@vellumai/assistant 0.4.35 → 0.4.37

package/src/__tests__/dynamic-skill-workflow-prompt.test.ts

@@ -7,7 +7,10 @@ const TEST_DIR = join(tmpdir(), `vellum-dyn-skill-test-${crypto.randomUUID()}`);
 
 import { mock } from "bun:test";
 
+// eslint-disable-next-line @typescript-eslint/no-require-imports
+const realPlatform = require("../util/platform.js");
 mock.module("../util/platform.js", () => ({
+  ...realPlatform,
   getRootDir: () => TEST_DIR,
   getDataDir: () => TEST_DIR,
   getWorkspaceDir: () => TEST_DIR,
@@ -31,19 +34,27 @@ mock.module("../util/platform.js", () => ({
   isWindows: () => process.platform === "win32",
   getPlatformName: () => process.platform,
   getClipboardCommand: () => null,
+  readSessionToken: () => null,
   removeSocketFile: () => {},
   migratePath: () => {},
   migrateToWorkspaceLayout: () => {},
   migrateToDataLayout: () => {},
 }));
 
+const noopLogger = new Proxy({} as Record<string, unknown>, {
+  get: (_target, prop) => (prop === "child" ? () => noopLogger : () => {}),
+});
+
+// eslint-disable-next-line @typescript-eslint/no-require-imports
+const realLogger = require("../util/logger.js");
 mock.module("../util/logger.js", () => ({
-  getLogger: () =>
-    new Proxy({} as Record<string, unknown>, {
-      get: () => () => {},
-    }),
+  ...realLogger,
+  getLogger: () => noopLogger,
+  getCliLogger: () => noopLogger,
   isDebug: () => false,
   truncateForLog: (v: string) => v,
+  initLogger: () => {},
+  pruneOldLogFiles: () => 0,
 }));
 
 mock.module("../config/loader.js", () => ({
@@ -53,6 +64,14 @@ mock.module("../config/loader.js", () => ({
       "feature_flags.browser.enabled": true,
     },
   }),
+  loadConfig: () => ({}),
+  loadRawConfig: () => ({}),
+  saveConfig: () => {},
+  saveRawConfig: () => {},
+  invalidateConfigCache: () => {},
+  getNestedValue: () => undefined,
+  setNestedValue: () => {},
+  syncConfigToLockfile: () => {},
 }));
 
 const { buildSystemPrompt } = await import("../config/system-prompt.js");

package/src/__tests__/email-invite-adapter.test.ts

@@ -0,0 +1,78 @@
+/**
+ * Tests for the email invite adapter.
+ *
+ * Verifies that the email adapter resolves the assistant's real inbox
+ * address when one is configured and falls back to `undefined` (triggering
+ * generic invite instructions) when no inbox exists.
+ */
+import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
+
+import { resolveAdapterHandle } from "../runtime/channel-invite-transport.js";
+import { emailInviteAdapter } from "../runtime/channel-invite-transports/email.js";
+
+// ---------------------------------------------------------------------------
+// Mock the EmailService singleton
+// ---------------------------------------------------------------------------
+
+let mockPrimaryAddress: string | undefined;
+
+mock.module("../email/service.js", () => ({
+  getEmailService: () => ({
+    getPrimaryInboxAddress: async () => mockPrimaryAddress,
+  }),
+  // Re-export other symbols that callers might need
+  EmailService: class {},
+  _resetEmailService: () => {},
+}));
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("emailInviteAdapter", () => {
+  beforeEach(() => {
+    mockPrimaryAddress = undefined;
+  });
+
+  afterEach(() => {
+    mockPrimaryAddress = undefined;
+  });
+
+  test("returns configured email address via resolveChannelHandleAsync", async () => {
+    mockPrimaryAddress = "hello@mycompany.agentmail.to";
+
+    const handle = await resolveAdapterHandle(emailInviteAdapter);
+    expect(handle).toBe("hello@mycompany.agentmail.to");
+  });
+
+  test("returns undefined when no inbox is configured", async () => {
+    mockPrimaryAddress = undefined;
+
+    const handle = await resolveAdapterHandle(emailInviteAdapter);
+    expect(handle).toBeUndefined();
+  });
+
+  test("adapter channel is email", () => {
+    expect(emailInviteAdapter.channel).toBe("email");
+  });
+
+  test("does not define sync resolveChannelHandle", () => {
+    // The email adapter uses the async path exclusively
+    expect(emailInviteAdapter.resolveChannelHandle).toBeUndefined();
+  });
+
+  test("does not define buildShareLink or extractInboundToken", () => {
+    expect(emailInviteAdapter.buildShareLink).toBeUndefined();
+    expect(emailInviteAdapter.extractInboundToken).toBeUndefined();
+  });
+
+  test("returns config fallback address when provider has no inboxes", async () => {
+    // Simulates the config fallback: provider returns no inboxes, but
+    // email.address is set in workspace config. The service's
+    // getPrimaryInboxAddress() should return the configured address.
+    mockPrimaryAddress = "configured@example.com";
+
+    const handle = await resolveAdapterHandle(emailInviteAdapter);
+    expect(handle).toBe("configured@example.com");
+  });
+});

package/src/__tests__/email-service-config-fallback.test.ts

@@ -0,0 +1,102 @@
+/**
+ * Tests that getPrimaryInboxAddress() falls back to the workspace config's
+ * email.address when the provider can't list inboxes.
+ */
+import { afterEach, describe, expect, mock, test } from "bun:test";
+
+// ---------------------------------------------------------------------------
+// Mock dependencies before importing the service
+// ---------------------------------------------------------------------------
+
+let mockProviderThrows = false;
+let mockProviderInboxes: { address: string }[] = [];
+
+mock.module("../email/providers/index.js", () => ({
+  createProvider: async () => ({
+    name: "mock",
+    health: async () => {
+      if (mockProviderThrows) throw new Error("provider unavailable");
+      return { inboxes: mockProviderInboxes, domains: [] };
+    },
+  }),
+  getActiveProviderName: () => "mock",
+}));
+
+let mockRawConfig: Record<string, unknown> = {};
+
+mock.module("../config/loader.js", () => ({
+  loadRawConfig: () => mockRawConfig,
+  getNestedValue: (obj: Record<string, unknown>, path: string) => {
+    const keys = path.split(".");
+    let current: unknown = obj;
+    for (const key of keys) {
+      if (current == null || typeof current !== "object") return undefined;
+      current = (current as Record<string, unknown>)[key];
+    }
+    return current;
+  },
+  saveRawConfig: () => {},
+  setNestedValue: () => {},
+}));
+
+// Stub guardrails (imported by service.ts but not relevant here)
+mock.module("../cli/email-guardrails.js", () => ({
+  addAddressRule: () => ({}),
+  checkSendGuardrails: () => null,
+  getGuardrailsStatus: () => ({}),
+  incrementDailySendCount: () => 0,
+  listRules: () => [],
+  removeAddressRule: () => false,
+  setDailySendCap: () => {},
+  setOutboundPaused: () => {},
+}));
+
+// Now import the service under test
+const { EmailService } = await import("../email/service.js");
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("getPrimaryInboxAddress — config fallback", () => {
+  afterEach(() => {
+    mockProviderThrows = false;
+    mockProviderInboxes = [];
+    mockRawConfig = {};
+  });
+
+  test("returns provider inbox address when available", async () => {
+    mockProviderInboxes = [{ address: "inbox@provider.example" }];
+    const svc = new EmailService();
+
+    const addr = await svc.getPrimaryInboxAddress();
+    expect(addr).toBe("inbox@provider.example");
+  });
+
+  test("falls back to email.address from config when provider returns no inboxes", async () => {
+    mockProviderInboxes = [];
+    mockRawConfig = { email: { address: "configured@example.com" } };
+    const svc = new EmailService();
+
+    const addr = await svc.getPrimaryInboxAddress();
+    expect(addr).toBe("configured@example.com");
+  });
+
+  test("falls back to email.address from config when provider throws", async () => {
+    mockProviderThrows = true;
+    mockRawConfig = { email: { address: "fallback@example.com" } };
+    const svc = new EmailService();
+
+    const addr = await svc.getPrimaryInboxAddress();
+    expect(addr).toBe("fallback@example.com");
+  });
+
+  test("returns undefined when neither provider nor config has an address", async () => {
+    mockProviderThrows = true;
+    mockRawConfig = {};
+    const svc = new EmailService();
+
+    const addr = await svc.getPrimaryInboxAddress();
+    expect(addr).toBeUndefined();
+  });
+});

package/src/__tests__/encrypted-store.test.ts

@@ -106,20 +106,20 @@ describe("encrypted-store", () => {
       expect(getKey("anthropic")).toBe("new-value");
     });
 
-    test("deleteKey removes an entry and returns true", () => {
+    test("deleteKey removes an entry and returns deleted", () => {
       setKey("anthropic", "sk-ant-key123");
       const result = deleteKey("anthropic");
-      expect(result).toBe(true);
+      expect(result).toBe("deleted");
       expect(getKey("anthropic")).toBeUndefined();
     });
 
-    test("deleteKey returns false for nonexistent key", () => {
+    test("deleteKey returns not-found for nonexistent key", () => {
       setKey("anthropic", "value");
-      expect(deleteKey("nonexistent")).toBe(false);
+      expect(deleteKey("nonexistent")).toBe("not-found");
     });
 
-    test("deleteKey returns false when store does not exist", () => {
-      expect(deleteKey("anything")).toBe(false);
+    test("deleteKey returns not-found when store does not exist", () => {
+      expect(deleteKey("anything")).toBe("not-found");
     });
   });
 

package/src/__tests__/ephemeral-permissions.test.ts

@@ -36,7 +36,7 @@ mock.module("../util/logger.js", () => ({
 }));
 
 const testConfig: Record<string, any> = {
-  permissions: { mode: "legacy" as "legacy" | "strict" | "workspace" },
+  permissions: { mode: "workspace" as "strict" | "workspace" },
   skills: { load: { extraDirs: [] as string[] } },
   sandbox: { enabled: false },
 };
@@ -263,7 +263,7 @@ describe("ephemeral-permissions", () => {
   describe("check() with ephemeral rules", () => {
     beforeEach(() => {
       clearCache();
-      testConfig.permissions.mode = "legacy";
+      testConfig.permissions.mode = "workspace";
     });
 
     test("ephemeral allow rule auto-allows non-high-risk tool", async () => {
@@ -327,7 +327,7 @@ describe("ephemeral-permissions", () => {
     });
 
     afterEach(() => {
-      testConfig.permissions.mode = "legacy";
+      testConfig.permissions.mode = "workspace";
     });
 
     test("workspace mode auto-allows workspace-scoped file_write (medium risk)", async () => {

package/src/__tests__/gateway-only-enforcement.test.ts

@@ -128,7 +128,11 @@ mock.module("../security/secure-keys.js", () => ({
     return true;
   },
   deleteSecureKey: (key: string) => {
-    delete secureKeyStore[key];
+    if (key in secureKeyStore) {
+      delete secureKeyStore[key];
+      return "deleted";
+    }
+    return "not-found";
   },
 }));
 

package/src/__tests__/guardian-actions-endpoint.test.ts

@@ -16,8 +16,13 @@ import { join } from "node:path";
 import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
 
 const testDir = mkdtempSync(join(tmpdir(), "guardian-actions-endpoint-test-"));
+const previousBaseDataDir = process.env.BASE_DATA_DIR;
+process.env.BASE_DATA_DIR = testDir;
 
+// eslint-disable-next-line @typescript-eslint/no-require-imports
+const realPlatform = require("../util/platform.js");
 mock.module("../util/platform.js", () => ({
+  ...realPlatform,
   getDataDir: () => testDir,
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
@@ -29,11 +34,26 @@ mock.module("../util/platform.js", () => ({
   ensureDataDir: () => {},
 }));
 
+const noopLogger = {
+  info: () => {},
+  warn: () => {},
+  error: () => {},
+  debug: () => {},
+  trace: () => {},
+  fatal: () => {},
+  child: () => noopLogger,
+};
+
+// eslint-disable-next-line @typescript-eslint/no-require-imports
+const realLogger = require("../util/logger.js");
 mock.module("../util/logger.js", () => ({
-  getLogger: () =>
-    new Proxy({} as Record<string, unknown>, {
-      get: () => () => {},
-    }),
+  ...realLogger,
+  getLogger: () => noopLogger,
+  getCliLogger: () => noopLogger,
+  isDebug: () => false,
+  truncateForLog: (value: string) => value,
+  initLogger: () => {},
+  pruneOldLogFiles: () => 0,
 }));
 
 // Bypass HTTP auth so requireBoundGuardian does not reject the test principal.
@@ -106,6 +126,7 @@ const mockAuthContext: AuthContext = {
   policyEpoch: 1,
 };
 
+resetDb();
 initializeDb();
 
 function ensureConversation(id: string): void {
@@ -172,6 +193,11 @@ function createIpcStub() {
 
 afterAll(() => {
   resetDb();
+  if (previousBaseDataDir === undefined) {
+    delete process.env.BASE_DATA_DIR;
+  } else {
+    process.env.BASE_DATA_DIR = previousBaseDataDir;
+  }
   try {
     rmSync(testDir, { recursive: true });
   } catch {
@@ -184,7 +210,11 @@ afterAll(() => {
 // =========================================================================
 
 describe("HTTP handleGuardianActionDecision", () => {
-  beforeEach(resetTables);
+  beforeEach(() => {
+    resetDb();
+    initializeDb();
+    resetTables();
+  });
 
   test("rejects missing requestId", async () => {
     const req = new Request("http://localhost/v1/guardian-actions/decision", {
@@ -474,7 +504,11 @@ describe("HTTP handleGuardianActionDecision", () => {
 // =========================================================================
 
 describe("HTTP handleGuardianActionsPending", () => {
-  beforeEach(resetTables);
+  beforeEach(() => {
+    resetDb();
+    initializeDb();
+    resetTables();
+  });
 
   test("returns 400 when conversationId is missing", () => {
     const url = new URL("http://localhost/v1/guardian-actions/pending");
@@ -517,7 +551,11 @@ describe("HTTP handleGuardianActionsPending", () => {
 // =========================================================================
 
 describe("listGuardianDecisionPrompts", () => {
-  beforeEach(resetTables);
+  beforeEach(() => {
+    resetDb();
+    initializeDb();
+    resetTables();
+  });
 
   test("excludes expired canonical requests", () => {
     ensureConversation("conv-expired");
@@ -712,7 +750,11 @@ describe("listGuardianDecisionPrompts", () => {
 // =========================================================================
 
 describe("IPC guardian_action_decision", () => {
-  beforeEach(resetTables);
+  beforeEach(() => {
+    resetDb();
+    initializeDb();
+    resetTables();
+  });
 
   const handler = guardianActionsHandlers.guardian_action_decision;
 
@@ -952,7 +994,11 @@ describe("IPC guardian_action_decision", () => {
 // =========================================================================
 
 describe("IPC guardian_actions_pending_request", () => {
-  beforeEach(resetTables);
+  beforeEach(() => {
+    resetDb();
+    initializeDb();
+    resetTables();
+  });
 
   const handler = guardianActionsHandlers.guardian_actions_pending_request;
 
@@ -1039,7 +1085,11 @@ describe("IPC guardian_actions_pending_request", () => {
 // =========================================================================
 
 describe("integration: pending_question visible and actionable in guardian thread", () => {
-  beforeEach(resetTables);
+  beforeEach(() => {
+    resetDb();
+    initializeDb();
+    resetTables();
+  });
 
   test("pending_question delivered to guardian thread is visible via pending endpoint", () => {
     createTestCanonicalRequest({
@@ -1128,7 +1178,11 @@ describe("integration: pending_question visible and actionable in guardian threa
 // =========================================================================
 
 describe("integration: access_request visible and actionable in guardian thread", () => {
-  beforeEach(resetTables);
+  beforeEach(() => {
+    resetDb();
+    initializeDb();
+    resetTables();
+  });
 
   test("access_request delivered to guardian thread is visible via pending endpoint", () => {
     createTestCanonicalRequest({
@@ -1265,7 +1319,11 @@ describe("integration: access_request visible and actionable in guardian thread"
 // =========================================================================
 
 describe("integration: text/code fallback routing remains functional", () => {
-  beforeEach(resetTables);
+  beforeEach(() => {
+    resetDb();
+    initializeDb();
+    resetTables();
+  });
 
   test("requestCode is always present in prompt for text-based fallback", () => {
     createTestCanonicalRequest({