npm - @vellumai/assistant - Versions diffs - 0.3.4 → 0.3.6 - Mend

@vellumai/assistant 0.3.4 → 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (506) hide show

package/Dockerfile +2 -0
package/README.md +88 -2
package/eslint.config.mjs +31 -0
package/package.json +1 -1
package/scripts/ipc/check-swift-decoder-drift.ts +4 -1
package/scripts/ipc/generate-swift.ts +31 -2
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +438 -1
package/src/__tests__/approval-conversation-turn.test.ts +214 -0
package/src/__tests__/approval-hardcoded-copy-guard.test.ts +41 -0
package/src/__tests__/approval-message-composer.test.ts +253 -0
package/src/__tests__/browser-manager.test.ts +1 -0
package/src/__tests__/call-conversation-messages.test.ts +130 -0
package/src/__tests__/call-domain.test.ts +12 -2
package/src/__tests__/call-orchestrator.test.ts +799 -249
package/src/__tests__/call-pointer-messages.test.ts +148 -0
package/src/__tests__/call-recovery.test.ts +3 -0
package/src/__tests__/call-routes-http.test.ts +32 -2
package/src/__tests__/call-store.test.ts +3 -0
package/src/__tests__/channel-approval-routes.test.ts +1277 -98
package/src/__tests__/channel-approval.test.ts +37 -0
package/src/__tests__/channel-approvals.test.ts +36 -50
package/src/__tests__/channel-guardian.test.ts +630 -22
package/src/__tests__/channel-readiness-service.test.ts +324 -0
package/src/__tests__/checker.test.ts +14 -7
package/src/__tests__/clarification-resolver.test.ts +44 -24
package/src/__tests__/commit-message-enrichment-service.test.ts +9 -4
package/src/__tests__/computer-use-session-working-dir.test.ts +8 -0
package/src/__tests__/config-schema.test.ts +14 -8
package/src/__tests__/context-window-manager.test.ts +30 -2
package/src/__tests__/contradiction-checker.test.ts +20 -5
package/src/__tests__/credential-security-invariants.test.ts +7 -2
package/src/__tests__/daemon-lifecycle.test.ts +13 -12
package/src/__tests__/db-migration-rollback.test.ts +752 -0
package/src/__tests__/dictation-mode-detection.test.ts +63 -0
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +2 -0
package/src/__tests__/entity-search.test.ts +615 -0
package/src/__tests__/fuzzy-match-property.test.ts +5 -5
package/src/__tests__/guardian-action-store.test.ts +123 -0
package/src/__tests__/guardian-action-sweep.test.ts +277 -0
package/src/__tests__/guardian-dispatch.test.ts +389 -0
package/src/__tests__/guardian-question-copy.test.ts +47 -0
package/src/__tests__/handlers-telegram-config.test.ts +4 -2
package/src/__tests__/handlers-twilio-config.test.ts +533 -0
package/src/__tests__/intent-routing.test.ts +2 -0
package/src/__tests__/ipc-snapshot.test.ts +291 -1
package/src/__tests__/memory-upsert-concurrency.test.ts +828 -0
package/src/__tests__/messaging-send-tool.test.ts +65 -0
package/src/__tests__/model-intents.test.ts +96 -0
package/src/__tests__/no-direct-anthropic-sdk-imports.test.ts +42 -0
package/src/__tests__/oauth2-gateway-transport.test.ts +130 -0
package/src/__tests__/onboarding-starter-tasks.test.ts +2 -0
package/src/__tests__/provider-commit-message-generator.test.ts +89 -13
package/src/__tests__/provider-error-scenarios.test.ts +621 -0
package/src/__tests__/provider-fail-open-selection.test.ts +119 -0
package/src/__tests__/qdrant-manager.test.ts +27 -20
package/src/__tests__/relay-server.test.ts +779 -40
package/src/__tests__/run-orchestrator-assistant-events.test.ts +6 -0
package/src/__tests__/run-orchestrator.test.ts +42 -4
package/src/__tests__/runtime-runs-http.test.ts +17 -1
package/src/__tests__/runtime-runs.test.ts +16 -0
package/src/__tests__/schedule-store.test.ts +18 -4
package/src/__tests__/scheduler-recurrence.test.ts +13 -4
package/src/__tests__/session-abort-tool-results.test.ts +6 -0
package/src/__tests__/session-agent-loop.test.ts +857 -0
package/src/__tests__/session-conflict-gate.test.ts +6 -0
package/src/__tests__/session-pre-run-repair.test.ts +6 -0
package/src/__tests__/session-profile-injection.test.ts +6 -0
package/src/__tests__/session-provider-retry-repair.test.ts +6 -0
package/src/__tests__/session-queue.test.ts +6 -0
package/src/__tests__/session-runtime-assembly.test.ts +321 -13
package/src/__tests__/session-slash-known.test.ts +6 -0
package/src/__tests__/session-slash-queue.test.ts +6 -0
package/src/__tests__/session-slash-unknown.test.ts +6 -0
package/src/__tests__/session-surfaces-task-progress.test.ts +2 -0
package/src/__tests__/session-tool-setup-app-refresh.test.ts +1 -0
package/src/__tests__/session-tool-setup-memory-scope.test.ts +1 -0
package/src/__tests__/session-tool-setup-side-effect-flag.test.ts +1 -0
package/src/__tests__/session-workspace-injection.test.ts +6 -0
package/src/__tests__/session-workspace-tool-tracking.test.ts +6 -0
package/src/__tests__/skills.test.ts +2 -0
package/src/__tests__/sms-messaging-provider.test.ts +126 -0
package/src/__tests__/starter-task-flow.test.ts +2 -0
package/src/__tests__/swarm-dag-pathological.test.ts +535 -0
package/src/__tests__/system-prompt.test.ts +2 -0
package/src/__tests__/task-management-tools.test.ts +2 -2
package/src/__tests__/task-runner.test.ts +14 -4
package/src/__tests__/terminal-tools.test.ts +25 -19
package/src/__tests__/tool-execution-abort-cleanup.test.ts +545 -0
package/src/__tests__/tool-executor-shell-integration.test.ts +11 -11
package/src/__tests__/tool-executor.test.ts +23 -24
package/src/__tests__/trust-store.test.ts +3 -3
package/src/__tests__/twilio-rest.test.ts +29 -0
package/src/__tests__/twilio-routes-elevenlabs.test.ts +3 -0
package/src/__tests__/twilio-routes-twiml.test.ts +11 -0
package/src/__tests__/twilio-routes.test.ts +167 -11
package/src/__tests__/twitter-cli-error-shaping.test.ts +2 -2
package/src/__tests__/user-reference.test.ts +2 -0
package/src/__tests__/voice-quality.test.ts +222 -0
package/src/__tests__/web-search.test.ts +46 -30
package/src/__tests__/work-item-output.test.ts +110 -0
package/src/agent/loop.ts +1 -1
package/src/agent-heartbeat/agent-heartbeat-service.ts +2 -10
package/src/amazon/client.ts +1418 -0
package/src/amazon/request-extractor.ts +135 -0
package/src/amazon/session.ts +109 -0
package/src/autonomy/autonomy-store.ts +5 -5
package/src/browser-extension-relay/client.ts +124 -0
package/src/browser-extension-relay/protocol.ts +63 -0
package/src/browser-extension-relay/server.ts +177 -0
package/src/bundler/app-bundler.ts +3 -3
package/src/bundler/bundle-signer.ts +1 -1
package/src/bundler/signature-verifier.ts +1 -1
package/src/calls/call-conversation-messages.ts +33 -0
package/src/calls/call-domain.ts +114 -10
package/src/calls/call-orchestrator.ts +268 -59
package/src/calls/call-pointer-messages.ts +53 -0
package/src/calls/call-recovery.ts +3 -8
package/src/calls/call-store.ts +69 -87
package/src/calls/elevenlabs-config.ts +3 -2
package/src/calls/guardian-action-sweep.ts +105 -0
package/src/calls/guardian-dispatch.ts +203 -0
package/src/calls/guardian-question-copy.ts +133 -0
package/src/calls/relay-server.ts +466 -8
package/src/calls/speaker-identification.ts +1 -1
package/src/calls/twilio-config.ts +22 -14
package/src/calls/twilio-provider.ts +6 -4
package/src/calls/twilio-rest.ts +308 -7
package/src/calls/twilio-routes.ts +65 -12
package/src/calls/types.ts +3 -1
package/src/channels/types.ts +25 -0
package/src/cli/amazon.ts +815 -0
package/src/cli/config-commands.ts +2 -2
package/src/cli/core-commands.ts +4 -3
package/src/cli/influencer.ts +244 -0
package/src/cli/map.ts +89 -6
package/src/cli.ts +1 -1
package/src/config/agent-schema.ts +171 -0
package/src/config/bundled-skills/amazon/SKILL.md +127 -0
package/src/config/bundled-skills/amazon/icon.svg +13 -0
package/src/config/bundled-skills/api-mapping/SKILL.md +78 -0
package/src/config/bundled-skills/browser/SKILL.md +1 -0
package/src/config/bundled-skills/browser/TOOLS.json +17 -0
package/src/config/bundled-skills/browser/tools/browser-wait-for-download.ts +25 -0
package/src/config/bundled-skills/doordash/SKILL.md +51 -51
package/src/config/bundled-skills/email-setup/SKILL.md +14 -5
package/src/config/bundled-skills/google-oauth-setup/SKILL.md +183 -0
package/src/config/bundled-skills/influencer/SKILL.md +144 -0
package/src/config/bundled-skills/knowledge-graph/SKILL.md +15 -0
package/src/config/bundled-skills/knowledge-graph/TOOLS.json +56 -0
package/src/config/bundled-skills/knowledge-graph/tools/graph-query.ts +185 -0
package/src/config/bundled-skills/macos-automation/icon.svg +12 -0
package/src/config/bundled-skills/media-processing/SKILL.md +176 -0
package/src/config/bundled-skills/media-processing/TOOLS.json +230 -0
package/src/config/bundled-skills/media-processing/__tests__/concurrency-pool.test.ts +77 -0
package/src/config/bundled-skills/media-processing/__tests__/cost-tracker.test.ts +69 -0
package/src/config/bundled-skills/media-processing/__tests__/preprocess.test.ts +303 -0
package/src/config/bundled-skills/media-processing/services/concurrency-pool.ts +55 -0
package/src/config/bundled-skills/media-processing/services/cost-tracker.ts +86 -0
package/src/config/bundled-skills/media-processing/services/gemini-map.ts +339 -0
package/src/config/bundled-skills/media-processing/services/preprocess.ts +551 -0
package/src/config/bundled-skills/media-processing/services/processing-pipeline.ts +259 -0
package/src/config/bundled-skills/media-processing/services/reduce.ts +197 -0
package/src/config/bundled-skills/media-processing/tools/analyze-keyframes.ts +136 -0
package/src/config/bundled-skills/media-processing/tools/extract-keyframes.ts +59 -0
package/src/config/bundled-skills/media-processing/tools/generate-clip.ts +195 -0
package/src/config/bundled-skills/media-processing/tools/ingest-media.ts +197 -0
package/src/config/bundled-skills/media-processing/tools/media-diagnostics.ts +143 -0
package/src/config/bundled-skills/media-processing/tools/media-status.ts +75 -0
package/src/config/bundled-skills/media-processing/tools/query-media-events.ts +65 -0
package/src/config/bundled-skills/messaging/SKILL.md +33 -8
package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts +4 -7
package/src/config/bundled-skills/messaging/tools/messaging-reply.ts +2 -1
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +5 -1
package/src/config/bundled-skills/phone-calls/SKILL.md +88 -23
package/src/config/bundled-skills/twitter/SKILL.md +19 -3
package/src/config/bundled-skills/twitter/icon.svg +14 -0
package/src/config/bundled-tool-registry.ts +310 -0
package/src/config/calls-schema.ts +181 -0
package/src/config/core-schema.ts +309 -0
package/src/config/defaults.ts +28 -3
package/src/config/env-registry.ts +162 -0
package/src/config/env.ts +175 -0
package/src/config/loader.ts +6 -6
package/src/config/memory-schema.ts +528 -0
package/src/config/sandbox-schema.ts +55 -0
package/src/config/schema.ts +158 -1133
package/src/config/skill-state.ts +1 -1
package/src/config/skills-schema.ts +32 -0
package/src/config/skills.ts +35 -24
package/src/config/system-prompt.ts +131 -56
package/src/config/templates/IDENTITY.md +2 -2
package/src/config/templates/SOUL.md +1 -1
package/src/config/types.ts +1 -0
package/src/config/user-reference.ts +4 -9
package/src/config/vellum-skills/catalog.json +6 -7
package/src/config/vellum-skills/chatgpt-import/tools/chatgpt-import.ts +5 -1
package/src/config/vellum-skills/slack-oauth-setup/SKILL.md +4 -3
package/src/config/vellum-skills/sms-setup/SKILL.md +216 -0
package/src/config/vellum-skills/twilio-setup/SKILL.md +40 -8
package/src/context/window-manager.ts +27 -7
package/src/daemon/approval-generators.ts +186 -0
package/src/daemon/approved-devices-store.ts +140 -0
package/src/daemon/assistant-attachments.ts +1 -1
package/src/daemon/classifier.ts +35 -32
package/src/daemon/config-watcher.ts +1 -1
package/src/daemon/daemon-control.ts +217 -0
package/src/daemon/handlers/apps.ts +2 -3
package/src/daemon/handlers/config-channels.ts +158 -0
package/src/daemon/handlers/config-inbox.ts +540 -0
package/src/daemon/handlers/config-ingress.ts +231 -0
package/src/daemon/handlers/config-integrations.ts +258 -0
package/src/daemon/handlers/config-model.ts +143 -0
package/src/daemon/handlers/config-parental.ts +163 -0
package/src/daemon/handlers/config-scheduling.ts +172 -0
package/src/daemon/handlers/config-slack.ts +92 -0
package/src/daemon/handlers/config-telegram.ts +301 -0
package/src/daemon/handlers/config-tools.ts +177 -0
package/src/daemon/handlers/config-trust.ts +104 -0
package/src/daemon/handlers/config-twilio.ts +1080 -0
package/src/daemon/handlers/config.ts +53 -1689
package/src/daemon/handlers/diagnostics.ts +1 -1
package/src/daemon/handlers/dictation.ts +180 -0
package/src/daemon/handlers/documents.ts +18 -32
package/src/daemon/handlers/identity.ts +14 -23
package/src/daemon/handlers/index.ts +11 -0
package/src/daemon/handlers/misc.ts +3 -5
package/src/daemon/handlers/pairing.ts +98 -0
package/src/daemon/handlers/sessions.ts +56 -5
package/src/daemon/handlers/shared.ts +6 -1
package/src/daemon/handlers/skills.ts +1 -1
package/src/daemon/handlers/twitter-auth.ts +2 -0
package/src/daemon/handlers/work-items.ts +17 -9
package/src/daemon/handlers/workspace-files.ts +4 -3
package/src/daemon/install-cli-launchers.ts +113 -0
package/src/daemon/ipc-contract/apps.ts +356 -0
package/src/daemon/ipc-contract/browser.ts +74 -0
package/src/daemon/ipc-contract/computer-use.ts +151 -0
package/src/daemon/ipc-contract/diagnostics.ts +56 -0
package/src/daemon/ipc-contract/documents.ts +74 -0
package/src/daemon/ipc-contract/inbox.ts +209 -0
package/src/daemon/ipc-contract/integrations.ts +284 -0
package/src/daemon/ipc-contract/memory.ts +48 -0
package/src/daemon/ipc-contract/messages.ts +211 -0
package/src/daemon/ipc-contract/pairing.ts +45 -0
package/src/daemon/ipc-contract/parental-control.ts +95 -0
package/src/daemon/ipc-contract/schedules.ts +97 -0
package/src/daemon/ipc-contract/sessions.ts +315 -0
package/src/daemon/ipc-contract/shared.ts +42 -0
package/src/daemon/ipc-contract/skills.ts +120 -0
package/src/daemon/ipc-contract/subagents.ts +58 -0
package/src/daemon/ipc-contract/surfaces.ts +250 -0
package/src/daemon/ipc-contract/trust.ts +60 -0
package/src/daemon/ipc-contract/work-items.ts +225 -0
package/src/daemon/ipc-contract/workspace.ts +113 -0
package/src/daemon/ipc-contract-inventory.json +70 -0
package/src/daemon/ipc-contract-inventory.ts +55 -29
package/src/daemon/ipc-contract.ts +229 -2426
package/src/daemon/ipc-protocol.ts +1 -1
package/src/daemon/ipc-validate.ts +7 -0
package/src/daemon/lifecycle.ts +97 -377
package/src/daemon/pairing-store.ts +177 -0
package/src/daemon/providers-setup.ts +43 -0
package/src/daemon/ride-shotgun-handler.ts +68 -3
package/src/daemon/server.ts +66 -46
package/src/daemon/session-agent-loop-handlers.ts +421 -0
package/src/daemon/session-agent-loop.ts +117 -275
package/src/daemon/session-dynamic-profile.ts +1 -1
package/src/daemon/session-history.ts +1 -1
package/src/daemon/session-media-retry.ts +1 -1
package/src/daemon/session-messaging.ts +37 -2
package/src/daemon/session-notifiers.ts +5 -25
package/src/daemon/session-process.ts +99 -59
package/src/daemon/session-queue-manager.ts +96 -4
package/src/daemon/session-runtime-assembly.ts +199 -10
package/src/daemon/session-surfaces.ts +19 -4
package/src/daemon/session-tool-setup.ts +30 -30
package/src/daemon/session-workspace.ts +1 -1
package/src/daemon/session.ts +35 -2
package/src/daemon/shutdown-handlers.ts +122 -0
package/src/daemon/trace-emitter.ts +1 -1
package/src/daemon/watch-handler.ts +36 -33
package/src/doordash/cart-queries.ts +787 -0
package/src/doordash/client.ts +144 -127
package/src/doordash/order-queries.ts +85 -0
package/src/doordash/queries.ts +10 -1308
package/src/doordash/search-queries.ts +203 -0
package/src/doordash/session.ts +3 -2
package/src/doordash/store-queries.ts +246 -0
package/src/doordash/types.ts +367 -0
package/src/email/providers/agentmail.ts +2 -1
package/src/email/providers/index.ts +3 -2
package/src/email/service.ts +3 -2
package/src/errors.ts +43 -0
package/src/home-base/prebuilt/seed.ts +1 -1
package/src/hooks/cli.ts +6 -5
package/src/hooks/config.ts +6 -8
package/src/hooks/discovery.ts +6 -5
package/src/hooks/manager.ts +4 -3
package/src/hooks/runner.ts +2 -2
package/src/hooks/templates.ts +5 -5
package/src/inbound/public-ingress-urls.ts +6 -4
package/src/index.ts +4 -2
package/src/influencer/client.ts +1104 -0
package/src/instrument.ts +4 -3
package/src/logfire.ts +4 -3
package/src/memory/admin.ts +25 -35
package/src/memory/attachments-store.ts +4 -7
package/src/memory/channel-delivery-store.ts +30 -1
package/src/memory/channel-guardian-store.ts +202 -2
package/src/memory/clarification-resolver.ts +37 -33
package/src/memory/conflict-store.ts +67 -61
package/src/memory/contradiction-checker.ts +141 -117
package/src/memory/conversation-store.ts +335 -51
package/src/memory/db-connection.ts +27 -4
package/src/memory/db-init.ts +265 -4
package/src/memory/db.ts +14 -1
package/src/memory/embedding-backend.ts +27 -5
package/src/memory/embedding-ollama.ts +2 -1
package/src/memory/entity-extractor.ts +38 -35
package/src/memory/guardian-action-store.ts +430 -0
package/src/memory/inbox-escalation-projection.ts +59 -0
package/src/memory/inbox-thread-store.ts +218 -0
package/src/memory/ingress-invite-store.ts +338 -0
package/src/memory/ingress-member-store.ts +350 -0
package/src/memory/items-extractor.ts +91 -97
package/src/memory/job-handlers/index-maintenance.ts +3 -3
package/src/memory/job-handlers/media-processing.ts +69 -0
package/src/memory/job-handlers/summarization.ts +32 -26
package/src/memory/job-utils.ts +3 -10
package/src/memory/jobs-store.ts +8 -10
package/src/memory/jobs-worker.ts +55 -36
package/src/memory/media-store.ts +759 -0
package/src/memory/migrations/001-job-deferrals.ts +45 -0
package/src/memory/migrations/002-tool-invocations-fk.ts +43 -0
package/src/memory/migrations/003-memory-fts-backfill.ts +24 -0
package/src/memory/migrations/004-entity-relation-dedup.ts +87 -0
package/src/memory/migrations/005-fingerprint-scope-unique.ts +80 -0
package/src/memory/migrations/006-scope-salted-fingerprints.ts +62 -0
package/src/memory/migrations/007-assistant-id-to-self.ts +254 -0
package/src/memory/migrations/008-remove-assistant-id-columns.ts +208 -0
package/src/memory/migrations/009-llm-usage-events-drop-assistant-id.ts +83 -0
package/src/memory/migrations/010-ext-conv-bindings-channel-chat-unique.ts +56 -0
package/src/memory/migrations/011-call-sessions-provider-sid-dedup.ts +63 -0
package/src/memory/migrations/012-call-sessions-add-initiated-from.ts +19 -0
package/src/memory/migrations/013-guardian-action-tables.ts +68 -0
package/src/memory/migrations/014-backfill-inbox-thread-state.ts +76 -0
package/src/memory/migrations/015-drop-active-search-index.ts +27 -0
package/src/memory/migrations/016-memory-segments-indexes.ts +11 -0
package/src/memory/migrations/017-memory-items-indexes.ts +10 -0
package/src/memory/migrations/018-remaining-table-indexes.ts +13 -0
package/src/memory/migrations/index.ts +24 -0
package/src/memory/migrations/registry.ts +79 -0
package/src/memory/migrations/validate-migration-state.ts +69 -0
package/src/memory/qdrant-manager.ts +49 -8
package/src/memory/query-builder.ts +1 -1
package/src/memory/raw-query.ts +119 -0
package/src/memory/recall-cache.ts +4 -1
package/src/memory/retriever.ts +165 -47
package/src/memory/schema-migration.ts +25 -984
package/src/memory/schema.ts +228 -7
package/src/memory/search/entity.ts +205 -31
package/src/memory/search/lexical.ts +81 -52
package/src/memory/search/ranking.ts +27 -23
package/src/memory/search/semantic.ts +157 -19
package/src/memory/search/types.ts +24 -0
package/src/memory/shared-app-links-store.ts +4 -5
package/src/memory/validation.ts +19 -0
package/src/messaging/draft-store.ts +5 -6
package/src/messaging/provider-types.ts +2 -0
package/src/messaging/providers/sms/adapter.ts +201 -0
package/src/messaging/providers/sms/client.ts +93 -0
package/src/messaging/providers/sms/types.ts +7 -0
package/src/messaging/providers/telegram-bot/adapter.ts +2 -5
package/src/messaging/providers/whatsapp/adapter.ts +136 -0
package/src/messaging/providers/whatsapp/client.ts +67 -0
package/src/messaging/style-analyzer.ts +5 -4
package/src/messaging/thread-summarizer.ts +61 -69
package/src/messaging/triage-engine.ts +62 -71
package/src/migrations/config-merge.ts +53 -0
package/src/migrations/data-layout.ts +68 -0
package/src/migrations/data-merge.ts +33 -0
package/src/migrations/hooks-merge.ts +90 -0
package/src/migrations/index.ts +6 -0
package/src/migrations/log.ts +23 -0
package/src/migrations/skills-merge.ts +33 -0
package/src/migrations/workspace-layout.ts +79 -0
package/src/permissions/checker.ts +133 -11
package/src/permissions/prompter.ts +14 -0
package/src/permissions/shell-identity.ts +31 -1
package/src/permissions/trust-store.ts +21 -1
package/src/providers/anthropic/client.ts +4 -4
package/src/providers/failover.ts +2 -2
package/src/providers/model-intents.ts +70 -0
package/src/providers/ollama/client.ts +2 -1
package/src/providers/provider-send-message.ts +176 -0
package/src/providers/registry.ts +71 -30
package/src/providers/retry.ts +35 -1
package/src/providers/types.ts +12 -1
package/src/runtime/approval-conversation-turn.ts +97 -0
package/src/runtime/approval-message-composer.ts +253 -0
package/src/runtime/channel-approval-parser.ts +36 -2
package/src/runtime/channel-approvals.ts +11 -24
package/src/runtime/channel-guardian-service.ts +88 -21
package/src/runtime/channel-readiness-service.ts +418 -0
package/src/runtime/channel-readiness-types.ts +35 -0
package/src/runtime/channel-retry-sweep.ts +184 -0
package/src/runtime/guardian-context-resolver.ts +108 -0
package/src/runtime/http-server.ts +275 -717
package/src/runtime/http-types.ts +59 -3
package/src/runtime/middleware/auth.ts +116 -0
package/src/runtime/middleware/error-handler.ts +33 -0
package/src/runtime/middleware/twilio-validation.ts +127 -0
package/src/runtime/routes/app-routes.ts +1 -1
package/src/runtime/routes/call-routes.ts +51 -7
package/src/runtime/routes/channel-delivery-routes.ts +170 -0
package/src/runtime/routes/channel-guardian-routes.ts +1191 -0
package/src/runtime/routes/channel-inbound-routes.ts +1152 -0
package/src/runtime/routes/channel-route-shared.ts +144 -0
package/src/runtime/routes/channel-routes.ts +32 -1588
package/src/runtime/routes/conversation-routes.ts +50 -7
package/src/runtime/routes/events-routes.ts +2 -2
package/src/runtime/routes/identity-routes.ts +126 -0
package/src/runtime/routes/pairing-routes.ts +143 -0
package/src/runtime/routes/run-routes.ts +15 -1
package/src/runtime/run-orchestrator.ts +86 -35
package/src/schedule/schedule-store.ts +36 -32
package/src/schedule/scheduler.ts +3 -3
package/src/security/encrypted-store.ts +5 -7
package/src/security/oauth2.ts +45 -15
package/src/security/parental-control-store.ts +183 -0
package/src/security/secret-allowlist.ts +4 -3
package/src/security/secret-scanner.ts +5 -5
package/src/security/secure-keys.ts +1 -1
package/src/security/token-manager.ts +3 -2
package/src/services/vercel-deploy.ts +6 -2
package/src/skills/tool-manifest.ts +3 -3
package/src/skills/vellum-catalog-remote.ts +75 -16
package/src/slack/slack-webhook.ts +2 -1
package/src/swarm/orchestrator.ts +92 -1
package/src/swarm/router-planner.ts +6 -9
package/src/swarm/worker-prompts.ts +9 -12
package/src/tasks/task-compiler.ts +19 -28
package/src/tasks/task-runner.ts +1 -1
package/src/tools/assets/materialize.ts +2 -2
package/src/tools/assets/search.ts +15 -14
package/src/tools/browser/__tests__/auth-detector.test.ts +1 -0
package/src/tools/browser/auto-navigate.ts +1 -0
package/src/tools/browser/browser-execution.ts +10 -1
package/src/tools/browser/browser-manager.ts +119 -4
package/src/tools/browser/network-recorder.ts +5 -0
package/src/tools/calls/call-start.ts +1 -0
package/src/tools/credentials/broker.ts +11 -2
package/src/tools/credentials/metadata-store.ts +18 -14
package/src/tools/credentials/post-connect-hooks.ts +61 -0
package/src/tools/credentials/vault.ts +49 -23
package/src/tools/execution-target.ts +11 -1
package/src/tools/executor.ts +68 -9
package/src/tools/host-terminal/cli-discover.ts +1 -1
package/src/tools/network/script-proxy/http-forwarder.ts +1 -1
package/src/tools/network/script-proxy/mitm-handler.ts +1 -1
package/src/tools/network/script-proxy/server.ts +1 -1
package/src/tools/network/script-proxy/session-manager.ts +6 -5
package/src/tools/network/web-fetch.ts +18 -2
package/src/tools/network/web-search.ts +8 -4
package/src/tools/reminder/reminder-store.ts +14 -15
package/src/tools/schedule/create.ts +1 -0
package/src/tools/schedule/list.ts +2 -1
package/src/tools/shared/filesystem/file-ops-service.ts +5 -7
package/src/tools/skills/skill-script-runner.ts +24 -9
package/src/tools/skills/skill-tool-factory.ts +1 -0
package/src/tools/tasks/work-item-enqueue.ts +2 -2
package/src/tools/terminal/evaluate-typescript.ts +21 -12
package/src/tools/terminal/parser.ts +50 -0
package/src/tools/types.ts +2 -0
package/src/tools/watcher/delete.ts +6 -0
package/src/tools/weather/service.ts +1 -1
package/src/twitter/client.ts +190 -24
package/src/twitter/router.ts +1 -1
package/src/twitter/session.ts +4 -3
package/src/util/clipboard.ts +1 -1
package/src/util/errors.ts +65 -8
package/src/util/fs.ts +40 -0
package/src/util/json.ts +10 -0
package/src/util/log-redact.ts +189 -0
package/src/util/logger.ts +19 -17
package/src/util/object.ts +3 -0
package/src/util/platform.ts +105 -363
package/src/util/pricing.ts +1 -1
package/src/util/promise-guard.ts +1 -1
package/src/util/retry.ts +19 -0
package/src/util/row-mapper.ts +79 -0
package/src/util/silently.ts +21 -0
package/src/watcher/engine.ts +5 -1
package/src/watcher/provider-types.ts +20 -0
package/src/watcher/providers/github.ts +156 -0
package/src/watcher/providers/gmail.ts +1 -0
package/src/watcher/providers/google-calendar.ts +1 -0
package/src/watcher/providers/linear.ts +460 -0
package/src/watcher/providers/slack.ts +1 -0
package/src/work-items/work-item-runner.ts +1 -1
package/src/workspace/git-service.ts +1 -1
package/src/workspace/provider-commit-message-generator.ts +51 -22
package/src/__tests__/call-bridge.test.ts +0 -517
package/src/__tests__/session-process-bridge.test.ts +0 -244
package/src/calls/call-bridge.ts +0 -168
package/src/config/vellum-skills/google-oauth-setup/SKILL.md +0 -199

package/src/__tests__/channel-readiness-service.test.ts ADDED Viewed

@@ -0,0 +1,324 @@
+import { describe, test, expect, beforeEach } from 'bun:test';
+import { ChannelReadinessService, REMOTE_TTL_MS } from '../runtime/channel-readiness-service.js';
+import type { ChannelId } from '../channels/types.js';
+import type { ChannelProbe, ReadinessCheckResult } from '../runtime/channel-readiness-types.js';
+// ── Test helpers ────────────────────────────────────────────────────────────
+function makeProbe(
+  channel: ChannelId,
+  localResults: ReadinessCheckResult[],
+  remoteResults?: ReadinessCheckResult[],
+): ChannelProbe & { localCallCount: number; remoteCallCount: number } {
+  const probe = {
+    channel,
+    localCallCount: 0,
+    remoteCallCount: 0,
+    runLocalChecks(): ReadinessCheckResult[] {
+      probe.localCallCount++;
+      return localResults;
+    },
+    ...(remoteResults !== undefined
+      ? {
+          async runRemoteChecks(): Promise<ReadinessCheckResult[]> {
+            probe.remoteCallCount++;
+            return remoteResults;
+          },
+        }
+      : {}),
+  };
+  return probe;
+}
+// ── Tests ───────────────────────────────────────────────────────────────────
+describe('ChannelReadinessService', () => {
+  let service: ChannelReadinessService;
+  beforeEach(() => {
+    service = new ChannelReadinessService();
+  });
+  test('local checks run on every call (no caching of local results)', async () => {
+    const probe = makeProbe('sms', [
+      { name: 'creds', passed: true, message: 'ok' },
+    ]);
+    service.registerProbe(probe);
+    await service.getReadiness('sms');
+    await service.getReadiness('sms');
+    expect(probe.localCallCount).toBe(2);
+  });
+  test('cache miss runs local checks and returns snapshot', async () => {
+    const probe = makeProbe('sms', [
+      { name: 'creds', passed: true, message: 'ok' },
+      { name: 'phone', passed: false, message: 'missing' },
+    ]);
+    service.registerProbe(probe);
+    const [snapshot] = await service.getReadiness('sms');
+    expect(probe.localCallCount).toBe(1);
+    expect(snapshot.channel).toBe('sms');
+    expect(snapshot.ready).toBe(false);
+    expect(snapshot.localChecks).toHaveLength(2);
+    expect(snapshot.reasons).toEqual([
+      { code: 'phone', text: 'missing' },
+    ]);
+  });
+  test('includeRemote=true runs remote checks on cache miss', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: true, message: 'remote ok' }],
+    );
+    service.registerProbe(probe);
+    const [snapshot] = await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+    expect(snapshot.remoteChecks).toHaveLength(1);
+    expect(snapshot.remoteChecks![0].passed).toBe(true);
+  });
+  test('cached remote checks reused within TTL', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: true, message: 'remote ok' }],
+    );
+    service.registerProbe(probe);
+    // First call populates cache
+    await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+    // Second call within TTL should reuse cache
+    const [snapshot] = await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+    expect(snapshot.remoteChecks).toHaveLength(1);
+  });
+  test('stale cache triggers remote check re-run', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: true, message: 'remote ok' }],
+    );
+    service.registerProbe(probe);
+    // First call
+    await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+    // Manually age the cached snapshot beyond TTL
+    const cached = (service as unknown as { snapshots: Map<string, { checkedAt: number }> }).snapshots.get('sms::__default__')!;
+    cached.checkedAt = Date.now() - REMOTE_TTL_MS - 1;
+    // Second call should re-run remote checks
+    await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(2);
+  });
+  test('invalidateChannel clears cache for specific channel', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: true, message: 'remote ok' }],
+    );
+    service.registerProbe(probe);
+    await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+    service.invalidateChannel('sms');
+    // After invalidation, remote checks should run again
+    await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(2);
+  });
+  test('invalidateAll clears all cached snapshots', async () => {
+    const smsProbe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api', passed: true, message: 'ok' }],
+    );
+    const telegramProbe = makeProbe(
+      'telegram',
+      [{ name: 'token', passed: true, message: 'ok' }],
+      [{ name: 'webhook', passed: true, message: 'ok' }],
+    );
+    service.registerProbe(smsProbe);
+    service.registerProbe(telegramProbe);
+    await service.getReadiness(undefined, true);
+    expect(smsProbe.remoteCallCount).toBe(1);
+    expect(telegramProbe.remoteCallCount).toBe(1);
+    service.invalidateAll();
+    await service.getReadiness(undefined, true);
+    expect(smsProbe.remoteCallCount).toBe(2);
+    expect(telegramProbe.remoteCallCount).toBe(2);
+  });
+  test('unknown channel returns unsupported_channel reason', async () => {
+    // Cast to exercise runtime handling of an unrecognized channel value
+    const [snapshot] = await service.getReadiness('carrier_pigeon' as ChannelId);
+    expect(snapshot.channel).toBe('carrier_pigeon' as ChannelId);
+    expect(snapshot.ready).toBe(false);
+    expect(snapshot.reasons).toEqual([
+      { code: 'unsupported_channel', text: 'Channel carrier_pigeon is not supported' },
+    ]);
+    expect(snapshot.localChecks).toHaveLength(0);
+  });
+  test('all checks passing yields ready=true', async () => {
+    const probe = makeProbe('telegram', [
+      { name: 'a', passed: true, message: 'ok' },
+      { name: 'b', passed: true, message: 'ok' },
+    ]);
+    service.registerProbe(probe);
+    const [snapshot] = await service.getReadiness('telegram');
+    expect(snapshot.ready).toBe(true);
+    expect(snapshot.reasons).toHaveLength(0);
+  });
+  test('getReadiness with no channel returns all registered channels', async () => {
+    service.registerProbe(makeProbe('sms', [{ name: 'a', passed: true, message: 'ok' }]));
+    service.registerProbe(makeProbe('telegram', [{ name: 'b', passed: true, message: 'ok' }]));
+    const snapshots = await service.getReadiness();
+    expect(snapshots).toHaveLength(2);
+    const channels = snapshots.map((s) => s.channel).sort();
+    expect(channels).toEqual(['sms', 'telegram']);
+  });
+  test('cached remote checks preserve original checkedAt (TTL not reset on reuse)', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: true, message: 'remote ok' }],
+    );
+    service.registerProbe(probe);
+    // First call populates cache with freshly fetched remote checks
+    const [first] = await service.getReadiness('sms', true);
+    const originalCheckedAt = first.checkedAt;
+    expect(probe.remoteCallCount).toBe(1);
+    // Second call within TTL reuses cache — checkedAt must stay at the original value
+    const [second] = await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+    expect(second.checkedAt).toBe(originalCheckedAt);
+  });
+  test('includeRemote runs remote checks when cache exists without remote data', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: true, message: 'remote ok' }],
+    );
+    service.registerProbe(probe);
+    // First call without includeRemote — cache has no remote data
+    await service.getReadiness('sms', false);
+    expect(probe.remoteCallCount).toBe(0);
+    // Second call with includeRemote — should run remote checks even though
+    // the cached snapshot exists (because it has no remoteChecks)
+    const [snapshot] = await service.getReadiness('sms', true);
+    expect(probe.remoteCallCount).toBe(1);
+    expect(snapshot.remoteChecks).toHaveLength(1);
+    expect(snapshot.remoteChecks![0].passed).toBe(true);
+  });
+  test('failed remote check makes channel not ready', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: false, message: 'API unreachable' }],
+    );
+    service.registerProbe(probe);
+    const [snapshot] = await service.getReadiness('sms', true);
+    expect(snapshot.ready).toBe(false);
+    expect(snapshot.reasons).toEqual([
+      { code: 'api_check', text: 'API unreachable' },
+    ]);
+  });
+  test('fresh cached remote failures do not affect local-only readiness', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: false, message: 'API unreachable' }],
+    );
+    service.registerProbe(probe);
+    // Prime remote cache with a failing check
+    await service.getReadiness('sms', true);
+    // Immediately call with includeRemote=false (cache is still fresh within TTL).
+    // The cached remote failure should be surfaced for visibility but must NOT
+    // affect readiness when the caller explicitly opted out of remote checks.
+    const [snapshot] = await service.getReadiness('sms', false);
+    expect(snapshot.ready).toBe(true);
+    expect(snapshot.reasons).toEqual([]);
+    // Remote checks are still visible for informational purposes
+    expect(snapshot.remoteChecks).toHaveLength(1);
+    expect(snapshot.remoteChecks![0].passed).toBe(false);
+  });
+  test('stale cached remote failures do not affect local-only readiness', async () => {
+    const probe = makeProbe(
+      'sms',
+      [{ name: 'creds', passed: true, message: 'ok' }],
+      [{ name: 'api_check', passed: false, message: 'API unreachable' }],
+    );
+    service.registerProbe(probe);
+    // Prime remote cache with a failing check
+    await service.getReadiness('sms', true);
+    // Age snapshot beyond TTL so remote checks are stale
+    const cached = (service as unknown as { snapshots: Map<string, { checkedAt: number }> }).snapshots.get('sms::__default__')!;
+    cached.checkedAt = Date.now() - REMOTE_TTL_MS - 1;
+    // Local-only call should not be blocked by stale remote failure
+    const [snapshot] = await service.getReadiness('sms', false);
+    expect(snapshot.stale).toBe(true);
+    expect(snapshot.ready).toBe(true);
+    expect(snapshot.reasons).toEqual([]);
+  });
+  test('remote cache is scoped per assistantId', async () => {
+    const remoteCalls: Record<string, number> = {};
+    const probe: ChannelProbe = {
+      channel: 'sms',
+      runLocalChecks: () => [{ name: 'local', passed: true, message: 'ok' }],
+      async runRemoteChecks(context) {
+        const key = context?.assistantId ?? '__default__';
+        remoteCalls[key] = (remoteCalls[key] ?? 0) + 1;
+        return [{ name: 'remote', passed: true, message: `ok-${key}` }];
+      },
+    };
+    service.registerProbe(probe);
+    await service.getReadiness('sms', true, 'ast-alpha');
+    await service.getReadiness('sms', true, 'ast-beta');
+    await service.getReadiness('sms', true, 'ast-alpha');
+    expect(remoteCalls['ast-alpha']).toBe(1);
+    expect(remoteCalls['ast-beta']).toBe(1);
+  });
+});

package/src/__tests__/checker.test.ts CHANGED Viewed

@@ -1,7 +1,6 @@
 // Smoke command (run all security test files together):
 // bun test src/__tests__/checker.test.ts src/__tests__/trust-store.test.ts src/__tests__/session-skill-tools.test.ts src/__tests__/skill-script-runner-host.test.ts
-/* eslint-disable @typescript-eslint/no-explicit-any */
 import { describe, test, expect, beforeAll, beforeEach, afterEach, mock } from 'bun:test';
 import { mkdtempSync, mkdirSync, rmSync, writeFileSync, symlinkSync, realpathSync } from 'node:fs';
 import { tmpdir, homedir } from 'node:os';
@@ -39,9 +38,16 @@ mock.module('../util/logger.js', () => ({
 // Mutable config object so tests can switch permissions.mode between
 // 'legacy', 'strict', and 'workspace' without re-registering the mock.
-const testConfig: Record<string, any> = {
-  permissions: { mode: 'legacy' as 'legacy' | 'strict' | 'workspace' },
-  skills: { load: { extraDirs: [] as string[] } },
+interface TestConfig {
+  permissions: { mode: 'legacy' | 'strict' | 'workspace' };
+  skills: { load: { extraDirs: string[] } };
+  sandbox: { enabled: boolean };
+  [key: string]: unknown;
+}
+const testConfig: TestConfig = {
+  permissions: { mode: 'legacy' },
+  skills: { load: { extraDirs: [] } },
   sandbox: { enabled: true },
 };
@@ -58,6 +64,7 @@ mock.module('../config/loader.js', () => ({
 import { classifyRisk, check, generateAllowlistOptions, generateScopeOptions, _resetLegacyDeprecationWarning } from '../permissions/checker.js';
 import { RiskLevel } from '../permissions/types.js';
+import type { TrustRule } from '../permissions/types.js';
 import { addRule, clearCache, findHighestPriorityRule } from '../permissions/trust-store.js';
 import { getDefaultRuleTemplates } from '../permissions/defaults.js';
 import { registerTool, getTool } from '../tools/registry.js';
@@ -2353,13 +2360,13 @@ describe('Permission Checker', () => {
       const trustDir = dirnameFn(trustPath);
       if (!existsSync(trustDir)) mkdirSyncFs(trustDir, { recursive: true });
-      let currentRules: any[] = [];
+      let currentRules: TrustRule[] = [];
       try {
         const raw = readFileSync(trustPath, 'utf-8');
         currentRules = JSON.parse(raw).rules ?? [];
       } catch { /* first run */ }
-      currentRules = currentRules.filter((r: any) => r.id !== opts.id);
+      currentRules = currentRules.filter((r: TrustRule) => r.id !== opts.id);
       currentRules.push({
         ...opts,
         createdAt: Date.now(),
@@ -2486,7 +2493,7 @@ describe('Permission Checker', () => {
         // Write the executionTarget field directly (addVersionBoundRule doesn't support it)
         const trustPath = join(checkerTestDir, 'protected', 'trust.json');
         const raw = JSON.parse((await import('node:fs')).readFileSync(trustPath, 'utf-8'));
-        const rule = raw.rules.find((r: any) => r.id === 'inv4-target-scoped');
+        const rule = raw.rules.find((r: TrustRule) => r.id === 'inv4-target-scoped');
         rule.executionTarget = '/usr/local/bin/node';
         (await import('node:fs')).writeFileSync(trustPath, JSON.stringify(raw, null, 2));
         clearCache();

package/src/__tests__/clarification-resolver.test.ts CHANGED Viewed

@@ -6,33 +6,53 @@ let llmResolution: 'keep_existing' | 'keep_candidate' | 'merge' | 'still_unclear
 let llmResolvedStatement = '';
 let llmExplanation = 'Unclear response from user.';
-mock.module('@anthropic-ai/sdk', () => ({
-  default: class MockAnthropic {
-    messages = {
-      create: async (_body: unknown, opts?: { signal?: AbortSignal }) => {
-        llmCallCount += 1;
-        if (llmDelayMs > 0) {
-          await new Promise((resolve, reject) => {
-            const timer = setTimeout(resolve, llmDelayMs);
-            opts?.signal?.addEventListener('abort', () => {
-              clearTimeout(timer);
-              reject(new Error('Request was aborted.'));
-            });
+mock.module('../providers/provider-send-message.js', () => ({
+  getConfiguredProvider: () => ({
+    sendMessage: async (
+      _messages: unknown,
+      _tools: unknown,
+      _system: unknown,
+      opts?: { signal?: AbortSignal },
+    ) => {
+      llmCallCount += 1;
+      if (llmDelayMs > 0) {
+        await new Promise((resolve, reject) => {
+          const timer = setTimeout(resolve, llmDelayMs);
+          opts?.signal?.addEventListener('abort', () => {
+            clearTimeout(timer);
+            reject(new Error('Request was aborted.'));
           });
-        }
-        return {
-          content: [{
-            type: 'tool_use',
-            input: {
-              resolution: llmResolution,
-              resolved_statement: llmResolvedStatement,
-              explanation: llmExplanation,
-            },
-          }],
-        };
-      },
+        });
+      }
+      return {
+        content: [{
+          type: 'tool_use' as const,
+          id: 'test-tool-use-id',
+          name: 'resolve_conflict',
+          input: {
+            resolution: llmResolution,
+            resolved_statement: llmResolvedStatement,
+            explanation: llmExplanation,
+          },
+        }],
+        model: 'claude-haiku-4-5-20251001',
+        stopReason: 'tool_use',
+        usage: { inputTokens: 0, outputTokens: 0 },
+      };
+    },
+  }),
+  createTimeout: (ms: number) => {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), ms);
+    return {
+      signal: controller.signal,
+      cleanup: () => clearTimeout(timer),
     };
   },
+  extractToolUse: (response: { content: Array<{ type: string }> }) => {
+    return response.content.find((b: { type: string }) => b.type === 'tool_use');
+  },
+  userMessage: (text: string) => ({ role: 'user', content: [{ type: 'text', text }] }),
 }));
 mock.module('../config/loader.js', () => ({

package/src/__tests__/commit-message-enrichment-service.test.ts CHANGED Viewed

@@ -308,25 +308,30 @@ describe('CommitEnrichmentService', () => {
   });
   test('job timeout triggers retry with backoff then fails after max retries', async () => {
-    // Use a very short timeout so the real git notes write times out
     const service = new CommitEnrichmentService({
       maxQueueSize: 10,
       maxConcurrency: 1,
-      jobTimeoutMs: 1, // 1ms timeout — will always time out
+      jobTimeoutMs: 10, // short timeout
       maxRetries: 2,
     });
     const commitHash = await createCommit();
+    // Use a slow gitService so the timeout always wins the race.
+    // A 1ms timeout against a real git write is flaky on fast CI runners.
+    const slowGitService = new WorkspaceGitService(testDir);
+    await slowGitService.ensureInitialized();
+    slowGitService.writeNote = () => new Promise<void>(() => {});
     service.enqueue({
       workspaceDir: testDir,
       commitHash,
       context: makeContext(),
-      gitService,
+      gitService: slowGitService,
     });
     // Wait for all retries to complete (initial + 2 retries, with backoff)
     // Backoff: 1s after attempt 1, 2s after attempt 2 = ~3s total
-    // But since the job itself is very fast to time out, total time is dominated by backoff
     await waitForDrain(service, 10000);
     await service.shutdown();

package/src/__tests__/computer-use-session-working-dir.test.ts CHANGED Viewed

@@ -8,6 +8,13 @@ mock.module('../util/logger.js', () => ({
   getLogger: () => new Proxy({} as Record<string, unknown>, {
     get: () => () => {},
   }),
+  getCliLogger: () => new Proxy({} as Record<string, unknown>, {
+    get: () => () => {},
+  }),
+  isDebug: () => false,
+  truncateForLog: (value: string, maxLen = 500) => value.length > maxLen ? value.slice(0, maxLen) + '...' : value,
+  initLogger: () => {},
+  pruneOldLogFiles: () => 0,
 }));
 mock.module('../util/platform.js', () => ({
@@ -38,6 +45,7 @@ mock.module('../util/platform.js', () => ({
   isMacOS: () => false,
   isLinux: () => true,
   isWindows: () => false,
+  readHttpToken: () => null,
 }));
 mock.module('../tools/executor.js', () => ({

package/src/__tests__/config-schema.test.ts CHANGED Viewed

@@ -74,9 +74,9 @@ describe('AssistantConfigSchema', () => {
     const result = AssistantConfigSchema.parse({});
     expect(result.provider).toBe('anthropic');
     expect(result.model).toBe('claude-opus-4-6');
-    expect(result.maxTokens).toBe(64000);
+    expect(result.maxTokens).toBe(16000);
     expect(result.apiKeys).toEqual({});
-    expect(result.thinking).toEqual({ enabled: false, budgetTokens: 10000 });
+    expect(result.thinking).toEqual({ enabled: false, budgetTokens: 10000, streamThinking: false });
     expect(result.contextWindow).toEqual({
       enabled: true,
       maxInputTokens: 180000,
@@ -206,6 +206,7 @@ describe('AssistantConfigSchema', () => {
       maxEdges: 40,
       neighborScoreMultiplier: 0.7,
       maxDepth: 3,
+      depthDecay: true,
     });
   });
@@ -681,7 +682,7 @@ describe('AssistantConfigSchema', () => {
       userConsultTimeoutSeconds: 120,
       disclosure: {
         enabled: true,
-        text: 'At the very beginning of the call, introduce yourself as an assistant calling on behalf of the user.',
+        text: 'At the very beginning of the call, introduce yourself as an assistant calling on behalf of the person you represent. Do not say "AI assistant".',
       },
       safety: {
         denyCategories: [],
@@ -706,6 +707,11 @@ describe('AssistantConfigSchema', () => {
       callerIdentity: {
         allowPerCallOverride: true,
       },
+      verification: {
+        enabled: false,
+        maxAttempts: 3,
+        codeLength: 6,
+      },
     });
   });
@@ -1187,8 +1193,8 @@ describe('loadConfig with schema validation', () => {
     const config = loadConfig();
     expect(config.provider).toBe('anthropic');
     expect(config.model).toBe('claude-opus-4-6');
-    expect(config.maxTokens).toBe(64000);
-    expect(config.thinking).toEqual({ enabled: false, budgetTokens: 10000 });
+    expect(config.maxTokens).toBe(16000);
+    expect(config.thinking).toEqual({ enabled: false, budgetTokens: 10000, streamThinking: false });
     expect(config.contextWindow).toEqual({
       enabled: true,
       maxInputTokens: 180000,
@@ -1209,7 +1215,7 @@ describe('loadConfig with schema validation', () => {
   test('falls back to default for invalid maxTokens', () => {
     writeConfig({ maxTokens: -100 });
     const config = loadConfig();
-    expect(config.maxTokens).toBe(64000);
+    expect(config.maxTokens).toBe(16000);
   });
   test('falls back to defaults for invalid nested values', () => {
@@ -1234,13 +1240,13 @@ describe('loadConfig with schema validation', () => {
     expect(config.model).toBe('gpt-4');
     expect(config.thinking.enabled).toBe(true);
     expect(config.thinking.budgetTokens).toBe(5000);
-    expect(config.maxTokens).toBe(64000);
+    expect(config.maxTokens).toBe(16000);
   });
   test('handles no config file', () => {
     const config = loadConfig();
     expect(config.provider).toBe('anthropic');
-    expect(config.maxTokens).toBe(64000);
+    expect(config.maxTokens).toBe(16000);
   });
   test('partial nested objects get defaults for missing fields', () => {

package/src/__tests__/context-window-manager.test.ts CHANGED Viewed

@@ -287,7 +287,7 @@ describe('ContextWindowManager', () => {
     expect(getSummaryFromContextMessage(userMessage)).toBeNull();
   });
-  test('skips compaction during cooldown when projected gain is too low', async () => {
+  test('skips compaction during cooldown', async () => {
     const provider = createProvider(() => {
       throw new Error('summarizer should not be called while cooldown skip is active');
     });
@@ -307,7 +307,7 @@ describe('ContextWindowManager', () => {
       lastCompactedAt: Date.now() - 30_000,
     });
     expect(result.compacted).toBe(false);
-    expect(result.reason).toBe('compaction cooldown active with low projected gain');
+    expect(result.reason).toBe('compaction cooldown active');
   });
   test('ignores cooldown and compacts under severe token pressure', async () => {
@@ -338,6 +338,34 @@ describe('ContextWindowManager', () => {
     expect(result.reason).toBeUndefined();
   });
+  test('force=true bypasses cooldown for context-too-large recovery', async () => {
+    const provider = createProvider(() => ({
+      content: [{ type: 'text', text: '## Goals\n- forced compaction' }],
+      model: 'mock-model',
+      usage: { inputTokens: 60, outputTokens: 12 },
+      stopReason: 'end_turn',
+    }));
+    const manager = new ContextWindowManager(
+      provider,
+      'system prompt',
+      makeConfig({ maxInputTokens: 260, targetInputTokens: 180, preserveRecentUserTurns: 1 }),
+    );
+    const long = 'c'.repeat(220);
+    const history: Message[] = [
+      message('user', `u1 ${long}`),
+      message('assistant', `a1 ${long}`),
+      message('user', `u2 ${long}`),
+    ];
+    // Same setup as the cooldown test, but with force=true — should compact.
+    const result = await manager.maybeCompact(history, undefined, {
+      lastCompactedAt: Date.now() - 30_000,
+      force: true,
+    });
+    expect(result.compacted).toBe(true);
+    expect(result.reason).toBeUndefined();
+  });
   test('image-heavy payload is no longer underestimated as below-threshold', async () => {
     const provider = createProvider(() => ({
       content: [{ type: 'text', text: '## Goals\n- compacted image-heavy history' }],