@vellumai/assistant 0.3.3 → 0.3.5

package/src/__tests__/run-orchestrator.test.ts

@@ -26,6 +26,12 @@ mock.module('../util/logger.js', () => ({
   }),
 }));
 
+mock.module('../config/loader.js', () => ({
+  getConfig: () => ({
+    secretDetection: { enabled: false },
+  }),
+}));
+
 import { initializeDb, getDb, resetDb } from '../memory/db.js';
 import { createConversation } from '../memory/conversation-store.js';
 import { createRun, getRun, setRunConfirmation } from '../memory/runs-store.js';
@@ -43,6 +49,8 @@ function makeSessionWithConfirmation(message: ServerMessage): Session {
     persistUserMessage: () => undefined as unknown as string,
     memoryPolicy: { scopeId: 'default', includeDefaultFallback: false, strictSideEffects: false },
     setChannelCapabilities: () => {},
+    setAssistantId: () => {},
+    setGuardianContext: () => {},
     updateClient: (handler: (msg: ServerMessage) => void) => {
       clientHandler = handler;
     },
@@ -64,6 +72,8 @@ function makeSessionWithEvent(message: ServerMessage): Session {
     persistUserMessage: () => undefined as unknown as string,
     memoryPolicy: { scopeId: 'default', includeDefaultFallback: false, strictSideEffects: false },
     setChannelCapabilities: () => {},
+    setAssistantId: () => {},
+    setGuardianContext: () => {},
     updateClient: () => {},
     runAgentLoop: async (_content: string, _messageId: string, onEvent: (msg: ServerMessage) => void) => {
       onEvent(message);
@@ -228,6 +238,8 @@ describe('startRun channel capability resolution', () => {
       setChannelCapabilities: (caps: ChannelCapabilities | null) => {
         if (caps) capturedCapabilities = caps;
       },
+      setAssistantId: () => {},
+      setGuardianContext: () => {},
       updateClient: () => {},
       runAgentLoop: async () => {},
       handleConfirmationResponse: () => {},
@@ -262,6 +274,8 @@ describe('startRun channel capability resolution', () => {
       setChannelCapabilities: (caps: ChannelCapabilities | null) => {
         if (caps) capturedCapabilities = caps;
       },
+      setAssistantId: () => {},
+      setGuardianContext: () => {},
       updateClient: () => {},
       runAgentLoop: async () => {},
       handleConfirmationResponse: () => {},
@@ -292,6 +306,8 @@ describe('startRun channel capability resolution', () => {
       setChannelCapabilities: (caps: ChannelCapabilities | null) => {
         if (caps) capturedCapabilities = caps;
       },
+      setAssistantId: () => {},
+      setGuardianContext: () => {},
       updateClient: () => {},
       runAgentLoop: async () => {},
       handleConfirmationResponse: () => {},
@@ -335,6 +351,8 @@ describe('strictSideEffects re-derivation across runs', () => {
       persistUserMessage: () => undefined as unknown as string,
       memoryPolicy: { scopeId: 'default', includeDefaultFallback: false, strictSideEffects: false },
       setChannelCapabilities: () => {},
+      setAssistantId: () => {},
+      setGuardianContext: () => {},
       updateClient: () => {},
       runAgentLoop: async () => {},
       handleConfirmationResponse: () => {},
@@ -369,6 +387,8 @@ describe('strictSideEffects re-derivation across runs', () => {
       persistUserMessage: () => undefined as unknown as string,
       memoryPolicy: { scopeId: 'private-scope', includeDefaultFallback: true, strictSideEffects: true },
       setChannelCapabilities: () => {},
+      setAssistantId: () => {},
+      setGuardianContext: () => {},
       updateClient: () => {},
       runAgentLoop: async () => {},
       handleConfirmationResponse: () => {},
@@ -404,6 +424,8 @@ describe('strictSideEffects re-derivation across runs', () => {
       persistUserMessage: () => undefined as unknown as string,
       memoryPolicy: { scopeId: 'default', includeDefaultFallback: false, strictSideEffects: true },
       setChannelCapabilities: () => {},
+      setAssistantId: () => {},
+      setGuardianContext: () => {},
       updateClient: () => {},
       runAgentLoop: async () => {},
       handleConfirmationResponse: () => {},

package/src/__tests__/secret-scanner.test.ts

@@ -6,6 +6,10 @@ import {
   _isPlaceholder,
   _redact,
   _hasSecretContext,
+  _tryDecodeBase64,
+  _tryDecodePercentEncoded,
+  _tryDecodeHexEscapes,
+  _tryDecodeContinuousHex,
   type SecretMatch,
 } from '../security/secret-scanner.js';
 
@@ -898,3 +902,222 @@ describe('word-boundary context keywords', () => {
     expect(entropy.length).toBeGreaterThan(0);
   });
 });
+
+// ---------------------------------------------------------------------------
+// Encoded secret detection — decode + re-scan
+// ---------------------------------------------------------------------------
+describe('encoded secret detection', () => {
+  // -- Base64-encoded secrets --
+  describe('base64-encoded', () => {
+    test('detects base64-encoded Stripe key', () => {
+      const secret = 'sk_live_abcdefghijklmnopqrstuvwx';
+      const encoded = Buffer.from(secret).toString('base64');
+      const input = `config: ${encoded}`;
+      const matches = scanText(input);
+      const found = matches.find((m) => m.type === 'Stripe Secret Key (base64-encoded)');
+      expect(found).toBeDefined();
+    });
+
+    test('detects base64-encoded GitHub token', () => {
+      const secret = `ghp_${'A'.repeat(36)}`;
+      const encoded = Buffer.from(secret).toString('base64');
+      const input = `value=${encoded}`;
+      const matches = scanText(input);
+      const found = matches.find((m) => m.type === 'GitHub Token (base64-encoded)');
+      expect(found).toBeDefined();
+    });
+
+    test('detects base64-encoded private key header', () => {
+      const secret = '-----BEGIN RSA PRIVATE KEY-----';
+      const encoded = Buffer.from(secret).toString('base64');
+      const input = `data: ${encoded}`;
+      const matches = scanText(input);
+      const found = matches.find((m) => m.type === 'Private Key (base64-encoded)');
+      expect(found).toBeDefined();
+    });
+
+    test('does not flag base64 that decodes to non-secret text', () => {
+      const encoded = Buffer.from('Hello, this is just normal text!').toString('base64');
+      const input = `data: ${encoded}`;
+      const matches = scanText(input);
+      const encoded_matches = matches.filter((m) => m.type.includes('base64-encoded'));
+      expect(encoded_matches).toHaveLength(0);
+    });
+
+    test('does not flag base64 that decodes to binary data', () => {
+      // Create a base64 string that decodes to non-printable bytes
+      const binary = Buffer.from([0x00, 0x01, 0x02, 0x80, 0xff, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15]);
+      const encoded = binary.toString('base64');
+      const input = `data: ${encoded}`;
+      const matches = scanText(input);
+      const encoded_matches = matches.filter((m) => m.type.includes('base64-encoded'));
+      expect(encoded_matches).toHaveLength(0);
+    });
+
+    test('does not double-count secrets already detected by raw patterns', () => {
+      // A JWT is already detected directly — should not be re-detected as base64-encoded
+      const header = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9';
+      const payload = 'eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ';
+      const signature = 'SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';
+      const jwt = `${header}.${payload}.${signature}`;
+      const input = `token: ${jwt}`;
+      const matches = scanText(input);
+      const jwtMatches = matches.filter((m) => m.type === 'JSON Web Token');
+      const encodedMatches = matches.filter((m) => m.type.includes('base64-encoded'));
+      expect(jwtMatches).toHaveLength(1);
+      expect(encodedMatches).toHaveLength(0);
+    });
+  });
+
+  // -- Percent-encoded secrets --
+  describe('percent-encoded', () => {
+    test('detects percent-encoded database connection string', () => {
+      const secret = 'postgres://user:secret@db.example.com:5432/mydb';
+      const encoded = encodeURIComponent(secret);
+      const input = `url=${encoded}`;
+      const matches = scanText(input);
+      const found = matches.find((m) => m.type === 'Database Connection String (percent-encoded)');
+      expect(found).toBeDefined();
+    });
+
+    test('detects percent-encoded secret assignment', () => {
+      const encoded = 'password%3D%22SuperSecret123%21%22';
+      const input = `data=${encoded}`;
+      const matches = scanText(input);
+      const found = matches.find((m) => m.type.includes('percent-encoded'));
+      expect(found).toBeDefined();
+    });
+
+    test('does not flag percent-encoded non-secret text', () => {
+      const encoded = 'hello%20world%20this%20is%20normal';
+      const input = `text=${encoded}`;
+      const matches = scanText(input);
+      const encoded_matches = matches.filter((m) => m.type.includes('percent-encoded'));
+      expect(encoded_matches).toHaveLength(0);
+    });
+  });
+
+  // -- Hex-escaped secrets --
+  describe('hex-escaped', () => {
+    test('detects hex-escaped Stripe key', () => {
+      const secret = 'sk_live_abcdefghijklmnopqrstuvwx';
+      const escaped = Array.from(secret).map((c) => `\\x${c.charCodeAt(0).toString(16).padStart(2, '0')}`).join('');
+      const input = `value = "${escaped}"`;
+      const matches = scanText(input);
+      const found = matches.find((m) => m.type === 'Stripe Secret Key (hex-escaped)');
+      expect(found).toBeDefined();
+    });
+
+    test('does not flag hex-escaped non-secret text', () => {
+      const escaped = '\\x48\\x65\\x6c\\x6c\\x6f';
+      const input = `value = "${escaped}"`;
+      const matches = scanText(input);
+      const encoded_matches = matches.filter((m) => m.type.includes('hex-escaped'));
+      expect(encoded_matches).toHaveLength(0);
+    });
+  });
+
+  // -- Continuous hex-encoded secrets --
+  describe('hex-encoded (continuous)', () => {
+    test('detects hex-encoded GitHub token', () => {
+      const secret = `ghp_${'A'.repeat(36)}`;
+      const hexEncoded = Buffer.from(secret).toString('hex');
+      const input = `payload: ${hexEncoded}`;
+      const matches = scanText(input);
+      const found = matches.find((m) => m.type === 'GitHub Token (hex-encoded)');
+      expect(found).toBeDefined();
+    });
+
+    test('detects hex-encoded AWS access key', () => {
+      const secret = 'AKIAIOSFODNN7REALKEY';
+      const hexEncoded = Buffer.from(secret).toString('hex');
+      const input = `data: ${hexEncoded}`;
+      const matches = scanText(input);
+      const found = matches.find((m) => m.type === 'AWS Access Key (hex-encoded)');
+      expect(found).toBeDefined();
+    });
+
+    test('does not flag hex strings that decode to non-secret text', () => {
+      const hexEncoded = Buffer.from('This is just normal harmless text').toString('hex');
+      const input = `data: ${hexEncoded}`;
+      const matches = scanText(input);
+      const encoded_matches = matches.filter((m) => m.type.includes('hex-encoded'));
+      expect(encoded_matches).toHaveLength(0);
+    });
+
+    test('does not flag git SHAs or similar hex hashes', () => {
+      // 40-char hex SHA — too short to decode to a meaningful secret
+      const sha = '4b825dc642cb6eb9a060e54bf899d15f13fe1d7a';
+      const input = `commit: ${sha}`;
+      const matches = scanText(input);
+      const encoded_matches = matches.filter((m) => m.type.includes('hex-encoded'));
+      expect(encoded_matches).toHaveLength(0);
+    });
+  });
+
+  // -- Redaction of encoded secrets --
+  describe('redaction of encoded secrets', () => {
+    test('redactSecrets replaces base64-encoded secrets', () => {
+      const secret = 'sk_live_abcdefghijklmnopqrstuvwx';
+      const encoded = Buffer.from(secret).toString('base64');
+      const input = `config: ${encoded}`;
+      const result = redactSecrets(input);
+      expect(result).toContain('<redacted type="Stripe Secret Key (base64-encoded)" />');
+      expect(result).not.toContain(encoded);
+    });
+
+    test('redactSecrets replaces hex-encoded secrets', () => {
+      const secret = `ghp_${'A'.repeat(36)}`;
+      const hexEncoded = Buffer.from(secret).toString('hex');
+      const input = `data: ${hexEncoded}`;
+      const result = redactSecrets(input);
+      expect(result).toContain('<redacted type="GitHub Token (hex-encoded)" />');
+      expect(result).not.toContain(hexEncoded);
+    });
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Decode helper unit tests
+// ---------------------------------------------------------------------------
+describe('decode helpers', () => {
+  test('tryDecodeBase64 returns decoded text for valid base64', () => {
+    const encoded = Buffer.from('sk_live_abcdefghijklmnopqrstuvwx').toString('base64');
+    expect(_tryDecodeBase64(encoded)).toBe('sk_live_abcdefghijklmnopqrstuvwx');
+  });
+
+  test('tryDecodeBase64 returns null for binary content', () => {
+    const binary = Buffer.from([0x00, 0x01, 0x80, 0xff]).toString('base64');
+    expect(_tryDecodeBase64(binary)).toBeNull();
+  });
+
+  test('tryDecodeBase64 returns null for invalid base64', () => {
+    expect(_tryDecodeBase64('not!!valid!!base64!!')).toBeNull();
+  });
+
+  test('tryDecodePercentEncoded returns decoded text', () => {
+    expect(_tryDecodePercentEncoded('hello%20world%21')).toBe('hello world!');
+  });
+
+  test('tryDecodePercentEncoded returns null when nothing to decode', () => {
+    expect(_tryDecodePercentEncoded('no-encoding-here')).toBeNull();
+  });
+
+  test('tryDecodeHexEscapes returns decoded text', () => {
+    expect(_tryDecodeHexEscapes('\\x48\\x65\\x6c\\x6c\\x6f')).toBe('Hello');
+  });
+
+  test('tryDecodeHexEscapes returns null when no escapes', () => {
+    expect(_tryDecodeHexEscapes('plain text')).toBeNull();
+  });
+
+  test('tryDecodeContinuousHex returns decoded text', () => {
+    const hex = Buffer.from('Hello').toString('hex');
+    expect(_tryDecodeContinuousHex(hex)).toBe('Hello');
+  });
+
+  test('tryDecodeContinuousHex returns null for non-printable result', () => {
+    // Hex that decodes to binary
+    expect(_tryDecodeContinuousHex('0001ff80')).toBeNull();
+  });
+});

package/src/__tests__/session-runtime-assembly.test.ts

@@ -3,12 +3,14 @@ import type { Message } from '../providers/types.js';
 import {
   applyRuntimeInjections,
   injectChannelCapabilityContext,
+  injectGuardianContext,
   injectTemporalContext,
   resolveChannelCapabilities,
   stripChannelCapabilityContext,
+  stripGuardianContext,
   stripTemporalContext,
 } from '../daemon/session-runtime-assembly.js';
-import type { ChannelCapabilities } from '../daemon/session-runtime-assembly.js';
+import type { ChannelCapabilities, GuardianRuntimeContext } from '../daemon/session-runtime-assembly.js';
 import { buildChannelAwarenessSection } from '../config/system-prompt.js';
 
 // ---------------------------------------------------------------------------
@@ -277,6 +279,12 @@ describe('buildChannelAwarenessSection', () => {
     const section = buildChannelAwarenessSection();
     expect(section).toContain('computer-control permissions on non-dashboard');
   });
+
+  test('includes guardian context contract for channel actors', () => {
+    const section = buildChannelAwarenessSection();
+    expect(section).toContain('<guardian_context>');
+    expect(section).toContain('Never infer guardian status');
+  });
 });
 
 // ---------------------------------------------------------------------------
@@ -474,3 +482,79 @@ describe('applyRuntimeInjections with temporalContext', () => {
     expect(result[0].content.length).toBe(1);
   });
 });
+
+// ---------------------------------------------------------------------------
+// guardian_context
+// ---------------------------------------------------------------------------
+
+describe('injectGuardianContext', () => {
+  const baseUserMessage: Message = {
+    role: 'user',
+    content: [{ type: 'text', text: 'Can you text me updates?' }],
+  };
+
+  test('prepends guardian_context block to user message', () => {
+    const ctx: GuardianRuntimeContext = {
+      sourceChannel: 'sms',
+      actorRole: 'guardian',
+      guardianExternalUserId: 'guardian-user-1',
+      guardianChatId: '+15550001111',
+      requesterIdentifier: '+15550001111',
+      requesterExternalUserId: 'guardian-user-1',
+      requesterChatId: '+15550001111',
+    };
+
+    const result = injectGuardianContext(baseUserMessage, ctx);
+    expect(result.content.length).toBe(2);
+    const injected = result.content[0];
+    expect(injected.type).toBe('text');
+    const text = (injected as { type: 'text'; text: string }).text;
+    expect(text).toContain('<guardian_context>');
+    expect(text).toContain('actor_role: guardian');
+    expect(text).toContain('source_channel: sms');
+    expect(text).toContain('</guardian_context>');
+  });
+});
+
+describe('stripGuardianContext', () => {
+  test('strips guardian_context blocks from user messages', () => {
+    const messages: Message[] = [
+      {
+        role: 'user',
+        content: [
+          { type: 'text', text: '<guardian_context>\nactor_role: guardian\n</guardian_context>' },
+          { type: 'text', text: 'Hello' },
+        ],
+      },
+    ];
+    const result = stripGuardianContext(messages);
+    expect(result).toHaveLength(1);
+    expect(result[0].content).toHaveLength(1);
+    expect((result[0].content[0] as { type: 'text'; text: string }).text).toBe('Hello');
+  });
+});
+
+describe('applyRuntimeInjections with guardianContext', () => {
+  const baseMessages: Message[] = [
+    {
+      role: 'user',
+      content: [{ type: 'text', text: 'Help me send this over SMS.' }],
+    },
+  ];
+
+  test('injects guardian context when provided', () => {
+    const result = applyRuntimeInjections(baseMessages, {
+      guardianContext: {
+        sourceChannel: 'sms',
+        actorRole: 'non-guardian',
+        guardianExternalUserId: 'guardian-1',
+        requesterExternalUserId: 'requester-1',
+        requesterIdentifier: '+15550002222',
+        requesterChatId: '+15550002222',
+      },
+    });
+    expect(result).toHaveLength(1);
+    expect(result[0].content).toHaveLength(2);
+    expect((result[0].content[0] as { type: 'text'; text: string }).text).toContain('<guardian_context>');
+  });
+});