@vellumai/assistant 0.3.27 → 0.4.0

package/src/__tests__/onboarding-template-contract.test.ts

@@ -6,19 +6,21 @@ import { describe, expect,test } from 'bun:test';
 const templatesDir = join(import.meta.dirname, '..', 'config', 'templates');
 const bootstrap = readFileSync(join(templatesDir, 'BOOTSTRAP.md'), 'utf-8');
 const identity = readFileSync(join(templatesDir, 'IDENTITY.md'), 'utf-8');
+const user = readFileSync(join(templatesDir, 'USER.md'), 'utf-8');
 
 describe('onboarding template contracts', () => {
   describe('BOOTSTRAP.md', () => {
     test('contains identity question prompts', () => {
       const lower = bootstrap.toLowerCase();
       expect(lower).toContain('who am i');
-      expect(lower).toContain('who are you');
     });
 
-    test('uses "personality" for the personality step', () => {
-      expect(bootstrap).toContain('What is my personality?');
-      // Should not use "character" or "vibe" as a field/step label
-      expect(bootstrap).not.toMatch(/what is my (character|vibe)/i);
+    test('infers personality indirectly instead of asking directly', () => {
+      const lower = bootstrap.toLowerCase();
+      // Personality step must instruct indirect/organic discovery
+      expect(lower).toContain('personality');
+      expect(lower).toContain('indirectly');
+      expect(lower).toContain('vibe');
     });
 
     test('contains emoji auto-selection with change-later instruction', () => {
@@ -27,30 +29,106 @@ describe('onboarding template contracts', () => {
       expect(lower).toContain('change it later');
     });
 
-    test('contains the Home Base handoff format', () => {
-      expect(bootstrap).toMatch(/came up with X ideas/i);
-      expect(bootstrap).toMatch(/check this out/i);
-    });
-
-    test('mentions avatar evolution instruction', () => {
+    test('creates Home Base silently in the background', () => {
       const lower = bootstrap.toLowerCase();
-      expect(lower).toContain('avatar will start to reflect');
-      expect(lower).toContain('happens automatically');
+      expect(lower).toContain('app_create');
+      expect(lower).toContain('set_as_home_base');
+      // Must NOT open or announce it
+      expect(lower).toContain('do not open it with `app_open`');
+      expect(lower).toContain('do not announce it');
     });
 
     test('contains naming intent markers so the first reply includes naming cues', () => {
       const lower = bootstrap.toLowerCase();
       // The template must prompt the assistant to ask about names.
-      // These keywords align with the client-side naming intent heuristic
-      // (ChatViewModel.replyContainsNamingIntent) so that the first reply
-      // naturally passes the quality check without triggering a corrective nudge.
       expect(lower).toContain('name');
-      expect(lower).toContain('call');
-      // The example first message should include a naming question
-      expect(lower).toContain('what should i call myself');
-      // The conversation sequence must include identity/naming as the first step
+      // The first step should be about locking in the assistant's name
+      expect(lower).toContain('lock in your name');
+      // The conversation sequence must include identity/naming
       expect(lower).toContain('who am i');
-      expect(lower).toContain('who are you');
+    });
+
+    test('asks user name AFTER assistant identity is established', () => {
+      // Step 1 is locking in the assistant's name, step 3 is asking the user's name
+      const assistantNameIdx = bootstrap.indexOf('Lock in your name.');
+      const userNameIdx = bootstrap.indexOf('who am I talking to?');
+      expect(assistantNameIdx).toBeGreaterThan(-1);
+      expect(userNameIdx).toBeGreaterThan(-1);
+      expect(assistantNameIdx).toBeLessThan(userNameIdx);
+    });
+
+    test('gathers user context: work role, hobbies, daily tools', () => {
+      const lower = bootstrap.toLowerCase();
+      expect(lower).toContain('work');
+      expect(lower).toContain('hobbies');
+      expect(lower).toContain('tools');
+    });
+
+    test('shows exactly 2 suggestions via ui_show card with relay_prompt actions', () => {
+      expect(bootstrap).toContain('ui_show');
+      expect(bootstrap).toContain('exactly 2');
+      // Must use card surface with relay_prompt action buttons
+      expect(bootstrap).toContain('surface_type: "card"');
+      expect(bootstrap).toContain('relay_prompt');
+    });
+
+    test('contains completion gate with all required conditions', () => {
+      const lower = bootstrap.toLowerCase();
+      expect(lower).toContain('completion gate');
+      expect(lower).toContain('do not delete this file');
+      // Assistant name is hard-required
+      expect(lower).toContain('you have a name');
+      expect(lower).toContain('hard requirement');
+      expect(lower).toContain('vibe');
+      // User detail fields must be resolved (provided, inferred, or declined)
+      expect(lower).toContain('resolved');
+      expect(lower).toContain('work role');
+      expect(lower).toContain('2 suggestions shown');
+      expect(lower).toContain('selected one, deferred both');
+      expect(lower).toContain('home base');
+    });
+
+    test('contains privacy/refusal policy', () => {
+      const lower = bootstrap.toLowerCase();
+      // Must have a privacy section
+      expect(lower).toContain('privacy');
+      // Assistant name is hard-required, user details are best-effort
+      expect(lower).toContain('hard-required');
+      expect(lower).toContain('best-effort');
+      // Refusal is a valid resolution
+      expect(lower).toContain('declined');
+      expect(lower).toContain('do not push');
+    });
+
+    test('defines resolved as provided, inferred, or declined', () => {
+      const lower = bootstrap.toLowerCase();
+      // The template must define what "resolved" means
+      expect(lower).toContain('resolved');
+      expect(lower).toContain('inferred');
+      expect(lower).toContain('declined');
+    });
+
+    test('preserves no em dashes instruction', () => {
+      const lower = bootstrap.toLowerCase();
+      expect(lower).toContain('em dashes');
+    });
+
+    test('preserves no technical jargon instruction', () => {
+      const lower = bootstrap.toLowerCase();
+      expect(lower).toContain('technical jargon');
+      expect(lower).toContain('system internals');
+    });
+
+    test('preserves comment line format instruction', () => {
+      // The template must start with the comment format explanation
+      expect(bootstrap).toMatch(/^_ Lines starting with _/);
+    });
+
+    test('instructs saving to IDENTITY.md, USER.md, and SOUL.md via file_edit', () => {
+      expect(bootstrap).toContain('IDENTITY.md');
+      expect(bootstrap).toContain('USER.md');
+      expect(bootstrap).toContain('SOUL.md');
+      expect(bootstrap).toContain('file_edit');
     });
   });
 
@@ -71,4 +149,21 @@ describe('onboarding template contracts', () => {
       expect(identity).toContain('**Style tendency:**');
     });
   });
+
+  describe('USER.md', () => {
+    test('contains onboarding snapshot with all required fields', () => {
+      expect(user).toContain('Preferred name/reference:');
+      expect(user).toContain('Goals:');
+      expect(user).toContain('Locale:');
+      expect(user).toContain('Work role:');
+      expect(user).toContain('Hobbies/fun:');
+      expect(user).toContain('Daily tools:');
+    });
+
+    test('documents resolved-field status conventions', () => {
+      const lower = user.toLowerCase();
+      expect(lower).toContain('declined_by_user');
+      expect(lower).toContain('resolved');
+    });
+  });
 });

package/src/__tests__/pairing-routes.test.ts

@@ -0,0 +1,171 @@
+/**
+ * API-level tests for the device pairing routes.
+ *
+ * Validates that handlePairingRequest correctly prevents a second device
+ * from hijacking an existing pairing request, while allowing the same
+ * device to call the endpoint idempotently.
+ */
+
+import { beforeEach, describe, expect, mock, test } from 'bun:test';
+
+import { PairingStore } from '../daemon/pairing-store.js';
+import type { PairingHandlerContext } from '../runtime/routes/pairing-routes.js';
+import { handlePairingRequest } from '../runtime/routes/pairing-routes.js';
+
+// ── Helpers ──────────────────────────────────────────────────────────────
+
+const TEST_PAIRING_ID = 'pair-test-001';
+const TEST_SECRET = 'super-secret-value';
+const GATEWAY_URL = 'https://gateway.test';
+
+function makeContext(store: PairingStore): PairingHandlerContext {
+  return {
+    pairingStore: store,
+    bearerToken: 'test-bearer-token',
+    featureFlagToken: undefined,
+    pairingBroadcast: mock(() => {}),
+  };
+}
+
+function makePairingRequest(overrides: Record<string, unknown> = {}): Request {
+  const body = {
+    pairingRequestId: TEST_PAIRING_ID,
+    pairingSecret: TEST_SECRET,
+    deviceId: 'device-A',
+    deviceName: 'iPhone A',
+    ...overrides,
+  };
+  return new Request('http://localhost/v1/pairing/request', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  });
+}
+
+// ── Tests ────────────────────────────────────────────────────────────────
+
+describe('handlePairingRequest — device binding', () => {
+  let store: PairingStore;
+  let ctx: PairingHandlerContext;
+
+  beforeEach(() => {
+    store = new PairingStore();
+    store.start();
+    ctx = makeContext(store);
+
+    // Pre-register the pairing request (simulating QR code display)
+    store.register({
+      pairingRequestId: TEST_PAIRING_ID,
+      pairingSecret: TEST_SECRET,
+      gatewayUrl: GATEWAY_URL,
+    });
+  });
+
+  test('rejects a second device attempting to pair with the same pairing ID', async () => {
+    /**
+     * Tests that once a device has initiated pairing, a different device
+     * cannot hijack the same pairing request.
+     */
+
+    // GIVEN device A has already initiated pairing
+    const firstReq = makePairingRequest({
+      deviceId: 'device-A',
+      deviceName: 'iPhone A',
+    });
+    const firstRes = await handlePairingRequest(firstReq, ctx);
+    expect(firstRes.status).toBe(200);
+
+    // WHEN device B tries to pair with the same pairing ID and secret
+    const secondReq = makePairingRequest({
+      deviceId: 'device-B',
+      deviceName: 'iPhone B',
+    });
+    const secondRes = await handlePairingRequest(secondReq, ctx);
+
+    // THEN the request is rejected with 409 Conflict
+    expect(secondRes.status).toBe(409);
+    const body = (await secondRes.json()) as { error: { code: string; message: string } };
+    expect(body.error.code).toBe('CONFLICT');
+    expect(body.error.message).toContain('already bound to another device');
+  });
+
+  test('allows the same device to call pairing request idempotently', async () => {
+    /**
+     * Tests that calling pairing request twice from the same device
+     * succeeds both times without error.
+     */
+
+    // GIVEN device A has already initiated pairing
+    const firstReq = makePairingRequest({
+      deviceId: 'device-A',
+      deviceName: 'iPhone A',
+    });
+    const firstRes = await handlePairingRequest(firstReq, ctx);
+    expect(firstRes.status).toBe(200);
+
+    // WHEN device A calls pairing request again with the same credentials
+    const secondReq = makePairingRequest({
+      deviceId: 'device-A',
+      deviceName: 'iPhone A',
+    });
+    const secondRes = await handlePairingRequest(secondReq, ctx);
+
+    // THEN it succeeds (idempotent)
+    expect(secondRes.status).toBe(200);
+  });
+
+  test('allows the same device to retrieve token after approval', async () => {
+    /**
+     * Tests that once a pairing request is approved, the same device
+     * can call the endpoint again and receive the bearer token.
+     */
+
+    // GIVEN device A has initiated pairing
+    const firstReq = makePairingRequest({
+      deviceId: 'device-A',
+      deviceName: 'iPhone A',
+    });
+    const firstRes = await handlePairingRequest(firstReq, ctx);
+    expect(firstRes.status).toBe(200);
+
+    // AND the pairing request has been approved
+    store.approve(TEST_PAIRING_ID, 'test-bearer-token');
+
+    // WHEN device A calls pairing request again
+    const secondReq = makePairingRequest({
+      deviceId: 'device-A',
+      deviceName: 'iPhone A',
+    });
+    const secondRes = await handlePairingRequest(secondReq, ctx);
+
+    // THEN the request succeeds (status stays approved, device matches)
+    expect(secondRes.status).toBe(200);
+  });
+
+  test('rejects a different device even after the first device was approved', async () => {
+    /**
+     * Tests that a different device cannot hijack a pairing request
+     * even after the original device's request has been approved.
+     */
+
+    // GIVEN device A has paired and been approved
+    const firstReq = makePairingRequest({
+      deviceId: 'device-A',
+      deviceName: 'iPhone A',
+    });
+    await handlePairingRequest(firstReq, ctx);
+    store.approve(TEST_PAIRING_ID, 'test-bearer-token');
+
+    // WHEN device B tries to use the same pairing request
+    const hijackReq = makePairingRequest({
+      deviceId: 'device-B',
+      deviceName: 'Attacker Phone',
+    });
+    const hijackRes = await handlePairingRequest(hijackReq, ctx);
+
+    // THEN it is rejected
+    expect(hijackRes.status).toBe(409);
+    const body = (await hijackRes.json()) as { error: { code: string; message: string } };
+    expect(body.error.code).toBe('CONFLICT');
+  });
+});

package/src/__tests__/playbook-execution.test.ts

@@ -27,7 +27,9 @@ mock.module('../util/logger.js', () => ({
 }));
 
 mock.module('../config/loader.js', () => ({
-  getConfig: () => ({ memory: {} }),
+  getConfig: () => ({
+    ui: {},
+     memory: {} }),
 }));
 
 mock.module('../memory/jobs-store.js', () => ({

package/src/__tests__/playbook-tools.test.ts

@@ -27,7 +27,9 @@ mock.module('../util/logger.js', () => ({
 }));
 
 mock.module('../config/loader.js', () => ({
-  getConfig: () => ({ memory: {} }),
+  getConfig: () => ({
+    ui: {},
+     memory: {} }),
 }));
 
 // Stub memory job queue to avoid side effects

package/src/__tests__/provider-error-scenarios.test.ts

@@ -1,21 +1,72 @@
-import { resolve } from 'node:path';
-
 import { describe, expect, mock,test } from 'bun:test';
 
-const retryModulePath = resolve(import.meta.dir, '../util/retry.ts');
-
 mock.module('../util/logger.js', () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, { get: () => () => {} }),
   isDebug: () => false,
 }));
 
-// Only mock sleep so retries complete instantly; keep real retry logic
-mock.module('../util/retry.js', async () => {
-  const real = await import(retryModulePath);
+// Only mock sleep so retries complete instantly; keep real retry logic.
+// NOTE: We must NOT use `await import()` inside mock.module — it deadlocks
+// bun's module resolver. Instead, inline the real exports and only replace sleep.
+mock.module('../util/retry.js', () => {
+  const DEFAULT_MAX_RETRIES = 3;
+  const DEFAULT_BASE_DELAY_MS = 1000;
+
+  function computeRetryDelay(attempt: number, baseDelayMs = DEFAULT_BASE_DELAY_MS): number {
+    const cap = baseDelayMs * Math.pow(2, attempt);
+    const half = cap / 2;
+    return half + Math.random() * half;
+  }
+
+  function parseRetryAfterMs(value: string): number | undefined {
+    const seconds = Number(value);
+    if (!isNaN(seconds)) return seconds * 1000;
+    const dateMs = Date.parse(value);
+    if (!isNaN(dateMs)) return Math.max(0, dateMs - Date.now());
+    return undefined;
+  }
+
+  function getHttpRetryDelay(
+    response: Response,
+    attempt: number,
+    baseDelayMs = DEFAULT_BASE_DELAY_MS,
+  ): number {
+    const retryAfter = response.headers.get('retry-after');
+    if (retryAfter) {
+      const parsed = parseRetryAfterMs(retryAfter);
+      if (parsed !== undefined) return parsed;
+    }
+    const effectiveBase = attempt === 0 ? baseDelayMs * 2 : baseDelayMs;
+    return Math.max(baseDelayMs, computeRetryDelay(attempt, effectiveBase));
+  }
+
+  function isRetryableStatus(status: number): boolean {
+    return status === 429 || status >= 500;
+  }
+
+  function isRetryableNetworkError(error: unknown): boolean {
+    if (!(error instanceof Error)) return false;
+    const retryableCodes = new Set(['ECONNRESET', 'ECONNREFUSED', 'ETIMEDOUT', 'EPIPE']);
+    const code = (error as NodeJS.ErrnoException).code;
+    if (code && retryableCodes.has(code)) return true;
+    if (error.cause instanceof Error) {
+      const causeCode = (error.cause as NodeJS.ErrnoException).code;
+      if (causeCode && retryableCodes.has(causeCode)) return true;
+    }
+    return false;
+  }
+
   return {
-    ...real,
+    DEFAULT_MAX_RETRIES,
+    DEFAULT_BASE_DELAY_MS,
+    computeRetryDelay,
+    parseRetryAfterMs,
+    getHttpRetryDelay,
+    isRetryableStatus,
+    isRetryableNetworkError,
     sleep: () => Promise.resolve(),
+    abortableSleep: () => Promise.resolve(),
   };
 });
 

package/src/__tests__/proxy-approval-callback.test.ts

@@ -17,6 +17,8 @@ mock.module('../permissions/trust-store.js', () => ({
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     provider: 'mock-provider',
     timeouts: { permissionTimeoutSec: 5 },
     permissions: { mode: 'legacy' },

package/src/__tests__/recording-handler.test.ts

@@ -17,6 +17,8 @@ mock.module('../util/logger.js', () => ({
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     daemon: { standaloneRecording: true },
     provider: 'mock-provider',
     permissions: { mode: 'legacy' },
@@ -49,6 +51,15 @@ const mockMessages: Array<{ id: string; role: string; content: string }> = [];
 let mockMessageIdCounter = 0;
 
 mock.module('../memory/conversation-store.js', () => ({
+  getConversationThreadType: () => 'default',
+  setConversationOriginChannelIfUnset: () => {},
+  updateConversationContextWindow: () => {},
+  deleteMessageById: () => {},
+  updateConversationTitle: () => {},
+  updateConversationUsage: () => {},
+  provenanceFromGuardianContext: () => ({ source: 'user', guardianContext: undefined }),
+  getConversationOriginInterface: () => null,
+  getConversationOriginChannel: () => null,
   getMessages: () => mockMessages,
   addMessage: (_convId: string, role: string, content: string) => {
     const msg = { id: `msg-${++mockMessageIdCounter}`, role, content };

package/src/__tests__/recording-intent-handler.test.ts

@@ -19,6 +19,8 @@ mock.module('../util/logger.js', () => ({
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     daemon: { standaloneRecording: true },
     provider: 'mock-provider',
     model: 'mock-model',
@@ -233,6 +235,14 @@ mock.module('../daemon/handlers/recording.js', () => ({
 // ── Mock conversation store ────────────────────────────────────────────────
 
 mock.module('../memory/conversation-store.js', () => ({
+  getConversationThreadType: () => 'default',
+  setConversationOriginChannelIfUnset: () => {},
+  updateConversationContextWindow: () => {},
+  deleteMessageById: () => {},
+  updateConversationUsage: () => {},
+  provenanceFromGuardianContext: () => ({ source: 'user', guardianContext: undefined }),
+  getConversationOriginInterface: () => null,
+  getConversationOriginChannel: () => null,
   getMessages: () => [],
   addMessage: () => ({ id: 'msg-mock', role: 'assistant', content: '' }),
   createConversation: (titleOrOpts?: string | { title?: string }) => {
@@ -269,6 +279,7 @@ mock.module('../security/secret-ingress.js', () => ({
 
 mock.module('../security/secret-scanner.js', () => ({
   redactSecrets: (text: string) => text,
+  compileCustomPatterns: () => [],
 }));
 
 // ── Mock classifier (for task_submit fallthrough) ──────────────────────────
@@ -307,6 +318,7 @@ mock.module('../providers/provider-send-message.js', () => ({
 
 mock.module('../memory/external-conversation-store.js', () => ({
   getBindingsForConversations: () => new Map(),
+  upsertBinding: () => {},
 }));
 
 // ── Mock subagent manager ──────────────────────────────────────────────────
@@ -376,6 +388,7 @@ function createCtx(overrides?: Partial<HandlerContext>): {
     setTurnChannelContext: noop,
     setTurnInterfaceContext: noop,
     setAssistantId: noop,
+    setChannelCapabilities: noop,
     setGuardianContext: noop,
     setCommandIntent: noop,
     processMessage: async () => {},
@@ -386,6 +399,8 @@ function createCtx(overrides?: Partial<HandlerContext>): {
     dispose: noop,
     hasPendingConfirmation: () => false,
     hasPendingSecret: () => false,
+    isProcessing: () => false,
+    messages: [] as any[],
   };
 
   const sessions = new Map<string, any>();

package/src/__tests__/recording-state-machine.test.ts

@@ -16,6 +16,8 @@ mock.module('../util/logger.js', () => ({
 
 mock.module('../config/loader.js', () => ({
   getConfig: () => ({
+    ui: {},
+    
     daemon: { standaloneRecording: true },
     provider: 'mock-provider',
     permissions: { mode: 'legacy' },
@@ -48,6 +50,15 @@ const mockMessages: Array<{ id: string; role: string; content: string }> = [];
 let mockMessageIdCounter = 0;
 
 mock.module('../memory/conversation-store.js', () => ({
+  getConversationThreadType: () => 'default',
+  setConversationOriginChannelIfUnset: () => {},
+  updateConversationContextWindow: () => {},
+  deleteMessageById: () => {},
+  updateConversationTitle: () => {},
+  updateConversationUsage: () => {},
+  provenanceFromGuardianContext: () => ({ source: 'user', guardianContext: undefined }),
+  getConversationOriginInterface: () => null,
+  getConversationOriginChannel: () => null,
   getMessages: () => mockMessages,
   addMessage: (_convId: string, role: string, content: string) => {
     const msg = { id: `msg-${++mockMessageIdCounter}`, role, content };
@@ -417,7 +428,7 @@ describe('stale completion guard (operation token)', () => {
     expect(getActiveRestartToken()).toBeNull();
   });
 
-  test('allows tokenless recording_status during active restart (old recording ack)', () => {
+  test('allows tokenless recording_status during active restart (old recording ack)', async () => {
     const { ctx, sent, fakeSocket } = createCtx();
     const conversationId = 'conv-tokenless-1';
     ctx.socketToSession.set(fakeSocket, conversationId);
@@ -442,7 +453,7 @@ describe('stale completion guard (operation token)', () => {
       attachToConversationId: conversationId,
       // No operationToken — from old recording, should be allowed
     };
-    recordingHandlers.recording_status(tokenlessStatus, fakeSocket, ctx);
+    await recordingHandlers.recording_status(tokenlessStatus, fakeSocket, ctx);
 
     // Should have triggered the deferred restart start
     const newStartMsgs = sent.filter((m) => m.type === 'recording_start');

package/src/__tests__/registry.test.ts

@@ -160,15 +160,19 @@ describe('tool manifest', () => {
   });
 
   test('manifest declares expected core lazy tools', () => {
+    // bash and swarm_delegate moved from lazy to eager registration
     const lazyNames = new Set(lazyTools.map((t) => t.name));
-    expect(lazyNames.has('bash')).toBe(true);
+    expect(lazyNames.has('bash')).toBe(false);
     expect(lazyNames.has('evaluate_typescript_code')).toBe(false);
     expect(lazyNames.has('claude_code')).toBe(false);
-    expect(lazyNames.has('swarm_delegate')).toBe(true);
+    expect(lazyNames.has('swarm_delegate')).toBe(false);
+    // Verify they are in eager tools instead
+    expect(eagerModuleToolNames).toContain('bash');
+    expect(eagerModuleToolNames).toContain('swarm_delegate');
   });
 
   test('eager module tool names list contains expected count', () => {
-    expect(eagerModuleToolNames.length).toBe(16);
+    expect(eagerModuleToolNames.length).toBe(15);
   });
 
   test('explicit tools list includes memory, credential, watch, and catalog tools', () => {