@vellumai/assistant 0.4.0 → 0.4.2

package/src/__tests__/send-endpoint-busy.test.ts

@@ -14,6 +14,8 @@ import { afterAll, beforeEach, describe, expect, mock,test } from 'bun:test';
 
 import type { ServerMessage } from '../daemon/ipc-protocol.js';
 import type { Session } from '../daemon/session.js';
+import { createCanonicalGuardianRequest } from '../memory/canonical-guardian-store.js';
+import { getOrCreateConversation } from '../memory/conversation-key-store.js';
 
 const testDir = realpathSync(mkdtempSync(join(tmpdir(), 'send-endpoint-busy-test-')));
 
@@ -53,6 +55,8 @@ import { getDb, initializeDb, resetDb } from '../memory/db.js';
 import type { AssistantEvent } from '../runtime/assistant-event.js';
 import { AssistantEventHub } from '../runtime/assistant-event-hub.js';
 import { RuntimeHttpServer } from '../runtime/http-server.js';
+import type { ApprovalConversationGenerator } from '../runtime/http-types.js';
+import * as pendingInteractions from '../runtime/pending-interactions.js';
 
 initializeDb();
 
@@ -63,6 +67,7 @@ initializeDb();
 /** Session that completes its agent loop quickly and emits a text delta + message_complete. */
 function makeCompletingSession(): Session {
   let processing = false;
+  const messages: unknown[] = [];
   return {
     isProcessing: () => processing,
     persistUserMessage: (_content: string, _attachments: unknown[], requestId?: string) => {
@@ -77,6 +82,10 @@ function makeCompletingSession(): Session {
     setTurnChannelContext: () => {},
     setTurnInterfaceContext: () => {},
     updateClient: () => {},
+    hasAnyPendingConfirmation: () => false,
+    hasPendingConfirmation: () => false,
+    denyAllPendingConfirmations: () => {},
+    getQueueDepth: () => 0,
     enqueueMessage: () => ({ queued: false, requestId: 'noop' }),
     runAgentLoop: async (_content: string, _messageId: string, onEvent: (msg: ServerMessage) => void) => {
       onEvent({ type: 'assistant_text_delta', text: 'Hello!' });
@@ -85,13 +94,14 @@ function makeCompletingSession(): Session {
     },
     handleConfirmationResponse: () => {},
     handleSecretResponse: () => {},
-    hasAnyPendingConfirmation: () => false,
+    getMessages: () => messages as never[],
   } as unknown as Session;
 }
 
 /** Session that hangs forever in the agent loop (simulates a busy session). */
 function makeHangingSession(): Session {
   let processing = false;
+  const messages: unknown[] = [];
   const enqueuedMessages: Array<{ content: string; onEvent: (msg: ServerMessage) => void; requestId: string }> = [];
   return {
     isProcessing: () => processing,
@@ -107,6 +117,10 @@ function makeHangingSession(): Session {
     setTurnChannelContext: () => {},
     setTurnInterfaceContext: () => {},
     updateClient: () => {},
+    hasAnyPendingConfirmation: () => false,
+    hasPendingConfirmation: () => false,
+    denyAllPendingConfirmations: () => {},
+    getQueueDepth: () => enqueuedMessages.length,
     enqueueMessage: (content: string, _attachments: unknown[], onEvent: (msg: ServerMessage) => void, requestId: string) => {
       enqueuedMessages.push({ content, onEvent, requestId });
       return { queued: true, requestId };
@@ -117,11 +131,68 @@ function makeHangingSession(): Session {
     },
     handleConfirmationResponse: () => {},
     handleSecretResponse: () => {},
-    hasAnyPendingConfirmation: () => false,
+    getMessages: () => messages as never[],
     _enqueuedMessages: enqueuedMessages,
   } as unknown as Session;
 }
 
+function makePendingApprovalSession(
+  requestId: string,
+  processing: boolean,
+  options?: { queueDepth?: number },
+): {
+  session: Session;
+  runAgentLoopMock: ReturnType<typeof mock>;
+  enqueueMessageMock: ReturnType<typeof mock>;
+  denyAllPendingConfirmationsMock: ReturnType<typeof mock>;
+  handleConfirmationResponseMock: ReturnType<typeof mock>;
+} {
+  const queueDepth = options?.queueDepth ?? 0;
+  const pending = new Set([requestId]);
+  const messages: unknown[] = [];
+  const runAgentLoopMock = mock(async () => {});
+  const enqueueMessageMock = mock((_content: string, _attachments: unknown[], _onEvent: (msg: ServerMessage) => void, queuedRequestId: string) => ({
+    queued: true,
+    requestId: queuedRequestId,
+  }));
+  const denyAllPendingConfirmationsMock = mock(() => {
+    pending.clear();
+  });
+  const handleConfirmationResponseMock = mock((resolvedRequestId: string) => {
+    pending.delete(resolvedRequestId);
+  });
+
+  const session = {
+    isProcessing: () => processing,
+    persistUserMessage: (_content: string, _attachments: unknown[], reqId?: string) => reqId ?? 'msg-1',
+    memoryPolicy: { scopeId: 'default', includeDefaultFallback: false, strictSideEffects: false },
+    setChannelCapabilities: () => {},
+    setAssistantId: () => {},
+    setGuardianContext: () => {},
+    setCommandIntent: () => {},
+    setTurnChannelContext: () => {},
+    setTurnInterfaceContext: () => {},
+    updateClient: () => {},
+    hasAnyPendingConfirmation: () => pending.size > 0,
+    hasPendingConfirmation: (candidateRequestId: string) => pending.has(candidateRequestId),
+    denyAllPendingConfirmations: denyAllPendingConfirmationsMock,
+    getQueueDepth: () => queueDepth,
+    enqueueMessage: enqueueMessageMock,
+    runAgentLoop: runAgentLoopMock,
+    handleConfirmationResponse: handleConfirmationResponseMock,
+    handleSecretResponse: () => {},
+    getMessages: () => messages as never[],
+  } as unknown as Session;
+
+  return {
+    session,
+    runAgentLoopMock,
+    enqueueMessageMock,
+    denyAllPendingConfirmationsMock,
+    handleConfirmationResponseMock,
+  };
+}
+
 // ---------------------------------------------------------------------------
 // Tests
 // ---------------------------------------------------------------------------
@@ -139,6 +210,9 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
     db.run('DELETE FROM messages');
     db.run('DELETE FROM conversations');
     db.run('DELETE FROM conversation_keys');
+    db.run('DELETE FROM canonical_guardian_deliveries');
+    db.run('DELETE FROM canonical_guardian_requests');
+    pendingInteractions.clear();
     eventHub = new AssistantEventHub();
   });
 
@@ -147,11 +221,15 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
     try { rmSync(testDir, { recursive: true, force: true }); } catch { /* best effort */ }
   });
 
-  async function startServer(sessionFactory: () => Session): Promise<void> {
+  async function startServer(
+    sessionFactory: () => Session,
+    options?: { approvalConversationGenerator?: ApprovalConversationGenerator },
+  ): Promise<void> {
     port = 19000 + Math.floor(Math.random() * 1000);
     server = new RuntimeHttpServer({
       port,
       bearerToken: TEST_TOKEN,
+      approvalConversationGenerator: options?.approvalConversationGenerator,
       sendMessageDeps: {
         getOrCreateSession: async () => sessionFactory(),
         assistantEventHub: eventHub,
@@ -226,6 +304,338 @@ describe('POST /v1/messages — queue-if-busy and hub publishing', () => {
     await stopServer();
   });
 
+  test('consumes explicit approval text when a single pending confirmation exists (idle)', async () => {
+    const conversationKey = 'conv-inline-idle';
+    const { conversationId } = getOrCreateConversation(conversationKey);
+    const requestId = 'req-inline-idle';
+    const {
+      session,
+      runAgentLoopMock,
+      enqueueMessageMock,
+      denyAllPendingConfirmationsMock,
+      handleConfirmationResponseMock,
+    } = makePendingApprovalSession(requestId, false);
+
+    pendingInteractions.register(requestId, {
+      session,
+      conversationId,
+      kind: 'confirmation',
+    });
+    createCanonicalGuardianRequest({
+      id: requestId,
+      kind: 'tool_approval',
+      sourceType: 'desktop',
+      sourceChannel: 'vellum',
+      conversationId,
+      toolName: 'call_start',
+      status: 'pending',
+      requestCode: 'ABC123',
+      expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+    });
+
+    await startServer(() => session);
+
+    const res = await fetch(messagesUrl(), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...AUTH_HEADERS },
+      body: JSON.stringify({
+        conversationKey,
+        content: 'yes',
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+    const body = await res.json() as { accepted: boolean; messageId?: string; queued?: boolean };
+
+    expect(res.status).toBe(202);
+    expect(body.accepted).toBe(true);
+    expect(body.messageId).toBeDefined();
+    expect(body.queued).toBeUndefined();
+    expect(handleConfirmationResponseMock).toHaveBeenCalledTimes(1);
+    expect(denyAllPendingConfirmationsMock).toHaveBeenCalledTimes(0);
+    expect(enqueueMessageMock).toHaveBeenCalledTimes(0);
+    expect(runAgentLoopMock).toHaveBeenCalledTimes(0);
+
+    await stopServer();
+  });
+
+  test('consumes natural-language approval text when approval conversation generator is configured', async () => {
+    const conversationKey = 'conv-inline-nl';
+    const { conversationId } = getOrCreateConversation(conversationKey);
+    const requestId = 'req-inline-nl';
+    const {
+      session,
+      runAgentLoopMock,
+      enqueueMessageMock,
+      denyAllPendingConfirmationsMock,
+      handleConfirmationResponseMock,
+    } = makePendingApprovalSession(requestId, false);
+
+    pendingInteractions.register(requestId, {
+      session,
+      conversationId,
+      kind: 'confirmation',
+    });
+    createCanonicalGuardianRequest({
+      id: requestId,
+      kind: 'tool_approval',
+      sourceType: 'desktop',
+      sourceChannel: 'vellum',
+      conversationId,
+      toolName: 'call_start',
+      status: 'pending',
+      requestCode: 'C0FFEE',
+      expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+    });
+
+    const approvalConversationGenerator: ApprovalConversationGenerator = async (context) => ({
+      disposition: 'approve_once',
+      replyText: 'Approved.',
+      targetRequestId: context.pendingApprovals[0]?.requestId,
+    });
+
+    await startServer(() => session, { approvalConversationGenerator });
+
+    const res = await fetch(messagesUrl(), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...AUTH_HEADERS },
+      body: JSON.stringify({
+        conversationKey,
+        content: "sure let's do that",
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+    const body = await res.json() as { accepted: boolean; messageId?: string; queued?: boolean };
+
+    expect(res.status).toBe(202);
+    expect(body.accepted).toBe(true);
+    expect(body.messageId).toBeDefined();
+    expect(body.queued).toBeUndefined();
+    expect(handleConfirmationResponseMock).toHaveBeenCalledTimes(1);
+    expect(denyAllPendingConfirmationsMock).toHaveBeenCalledTimes(0);
+    expect(enqueueMessageMock).toHaveBeenCalledTimes(0);
+    expect(runAgentLoopMock).toHaveBeenCalledTimes(0);
+
+    await stopServer();
+  });
+
+  test('consumes explicit approval text while busy instead of auto-denying and queueing', async () => {
+    const conversationKey = 'conv-inline-busy';
+    const { conversationId } = getOrCreateConversation(conversationKey);
+    const requestId = 'req-inline-busy';
+    const {
+      session,
+      runAgentLoopMock,
+      enqueueMessageMock,
+      denyAllPendingConfirmationsMock,
+      handleConfirmationResponseMock,
+    } = makePendingApprovalSession(requestId, true);
+
+    pendingInteractions.register(requestId, {
+      session,
+      conversationId,
+      kind: 'confirmation',
+    });
+    createCanonicalGuardianRequest({
+      id: requestId,
+      kind: 'tool_approval',
+      sourceType: 'desktop',
+      sourceChannel: 'vellum',
+      conversationId,
+      toolName: 'call_start',
+      status: 'pending',
+      requestCode: 'DEF456',
+      expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+    });
+
+    await startServer(() => session);
+
+    const res = await fetch(messagesUrl(), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...AUTH_HEADERS },
+      body: JSON.stringify({
+        conversationKey,
+        content: 'approve',
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+    const body = await res.json() as { accepted: boolean; messageId?: string; queued?: boolean };
+
+    expect(res.status).toBe(202);
+    expect(body.accepted).toBe(true);
+    expect(body.messageId).toBeDefined();
+    expect(body.queued).toBeUndefined();
+    expect(handleConfirmationResponseMock).toHaveBeenCalledTimes(1);
+    expect(denyAllPendingConfirmationsMock).toHaveBeenCalledTimes(0);
+    expect(enqueueMessageMock).toHaveBeenCalledTimes(0);
+    expect(runAgentLoopMock).toHaveBeenCalledTimes(0);
+
+    await stopServer();
+  });
+
+  test('consumes explicit approval text while busy even when queue depth is non-zero', async () => {
+    const conversationKey = 'conv-inline-busy-queued';
+    const { conversationId } = getOrCreateConversation(conversationKey);
+    const requestId = 'req-inline-busy-queued';
+    const {
+      session,
+      runAgentLoopMock,
+      enqueueMessageMock,
+      denyAllPendingConfirmationsMock,
+      handleConfirmationResponseMock,
+    } = makePendingApprovalSession(requestId, true, { queueDepth: 2 });
+
+    pendingInteractions.register(requestId, {
+      session,
+      conversationId,
+      kind: 'confirmation',
+    });
+    createCanonicalGuardianRequest({
+      id: requestId,
+      kind: 'tool_approval',
+      sourceType: 'desktop',
+      sourceChannel: 'vellum',
+      conversationId,
+      toolName: 'call_start',
+      status: 'pending',
+      requestCode: 'Q2D456',
+      expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+    });
+
+    await startServer(() => session);
+
+    const res = await fetch(messagesUrl(), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...AUTH_HEADERS },
+      body: JSON.stringify({
+        conversationKey,
+        content: 'approve',
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+    const body = await res.json() as { accepted: boolean; messageId?: string; queued?: boolean };
+
+    expect(res.status).toBe(202);
+    expect(body.accepted).toBe(true);
+    expect(body.messageId).toBeDefined();
+    expect(body.queued).toBeUndefined();
+    expect(handleConfirmationResponseMock).toHaveBeenCalledTimes(1);
+    expect(denyAllPendingConfirmationsMock).toHaveBeenCalledTimes(0);
+    expect(enqueueMessageMock).toHaveBeenCalledTimes(0);
+    expect(runAgentLoopMock).toHaveBeenCalledTimes(0);
+
+    await stopServer();
+  });
+
+  test('consumes explicit rejection text when a single pending confirmation exists (idle)', async () => {
+    const conversationKey = 'conv-inline-reject';
+    const { conversationId } = getOrCreateConversation(conversationKey);
+    const requestId = 'req-inline-reject';
+    const {
+      session,
+      runAgentLoopMock,
+      enqueueMessageMock,
+      denyAllPendingConfirmationsMock,
+      handleConfirmationResponseMock,
+    } = makePendingApprovalSession(requestId, false);
+
+    pendingInteractions.register(requestId, {
+      session,
+      conversationId,
+      kind: 'confirmation',
+    });
+    createCanonicalGuardianRequest({
+      id: requestId,
+      kind: 'tool_approval',
+      sourceType: 'desktop',
+      sourceChannel: 'vellum',
+      conversationId,
+      toolName: 'call_start',
+      status: 'pending',
+      requestCode: 'GHI789',
+      expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+    });
+
+    await startServer(() => session);
+
+    const res = await fetch(messagesUrl(), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...AUTH_HEADERS },
+      body: JSON.stringify({
+        conversationKey,
+        content: 'no',
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+    const body = await res.json() as { accepted: boolean; messageId?: string; queued?: boolean };
+
+    expect(res.status).toBe(202);
+    expect(body.accepted).toBe(true);
+    expect(body.messageId).toBeDefined();
+    expect(body.queued).toBeUndefined();
+    // Rejection still flows through handleConfirmationResponse (with reject action)
+    expect(handleConfirmationResponseMock).toHaveBeenCalledTimes(1);
+    expect(denyAllPendingConfirmationsMock).toHaveBeenCalledTimes(0);
+    expect(enqueueMessageMock).toHaveBeenCalledTimes(0);
+    expect(runAgentLoopMock).toHaveBeenCalledTimes(0);
+
+    await stopServer();
+  });
+
+  test('does not consume ambiguous text — falls through to normal message handling', async () => {
+    const conversationKey = 'conv-inline-ambiguous';
+    const { conversationId } = getOrCreateConversation(conversationKey);
+    const requestId = 'req-inline-ambiguous';
+    const {
+      session,
+      runAgentLoopMock,
+    } = makePendingApprovalSession(requestId, false);
+
+    pendingInteractions.register(requestId, {
+      session,
+      conversationId,
+      kind: 'confirmation',
+    });
+    createCanonicalGuardianRequest({
+      id: requestId,
+      kind: 'tool_approval',
+      sourceType: 'desktop',
+      sourceChannel: 'vellum',
+      conversationId,
+      toolName: 'call_start',
+      status: 'pending',
+      requestCode: 'JKL012',
+      expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+    });
+
+    await startServer(() => session);
+
+    const res = await fetch(messagesUrl(), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...AUTH_HEADERS },
+      body: JSON.stringify({
+        conversationKey,
+        content: 'What is the weather today?',
+        sourceChannel: 'vellum',
+        interface: 'macos',
+      }),
+    });
+    const body = await res.json() as { accepted: boolean; messageId?: string; queued?: boolean };
+
+    // Ambiguous text should NOT be consumed — falls through to normal send path
+    expect(res.status).toBe(202);
+    expect(body.accepted).toBe(true);
+    expect(body.messageId).toBeDefined();
+    // The normal idle send path fires runAgentLoop
+    expect(runAgentLoopMock).toHaveBeenCalledTimes(1);
+
+    await stopServer();
+  });
+
   // ── Busy session: queue-if-busy ─────────────────────────────────────
 
   test('returns 202 with queued: true when session is busy (not 409)', async () => {

package/src/approvals/guardian-decision-primitive.ts

@@ -349,7 +349,28 @@ export async function applyCanonicalGuardianDecision(
   }
 
   // 2c. Validate identity: actor must match guardian_external_user_id
-  // unless the actor is trusted (desktop) or the request has no guardian binding.
+  // unless the actor is trusted (desktop).
+  //
+  // Channel tool-approval requests must always be identity-bound. Treat
+  // missing guardianExternalUserId as unauthorized (fail-closed) so a
+  // non-guardian actor can never approve an unbound request.
+  if (
+    !actorContext.isTrusted &&
+    request.kind === 'tool_approval' &&
+    !request.guardianExternalUserId
+  ) {
+    log.warn(
+      {
+        event: 'canonical_decision_missing_guardian_binding',
+        requestId,
+        kind: request.kind,
+        sourceType: request.sourceType,
+      },
+      'Canonical tool approval missing guardian binding; rejecting decision',
+    );
+    return { applied: false, reason: 'identity_mismatch', detail: 'missing guardian binding' };
+  }
+
   if (
     request.guardianExternalUserId &&
     !actorContext.isTrusted &&