@vellumai/assistant 0.4.15 → 0.4.17

package/src/__tests__/conversation-routes-guardian-reply.test.ts

@@ -1,38 +1,56 @@
-import { beforeEach, describe, expect, mock, test } from 'bun:test';
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+mock.module("../config/env.js", () => ({ isHttpAuthDisabled: () => true }));
 
 const routeGuardianReplyMock = mock(async () => ({
   consumed: false,
   decisionApplied: false,
-  type: 'not_consumed' as const,
+  type: "not_consumed" as const,
 })) as any;
-const listPendingByDestinationMock = mock((_conversationId: string, _sourceChannel?: string) => [] as Array<{ id: string; kind?: string }>);
-const listCanonicalMock = mock((_filters?: Record<string, unknown>) => [] as Array<{ id: string }>);
-const addMessageMock = mock(async (_conversationId: string, role: string, _content?: string, _metadata?: Record<string, unknown>) => ({
-  id: role === 'user' ? 'persisted-user-id' : 'persisted-assistant-id',
-}));
-
-mock.module('../util/logger.js', () => ({
-  getLogger: () => new Proxy({} as Record<string, unknown>, {
-    get: () => () => {},
+const listPendingByDestinationMock = mock(
+  (_conversationId: string, _sourceChannel?: string) =>
+    [] as Array<{ id: string; kind?: string }>,
+);
+const listCanonicalMock = mock(
+  (_filters?: Record<string, unknown>) => [] as Array<{ id: string }>,
+);
+const addMessageMock = mock(
+  async (
+    _conversationId: string,
+    role: string,
+    _content?: string,
+    _metadata?: Record<string, unknown>,
+  ) => ({
+    id: role === "user" ? "persisted-user-id" : "persisted-assistant-id",
   }),
+);
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
 }));
 
-mock.module('../memory/conversation-key-store.js', () => ({
-  getOrCreateConversation: () => ({ conversationId: 'conv-canonical-reply' }),
+mock.module("../memory/conversation-key-store.js", () => ({
+  getOrCreateConversation: () => ({ conversationId: "conv-canonical-reply" }),
   getConversationByKey: () => null,
 }));
 
-mock.module('../memory/attachments-store.js', () => ({
+mock.module("../memory/attachments-store.js", () => ({
   getAttachmentsByIds: () => [],
 }));
 
-mock.module('../runtime/guardian-reply-router.js', () => ({
+mock.module("../runtime/guardian-reply-router.js", () => ({
   routeGuardianReply: routeGuardianReplyMock,
 }));
 
-mock.module('../memory/canonical-guardian-store.js', () => ({
-  createCanonicalGuardianRequest: () => ({ id: 'canonical-id', requestCode: 'ABC123' }),
-  generateCanonicalRequestCode: () => 'ABC123',
+mock.module("../memory/canonical-guardian-store.js", () => ({
+  createCanonicalGuardianRequest: () => ({
+    id: "canonical-id",
+    requestCode: "ABC123",
+  }),
+  generateCanonicalRequestCode: () => "ABC123",
   listPendingCanonicalGuardianRequestsByDestinationConversation: (
     conversationId: string,
     sourceChannel?: string,
@@ -41,11 +59,11 @@ mock.module('../memory/canonical-guardian-store.js', () => ({
     listCanonicalMock(filters),
 }));
 
-mock.module('../runtime/confirmation-request-guardian-bridge.js', () => ({
+mock.module("../runtime/confirmation-request-guardian-bridge.js", () => ({
   bridgeConfirmationRequestToGuardian: async () => undefined,
 }));
 
-mock.module('../memory/conversation-store.js', () => ({
+mock.module("../memory/conversation-store.js", () => ({
   addMessage: (
     conversationId: string,
     role: string,
@@ -54,24 +72,40 @@ mock.module('../memory/conversation-store.js', () => ({
   ) => addMessageMock(conversationId, role, content, metadata),
 }));
 
-mock.module('../runtime/local-actor-identity.js', () => ({
-  resolveLocalIpcGuardianContext: () => ({ trustClass: 'guardian', sourceChannel: 'vellum' }),
+mock.module("../runtime/local-actor-identity.js", () => ({
+  resolveLocalIpcGuardianContext: () => ({
+    trustClass: "guardian",
+    sourceChannel: "vellum",
+  }),
 }));
 
-import type { AuthContext } from '../runtime/auth/types.js';
-import { handleSendMessage } from '../runtime/routes/conversation-routes.js';
+import type { AuthContext } from "../runtime/auth/types.js";
+import { handleSendMessage } from "../runtime/routes/conversation-routes.js";
 
 const testAuthContext: AuthContext = {
-  subject: 'actor:self:test-guardian',
-  principalType: 'actor',
-  assistantId: 'self',
-  actorPrincipalId: 'test-guardian',
-  scopeProfile: 'actor_client_v1',
-  scopes: new Set(['chat.read', 'chat.write', 'approval.read', 'approval.write', 'settings.read', 'settings.write', 'attachments.read', 'attachments.write', 'calls.read', 'calls.write', 'feature_flags.read', 'feature_flags.write']),
+  subject: "actor:self:test-guardian",
+  principalType: "actor",
+  assistantId: "self",
+  actorPrincipalId: "test-guardian",
+  scopeProfile: "actor_client_v1",
+  scopes: new Set([
+    "chat.read",
+    "chat.write",
+    "approval.read",
+    "approval.write",
+    "settings.read",
+    "settings.write",
+    "attachments.read",
+    "attachments.write",
+    "calls.read",
+    "calls.write",
+    "feature_flags.read",
+    "feature_flags.write",
+  ]),
   policyEpoch: 1,
 };
 
-describe('handleSendMessage canonical guardian reply interception', () => {
+describe("handleSendMessage canonical guardian reply interception", () => {
   beforeEach(() => {
     routeGuardianReplyMock.mockClear();
     listPendingByDestinationMock.mockClear();
@@ -79,18 +113,18 @@ describe('handleSendMessage canonical guardian reply interception', () => {
     addMessageMock.mockClear();
   });
 
-  test('consumes access-request code replies on desktop HTTP path without pending confirmations', async () => {
-    listPendingByDestinationMock.mockReturnValue([{ id: 'access-req-1' }]);
+  test("consumes access-request code replies on desktop HTTP path without pending confirmations", async () => {
+    listPendingByDestinationMock.mockReturnValue([{ id: "access-req-1" }]);
     listCanonicalMock.mockReturnValue([]);
     routeGuardianReplyMock.mockResolvedValue({
       consumed: true,
       decisionApplied: true,
-      type: 'canonical_decision_applied',
-      requestId: 'access-req-1',
-      replyText: 'Access approved. Verification code: 123456.',
+      type: "canonical_decision_applied",
+      requestId: "access-req-1",
+      replyText: "Access approved. Verification code: 123456.",
     });
 
-    const persistUserMessage = mock(async () => 'should-not-be-called');
+    const persistUserMessage = mock(async () => "should-not-be-called");
     const runAgentLoop = mock(async () => undefined);
     const session = {
       setGuardianContext: () => {},
@@ -102,58 +136,66 @@ describe('handleSendMessage canonical guardian reply interception', () => {
       isProcessing: () => false,
       hasAnyPendingConfirmation: () => false,
       denyAllPendingConfirmations: () => {},
-      enqueueMessage: () => ({ queued: true, requestId: 'queued-id' }),
+      enqueueMessage: () => ({ queued: true, requestId: "queued-id" }),
       persistUserMessage,
       runAgentLoop,
       getMessages: () => [] as unknown[],
-      assistantId: 'self',
+      assistantId: "self",
       guardianContext: undefined,
       hasPendingConfirmation: () => false,
-    } as unknown as import('../daemon/session.js').Session;
+    } as unknown as import("../daemon/session.js").Session;
 
-    const req = new Request('http://localhost/v1/messages', {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
+    const req = new Request("http://localhost/v1/messages", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
-        conversationKey: 'guardian-thread-key',
-        content: '05BECB approve',
-        sourceChannel: 'vellum',
-        interface: 'macos',
+        conversationKey: "guardian-thread-key",
+        content: "05BECB approve",
+        sourceChannel: "vellum",
+        interface: "macos",
       }),
     });
 
-    const res = await handleSendMessage(req, {
-      sendMessageDeps: {
-        getOrCreateSession: async () => session,
-        assistantEventHub: { publish: async () => {} } as any,
-        resolveAttachments: () => [],
+    const res = await handleSendMessage(
+      req,
+      {
+        sendMessageDeps: {
+          getOrCreateSession: async () => session,
+          assistantEventHub: { publish: async () => {} } as any,
+          resolveAttachments: () => [],
+        },
       },
-    }, testAuthContext);
+      testAuthContext,
+    );
 
     expect(res.status).toBe(202);
-    const body = await res.json() as { accepted: boolean; messageId?: string };
+    const body = (await res.json()) as {
+      accepted: boolean;
+      messageId?: string;
+    };
     expect(body.accepted).toBe(true);
-    expect(body.messageId).toBe('persisted-user-id');
+    expect(body.messageId).toBe("persisted-user-id");
 
     expect(routeGuardianReplyMock).toHaveBeenCalledTimes(1);
-    const routerCall = (routeGuardianReplyMock as any).mock.calls[0][0] as Record<string, unknown>;
-    expect(routerCall.messageText).toBe('05BECB approve');
-    expect(routerCall.pendingRequestIds).toEqual(['access-req-1']);
+    const routerCall = (routeGuardianReplyMock as any).mock
+      .calls[0][0] as Record<string, unknown>;
+    expect(routerCall.messageText).toBe("05BECB approve");
+    expect(routerCall.pendingRequestIds).toEqual(["access-req-1"]);
     expect(addMessageMock).toHaveBeenCalledTimes(2);
     expect(persistUserMessage).toHaveBeenCalledTimes(0);
     expect(runAgentLoop).toHaveBeenCalledTimes(0);
   });
 
-  test('passes undefined pendingRequestIds when no canonical hints are found', async () => {
+  test("passes undefined pendingRequestIds when no canonical hints are found", async () => {
     listPendingByDestinationMock.mockReturnValue([]);
     listCanonicalMock.mockReturnValue([]);
     routeGuardianReplyMock.mockResolvedValue({
       consumed: false,
       decisionApplied: false,
-      type: 'not_consumed',
+      type: "not_consumed",
     });
 
-    const persistUserMessage = mock(async () => 'persisted-user-id');
+    const persistUserMessage = mock(async () => "persisted-user-id");
     const runAgentLoop = mock(async () => undefined);
     const session = {
       setGuardianContext: () => {},
@@ -165,56 +207,61 @@ describe('handleSendMessage canonical guardian reply interception', () => {
       isProcessing: () => false,
       hasAnyPendingConfirmation: () => false,
       denyAllPendingConfirmations: () => {},
-      enqueueMessage: () => ({ queued: true, requestId: 'queued-id' }),
+      enqueueMessage: () => ({ queued: true, requestId: "queued-id" }),
       persistUserMessage,
       runAgentLoop,
       getMessages: () => [] as unknown[],
-      assistantId: 'self',
+      assistantId: "self",
       guardianContext: undefined,
       hasPendingConfirmation: () => false,
-    } as unknown as import('../daemon/session.js').Session;
+    } as unknown as import("../daemon/session.js").Session;
 
-    const req = new Request('http://localhost/v1/messages', {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
+    const req = new Request("http://localhost/v1/messages", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
-        conversationKey: 'guardian-thread-key',
-        content: 'hello there',
-        sourceChannel: 'vellum',
-        interface: 'macos',
+        conversationKey: "guardian-thread-key",
+        content: "hello there",
+        sourceChannel: "vellum",
+        interface: "macos",
       }),
     });
 
-    const res = await handleSendMessage(req, {
-      sendMessageDeps: {
-        getOrCreateSession: async () => session,
-        assistantEventHub: { publish: async () => {} } as any,
-        resolveAttachments: () => [],
+    const res = await handleSendMessage(
+      req,
+      {
+        sendMessageDeps: {
+          getOrCreateSession: async () => session,
+          assistantEventHub: { publish: async () => {} } as any,
+          resolveAttachments: () => [],
+        },
       },
-    }, testAuthContext);
+      testAuthContext,
+    );
 
     expect(res.status).toBe(202);
     expect(routeGuardianReplyMock).toHaveBeenCalledTimes(1);
-    const routerCall = (routeGuardianReplyMock as any).mock.calls[0][0] as Record<string, unknown>;
+    const routerCall = (routeGuardianReplyMock as any).mock
+      .calls[0][0] as Record<string, unknown>;
     expect(routerCall.pendingRequestIds).toBeUndefined();
     expect(persistUserMessage).toHaveBeenCalledTimes(1);
     expect(runAgentLoop).toHaveBeenCalledTimes(1);
   });
 
-  test('excludes stale tool_approval hints without a live pending confirmation', async () => {
+  test("excludes stale tool_approval hints without a live pending confirmation", async () => {
     listPendingByDestinationMock.mockReturnValue([
-      { id: 'tool-approval-live', kind: 'tool_approval' },
-      { id: 'tool-approval-stale', kind: 'tool_approval' },
-      { id: 'access-req-1', kind: 'access_request' },
+      { id: "tool-approval-live", kind: "tool_approval" },
+      { id: "tool-approval-stale", kind: "tool_approval" },
+      { id: "access-req-1", kind: "access_request" },
     ]);
     listCanonicalMock.mockReturnValue([]);
     routeGuardianReplyMock.mockResolvedValue({
       consumed: false,
       decisionApplied: false,
-      type: 'not_consumed',
+      type: "not_consumed",
     });
 
-    const persistUserMessage = mock(async () => 'persisted-user-id');
+    const persistUserMessage = mock(async () => "persisted-user-id");
     const runAgentLoop = mock(async () => undefined);
     const session = {
       setGuardianContext: () => {},
@@ -226,38 +273,51 @@ describe('handleSendMessage canonical guardian reply interception', () => {
       isProcessing: () => false,
       hasAnyPendingConfirmation: () => true,
       denyAllPendingConfirmations: () => {},
-      enqueueMessage: () => ({ queued: true, requestId: 'queued-id' }),
+      enqueueMessage: () => ({ queued: true, requestId: "queued-id" }),
       persistUserMessage,
       runAgentLoop,
       getMessages: () => [] as unknown[],
-      assistantId: 'self',
+      assistantId: "self",
       guardianContext: undefined,
-      hasPendingConfirmation: (requestId: string) => requestId === 'tool-approval-live',
-    } as unknown as import('../daemon/session.js').Session;
+      hasPendingConfirmation: (requestId: string) =>
+        requestId === "tool-approval-live",
+    } as unknown as import("../daemon/session.js").Session;
 
-    const req = new Request('http://localhost/v1/messages', {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
+    const req = new Request("http://localhost/v1/messages", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
-        conversationKey: 'guardian-thread-key',
-        content: 'approve',
-        sourceChannel: 'vellum',
-        interface: 'macos',
+        conversationKey: "guardian-thread-key",
+        content: "approve",
+        sourceChannel: "vellum",
+        interface: "macos",
       }),
     });
 
-    const res = await handleSendMessage(req, {
-      sendMessageDeps: {
-        getOrCreateSession: async () => session,
-        assistantEventHub: { publish: async () => {} } as any,
-        resolveAttachments: () => [],
+    const res = await handleSendMessage(
+      req,
+      {
+        sendMessageDeps: {
+          getOrCreateSession: async () => session,
+          assistantEventHub: { publish: async () => {} } as any,
+          resolveAttachments: () => [],
+        },
       },
-    }, testAuthContext);
+      testAuthContext,
+    );
 
     expect(res.status).toBe(202);
     expect(routeGuardianReplyMock).toHaveBeenCalledTimes(1);
-    const routerCall = (routeGuardianReplyMock as any).mock.calls[0][0] as Record<string, unknown>;
-    expect(routerCall.pendingRequestIds).toEqual(['tool-approval-live', 'access-req-1']);
-    expect((routerCall.pendingRequestIds as string[]).includes('tool-approval-stale')).toBe(false);
+    const routerCall = (routeGuardianReplyMock as any).mock
+      .calls[0][0] as Record<string, unknown>;
+    expect(routerCall.pendingRequestIds).toEqual([
+      "tool-approval-live",
+      "access-req-1",
+    ]);
+    expect(
+      (routerCall.pendingRequestIds as string[]).includes(
+        "tool-approval-stale",
+      ),
+    ).toBe(false);
   });
 });

package/src/__tests__/conversation-routes.test.ts

@@ -1,72 +1,102 @@
-import { describe, expect, mock, test } from 'bun:test';
+import { describe, expect, mock, test } from "bun:test";
 
-import type { RuntimeMessageSessionOptions } from '../runtime/http-types.js';
+mock.module("../config/env.js", () => ({ isHttpAuthDisabled: () => true }));
 
-mock.module('../util/logger.js', () => ({
-  getLogger: () => new Proxy({} as Record<string, unknown>, {
-    get: () => () => {},
-  }),
+import type { RuntimeMessageSessionOptions } from "../runtime/http-types.js";
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
 }));
 
-mock.module('../memory/conversation-key-store.js', () => ({
-  getOrCreateConversation: () => ({ conversationId: 'conv-legacy-test' }),
+mock.module("../memory/conversation-key-store.js", () => ({
+  getOrCreateConversation: () => ({ conversationId: "conv-legacy-test" }),
   getConversationByKey: () => null,
 }));
 
-mock.module('../memory/attachments-store.js', () => ({
+mock.module("../memory/attachments-store.js", () => ({
   getAttachmentsByIds: () => [],
 }));
 
-mock.module('../runtime/local-actor-identity.js', () => ({
-  resolveLocalIpcGuardianContext: (sourceChannel: string) => ({ trustClass: 'guardian', sourceChannel }),
+mock.module("../runtime/guardian-context-resolver.js", () => ({
+  resolveGuardianContext: (input: { sourceChannel?: string }) => ({
+    trustClass: "guardian",
+    sourceChannel: input.sourceChannel ?? "vellum",
+  }),
+  toGuardianRuntimeContext: (
+    sourceChannel: string,
+    ctx: Record<string, unknown>,
+  ) => ({
+    ...ctx,
+    sourceChannel,
+  }),
 }));
 
-import type { AuthContext } from '../runtime/auth/types.js';
-import { handleSendMessage } from '../runtime/routes/conversation-routes.js';
+import type { AuthContext } from "../runtime/auth/types.js";
+import { handleSendMessage } from "../runtime/routes/conversation-routes.js";
 
 /** Synthetic AuthContext for tests — mimics a local actor with full scopes. */
 const mockAuthContext: AuthContext = {
-  subject: 'actor:self:test-principal',
-  principalType: 'actor',
-  assistantId: 'self',
-  actorPrincipalId: 'test-principal',
-  scopeProfile: 'actor_client_v1',
-  scopes: new Set(['chat.read', 'chat.write', 'approval.read', 'approval.write']),
+  subject: "actor:self:test-principal",
+  principalType: "actor",
+  assistantId: "self",
+  actorPrincipalId: "test-principal",
+  scopeProfile: "actor_client_v1",
+  scopes: new Set([
+    "chat.read",
+    "chat.write",
+    "approval.read",
+    "approval.write",
+  ]),
   policyEpoch: 1,
 };
 
-describe('handleSendMessage', () => {
-  test('legacy fallback passes guardian context to processor', async () => {
+describe("handleSendMessage", () => {
+  test("legacy fallback passes guardian context to processor", async () => {
     let capturedOptions: RuntimeMessageSessionOptions | undefined;
     let capturedSourceChannel: string | undefined;
 
-    const req = new Request('http://localhost/v1/messages', {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
+    const req = new Request("http://localhost/v1/messages", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
-        conversationKey: 'legacy-fallback-key',
-        content: 'Hello from legacy fallback',
-        sourceChannel: 'telegram',
-        interface: 'telegram',
+        conversationKey: "legacy-fallback-key",
+        content: "Hello from legacy fallback",
+        sourceChannel: "telegram",
+        interface: "telegram",
       }),
     });
 
-    const res = await handleSendMessage(req, {
-      processMessage: async (_conversationId, _content, _attachmentIds, options, sourceChannel) => {
-        capturedOptions = options;
-        capturedSourceChannel = sourceChannel;
-        return { messageId: 'msg-legacy-fallback' };
+    const res = await handleSendMessage(
+      req,
+      {
+        processMessage: async (
+          _conversationId,
+          _content,
+          _attachmentIds,
+          options,
+          sourceChannel,
+        ) => {
+          capturedOptions = options;
+          capturedSourceChannel = sourceChannel;
+          return { messageId: "msg-legacy-fallback" };
+        },
       },
-    }, mockAuthContext);
+      mockAuthContext,
+    );
 
-    const body = await res.json() as { accepted: boolean; messageId: string };
+    const body = (await res.json()) as { accepted: boolean; messageId: string };
     expect(res.status).toBe(202);
     expect(body.accepted).toBe(true);
-    expect(body.messageId).toBe('msg-legacy-fallback');
-    expect(capturedSourceChannel).toBe('telegram');
-    expect(capturedOptions?.guardianContext).toEqual(expect.objectContaining({
-      trustClass: 'guardian',
-      sourceChannel: 'telegram',
-    }));
+    expect(body.messageId).toBe("msg-legacy-fallback");
+    expect(capturedSourceChannel).toBe("telegram");
+    expect(capturedOptions?.guardianContext).toEqual(
+      expect.objectContaining({
+        trustClass: "guardian",
+        sourceChannel: "telegram",
+      }),
+    );
   });
 });