@vellumai/assistant 0.4.22 → 0.4.23

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.4.22",
+  "version": "0.4.23",
   "type": "module",
   "bin": {
     "vellum": "./src/index.ts"

package/scripts/ipc/check-swift-decoder-drift.ts

@@ -12,16 +12,16 @@
  *   bun run ipc:check-swift-drift    # check for drift
  */
 
-import * as fs from 'fs';
-import * as path from 'path';
+import * as fs from "fs";
+import * as path from "path";
 
-import { extractInventory } from '../../src/daemon/ipc-contract-inventory.js';
+import { extractInventory } from "../../src/daemon/ipc-contract-inventory.js";
 
-const ROOT = path.resolve(import.meta.dirname ?? __dirname, '../..');
-const CONTRACT_PATH = path.join(ROOT, 'src/daemon/ipc-contract.ts');
+const ROOT = path.resolve(import.meta.dirname ?? __dirname, "../..");
+const CONTRACT_PATH = path.join(ROOT, "src/daemon/ipc-contract.ts");
 const SWIFT_PATH = path.resolve(
   ROOT,
-  '../clients/shared/IPC/IPCMessages.swift',
+  "../clients/shared/IPC/IPCMessages.swift",
 );
 
 /**
@@ -31,37 +31,35 @@ const SWIFT_PATH = path.resolve(
  */
 const SWIFT_OMIT_ALLOWLIST = new Set<string>([
   // Server-internal events not surfaced to macOS client
-  'context_compacted',
-  'memory_recalled',
-  'model_info',
-  'secret_detected',
-  'sessions_clear_response',
-  'usage_response',
-  'usage_update',
+  "context_compacted",
+  "memory_recalled",
+  "model_info",
+  "secret_detected",
+  "sessions_clear_response",
+  "usage_response",
+  "usage_update",
   // Gallery and cloud sharing — not yet consumed by the macOS client
-  'gallery_install_response',
-  'gallery_list_response',
-  'share_app_cloud_response',
+  "gallery_install_response",
+  "gallery_list_response",
+  "share_app_cloud_response",
   // Page publishing — not yet consumed by the macOS client
-  'publish_page_response',
-  'unpublish_page_response',
+  "publish_page_response",
+  "unpublish_page_response",
   // Heartbeat alerts — not yet consumed by the macOS client
-  'heartbeat_alert',
-  // Browser handoff — not yet consumed by the macOS client
-  'browser_handoff_request',
+  "heartbeat_alert",
   // Guardian verification — daemon-internal for Telegram channel setup
-  'guardian_verification_response',
+  "guardian_verification_response",
   // Ingress invite/member management — not yet consumed by the macOS client
-  'ingress_invite_response',
-  'ingress_member_response',
+  "ingress_invite_response",
+  "ingress_member_response",
   // Inbox escalation — not yet consumed by the macOS client
-  'assistant_inbox_escalation_response',
+  "assistant_inbox_escalation_response",
   // Work item messages — not yet consumed by the macOS client
-  'work_item_get_response',
-  'work_item_run_task_response',
-  'work_item_status_changed',
-  'work_item_update_response',
-  'work_items_list_response',
+  "work_item_get_response",
+  "work_item_run_task_response",
+  "work_item_status_changed",
+  "work_item_update_response",
+  "work_items_list_response",
 ]);
 
 /**
@@ -72,7 +70,7 @@ const SWIFT_OMIT_ALLOWLIST = new Set<string>([
 const INVENTORY_UNEXTRACTABLE = new Set<string>([
   // UiSurfaceShow is a union of UiSurfaceShowCard | UiSurfaceShowForm | ...
   // The shared wire type 'ui_surface_show' comes from UiSurfaceShowBase.
-  'ui_surface_show',
+  "ui_surface_show",
 ]);
 
 /**
@@ -82,9 +80,9 @@ const INVENTORY_UNEXTRACTABLE = new Set<string>([
  */
 const SWIFT_AHEAD_ALLOWLIST = new Set<string>([
   // Defined in Swift LayoutConfig.swift ahead of daemon implementation
-  'ui_layout_config',
+  "ui_layout_config",
   // Defined in Swift HTTPDaemonClient ahead of daemon token rotation endpoint
-  'token_rotated',
+  "token_rotated",
 ]);
 
 // --- Extract Swift decode cases ---
@@ -97,9 +95,13 @@ function extractSwiftDecodeCases(swiftSource: string): Set<string> {
   let match: RegExpExecArray | null;
 
   // Only scan inside the ServerMessage init(from decoder:) block
-  const decoderStart = swiftSource.indexOf('public init(from decoder: Decoder) throws');
+  const decoderStart = swiftSource.indexOf(
+    "public init(from decoder: Decoder) throws",
+  );
   if (decoderStart === -1) {
-    throw new Error('Could not find ServerMessage decoder in IPCMessages.swift');
+    throw new Error(
+      "Could not find ServerMessage decoder in IPCMessages.swift",
+    );
   }
 
   const decoderSection = swiftSource.slice(decoderStart);
@@ -120,7 +122,7 @@ const contractServerTypes = new Set([
   ...INVENTORY_UNEXTRACTABLE,
 ]);
 
-const swiftSource = fs.readFileSync(SWIFT_PATH, 'utf-8');
+const swiftSource = fs.readFileSync(SWIFT_PATH, "utf-8");
 const swiftDecodeCases = extractSwiftDecodeCases(swiftSource);
 
 const diffs: string[] = [];
@@ -134,7 +136,10 @@ for (const wireType of contractServerTypes) {
 
 // Types decoded in Swift but not in contract
 for (const wireType of swiftDecodeCases) {
-  if (!contractServerTypes.has(wireType) && !SWIFT_AHEAD_ALLOWLIST.has(wireType)) {
+  if (
+    !contractServerTypes.has(wireType) &&
+    !SWIFT_AHEAD_ALLOWLIST.has(wireType)
+  ) {
     diffs.push(`  - Swift decodes "${wireType}" but it is not in the contract`);
   }
 }
@@ -142,30 +147,36 @@ for (const wireType of swiftDecodeCases) {
 // Stale allowlist entries
 for (const wireType of SWIFT_OMIT_ALLOWLIST) {
   if (!contractServerTypes.has(wireType)) {
-    diffs.push(`  ? Omit-allowlist entry "${wireType}" is not in the contract (stale?)`);
+    diffs.push(
+      `  ? Omit-allowlist entry "${wireType}" is not in the contract (stale?)`,
+    );
   }
 }
 for (const wireType of INVENTORY_UNEXTRACTABLE) {
   if (!swiftDecodeCases.has(wireType)) {
-    diffs.push(`  ? Unextractable entry "${wireType}" is not decoded in Swift (stale?)`);
+    diffs.push(
+      `  ? Unextractable entry "${wireType}" is not decoded in Swift (stale?)`,
+    );
   }
 }
 for (const wireType of SWIFT_AHEAD_ALLOWLIST) {
   if (contractServerTypes.has(wireType)) {
-    diffs.push(`  ? Ahead-allowlist entry "${wireType}" is now in the contract (remove from allowlist)`);
+    diffs.push(
+      `  ? Ahead-allowlist entry "${wireType}" is now in the contract (remove from allowlist)`,
+    );
   }
 }
 
 if (diffs.length > 0) {
-  console.error('IPC Swift decoder drift detected:\n');
+  console.error("IPC Swift decoder drift detected:\n");
   for (const line of diffs) {
     console.error(line);
   }
   console.error(
-    '\nFix: update IPCMessages.swift decode cases, the contract, or the',
-    'allowlist in check-swift-decoder-drift.ts.',
+    "\nFix: update IPCMessages.swift decode cases, the contract, or the",
+    "allowlist in check-swift-decoder-drift.ts.",
   );
   process.exit(1);
 }
 
-console.log('IPC Swift decoder is in sync with the contract.');
+console.log("IPC Swift decoder is in sync with the contract.");

package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap

@@ -776,46 +776,6 @@ exports[`IPC message snapshots ClientMessage types browser_cdp_response serializ
 }
 `;
 
-exports[`IPC message snapshots ClientMessage types browser_user_click serializes to expected JSON 1`] = `
-{
-  "sessionId": "test-session",
-  "surfaceId": "test-surface",
-  "type": "browser_user_click",
-  "x": 100,
-  "y": 200,
-}
-`;
-
-exports[`IPC message snapshots ClientMessage types browser_user_scroll serializes to expected JSON 1`] = `
-{
-  "deltaX": 0,
-  "deltaY": -100,
-  "sessionId": "test-session",
-  "surfaceId": "test-surface",
-  "type": "browser_user_scroll",
-  "x": 100,
-  "y": 200,
-}
-`;
-
-exports[`IPC message snapshots ClientMessage types browser_user_keypress serializes to expected JSON 1`] = `
-{
-  "key": "Enter",
-  "sessionId": "test-session",
-  "surfaceId": "test-surface",
-  "type": "browser_user_keypress",
-}
-`;
-
-exports[`IPC message snapshots ClientMessage types browser_interactive_mode serializes to expected JSON 1`] = `
-{
-  "enabled": true,
-  "sessionId": "test-session",
-  "surfaceId": "test-surface",
-  "type": "browser_interactive_mode",
-}
-`;
-
 exports[`IPC message snapshots ClientMessage types work_items_list serializes to expected JSON 1`] = `
 {
   "status": "queued",
@@ -2437,22 +2397,6 @@ exports[`IPC message snapshots ServerMessage types app_files_changed serializes
 }
 `;
 
-exports[`IPC message snapshots ServerMessage types browser_frame serializes to expected JSON 1`] = `
-{
-  "frame": "base64-jpeg-data",
-  "metadata": {
-    "offsetTop": 0,
-    "pageScaleFactor": 1,
-    "scrollOffsetX": 0,
-    "scrollOffsetY": 0,
-    "timestamp": 1700000000,
-  },
-  "sessionId": "sess-001",
-  "surfaceId": "surface-001",
-  "type": "browser_frame",
-}
-`;
-
 exports[`IPC message snapshots ServerMessage types diagnostics_export_response serializes to expected JSON 1`] = `
 {
   "filePath": "/tmp/diagnostics-conv-001.zip",
@@ -2518,25 +2462,6 @@ exports[`IPC message snapshots ServerMessage types browser_cdp_request serialize
 }
 `;
 
-exports[`IPC message snapshots ServerMessage types browser_interactive_mode_changed serializes to expected JSON 1`] = `
-{
-  "enabled": true,
-  "sessionId": "test-session",
-  "surfaceId": "test-surface",
-  "type": "browser_interactive_mode_changed",
-}
-`;
-
-exports[`IPC message snapshots ServerMessage types browser_handoff_request serializes to expected JSON 1`] = `
-{
-  "message": "Login required",
-  "reason": "auth",
-  "sessionId": "test-session",
-  "surfaceId": "test-surface",
-  "type": "browser_handoff_request",
-}
-`;
-
 exports[`IPC message snapshots ServerMessage types document_editor_show serializes to expected JSON 1`] = `
 {
   "initialContent": "# Hello World",

package/src/__tests__/headless-browser-interactions.test.ts

@@ -64,10 +64,6 @@ mock.module("../tools/browser/browser-screencast.js", () => ({
   stopBrowserScreencast: async () => {},
   stopAllScreencasts: async () => {},
   ensureScreencast: async () => {},
-  updateBrowserStatus: () => {},
-  updatePagesList: async () => {},
-  getElementBounds: async () => null,
-  updateHighlights: () => {},
 }));
 
 import {

package/src/__tests__/ipc-snapshot.test.ts

@@ -481,34 +481,6 @@ const clientMessages: Record<ClientMessageType, ClientMessage> = {
     sessionId: "test-session",
     success: true,
   },
-  browser_user_click: {
-    type: "browser_user_click",
-    sessionId: "test-session",
-    surfaceId: "test-surface",
-    x: 100,
-    y: 200,
-  },
-  browser_user_scroll: {
-    type: "browser_user_scroll",
-    sessionId: "test-session",
-    surfaceId: "test-surface",
-    deltaX: 0,
-    deltaY: -100,
-    x: 100,
-    y: 200,
-  },
-  browser_user_keypress: {
-    type: "browser_user_keypress",
-    sessionId: "test-session",
-    surfaceId: "test-surface",
-    key: "Enter",
-  },
-  browser_interactive_mode: {
-    type: "browser_interactive_mode",
-    sessionId: "test-session",
-    surfaceId: "test-surface",
-    enabled: true,
-  },
   work_items_list: {
     type: "work_items_list",
     status: "queued",
@@ -1590,19 +1562,6 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
     type: "app_files_changed",
     appId: "app-001",
   },
-  browser_frame: {
-    type: "browser_frame",
-    sessionId: "sess-001",
-    surfaceId: "surface-001",
-    frame: "base64-jpeg-data",
-    metadata: {
-      offsetTop: 0,
-      pageScaleFactor: 1,
-      scrollOffsetX: 0,
-      scrollOffsetY: 0,
-      timestamp: 1700000000,
-    },
-  },
   diagnostics_export_response: {
     type: "diagnostics_export_response",
     success: true,
@@ -1637,19 +1596,6 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
     type: "browser_cdp_request",
     sessionId: "test-session",
   },
-  browser_interactive_mode_changed: {
-    type: "browser_interactive_mode_changed",
-    sessionId: "test-session",
-    surfaceId: "test-surface",
-    enabled: true,
-  },
-  browser_handoff_request: {
-    type: "browser_handoff_request",
-    sessionId: "test-session",
-    surfaceId: "test-surface",
-    reason: "auth" as const,
-    message: "Login required",
-  },
   document_editor_show: {
     type: "document_editor_show",
     sessionId: "sess-001",

package/src/__tests__/resolve-guardian-trust-class.test.ts

@@ -0,0 +1,61 @@
+import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
+
+import type { GuardianRuntimeContext } from "../daemon/session-runtime-assembly.js";
+
+// ── Module mocks ─────────────────────────────────────────────────────
+
+let fakeHttpAuthDisabled = false;
+
+mock.module("../config/env.js", () => ({
+  isHttpAuthDisabled: () => fakeHttpAuthDisabled,
+  hasUngatedHttpAuthDisabled: () => false,
+}));
+
+// ── Real imports (after mocks) ───────────────────────────────────────
+
+import { resolveGuardianTrustClass } from "../daemon/session-tool-setup.js";
+
+afterAll(() => {
+  mock.restore();
+});
+
+// ── Tests ────────────────────────────────────────────────────────────
+
+describe("resolveGuardianTrustClass", () => {
+  beforeEach(() => {
+    fakeHttpAuthDisabled = false;
+  });
+
+  test("returns guardian context trust class when auth is enabled", () => {
+    const ctx: Pick<GuardianRuntimeContext, "trustClass"> = {
+      trustClass: "trusted_contact",
+    };
+    expect(resolveGuardianTrustClass(ctx as GuardianRuntimeContext)).toBe(
+      "trusted_contact",
+    );
+  });
+
+  test("defaults to guardian when no guardian context and auth is enabled", () => {
+    expect(resolveGuardianTrustClass(undefined)).toBe("guardian");
+  });
+
+  test("forces guardian when HTTP auth is disabled, regardless of context trust class", () => {
+    fakeHttpAuthDisabled = true;
+    const ctx: Pick<GuardianRuntimeContext, "trustClass"> = {
+      trustClass: "trusted_contact",
+    };
+    expect(resolveGuardianTrustClass(ctx as GuardianRuntimeContext)).toBe(
+      "guardian",
+    );
+  });
+
+  test("forces guardian for unknown trust class when HTTP auth is disabled", () => {
+    fakeHttpAuthDisabled = true;
+    const ctx: Pick<GuardianRuntimeContext, "trustClass"> = {
+      trustClass: "unknown",
+    };
+    expect(resolveGuardianTrustClass(ctx as GuardianRuntimeContext)).toBe(
+      "guardian",
+    );
+  });
+});

package/src/__tests__/session-init.benchmark.test.ts

@@ -277,11 +277,7 @@ mock.module("../tools/browser/browser-screencast.js", () => ({
   registerSessionSender: () => {},
   unregisterSessionSender: () => {},
   ensureScreencast: () => Promise.resolve(),
-  updateBrowserStatus: () => {},
-  updatePagesList: () => Promise.resolve(),
   stopBrowserScreencast: () => Promise.resolve(),
-  getElementBounds: () => Promise.resolve(null),
-  updateHighlights: () => {},
   stopAllScreencasts: () => Promise.resolve(),
   isScreencastActive: () => false,
   getSender: () => undefined,

package/src/daemon/daemon-control.ts

@@ -251,6 +251,9 @@ function releaseStartupLock(): void {
   try { unlinkSync(getStartupLockPath()); } catch { /* already removed */ }
 }
 
+// NOTE: startDaemon() is the assistant-side daemon lifecycle manager.
+// It should eventually converge with cli/src/lib/local.ts::startLocalDaemon
+// which is the CLI-side equivalent.
 export async function startDaemon(): Promise<{
   pid: number;
   alreadyRunning: boolean;

package/src/daemon/handlers/browser.ts

@@ -1,54 +1,8 @@
-import { browserManager, SCREENCAST_HEIGHT,SCREENCAST_WIDTH } from '../../tools/browser/browser-manager.js';
-import { defineHandlers,log } from './shared.js';
+import { browserManager } from "../../tools/browser/browser-manager.js";
+import { defineHandlers } from "./shared.js";
 
 export const browserHandlers = defineHandlers({
   browser_cdp_response: (msg) => {
     browserManager.resolveCDPResponse(msg.sessionId, msg.success, msg.declined);
   },
-
-  browser_user_click: async (msg) => {
-    try {
-      const page = await browserManager.getOrCreateSessionPage(msg.sessionId);
-      const viewport = await page.evaluate('(() => ({ vw: window.innerWidth, vh: window.innerHeight }))()') as { vw: number; vh: number };
-      const scale = Math.min(SCREENCAST_WIDTH / viewport.vw, SCREENCAST_HEIGHT / viewport.vh);
-      const pageX = msg.x / scale;
-      const pageY = msg.y / scale;
-      const options: Record<string, unknown> = {};
-      if (msg.button === 'right') options.button = 'right';
-      if (msg.doubleClick) options.clickCount = 2;
-      await page.mouse.click(pageX, pageY, options);
-    } catch (err) {
-      log.warn({ err, sessionId: msg.sessionId }, 'Failed to forward user click');
-    }
-  },
-
-  browser_user_scroll: async (msg) => {
-    try {
-      const page = await browserManager.getOrCreateSessionPage(msg.sessionId);
-      await page.mouse.wheel(msg.deltaX, msg.deltaY);
-    } catch (err) {
-      log.warn({ err, sessionId: msg.sessionId }, 'Failed to forward user scroll');
-    }
-  },
-
-  browser_user_keypress: async (msg) => {
-    try {
-      const page = await browserManager.getOrCreateSessionPage(msg.sessionId);
-      const combo = msg.modifiers?.length ? [...msg.modifiers, msg.key].join('+') : msg.key;
-      await page.keyboard.press(combo);
-    } catch (err) {
-      log.warn({ err, sessionId: msg.sessionId }, 'Failed to forward user keypress');
-    }
-  },
-
-  browser_interactive_mode: (msg, socket, ctx) => {
-    log.info({ sessionId: msg.sessionId, enabled: msg.enabled }, 'Interactive mode toggled');
-    browserManager.setInteractiveMode(msg.sessionId, msg.enabled);
-    ctx.send(socket, {
-      type: 'browser_interactive_mode_changed',
-      sessionId: msg.sessionId,
-      surfaceId: msg.surfaceId,
-      enabled: msg.enabled,
-    });
-  },
 });

package/src/daemon/ipc-contract/browser.ts

@@ -1,89 +1,19 @@
 // Browser interaction types.
 
-export interface BrowserFrame {
-  type: 'browser_frame';
-  sessionId: string;
-  surfaceId: string;
-  frame: string; // base64 JPEG
-  metadata?: { offsetTop: number; pageScaleFactor: number; scrollOffsetX: number; scrollOffsetY: number; timestamp: number };
-}
-
 export interface BrowserCDPRequest {
-  type: 'browser_cdp_request';
+  type: "browser_cdp_request";
   sessionId: string;
 }
 
 export interface BrowserCDPResponse {
-  type: 'browser_cdp_response';
+  type: "browser_cdp_response";
   sessionId: string;
   success: boolean;
   declined?: boolean;
 }
 
-export interface BrowserUserClick {
-  type: 'browser_user_click';
-  sessionId: string;
-  surfaceId: string;
-  x: number;
-  y: number;
-  button?: 'left' | 'right';
-  doubleClick?: boolean;
-}
-
-export interface BrowserUserScroll {
-  type: 'browser_user_scroll';
-  sessionId: string;
-  surfaceId: string;
-  deltaX: number;
-  deltaY: number;
-  x: number;
-  y: number;
-}
-
-export interface BrowserUserKeypress {
-  type: 'browser_user_keypress';
-  sessionId: string;
-  surfaceId: string;
-  key: string;
-  modifiers?: string[];
-}
-
-export interface BrowserInteractiveMode {
-  type: 'browser_interactive_mode';
-  sessionId: string;
-  surfaceId: string;
-  enabled: boolean;
-}
-
-export interface BrowserInteractiveModeChanged {
-  type: 'browser_interactive_mode_changed';
-  sessionId: string;
-  surfaceId: string;
-  enabled: boolean;
-  reason?: string;
-  message?: string;
-}
-
-export interface BrowserHandoffRequest {
-  type: 'browser_handoff_request';
-  sessionId: string;
-  surfaceId: string;
-  reason: 'auth' | 'checkout' | 'captcha' | 'custom';
-  message: string;
-  bringToFront?: boolean;
-}
-
 // --- Domain-level union aliases (consumed by the barrel file) ---
 
-export type _BrowserClientMessages =
-  | BrowserCDPResponse
-  | BrowserUserClick
-  | BrowserUserScroll
-  | BrowserUserKeypress
-  | BrowserInteractiveMode;
+export type _BrowserClientMessages = BrowserCDPResponse;
 
-export type _BrowserServerMessages =
-  | BrowserFrame
-  | BrowserCDPRequest
-  | BrowserInteractiveModeChanged
-  | BrowserHandoffRequest;
+export type _BrowserServerMessages = BrowserCDPRequest;