@vellumai/assistant 0.3.2 → 0.3.4

package/src/__tests__/gateway-only-enforcement.test.ts

@@ -71,6 +71,9 @@ mock.module('../config/loader.js', () => ({
     ingress: {
       publicBaseUrl: 'https://test.example.com',
     },
+    sms: {
+      phoneNumber: '+15550001111',
+    },
   }),
   getConfig: () => ({
     model: 'test',
@@ -82,6 +85,9 @@ mock.module('../config/loader.js', () => ({
     ingress: {
       publicBaseUrl: 'https://test.example.com',
     },
+    sms: {
+      phoneNumber: '+15550001111',
+    },
   }),
   invalidateConfigCache: () => {},
 }));
@@ -96,31 +102,28 @@ mock.module('../calls/twilio-provider.js', () => ({
   },
 }));
 
-// Mock Twilio config
-mock.module('../calls/twilio-config.js', () => ({
-  getTwilioConfig: () => ({
-    accountSid: 'AC_test',
-    authToken: 'test_token',
-    phoneNumber: '+15550001111',
-    webhookBaseUrl: 'https://test.example.com',
-    wssBaseUrl: 'wss://test.example.com',
-  }),
-}));
+const secureKeyStore: Record<string, string | undefined> = {
+  'credential:twilio:account_sid': 'AC_test',
+  'credential:twilio:auth_token': 'test_token',
+  'credential:twilio:phone_number': '+15550001111',
+};
 
 mock.module('../security/secure-keys.js', () => ({
-  getSecureKey: () => null,
-  setSecureKey: () => true,
-  deleteSecureKey: () => {},
+  getSecureKey: (key: string) => secureKeyStore[key] ?? null,
+  setSecureKey: (key: string, value: string) => {
+    secureKeyStore[key] = value;
+    return true;
+  },
+  deleteSecureKey: (key: string) => {
+    delete secureKeyStore[key];
+  },
 }));
 
-mock.module('../inbound/public-ingress-urls.js', () => ({
-  getPublicBaseUrl: () => 'https://test.example.com',
-  getTwilioRelayUrl: () => 'wss://test.example.com/webhooks/twilio/relay',
-  getTwilioVoiceWebhookUrl: (_cfg: unknown, id: string) => `https://test.example.com/webhooks/twilio/voice?callSessionId=${id}`,
-  getTwilioStatusCallbackUrl: () => 'https://test.example.com/webhooks/twilio/status',
-  getTwilioConnectActionUrl: () => 'https://test.example.com/webhooks/twilio/connect-action',
-  getOAuthCallbackUrl: () => 'https://test.example.com/webhooks/oauth/callback',
-}));
+// NOTE: Do NOT mock '../inbound/public-ingress-urls.js' here.
+// Those are pure functions that derive URLs from the config object returned by
+// loadConfig() (which is already mocked above). Mocking them at the module level
+// leaks into other test files (e.g. ingress-url-consistency.test.ts) that need
+// the real implementations, causing cross-test contamination.
 
 // Mock the oauth callback registry
 mock.module('../security/oauth-callback-registry.js', () => ({
@@ -289,6 +292,49 @@ describe('gateway-only ingress enforcement', () => {
     });
   });
 
+  // ── SMS-specific direct webhook routes blocked ──────────────────────
+
+  describe('SMS webhook routes are blocked at the runtime (gateway-only)', () => {
+
+    test('POST /webhooks/twilio/sms returns 410 (cannot bypass gateway)', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/webhooks/twilio/sms`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: makeFormBody({ Body: 'hello', From: '+15551234567', To: '+15559876543', MessageSid: 'SM123' }),
+      });
+      expect(res.status).toBe(410);
+      const body = await res.json() as { error: string; code: string };
+      expect(body.code).toBe('GATEWAY_ONLY');
+      expect(body.error).toContain('Direct webhook access disabled');
+    });
+
+    test('POST /v1/calls/twilio/sms returns 410 (legacy path also blocked)', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/v1/calls/twilio/sms`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: makeFormBody({ Body: 'hello', From: '+15551234567', MessageSid: 'SM456' }),
+      });
+      expect(res.status).toBe(410);
+      const body = await res.json() as { error: string; code: string };
+      expect(body.code).toBe('GATEWAY_ONLY');
+    });
+
+    test('POST /webhooks/twilio/sms with valid auth still returns 410 (auth does not bypass gateway-only)', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/webhooks/twilio/sms`, {
+        method: 'POST',
+        headers: {
+          ...AUTH_HEADERS,
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: makeFormBody({ Body: 'sneaky', From: '+15551234567', MessageSid: 'SM789' }),
+      });
+      // The gateway-only guard runs before auth for Twilio webhook paths
+      expect(res.status).toBe(410);
+      const body = await res.json() as { error: string; code: string };
+      expect(body.code).toBe('GATEWAY_ONLY');
+    });
+  });
+
   // ── Internal forwarding routes still work ─────
 
   describe('internal forwarding routes are not blocked', () => {
@@ -601,6 +647,45 @@ describe('gateway-only ingress enforcement', () => {
       // header, the request is rejected if bearer auth is missing.
       expect(res.status).toBe(401);
     });
+
+    test('POST /v1/channels/inbound with SMS sourceChannel requires X-Gateway-Origin', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/v1/channels/inbound`, {
+        method: 'POST',
+        headers: {
+          ...AUTH_HEADERS,
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({
+          sourceChannel: 'sms',
+          externalChatId: '+15551234567',
+          externalMessageId: 'SM-test-gw-1',
+          content: 'hello via SMS',
+        }),
+      });
+      // SMS messages must also go through the gateway — missing X-Gateway-Origin is rejected.
+      expect(res.status).toBe(403);
+      const body = await res.json() as { error: string; code: string };
+      expect(body.code).toBe('GATEWAY_ORIGIN_REQUIRED');
+    });
+
+    test('POST /v1/channels/inbound with SMS sourceChannel and valid X-Gateway-Origin passes', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/v1/channels/inbound`, {
+        method: 'POST',
+        headers: {
+          ...AUTH_HEADERS,
+          'Content-Type': 'application/json',
+          'X-Gateway-Origin': TEST_TOKEN,
+        },
+        body: JSON.stringify({
+          sourceChannel: 'sms',
+          externalChatId: '+15551234567',
+          externalMessageId: 'SM-test-gw-2',
+          content: 'hello via SMS',
+        }),
+      });
+      // Should NOT be 403 — the gateway-origin check passes.
+      expect(res.status).not.toBe(403);
+    });
   });
 
   // ── Startup warning for non-loopback host ──────────────────────────

package/src/__tests__/handlers-telegram-config.test.ts

@@ -905,6 +905,7 @@ describe('Telegram config handler', () => {
 
 import { handleGuardianVerification } from '../daemon/handlers/config.js';
 import type { GuardianVerificationRequest } from '../daemon/ipc-contract.js';
+import { createBinding } from '../memory/channel-guardian-store.js';
 
 describe('Guardian verification IPC actions', () => {
   beforeEach(() => {
@@ -965,4 +966,85 @@ describe('Guardian verification IPC actions', () => {
     expect(res.success).toBe(false);
     expect(res.error).toContain('Unknown action');
   });
+
+  test('create_challenge with explicit assistantId scopes challenge to that assistant', () => {
+    const msg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'create_challenge',
+      channel: 'telegram',
+      assistantId: 'asst-ipc-X',
+    };
+
+    const { ctx, sent } = createTestContext();
+    handleGuardianVerification(msg, {} as net.Socket, ctx);
+
+    expect(sent).toHaveLength(1);
+    const res = sent[0] as { type: string; success: boolean; secret?: string; instruction?: string };
+    expect(res.success).toBe(true);
+    expect(res.secret).toBeDefined();
+    expect(res.instruction).toContain('/guardian_verify');
+  });
+
+  test('status action with explicit assistantId checks binding for that assistant', () => {
+    // Create a control binding for a known assistant so we can verify
+    // that querying a *different* assistantId actually returns bound=false
+    // (not just because no bindings exist at all).
+    createBinding({
+      assistantId: 'asst-ipc-bound',
+      channel: 'telegram',
+      guardianExternalUserId: 'guardian-user-1',
+      guardianDeliveryChatId: 'guardian-chat-1',
+    });
+
+    // Querying a different assistant should return bound=false
+    const unboundMsg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'telegram',
+      assistantId: 'asst-ipc-Y',
+    };
+
+    const { ctx: ctx1, sent: sent1 } = createTestContext();
+    handleGuardianVerification(unboundMsg, {} as net.Socket, ctx1);
+
+    expect(sent1).toHaveLength(1);
+    const unboundRes = sent1[0] as { type: string; success: boolean; bound: boolean };
+    expect(unboundRes.success).toBe(true);
+    expect(unboundRes.bound).toBe(false);
+
+    // Querying the bound assistant should return bound=true
+    const boundMsg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'status',
+      channel: 'telegram',
+      assistantId: 'asst-ipc-bound',
+    };
+
+    const { ctx: ctx2, sent: sent2 } = createTestContext();
+    handleGuardianVerification(boundMsg, {} as net.Socket, ctx2);
+
+    expect(sent2).toHaveLength(1);
+    const boundRes = sent2[0] as { type: string; success: boolean; bound: boolean; guardianExternalUserId?: string };
+    expect(boundRes.success).toBe(true);
+    expect(boundRes.bound).toBe(true);
+    expect(boundRes.guardianExternalUserId).toBe('guardian-user-1');
+  });
+
+  test('assistantId defaults to "self" when not provided', () => {
+    // create_challenge without assistantId should scope to 'self'
+    const createMsg: GuardianVerificationRequest = {
+      type: 'guardian_verification',
+      action: 'create_challenge',
+      channel: 'telegram',
+      // assistantId intentionally omitted
+    };
+
+    const { ctx: ctx1, sent: sent1 } = createTestContext();
+    handleGuardianVerification(createMsg, {} as net.Socket, ctx1);
+
+    expect(sent1).toHaveLength(1);
+    const createRes = sent1[0] as { type: string; success: boolean; secret?: string };
+    expect(createRes.success).toBe(true);
+    expect(createRes.secret).toBeDefined();
+  });
 });