describe('getCookieHeader', () => {
-    it('joins all cookies into a single header string', () => {
-      const session = makeSession();
-      const header = getCookieHeader(session);
-      expect(header).toBe('dd_session=abc123; csrf_token=tok456');
-    });
-
-    it('returns empty string for a session with no cookies', () => {
-      const session = makeSession({ cookies: [] });
-      expect(getCookieHeader(session)).toBe('');
-    });
-
-    it('handles a single cookie without trailing semicolons', () => {
-      const session = makeSession({ cookies: [makeCookie('a', '1')] });
-      expect(getCookieHeader(session)).toBe('a=1');
-    });
-  });
-
-  describe('getCsrfToken', () => {
-    it('extracts the csrf_token value when present', () => {
-      const session = makeSession();
-      expect(getCsrfToken(session)).toBe('tok456');
-    });
-
-    it('returns undefined when csrf_token is absent', () => {
-      const session = makeSession({
-        cookies: [makeCookie('dd_session', 'abc123')],
-      });
-      expect(getCsrfToken(session)).toBeUndefined();
-    });
-  });
-});
-
-describe('DoorDash session persistence', () => {
-  // These tests exercise the real loadSession/saveSession/clearSession
-  // by writing to the actual session path. We need to mock getDataDir.
-  // Since the module uses a private function we can't easily mock,
-  // we test via importFromRecording which exercises save+load.
-
-  beforeEach(() => {
-    originalDataDir = process.env.BASE_DATA_DIR;
-    process.env.BASE_DATA_DIR = TEST_DIR;
-    // Ensure test dir exists
-    mkdirSync(TEST_DIR, { recursive: true });
-  });
-
-  afterEach(() => {
-    // Restore original BASE_DATA_DIR
-    if (originalDataDir === undefined) {
-      delete process.env.BASE_DATA_DIR;
-    } else {
-      process.env.BASE_DATA_DIR = originalDataDir;
-    }
-    // Clean up test dir
-    if (existsSync(TEST_DIR)) {
-      rmSync(TEST_DIR, { recursive: true, force: true });
-    }
-  });
-
-  describe('importFromRecording', () => {
-    it('throws when the recording file does not exist', () => {
-      expect(() => importFromRecording('/nonexistent/recording.json')).toThrow(
-        'Recording not found',
-      );
-    });
-
-    it('throws when the recording contains no cookies', () => {
-      const recordingPath = join(TEST_DIR, 'empty-recording.json');
-      writeFileSync(
-        recordingPath,
-        JSON.stringify({
-          id: 'rec-empty',
-          startedAt: 0,
-          endedAt: 1,
-          targetDomain: 'doordash.com',
-          networkEntries: [],
-          cookies: [],
-          observations: [],
-        }),
-      );
-      expect(() => importFromRecording(recordingPath)).toThrow(
-        'Recording contains no cookies',
-      );
-    });
-
-    it('successfully imports a recording with cookies', () => {
-      const recordingPath = join(TEST_DIR, 'valid-recording.json');
-      writeFileSync(
-        recordingPath,
-        JSON.stringify({
-          id: 'rec-valid',
-          startedAt: 0,
-          endedAt: 1,
-          targetDomain: 'doordash.com',
-          networkEntries: [],
-          cookies: [makeCookie('session_id', 'xyz')],
-          observations: [],
-        }),
-      );
-      const session = importFromRecording(recordingPath);
-      expect(session.cookies).toHaveLength(1);
-      expect(session.cookies[0].name).toBe('session_id');
-      expect(session.cookies[0].value).toBe('xyz');
-      expect(session.recordingId).toBe('rec-valid');
-      expect(session.importedAt).toBeTruthy();
-    });
-  });
-});