@vellumai/assistant 0.4.37 → 0.4.41

package/src/__tests__/slack-channel-config.test.ts

@@ -52,25 +52,32 @@ mock.module("../util/logger.js", () => ({
 // Mock secure key storage
 let secureKeyStore: Record<string, string> = {};
 
-mock.module("../security/secure-keys.js", () => ({
-  getSecureKey: (account: string) => secureKeyStore[account] ?? undefined,
-  setSecureKey: (account: string, value: string) => {
+mock.module("../security/secure-keys.js", () => {
+  const syncSet = (account: string, value: string) => {
     secureKeyStore[account] = value;
     return true;
-  },
-  deleteSecureKey: (account: string) => {
+  };
+  const syncDelete = (account: string) => {
     if (account in secureKeyStore) {
       delete secureKeyStore[account];
-      return "deleted";
+      return "deleted" as const;
     }
-    return "not-found";
-  },
-  listSecureKeys: () => Object.keys(secureKeyStore),
-  getBackendType: () => "encrypted",
-  isDowngradedFromKeychain: () => false,
-  _resetBackend: () => {},
-  _setBackend: () => {},
-}));
+    return "not-found" as const;
+  };
+  return {
+    getSecureKey: (account: string) => secureKeyStore[account] ?? undefined,
+    setSecureKey: syncSet,
+    deleteSecureKey: syncDelete,
+    setSecureKeyAsync: async (account: string, value: string) =>
+      syncSet(account, value),
+    deleteSecureKeyAsync: async (account: string) => syncDelete(account),
+    listSecureKeys: () => Object.keys(secureKeyStore),
+    getBackendType: () => "encrypted",
+    isDowngradedFromKeychain: () => false,
+    _resetBackend: () => {},
+    _setBackend: () => {},
+  };
+});
 
 // Mock credential metadata store
 let credentialMetadataStore: Array<{
@@ -245,7 +252,7 @@ describe("Slack channel config handler", () => {
     expect(result.error).toContain("invalid_auth");
   });
 
-  test("DELETE clears credentials", () => {
+  test("DELETE clears credentials", async () => {
     secureKeyStore["credential:slack_channel:bot_token"] = "xoxb-test";
     secureKeyStore["credential:slack_channel:app_token"] = "xapp-test";
     credentialMetadataStore.push({
@@ -257,7 +264,7 @@ describe("Slack channel config handler", () => {
       field: "app_token",
     });
 
-    const result = clearSlackChannelConfig();
+    const result = await clearSlackChannelConfig();
     expect(result.success).toBe(true);
     expect(result.hasBotToken).toBe(false);
     expect(result.hasAppToken).toBe(false);

package/src/__tests__/slack-share-routes.test.ts

@@ -0,0 +1,263 @@
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+// ---------------------------------------------------------------------------
+// Mocks — must be declared before any imports that pull in mocked modules
+// ---------------------------------------------------------------------------
+
+const secureKeyValues = new Map<string, string>();
+mock.module("../security/secure-keys.js", () => ({
+  getSecureKey: (key: string) => secureKeyValues.get(key),
+  setSecureKeyAsync: async () => {},
+}));
+
+let listConversationsResult: unknown = { ok: true, channels: [] };
+let postMessageResult: unknown = {
+  ok: true,
+  ts: "1234567890.123456",
+  channel: "C123",
+  message: { ts: "1234567890.123456", text: "", type: "message" },
+};
+let userInfoResults: Map<string, unknown> = new Map();
+
+mock.module("../messaging/providers/slack/client.js", () => ({
+  listConversations: async () => listConversationsResult,
+  postMessage: async (
+    _token: string,
+    _channel: string,
+    _text: string,
+    _opts?: unknown,
+  ) => postMessageResult,
+  userInfo: async (_token: string, userId: string) => {
+    const result = userInfoResults.get(userId);
+    if (result) return result;
+    throw new Error(`User not found: ${userId}`);
+  },
+}));
+
+let appStoreResult: unknown = null;
+mock.module("../memory/app-store.js", () => ({
+  getApp: (_id: string) => appStoreResult,
+  getAppsDir: () => "/tmp/apps",
+  isMultifileApp: () => false,
+  listApps: () => [],
+}));
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () => ({
+    info: () => {},
+    warn: () => {},
+    error: () => {},
+    debug: () => {},
+    trace: () => {},
+    fatal: () => {},
+    child: () => ({
+      info: () => {},
+      warn: () => {},
+      error: () => {},
+      debug: () => {},
+    }),
+  }),
+}));
+
+// ---------------------------------------------------------------------------
+// Import under test (after mocks)
+// ---------------------------------------------------------------------------
+
+const { handleListSlackChannels, handleShareToSlackChannel } =
+  await import("../runtime/routes/slack-share-routes.js");
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function makeRequest(body: unknown): Request {
+  return new Request("http://localhost/v1/slack/share", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body),
+  });
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+beforeEach(() => {
+  secureKeyValues.clear();
+  listConversationsResult = { ok: true, channels: [] };
+  userInfoResults = new Map();
+  appStoreResult = null;
+  postMessageResult = {
+    ok: true,
+    ts: "1234567890.123456",
+    channel: "C123",
+    message: { ts: "1234567890.123456", text: "", type: "message" },
+  };
+});
+
+describe("handleListSlackChannels", () => {
+  test("returns 503 when no token is configured", async () => {
+    const res = await handleListSlackChannels();
+    expect(res.status).toBe(503);
+    const json = (await res.json()) as { error: { code: string } };
+    expect(json.error.code).toBe("SERVICE_UNAVAILABLE");
+  });
+
+  test("returns channels sorted by type then name", async () => {
+    secureKeyValues.set(
+      "credential:integration:slack:access_token",
+      "xoxb-test",
+    );
+
+    listConversationsResult = {
+      ok: true,
+      channels: [
+        {
+          id: "D1",
+          name: undefined,
+          is_im: true,
+          user: "U1",
+          is_private: true,
+        },
+        { id: "C2", name: "beta-channel", is_channel: true },
+        { id: "C1", name: "alpha-channel", is_channel: true },
+        { id: "G1", name: "group-chat", is_mpim: true, is_private: true },
+      ],
+    };
+
+    userInfoResults.set("U1", {
+      ok: true,
+      user: {
+        id: "U1",
+        name: "alice",
+        profile: { display_name: "Alice Smith" },
+      },
+    });
+
+    const res = await handleListSlackChannels();
+    expect(res.status).toBe(200);
+    const json = (await res.json()) as {
+      channels: Array<{
+        id: string;
+        name: string;
+        type: string;
+        isPrivate: boolean;
+      }>;
+    };
+
+    expect(json.channels).toHaveLength(4);
+    // Channels first (alphabetical)
+    expect(json.channels[0]).toEqual({
+      id: "C1",
+      name: "alpha-channel",
+      type: "channel",
+      isPrivate: false,
+    });
+    expect(json.channels[1]).toEqual({
+      id: "C2",
+      name: "beta-channel",
+      type: "channel",
+      isPrivate: false,
+    });
+    // Groups
+    expect(json.channels[2]).toEqual({
+      id: "G1",
+      name: "group-chat",
+      type: "group",
+      isPrivate: true,
+    });
+    // DMs (name resolved from userInfo)
+    expect(json.channels[3]).toEqual({
+      id: "D1",
+      name: "Alice Smith",
+      type: "dm",
+      isPrivate: true,
+    });
+  });
+
+  test("falls back to legacy bot token", async () => {
+    secureKeyValues.set("credential:slack_channel:bot_token", "xoxb-legacy");
+
+    listConversationsResult = { ok: true, channels: [] };
+
+    const res = await handleListSlackChannels();
+    expect(res.status).toBe(200);
+  });
+});
+
+describe("handleShareToSlackChannel", () => {
+  test("returns 503 when no token is configured", async () => {
+    const req = makeRequest({ appId: "app1", channelId: "C1" });
+    const res = await handleShareToSlackChannel(req);
+    expect(res.status).toBe(503);
+  });
+
+  test("returns 400 for malformed JSON", async () => {
+    secureKeyValues.set(
+      "credential:integration:slack:access_token",
+      "xoxb-test",
+    );
+    const req = new Request("http://localhost/v1/slack/share", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: "not json",
+    });
+    const res = await handleShareToSlackChannel(req);
+    expect(res.status).toBe(400);
+  });
+
+  test("returns 400 when missing required fields", async () => {
+    secureKeyValues.set(
+      "credential:integration:slack:access_token",
+      "xoxb-test",
+    );
+    const req = makeRequest({ appId: "app1" });
+    const res = await handleShareToSlackChannel(req);
+    expect(res.status).toBe(400);
+    const json = (await res.json()) as { error: { message: string } };
+    expect(json.error.message).toContain("Missing required fields");
+  });
+
+  test("returns 404 when app not found", async () => {
+    secureKeyValues.set(
+      "credential:integration:slack:access_token",
+      "xoxb-test",
+    );
+    appStoreResult = null;
+    const req = makeRequest({ appId: "missing-app", channelId: "C1" });
+    const res = await handleShareToSlackChannel(req);
+    expect(res.status).toBe(404);
+  });
+
+  test("posts message and returns success", async () => {
+    secureKeyValues.set(
+      "credential:integration:slack:access_token",
+      "xoxb-test",
+    );
+    appStoreResult = {
+      id: "app1",
+      name: "My App",
+      description: "A great app",
+      htmlDefinition: "<div></div>",
+      schemaJson: "{}",
+      createdAt: 0,
+      updatedAt: 0,
+    };
+
+    const req = makeRequest({
+      appId: "app1",
+      channelId: "C123",
+      message: "Check this out!",
+    });
+    const res = await handleShareToSlackChannel(req);
+    expect(res.status).toBe(200);
+    const json = (await res.json()) as {
+      ok: boolean;
+      ts: string;
+      channel: string;
+    };
+    expect(json.ok).toBe(true);
+    expect(json.ts).toBe("1234567890.123456");
+    expect(json.channel).toBe("C123");
+  });
+});

package/src/__tests__/sms-messaging-provider.test.ts

@@ -21,11 +21,13 @@ let secureKeys: Record<string, string | undefined> = {
 };
 
 let configState: {
+  twilio?: { accountSid?: string };
   sms?: {
     phoneNumber?: string;
     assistantPhoneNumbers?: Record<string, string>;
   };
 } = {
+  twilio: { accountSid: "AC1234567890" },
   sms: {},
 };
 
@@ -71,7 +73,7 @@ describe("smsMessagingProvider", () => {
       "credential:twilio:account_sid": "AC1234567890",
       "credential:twilio:auth_token": "auth-token",
     };
-    configState = { sms: {} };
+    configState = { twilio: { accountSid: "AC1234567890" }, sms: {} };
     delete process.env.TWILIO_PHONE_NUMBER;
     delete process.env.GATEWAY_INTERNAL_BASE_URL;
     delete process.env.GATEWAY_PORT;

package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts

@@ -91,7 +91,7 @@ import { getResolver } from "../approvals/guardian-request-resolvers.js";
 import { findContactChannel } from "../contacts/contact-store.js";
 import {
   createGuardianBinding,
-  upsertMember,
+  upsertContactChannel,
 } from "../contacts/contacts-write.js";
 import { createApprovalRequest } from "../memory/channel-guardian-store.js";
 import { getDb, initializeDb, resetDb } from "../memory/db.js";
@@ -174,7 +174,7 @@ describe("trusted contact lifecycle notification signals", () => {
       guardianPrincipalId: "guardian-user-789",
       verifiedVia: "test",
     });
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "guardian-user-789",
       externalChatId: "guardian-chat-789",
@@ -253,7 +253,7 @@ describe("trusted contact lifecycle notification signals", () => {
       guardianPrincipalId: "guardian-user-789",
       verifiedVia: "test",
     });
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "guardian-user-789",
       externalChatId: "guardian-chat-789",
@@ -328,7 +328,7 @@ describe("trusted contact lifecycle notification signals", () => {
       guardianPrincipalId: "guardian-user-789",
       verifiedVia: "test",
     });
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "guardian-user-789",
       externalChatId: "guardian-chat-789",
@@ -448,7 +448,7 @@ describe("trusted contact activated notification signal", () => {
       verifiedVia: "test",
     });
 
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "requester-user-456",
       externalChatId: "chat-123",
@@ -509,7 +509,7 @@ describe("trusted contact activated notification signal", () => {
   test("voice access_request resolver has registered handler for access_request kind", () => {
     // The access_request resolver is registered during module load. When the
     // source channel is 'voice', it should directly activate the member via
-    // upsertMember (no verification session). This test validates the resolver
+    // upsertContactChannel (no verification session). This test validates the resolver
     // is registered and accessible.
     const resolver = getResolver("access_request");
     expect(resolver).toBeDefined();
@@ -549,7 +549,7 @@ describe("trusted contact activated notification signal", () => {
     );
     expect(activatedSignals.length).toBe(1);
 
-    // Verify the member was already persisted (the signal fires after upsertMember)
+    // Verify the member was already persisted (the signal fires after upsertContactChannel)
     const result = findContactChannel({
       channelType: "telegram",
       externalUserId: "requester-user-456",

package/src/__tests__/trusted-contact-multichannel.test.ts

@@ -98,7 +98,7 @@ mock.module("../runtime/approval-message-composer.js", () => ({
 import { findContactChannel } from "../contacts/contact-store.js";
 import {
   createGuardianBinding,
-  upsertMember,
+  upsertContactChannel,
 } from "../contacts/contacts-write.js";
 import { getDb, initializeDb, resetDb } from "../memory/db.js";
 import {
@@ -279,7 +279,7 @@ for (const config of CHANNEL_CONFIGS) {
         expect(challengeResult.verificationType).toBe("trusted_contact");
       }
 
-      upsertMember({
+      upsertContactChannel({
         sourceChannel: config.channel,
         externalUserId: config.senderExternalUserId,
         externalChatId: config.externalChatId,
@@ -302,7 +302,7 @@ for (const config of CHANNEL_CONFIGS) {
 
     test("no cross-channel leakage between member records", () => {
       // Create a member for this channel
-      upsertMember({
+      upsertContactChannel({
         sourceChannel: config.channel,
         externalUserId: config.senderExternalUserId,
         externalChatId: config.externalChatId,

package/src/__tests__/trusted-contact-verification.test.ts

@@ -47,7 +47,7 @@ import {
 import {
   createGuardianBinding,
   revokeMember,
-  upsertMember,
+  upsertContactChannel,
 } from "../contacts/contacts-write.js";
 import { getDb, initializeDb, resetDb } from "../memory/db.js";
 import { resolveActorTrust } from "../runtime/actor-trust-resolver.js";
@@ -115,7 +115,7 @@ describe("trusted contact verification → member activation", () => {
     }
 
     // Simulate the member upsert that inbound-message-handler performs on success
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "requester-user-123",
       externalChatId: "requester-chat-123",
@@ -141,7 +141,7 @@ describe("trusted contact verification → member activation", () => {
   });
 
   test("resolveActorTrust surfaces member displayName when sender displayName is missing", () => {
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "requester-user-jeff",
       externalChatId: "requester-chat-jeff",
@@ -169,7 +169,7 @@ describe("trusted contact verification → member activation", () => {
   });
 
   test("resolveActorTrust prioritizes member displayName over sender displayName", () => {
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "requester-user-jeff-priority",
       externalChatId: "requester-chat-jeff-priority",
@@ -201,7 +201,7 @@ describe("trusted contact verification → member activation", () => {
   test("resolveActorTrust falls back to sender metadata when member record matches chat but not sender (group chat)", () => {
     // Simulate a group chat: member record exists for a different user who
     // shares the same externalChatId (e.g., Telegram group).
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "other-user-in-group",
       externalChatId: "shared-group-chat",
@@ -251,7 +251,7 @@ describe("trusted contact verification → member activation", () => {
     );
 
     // Simulate member upsert on verification success
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "requester-user-456",
       externalChatId: "requester-chat-456",
@@ -289,7 +289,7 @@ describe("trusted contact verification → member activation", () => {
       "chat-cross-test",
     );
 
-    upsertMember({
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "user-cross-test",
       externalChatId: "chat-cross-test",
@@ -315,7 +315,7 @@ describe("trusted contact verification → member activation", () => {
 
   test("re-verification of previously revoked member reactivates them", () => {
     // Create and activate a member
-    const member = upsertMember({
+    const member = upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "user-revoked",
       externalChatId: "chat-revoked",
@@ -359,8 +359,8 @@ describe("trusted contact verification → member activation", () => {
       expect(result.verificationType).toBe("trusted_contact");
     }
 
-    // upsertMember reactivates the existing record
-    upsertMember({
+    // upsertContactChannel reactivates the existing record
+    upsertContactChannel({
       sourceChannel: "telegram",
       externalUserId: "user-revoked",
       externalChatId: "chat-revoked",

package/src/__tests__/twilio-config.test.ts

@@ -3,7 +3,6 @@ import { beforeEach, describe, expect, mock, test } from "bun:test";
 // ── Mocks (must come before source imports) ──────────────────────────
 
 let mockSecureKeys: Record<string, string | null> = {};
-let mockPhoneNumberEnv: string | undefined;
 let mockLoadConfigResult: Record<string, unknown> = {};
 
 mock.module("../util/logger.js", () => ({
@@ -17,11 +16,6 @@ mock.module("../security/secure-keys.js", () => ({
   getSecureKey: (key: string) => mockSecureKeys[key] ?? null,
 }));
 
-mock.module("../config/env.js", () => ({
-  isHttpAuthDisabled: () => true,
-  getTwilioPhoneNumberEnv: () => mockPhoneNumberEnv,
-}));
-
 mock.module("../config/loader.js", () => ({
   loadConfig: () => mockLoadConfigResult,
 }));
@@ -36,12 +30,13 @@ import { getTwilioConfig } from "../calls/twilio-config.js";
 describe("twilio-config", () => {
   beforeEach(() => {
     mockSecureKeys = {
-      "credential:twilio:account_sid": "AC_test_sid",
       "credential:twilio:auth_token": "test_auth_token",
     };
-    mockPhoneNumberEnv = undefined;
     mockLoadConfigResult = {
-      sms: { phoneNumber: "+15551234567" },
+      twilio: {
+        accountSid: "AC_test_sid",
+        phoneNumber: "+15551234567",
+      },
     };
   });
 
@@ -55,7 +50,9 @@ describe("twilio-config", () => {
   });
 
   test("throws ConfigError when account SID is missing", () => {
-    mockSecureKeys["credential:twilio:account_sid"] = null;
+    mockLoadConfigResult = {
+      twilio: { accountSid: "", phoneNumber: "+15551234567" },
+    };
     expect(() => getTwilioConfig()).toThrow(
       /Twilio credentials not configured/,
     );
@@ -69,36 +66,18 @@ describe("twilio-config", () => {
   });
 
   test("throws ConfigError when phone number is missing", () => {
-    mockLoadConfigResult = { sms: {} };
-    mockPhoneNumberEnv = undefined;
-    mockSecureKeys["credential:twilio:phone_number"] = null;
+    mockLoadConfigResult = {
+      twilio: { accountSid: "AC_test_sid", phoneNumber: "" },
+    };
     expect(() => getTwilioConfig()).toThrow(
       /Twilio phone number not configured/,
     );
   });
 
-  test("prefers TWILIO_PHONE_NUMBER env var over config phone number", () => {
-    mockPhoneNumberEnv = "+15559999999";
-    const config = getTwilioConfig();
-    expect(config.phoneNumber).toBe("+15559999999");
-  });
-
-  test("falls back to secure key for phone number", () => {
-    mockLoadConfigResult = { sms: {} };
-    mockPhoneNumberEnv = undefined;
-    mockSecureKeys["credential:twilio:phone_number"] = "+15558888888";
-    const config = getTwilioConfig();
-    expect(config.phoneNumber).toBe("+15558888888");
-  });
-
-  test("returns global phone number when assistantPhoneNumbers mapping exists", () => {
-    mockLoadConfigResult = {
-      sms: {
-        phoneNumber: "+15551234567",
-        assistantPhoneNumbers: { "ast-1": "+15557777777" },
-      },
-    };
-    const config = getTwilioConfig();
-    expect(config.phoneNumber).toBe("+15551234567");
+  test("throws ConfigError when twilio config section is absent", () => {
+    mockLoadConfigResult = {};
+    expect(() => getTwilioConfig()).toThrow(
+      /Twilio credentials not configured/,
+    );
   });
 });

package/src/__tests__/twilio-provider.test.ts

@@ -33,6 +33,10 @@ mock.module("../util/logger.js", () => ({
 let mockAuthToken: string | undefined = "test-auth-token-secret";
 let mockAccountSid: string | undefined = "AC_test_account";
 
+mock.module("../config/loader.js", () => ({
+  loadConfig: () => ({ twilio: { accountSid: mockAccountSid } }),
+}));
+
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: (account: string) => {
     if (account === "credential:twilio:auth_token") return mockAuthToken;