npm - @vellumai/assistant - Versions diffs - 0.4.16 → 0.4.18 - Mend

@vellumai/assistant 0.4.16 → 0.4.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (536) hide show

package/Dockerfile +6 -6
package/README.md +1 -2
package/eslint.config.mjs +2 -2
package/package.json +1 -1
package/src/__tests__/access-request-decision.test.ts +128 -120
package/src/__tests__/account-registry.test.ts +121 -110
package/src/__tests__/active-skill-tools.test.ts +200 -172
package/src/__tests__/actor-token-service.test.ts +341 -274
package/src/__tests__/agent-loop-thinking.test.ts +28 -19
package/src/__tests__/agent-loop.test.ts +798 -378
package/src/__tests__/anthropic-provider.test.ts +405 -247
package/src/__tests__/app-builder-tool-scripts.test.ts +97 -97
package/src/__tests__/app-bundler.test.ts +112 -79
package/src/__tests__/app-executors.test.ts +205 -178
package/src/__tests__/app-git-history.test.ts +90 -73
package/src/__tests__/app-git-service.test.ts +67 -53
package/src/__tests__/app-open-proxy.test.ts +29 -25
package/src/__tests__/approval-conversation-turn.test.ts +100 -81
package/src/__tests__/approval-hardcoded-copy-guard.test.ts +45 -17
package/src/__tests__/approval-message-composer.test.ts +119 -119
package/src/__tests__/approval-primitive.test.ts +264 -233
package/src/__tests__/approval-routes-http.test.ts +4 -3
package/src/__tests__/asset-materialize-tool.test.ts +250 -178
package/src/__tests__/asset-search-tool.test.ts +251 -191
package/src/__tests__/assistant-attachment-directive.test.ts +187 -142
package/src/__tests__/assistant-attachments.test.ts +254 -186
package/src/__tests__/assistant-event-hub.test.ts +105 -63
package/src/__tests__/assistant-event.test.ts +66 -58
package/src/__tests__/assistant-events-sse-hardening.test.ts +113 -73
package/src/__tests__/assistant-feature-flag-guard.test.ts +78 -52
package/src/__tests__/assistant-feature-flag-guardrails.test.ts +48 -45
package/src/__tests__/assistant-feature-flags-integration.test.ts +118 -77
package/src/__tests__/assistant-id-boundary-guard.test.ts +158 -104
package/src/__tests__/attachments-store.test.ts +240 -183
package/src/__tests__/attachments.test.ts +70 -62
package/src/__tests__/audit-log-rotation.test.ts +50 -35
package/src/__tests__/browser-fill-credential.test.ts +169 -101
package/src/__tests__/browser-manager.test.ts +97 -75
package/src/__tests__/browser-runtime-check.test.ts +16 -15
package/src/__tests__/browser-skill-baseline-tool-payload.test.ts +12 -10
package/src/__tests__/browser-skill-endstate.test.ts +97 -72
package/src/__tests__/bundle-scanner.test.ts +47 -22
package/src/__tests__/bundled-asset.test.ts +74 -47
package/src/__tests__/call-constants.test.ts +19 -19
package/src/__tests__/call-controller.test.ts +1073 -751
package/src/__tests__/call-conversation-messages.test.ts +90 -65
package/src/__tests__/call-domain.test.ts +149 -121
package/src/__tests__/call-pointer-message-composer.test.ts +113 -83
package/src/__tests__/call-pointer-messages.test.ts +213 -154
package/src/__tests__/call-pointer-no-hardcoded-copy.guard.test.ts +9 -10
package/src/__tests__/call-recovery.test.ts +232 -212
package/src/__tests__/call-routes-http.test.ts +328 -279
package/src/__tests__/call-start-guardian-guard.test.ts +32 -30
package/src/__tests__/call-state-machine.test.ts +62 -51
package/src/__tests__/call-state.test.ts +89 -75
package/src/__tests__/call-store.test.ts +387 -316
package/src/__tests__/callback-handoff-copy.test.ts +84 -82
package/src/__tests__/canonical-guardian-store.test.ts +331 -280
package/src/__tests__/channel-approval-routes.test.ts +1643 -1126
package/src/__tests__/channel-approval.test.ts +139 -137
package/src/__tests__/channel-approvals.test.ts +226 -182
package/src/__tests__/channel-delivery-store.test.ts +232 -194
package/src/__tests__/channel-guardian.test.ts +6 -3
package/src/__tests__/channel-invite-transport.test.ts +107 -92
package/src/__tests__/channel-policy.test.ts +42 -38
package/src/__tests__/channel-readiness-service.test.ts +119 -102
package/src/__tests__/channel-reply-delivery.test.ts +147 -118
package/src/__tests__/channel-retry-sweep.test.ts +153 -110
package/src/__tests__/checker.test.ts +3309 -1850
package/src/__tests__/clarification-resolver.test.ts +91 -79
package/src/__tests__/classifier.test.ts +64 -54
package/src/__tests__/claude-code-skill-regression.test.ts +42 -37
package/src/__tests__/claude-code-tool-profiles.test.ts +31 -29
package/src/__tests__/clawhub.test.ts +92 -82
package/src/__tests__/cli.test.ts +30 -30
package/src/__tests__/clipboard.test.ts +53 -46
package/src/__tests__/commit-guarantee.test.ts +59 -52
package/src/__tests__/commit-message-enrichment-service.test.ts +203 -75
package/src/__tests__/compaction.benchmark.test.ts +33 -31
package/src/__tests__/computer-use-session-compaction.test.ts +60 -50
package/src/__tests__/computer-use-session-lifecycle.test.ts +145 -117
package/src/__tests__/computer-use-session-working-dir.test.ts +62 -48
package/src/__tests__/computer-use-skill-baseline.test.ts +22 -19
package/src/__tests__/computer-use-skill-endstate.test.ts +45 -31
package/src/__tests__/computer-use-skill-lifecycle-cleanup.test.ts +121 -88
package/src/__tests__/computer-use-skill-manifest-regression.test.ts +65 -42
package/src/__tests__/computer-use-skill-proxy-bridge.test.ts +33 -18
package/src/__tests__/computer-use-tools.test.ts +121 -98
package/src/__tests__/config-schema.test.ts +443 -347
package/src/__tests__/config-watcher.test.ts +96 -81
package/src/__tests__/confirmation-request-guardian-bridge.test.ts +148 -133
package/src/__tests__/conflict-intent-tokenization.test.ts +96 -78
package/src/__tests__/conflict-policy.test.ts +151 -80
package/src/__tests__/conflict-store.test.ts +203 -157
package/src/__tests__/connection-policy.test.ts +89 -59
package/src/__tests__/contacts-tools.test.ts +247 -178
package/src/__tests__/context-memory-e2e.test.ts +306 -214
package/src/__tests__/context-token-estimator.test.ts +114 -74
package/src/__tests__/context-window-manager.test.ts +269 -167
package/src/__tests__/contradiction-checker.test.ts +161 -135
package/src/__tests__/conversation-attention-store.test.ts +350 -290
package/src/__tests__/conversation-attention-telegram.test.ts +156 -114
package/src/__tests__/conversation-pairing.test.ts +220 -113
package/src/__tests__/conversation-routes-guardian-reply.test.ts +164 -104
package/src/__tests__/conversation-routes.test.ts +71 -41
package/src/__tests__/conversation-store.test.ts +390 -235
package/src/__tests__/credential-broker-browser-fill.test.ts +325 -250
package/src/__tests__/credential-broker-server-use.test.ts +283 -243
package/src/__tests__/credential-broker.test.ts +128 -74
package/src/__tests__/credential-host-pattern-match.test.ts +64 -44
package/src/__tests__/credential-metadata-store.test.ts +360 -311
package/src/__tests__/credential-policy-validate.test.ts +81 -65
package/src/__tests__/credential-resolve.test.ts +212 -145
package/src/__tests__/credential-security-e2e.test.ts +144 -103
package/src/__tests__/credential-security-invariants.test.ts +253 -208
package/src/__tests__/credential-selection.test.ts +254 -146
package/src/__tests__/credential-vault-unit.test.ts +531 -341
package/src/__tests__/credential-vault.test.ts +761 -484
package/src/__tests__/daemon-assistant-events.test.ts +91 -66
package/src/__tests__/daemon-lifecycle.test.ts +258 -190
package/src/__tests__/daemon-server-session-init.test.ts +257 -191
package/src/__tests__/date-context.test.ts +314 -249
package/src/__tests__/db-migration-rollback.test.ts +259 -130
package/src/__tests__/db-schedule-syntax-migration.test.ts +78 -41
package/src/__tests__/delete-managed-skill-tool.test.ts +77 -53
package/src/__tests__/deterministic-verification-control-plane.test.ts +183 -135
package/src/__tests__/dictation-mode-detection.test.ts +77 -55
package/src/__tests__/dictation-profile-store.test.ts +70 -56
package/src/__tests__/dictation-text-processing.test.ts +53 -35
package/src/__tests__/diff.test.ts +102 -98
package/src/__tests__/domain-normalize.test.ts +54 -54
package/src/__tests__/domain-policy.test.ts +71 -55
package/src/__tests__/dynamic-page-surface.test.ts +31 -33
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +69 -69
package/src/__tests__/edit-engine.test.ts +56 -56
package/src/__tests__/elevenlabs-client.test.ts +117 -91
package/src/__tests__/elevenlabs-config.test.ts +32 -31
package/src/__tests__/email-classifier.test.ts +15 -12
package/src/__tests__/email-cli.test.ts +121 -108
package/src/__tests__/emit-signal-routing-intent.test.ts +76 -69
package/src/__tests__/encrypted-store.test.ts +180 -154
package/src/__tests__/entity-extractor.test.ts +108 -87
package/src/__tests__/entity-search.test.ts +664 -258
package/src/__tests__/ephemeral-permissions.test.ts +224 -188
package/src/__tests__/event-bus.test.ts +81 -77
package/src/__tests__/extract-email.test.ts +51 -0
package/src/__tests__/file-edit-tool.test.ts +62 -44
package/src/__tests__/file-ops-service.test.ts +131 -114
package/src/__tests__/file-read-tool.test.ts +48 -31
package/src/__tests__/file-write-tool.test.ts +43 -37
package/src/__tests__/filesystem-tools.test.ts +238 -209
package/src/__tests__/followup-tools.test.ts +237 -162
package/src/__tests__/forbidden-legacy-symbols.test.ts +19 -20
package/src/__tests__/frontmatter.test.ts +96 -81
package/src/__tests__/fuzzy-match-property.test.ts +75 -81
package/src/__tests__/fuzzy-match.test.ts +71 -65
package/src/__tests__/gateway-client-managed-outbound.test.ts +76 -57
package/src/__tests__/gateway-only-enforcement.test.ts +467 -369
package/src/__tests__/gateway-only-guard.test.ts +54 -56
package/src/__tests__/gemini-image-service.test.ts +113 -100
package/src/__tests__/gemini-provider.test.ts +297 -220
package/src/__tests__/get-weather.test.ts +188 -114
package/src/__tests__/gmail-integration.test.ts +47 -46
package/src/__tests__/guardian-action-conversation-turn.test.ts +226 -171
package/src/__tests__/guardian-action-copy-generator.test.ts +111 -93
package/src/__tests__/guardian-action-followup-executor.test.ts +215 -151
package/src/__tests__/guardian-action-followup-store.test.ts +199 -167
package/src/__tests__/guardian-action-grant-mint-consume.test.ts +297 -250
package/src/__tests__/guardian-action-late-reply.test.ts +462 -316
package/src/__tests__/guardian-action-no-hardcoded-copy.test.ts +23 -18
package/src/__tests__/guardian-action-store.test.ts +158 -109
package/src/__tests__/guardian-action-sweep.test.ts +114 -100
package/src/__tests__/guardian-actions-endpoint.test.ts +440 -256
package/src/__tests__/guardian-control-plane-policy.test.ts +497 -331
package/src/__tests__/guardian-decision-primitive-canonical.test.ts +217 -215
package/src/__tests__/guardian-dispatch.test.ts +316 -256
package/src/__tests__/guardian-grant-minting.test.ts +247 -178
package/src/__tests__/guardian-outbound-http.test.ts +337 -209
package/src/__tests__/guardian-principal-id-roundtrip.test.ts +99 -96
package/src/__tests__/guardian-question-copy.test.ts +17 -17
package/src/__tests__/guardian-question-mode.test.ts +134 -100
package/src/__tests__/guardian-routing-invariants.test.ts +679 -613
package/src/__tests__/guardian-routing-state.test.ts +256 -209
package/src/__tests__/guardian-verification-intent-routing.test.ts +94 -88
package/src/__tests__/guardian-verification-voice-binding.test.ts +47 -41
package/src/__tests__/guardian-verify-setup-skill-regression.test.ts +0 -1
package/src/__tests__/handle-user-message-secret-resume.test.ts +43 -21
package/src/__tests__/handlers-add-trust-rule-metadata.test.ts +92 -76
package/src/__tests__/handlers-cu-observation-blob.test.ts +103 -70
package/src/__tests__/handlers-ipc-blob-probe.test.ts +77 -51
package/src/__tests__/handlers-slack-config.test.ts +63 -54
package/src/__tests__/handlers-task-submit-slash.test.ts +18 -18
package/src/__tests__/handlers-telegram-config.test.ts +662 -329
package/src/__tests__/handlers-twitter-config.test.ts +525 -298
package/src/__tests__/handlers-user-message-approval-consumption.test.ts +270 -195
package/src/__tests__/headless-browser-interactions.test.ts +444 -280
package/src/__tests__/headless-browser-navigate.test.ts +116 -79
package/src/__tests__/headless-browser-read-tools.test.ts +123 -86
package/src/__tests__/headless-browser-snapshot.test.ts +71 -56
package/src/__tests__/heartbeat-service.test.ts +76 -58
package/src/__tests__/history-repair-observability.test.ts +14 -14
package/src/__tests__/history-repair.test.ts +171 -167
package/src/__tests__/home-base-bootstrap.test.ts +30 -27
package/src/__tests__/hooks-blocking.test.ts +86 -37
package/src/__tests__/hooks-cli.test.ts +104 -68
package/src/__tests__/hooks-config.test.ts +81 -43
package/src/__tests__/hooks-discovery.test.ts +106 -96
package/src/__tests__/hooks-integration.test.ts +78 -72
package/src/__tests__/hooks-manager.test.ts +99 -61
package/src/__tests__/hooks-runner.test.ts +94 -71
package/src/__tests__/hooks-settings.test.ts +69 -64
package/src/__tests__/hooks-templates.test.ts +85 -54
package/src/__tests__/hooks-ts-runner.test.ts +82 -45
package/src/__tests__/hooks-watch.test.ts +32 -22
package/src/__tests__/host-file-edit-tool.test.ts +190 -148
package/src/__tests__/host-file-read-tool.test.ts +86 -63
package/src/__tests__/host-file-write-tool.test.ts +98 -64
package/src/__tests__/host-shell-tool.test.ts +342 -233
package/src/__tests__/inbound-invite-redemption.test.ts +194 -152
package/src/__tests__/ingress-member-store.test.ts +163 -159
package/src/__tests__/ingress-reconcile.test.ts +183 -142
package/src/__tests__/ingress-routes-http.test.ts +441 -356
package/src/__tests__/ingress-url-consistency.test.ts +125 -64
package/src/__tests__/integration-status.test.ts +93 -73
package/src/__tests__/intent-routing.test.ts +148 -118
package/src/__tests__/invite-redemption-service.test.ts +163 -121
package/src/__tests__/ipc-blob-store.test.ts +104 -91
package/src/__tests__/ipc-contract-inventory.test.ts +27 -15
package/src/__tests__/ipc-contract.test.ts +24 -23
package/src/__tests__/ipc-protocol.test.ts +52 -46
package/src/__tests__/ipc-roundtrip.benchmark.test.ts +61 -50
package/src/__tests__/ipc-snapshot.test.ts +1135 -1056
package/src/__tests__/ipc-validate.test.ts +240 -179
package/src/__tests__/key-migration.test.ts +123 -90
package/src/__tests__/keychain.test.ts +150 -123
package/src/__tests__/lifecycle-docs-guard.test.ts +65 -64
package/src/__tests__/llm-usage-store.test.ts +112 -87
package/src/__tests__/managed-skill-lifecycle.test.ts +147 -108
package/src/__tests__/managed-store.test.ts +411 -360
package/src/__tests__/mcp-cli.test.ts +189 -123
package/src/__tests__/mcp-health-check.test.ts +26 -21
package/src/__tests__/media-generate-image.test.ts +122 -99
package/src/__tests__/media-reuse-story.e2e.test.ts +282 -214
package/src/__tests__/media-visibility-policy.test.ts +86 -38
package/src/__tests__/memory-context-benchmark.benchmark.test.ts +146 -100
package/src/__tests__/memory-lifecycle-e2e.test.ts +385 -297
package/src/__tests__/memory-query-builder.test.ts +32 -33
package/src/__tests__/memory-recall-quality.test.ts +761 -407
package/src/__tests__/memory-regressions.experimental.test.ts +443 -380
package/src/__tests__/memory-regressions.test.ts +3725 -2642
package/src/__tests__/memory-retrieval-budget.test.ts +7 -8
package/src/__tests__/memory-retrieval.benchmark.test.ts +144 -109
package/src/__tests__/memory-upsert-concurrency.test.ts +292 -201
package/src/__tests__/messaging-send-tool.test.ts +36 -29
package/src/__tests__/migration-cli-flows.test.ts +69 -53
package/src/__tests__/migration-ordering.test.ts +103 -86
package/src/__tests__/mime-builder.test.ts +55 -32
package/src/__tests__/mock-signup-server.test.ts +384 -246
package/src/__tests__/model-intents.test.ts +61 -37
package/src/__tests__/no-direct-anthropic-sdk-imports.test.ts +9 -12
package/src/__tests__/no-is-trusted-guard.test.ts +24 -21
package/src/__tests__/non-member-access-request.test.ts +294 -249
package/src/__tests__/notification-broadcaster.test.ts +99 -81
package/src/__tests__/notification-decision-fallback.test.ts +223 -178
package/src/__tests__/notification-decision-strategy.test.ts +375 -337
package/src/__tests__/notification-deep-link.test.ts +67 -61
package/src/__tests__/notification-guardian-path.test.ts +248 -206
package/src/__tests__/notification-routing-intent.test.ts +166 -93
package/src/__tests__/notification-telegram-adapter.test.ts +60 -46
package/src/__tests__/notification-thread-candidate-validation.test.ts +78 -75
package/src/__tests__/notification-thread-candidates.test.ts +64 -61
package/src/__tests__/oauth-callback-registry.test.ts +40 -30
package/src/__tests__/oauth-connect-handler.test.ts +109 -89
package/src/__tests__/oauth-scope-policy.test.ts +63 -55
package/src/__tests__/oauth2-gateway-transport.test.ts +252 -174
package/src/__tests__/onboarding-starter-tasks.test.ts +93 -89
package/src/__tests__/onboarding-template-contract.test.ts +93 -94
package/src/__tests__/openai-provider.test.ts +366 -274
package/src/__tests__/pairing-concurrent.test.ts +18 -12
package/src/__tests__/pairing-routes.test.ts +45 -41
package/src/__tests__/parallel-tool.benchmark.test.ts +108 -58
package/src/__tests__/parser.test.ts +316 -226
package/src/__tests__/path-classifier.test.ts +24 -25
package/src/__tests__/path-policy.test.ts +187 -147
package/src/__tests__/phone.test.ts +36 -36
package/src/__tests__/platform-move-helper.test.ts +48 -40
package/src/__tests__/platform-socket-path.test.ts +23 -24
package/src/__tests__/platform-workspace-migration.test.ts +464 -414
package/src/__tests__/platform.test.ts +61 -53
package/src/__tests__/playbook-execution.test.ts +397 -265
package/src/__tests__/playbook-tools.test.ts +267 -196
package/src/__tests__/prebuilt-home-base-seed.test.ts +30 -27
package/src/__tests__/pricing.test.ts +316 -136
package/src/__tests__/profile-compiler.test.ts +206 -188
package/src/__tests__/provider-commit-message-generator.test.ts +114 -106
package/src/__tests__/provider-error-scenarios.test.ts +212 -158
package/src/__tests__/provider-fail-open-selection.test.ts +51 -44
package/src/__tests__/provider-registry-ollama.test.ts +13 -9
package/src/__tests__/provider-streaming.benchmark.test.ts +232 -183
package/src/__tests__/proxy-approval-callback.test.ts +180 -119
package/src/__tests__/public-ingress-urls.test.ts +112 -94
package/src/__tests__/qdrant-manager.test.ts +147 -98
package/src/__tests__/ratelimit.test.ts +152 -82
package/src/__tests__/recording-handler.test.ts +273 -151
package/src/__tests__/recording-intent-fallback.test.ts +94 -75
package/src/__tests__/recording-intent-handler.test.ts +422 -292
package/src/__tests__/recording-intent.test.ts +578 -379
package/src/__tests__/recording-state-machine.test.ts +530 -316
package/src/__tests__/recurrence-engine-rruleset.test.ts +150 -92
package/src/__tests__/recurrence-engine.test.ts +81 -41
package/src/__tests__/recurrence-types.test.ts +63 -44
package/src/__tests__/relay-server.test.ts +2131 -1602
package/src/__tests__/reminder-store.test.ts +158 -80
package/src/__tests__/reminder.test.ts +113 -109
package/src/__tests__/remote-skill-policy.test.ts +96 -72
package/src/__tests__/request-file-tool.test.ts +74 -67
package/src/__tests__/response-tier.test.ts +131 -74
package/src/__tests__/runtime-attachment-metadata.test.ts +107 -70
package/src/__tests__/runtime-events-sse-parity.test.ts +167 -145
package/src/__tests__/runtime-events-sse.test.ts +67 -51
package/src/__tests__/sandbox-diagnostics.test.ts +66 -56
package/src/__tests__/sandbox-host-parity.test.ts +377 -301
package/src/__tests__/scaffold-managed-skill-tool.test.ts +213 -161
package/src/__tests__/schedule-store.test.ts +268 -205
package/src/__tests__/schedule-tools.test.ts +702 -524
package/src/__tests__/scheduler-recurrence.test.ts +240 -130
package/src/__tests__/scoped-approval-grants.test.ts +258 -168
package/src/__tests__/scoped-grant-security-matrix.test.ts +160 -146
package/src/__tests__/script-proxy-certs.test.ts +38 -35
package/src/__tests__/script-proxy-connect-tunnel.test.ts +71 -46
package/src/__tests__/script-proxy-decision-trace.test.ts +161 -84
package/src/__tests__/script-proxy-http-forwarder.test.ts +146 -129
package/src/__tests__/script-proxy-injection-runtime.test.ts +139 -113
package/src/__tests__/script-proxy-mitm-handler.test.ts +226 -142
package/src/__tests__/script-proxy-policy-runtime.test.ts +126 -86
package/src/__tests__/script-proxy-policy.test.ts +308 -153
package/src/__tests__/script-proxy-rewrite-specificity.test.ts +74 -62
package/src/__tests__/script-proxy-router.test.ts +111 -77
package/src/__tests__/script-proxy-session-manager.test.ts +156 -113
package/src/__tests__/script-proxy-session-runtime.test.ts +28 -24
package/src/__tests__/secret-allowlist.test.ts +105 -90
package/src/__tests__/secret-ingress-handler.test.ts +41 -30
package/src/__tests__/secret-onetime-send.test.ts +67 -50
package/src/__tests__/secret-prompt-log-hygiene.test.ts +35 -31
package/src/__tests__/secret-response-routing.test.ts +50 -41
package/src/__tests__/secret-scanner-executor.test.ts +152 -111
package/src/__tests__/secret-scanner.test.ts +495 -413
package/src/__tests__/secure-keys.test.ts +132 -121
package/src/__tests__/send-endpoint-busy.test.ts +313 -232
package/src/__tests__/send-notification-tool.test.ts +43 -42
package/src/__tests__/sensitive-output-placeholders.test.ts +72 -64
package/src/__tests__/sequence-store.test.ts +335 -167
package/src/__tests__/server-history-render.test.ts +341 -202
package/src/__tests__/session-abort-tool-results.test.ts +133 -70
package/src/__tests__/session-approval-overrides.test.ts +93 -91
package/src/__tests__/session-confirmation-signals.test.ts +252 -160
package/src/__tests__/session-conflict-gate.test.ts +775 -585
package/src/__tests__/session-error.test.ts +222 -191
package/src/__tests__/session-evictor.test.ts +79 -62
package/src/__tests__/session-init.benchmark.test.ts +170 -108
package/src/__tests__/session-load-history-repair.test.ts +273 -139
package/src/__tests__/session-messaging-secret-redirect.test.ts +130 -90
package/src/__tests__/session-pre-run-repair.test.ts +106 -59
package/src/__tests__/session-profile-injection.test.ts +198 -130
package/src/__tests__/session-provider-retry-repair.test.ts +223 -141
package/src/__tests__/session-queue.test.ts +624 -321
package/src/__tests__/session-runtime-assembly.test.ts +425 -329
package/src/__tests__/session-runtime-workspace.test.ts +69 -61
package/src/__tests__/session-skill-tools.test.ts +973 -678
package/src/__tests__/session-slash-known.test.ts +185 -133
package/src/__tests__/session-slash-queue.test.ts +147 -81
package/src/__tests__/session-slash-unknown.test.ts +135 -90
package/src/__tests__/session-surfaces-task-progress.test.ts +122 -87
package/src/__tests__/session-tool-setup-app-refresh.test.ts +338 -177
package/src/__tests__/session-tool-setup-memory-scope.test.ts +63 -40
package/src/__tests__/session-tool-setup-side-effect-flag.test.ts +60 -37
package/src/__tests__/session-tool-setup-tools-disabled.test.ts +28 -26
package/src/__tests__/session-undo.test.ts +43 -30
package/src/__tests__/session-workspace-cache-state.test.ts +108 -67
package/src/__tests__/session-workspace-injection.test.ts +245 -117
package/src/__tests__/session-workspace-tool-tracking.test.ts +260 -93
package/src/__tests__/shared-filesystem-errors.test.ts +47 -47
package/src/__tests__/shell-credential-ref.test.ts +126 -90
package/src/__tests__/shell-identity.test.ts +134 -111
package/src/__tests__/shell-parser-fuzz.test.ts +263 -179
package/src/__tests__/shell-parser-property.test.ts +435 -288
package/src/__tests__/shell-tool-proxy-mode.test.ts +142 -70
package/src/__tests__/size-guard.test.ts +42 -44
package/src/__tests__/skill-feature-flags-integration.test.ts +79 -52
package/src/__tests__/skill-feature-flags.test.ts +75 -47
package/src/__tests__/skill-include-graph.test.ts +143 -148
package/src/__tests__/skill-load-feature-flag.test.ts +94 -59
package/src/__tests__/skill-load-tool.test.ts +371 -199
package/src/__tests__/skill-projection-feature-flag.test.ts +131 -88
package/src/__tests__/skill-projection.benchmark.test.ts +93 -65
package/src/__tests__/skill-script-runner-host.test.ts +460 -250
package/src/__tests__/skill-script-runner-sandbox.test.ts +168 -108
package/src/__tests__/skill-script-runner.test.ts +115 -74
package/src/__tests__/skill-tool-factory.test.ts +140 -96
package/src/__tests__/skill-tool-manifest.test.ts +306 -210
package/src/__tests__/skill-version-hash.test.ts +70 -56
package/src/__tests__/skills.test.ts +0 -1
package/src/__tests__/slack-channel-config.test.ts +127 -84
package/src/__tests__/slack-skill.test.ts +60 -47
package/src/__tests__/slash-commands-catalog.test.ts +37 -31
package/src/__tests__/slash-commands-parser.test.ts +71 -64
package/src/__tests__/slash-commands-resolver.test.ts +143 -107
package/src/__tests__/slash-commands-rewrite.test.ts +22 -22
package/src/__tests__/sms-messaging-provider.test.ts +74 -47
package/src/__tests__/speaker-identification.test.ts +28 -25
package/src/__tests__/starter-bundle.test.ts +27 -23
package/src/__tests__/starter-task-flow.test.ts +67 -52
package/src/__tests__/subagent-manager-notify.test.ts +154 -108
package/src/__tests__/subagent-tools.test.ts +311 -270
package/src/__tests__/subagent-types.test.ts +40 -40
package/src/__tests__/surface-mutex-cleanup.test.ts +42 -30
package/src/__tests__/swarm-dag-pathological.test.ts +122 -111
package/src/__tests__/swarm-orchestrator.test.ts +135 -101
package/src/__tests__/swarm-plan-validator.test.ts +125 -73
package/src/__tests__/swarm-recursion.test.ts +58 -46
package/src/__tests__/swarm-router-planner.test.ts +99 -74
package/src/__tests__/swarm-session-integration.test.ts +148 -91
package/src/__tests__/swarm-tool.test.ts +65 -45
package/src/__tests__/swarm-worker-backend.test.ts +59 -45
package/src/__tests__/swarm-worker-runner.test.ts +133 -118
package/src/__tests__/system-prompt.test.ts +290 -256
package/src/__tests__/task-compiler.test.ts +176 -120
package/src/__tests__/task-management-tools.test.ts +561 -456
package/src/__tests__/task-memory-cleanup.test.ts +627 -362
package/src/__tests__/task-runner.test.ts +117 -94
package/src/__tests__/task-scheduler.test.ts +113 -84
package/src/__tests__/task-tools.test.ts +349 -264
package/src/__tests__/terminal-sandbox.test.ts +138 -108
package/src/__tests__/terminal-tools.test.ts +350 -305
package/src/__tests__/thread-seed-composer.test.ts +307 -180
package/src/__tests__/tool-approval-handler.test.ts +238 -137
package/src/__tests__/tool-audit-listener.test.ts +69 -69
package/src/__tests__/tool-domain-event-publisher.test.ts +142 -132
package/src/__tests__/tool-execution-abort-cleanup.test.ts +153 -146
package/src/__tests__/tool-execution-pipeline.benchmark.test.ts +136 -105
package/src/__tests__/tool-executor-lifecycle-events.test.ts +355 -239
package/src/__tests__/tool-executor-redaction.test.ts +112 -109
package/src/__tests__/tool-executor-shell-integration.test.ts +130 -79
package/src/__tests__/tool-executor.test.ts +1274 -674
package/src/__tests__/tool-grant-request-escalation.test.ts +401 -283
package/src/__tests__/tool-metrics-listener.test.ts +97 -85
package/src/__tests__/tool-notification-listener.test.ts +42 -25
package/src/__tests__/tool-permission-simulate-handler.test.ts +137 -113
package/src/__tests__/tool-policy.test.ts +44 -25
package/src/__tests__/tool-profiling-listener.test.ts +99 -93
package/src/__tests__/tool-result-truncation.test.ts +5 -4
package/src/__tests__/tool-trace-listener.test.ts +131 -111
package/src/__tests__/top-level-renderer.test.ts +62 -58
package/src/__tests__/top-level-scanner.test.ts +68 -64
package/src/__tests__/trace-emitter.test.ts +56 -56
package/src/__tests__/trust-context-guards.test.ts +65 -65
package/src/__tests__/trust-store.test.ts +1239 -806
package/src/__tests__/trusted-contact-approval-notifier.test.ts +339 -275
package/src/__tests__/trusted-contact-inline-approval-integration.test.ts +484 -373
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +264 -241
package/src/__tests__/trusted-contact-multichannel.test.ts +182 -142
package/src/__tests__/trusted-contact-verification.test.ts +251 -231
package/src/__tests__/turn-commit.test.ts +259 -200
package/src/__tests__/twilio-config.test.ts +49 -41
package/src/__tests__/twilio-provider.test.ts +140 -126
package/src/__tests__/twilio-rest.test.ts +22 -18
package/src/__tests__/twilio-routes-elevenlabs.test.ts +188 -162
package/src/__tests__/twilio-routes-twiml.test.ts +55 -55
package/src/__tests__/twilio-routes.test.ts +389 -281
package/src/__tests__/twitter-auth-handler.test.ts +184 -139
package/src/__tests__/twitter-cli-error-shaping.test.ts +88 -73
package/src/__tests__/twitter-cli-routing.test.ts +146 -99
package/src/__tests__/twitter-oauth-client.test.ts +82 -65
package/src/__tests__/update-bulletin-format.test.ts +69 -66
package/src/__tests__/update-bulletin-state.test.ts +66 -60
package/src/__tests__/update-bulletin.test.ts +150 -114
package/src/__tests__/update-template-contract.test.ts +15 -10
package/src/__tests__/url-safety.test.ts +288 -265
package/src/__tests__/user-reference.test.ts +32 -32
package/src/__tests__/view-image-tool.test.ts +118 -96
package/src/__tests__/voice-invite-redemption.test.ts +111 -106
package/src/__tests__/voice-quality.test.ts +117 -102
package/src/__tests__/voice-scoped-grant-consumer.test.ts +204 -146
package/src/__tests__/voice-session-bridge.test.ts +351 -216
package/src/__tests__/weather-skill-regression.test.ts +170 -120
package/src/__tests__/web-fetch.test.ts +664 -526
package/src/__tests__/web-search.test.ts +379 -213
package/src/__tests__/work-item-output.test.ts +90 -53
package/src/__tests__/workspace-git-service.test.ts +437 -356
package/src/__tests__/workspace-heartbeat-service.test.ts +125 -91
package/src/__tests__/workspace-lifecycle.test.ts +98 -64
package/src/__tests__/workspace-policy.test.ts +139 -71
package/src/commands/__tests__/cc-command-registry.test.ts +142 -134
package/src/config/__tests__/feature-flag-registry-guard.test.ts +48 -39
package/src/config/bundled-skills/chatgpt-import/tools/chatgpt-import.ts +44 -4
package/src/config/bundled-skills/doordash/__tests__/doordash-session.test.ts +0 -1
package/src/config/bundled-skills/messaging/SKILL.md +9 -7
package/src/config/bundled-skills/messaging/tools/gmail-outreach-scan.ts +15 -5
package/src/config/bundled-skills/messaging/tools/gmail-sender-digest.ts +16 -5
package/src/config/bundled-skills/messaging/tools/messaging-reply.ts +11 -7
package/src/config/bundled-skills/slack/tools/slack-scan-digest.ts +34 -32
package/src/config/bundled-tool-registry.ts +2 -0
package/src/config/env.ts +38 -29
package/src/daemon/handlers/skills.ts +18 -10
package/src/daemon/ipc-contract/messages.ts +1 -0
package/src/daemon/ipc-contract/surfaces.ts +7 -1
package/src/daemon/session-agent-loop-handlers.ts +5 -0
package/src/daemon/session-agent-loop.ts +1 -1
package/src/daemon/session-process.ts +1 -1
package/src/daemon/session-surfaces.ts +42 -2
package/src/memory/db-connection.ts +16 -10
package/src/messaging/providers/gmail/adapter.ts +10 -3
package/src/messaging/providers/gmail/client.ts +280 -72
package/src/runtime/auth/__tests__/context.test.ts +75 -65
package/src/runtime/auth/__tests__/credential-service.test.ts +137 -114
package/src/runtime/auth/__tests__/guard-tests.test.ts +84 -90
package/src/runtime/auth/__tests__/ipc-auth-context.test.ts +40 -40
package/src/runtime/auth/__tests__/middleware.test.ts +80 -74
package/src/runtime/auth/__tests__/policy.test.ts +9 -9
package/src/runtime/auth/__tests__/route-policy.test.ts +76 -65
package/src/runtime/auth/__tests__/scopes.test.ts +68 -60
package/src/runtime/auth/__tests__/subject.test.ts +54 -54
package/src/runtime/auth/__tests__/token-service.test.ts +115 -108
package/src/runtime/auth/scopes.ts +3 -0
package/src/runtime/auth/token-service.ts +78 -48
package/src/runtime/auth/types.ts +2 -1
package/src/runtime/http-server.ts +2 -1
package/src/security/secure-keys.ts +103 -53
package/src/sequence/reply-matcher.ts +10 -6
package/src/skills/frontmatter.ts +9 -6
package/src/tools/browser/__tests__/auth-cache.test.ts +69 -63
package/src/tools/browser/__tests__/auth-detector.test.ts +218 -157
package/src/tools/browser/__tests__/jit-auth.test.ts +83 -99
package/src/tools/ui-surface/definitions.ts +2 -1
package/src/util/platform.ts +0 -12
package/docs/architecture/http-token-refresh.md +0 -274

package/src/__tests__/credential-broker.test.ts CHANGED Viewed

@@ -1,19 +1,21 @@
-import { mkdtempSync, rmSync } from 'node:fs';
-import { tmpdir } from 'node:os';
-import { join } from 'node:path';
-import { afterEach,beforeEach, describe, expect, test } from 'bun:test';
-import { CredentialBroker } from '../tools/credentials/broker.js';
-import { _setMetadataPath,upsertCredentialMetadata } from '../tools/credentials/metadata-store.js';
-describe('CredentialBroker', () => {
+import { mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+import { CredentialBroker } from "../tools/credentials/broker.js";
+import {
+  _setMetadataPath,
+  upsertCredentialMetadata,
+} from "../tools/credentials/metadata-store.js";
+describe("CredentialBroker", () => {
   let broker: CredentialBroker;
   let tmpDir: string;
   beforeEach(() => {
-    tmpDir = mkdtempSync(join(tmpdir(), 'broker-test-'));
-    _setMetadataPath(join(tmpDir, 'metadata.json'));
+    tmpDir = mkdtempSync(join(tmpdir(), "broker-test-"));
+    _setMetadataPath(join(tmpDir, "metadata.json"));
     broker = new CredentialBroker();
   });
@@ -22,70 +24,84 @@ describe('CredentialBroker', () => {
     rmSync(tmpDir, { recursive: true, force: true });
   });
-  describe('authorize', () => {
-    test('denies when no credential metadata exists', () => {
+  describe("authorize", () => {
+    test("denies when no credential metadata exists", () => {
       const result = broker.authorize({
-        service: 'github',
-        field: 'token',
-        toolName: 'browser_fill_credential',
+        service: "github",
+        field: "token",
+        toolName: "browser_fill_credential",
       });
       expect(result.authorized).toBe(false);
       if (!result.authorized) {
-        expect(result.reason).toContain('No credential found');
+        expect(result.reason).toContain("No credential found");
       }
     });
-    test('authorizes when tool is in allowedTools', () => {
-      upsertCredentialMetadata('github', 'token', { allowedTools: ['browser_fill_credential'] });
+    test("authorizes when tool is in allowedTools", () => {
+      upsertCredentialMetadata("github", "token", {
+        allowedTools: ["browser_fill_credential"],
+      });
       const result = broker.authorize({
-        service: 'github',
-        field: 'token',
-        toolName: 'browser_fill_credential',
+        service: "github",
+        field: "token",
+        toolName: "browser_fill_credential",
       });
       expect(result.authorized).toBe(true);
       if (result.authorized) {
-        expect(result.token.service).toBe('github');
-        expect(result.token.field).toBe('token');
-        expect(result.token.toolName).toBe('browser_fill_credential');
+        expect(result.token.service).toBe("github");
+        expect(result.token.field).toBe("token");
+        expect(result.token.toolName).toBe("browser_fill_credential");
         expect(result.token.consumed).toBe(false);
         expect(result.token.tokenId).toBeTruthy();
       }
     });
-    test('denies when tool is not in allowedTools', () => {
-      upsertCredentialMetadata('github', 'token', { allowedTools: ['other_tool'] });
+    test("denies when tool is not in allowedTools", () => {
+      upsertCredentialMetadata("github", "token", {
+        allowedTools: ["other_tool"],
+      });
       const result = broker.authorize({
-        service: 'github',
-        field: 'token',
-        toolName: 'browser_fill_credential',
+        service: "github",
+        field: "token",
+        toolName: "browser_fill_credential",
       });
       expect(result.authorized).toBe(false);
       if (!result.authorized) {
-        expect(result.reason).toContain('not allowed');
-        expect(result.reason).toContain('browser_fill_credential');
-        expect(result.reason).toContain('Allowed tools: other_tool');
+        expect(result.reason).toContain("not allowed");
+        expect(result.reason).toContain("browser_fill_credential");
+        expect(result.reason).toContain("Allowed tools: other_tool");
       }
     });
-    test('denies when allowedTools is empty (fail-closed)', () => {
-      upsertCredentialMetadata('github', 'token');
+    test("denies when allowedTools is empty (fail-closed)", () => {
+      upsertCredentialMetadata("github", "token");
       const result = broker.authorize({
-        service: 'github',
-        field: 'token',
-        toolName: 'browser_fill_credential',
+        service: "github",
+        field: "token",
+        toolName: "browser_fill_credential",
       });
       expect(result.authorized).toBe(false);
       if (!result.authorized) {
-        expect(result.reason).toContain('not allowed');
-        expect(result.reason).toContain('No tools are currently allowed');
-        expect(result.reason).toContain('credential_store');
+        expect(result.reason).toContain("not allowed");
+        expect(result.reason).toContain("No tools are currently allowed");
+        expect(result.reason).toContain("credential_store");
       }
     });
-    test('issues unique token IDs', () => {
-      upsertCredentialMetadata('github', 'token', { allowedTools: ['tool1', 'tool2'] });
-      const r1 = broker.authorize({ service: 'github', field: 'token', toolName: 'tool1' });
-      const r2 = broker.authorize({ service: 'github', field: 'token', toolName: 'tool2' });
+    test("issues unique token IDs", () => {
+      upsertCredentialMetadata("github", "token", {
+        allowedTools: ["tool1", "tool2"],
+      });
+      const r1 = broker.authorize({
+        service: "github",
+        field: "token",
+        toolName: "tool1",
+      });
+      const r2 = broker.authorize({
+        service: "github",
+        field: "token",
+        toolName: "tool2",
+      });
       expect(r1.authorized).toBe(true);
       expect(r2.authorized).toBe(true);
       if (r1.authorized && r2.authorized) {
@@ -94,40 +110,58 @@ describe('CredentialBroker', () => {
     });
   });
-  describe('consume', () => {
-    test('returns storage key on first consumption', () => {
-      upsertCredentialMetadata('github', 'token', { allowedTools: ['browser_fill_credential'] });
-      const auth = broker.authorize({ service: 'github', field: 'token', toolName: 'browser_fill_credential' });
+  describe("consume", () => {
+    test("returns storage key on first consumption", () => {
+      upsertCredentialMetadata("github", "token", {
+        allowedTools: ["browser_fill_credential"],
+      });
+      const auth = broker.authorize({
+        service: "github",
+        field: "token",
+        toolName: "browser_fill_credential",
+      });
       expect(auth.authorized).toBe(true);
       if (!auth.authorized) return;
       const result = broker.consume(auth.token.tokenId);
       expect(result.success).toBe(true);
-      expect(result.storageKey).toBe('credential:github:token');
+      expect(result.storageKey).toBe("credential:github:token");
     });
-    test('rejects double consumption', () => {
-      upsertCredentialMetadata('github', 'token', { allowedTools: ['browser_fill_credential'] });
-      const auth = broker.authorize({ service: 'github', field: 'token', toolName: 'browser_fill_credential' });
+    test("rejects double consumption", () => {
+      upsertCredentialMetadata("github", "token", {
+        allowedTools: ["browser_fill_credential"],
+      });
+      const auth = broker.authorize({
+        service: "github",
+        field: "token",
+        toolName: "browser_fill_credential",
+      });
       if (!auth.authorized) return;
       broker.consume(auth.token.tokenId);
       const result = broker.consume(auth.token.tokenId);
       expect(result.success).toBe(false);
-      expect(result.reason).toContain('already consumed');
+      expect(result.reason).toContain("already consumed");
     });
-    test('rejects unknown token ID', () => {
-      const result = broker.consume('nonexistent-token');
+    test("rejects unknown token ID", () => {
+      const result = broker.consume("nonexistent-token");
       expect(result.success).toBe(false);
-      expect(result.reason).toContain('not found');
+      expect(result.reason).toContain("not found");
     });
   });
-  describe('revoke', () => {
-    test('revokes existing token', () => {
-      upsertCredentialMetadata('github', 'token', { allowedTools: ['browser_fill_credential'] });
-      const auth = broker.authorize({ service: 'github', field: 'token', toolName: 'browser_fill_credential' });
+  describe("revoke", () => {
+    test("revokes existing token", () => {
+      upsertCredentialMetadata("github", "token", {
+        allowedTools: ["browser_fill_credential"],
+      });
+      const auth = broker.authorize({
+        service: "github",
+        field: "token",
+        toolName: "browser_fill_credential",
+      });
       if (!auth.authorized) return;
       expect(broker.revoke(auth.token.tokenId)).toBe(true);
@@ -136,16 +170,26 @@ describe('CredentialBroker', () => {
       expect(result.success).toBe(false);
     });
-    test('returns false for unknown token', () => {
-      expect(broker.revoke('nonexistent')).toBe(false);
+    test("returns false for unknown token", () => {
+      expect(broker.revoke("nonexistent")).toBe(false);
     });
   });
-  describe('revokeAll', () => {
-    test('clears all active tokens', () => {
-      upsertCredentialMetadata('github', 'token', { allowedTools: ['tool1', 'tool2'] });
-      broker.authorize({ service: 'github', field: 'token', toolName: 'tool1' });
-      broker.authorize({ service: 'github', field: 'token', toolName: 'tool2' });
+  describe("revokeAll", () => {
+    test("clears all active tokens", () => {
+      upsertCredentialMetadata("github", "token", {
+        allowedTools: ["tool1", "tool2"],
+      });
+      broker.authorize({
+        service: "github",
+        field: "token",
+        toolName: "tool1",
+      });
+      broker.authorize({
+        service: "github",
+        field: "token",
+        toolName: "tool2",
+      });
       expect(broker.activeTokenCount).toBe(2);
       broker.revokeAll();
@@ -153,11 +197,21 @@ describe('CredentialBroker', () => {
     });
   });
-  describe('activeTokenCount', () => {
-    test('counts only unconsumed tokens', () => {
-      upsertCredentialMetadata('github', 'token', { allowedTools: ['tool1', 'tool2'] });
-      const auth1 = broker.authorize({ service: 'github', field: 'token', toolName: 'tool1' });
-      broker.authorize({ service: 'github', field: 'token', toolName: 'tool2' });
+  describe("activeTokenCount", () => {
+    test("counts only unconsumed tokens", () => {
+      upsertCredentialMetadata("github", "token", {
+        allowedTools: ["tool1", "tool2"],
+      });
+      const auth1 = broker.authorize({
+        service: "github",
+        field: "token",
+        toolName: "tool1",
+      });
+      broker.authorize({
+        service: "github",
+        field: "token",
+        toolName: "tool2",
+      });
       expect(broker.activeTokenCount).toBe(2);
       if (auth1.authorized) {

package/src/__tests__/credential-host-pattern-match.test.ts CHANGED Viewed

@@ -1,105 +1,125 @@
-import { describe, expect, test } from 'bun:test';
+import { describe, expect, test } from "bun:test";
 import {
   compareMatchSpecificity,
   type HostMatchKind,
   matchHostPattern,
-} from '../tools/credentials/host-pattern-match.js';
+} from "../tools/credentials/host-pattern-match.js";
-describe('matchHostPattern', () => {
+describe("matchHostPattern", () => {
   // -- Exact matches --------------------------------------------------------
   test('exact match returns "exact"', () => {
-    expect(matchHostPattern('api.fal.run', 'api.fal.run')).toBe('exact');
+    expect(matchHostPattern("api.fal.run", "api.fal.run")).toBe("exact");
   });
-  test('exact match is case-insensitive', () => {
-    expect(matchHostPattern('API.FAL.RUN', 'api.fal.run')).toBe('exact');
-    expect(matchHostPattern('api.fal.run', 'API.FAL.RUN')).toBe('exact');
+  test("exact match is case-insensitive", () => {
+    expect(matchHostPattern("API.FAL.RUN", "api.fal.run")).toBe("exact");
+    expect(matchHostPattern("api.fal.run", "API.FAL.RUN")).toBe("exact");
   });
   // -- Wildcard matches (subdomain) ----------------------------------------
-  test('*.fal.run matches api.fal.run', () => {
-    expect(matchHostPattern('api.fal.run', '*.fal.run')).toBe('wildcard');
+  test("*.fal.run matches api.fal.run", () => {
+    expect(matchHostPattern("api.fal.run", "*.fal.run")).toBe("wildcard");
   });
-  test('*.fal.run matches deep.sub.fal.run', () => {
-    expect(matchHostPattern('deep.sub.fal.run', '*.fal.run')).toBe('wildcard');
+  test("*.fal.run matches deep.sub.fal.run", () => {
+    expect(matchHostPattern("deep.sub.fal.run", "*.fal.run")).toBe("wildcard");
   });
-  test('wildcard match is case-insensitive', () => {
-    expect(matchHostPattern('API.FAL.RUN', '*.fal.run')).toBe('wildcard');
+  test("wildcard match is case-insensitive", () => {
+    expect(matchHostPattern("API.FAL.RUN", "*.fal.run")).toBe("wildcard");
   });
   // -- Wildcard does NOT match apex by default ------------------------------
-  test('*.fal.run does NOT match fal.run by default', () => {
-    expect(matchHostPattern('fal.run', '*.fal.run')).toBe('none');
+  test("*.fal.run does NOT match fal.run by default", () => {
+    expect(matchHostPattern("fal.run", "*.fal.run")).toBe("none");
   });
   // -- Wildcard matches apex when includeApexForWildcard = true -------------
-  test('*.fal.run matches fal.run when apex inclusion enabled', () => {
-    expect(matchHostPattern('fal.run', '*.fal.run', { includeApexForWildcard: true })).toBe('wildcard');
+  test("*.fal.run matches fal.run when apex inclusion enabled", () => {
+    expect(
+      matchHostPattern("fal.run", "*.fal.run", {
+        includeApexForWildcard: true,
+      }),
+    ).toBe("wildcard");
   });
-  test('apex inclusion is case-insensitive', () => {
-    expect(matchHostPattern('FAL.RUN', '*.fal.run', { includeApexForWildcard: true })).toBe('wildcard');
+  test("apex inclusion is case-insensitive", () => {
+    expect(
+      matchHostPattern("FAL.RUN", "*.fal.run", {
+        includeApexForWildcard: true,
+      }),
+    ).toBe("wildcard");
   });
   // -- Security: no partial suffix matches ----------------------------------
-  test('*.fal.run does NOT match evil.fal.run.attacker.com', () => {
-    expect(matchHostPattern('evil.fal.run.attacker.com', '*.fal.run')).toBe('none');
+  test("*.fal.run does NOT match evil.fal.run.attacker.com", () => {
+    expect(matchHostPattern("evil.fal.run.attacker.com", "*.fal.run")).toBe(
+      "none",
+    );
   });
-  test('*.fal.run does NOT match notfal.run', () => {
-    expect(matchHostPattern('notfal.run', '*.fal.run')).toBe('none');
-    expect(matchHostPattern('notfal.run', '*.fal.run', { includeApexForWildcard: true })).toBe('none');
+  test("*.fal.run does NOT match notfal.run", () => {
+    expect(matchHostPattern("notfal.run", "*.fal.run")).toBe("none");
+    expect(
+      matchHostPattern("notfal.run", "*.fal.run", {
+        includeApexForWildcard: true,
+      }),
+    ).toBe("none");
   });
   // -- No match -------------------------------------------------------------
   test('returns "none" for completely different hosts', () => {
-    expect(matchHostPattern('api.openai.com', '*.fal.run')).toBe('none');
+    expect(matchHostPattern("api.openai.com", "*.fal.run")).toBe("none");
   });
   test('returns "none" for non-wildcard pattern that does not match', () => {
-    expect(matchHostPattern('other.fal.run', 'api.fal.run')).toBe('none');
+    expect(matchHostPattern("other.fal.run", "api.fal.run")).toBe("none");
   });
 });
-describe('compareMatchSpecificity', () => {
-  test('exact is more specific than wildcard', () => {
-    expect(compareMatchSpecificity('exact', 'wildcard')).toBeLessThan(0);
+describe("compareMatchSpecificity", () => {
+  test("exact is more specific than wildcard", () => {
+    expect(compareMatchSpecificity("exact", "wildcard")).toBeLessThan(0);
   });
-  test('wildcard is more specific than none', () => {
-    expect(compareMatchSpecificity('wildcard', 'none')).toBeLessThan(0);
+  test("wildcard is more specific than none", () => {
+    expect(compareMatchSpecificity("wildcard", "none")).toBeLessThan(0);
   });
-  test('exact is more specific than none', () => {
-    expect(compareMatchSpecificity('exact', 'none')).toBeLessThan(0);
+  test("exact is more specific than none", () => {
+    expect(compareMatchSpecificity("exact", "none")).toBeLessThan(0);
   });
-  test('same kind returns 0', () => {
-    expect(compareMatchSpecificity('exact', 'exact')).toBe(0);
-    expect(compareMatchSpecificity('wildcard', 'wildcard')).toBe(0);
-    expect(compareMatchSpecificity('none', 'none')).toBe(0);
+  test("same kind returns 0", () => {
+    expect(compareMatchSpecificity("exact", "exact")).toBe(0);
+    expect(compareMatchSpecificity("wildcard", "wildcard")).toBe(0);
+    expect(compareMatchSpecificity("none", "none")).toBe(0);
   });
-  test('none is less specific than wildcard', () => {
-    expect(compareMatchSpecificity('none', 'wildcard')).toBeGreaterThan(0);
+  test("none is less specific than wildcard", () => {
+    expect(compareMatchSpecificity("none", "wildcard")).toBeGreaterThan(0);
   });
-  test('wildcard is less specific than exact', () => {
-    expect(compareMatchSpecificity('wildcard', 'exact')).toBeGreaterThan(0);
+  test("wildcard is less specific than exact", () => {
+    expect(compareMatchSpecificity("wildcard", "exact")).toBeGreaterThan(0);
   });
-  test('can be used to sort matches by specificity (most specific first)', () => {
-    const matches: HostMatchKind[] = ['none', 'exact', 'wildcard', 'none', 'exact'];
+  test("can be used to sort matches by specificity (most specific first)", () => {
+    const matches: HostMatchKind[] = [
+      "none",
+      "exact",
+      "wildcard",
+      "none",
+      "exact",
+    ];
     const sorted = [...matches].sort(compareMatchSpecificity);
-    expect(sorted).toEqual(['exact', 'exact', 'wildcard', 'none', 'none']);
+    expect(sorted).toEqual(["exact", "exact", "wildcard", "none", "none"]);
   });
 });