@vellumai/assistant 0.4.41 → 0.4.43
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +1 -6
- package/.prettierignore +3 -0
- package/ARCHITECTURE.md +131 -393
- package/Dockerfile +0 -1
- package/README.md +73 -83
- package/bun.lock +8 -2
- package/docs/architecture/integrations.md +16 -21
- package/docs/architecture/memory.md +1 -1
- package/docs/architecture/scheduling.md +63 -63
- package/docs/architecture/security.md +3 -3
- package/docs/runbook-trusted-contacts.md +11 -12
- package/docs/trusted-contact-access.md +39 -39
- package/package.json +5 -8
- package/src/__tests__/access-request-decision.test.ts +4 -4
- package/src/__tests__/active-skill-tools.test.ts +49 -34
- package/src/__tests__/actor-token-service.test.ts +55 -85
- package/src/__tests__/amazon-cdp-integration.test.ts +14 -26
- package/src/__tests__/app-bundler.test.ts +14 -368
- package/src/__tests__/app-compiler.test.ts +0 -1
- package/src/__tests__/app-executors.test.ts +10 -1
- package/src/__tests__/approval-hardcoded-copy-guard.test.ts +1 -1
- package/src/__tests__/approval-primitive.test.ts +2 -4
- package/src/__tests__/approval-routes-http.test.ts +1 -1
- package/src/__tests__/asset-materialize-tool.test.ts +1 -4
- package/src/__tests__/asset-search-tool.test.ts +1 -4
- package/src/__tests__/assistant-attachments.test.ts +23 -0
- package/src/__tests__/assistant-feature-flags-integration.test.ts +4 -8
- package/src/__tests__/assistant-id-boundary-guard.test.ts +5 -5
- package/src/__tests__/attachments-store.test.ts +1 -4
- package/src/__tests__/avatar-e2e.test.ts +43 -23
- package/src/__tests__/browser-fill-credential.test.ts +1 -1
- package/src/__tests__/bundled-skill-retrieval-guard.test.ts +2 -9
- package/src/__tests__/call-controller.test.ts +4 -8
- package/src/__tests__/call-conversation-messages.test.ts +1 -1
- package/src/__tests__/call-domain.test.ts +250 -8
- package/src/__tests__/call-pointer-message-composer.test.ts +14 -14
- package/src/__tests__/call-pointer-messages.test.ts +7 -11
- package/src/__tests__/call-recovery.test.ts +47 -0
- package/src/__tests__/call-routes-http.test.ts +13 -0
- package/src/__tests__/call-start-guardian-guard.test.ts +1 -1
- package/src/__tests__/callback-handoff-copy.test.ts +5 -5
- package/src/__tests__/canonical-guardian-store.test.ts +3 -3
- package/src/__tests__/channel-approval-routes.test.ts +101 -134
- package/src/__tests__/channel-approval.test.ts +0 -201
- package/src/__tests__/channel-approvals.test.ts +2 -2
- package/src/__tests__/channel-delivery-store.test.ts +16 -24
- package/src/__tests__/channel-guardian.test.ts +641 -740
- package/src/__tests__/channel-invite-transport.test.ts +1 -2
- package/src/__tests__/channel-policy.test.ts +9 -12
- package/src/__tests__/channel-readiness-service.test.ts +156 -45
- package/src/__tests__/channel-reply-delivery.test.ts +3 -3
- package/src/__tests__/channel-retry-sweep.test.ts +7 -7
- package/src/__tests__/checker.test.ts +10 -7
- package/src/__tests__/chrome-cdp.test.ts +57 -17
- package/src/__tests__/cli-help-reference-sync.test.ts +26 -0
- package/src/__tests__/compaction.benchmark.test.ts +25 -5
- package/src/__tests__/computer-use-session-lifecycle.test.ts +1 -1
- package/src/__tests__/computer-use-session-working-dir.test.ts +2 -6
- package/src/__tests__/computer-use-skill-lifecycle-cleanup.test.ts +1 -1
- package/src/__tests__/config-loader-backfill.test.ts +310 -0
- package/src/__tests__/config-watcher.test.ts +1 -5
- package/src/__tests__/confirmation-request-guardian-bridge.test.ts +3 -5
- package/src/__tests__/connection-policy.test.ts +3 -62
- package/src/__tests__/contacts-tools.test.ts +0 -2
- package/src/__tests__/context-memory-e2e.test.ts +11 -7
- package/src/__tests__/context-overflow-policy.test.ts +2 -2
- package/src/__tests__/context-window-manager.test.ts +220 -61
- package/src/__tests__/conversation-attention-store.test.ts +178 -2
- package/src/__tests__/conversation-attention-telegram.test.ts +8 -11
- package/src/__tests__/conversation-pairing.test.ts +14 -14
- package/src/__tests__/conversation-routes-guardian-reply.test.ts +1 -1
- package/src/__tests__/conversation-store.test.ts +2 -2
- package/src/__tests__/conversation-unread-route.test.ts +155 -0
- package/src/__tests__/credential-metadata-store.test.ts +0 -2
- package/src/__tests__/credential-security-invariants.test.ts +9 -16
- package/src/__tests__/credentials-cli.test.ts +49 -5
- package/src/__tests__/daemon-assistant-events.test.ts +4 -22
- package/src/__tests__/db-migration-rollback.test.ts +2 -2
- package/src/__tests__/deterministic-verification-control-plane.test.ts +19 -19
- package/src/__tests__/dictation-mode-detection.test.ts +1 -1
- package/src/__tests__/dynamic-page-surface.test.ts +2 -2
- package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +2 -6
- package/src/__tests__/email-cli.test.ts +12 -12
- package/src/__tests__/email-service-config-fallback.test.ts +1 -1
- package/src/__tests__/emit-signal-routing-intent.test.ts +3 -18
- package/src/__tests__/event-bus.test.ts +0 -1
- package/src/__tests__/followup-tools.test.ts +0 -2
- package/src/__tests__/gateway-client-managed-outbound.test.ts +6 -6
- package/src/__tests__/gateway-only-enforcement.test.ts +13 -77
- package/src/__tests__/gateway-only-guard.test.ts +5 -0
- package/src/__tests__/guardian-action-conversation-turn.test.ts +3 -3
- package/src/__tests__/guardian-action-followup-executor.test.ts +29 -94
- package/src/__tests__/guardian-action-followup-store.test.ts +2 -12
- package/src/__tests__/guardian-action-grant-mint-consume.test.ts +48 -194
- package/src/__tests__/guardian-action-late-reply.test.ts +12 -12
- package/src/__tests__/guardian-action-store.test.ts +2 -2
- package/src/__tests__/guardian-action-sweep.test.ts +5 -5
- package/src/__tests__/guardian-decision-primitive-canonical.test.ts +1 -3
- package/src/__tests__/guardian-dispatch.test.ts +5 -46
- package/src/__tests__/guardian-grant-minting.test.ts +5 -44
- package/src/__tests__/guardian-outbound-http.test.ts +95 -114
- package/src/__tests__/guardian-question-mode.test.ts +1 -4
- package/src/__tests__/guardian-routing-invariants.test.ts +5 -13
- package/src/__tests__/guardian-routing-state.test.ts +3 -3
- package/src/__tests__/guardian-verification-voice-binding.test.ts +64 -7
- package/src/__tests__/guardian-verify-setup-skill-regression.test.ts +2 -2
- package/src/__tests__/handle-user-message-secret-resume.test.ts +3 -5
- package/src/__tests__/handlers-user-message-approval-consumption.test.ts +16 -34
- package/src/__tests__/headless-browser-interactions.test.ts +1 -1
- package/src/__tests__/headless-browser-navigate.test.ts +1 -1
- package/src/__tests__/headless-browser-read-tools.test.ts +1 -1
- package/src/__tests__/headless-browser-snapshot.test.ts +1 -1
- package/src/__tests__/heartbeat-service.test.ts +1 -1
- package/src/__tests__/home-base-bootstrap.test.ts +0 -2
- package/src/__tests__/host-shell-tool.test.ts +3 -12
- package/src/__tests__/inbound-invite-redemption.test.ts +2 -2
- package/src/__tests__/ingress-url-consistency.test.ts +0 -64
- package/src/__tests__/integration-status.test.ts +8 -8
- package/src/__tests__/intent-routing.test.ts +9 -13
- package/src/__tests__/invite-redemption-service.test.ts +4 -4
- package/src/__tests__/invite-routes-http.test.ts +10 -10
- package/src/__tests__/llm-usage-store.test.ts +45 -9
- package/src/__tests__/local-gateway-health.test.ts +209 -0
- package/src/__tests__/managed-avatar-client.test.ts +23 -12
- package/src/__tests__/managed-skill-lifecycle.test.ts +1 -2
- package/src/__tests__/managed-store.test.ts +29 -12
- package/src/__tests__/managed-twitter-guardrails.test.ts +353 -0
- package/src/__tests__/mcp-cli.test.ts +1 -1
- package/src/__tests__/mcp-health-check.test.ts +1 -1
- package/src/__tests__/media-generate-image.test.ts +1 -1
- package/src/__tests__/media-reuse-story.e2e.test.ts +1 -4
- package/src/__tests__/memory-context-benchmark.benchmark.test.ts +9 -6
- package/src/__tests__/memory-regressions.test.ts +1 -166
- package/src/__tests__/messaging-send-tool.test.ts +8 -4
- package/src/__tests__/migration-export-http.test.ts +2 -2
- package/src/__tests__/migration-transport.test.ts +44 -0
- package/src/__tests__/non-member-access-request.test.ts +49 -36
- package/src/__tests__/notification-broadcaster.test.ts +15 -15
- package/src/__tests__/notification-decision-fallback.test.ts +2 -2
- package/src/__tests__/notification-decision-strategy.test.ts +4 -4
- package/src/__tests__/notification-deep-link.test.ts +3 -3
- package/src/__tests__/notification-guardian-path.test.ts +6 -44
- package/src/__tests__/notification-routing-intent.test.ts +11 -7
- package/src/__tests__/oauth-cli.test.ts +1 -1
- package/src/__tests__/onboarding-starter-tasks.test.ts +2 -6
- package/src/__tests__/onboarding-template-contract.test.ts +2 -2
- package/src/__tests__/platform.test.ts +168 -5
- package/src/__tests__/playbook-execution.test.ts +0 -2
- package/src/__tests__/playbook-tools.test.ts +0 -2
- package/src/__tests__/pricing.test.ts +125 -0
- package/src/__tests__/provider-error-scenarios.test.ts +9 -3
- package/src/__tests__/recording-handler.test.ts +46 -80
- package/src/__tests__/recording-state-machine.test.ts +112 -183
- package/src/__tests__/registry.test.ts +1 -1
- package/src/__tests__/relay-server.test.ts +69 -71
- package/src/__tests__/reminder-store.test.ts +3 -3
- package/src/__tests__/request-file-tool.test.ts +2 -2
- package/src/__tests__/ride-shotgun-handler.test.ts +2 -33
- package/src/__tests__/runtime-attachment-metadata.test.ts +3 -3
- package/src/__tests__/runtime-events-sse-parity.test.ts +1 -1
- package/src/__tests__/scaffold-managed-skill-tool.test.ts +4 -4
- package/src/__tests__/schedule-store.test.ts +13 -4
- package/src/__tests__/schedule-tools.test.ts +0 -2
- package/src/__tests__/scheduler-recurrence.test.ts +3 -4
- package/src/__tests__/scoped-approval-grants.test.ts +3 -5
- package/src/__tests__/scoped-grant-security-matrix.test.ts +6 -8
- package/src/__tests__/secret-prompt-log-hygiene.test.ts +1 -1
- package/src/__tests__/secret-response-routing.test.ts +1 -1
- package/src/__tests__/send-endpoint-busy.test.ts +1 -1
- package/src/__tests__/sequence-store.test.ts +0 -2
- package/src/__tests__/server-history-render.test.ts +2 -199
- package/src/__tests__/session-abort-tool-results.test.ts +9 -3
- package/src/__tests__/session-agent-loop.test.ts +107 -3
- package/src/__tests__/session-confirmation-signals.test.ts +10 -4
- package/src/__tests__/session-conflict-gate.test.ts +9 -3
- package/src/__tests__/session-init.benchmark.test.ts +22 -13
- package/src/__tests__/session-load-history-repair.test.ts +6 -3
- package/src/__tests__/session-pre-run-repair.test.ts +9 -3
- package/src/__tests__/session-profile-injection.test.ts +9 -3
- package/src/__tests__/session-provider-retry-repair.test.ts +10 -4
- package/src/__tests__/session-queue.test.ts +10 -4
- package/src/__tests__/session-runtime-assembly.test.ts +28 -18
- package/src/__tests__/session-skill-tools.test.ts +2 -3
- package/src/__tests__/session-slash-known.test.ts +11 -4
- package/src/__tests__/session-slash-queue.test.ts +11 -4
- package/src/__tests__/session-slash-unknown.test.ts +12 -4
- package/src/__tests__/session-surfaces-deselection.test.ts +2 -2
- package/src/__tests__/session-surfaces-task-progress.test.ts +3 -3
- package/src/__tests__/session-tool-setup-app-refresh.test.ts +1 -1
- package/src/__tests__/session-tool-setup-memory-scope.test.ts +1 -1
- package/src/__tests__/session-tool-setup-side-effect-flag.test.ts +1 -1
- package/src/__tests__/session-usage.test.ts +180 -0
- package/src/__tests__/session-workspace-cache-state.test.ts +8 -2
- package/src/__tests__/session-workspace-injection.test.ts +8 -2
- package/src/__tests__/session-workspace-tool-tracking.test.ts +8 -2
- package/src/__tests__/skill-feature-flags-integration.test.ts +5 -11
- package/src/__tests__/skill-feature-flags.test.ts +1 -0
- package/src/__tests__/skill-include-graph.test.ts +1 -0
- package/src/__tests__/skill-load-feature-flag.test.ts +3 -9
- package/src/__tests__/skill-load-tool.test.ts +90 -12
- package/src/__tests__/skill-projection-feature-flag.test.ts +14 -15
- package/src/__tests__/skills-uninstall.test.ts +131 -0
- package/src/__tests__/skills.test.ts +32 -16
- package/src/__tests__/slack-block-formatting.test.ts +1 -1
- package/src/__tests__/slack-channel-config.test.ts +71 -12
- package/src/__tests__/slack-inbound-verification.test.ts +7 -7
- package/src/__tests__/slack-share-routes.test.ts +1 -1
- package/src/__tests__/slack-skill.test.ts +2 -2
- package/src/__tests__/slash-commands-catalog.test.ts +1 -0
- package/src/__tests__/slash-commands-resolver.test.ts +1 -0
- package/src/__tests__/starter-task-flow.test.ts +1 -1
- package/src/__tests__/subagent-manager-notify.test.ts +1 -1
- package/src/__tests__/subagent-tools.test.ts +2 -2
- package/src/__tests__/system-prompt.test.ts +4 -8
- package/src/__tests__/task-compiler.test.ts +0 -2
- package/src/__tests__/task-management-tools.test.ts +0 -2
- package/src/__tests__/task-runner.test.ts +0 -2
- package/src/__tests__/task-scheduler.test.ts +2 -2
- package/src/__tests__/telegram-bot-username-resolution.test.ts +46 -44
- package/src/__tests__/terminal-tools.test.ts +1 -11
- package/src/__tests__/thread-seed-composer.test.ts +3 -1
- package/src/__tests__/tool-approval-handler.test.ts +5 -7
- package/src/__tests__/tool-executor.test.ts +2 -2
- package/src/__tests__/tool-grant-request-escalation.test.ts +3 -5
- package/src/__tests__/tool-notification-listener.test.ts +1 -1
- package/src/__tests__/tool-profiling-listener.test.ts +1 -1
- package/src/__tests__/tool-trace-listener.test.ts +1 -2
- package/src/__tests__/trace-emitter.test.ts +1 -1
- package/src/__tests__/trust-context-guards.test.ts +1 -1
- package/src/__tests__/trust-store.test.ts +44 -395
- package/src/__tests__/trusted-contact-approval-notifier.test.ts +6 -8
- package/src/__tests__/trusted-contact-inline-approval-integration.test.ts +5 -7
- package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +6 -6
- package/src/__tests__/trusted-contact-multichannel.test.ts +54 -47
- package/src/__tests__/trusted-contact-verification.test.ts +12 -12
- package/src/__tests__/twilio-config.test.ts +11 -2
- package/src/__tests__/twilio-provider.test.ts +6 -4
- package/src/__tests__/twilio-routes.test.ts +408 -86
- package/src/__tests__/twitter-platform-proxy-client.test.ts +450 -0
- package/src/__tests__/update-bulletin-format.test.ts +1 -1
- package/src/__tests__/update-bulletin-state.test.ts +1 -1
- package/src/__tests__/update-bulletin.test.ts +4 -8
- package/src/__tests__/update-template-contract.test.ts +1 -1
- package/src/__tests__/usage-cache-backfill-migration.test.ts +406 -0
- package/src/__tests__/usage-routes.test.ts +23 -5
- package/src/__tests__/user-reference.test.ts +1 -1
- package/src/__tests__/{guardian-control-plane-policy.test.ts → verification-control-plane-policy.test.ts} +142 -170
- package/src/__tests__/{guardian-verification-intent-routing.test.ts → verification-session-intent-routing.test.ts} +16 -16
- package/src/__tests__/view-image-tool.test.ts +0 -2
- package/src/__tests__/voice-ingress-preflight.test.ts +36 -0
- package/src/__tests__/voice-invite-redemption.test.ts +18 -18
- package/src/__tests__/voice-scoped-grant-consumer.test.ts +7 -7
- package/src/__tests__/voice-session-bridge.test.ts +14 -16
- package/src/__tests__/workspace-policy.test.ts +1 -1
- package/src/approvals/AGENTS.md +4 -4
- package/src/approvals/approval-primitive.ts +2 -2
- package/src/approvals/guardian-decision-primitive.ts +1 -1
- package/src/approvals/guardian-request-resolvers.ts +3 -4
- package/src/bundler/app-bundler.ts +29 -217
- package/src/bundler/app-compiler.ts +131 -103
- package/src/bundler/compiler-tools.ts +248 -0
- package/src/calls/active-call-lease.ts +207 -0
- package/src/calls/call-constants.ts +0 -7
- package/src/calls/call-controller.ts +1 -1
- package/src/calls/call-conversation-messages.ts +6 -6
- package/src/calls/call-domain.ts +73 -38
- package/src/calls/call-pointer-message-composer.ts +6 -6
- package/src/calls/call-pointer-messages.ts +14 -13
- package/src/calls/call-recovery.ts +2 -0
- package/src/calls/call-store.ts +21 -28
- package/src/calls/guardian-action-sweep.ts +6 -8
- package/src/calls/guardian-dispatch.ts +2 -6
- package/src/calls/relay-access-wait.ts +4 -4
- package/src/calls/relay-server.ts +69 -80
- package/src/calls/relay-setup-router.ts +16 -21
- package/src/calls/relay-verification.ts +27 -28
- package/src/calls/twilio-config.ts +28 -3
- package/src/calls/twilio-provider.ts +5 -5
- package/src/calls/twilio-rest.ts +26 -27
- package/src/calls/twilio-routes.ts +67 -54
- package/src/calls/types.ts +8 -8
- package/src/calls/voice-ingress-preflight.ts +110 -0
- package/src/calls/voice-session-bridge.ts +7 -7
- package/src/channels/config.ts +1 -10
- package/src/{config/channel-permission-profiles.ts → channels/permission-profiles.ts} +1 -1
- package/src/channels/types.ts +2 -13
- package/src/cli/__tests__/notifications.test.ts +1 -1
- package/src/{amazon → cli/commands/amazon}/client.ts +99 -42
- package/src/cli/{amazon.ts → commands/amazon/index.ts} +12 -17
- package/src/{amazon → cli/commands/amazon}/request-extractor.ts +39 -3
- package/src/cli/commands/amazon/session.ts +116 -0
- package/src/cli/{audit.ts → commands/audit.ts} +2 -4
- package/src/cli/{autonomy.ts → commands/autonomy.ts} +1 -3
- package/src/cli/commands/browser-relay.ts +520 -0
- package/src/cli/commands/channel-verification-sessions.ts +442 -0
- package/src/cli/{completions.ts → commands/completions.ts} +1 -3
- package/src/cli/{config.ts → commands/config.ts} +3 -5
- package/src/cli/{contacts.ts → commands/contacts.ts} +263 -16
- package/src/cli/{credentials.ts → commands/credentials.ts} +9 -10
- package/src/cli/{default-action.ts → commands/default-action.ts} +3 -3
- package/src/cli/{dev.ts → commands/dev.ts} +4 -6
- package/src/cli/{doctor.ts → commands/doctor.ts} +36 -60
- package/src/cli/{email.ts → commands/email.ts} +2 -2
- package/src/cli/{keys.ts → commands/keys.ts} +6 -6
- package/src/cli/{map.ts → commands/map.ts} +85 -93
- package/src/cli/{mcp.ts → commands/mcp.ts} +5 -7
- package/src/cli/{memory.ts → commands/memory.ts} +6 -7
- package/src/cli/{notifications.ts → commands/notifications.ts} +8 -10
- package/src/cli/{oauth.ts → commands/oauth.ts} +2 -2
- package/src/cli/commands/platform.ts +176 -0
- package/src/cli/{sequence.ts → commands/sequence.ts} +3 -3
- package/src/cli/{sessions.ts → commands/sessions.ts} +32 -52
- package/src/cli/commands/skills.ts +498 -0
- package/src/cli/{trust.ts → commands/trust.ts} +2 -4
- package/src/{__tests__/twitter-cli-error-shaping.test.ts → cli/commands/twitter/__tests__/cli-error-shaping.test.ts} +43 -2
- package/src/cli/commands/twitter/__tests__/cli-read-routing.test.ts +483 -0
- package/src/{__tests__/twitter-cli-routing.test.ts → cli/commands/twitter/__tests__/cli-routing.test.ts} +130 -4
- package/src/{__tests__/twitter-oauth-client.test.ts → cli/commands/twitter/__tests__/oauth-client.test.ts} +2 -2
- package/src/{twitter → cli/commands/twitter}/client.ts +17 -7
- package/src/cli/{twitter.ts → commands/twitter/index.ts} +322 -273
- package/src/cli/commands/twitter/router.ts +396 -0
- package/src/cli/commands/twitter/session.ts +121 -0
- package/src/cli/db.ts +1 -0
- package/src/cli/http-client.ts +87 -0
- package/src/cli/logger.ts +6 -0
- package/src/cli/main-screen.tsx +4 -3
- package/src/cli/output.ts +19 -0
- package/src/cli/program.ts +29 -27
- package/src/cli/reference.ts +27 -37
- package/src/cli.ts +452 -240
- package/src/config/assistant-feature-flags.ts +3 -15
- package/src/config/bundled-skills/_shared/CLI_RETRIEVAL_PATTERN.md +3 -6
- package/src/config/bundled-skills/agentmail/SKILL.md +4 -4
- package/src/config/bundled-skills/amazon/SKILL.md +15 -5
- package/src/config/bundled-skills/api-mapping/SKILL.md +4 -4
- package/src/config/bundled-skills/app-builder/SKILL.md +21 -6
- package/src/config/bundled-skills/browser/SKILL.md +4 -5
- package/src/config/bundled-skills/chatgpt-import/SKILL.md +4 -4
- package/src/config/bundled-skills/chatgpt-import/tools/chatgpt-import.ts +1 -1
- package/src/config/bundled-skills/claude-code/SKILL.md +4 -4
- package/src/config/bundled-skills/cli-discover/SKILL.md +4 -4
- package/src/config/bundled-skills/computer-use/SKILL.md +4 -4
- package/src/config/bundled-skills/contacts/SKILL.md +87 -229
- package/src/config/bundled-skills/deploy-fullstack-vercel/SKILL.md +4 -4
- package/src/config/bundled-skills/document/SKILL.md +4 -3
- package/src/config/bundled-skills/document-writer/SKILL.md +4 -4
- package/src/config/bundled-skills/doordash/SKILL.md +4 -11
- package/src/config/bundled-skills/doordash/__tests__/doordash-session.test.ts +8 -16
- package/src/config/bundled-skills/doordash/doordash-cli.ts +120 -86
- package/src/config/bundled-skills/doordash/lib/session.ts +1 -2
- package/src/config/bundled-skills/doordash/lib/shared/platform.ts +26 -9
- package/src/config/bundled-skills/elevenlabs-voice/SKILL.md +140 -0
- package/src/config/bundled-skills/email-setup/SKILL.md +4 -4
- package/src/config/bundled-skills/followups/SKILL.md +4 -3
- package/src/config/bundled-skills/frontend-design/SKILL.md +2 -0
- package/src/config/bundled-skills/google-calendar/SKILL.md +4 -4
- package/src/config/bundled-skills/google-oauth-setup/SKILL.md +4 -6
- package/src/config/bundled-skills/guardian-verify-setup/SKILL.md +26 -41
- package/src/config/bundled-skills/image-studio/SKILL.md +4 -5
- package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +1 -1
- package/src/config/bundled-skills/influencer/SKILL.md +19 -19
- package/src/{influencer → config/bundled-skills/influencer/scripts}/client.ts +73 -56
- package/src/config/bundled-skills/influencer/scripts/influencer.ts +267 -0
- package/src/config/bundled-skills/knowledge-graph/SKILL.md +4 -2
- package/src/config/bundled-skills/macos-automation/SKILL.md +4 -5
- package/src/config/bundled-skills/mcp-setup/SKILL.md +4 -4
- package/src/config/bundled-skills/media-processing/SKILL.md +3 -2
- package/src/config/bundled-skills/messaging/SKILL.md +6 -33
- package/src/config/bundled-skills/messaging/tools/messaging-send.ts +0 -5
- package/src/config/bundled-skills/notifications/SKILL.md +4 -4
- package/src/config/bundled-skills/notion/SKILL.md +4 -4
- package/src/config/bundled-skills/notion-oauth-setup/SKILL.md +4 -5
- package/src/config/bundled-skills/oauth-setup/SKILL.md +4 -5
- package/src/config/bundled-skills/phone-calls/SKILL.md +24 -458
- package/src/config/bundled-skills/phone-calls/references/CONFIG.md +83 -0
- package/src/config/bundled-skills/phone-calls/references/TRANSCRIPTS.md +57 -0
- package/src/config/bundled-skills/phone-calls/references/TROUBLESHOOTING.md +67 -0
- package/src/config/bundled-skills/playbooks/SKILL.md +4 -3
- package/src/config/bundled-skills/public-ingress/SKILL.md +65 -14
- package/src/config/bundled-skills/reminder/SKILL.md +4 -3
- package/src/config/bundled-skills/restaurant-reservation/SKILL.md +4 -6
- package/src/config/bundled-skills/schedule/SKILL.md +4 -3
- package/src/config/bundled-skills/screen-recording/SKILL.md +4 -3
- package/src/config/bundled-skills/self-upgrade/SKILL.md +4 -4
- package/src/config/bundled-skills/skills-catalog/SKILL.md +4 -4
- package/src/config/bundled-skills/slack/SKILL.md +4 -8
- package/src/config/bundled-skills/slack/tools/slack-channel-permissions.ts +1 -1
- package/src/config/bundled-skills/slack-app-setup/SKILL.md +66 -88
- package/src/config/bundled-skills/slack-digest-setup/SKILL.md +4 -5
- package/src/config/bundled-skills/slack-oauth-setup/SKILL.md +4 -5
- package/src/config/bundled-skills/start-the-day/SKILL.md +4 -4
- package/src/config/bundled-skills/subagent/SKILL.md +4 -3
- package/src/config/bundled-skills/tasks/SKILL.md +4 -3
- package/src/config/bundled-skills/telegram-setup/SKILL.md +63 -112
- package/src/config/bundled-skills/time-based-actions/SKILL.md +4 -3
- package/src/config/bundled-skills/transcribe/SKILL.md +4 -3
- package/src/config/bundled-skills/twilio-setup/SKILL.md +23 -50
- package/src/config/bundled-skills/twitter/SKILL.md +56 -14
- package/src/config/bundled-skills/typescript-eval/SKILL.md +4 -4
- package/src/config/bundled-skills/vercel-token-setup/SKILL.md +4 -5
- package/src/config/bundled-skills/voice-setup/SKILL.md +19 -45
- package/src/config/bundled-skills/watcher/SKILL.md +4 -3
- package/src/config/env-registry.ts +1 -10
- package/src/config/feature-flag-registry.json +0 -16
- package/src/config/loader.ts +78 -38
- package/src/config/schema.ts +143 -106
- package/src/config/schemas/channels.ts +80 -0
- package/src/config/schemas/heartbeat.ts +51 -0
- package/src/config/schemas/inference.ts +136 -0
- package/src/config/schemas/ingress.ts +81 -0
- package/src/config/schemas/logging.ts +21 -0
- package/src/config/schemas/memory-lifecycle.ts +67 -0
- package/src/config/schemas/memory-processing.ts +215 -0
- package/src/config/schemas/memory-retrieval.ts +222 -0
- package/src/config/schemas/memory-storage.ts +83 -0
- package/src/config/schemas/memory.ts +58 -0
- package/src/config/schemas/platform.ts +64 -0
- package/src/config/schemas/security.ts +54 -0
- package/src/config/schemas/swarm.ts +50 -0
- package/src/config/schemas/timeouts.ts +47 -0
- package/src/config/{agent-schema.ts → schemas/workspace-git.ts} +0 -97
- package/src/config/skill-state.ts +3 -13
- package/src/config/skills.ts +233 -75
- package/src/config/types.ts +1 -20
- package/src/contacts/contact-store.ts +12 -49
- package/src/contacts/contacts-write.ts +1 -5
- package/src/contacts/index.ts +0 -2
- package/src/contacts/types.ts +0 -8
- package/src/context/window-manager.ts +73 -14
- package/src/daemon/assistant-attachments.ts +9 -0
- package/src/daemon/computer-use-session.ts +3 -3
- package/src/daemon/connection-policy.ts +6 -21
- package/src/daemon/context-overflow-policy.ts +1 -1
- package/src/daemon/daemon-control.ts +46 -54
- package/src/daemon/doordash-steps.ts +1 -1
- package/src/daemon/handlers/config-channels.ts +407 -71
- package/src/daemon/handlers/config-ingress.ts +17 -85
- package/src/daemon/handlers/config-model.ts +145 -123
- package/src/daemon/handlers/config-slack-channel.ts +43 -29
- package/src/daemon/handlers/config-telegram.ts +32 -27
- package/src/daemon/handlers/config-voice.ts +1 -4
- package/src/daemon/handlers/dictation.ts +11 -16
- package/src/daemon/handlers/identity.ts +5 -6
- package/src/daemon/handlers/pairing.ts +5 -13
- package/src/daemon/handlers/recording.ts +97 -199
- package/src/daemon/handlers/session-history.ts +110 -96
- package/src/daemon/handlers/session-user-message.ts +29 -57
- package/src/daemon/handlers/sessions.ts +240 -137
- package/src/daemon/handlers/shared.ts +62 -95
- package/src/daemon/handlers/skills.ts +492 -543
- package/src/daemon/lifecycle.ts +168 -55
- package/src/daemon/main.ts +1 -0
- package/src/daemon/{ipc-contract.ts → message-protocol.ts} +49 -49
- package/src/daemon/{ipc-contract → message-types}/computer-use.ts +0 -3
- package/src/daemon/{ipc-contract → message-types}/diagnostics.ts +0 -16
- package/src/daemon/{ipc-contract → message-types}/integrations.ts +29 -13
- package/src/daemon/{ipc-contract → message-types}/memory.ts +8 -0
- package/src/daemon/{ipc-contract → message-types}/notifications.ts +15 -1
- package/src/daemon/{ipc-contract → message-types}/sessions.ts +1 -0
- package/src/daemon/{ipc-contract → message-types}/shared.ts +0 -8
- package/src/daemon/{ipc-contract → message-types}/workspace.ts +2 -2
- package/src/daemon/providers-setup.ts +0 -5
- package/src/daemon/recording-executor.ts +0 -7
- package/src/daemon/ride-shotgun-handler.ts +9 -13
- package/src/daemon/server.ts +136 -510
- package/src/daemon/session-agent-loop-handlers.ts +22 -7
- package/src/daemon/session-agent-loop.ts +86 -24
- package/src/daemon/session-attachments.ts +1 -1
- package/src/daemon/session-error.ts +1 -1
- package/src/daemon/session-history.ts +20 -15
- package/src/daemon/session-lifecycle.ts +9 -7
- package/src/daemon/session-memory.ts +15 -1
- package/src/daemon/session-messaging.ts +10 -6
- package/src/daemon/session-notifiers.ts +10 -8
- package/src/daemon/session-process.ts +34 -25
- package/src/daemon/session-queue-manager.ts +1 -1
- package/src/daemon/session-runtime-assembly.ts +6 -25
- package/src/daemon/session-surfaces.ts +2 -2
- package/src/daemon/session-tool-setup.ts +1 -1
- package/src/daemon/session-usage.ts +119 -18
- package/src/daemon/session.ts +13 -9
- package/src/daemon/tool-side-effects.ts +6 -5
- package/src/daemon/trace-emitter.ts +1 -1
- package/src/daemon/{guardian-verification-intent.ts → verification-session-intent.ts} +16 -16
- package/src/daemon/watch-handler.ts +2 -5
- package/src/email/service.ts +8 -8
- package/src/events/domain-events.ts +0 -1
- package/src/events/tool-notification-listener.ts +1 -1
- package/src/followups/followup-store.ts +1 -2
- package/src/followups/types.ts +0 -6
- package/src/heartbeat/heartbeat-service.ts +1 -1
- package/src/inbound/platform-callback-registration.ts +1 -1
- package/src/inbound/public-ingress-urls.ts +0 -8
- package/src/index.ts +12 -0
- package/src/mcp/client.ts +1 -1
- package/src/mcp/manager.ts +1 -1
- package/src/memory/app-store.ts +1 -42
- package/src/memory/{guardian-verification.ts → channel-verification-sessions.ts} +110 -93
- package/src/memory/conversation-attention-store.ts +154 -0
- package/src/memory/conversation-bootstrap.ts +1 -1
- package/src/memory/conversation-crud.ts +53 -1
- package/src/memory/conversation-display-order-migration.ts +2 -3
- package/src/memory/conversation-queries.ts +1 -29
- package/src/memory/conversation-title-service.ts +26 -21
- package/src/memory/db-connection.ts +1 -8
- package/src/memory/db-init.ts +20 -0
- package/src/memory/delivery-crud.ts +4 -34
- package/src/memory/external-conversation-store.ts +1 -1
- package/src/memory/format-recall.ts +47 -0
- package/src/memory/guardian-action-store.ts +4 -5
- package/src/memory/guardian-rate-limits.ts +0 -3
- package/src/memory/invite-store.ts +1 -1
- package/src/memory/job-handlers/backfill.ts +9 -2
- package/src/memory/job-handlers/extraction.ts +2 -7
- package/src/memory/job-handlers/summarization.ts +1 -1
- package/src/memory/llm-usage-store.ts +11 -0
- package/src/memory/migrations/114-notifications.ts +12 -40
- package/src/memory/migrations/140-backfill-usage-cache-accounting.ts +357 -0
- package/src/memory/migrations/141-rename-verification-table.ts +55 -0
- package/src/memory/migrations/142-rename-verification-session-id-column.ts +32 -0
- package/src/memory/migrations/143-rename-guardian-verification-values.ts +48 -0
- package/src/memory/migrations/144-rename-voice-to-phone.ts +147 -0
- package/src/memory/migrations/index.ts +5 -0
- package/src/memory/migrations/registry.ts +30 -0
- package/src/memory/qdrant-circuit-breaker.ts +5 -0
- package/src/memory/retriever.test.ts +707 -0
- package/src/memory/retriever.ts +120 -116
- package/src/memory/schema/calls.ts +3 -7
- package/src/memory/schema/guardian.ts +2 -2
- package/src/memory/search/lexical.ts +4 -1
- package/src/memory/search/query-expansion.test.ts +70 -0
- package/src/memory/search/query-expansion.ts +118 -0
- package/src/memory/search/types.ts +18 -17
- package/src/messaging/providers/telegram-bot/adapter.ts +1 -1
- package/src/messaging/providers/whatsapp/adapter.ts +1 -4
- package/src/messaging/registry.ts +0 -1
- package/src/notifications/README.md +13 -22
- package/src/notifications/adapters/macos.ts +1 -1
- package/src/notifications/conversation-pairing.ts +2 -2
- package/src/notifications/copy-composer.ts +2 -2
- package/src/notifications/decision-engine.ts +1 -10
- package/src/notifications/destination-resolver.ts +2 -3
- package/src/notifications/emit-signal.ts +2 -8
- package/src/notifications/guardian-question-mode.ts +5 -8
- package/src/notifications/signal.ts +1 -2
- package/src/notifications/types.ts +1 -1
- package/src/oauth/token-persistence.ts +25 -1
- package/src/permissions/checker.ts +4 -29
- package/src/permissions/defaults.ts +6 -6
- package/src/permissions/prompter.ts +1 -1
- package/src/permissions/secret-prompter.ts +1 -1
- package/src/permissions/shell-identity.ts +1 -1
- package/src/permissions/trust-store.ts +13 -76
- package/src/permissions/workspace-policy.ts +1 -1
- package/src/{config → prompts}/computer-use-prompt.ts +1 -1
- package/src/{config → prompts}/system-prompt.ts +40 -21
- package/src/runtime/AGENTS.md +6 -8
- package/src/runtime/access-request-helper.ts +36 -55
- package/src/runtime/actor-trust-resolver.ts +1 -24
- package/src/runtime/approval-message-composer.ts +6 -2
- package/src/runtime/assistant-event.ts +1 -1
- package/src/runtime/auth/__tests__/ipc-auth-context.test.ts +1 -1
- package/src/runtime/auth/__tests__/subject.test.ts +32 -0
- package/src/runtime/auth/route-policy.ts +140 -24
- package/src/runtime/auth/subject.ts +9 -0
- package/src/runtime/auth/token-service.ts +11 -0
- package/src/runtime/auth/types.ts +1 -1
- package/src/runtime/channel-approval-types.ts +1 -1
- package/src/runtime/channel-approvals.ts +1 -1
- package/src/runtime/channel-invite-transport.ts +0 -2
- package/src/runtime/channel-invite-transports/slack.ts +5 -19
- package/src/runtime/channel-invite-transports/telegram.ts +17 -34
- package/src/runtime/channel-invite-transports/voice.ts +1 -1
- package/src/runtime/channel-readiness-service.ts +24 -159
- package/src/runtime/channel-readiness-types.ts +5 -1
- package/src/runtime/channel-reply-delivery.ts +43 -3
- package/src/runtime/channel-retry-sweep.ts +14 -22
- package/src/runtime/{channel-guardian-service.ts → channel-verification-service.ts} +50 -53
- package/src/runtime/confirmation-request-guardian-bridge.ts +2 -3
- package/src/runtime/gateway-client.ts +12 -15
- package/src/runtime/guardian-action-followup-executor.ts +8 -73
- package/src/runtime/guardian-action-grant-minter.ts +45 -61
- package/src/runtime/guardian-action-message-composer.ts +4 -4
- package/src/runtime/guardian-reply-router.ts +3 -3
- package/src/runtime/http-server.ts +133 -24
- package/src/runtime/http-types.ts +34 -1
- package/src/runtime/invite-instruction-generator.ts +1 -3
- package/src/runtime/invite-redemption-service.ts +5 -5
- package/src/runtime/invite-service.ts +7 -7
- package/src/runtime/local-actor-identity.ts +28 -2
- package/src/runtime/local-gateway-health.ts +275 -0
- package/src/runtime/middleware/twilio-validation.ts +3 -3
- package/src/runtime/migrations/migration-transport.ts +18 -3
- package/src/runtime/migrations/rebind-secrets-screen.ts +2 -2
- package/src/runtime/nl-approval-parser.ts +2 -3
- package/src/runtime/routes/access-request-decision.ts +2 -2
- package/src/runtime/routes/app-management-routes.ts +921 -0
- package/src/runtime/routes/approval-routes.ts +76 -7
- package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts +38 -203
- package/src/runtime/routes/channel-delivery-routes.ts +5 -4
- package/src/runtime/routes/channel-route-shared.ts +1 -3
- package/src/runtime/routes/channel-routes.ts +1 -4
- package/src/runtime/routes/channel-verification-routes.ts +257 -0
- package/src/runtime/routes/computer-use-routes.ts +595 -0
- package/src/runtime/routes/contact-routes.ts +1 -317
- package/src/runtime/routes/conversation-attention-routes.ts +6 -5
- package/src/runtime/routes/conversation-routes.ts +11 -18
- package/src/runtime/routes/debug-routes.ts +1 -1
- package/src/runtime/routes/diagnostics-routes.ts +813 -0
- package/src/runtime/routes/documents-routes.ts +227 -0
- package/src/runtime/routes/guardian-approval-interception.ts +25 -48
- package/src/runtime/routes/guardian-bootstrap-routes.ts +3 -3
- package/src/runtime/routes/guardian-expiry-sweep.ts +2 -2
- package/src/runtime/routes/guardian-refresh-routes.ts +11 -6
- package/src/runtime/routes/inbound-conversation.ts +3 -10
- package/src/runtime/routes/inbound-message-handler.ts +7 -6
- package/src/runtime/routes/inbound-stages/acl-enforcement.ts +22 -22
- package/src/runtime/routes/inbound-stages/background-dispatch.test.ts +44 -0
- package/src/runtime/routes/inbound-stages/background-dispatch.ts +140 -22
- package/src/runtime/routes/inbound-stages/bootstrap-intercept.ts +4 -4
- package/src/runtime/routes/inbound-stages/edit-intercept.ts +5 -5
- package/src/runtime/routes/inbound-stages/escalation-intercept.ts +3 -3
- package/src/runtime/routes/inbound-stages/secret-ingress-check.ts +4 -4
- package/src/runtime/routes/inbound-stages/verification-intercept.ts +13 -14
- package/src/runtime/routes/integrations/slack/channel.ts +72 -0
- package/src/runtime/routes/{slack-share-routes.ts → integrations/slack/share.ts} +9 -9
- package/src/runtime/routes/integrations/telegram.ts +111 -0
- package/src/runtime/routes/integrations/twilio.ts +451 -0
- package/src/runtime/routes/invite-routes.ts +2 -2
- package/src/runtime/routes/pairing-routes.ts +1 -1
- package/src/runtime/routes/recording-routes.ts +332 -0
- package/src/{daemon/handlers/config-scheduling.ts → runtime/routes/schedule-routes.ts} +91 -106
- package/src/runtime/routes/session-management-routes.ts +167 -0
- package/src/runtime/routes/session-query-routes.ts +204 -0
- package/src/runtime/routes/settings-routes.ts +977 -0
- package/src/runtime/routes/skills-routes.ts +266 -0
- package/src/runtime/routes/subagents-routes.ts +246 -0
- package/src/runtime/routes/surface-action-routes.ts +100 -10
- package/src/runtime/routes/surface-content-routes.ts +1 -1
- package/src/runtime/routes/work-items-routes.ts +809 -0
- package/src/runtime/routes/workspace-routes.test.ts +778 -0
- package/src/runtime/routes/workspace-routes.ts +410 -0
- package/src/runtime/routes/workspace-utils.ts +88 -0
- package/src/runtime/telegram-streaming-delivery.test.ts +597 -0
- package/src/runtime/telegram-streaming-delivery.ts +380 -0
- package/src/runtime/tool-grant-request-helper.ts +1 -2
- package/src/runtime/trust-context-resolver.ts +0 -1
- package/src/runtime/{guardian-outbound-actions.ts → verification-outbound-actions.ts} +23 -188
- package/src/runtime/verification-rate-limiter.ts +2 -2
- package/src/runtime/{guardian-verification-templates.ts → verification-templates.ts} +2 -28
- package/src/schedule/integration-status.ts +2 -2
- package/src/schedule/schedule-store.ts +7 -9
- package/src/sequence/engine.ts +1 -1
- package/src/skills/active-skill-tools.ts +0 -8
- package/src/skills/clawhub.ts +1 -10
- package/src/skills/managed-store.ts +14 -4
- package/src/skills/slash-commands.ts +1 -1
- package/src/subagent/manager.ts +1 -1
- package/src/subagent/types.ts +1 -1
- package/src/tasks/SPEC.md +10 -10
- package/src/tasks/task-scheduler.ts +1 -1
- package/src/telegram/bot-username.ts +13 -0
- package/src/tools/assets/materialize.ts +1 -1
- package/src/tools/assets/search.ts +1 -1
- package/src/tools/browser/browser-execution.ts +2 -2
- package/src/tools/browser/browser-manager.ts +88 -11
- package/src/tools/browser/browser-screencast.ts +1 -1
- package/src/tools/browser/headless-browser.ts +0 -17
- package/src/tools/browser/jit-auth.ts +1 -1
- package/src/tools/browser/recording-store.ts +19 -1
- package/src/tools/browser/runtime-check.ts +4 -2
- package/src/tools/calls/call-start.ts +3 -3
- package/src/tools/credentials/metadata-store.ts +0 -13
- package/src/tools/credentials/vault.ts +7 -31
- package/src/tools/followups/followup_create.ts +0 -8
- package/src/tools/mcp/mcp-tool-factory.ts +1 -1
- package/src/tools/memory/definitions.ts +32 -10
- package/src/tools/memory/handlers.test.ts +573 -0
- package/src/tools/memory/handlers.ts +222 -65
- package/src/tools/memory/register.ts +53 -24
- package/src/tools/network/script-proxy/session-manager.ts +1 -12
- package/src/tools/schedule/update.ts +0 -8
- package/src/tools/skills/load.ts +3 -3
- package/src/tools/subagent/read.ts +1 -1
- package/src/tools/system/voice-config.ts +2 -14
- package/src/tools/terminal/safe-env.ts +5 -18
- package/src/tools/tool-approval-handler.ts +4 -4
- package/src/tools/tool-manifest.ts +4 -2
- package/src/tools/types.ts +1 -1
- package/src/tools/{guardian-control-plane-policy.ts → verification-control-plane-policy.ts} +37 -39
- package/src/twitter/platform-proxy-client.ts +405 -0
- package/src/usage/types.ts +21 -0
- package/src/util/canonicalize-identity.ts +2 -6
- package/src/util/cookie-session.ts +35 -51
- package/src/util/platform.ts +93 -86
- package/src/util/pricing.ts +180 -43
- package/src/work-items/work-item-runner.ts +1 -1
- package/scripts/ipc/check-contract-inventory.ts +0 -107
- package/scripts/ipc/check-swift-decoder-drift.ts +0 -184
- package/scripts/ipc/generate-swift.ts +0 -528
- package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +0 -3043
- package/src/__tests__/app-migration.test.ts +0 -148
- package/src/__tests__/config-loader-migration.test.ts +0 -85
- package/src/__tests__/daemon-lifecycle.test.ts +0 -715
- package/src/__tests__/daemon-server-session-init.test.ts +0 -864
- package/src/__tests__/guardian-actions-endpoint.test.ts +0 -1452
- package/src/__tests__/handlers-add-trust-rule-metadata.test.ts +0 -228
- package/src/__tests__/handlers-cu-observation-blob.test.ts +0 -397
- package/src/__tests__/handlers-ipc-blob-probe.test.ts +0 -218
- package/src/__tests__/handlers-slack-config.test.ts +0 -140
- package/src/__tests__/handlers-telegram-config.test.ts +0 -1317
- package/src/__tests__/handlers-twitter-config.test.ts +0 -1145
- package/src/__tests__/ingress-reconcile.test.ts +0 -606
- package/src/__tests__/integrations-cli.test.ts +0 -232
- package/src/__tests__/ipc-blob-store.test.ts +0 -329
- package/src/__tests__/ipc-contract-inventory.test.ts +0 -69
- package/src/__tests__/ipc-contract.test.ts +0 -76
- package/src/__tests__/ipc-protocol.test.ts +0 -120
- package/src/__tests__/ipc-roundtrip.benchmark.test.ts +0 -250
- package/src/__tests__/ipc-snapshot.test.ts +0 -2197
- package/src/__tests__/ipc-validate.test.ts +0 -471
- package/src/__tests__/migration-cli-flows.test.ts +0 -186
- package/src/__tests__/migration-ordering.test.ts +0 -267
- package/src/__tests__/oauth-connect-handler.test.ts +0 -361
- package/src/__tests__/platform-move-helper.test.ts +0 -108
- package/src/__tests__/platform-socket-path.test.ts +0 -52
- package/src/__tests__/platform-workspace-migration.test.ts +0 -1051
- package/src/__tests__/recording-intent-handler.test.ts +0 -1155
- package/src/__tests__/script-proxy-profile-template-fallback.test.ts +0 -127
- package/src/__tests__/sms-messaging-provider.test.ts +0 -156
- package/src/__tests__/tool-permission-simulate-handler.test.ts +0 -367
- package/src/__tests__/twitter-auth-handler.test.ts +0 -561
- package/src/__tests__/work-item-output.test.ts +0 -150
- package/src/amazon/session.ts +0 -58
- package/src/cli/channels.ts +0 -51
- package/src/cli/influencer.ts +0 -319
- package/src/cli/integrations.ts +0 -372
- package/src/cli/ipc-client.ts +0 -88
- package/src/config/bundled-skills/configure-settings/SKILL.md +0 -86
- package/src/config/bundled-skills/doordash/lib/shared/ipc.ts +0 -32
- package/src/config/bundled-skills/sms-setup/SKILL.md +0 -210
- package/src/config/core-schema.ts +0 -434
- package/src/config/memory-schema.ts +0 -617
- package/src/daemon/auth-manager.ts +0 -106
- package/src/daemon/handlers/apps.ts +0 -758
- package/src/daemon/handlers/avatar.ts +0 -73
- package/src/daemon/handlers/browser.ts +0 -3
- package/src/daemon/handlers/computer-use.ts +0 -231
- package/src/daemon/handlers/config-dispatch.ts +0 -29
- package/src/daemon/handlers/config-heartbeat.ts +0 -299
- package/src/daemon/handlers/config-inbox.ts +0 -457
- package/src/daemon/handlers/config-integrations.ts +0 -409
- package/src/daemon/handlers/config-platform.ts +0 -77
- package/src/daemon/handlers/config-slack.ts +0 -41
- package/src/daemon/handlers/config-tools.ts +0 -226
- package/src/daemon/handlers/config-trust.ts +0 -135
- package/src/daemon/handlers/config.ts +0 -64
- package/src/daemon/handlers/contacts.ts +0 -193
- package/src/daemon/handlers/diagnostics.ts +0 -382
- package/src/daemon/handlers/documents.ts +0 -188
- package/src/daemon/handlers/guardian-actions.ts +0 -82
- package/src/daemon/handlers/home-base.ts +0 -82
- package/src/daemon/handlers/index.ts +0 -222
- package/src/daemon/handlers/misc.ts +0 -1139
- package/src/daemon/handlers/navigate-settings.ts +0 -29
- package/src/daemon/handlers/oauth-connect.ts +0 -202
- package/src/daemon/handlers/open-bundle-handler.ts +0 -88
- package/src/daemon/handlers/publish.ts +0 -176
- package/src/daemon/handlers/signing.ts +0 -56
- package/src/daemon/handlers/subagents.ts +0 -286
- package/src/daemon/handlers/twitter-auth.ts +0 -220
- package/src/daemon/handlers/work-items.ts +0 -796
- package/src/daemon/handlers/workspace-files.ts +0 -84
- package/src/daemon/handlers.ts +0 -16
- package/src/daemon/ipc-blob-store.ts +0 -246
- package/src/daemon/ipc-contract-inventory.json +0 -348
- package/src/daemon/ipc-contract-inventory.ts +0 -202
- package/src/daemon/ipc-handler.ts +0 -120
- package/src/daemon/ipc-protocol.ts +0 -85
- package/src/daemon/ipc-validate.ts +0 -254
- package/src/memory/app-migration.ts +0 -114
- package/src/memory/channel-delivery-store.ts +0 -40
- package/src/memory/channel-guardian-store.ts +0 -83
- package/src/memory/conversation-store.ts +0 -102
- package/src/memory/schema-migration.ts +0 -38
- package/src/messaging/providers/sms/adapter.ts +0 -232
- package/src/messaging/providers/sms/client.ts +0 -93
- package/src/messaging/providers/sms/types.ts +0 -7
- package/src/migrations/config-merge.ts +0 -62
- package/src/migrations/data-layout.ts +0 -89
- package/src/migrations/data-merge.ts +0 -44
- package/src/migrations/hooks-merge.ts +0 -118
- package/src/migrations/index.ts +0 -6
- package/src/migrations/log.ts +0 -28
- package/src/migrations/skills-merge.ts +0 -44
- package/src/migrations/workspace-layout.ts +0 -94
- package/src/notifications/adapters/sms.ts +0 -94
- package/src/runtime/channel-approval-parser.ts +0 -123
- package/src/runtime/channel-invite-transports/sms.ts +0 -53
- package/src/runtime/routes/approval-strategies/guardian-legacy-fallback-strategy.ts +0 -82
- package/src/runtime/routes/integration-routes.ts +0 -381
- package/src/runtime/routes/twilio-routes.ts +0 -1251
- package/src/twitter/router.ts +0 -131
- package/src/twitter/session.ts +0 -54
- package/src/watcher/providers/slack.ts +0 -282
- /package/src/{amazon → cli/commands/amazon}/cart.ts +0 -0
- /package/src/{amazon → cli/commands/amazon}/checkout.ts +0 -0
- /package/src/{amazon → cli/commands/amazon}/product-details.ts +0 -0
- /package/src/{amazon → cli/commands/amazon}/search.ts +0 -0
- /package/src/{twitter → cli/commands/twitter}/oauth-client.ts +0 -0
- /package/src/config/{calls-schema.ts → schemas/calls.ts} +0 -0
- /package/src/config/{elevenlabs-schema.ts → schemas/elevenlabs.ts} +0 -0
- /package/src/config/{mcp-schema.ts → schemas/mcp.ts} +0 -0
- /package/src/config/{notifications-schema.ts → schemas/notifications.ts} +0 -0
- /package/src/config/{sandbox-schema.ts → schemas/sandbox.ts} +0 -0
- /package/src/config/{skills-schema.ts → schemas/skills.ts} +0 -0
- /package/src/daemon/{ipc-contract → message-types}/apps.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/browser.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/contacts.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/documents.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/guardian-actions.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/inbox.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/messages.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/pairing.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/schedules.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/settings.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/skills.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/subagents.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/surfaces.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/trust.ts +0 -0
- /package/src/daemon/{ipc-contract → message-types}/work-items.ts +0 -0
- /package/src/{cli/email-guardrails.ts → email/guardrails.ts} +0 -0
- /package/src/{config → prompts}/__tests__/build-cli-reference-section.test.ts +0 -0
- /package/src/{config → prompts}/templates/BOOTSTRAP.md +0 -0
- /package/src/{config → prompts}/templates/IDENTITY.md +0 -0
- /package/src/{config → prompts}/templates/SOUL.md +0 -0
- /package/src/{config → prompts}/templates/UPDATES.md +0 -0
- /package/src/{config → prompts}/templates/USER.md +0 -0
- /package/src/{config → prompts}/update-bulletin-format.ts +0 -0
- /package/src/{config → prompts}/update-bulletin-state.ts +0 -0
- /package/src/{config → prompts}/update-bulletin-template-path.ts +0 -0
- /package/src/{config → prompts}/update-bulletin.ts +0 -0
- /package/src/{config → prompts}/user-reference.ts +0 -0
|
@@ -14,7 +14,7 @@ import type {
|
|
|
14
14
|
ToolPermissionDeniedEvent,
|
|
15
15
|
} from "../tools/types.js";
|
|
16
16
|
|
|
17
|
-
//
|
|
17
|
+
// -- Module mocks (must precede real imports) --
|
|
18
18
|
|
|
19
19
|
const mockConfig = {
|
|
20
20
|
provider: "anthropic",
|
|
@@ -103,15 +103,15 @@ mock.module("../tools/terminal/sandbox.js", () => ({
|
|
|
103
103
|
wrapCommand: () => ({ command: "", sandboxed: false }),
|
|
104
104
|
}));
|
|
105
105
|
|
|
106
|
-
//
|
|
106
|
+
// -- Real imports --
|
|
107
107
|
|
|
108
108
|
import { PermissionPrompter } from "../permissions/prompter.js";
|
|
109
109
|
import { ToolExecutor } from "../tools/executor.js";
|
|
110
|
-
import {
|
|
111
|
-
enforceGuardianOnlyPolicy,
|
|
112
|
-
isGuardianControlPlaneInvocation,
|
|
113
|
-
} from "../tools/guardian-control-plane-policy.js";
|
|
114
110
|
import type { ToolContext } from "../tools/types.js";
|
|
111
|
+
import {
|
|
112
|
+
enforceVerificationControlPlanePolicy,
|
|
113
|
+
isVerificationControlPlaneInvocation,
|
|
114
|
+
} from "../tools/verification-control-plane-policy.js";
|
|
115
115
|
|
|
116
116
|
function makeContext(overrides?: Partial<ToolContext>): ToolContext {
|
|
117
117
|
return {
|
|
@@ -144,23 +144,22 @@ afterAll(() => {
|
|
|
144
144
|
});
|
|
145
145
|
|
|
146
146
|
// =====================================================================
|
|
147
|
-
// Unit tests:
|
|
147
|
+
// Unit tests: isVerificationControlPlaneInvocation
|
|
148
148
|
// =====================================================================
|
|
149
149
|
|
|
150
|
-
describe("
|
|
151
|
-
const
|
|
152
|
-
"/v1/
|
|
153
|
-
"/v1/
|
|
154
|
-
"/v1/
|
|
155
|
-
"/v1/
|
|
156
|
-
"/v1/integrations/guardian/outbound/cancel",
|
|
150
|
+
describe("isVerificationControlPlaneInvocation", () => {
|
|
151
|
+
const verificationPaths = [
|
|
152
|
+
"/v1/channel-verification-sessions",
|
|
153
|
+
"/v1/channel-verification-sessions/status",
|
|
154
|
+
"/v1/channel-verification-sessions/resend",
|
|
155
|
+
"/v1/channel-verification-sessions/revoke",
|
|
157
156
|
];
|
|
158
157
|
|
|
159
|
-
describe("bash tool with
|
|
160
|
-
for (const path of
|
|
158
|
+
describe("bash tool with verification endpoint in command", () => {
|
|
159
|
+
for (const path of verificationPaths) {
|
|
161
160
|
test(`detects curl to ${path}`, () => {
|
|
162
161
|
expect(
|
|
163
|
-
|
|
162
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
164
163
|
command: `curl -X POST http://localhost:3000${path}`,
|
|
165
164
|
}),
|
|
166
165
|
).toBe(true);
|
|
@@ -168,7 +167,7 @@ describe("isGuardianControlPlaneInvocation", () => {
|
|
|
168
167
|
|
|
169
168
|
test(`detects wget to ${path}`, () => {
|
|
170
169
|
expect(
|
|
171
|
-
|
|
170
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
172
171
|
command: `wget https://api.example.com${path}`,
|
|
173
172
|
}),
|
|
174
173
|
).toBe(true);
|
|
@@ -177,57 +176,57 @@ describe("isGuardianControlPlaneInvocation", () => {
|
|
|
177
176
|
|
|
178
177
|
test("does not match unrelated commands", () => {
|
|
179
178
|
expect(
|
|
180
|
-
|
|
179
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
181
180
|
command: "git status",
|
|
182
181
|
}),
|
|
183
182
|
).toBe(false);
|
|
184
183
|
});
|
|
185
184
|
|
|
186
185
|
test("matches partial path prefix via fragment detection (fail-closed for shell tools)", () => {
|
|
187
|
-
// Even without a trailing sub-path, the presence of both /v1/integrations and guardian
|
|
188
|
-
// in a bash command triggers the conservative fragment detector.
|
|
189
186
|
expect(
|
|
190
|
-
|
|
191
|
-
command:
|
|
187
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
188
|
+
command:
|
|
189
|
+
"curl http://localhost:3000/v1/channel-verification-sessions",
|
|
192
190
|
}),
|
|
193
191
|
).toBe(true);
|
|
194
192
|
});
|
|
195
193
|
|
|
196
|
-
test("matches unknown sub-path under
|
|
194
|
+
test("matches unknown sub-path under verification control-plane (broad pattern)", () => {
|
|
197
195
|
expect(
|
|
198
|
-
|
|
199
|
-
command:
|
|
196
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
197
|
+
command:
|
|
198
|
+
"curl http://localhost:3000/v1/channel-verification-sessions/other",
|
|
200
199
|
}),
|
|
201
200
|
).toBe(true);
|
|
202
201
|
});
|
|
203
202
|
|
|
204
203
|
test("handles missing command field gracefully", () => {
|
|
205
|
-
expect(
|
|
204
|
+
expect(isVerificationControlPlaneInvocation("bash", {})).toBe(false);
|
|
206
205
|
});
|
|
207
206
|
|
|
208
207
|
test("handles non-string command field gracefully", () => {
|
|
209
|
-
expect(
|
|
210
|
-
|
|
211
|
-
);
|
|
208
|
+
expect(
|
|
209
|
+
isVerificationControlPlaneInvocation("bash", { command: 42 }),
|
|
210
|
+
).toBe(false);
|
|
212
211
|
});
|
|
213
212
|
});
|
|
214
213
|
|
|
215
|
-
describe("host_bash tool with
|
|
216
|
-
test("detects
|
|
214
|
+
describe("host_bash tool with verification endpoint in command", () => {
|
|
215
|
+
test("detects verification endpoint", () => {
|
|
217
216
|
expect(
|
|
218
|
-
|
|
217
|
+
isVerificationControlPlaneInvocation("host_bash", {
|
|
219
218
|
command:
|
|
220
|
-
'curl -H "Authorization: Bearer token" https://internal:8080/v1/
|
|
219
|
+
'curl -H "Authorization: Bearer token" https://internal:8080/v1/channel-verification-sessions',
|
|
221
220
|
}),
|
|
222
221
|
).toBe(true);
|
|
223
222
|
});
|
|
224
223
|
});
|
|
225
224
|
|
|
226
|
-
describe("network_request tool with
|
|
227
|
-
for (const path of
|
|
225
|
+
describe("network_request tool with verification endpoint in url", () => {
|
|
226
|
+
for (const path of verificationPaths) {
|
|
228
227
|
test(`detects ${path}`, () => {
|
|
229
228
|
expect(
|
|
230
|
-
|
|
229
|
+
isVerificationControlPlaneInvocation("network_request", {
|
|
231
230
|
url: `https://api.vellum.ai${path}`,
|
|
232
231
|
}),
|
|
233
232
|
).toBe(true);
|
|
@@ -236,77 +235,77 @@ describe("isGuardianControlPlaneInvocation", () => {
|
|
|
236
235
|
|
|
237
236
|
test("detects proxied local URL", () => {
|
|
238
237
|
expect(
|
|
239
|
-
|
|
240
|
-
url: "http://127.0.0.1:3000/v1/
|
|
238
|
+
isVerificationControlPlaneInvocation("network_request", {
|
|
239
|
+
url: "http://127.0.0.1:3000/v1/channel-verification-sessions",
|
|
241
240
|
}),
|
|
242
241
|
).toBe(true);
|
|
243
242
|
});
|
|
244
243
|
|
|
245
244
|
test("does not match unrelated URLs", () => {
|
|
246
245
|
expect(
|
|
247
|
-
|
|
246
|
+
isVerificationControlPlaneInvocation("network_request", {
|
|
248
247
|
url: "https://api.example.com/v1/messages",
|
|
249
248
|
}),
|
|
250
249
|
).toBe(false);
|
|
251
250
|
});
|
|
252
251
|
|
|
253
252
|
test("handles missing url field gracefully", () => {
|
|
254
|
-
expect(
|
|
253
|
+
expect(isVerificationControlPlaneInvocation("network_request", {})).toBe(
|
|
255
254
|
false,
|
|
256
255
|
);
|
|
257
256
|
});
|
|
258
257
|
});
|
|
259
258
|
|
|
260
|
-
describe("web_fetch tool with
|
|
261
|
-
test("detects
|
|
259
|
+
describe("web_fetch tool with verification endpoint in url", () => {
|
|
260
|
+
test("detects verification endpoint", () => {
|
|
262
261
|
expect(
|
|
263
|
-
|
|
264
|
-
url: "https://api.example.com/v1/
|
|
262
|
+
isVerificationControlPlaneInvocation("web_fetch", {
|
|
263
|
+
url: "https://api.example.com/v1/channel-verification-sessions",
|
|
265
264
|
}),
|
|
266
265
|
).toBe(true);
|
|
267
266
|
});
|
|
268
267
|
|
|
269
268
|
test("does not match unrelated URL", () => {
|
|
270
269
|
expect(
|
|
271
|
-
|
|
270
|
+
isVerificationControlPlaneInvocation("web_fetch", {
|
|
272
271
|
url: "https://docs.example.com/api/v1/help",
|
|
273
272
|
}),
|
|
274
273
|
).toBe(false);
|
|
275
274
|
});
|
|
276
275
|
});
|
|
277
276
|
|
|
278
|
-
describe("browser_navigate tool with
|
|
279
|
-
test("detects
|
|
277
|
+
describe("browser_navigate tool with verification endpoint in url", () => {
|
|
278
|
+
test("detects verification endpoint", () => {
|
|
280
279
|
expect(
|
|
281
|
-
|
|
282
|
-
url: "http://localhost:3000/v1/
|
|
280
|
+
isVerificationControlPlaneInvocation("browser_navigate", {
|
|
281
|
+
url: "http://localhost:3000/v1/channel-verification-sessions/status",
|
|
283
282
|
}),
|
|
284
283
|
).toBe(true);
|
|
285
284
|
});
|
|
286
285
|
});
|
|
287
286
|
|
|
288
287
|
describe("unrelated tools are not flagged", () => {
|
|
289
|
-
test("file_read is never a
|
|
288
|
+
test("file_read is never a verification invocation", () => {
|
|
290
289
|
expect(
|
|
291
|
-
|
|
292
|
-
path: "/v1/
|
|
290
|
+
isVerificationControlPlaneInvocation("file_read", {
|
|
291
|
+
path: "/v1/channel-verification-sessions",
|
|
293
292
|
}),
|
|
294
293
|
).toBe(false);
|
|
295
294
|
});
|
|
296
295
|
|
|
297
|
-
test("file_write is never a
|
|
296
|
+
test("file_write is never a verification invocation", () => {
|
|
298
297
|
expect(
|
|
299
|
-
|
|
298
|
+
isVerificationControlPlaneInvocation("file_write", {
|
|
300
299
|
path: "/tmp/test.txt",
|
|
301
|
-
content: "curl /v1/
|
|
300
|
+
content: "curl /v1/channel-verification-sessions",
|
|
302
301
|
}),
|
|
303
302
|
).toBe(false);
|
|
304
303
|
});
|
|
305
304
|
|
|
306
|
-
test("web_search is never a
|
|
305
|
+
test("web_search is never a verification invocation", () => {
|
|
307
306
|
expect(
|
|
308
|
-
|
|
309
|
-
query: "/v1/
|
|
307
|
+
isVerificationControlPlaneInvocation("web_search", {
|
|
308
|
+
query: "/v1/channel-verification-sessions/status",
|
|
310
309
|
}),
|
|
311
310
|
).toBe(false);
|
|
312
311
|
});
|
|
@@ -315,25 +314,25 @@ describe("isGuardianControlPlaneInvocation", () => {
|
|
|
315
314
|
describe("path matching covers proxied and local variants", () => {
|
|
316
315
|
test("matches endpoint with query string", () => {
|
|
317
316
|
expect(
|
|
318
|
-
|
|
319
|
-
url: "https://api.example.com/v1/
|
|
317
|
+
isVerificationControlPlaneInvocation("network_request", {
|
|
318
|
+
url: "https://api.example.com/v1/channel-verification-sessions?token=abc",
|
|
320
319
|
}),
|
|
321
320
|
).toBe(true);
|
|
322
321
|
});
|
|
323
322
|
|
|
324
323
|
test("matches endpoint with trailing slash", () => {
|
|
325
324
|
expect(
|
|
326
|
-
|
|
327
|
-
url: "https://api.example.com/v1/
|
|
325
|
+
isVerificationControlPlaneInvocation("network_request", {
|
|
326
|
+
url: "https://api.example.com/v1/channel-verification-sessions/resend/",
|
|
328
327
|
}),
|
|
329
328
|
).toBe(true);
|
|
330
329
|
});
|
|
331
330
|
|
|
332
331
|
test("matches endpoint in piped bash command", () => {
|
|
333
332
|
expect(
|
|
334
|
-
|
|
333
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
335
334
|
command:
|
|
336
|
-
'echo \'{"phone":"+1234567890"}\' | curl -X POST -d @- http://localhost:3000/v1/
|
|
335
|
+
'echo \'{"phone":"+1234567890"}\' | curl -X POST -d @- http://localhost:3000/v1/channel-verification-sessions/resend',
|
|
337
336
|
}),
|
|
338
337
|
).toBe(true);
|
|
339
338
|
});
|
|
@@ -342,146 +341,121 @@ describe("isGuardianControlPlaneInvocation", () => {
|
|
|
342
341
|
describe("obfuscation resistance", () => {
|
|
343
342
|
test("detects URL-encoded path (%2F encoding)", () => {
|
|
344
343
|
expect(
|
|
345
|
-
|
|
344
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
346
345
|
command:
|
|
347
|
-
"curl http://localhost:3000/v1/
|
|
348
|
-
}),
|
|
349
|
-
).toBe(true);
|
|
350
|
-
});
|
|
351
|
-
|
|
352
|
-
test("detects double-encoded path (%252F encoding)", () => {
|
|
353
|
-
expect(
|
|
354
|
-
isGuardianControlPlaneInvocation("network_request", {
|
|
355
|
-
url: "http://localhost:3000/v1/integrations%252Fguardian%252Fchallenge",
|
|
346
|
+
"curl http://localhost:3000/v1/channel%2Dverification%2Dsessions",
|
|
356
347
|
}),
|
|
357
348
|
).toBe(true);
|
|
358
349
|
});
|
|
359
350
|
|
|
360
351
|
test("detects double slashes in path", () => {
|
|
361
352
|
expect(
|
|
362
|
-
|
|
353
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
363
354
|
command:
|
|
364
|
-
"curl http://localhost:3000/v1
|
|
355
|
+
"curl http://localhost:3000/v1//channel-verification-sessions",
|
|
365
356
|
}),
|
|
366
357
|
).toBe(true);
|
|
367
358
|
});
|
|
368
359
|
|
|
369
360
|
test("detects triple slashes in path", () => {
|
|
370
361
|
expect(
|
|
371
|
-
|
|
372
|
-
url: "http://localhost:3000/v1///
|
|
362
|
+
isVerificationControlPlaneInvocation("network_request", {
|
|
363
|
+
url: "http://localhost:3000/v1///channel-verification-sessions///status",
|
|
373
364
|
}),
|
|
374
365
|
).toBe(true);
|
|
375
366
|
});
|
|
376
367
|
|
|
377
368
|
test("detects mixed case path", () => {
|
|
378
369
|
expect(
|
|
379
|
-
|
|
370
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
380
371
|
command:
|
|
381
|
-
"curl http://localhost:3000/V1/
|
|
372
|
+
"curl http://localhost:3000/V1/Channel-Verification-Sessions/Status",
|
|
382
373
|
}),
|
|
383
374
|
).toBe(true);
|
|
384
375
|
});
|
|
385
376
|
|
|
386
377
|
test("detects ALL CAPS path", () => {
|
|
387
378
|
expect(
|
|
388
|
-
|
|
389
|
-
url: "http://localhost:3000/V1/
|
|
379
|
+
isVerificationControlPlaneInvocation("network_request", {
|
|
380
|
+
url: "http://localhost:3000/V1/CHANNEL-VERIFICATION-SESSIONS",
|
|
390
381
|
}),
|
|
391
382
|
).toBe(true);
|
|
392
383
|
});
|
|
393
384
|
|
|
394
|
-
test("detects combined obfuscation:
|
|
385
|
+
test("detects combined obfuscation: double slashes + mixed case", () => {
|
|
395
386
|
expect(
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
"curl http://localhost:3000/V1/Integrations%2FGuardian%2FOutbound%2FCancel",
|
|
399
|
-
}),
|
|
400
|
-
).toBe(true);
|
|
401
|
-
});
|
|
402
|
-
|
|
403
|
-
test("detects combined obfuscation: double slashes + URL-encoding", () => {
|
|
404
|
-
expect(
|
|
405
|
-
isGuardianControlPlaneInvocation("network_request", {
|
|
406
|
-
url: "http://localhost:3000/v1//integrations%2Fguardian%2Fstatus",
|
|
407
|
-
}),
|
|
408
|
-
).toBe(true);
|
|
409
|
-
});
|
|
410
|
-
|
|
411
|
-
test("detects URL-encoded path in web_fetch tool", () => {
|
|
412
|
-
expect(
|
|
413
|
-
isGuardianControlPlaneInvocation("web_fetch", {
|
|
414
|
-
url: "http://localhost:3000/v1/integrations%2Fguardian%2Foutbound%2Fresend",
|
|
387
|
+
isVerificationControlPlaneInvocation("network_request", {
|
|
388
|
+
url: "http://localhost:3000/v1//Channel-Verification-Sessions/status",
|
|
415
389
|
}),
|
|
416
390
|
).toBe(true);
|
|
417
391
|
});
|
|
418
392
|
|
|
419
393
|
test("does not false-positive on unrelated encoded paths", () => {
|
|
420
394
|
expect(
|
|
421
|
-
|
|
395
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
422
396
|
command:
|
|
423
397
|
"curl http://localhost:3000/v1/integrations%2Fother%2Fservice",
|
|
424
398
|
}),
|
|
425
399
|
).toBe(false);
|
|
426
400
|
});
|
|
427
401
|
|
|
428
|
-
test("detects
|
|
429
|
-
const result =
|
|
402
|
+
test("detects endpoint despite malformed percent-encoding elsewhere in command", () => {
|
|
403
|
+
const result = isVerificationControlPlaneInvocation("bash", {
|
|
430
404
|
command:
|
|
431
|
-
'curl -H "X: %ZZ" http://localhost:3000/v1/
|
|
405
|
+
'curl -H "X: %ZZ" http://localhost:3000/v1/channel-verification-sessions -d \'{"channel":"sms"}\'',
|
|
432
406
|
});
|
|
433
407
|
expect(result).toBe(true);
|
|
434
408
|
});
|
|
435
409
|
});
|
|
436
410
|
|
|
437
411
|
describe("shell expansion resistance", () => {
|
|
438
|
-
test("detects
|
|
412
|
+
test("detects endpoint constructed via shell variable concatenation", () => {
|
|
439
413
|
expect(
|
|
440
|
-
|
|
414
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
441
415
|
command:
|
|
442
|
-
'base=http://localhost:7821/v1
|
|
416
|
+
'base=http://localhost:7821/v1; seg=channel-verification-sessions; curl "$base/$seg/status"',
|
|
443
417
|
}),
|
|
444
418
|
).toBe(true);
|
|
445
419
|
});
|
|
446
420
|
|
|
447
|
-
test("detects
|
|
421
|
+
test("detects endpoint with split variable assignment", () => {
|
|
448
422
|
expect(
|
|
449
|
-
|
|
423
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
450
424
|
command:
|
|
451
|
-
'API
|
|
425
|
+
'API=channel-verification-sessions; curl "http://localhost:3000/v1/${API}"',
|
|
452
426
|
}),
|
|
453
427
|
).toBe(true);
|
|
454
428
|
});
|
|
455
429
|
|
|
456
|
-
test("detects
|
|
430
|
+
test("detects endpoint with path built across multiple variables", () => {
|
|
457
431
|
expect(
|
|
458
|
-
|
|
432
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
459
433
|
command:
|
|
460
|
-
'HOST=http://localhost:7821;
|
|
434
|
+
'HOST=http://localhost:7821; ENDPOINT=channel-verification-sessions; curl "$HOST/v1/$ENDPOINT"',
|
|
461
435
|
}),
|
|
462
436
|
).toBe(true);
|
|
463
437
|
});
|
|
464
438
|
|
|
465
|
-
test("detects
|
|
439
|
+
test("detects endpoint via heredoc-style construction", () => {
|
|
466
440
|
expect(
|
|
467
|
-
|
|
441
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
468
442
|
command:
|
|
469
|
-
'url="http://localhost:3000/v1/
|
|
443
|
+
'url="http://localhost:3000/v1/channel-verification-sessions"; curl "${url}/resend"',
|
|
470
444
|
}),
|
|
471
445
|
).toBe(true);
|
|
472
446
|
});
|
|
473
447
|
|
|
474
|
-
test("does not false-positive
|
|
448
|
+
test("does not false-positive on unrelated paths", () => {
|
|
475
449
|
expect(
|
|
476
|
-
|
|
450
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
477
451
|
command: "curl http://localhost:3000/v1/integrations/other/service",
|
|
478
452
|
}),
|
|
479
453
|
).toBe(false);
|
|
480
454
|
});
|
|
481
455
|
|
|
482
|
-
test("does not false-positive when only guardian is present without
|
|
456
|
+
test("does not false-positive when only guardian is present without verification path", () => {
|
|
483
457
|
expect(
|
|
484
|
-
|
|
458
|
+
isVerificationControlPlaneInvocation("bash", {
|
|
485
459
|
command: 'echo "guardian notification sent"',
|
|
486
460
|
}),
|
|
487
461
|
).toBe(false);
|
|
@@ -491,7 +465,7 @@ describe("isGuardianControlPlaneInvocation", () => {
|
|
|
491
465
|
// URL tools pass structured URLs, not shell commands. The fragment detector
|
|
492
466
|
// is bash/host_bash only. For URL tools, we rely on exact/normalized matching.
|
|
493
467
|
expect(
|
|
494
|
-
|
|
468
|
+
isVerificationControlPlaneInvocation("network_request", {
|
|
495
469
|
url: "https://api.example.com/v1/messages",
|
|
496
470
|
}),
|
|
497
471
|
).toBe(false);
|
|
@@ -500,16 +474,15 @@ describe("isGuardianControlPlaneInvocation", () => {
|
|
|
500
474
|
});
|
|
501
475
|
|
|
502
476
|
// =====================================================================
|
|
503
|
-
// Unit tests:
|
|
477
|
+
// Unit tests: enforceVerificationControlPlanePolicy
|
|
504
478
|
// =====================================================================
|
|
505
479
|
|
|
506
|
-
describe("
|
|
507
|
-
test("non-guardian actor denied for
|
|
508
|
-
const result =
|
|
480
|
+
describe("enforceVerificationControlPlanePolicy", () => {
|
|
481
|
+
test("non-guardian actor denied for verification endpoint", () => {
|
|
482
|
+
const result = enforceVerificationControlPlanePolicy(
|
|
509
483
|
"bash",
|
|
510
484
|
{
|
|
511
|
-
command:
|
|
512
|
-
"curl http://localhost:3000/v1/integrations/guardian/outbound/start",
|
|
485
|
+
command: "curl http://localhost:3000/v1/channel-verification-sessions",
|
|
513
486
|
},
|
|
514
487
|
"trusted_contact",
|
|
515
488
|
);
|
|
@@ -517,11 +490,11 @@ describe("enforceGuardianOnlyPolicy", () => {
|
|
|
517
490
|
expect(result.reason).toContain("restricted to guardian users");
|
|
518
491
|
});
|
|
519
492
|
|
|
520
|
-
test("unverified_channel actor denied for
|
|
521
|
-
const result =
|
|
493
|
+
test("unverified_channel actor denied for verification endpoint", () => {
|
|
494
|
+
const result = enforceVerificationControlPlanePolicy(
|
|
522
495
|
"network_request",
|
|
523
496
|
{
|
|
524
|
-
url: "https://api.example.com/v1/
|
|
497
|
+
url: "https://api.example.com/v1/channel-verification-sessions",
|
|
525
498
|
},
|
|
526
499
|
"unknown",
|
|
527
500
|
);
|
|
@@ -529,12 +502,11 @@ describe("enforceGuardianOnlyPolicy", () => {
|
|
|
529
502
|
expect(result.reason).toContain("restricted to guardian users");
|
|
530
503
|
});
|
|
531
504
|
|
|
532
|
-
test("guardian actor is NOT denied for
|
|
533
|
-
const result =
|
|
505
|
+
test("guardian actor is NOT denied for verification endpoint", () => {
|
|
506
|
+
const result = enforceVerificationControlPlanePolicy(
|
|
534
507
|
"bash",
|
|
535
508
|
{
|
|
536
|
-
command:
|
|
537
|
-
"curl http://localhost:3000/v1/integrations/guardian/outbound/start",
|
|
509
|
+
command: "curl http://localhost:3000/v1/channel-verification-sessions",
|
|
538
510
|
},
|
|
539
511
|
"guardian",
|
|
540
512
|
);
|
|
@@ -542,24 +514,22 @@ describe("enforceGuardianOnlyPolicy", () => {
|
|
|
542
514
|
expect(result.reason).toBeUndefined();
|
|
543
515
|
});
|
|
544
516
|
|
|
545
|
-
test("guardian actor role is NOT denied for
|
|
546
|
-
const result =
|
|
517
|
+
test("guardian actor role is NOT denied for verification endpoint (explicit)", () => {
|
|
518
|
+
const result = enforceVerificationControlPlanePolicy(
|
|
547
519
|
"bash",
|
|
548
520
|
{
|
|
549
|
-
command:
|
|
550
|
-
"curl http://localhost:3000/v1/integrations/guardian/outbound/start",
|
|
521
|
+
command: "curl http://localhost:3000/v1/channel-verification-sessions",
|
|
551
522
|
},
|
|
552
523
|
"guardian",
|
|
553
524
|
);
|
|
554
525
|
expect(result.denied).toBe(false);
|
|
555
526
|
});
|
|
556
527
|
|
|
557
|
-
test("unknown actor role is denied for
|
|
558
|
-
const result =
|
|
528
|
+
test("unknown actor role is denied for verification endpoint (allowlist, not denylist)", () => {
|
|
529
|
+
const result = enforceVerificationControlPlanePolicy(
|
|
559
530
|
"bash",
|
|
560
531
|
{
|
|
561
|
-
command:
|
|
562
|
-
"curl http://localhost:3000/v1/integrations/guardian/outbound/start",
|
|
532
|
+
command: "curl http://localhost:3000/v1/channel-verification-sessions",
|
|
563
533
|
},
|
|
564
534
|
"some_future_role",
|
|
565
535
|
);
|
|
@@ -568,7 +538,7 @@ describe("enforceGuardianOnlyPolicy", () => {
|
|
|
568
538
|
});
|
|
569
539
|
|
|
570
540
|
test("non-guardian actor is NOT denied for unrelated endpoint", () => {
|
|
571
|
-
const result =
|
|
541
|
+
const result = enforceVerificationControlPlanePolicy(
|
|
572
542
|
"bash",
|
|
573
543
|
{
|
|
574
544
|
command: "curl http://localhost:3000/v1/messages",
|
|
@@ -579,7 +549,7 @@ describe("enforceGuardianOnlyPolicy", () => {
|
|
|
579
549
|
});
|
|
580
550
|
|
|
581
551
|
test("non-guardian actor is NOT denied for unrelated tool", () => {
|
|
582
|
-
const result =
|
|
552
|
+
const result = enforceVerificationControlPlanePolicy(
|
|
583
553
|
"file_read",
|
|
584
554
|
{
|
|
585
555
|
path: "README.md",
|
|
@@ -591,21 +561,21 @@ describe("enforceGuardianOnlyPolicy", () => {
|
|
|
591
561
|
});
|
|
592
562
|
|
|
593
563
|
// =====================================================================
|
|
594
|
-
// Integration tests: ToolExecutor
|
|
564
|
+
// Integration tests: ToolExecutor verification control-plane policy gate
|
|
595
565
|
// =====================================================================
|
|
596
566
|
|
|
597
|
-
describe("ToolExecutor
|
|
567
|
+
describe("ToolExecutor verification control-plane policy gate", () => {
|
|
598
568
|
beforeEach(() => {
|
|
599
569
|
fakeToolResult = { content: "ok", isError: false };
|
|
600
570
|
});
|
|
601
571
|
|
|
602
|
-
test("non-guardian actor blocked from bash curl to
|
|
572
|
+
test("non-guardian actor blocked from bash curl to verification sessions", async () => {
|
|
603
573
|
const executor = new ToolExecutor(makePrompter());
|
|
604
574
|
const result = await executor.execute(
|
|
605
575
|
"bash",
|
|
606
576
|
{
|
|
607
577
|
command:
|
|
608
|
-
"curl -X POST http://localhost:3000/v1/
|
|
578
|
+
"curl -X POST http://localhost:3000/v1/channel-verification-sessions",
|
|
609
579
|
},
|
|
610
580
|
makeContext({ trustClass: "trusted_contact" }),
|
|
611
581
|
);
|
|
@@ -613,11 +583,11 @@ describe("ToolExecutor guardian-only policy gate", () => {
|
|
|
613
583
|
expect(result.content).toContain("restricted to guardian users");
|
|
614
584
|
});
|
|
615
585
|
|
|
616
|
-
test("unverified_channel actor blocked from network_request to
|
|
586
|
+
test("unverified_channel actor blocked from network_request to verification endpoint", async () => {
|
|
617
587
|
const executor = new ToolExecutor(makePrompter());
|
|
618
588
|
const result = await executor.execute(
|
|
619
589
|
"network_request",
|
|
620
|
-
{ url: "https://api.example.com/v1/
|
|
590
|
+
{ url: "https://api.example.com/v1/channel-verification-sessions" },
|
|
621
591
|
makeContext({ trustClass: "unknown" }),
|
|
622
592
|
);
|
|
623
593
|
expect(result.isError).toBe(true);
|
|
@@ -630,7 +600,7 @@ describe("ToolExecutor guardian-only policy gate", () => {
|
|
|
630
600
|
"bash",
|
|
631
601
|
{
|
|
632
602
|
command:
|
|
633
|
-
"curl -X POST http://localhost:3000/v1/
|
|
603
|
+
"curl -X POST http://localhost:3000/v1/channel-verification-sessions",
|
|
634
604
|
},
|
|
635
605
|
makeContext({ trustClass: "guardian" }),
|
|
636
606
|
);
|
|
@@ -638,11 +608,14 @@ describe("ToolExecutor guardian-only policy gate", () => {
|
|
|
638
608
|
expect(result.content).toBe("ok");
|
|
639
609
|
});
|
|
640
610
|
|
|
641
|
-
test("guardian trust class is NOT blocked from
|
|
611
|
+
test("guardian trust class is NOT blocked from verification endpoint (default)", async () => {
|
|
642
612
|
const executor = new ToolExecutor(makePrompter());
|
|
643
613
|
const result = await executor.execute(
|
|
644
614
|
"bash",
|
|
645
|
-
{
|
|
615
|
+
{
|
|
616
|
+
command:
|
|
617
|
+
"curl http://localhost:3000/v1/channel-verification-sessions/status",
|
|
618
|
+
},
|
|
646
619
|
makeContext(), // defaults to trustClass: 'guardian'
|
|
647
620
|
);
|
|
648
621
|
expect(result.isError).toBe(false);
|
|
@@ -671,14 +644,14 @@ describe("ToolExecutor guardian-only policy gate", () => {
|
|
|
671
644
|
expect(result.content).toBe("ok");
|
|
672
645
|
});
|
|
673
646
|
|
|
674
|
-
test("permission_denied lifecycle event is emitted on
|
|
647
|
+
test("permission_denied lifecycle event is emitted on verification policy block", async () => {
|
|
675
648
|
let capturedEvent: ToolPermissionDeniedEvent | undefined;
|
|
676
649
|
const executor = new ToolExecutor(makePrompter());
|
|
677
650
|
await executor.execute(
|
|
678
651
|
"bash",
|
|
679
652
|
{
|
|
680
653
|
command:
|
|
681
|
-
"curl http://localhost:3000/v1/
|
|
654
|
+
"curl -X DELETE http://localhost:3000/v1/channel-verification-sessions",
|
|
682
655
|
},
|
|
683
656
|
makeContext({
|
|
684
657
|
trustClass: "trusted_contact",
|
|
@@ -694,35 +667,35 @@ describe("ToolExecutor guardian-only policy gate", () => {
|
|
|
694
667
|
expect(capturedEvent!.reason).toContain("restricted to guardian users");
|
|
695
668
|
});
|
|
696
669
|
|
|
697
|
-
test("non-guardian blocked from web_fetch to
|
|
670
|
+
test("non-guardian blocked from web_fetch to verification endpoint", async () => {
|
|
698
671
|
const executor = new ToolExecutor(makePrompter());
|
|
699
672
|
const result = await executor.execute(
|
|
700
673
|
"web_fetch",
|
|
701
|
-
{ url: "http://localhost:3000/v1/
|
|
674
|
+
{ url: "http://localhost:3000/v1/channel-verification-sessions/resend" },
|
|
702
675
|
makeContext({ trustClass: "trusted_contact" }),
|
|
703
676
|
);
|
|
704
677
|
expect(result.isError).toBe(true);
|
|
705
678
|
expect(result.content).toContain("restricted to guardian users");
|
|
706
679
|
});
|
|
707
680
|
|
|
708
|
-
test("non-guardian blocked from browser_navigate to
|
|
681
|
+
test("non-guardian blocked from browser_navigate to verification endpoint", async () => {
|
|
709
682
|
const executor = new ToolExecutor(makePrompter());
|
|
710
683
|
const result = await executor.execute(
|
|
711
684
|
"browser_navigate",
|
|
712
|
-
{ url: "http://localhost:3000/v1/
|
|
685
|
+
{ url: "http://localhost:3000/v1/channel-verification-sessions/status" },
|
|
713
686
|
makeContext({ trustClass: "trusted_contact" }),
|
|
714
687
|
);
|
|
715
688
|
expect(result.isError).toBe(true);
|
|
716
689
|
expect(result.content).toContain("restricted to guardian users");
|
|
717
690
|
});
|
|
718
691
|
|
|
719
|
-
test("non-guardian blocked from host_bash with
|
|
692
|
+
test("non-guardian blocked from host_bash with verification endpoint", async () => {
|
|
720
693
|
const executor = new ToolExecutor(makePrompter());
|
|
721
694
|
const result = await executor.execute(
|
|
722
695
|
"host_bash",
|
|
723
696
|
{
|
|
724
697
|
command:
|
|
725
|
-
"curl -X POST https://internal:8080/v1/
|
|
698
|
+
"curl -X POST https://internal:8080/v1/channel-verification-sessions",
|
|
726
699
|
},
|
|
727
700
|
makeContext({ trustClass: "trusted_contact" }),
|
|
728
701
|
);
|
|
@@ -730,13 +703,12 @@ describe("ToolExecutor guardian-only policy gate", () => {
|
|
|
730
703
|
expect(result.content).toContain("restricted to guardian users");
|
|
731
704
|
});
|
|
732
705
|
|
|
733
|
-
test("all
|
|
706
|
+
test("all verification endpoints are blocked for non-guardian via network_request", async () => {
|
|
734
707
|
const endpoints = [
|
|
735
|
-
"/v1/
|
|
736
|
-
"/v1/
|
|
737
|
-
"/v1/
|
|
738
|
-
"/v1/
|
|
739
|
-
"/v1/integrations/guardian/outbound/cancel",
|
|
708
|
+
"/v1/channel-verification-sessions",
|
|
709
|
+
"/v1/channel-verification-sessions/status",
|
|
710
|
+
"/v1/channel-verification-sessions/resend",
|
|
711
|
+
"/v1/channel-verification-sessions/revoke",
|
|
740
712
|
];
|
|
741
713
|
|
|
742
714
|
for (const path of endpoints) {
|