@vellumai/assistant 0.4.43 → 0.4.45

package/src/__tests__/bundled-skill-retrieval-guard.test.ts

@@ -3,12 +3,14 @@ import { join, relative } from "node:path";
 import { describe, expect, test } from "bun:test";
 
 const ASSISTANT_DIR = join(import.meta.dir, "..", "..");
+const REPO_ROOT = join(ASSISTANT_DIR, "..");
 const BUNDLED_SKILLS_DIR = join(
   ASSISTANT_DIR,
   "src",
   "config",
   "bundled-skills",
 );
+const FIRST_PARTY_SKILLS_DIR = join(REPO_ROOT, "skills");
 
 function collectSkillFiles(rootDir: string): string[] {
   const pending = [rootDir];
@@ -33,25 +35,32 @@ function collectSkillFiles(rootDir: string): string[] {
   return files;
 }
 
-const ALL_SKILL_FILES = collectSkillFiles(BUNDLED_SKILLS_DIR);
+const ALL_SKILL_FILES = [
+  ...collectSkillFiles(BUNDLED_SKILLS_DIR),
+  ...collectSkillFiles(FIRST_PARTY_SKILLS_DIR),
+];
 
 const GATEWAY_RETRIEVAL_BANLIST: Array<{
+  skillDir: string;
   skillPath: string;
   bannedSnippets: string[];
 }> = [
   {
+    skillDir: FIRST_PARTY_SKILLS_DIR,
     skillPath: "guardian-verify-setup/SKILL.md",
     bannedSnippets: [
       'curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/channel-verification-sessions/status',
     ],
   },
   {
+    skillDir: FIRST_PARTY_SKILLS_DIR,
     skillPath: "telegram-setup/SKILL.md",
     bannedSnippets: [
       'curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/telegram/config',
     ],
   },
   {
+    skillDir: BUNDLED_SKILLS_DIR,
     skillPath: "contacts/SKILL.md",
     bannedSnippets: [
       'curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/ingress/members',
@@ -61,6 +70,7 @@ const GATEWAY_RETRIEVAL_BANLIST: Array<{
     ],
   },
   {
+    skillDir: FIRST_PARTY_SKILLS_DIR,
     skillPath: "twilio-setup/SKILL.md",
     bannedSnippets: [
       'curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config"',
@@ -68,12 +78,14 @@ const GATEWAY_RETRIEVAL_BANLIST: Array<{
     ],
   },
   {
+    skillDir: BUNDLED_SKILLS_DIR,
     skillPath: "phone-calls/SKILL.md",
     bannedSnippets: [
       'curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/integrations/twilio/config"',
     ],
   },
   {
+    skillDir: FIRST_PARTY_SKILLS_DIR,
     skillPath: "public-ingress/SKILL.md",
     bannedSnippets: [
       'curl -s "$INTERNAL_GATEWAY_BASE_URL/v1/',
@@ -82,6 +94,7 @@ const GATEWAY_RETRIEVAL_BANLIST: Array<{
     ],
   },
   {
+    skillDir: FIRST_PARTY_SKILLS_DIR,
     skillPath: "voice-setup/SKILL.md",
     bannedSnippets: [
       "assistant config get elevenlabs.voiceId",
@@ -89,6 +102,7 @@ const GATEWAY_RETRIEVAL_BANLIST: Array<{
     ],
   },
   {
+    skillDir: FIRST_PARTY_SKILLS_DIR,
     skillPath: "email-setup/SKILL.md",
     bannedSnippets: [
       "host_bash",
@@ -123,7 +137,7 @@ describe("bundled skill retrieval guard", () => {
     const violations: string[] = [];
 
     for (const rule of GATEWAY_RETRIEVAL_BANLIST) {
-      const abs = join(BUNDLED_SKILLS_DIR, rule.skillPath);
+      const abs = join(rule.skillDir, rule.skillPath);
       const content = readFileSync(abs, "utf-8");
       for (const snippet of rule.bannedSnippets) {
         if (content.includes(snippet)) {
@@ -136,7 +150,7 @@ describe("bundled skill retrieval guard", () => {
 
     if (violations.length > 0) {
       const message = [
-        "Bundled skill retrieval contract regression detected.",
+        "Skill retrieval contract regression detected.",
         "Migrated skills must not reintroduce direct gateway/keychain retrieval snippets.",
         "",
         "Violations:",
@@ -147,11 +161,11 @@ describe("bundled skill retrieval guard", () => {
     }
   });
 
-  test("bundled skills do not contain direct keychain lookup instructions", () => {
+  test("skills do not contain direct keychain lookup instructions", () => {
     const violations: string[] = [];
 
     for (const skillFile of ALL_SKILL_FILES) {
-      const rel = relative(ASSISTANT_DIR, skillFile).replaceAll("\\", "/");
+      const rel = relative(REPO_ROOT, skillFile).replaceAll("\\", "/");
       if (KEYCHAIN_ALLOWLIST.has(rel)) continue;
       const content = readFileSync(skillFile, "utf-8");
       for (const pattern of KEYCHAIN_PATTERNS) {
@@ -163,7 +177,7 @@ describe("bundled skill retrieval guard", () => {
 
     if (violations.length > 0) {
       const message = [
-        "Direct keychain lookup instructions were found in bundled skills.",
+        "Direct keychain lookup instructions were found in skills.",
         "Use credential_store and CLI/proxied flows instead.",
         "",
         "Violations:",
@@ -176,11 +190,11 @@ describe("bundled skill retrieval guard", () => {
     }
   });
 
-  test("bundled skills do not require host_bash for Vellum CLI retrieval commands", () => {
+  test("skills do not require host_bash for Vellum CLI retrieval commands", () => {
     const violations: string[] = [];
 
     for (const skillFile of ALL_SKILL_FILES) {
-      const rel = relative(ASSISTANT_DIR, skillFile).replaceAll("\\", "/");
+      const rel = relative(REPO_ROOT, skillFile).replaceAll("\\", "/");
       if (HOST_BASH_RETRIEVAL_ALLOWLIST.has(rel)) continue;
       const content = readFileSync(skillFile, "utf-8");
       const hasHostBash = content.includes("host_bash");
@@ -196,7 +210,7 @@ describe("bundled skill retrieval guard", () => {
 
     if (violations.length > 0) {
       const message = [
-        "Bundled skills must not require host_bash for Vellum CLI retrieval commands.",
+        "Skills must not require host_bash for Vellum CLI retrieval commands.",
         "Use sandboxed bash for retrieval flows unless an explicit exception is documented.",
         "",
         "Violations:",

package/src/__tests__/call-controller.test.ts

@@ -22,7 +22,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),

package/src/__tests__/call-conversation-messages.test.ts

@@ -10,7 +10,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),

package/src/__tests__/call-domain.test.ts

@@ -20,7 +20,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),

package/src/__tests__/call-pointer-messages.test.ts

@@ -18,7 +18,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),

package/src/__tests__/call-recovery.test.ts

@@ -11,7 +11,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),

package/src/__tests__/call-routes-http.test.ts

@@ -22,7 +22,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),

package/src/__tests__/call-store.test.ts

@@ -10,7 +10,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),

package/src/__tests__/canonical-guardian-store.test.ts

@@ -10,7 +10,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),

package/src/__tests__/channel-approval-routes.test.ts

@@ -25,7 +25,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),
@@ -152,6 +151,7 @@ function registerPendingInteraction(
   const handleConfirmationResponse = mock(() => {});
   const mockSession = {
     handleConfirmationResponse,
+    ensureActorScopedHistory: async () => {},
   } as unknown as Session;
 
   pendingInteractions.register(requestId, {

package/src/__tests__/channel-approvals.test.ts

@@ -25,7 +25,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),
@@ -86,6 +85,7 @@ function registerPendingConfirmation(
 ): void {
   const mockSession = {
     handleConfirmationResponse: mock(() => {}),
+    ensureActorScopedHistory: async () => {},
   } as unknown as Session;
 
   pendingInteractions.register(requestId, {

package/src/__tests__/channel-delivery-store.test.ts

@@ -10,7 +10,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),

package/src/__tests__/channel-guardian.test.ts

@@ -16,7 +16,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),
@@ -1293,7 +1292,7 @@ describe("assistant-scoped approval request lookups", () => {
 });
 
 // ═══════════════════════════════════════════════════════════════════════════
-// 10. IPC handler — channel-aware guardian status response
+// 10. HTTP handler — channel-aware guardian status response
 // ═══════════════════════════════════════════════════════════════════════════
 
 /**
@@ -1327,8 +1326,7 @@ function createMockCtx(): {
   return { ctx, lastResponse: () => captured };
 }
 
-
-describe("IPC handler channel-aware guardian status", () => {
+describe("HTTP handler channel-aware guardian status", () => {
   beforeEach(() => {
     resetTables();
   });
@@ -1954,10 +1952,10 @@ describe("pending challenge lookup", () => {
 });
 
 // ═══════════════════════════════════════════════════════════════════════════
-// 16. IPC handler — voice guardian verification
+// 16. HTTP handler — voice guardian verification
 // ═══════════════════════════════════════════════════════════════════════════
 
-describe("IPC handler voice guardian verification", () => {
+describe("HTTP handler voice guardian verification", () => {
   beforeEach(() => {
     resetTables();
   });
@@ -2540,7 +2538,7 @@ describe("outbound verification sessions", () => {
 });
 
 // ═══════════════════════════════════════════════════════════════════════════
-// 18. Outbound Voice Verification (IPC Handlers)
+// 18. Outbound Voice Verification (HTTP Handlers)
 // ═══════════════════════════════════════════════════════════════════════════
 
 describe("outbound voice verification", () => {

package/src/__tests__/channel-retry-sweep.test.ts

@@ -12,7 +12,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(testDir, "test.sock"),
   getPidPath: () => join(testDir, "test.pid"),
   getDbPath: () => join(testDir, "test.db"),
   getLogPath: () => join(testDir, "test.log"),

package/src/__tests__/checker.test.ts

@@ -31,7 +31,6 @@ mock.module("../util/platform.js", () => ({
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
-  getSocketPath: () => join(checkerTestDir, "test.sock"),
   getPidPath: () => join(checkerTestDir, "test.pid"),
   getDbPath: () => join(checkerTestDir, "test.db"),
   getLogPath: () => join(checkerTestDir, "test.log"),
@@ -98,12 +97,6 @@ import { RiskLevel } from "../permissions/types.js";
 import { getTool, registerTool } from "../tools/registry.js";
 import type { Tool } from "../tools/types.js";
 
-// Import managed skill tools so they register in the tool registry.
-// Without this, classifyRisk falls through to RiskLevel.Medium (unknown tool)
-// instead of the declared RiskLevel.High — producing wrong test behavior.
-import "../tools/skills/scaffold-managed.js";
-import "../tools/skills/delete-managed.js";
-
 // Register a mock skill-origin tool for testing default-ask policy.
 const mockSkillTool: Tool = {
   name: "skill_test_tool",
@@ -637,27 +630,26 @@ describe("Permission Checker", () => {
       expect(result.decision).toBe("prompt");
     });
 
-    test("host_bash rm is always high risk → prompt", async () => {
+    test("host_bash rm is always prompted via default ask rule", async () => {
       const result = await check(
         "host_bash",
         { command: "rm file.txt" },
         "/tmp",
       );
       expect(result.decision).toBe("prompt");
-      expect(result.reason).toContain("High risk");
+      expect(result.reason).toContain("ask rule");
     });
 
-    test("plain rm (without -rf) is high risk and prompts despite default allow rule", async () => {
-      // Validates that ALL rm commands are escalated to High risk, not just rm -rf.
-      // The default allow rule for host_bash auto-approves Low/Medium risk but
-      // High risk always prompts.
+    test("plain rm (without -rf) prompts via default ask rule", async () => {
+      // The default ask rule for host_bash prompts ALL commands regardless
+      // of risk level — rm commands are no exception.
       const result = await check(
         "host_bash",
         { command: "rm single-file.txt" },
         "/tmp",
       );
       expect(result.decision).toBe("prompt");
-      expect(result.reason).toContain("High risk");
+      expect(result.reason).toContain("ask rule");
 
       // Also verify rm -rf still prompts
       const rfResult = await check(
@@ -666,7 +658,7 @@ describe("Permission Checker", () => {
         "/tmp",
       );
       expect(rfResult.decision).toBe("prompt");
-      expect(rfResult.reason).toContain("High risk");
+      expect(rfResult.reason).toContain("ask rule");
     });
 
     test("rm is high risk even with matching trust rule → prompt", async () => {
@@ -807,11 +799,11 @@ describe("Permission Checker", () => {
       expect(result.matchedRule?.id).toBe("default:ask-host_file_edit-global");
     });
 
-    test("host_bash auto-allows low risk via default allow rule", async () => {
+    test("host_bash prompts low risk via default ask rule", async () => {
       const result = await check("host_bash", { command: "ls" }, "/tmp");
-      expect(result.decision).toBe("allow");
-      expect(result.reason).toContain("Matched trust rule");
-      expect(result.matchedRule?.id).toBe("default:allow-host_bash-global");
+      expect(result.decision).toBe("prompt");
+      expect(result.reason).toContain("ask rule");
+      expect(result.matchedRule?.id).toBe("default:ask-host_bash-global");
     });
 
     test("scaffold_managed_skill prompts by default via managed skill ask rule", async () => {
@@ -2232,11 +2224,12 @@ describe("Permission Checker", () => {
       expect(result.matchedRule?.id).toBe("default:allow-bash-global");
     });
 
-    test("host_bash auto-allows low risk in strict mode (default allow rule is a matching rule)", async () => {
+    test("host_bash prompts low risk in strict mode (default ask rule matches)", async () => {
       testConfig.permissions.mode = "strict";
       const result = await check("host_bash", { command: "ls" }, "/tmp");
-      expect(result.decision).toBe("allow");
-      expect(result.matchedRule?.id).toBe("default:allow-host_bash-global");
+      expect(result.decision).toBe("prompt");
+      expect(result.reason).toContain("ask rule");
+      expect(result.matchedRule?.id).toBe("default:ask-host_bash-global");
     });
 
     test("high-risk host_bash (rm) with no matching rule returns prompt in strict mode", async () => {
@@ -3570,15 +3563,16 @@ describe("Permission Checker", () => {
         expect(result.matchedRule?.id).toBe("default:allow-bash-global");
       });
 
-      test("low-risk host_bash auto-allows in strict mode (default allow rule is a matching rule)", async () => {
+      test("low-risk host_bash prompts in strict mode (default ask rule matches)", async () => {
         testConfig.permissions.mode = "strict";
         const result = await check(
           "host_bash",
           { command: "echo hello" },
           "/tmp",
         );
-        expect(result.decision).toBe("allow");
-        expect(result.matchedRule?.id).toBe("default:allow-host_bash-global");
+        expect(result.decision).toBe("prompt");
+        expect(result.reason).toContain("ask rule");
+        expect(result.matchedRule?.id).toBe("default:ask-host_bash-global");
       });
 
       test("low-risk file_read with no rule prompts in strict mode", async () => {
@@ -3660,10 +3654,11 @@ describe("Permission Checker", () => {
     //    target-scoped. ───────────────────────────────────────────────
 
     describe("Invariant 4: host execution approvals are explicit and target-scoped", () => {
-      test("host_bash auto-allows low risk via default allow rule", async () => {
+      test("host_bash prompts low risk via default ask rule", async () => {
         const result = await check("host_bash", { command: "ls" }, "/tmp");
-        expect(result.decision).toBe("allow");
-        expect(result.matchedRule?.id).toBe("default:allow-host_bash-global");
+        expect(result.decision).toBe("prompt");
+        expect(result.reason).toContain("ask rule");
+        expect(result.matchedRule?.id).toBe("default:ask-host_bash-global");
       });
 
       test("host_file_read prompts by default (no implicit allow)", async () => {
@@ -3740,7 +3735,7 @@ describe("Permission Checker", () => {
         expect(matchResult.matchedRule?.id).toBe("inv4-target-scoped");
 
         // Different target — the target-scoped rule should NOT match;
-        // falls back to the default host_bash allow rule (auto-allows medium risk)
+        // falls back to the default host_bash ask rule (prompts)
         const noMatchResult = await check(
           "host_bash",
           { command: "run script.js" },
@@ -3749,8 +3744,11 @@ describe("Permission Checker", () => {
             executionTarget: "/usr/local/bin/bun",
           },
         );
-        expect(noMatchResult.decision).toBe("allow");
-        expect(noMatchResult.matchedRule?.id).not.toBe("inv4-target-scoped");
+        expect(noMatchResult.decision).toBe("prompt");
+        expect(noMatchResult.reason).toContain("ask rule");
+        expect(noMatchResult.matchedRule?.id).toBe(
+          "default:ask-host_bash-global",
+        );
       });
     });
 
@@ -4391,8 +4389,6 @@ describe("computer-use tool permission defaults", () => {
   test("computer_use_* tools classify as Low risk (proxy tools)", async () => {
     const cuToolNames = [
       "computer_use_click",
-      "computer_use_double_click",
-      "computer_use_right_click",
       "computer_use_type_text",
       "computer_use_key",
       "computer_use_scroll",
@@ -4722,10 +4718,10 @@ describe("workspace mode — auto-allow workspace-scoped operations", () => {
     expect(result.reason).toContain("ask rule");
   });
 
-  test("host_bash → allow (default allow rule matches)", async () => {
+  test("host_bash → prompt (default ask rule matches)", async () => {
     const result = await check("host_bash", { command: "ls" }, workspaceDir);
-    expect(result.decision).toBe("allow");
-    expect(result.reason).toContain("Matched trust rule");
+    expect(result.decision).toBe("prompt");
+    expect(result.reason).toContain("ask rule");
   });
 
   // ── explicit rules still take precedence in workspace mode ──

package/src/__tests__/compaction.benchmark.test.ts

@@ -4,8 +4,8 @@
  * Measures compaction cost with a mock provider:
  * - compaction latency under threshold pressure
  * - no-op fast path for below-threshold histories
- * - token reduction ratio after compaction
- * - summary call count within expected range
+ * - token reduction below target budget
+ * - single-pass summarization (exactly 1 call)
  * - severe pressure overriding cooldown
  */
 import { describe, expect, mock, test } from "bun:test";
@@ -73,10 +73,9 @@ function makeConfig() {
   return {
     ...DEFAULT_CONFIG.contextWindow,
     maxInputTokens: 6000,
-    targetInputTokens: 3200,
+    targetBudgetRatio: 0.58,
     compactThreshold: 0.6,
-    preserveRecentUserTurns: 8,
-    chunkTokens: 1200,
+    summaryBudgetRatio: 0.05,
   };
 }
 
@@ -131,7 +130,7 @@ describe("Compaction benchmark", () => {
     expect(counter.calls).toBe(0);
   });
 
-  test("token reduction ratio exceeds 30% after compaction", async () => {
+  test("compaction reduces tokens below target budget", async () => {
     const counter = { calls: 0 };
     const provider = makeSummaryProvider(counter);
     const config = makeConfig();
@@ -145,13 +144,17 @@ describe("Compaction benchmark", () => {
     const result = await manager.maybeCompact(messages);
 
     expect(result.compacted).toBe(true);
-    const reductionRatio =
-      (result.previousEstimatedInputTokens - result.estimatedInputTokens) /
-      result.previousEstimatedInputTokens;
-    expect(reductionRatio).toBeGreaterThan(0.3);
+    expect(result.estimatedInputTokens).toBeLessThan(
+      result.previousEstimatedInputTokens,
+    );
+    // Target is maxInputTokens * (targetBudgetRatio - summaryBudgetRatio)
+    const targetTokens = Math.floor(
+      config.maxInputTokens * (config.targetBudgetRatio - config.summaryBudgetRatio),
+    );
+    expect(result.estimatedInputTokens).toBeLessThanOrEqual(targetTokens);
   });
 
-  test("summary calls fall within 2-6 range", async () => {
+  test("single-pass summarization makes exactly 1 summary call", async () => {
     const counter = { calls: 0 };
     const provider = makeSummaryProvider(counter);
     const config = makeConfig();
@@ -165,8 +168,7 @@ describe("Compaction benchmark", () => {
     const result = await manager.maybeCompact(messages);
 
     expect(result.compacted).toBe(true);
-    expect(result.summaryCalls).toBeGreaterThanOrEqual(2);
-    expect(result.summaryCalls).toBeLessThanOrEqual(6);
+    expect(result.summaryCalls).toBe(1);
     expect(result.summaryCalls).toBe(counter.calls);
   });
 
@@ -177,7 +179,7 @@ describe("Compaction benchmark", () => {
     const config = {
       ...makeConfig(),
       maxInputTokens: 4000,
-      targetInputTokens: 2000,
+      targetBudgetRatio: 0.55,
     };
     const manager = new ContextWindowManager({
       provider,

package/src/__tests__/computer-use-session-lifecycle.test.ts

@@ -17,18 +17,19 @@ mock.module("../config/loader.js", () => ({
     contextWindow: {
       enabled: true,
       maxInputTokens: 180000,
-      targetInputTokens: 110000,
+      targetBudgetRatio: 0.3,
       compactThreshold: 0.8,
-      preserveRecentUserTurns: 8,
-      summaryMaxTokens: 1200,
-      chunkTokens: 12000,
+      summaryBudgetRatio: 0.05,
     },
   }),
   invalidateConfigCache: () => {},
 }));
 
 import { ComputerUseSession } from "../daemon/computer-use-session.js";
-import type { CuObservation, ServerMessage } from "../daemon/message-protocol.js";
+import type {
+  CuObservation,
+  ServerMessage,
+} from "../daemon/message-protocol.js";
 import type { Provider, ProviderResponse } from "../providers/types.js";
 
 function createProvider(responses: ProviderResponse[]): {
@@ -141,7 +142,7 @@ describe("ComputerUseSession lifecycle", () => {
     expect(session.getState()).toBe("error");
   });
 
-  test("CU session passes exactly 12 computer_use_* tools to the agent loop", async () => {
+  test("CU session passes exactly 10 computer_use_* tools to the agent loop", async () => {
     let capturedTools: string[] = [];
     const provider: Provider = {
       name: "mock",
@@ -180,13 +181,11 @@ describe("ComputerUseSession lifecycle", () => {
     });
 
     const cuTools = capturedTools.filter((n) => n.startsWith("computer_use_"));
-    expect(cuTools).toHaveLength(12);
+    expect(cuTools).toHaveLength(10);
 
     // Assert exact set of expected CU tool names
     const expectedCuTools = [
       "computer_use_click",
-      "computer_use_double_click",
-      "computer_use_right_click",
       "computer_use_type_text",
       "computer_use_key",
       "computer_use_scroll",
@@ -251,7 +250,7 @@ describe("ComputerUseSession lifecycle", () => {
     expect(completes[0].isResponse).toBe(true);
   });
 
-  test("default construction preactivates computer-use skill and provides 12 CU tools", async () => {
+  test("default construction preactivates computer-use skill and provides 10 CU tools", async () => {
     let capturedTools: string[] = [];
     const provider: Provider = {
       name: "mock",
@@ -292,7 +291,7 @@ describe("ComputerUseSession lifecycle", () => {
     });
 
     const cuTools = capturedTools.filter((n) => n.startsWith("computer_use_"));
-    expect(cuTools).toHaveLength(12);
+    expect(cuTools).toHaveLength(10);
   });
 
   test("constructor accepts preactivatedSkillIds parameter", () => {