@vellumai/assistant 0.4.29 → 0.4.31

package/src/__tests__/slack-inbound-verification.test.ts

@@ -0,0 +1,346 @@
+/**
+ * Tests for Slack inbound trusted contact verification.
+ *
+ * When an unknown Slack user messages the bot, the system should:
+ * 1. Create an outbound verification session bound to the user's identity
+ * 2. Send the verification code to the user's DM via the gateway
+ * 3. Reply in the original channel telling the user to check their DMs
+ * 4. Notify the guardian of the access attempt
+ * 5. When the user replies with the code in the DM, verify and activate
+ */
+import { mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
+
+// ---------------------------------------------------------------------------
+// Test isolation: in-memory SQLite via temp directory
+// ---------------------------------------------------------------------------
+
+const testDir = mkdtempSync(join(tmpdir(), "slack-inbound-verification-test-"));
+
+mock.module("../util/platform.js", () => ({
+  getRootDir: () => testDir,
+  getDataDir: () => testDir,
+  isMacOS: () => process.platform === "darwin",
+  isLinux: () => process.platform === "linux",
+  isWindows: () => process.platform === "win32",
+  getSocketPath: () => join(testDir, "test.sock"),
+  getPidPath: () => join(testDir, "test.pid"),
+  getDbPath: () => join(testDir, "test.db"),
+  getLogPath: () => join(testDir, "test.log"),
+  ensureDataDir: () => {},
+  readHttpToken: () => "test-bearer-token",
+}));
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+mock.module("../security/secret-ingress.js", () => ({
+  checkIngressForSecrets: () => ({ blocked: false }),
+}));
+
+mock.module("../config/env.js", () => ({
+  isHttpAuthDisabled: () => true,
+  getGatewayInternalBaseUrl: () => "http://127.0.0.1:7830",
+}));
+
+// Track emitNotificationSignal calls
+const emitSignalCalls: Array<Record<string, unknown>> = [];
+mock.module("../notifications/emit-signal.js", () => ({
+  emitNotificationSignal: async (params: Record<string, unknown>) => {
+    emitSignalCalls.push(params);
+    return {
+      signalId: "mock-signal-id",
+      deduplicated: false,
+      dispatched: true,
+      reason: "mock",
+      deliveryResults: [],
+    };
+  },
+}));
+
+// Track deliverChannelReply calls
+const deliverReplyCalls: Array<{
+  url: string;
+  payload: Record<string, unknown>;
+}> = [];
+mock.module("../runtime/gateway-client.js", () => ({
+  deliverChannelReply: async (
+    url: string,
+    payload: Record<string, unknown>,
+  ) => {
+    deliverReplyCalls.push({ url, payload });
+  },
+}));
+
+import { createGuardianBinding } from "../contacts/contacts-write.js";
+import { getDb, initializeDb, resetDb } from "../memory/db.js";
+import { findActiveSession } from "../runtime/channel-guardian-service.js";
+import { handleChannelInbound } from "../runtime/routes/channel-routes.js";
+
+initializeDb();
+
+afterAll(() => {
+  resetDb();
+  try {
+    rmSync(testDir, { recursive: true });
+  } catch {
+    /* best effort */
+  }
+});
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+const TEST_BEARER_TOKEN = "test-token";
+
+function resetState(): void {
+  const db = getDb();
+  db.run("DELETE FROM channel_guardian_approval_requests");
+  db.run("DELETE FROM channel_guardian_verification_challenges");
+  db.run("DELETE FROM channel_guardian_rate_limits");
+  db.run("DELETE FROM channel_inbound_events");
+  db.run("DELETE FROM conversations");
+  db.run("DELETE FROM notification_events");
+  db.run("DELETE FROM canonical_guardian_requests");
+  db.run("DELETE FROM canonical_guardian_deliveries");
+  db.run("DELETE FROM contact_channels");
+  db.run("DELETE FROM contacts");
+  emitSignalCalls.length = 0;
+  deliverReplyCalls.length = 0;
+}
+
+function buildSlackInboundRequest(
+  overrides: Record<string, unknown> = {},
+): Request {
+  const body: Record<string, unknown> = {
+    sourceChannel: "slack",
+    interface: "slack",
+    conversationExternalId: "C0123CHANNEL",
+    externalMessageId: `msg-${Date.now()}-${Math.random()
+      .toString(36)
+      .slice(2, 8)}`,
+    content: "Hello, can I use this assistant?",
+    actorExternalId: "U0123UNKNOWN",
+    actorDisplayName: "Alice Unknown",
+    actorUsername: "alice_unknown",
+    replyCallbackUrl: "http://localhost:7830/deliver/slack",
+    ...overrides,
+  };
+
+  return new Request("http://localhost:8080/channels/inbound", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "X-Gateway-Origin": TEST_BEARER_TOKEN,
+    },
+    body: JSON.stringify(body),
+  });
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("Slack inbound trusted contact verification", () => {
+  beforeEach(() => {
+    resetState();
+  });
+
+  test("unknown Slack user receives verification challenge via DM", async () => {
+    const req = buildSlackInboundRequest();
+    const resp = await handleChannelInbound(req, undefined, TEST_BEARER_TOKEN);
+    const json = (await resp.json()) as Record<string, unknown>;
+
+    expect(json.denied).toBe(true);
+    expect(json.reason).toBe("verification_challenge_sent");
+    expect(json.verificationSessionId).toBeDefined();
+
+    // Verification code is NOT sent to the requester — only the guardian
+    // receives it via the access request notification flow
+
+    // Channel reply tells user the owner has been notified
+    expect(deliverReplyCalls.length).toBe(1);
+    expect(
+      (deliverReplyCalls[0].payload as Record<string, unknown>).text,
+    ).toContain("notified the owner");
+  });
+
+  test("verification session is identity-bound to the Slack user", async () => {
+    const req = buildSlackInboundRequest();
+    await handleChannelInbound(req, undefined, TEST_BEARER_TOKEN);
+
+    // An active outbound session should exist for the slack channel
+    const session = findActiveSession("self", "slack");
+    expect(session).not.toBeNull();
+    expect(session!.expectedExternalUserId).toBe("U0123UNKNOWN");
+    expect(session!.expectedChatId).toBe("U0123UNKNOWN");
+    expect(session!.identityBindingStatus).toBe("bound");
+    expect(session!.verificationPurpose).toBe("trusted_contact");
+  });
+
+  test("guardian is notified of the access attempt alongside verification", async () => {
+    // Set up a guardian binding so the notification can target it
+    createGuardianBinding({
+      assistantId: "self",
+      channel: "slack",
+      guardianExternalUserId: "U_GUARDIAN",
+      guardianDeliveryChatId: "D_GUARDIAN_DM",
+      guardianPrincipalId: "guardian-principal",
+      verifiedVia: "test",
+    });
+
+    const req = buildSlackInboundRequest();
+    await handleChannelInbound(req, undefined, TEST_BEARER_TOKEN);
+
+    // Guardian should have been notified
+    expect(emitSignalCalls.length).toBe(1);
+    expect(emitSignalCalls[0].sourceEventName).toBe("ingress.access_request");
+    expect(emitSignalCalls[0].sourceChannel).toBe("slack");
+  });
+
+  test("duplicate challenge is not sent when session already exists", async () => {
+    // First message creates the session
+    const req1 = buildSlackInboundRequest();
+    const resp1 = await handleChannelInbound(
+      req1,
+      undefined,
+      TEST_BEARER_TOKEN,
+    );
+    const json1 = (await resp1.json()) as Record<string, unknown>;
+    expect(json1.reason).toBe("verification_challenge_sent");
+
+    // Second message from the same user — session already exists, so
+    // falls through to standard deny path
+    const req2 = buildSlackInboundRequest({
+      externalMessageId: `msg-${Date.now()}-second`,
+    });
+    const resp2 = await handleChannelInbound(
+      req2,
+      undefined,
+      TEST_BEARER_TOKEN,
+    );
+    const json2 = (await resp2.json()) as Record<string, unknown>;
+    expect(json2.denied).toBe(true);
+    expect(json2.reason).toBe("not_a_member");
+
+    // No DM was sent at all
+  });
+
+  test("different Slack user is not suppressed by existing session for another user", async () => {
+    // First message from user A creates a session
+    const req1 = buildSlackInboundRequest({
+      actorExternalId: "U_USER_A",
+      actorDisplayName: "User A",
+    });
+    const resp1 = await handleChannelInbound(
+      req1,
+      undefined,
+      TEST_BEARER_TOKEN,
+    );
+    const json1 = (await resp1.json()) as Record<string, unknown>;
+    expect(json1.reason).toBe("verification_challenge_sent");
+
+    // Second message from user B — should get their own challenge
+    const req2 = buildSlackInboundRequest({
+      actorExternalId: "U_USER_B",
+      actorDisplayName: "User B",
+      externalMessageId: `msg-${Date.now()}-user-b`,
+    });
+    const resp2 = await handleChannelInbound(
+      req2,
+      undefined,
+      TEST_BEARER_TOKEN,
+    );
+    const json2 = (await resp2.json()) as Record<string, unknown>;
+    expect(json2.reason).toBe("verification_challenge_sent");
+    expect(json2.verificationSessionId).toBeDefined();
+
+    // No DMs sent to requesters — guardian gets code via notification flow
+  });
+
+  test("non-Slack channels still use standard access request flow", async () => {
+    const req = buildSlackInboundRequest({
+      sourceChannel: "telegram",
+      interface: "telegram",
+      replyCallbackUrl: "http://localhost:7830/deliver/telegram",
+    });
+    const resp = await handleChannelInbound(req, undefined, TEST_BEARER_TOKEN);
+    const json = (await resp.json()) as Record<string, unknown>;
+
+    // Standard deny path — no verification challenge
+    expect(json.denied).toBe(true);
+    expect(json.reason).toBe("not_a_member");
+
+    // No Slack DM was sent
+  });
+
+  test("user can verify by replying with the code in the DM", async () => {
+    // Step 1: Unknown user sends a message, gets verification challenge
+    const req = buildSlackInboundRequest();
+    await handleChannelInbound(req, undefined, TEST_BEARER_TOKEN);
+
+    const session = findActiveSession("self", "slack");
+    expect(session).not.toBeNull();
+
+    // The challenge hash is stored in the session — extract the secret
+    // from the DM text sent to the user. The code is embedded in the
+    // template text. Since we're using a 6-digit code for identity-bound
+    // sessions, extract it from the session's challengeHash by consuming
+    // the challenge directly.
+    // The session was created with createOutboundSession which generates
+    // a 6-digit code. We can validate by calling validateAndConsumeChallenge
+    // with the correct secret. Since the mock captures the DM text, we
+    // can extract the code indirectly. But for testing, we just verify
+    // the session properties and that validateAndConsumeChallenge works
+    // with the correct identity.
+
+    // The actual secret was sent in the DM. For this test, let's use the
+    // session directly via the channel-guardian-service to verify the
+    // consume path works.
+    // The DM text contains the verification code implicitly (it's in the
+    // template message). Since we need to test the full round-trip, let's
+    // verify via the inbound handler by sending the code as a message.
+
+    // Extract the session's challenge hash and verify that submitting the
+    // correct code works. We create a fresh session with a known secret for
+    // this part of the test.
+    resetState();
+
+    // Create a verification session manually to test the consume path
+    const { createOutboundSession } =
+      await import("../runtime/channel-guardian-service.js");
+
+    const outboundSession = createOutboundSession({
+      assistantId: "self",
+      channel: "slack",
+      expectedExternalUserId: "U0123UNKNOWN",
+      expectedChatId: "U0123UNKNOWN",
+      identityBindingStatus: "bound",
+      destinationAddress: "U0123UNKNOWN",
+      verificationPurpose: "trusted_contact",
+    });
+
+    // User replies with the code in the DM
+    const verifyReq = buildSlackInboundRequest({
+      conversationExternalId: "U0123UNKNOWN",
+      content: outboundSession.secret,
+      externalMessageId: `msg-verify-${Date.now()}`,
+    });
+    const verifyResp = await handleChannelInbound(
+      verifyReq,
+      undefined,
+      TEST_BEARER_TOKEN,
+    );
+    const verifyJson = (await verifyResp.json()) as Record<string, unknown>;
+
+    expect(verifyJson.accepted).toBe(true);
+    expect(verifyJson.guardianVerification).toBe("verified");
+  });
+});

package/src/__tests__/slack-reaction-approvals.test.ts

@@ -0,0 +1,77 @@
+import { describe, expect, test } from "bun:test";
+
+import { parseReactionCallbackData } from "../runtime/routes/channel-route-shared.js";
+
+// =============================================================================
+// parseReactionCallbackData
+// =============================================================================
+
+describe("parseReactionCallbackData", () => {
+  test("maps +1 emoji to approve_once", () => {
+    const result = parseReactionCallbackData("reaction:+1");
+    expect(result).toEqual({
+      action: "approve_once",
+      source: "slack_reaction",
+    });
+  });
+
+  test("maps thumbsup emoji to approve_once", () => {
+    const result = parseReactionCallbackData("reaction:thumbsup");
+    expect(result).toEqual({
+      action: "approve_once",
+      source: "slack_reaction",
+    });
+  });
+
+  test("maps -1 emoji to reject", () => {
+    const result = parseReactionCallbackData("reaction:-1");
+    expect(result).toEqual({
+      action: "reject",
+      source: "slack_reaction",
+    });
+  });
+
+  test("maps thumbsdown emoji to reject", () => {
+    const result = parseReactionCallbackData("reaction:thumbsdown");
+    expect(result).toEqual({
+      action: "reject",
+      source: "slack_reaction",
+    });
+  });
+
+  test("maps alarm_clock emoji to approve_10m", () => {
+    const result = parseReactionCallbackData("reaction:alarm_clock");
+    expect(result).toEqual({
+      action: "approve_10m",
+      source: "slack_reaction",
+    });
+  });
+
+  test("maps white_check_mark emoji to approve_always", () => {
+    const result = parseReactionCallbackData("reaction:white_check_mark");
+    expect(result).toEqual({
+      action: "approve_always",
+      source: "slack_reaction",
+    });
+  });
+
+  test("returns null for unknown emoji", () => {
+    const result = parseReactionCallbackData("reaction:tada");
+    expect(result).toBeNull();
+  });
+
+  test("returns null for empty emoji name", () => {
+    const result = parseReactionCallbackData("reaction:");
+    expect(result).toBeNull();
+  });
+
+  test("returns null for non-reaction callback data", () => {
+    const result = parseReactionCallbackData("apr:req-1:approve_once");
+    expect(result).toBeNull();
+  });
+
+  test("returns null for plain text", () => {
+    const result = parseReactionCallbackData("yes");
+    expect(result).toBeNull();
+  });
+});

package/src/__tests__/slack-skill.test.ts

@@ -64,10 +64,11 @@ describe("slack skill TOOLS.json", () => {
     expect(names).toContain("slack_edit_message");
     expect(names).toContain("slack_delete_message");
     expect(names).toContain("slack_leave_channel");
+    expect(names).toContain("slack_channel_permissions");
   });
 
-  test("has 7 tools total", () => {
-    expect(toolsJson.tools.length).toBe(7);
+  test("has 8 tools total", () => {
+    expect(toolsJson.tools.length).toBe(8);
   });
 
   test("all tools have required fields", () => {

package/src/__tests__/starter-task-flow.test.ts

@@ -8,7 +8,6 @@ mock.module("../memory/app-store.js", () => ({
     return {
       id,
       name: "Home Base",
-      appType: "app",
       htmlDefinition:
         '<main id="home-base-root" data-vellum-home-base="v1"></main>',
     };

package/src/__tests__/tool-grant-request-escalation.test.ts

@@ -177,7 +177,8 @@ function makeContext(overrides: Partial<ToolContext> = {}): ToolContext {
 
 function guardianActor(overrides: Partial<ActorContext> = {}): ActorContext {
   return {
-    externalUserId: "guardian-1",
+    actorPrincipalId: "test-principal-id",
+    actorExternalUserId: "guardian-1",
     channel: "telegram",
     guardianPrincipalId: "test-principal-id",
     ...overrides,

package/src/__tests__/trusted-contact-inline-approval-integration.test.ts

@@ -237,7 +237,8 @@ function makeToolContext(overrides: Partial<ToolContext> = {}): ToolContext {
 
 function guardianActor(overrides: Partial<ActorContext> = {}): ActorContext {
   return {
-    externalUserId: "guardian-1",
+    actorPrincipalId: "test-principal-id",
+    actorExternalUserId: "guardian-1",
     channel: "telegram",
     guardianPrincipalId: "test-principal-id",
     ...overrides,

package/src/__tests__/trusted-contact-verification.test.ts

@@ -449,7 +449,9 @@ describe("trusted contact verification → member activation", () => {
     );
 
     expect(result.success).toBe(true);
-    expect(result.verificationType).toBe("guardian");
+    if (result.success) {
+      expect(result.verificationType).toBe("guardian");
+    }
 
     const guardianResult = findGuardianForChannel("telegram", "self");
     expect(guardianResult).toBeNull();

package/src/__tests__/voice-invite-redemption.test.ts

@@ -26,7 +26,7 @@ mock.module("../util/logger.js", () => ({
 
 import { upsertMember } from "../contacts/contacts-write.js";
 import { getSqlite, initializeDb, resetDb } from "../memory/db.js";
-import { createInvite, revokeInvite } from "../memory/ingress-invite-store.js";
+import { createInvite, revokeInvite } from "../memory/invite-store.js";
 import { redeemVoiceInviteCode } from "../runtime/invite-redemption-service.js";
 import { generateVoiceCode, hashVoiceCode } from "../util/voice-code.js";
 

package/src/amazon/client.ts

@@ -53,11 +53,8 @@ import type {
   ExtensionResponse,
 } from "../browser-extension-relay/protocol.js";
 import { extensionRelayServer } from "../browser-extension-relay/server.js";
-import { getGatewayInternalBaseUrl } from "../config/env.js";
-import {
-  isSigningKeyInitialized,
-  mintEdgeRelayToken,
-} from "../runtime/auth/token-service.js";
+import { isSigningKeyInitialized } from "../runtime/auth/token-service.js";
+import { gatewayPost } from "../runtime/gateway-internal-client.js";
 import type { ExtractedCredential } from "../tools/browser/network-recording-types.js";
 import { type AmazonSession, loadSession } from "./session.js";
 
@@ -91,26 +88,12 @@ export async function sendRelayCommand(
       "Auth signing key not initialized — browser-relay commands require the daemon to be running",
     );
   }
-  const token = mintEdgeRelayToken();
-
-  const resp = await fetch(
-    `${getGatewayInternalBaseUrl()}/v1/browser-relay/command`,
-    {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`,
-      },
-      body: JSON.stringify(command),
-    },
-  );
 
-  if (!resp.ok) {
-    const body = await resp.text();
-    throw new Error(`Relay HTTP command failed (${resp.status}): ${body}`);
-  }
-
-  return (await resp.json()) as ExtensionResponse;
+  const { data } = await gatewayPost<ExtensionResponse>(
+    "/v1/browser-relay/command",
+    command,
+  );
+  return data;
 }
 
 /** Thrown when the session is missing or expired. The CLI handles this specially. */

package/src/approvals/guardian-decision-primitive.ts

@@ -150,7 +150,9 @@ export interface ApplyGuardianDecisionParams {
   approval: GuardianApprovalRequest;
   /** The parsed decision (action + source + optional requestId). */
   decision: ApprovalDecisionResult;
-  /** External user ID of the actor making the decision. */
+  /** Principal ID of the actor making the decision (undefined in callback/interception paths without JWT/auth context). */
+  actorPrincipalId: string | undefined;
+  /** Channel-native external user ID of the deciding actor (Telegram user ID, phone, etc.). */
   actorExternalUserId: string | undefined;
   /** Channel the decision arrived on. */
   actorChannel: ChannelId;
@@ -180,6 +182,7 @@ export function applyGuardianDecision(
   const {
     approval,
     decision,
+    actorPrincipalId,
     actorExternalUserId,
     actorChannel,
     decisionContext,
@@ -222,22 +225,23 @@ export function applyGuardianDecision(
       : ("approved" as const);
   updateApprovalDecision(approval.id, {
     status: approvalStatus,
-    decidedByExternalUserId: actorExternalUserId,
+    decidedByExternalUserId: actorExternalUserId ?? actorPrincipalId,
   });
 
   // Mint a scoped grant when a guardian approves a tool-approval request.
-  // Skip when actorExternalUserId is undefined -- minting a grant without
+  // Skip when neither actor identity is available -- minting a grant without
   // a known guardian identity is meaningless (e.g. requester self-cancel).
+  const effectiveGuardianId = actorExternalUserId ?? actorPrincipalId;
   if (
     effectiveDecision.action !== "reject" &&
     matchedInfo &&
-    actorExternalUserId
+    effectiveGuardianId
   ) {
     tryMintToolApprovalGrant({
       approvalInfo: matchedInfo,
       approval,
       decisionChannel: actorChannel,
-      guardianExternalUserId: actorExternalUserId,
+      guardianExternalUserId: effectiveGuardianId,
     });
   }
 
@@ -507,7 +511,7 @@ export async function applyCanonicalGuardianDecision(
   const resolved = resolveCanonicalGuardianRequest(requestId, "pending", {
     status: targetStatus,
     answerText: userText,
-    decidedByExternalUserId: actorContext.externalUserId,
+    decidedByExternalUserId: actorContext.actorExternalUserId,
     decidedByPrincipalId: actorContext.guardianPrincipalId,
   });
 
@@ -574,7 +578,7 @@ export async function applyCanonicalGuardianDecision(
       request: resolved,
       actorChannel: actorContext.channel,
       guardianExternalUserId:
-        actorContext.externalUserId ??
+        actorContext.actorExternalUserId ??
         resolved.guardianExternalUserId ??
         undefined,
     });

package/src/approvals/guardian-request-resolvers.ts

@@ -42,8 +42,10 @@ const log = getLogger("guardian-request-resolvers");
 
 /** Actor context for the entity making the decision. */
 export interface ActorContext {
-  /** External user ID of the deciding actor (undefined for desktop actors). */
-  externalUserId: string | undefined;
+  /** Auth-identity principal ID of the deciding actor (undefined for callback-only actors). */
+  actorPrincipalId: string | undefined;
+  /** Channel-native external user ID (Telegram user ID, E.164 phone, etc.) of the deciding actor (undefined for desktop actors). Maps to `decided_by_external_user_id` DB column. */
+  actorExternalUserId: string | undefined;
   /** Channel the decision arrived on. */
   channel: string;
   /** Principal ID for authorization — must match the request's guardianPrincipalId. */
@@ -349,7 +351,7 @@ const accessRequestResolver: GuardianRequestResolver = {
       request.requesterChatId ?? request.requesterExternalUserId ?? "";
     const requesterLabel =
       requesterExternalUserId || requesterChatId || "the requester";
-    const decidedByExternalUserId = ctx.actor.externalUserId ?? "";
+    const decidedByExternalUserId = ctx.actor.actorExternalUserId ?? "";
     const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
     const desktopDeliverUrl = resolveDeliverCallbackUrlForChannel(channel);
     const desktopBearerToken = mintDaemonDeliveryToken();