npm - @vellumai/assistant - Versions diffs - 0.4.46 → 0.4.49 - Mend

@vellumai/assistant 0.4.46 → 0.4.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (382) hide show

package/ARCHITECTURE.md +7 -7
package/README.md +2 -23
package/docs/architecture/integrations.md +45 -41
package/docs/architecture/keychain-broker.md +3 -3
package/docs/architecture/security.md +5 -5
package/docs/runbook-trusted-contacts.md +3 -8
package/hook-templates/debug-prompt-logger/hook.json +1 -1
package/hook-templates/debug-prompt-logger/run.sh +1 -3
package/package.json +1 -1
package/src/__tests__/actor-token-service.test.ts +0 -1
package/src/__tests__/anthropic-provider.test.ts +156 -0
package/src/__tests__/approval-cascade.test.ts +810 -0
package/src/__tests__/approval-primitive.test.ts +0 -1
package/src/__tests__/approval-routes-http.test.ts +2 -0
package/src/__tests__/assistant-attachments.test.ts +12 -34
package/src/__tests__/assistant-feature-flag-guardrails.test.ts +76 -0
package/src/__tests__/assistant-feature-flags-integration.test.ts +0 -1
package/src/__tests__/browser-fill-credential.test.ts +5 -2
package/src/__tests__/browser-skill-baseline-tool-payload.test.ts +2 -2
package/src/__tests__/bundled-skill-retrieval-guard.test.ts +2 -1
package/src/__tests__/channel-guardian.test.ts +0 -2
package/src/__tests__/channel-readiness-routes.test.ts +35 -25
package/src/__tests__/channel-readiness-service.test.ts +10 -9
package/src/__tests__/checker.test.ts +9 -29
package/src/__tests__/cli.test.ts +23 -0
package/src/__tests__/computer-use-skill-manifest-regression.test.ts +1 -1
package/src/__tests__/computer-use-tools.test.ts +2 -19
package/src/__tests__/config-watcher.test.ts +0 -1
package/src/__tests__/confirmation-request-guardian-bridge.test.ts +0 -1
package/src/__tests__/context-image-dimensions.test.ts +332 -0
package/src/__tests__/context-token-estimator.test.ts +196 -13
package/src/__tests__/conversation-attention-store.test.ts +0 -1
package/src/__tests__/conversation-attention-telegram.test.ts +0 -1
package/src/__tests__/conversation-routes-guardian-reply.test.ts +144 -0
package/src/__tests__/conversation-routes-slash-commands.test.ts +1 -0
package/src/__tests__/credential-broker-browser-fill.test.ts +23 -22
package/src/__tests__/credential-broker-server-use.test.ts +22 -21
package/src/__tests__/credential-broker.test.ts +2 -1
package/src/__tests__/credential-metadata-store.test.ts +239 -26
package/src/__tests__/credential-resolve.test.ts +5 -4
package/src/__tests__/credential-security-e2e.test.ts +8 -8
package/src/__tests__/credential-security-invariants.test.ts +111 -7
package/src/__tests__/credential-vault-unit.test.ts +287 -54
package/src/__tests__/credential-vault.test.ts +406 -12
package/src/__tests__/credentials-cli.test.ts +82 -6
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +0 -1
package/src/__tests__/ephemeral-permissions.test.ts +3 -3
package/src/__tests__/gateway-only-enforcement.test.ts +4 -2
package/src/__tests__/gateway-only-guard.test.ts +0 -1
package/src/__tests__/gemini-image-service.test.ts +75 -45
package/src/__tests__/gemini-provider.test.ts +9 -6
package/src/__tests__/guardian-action-conversation-turn.test.ts +1 -33
package/src/__tests__/guardian-action-copy-generator.test.ts +0 -20
package/src/__tests__/guardian-action-followup-executor.test.ts +1 -28
package/src/__tests__/guardian-action-followup-store.test.ts +1 -1
package/src/__tests__/guardian-action-grant-mint-consume.test.ts +0 -1
package/src/__tests__/guardian-decision-primitive-canonical.test.ts +0 -1
package/src/__tests__/guardian-grant-minting.test.ts +35 -0
package/src/__tests__/guardian-routing-invariants.test.ts +0 -1
package/src/__tests__/guardian-verification-voice-binding.test.ts +0 -1
package/src/__tests__/handlers-user-message-approval-consumption.test.ts +0 -39
package/src/__tests__/heartbeat-service.test.ts +0 -1
package/src/__tests__/host-cu-proxy.test.ts +629 -0
package/src/__tests__/host-shell-tool.test.ts +27 -15
package/src/__tests__/http-user-message-parity.test.ts +1 -0
package/src/__tests__/ingress-url-consistency.test.ts +14 -21
package/src/__tests__/integration-status.test.ts +38 -25
package/src/__tests__/intent-routing.test.ts +0 -1
package/src/__tests__/invite-routes-http.test.ts +10 -9
package/src/__tests__/keychain-broker-client.test.ts +11 -43
package/src/__tests__/managed-proxy-context.test.ts +5 -3
package/src/__tests__/media-generate-image.test.ts +63 -2
package/src/__tests__/media-reuse-story.e2e.test.ts +7 -3
package/src/__tests__/messaging-send-tool.test.ts +4 -6
package/src/__tests__/notification-routing-intent.test.ts +0 -1
package/src/__tests__/oauth-cli.test.ts +373 -14
package/src/__tests__/oauth-provider-profiles.test.ts +9 -9
package/src/__tests__/oauth-scope-policy.test.ts +4 -6
package/src/__tests__/oauth-store.test.ts +756 -0
package/src/__tests__/onboarding-starter-tasks.test.ts +0 -1
package/src/__tests__/provider-error-scenarios.test.ts +0 -1
package/src/__tests__/provider-fail-open-selection.test.ts +3 -1
package/src/__tests__/provider-managed-proxy-integration.test.ts +70 -6
package/src/__tests__/provider-streaming.benchmark.test.ts +0 -1
package/src/__tests__/public-ingress-urls.test.ts +15 -21
package/src/__tests__/recording-handler.test.ts +3 -4
package/src/__tests__/registry.test.ts +2 -2
package/src/__tests__/runtime-events-sse.test.ts +55 -7
package/src/__tests__/schedule-store.test.ts +0 -1
package/src/__tests__/scheduler-recurrence.test.ts +0 -1
package/src/__tests__/schema-transforms.test.ts +226 -0
package/src/__tests__/scoped-approval-grants.test.ts +0 -1
package/src/__tests__/scoped-grant-security-matrix.test.ts +0 -1
package/src/__tests__/script-proxy-injection-runtime.test.ts +23 -13
package/src/__tests__/script-proxy-policy-runtime.test.ts +1 -1
package/src/__tests__/script-proxy-session-manager.test.ts +1 -1
package/src/__tests__/secret-ingress-handler.test.ts +0 -1
package/src/__tests__/secret-onetime-send.test.ts +5 -3
package/src/__tests__/send-endpoint-busy.test.ts +21 -6
package/src/__tests__/sequence-store.test.ts +0 -1
package/src/__tests__/session-init.benchmark.test.ts +4 -5
package/src/__tests__/session-messaging-secret-redirect.test.ts +5 -4
package/src/__tests__/skill-include-graph.test.ts +66 -0
package/src/__tests__/skill-load-feature-flag.test.ts +0 -1
package/src/__tests__/skill-load-tool.test.ts +149 -1
package/src/__tests__/skill-projection-feature-flag.test.ts +0 -1
package/src/__tests__/skills-uninstall.test.ts +3 -3
package/src/__tests__/skills.test.ts +3 -12
package/src/__tests__/slack-channel-config.test.ts +76 -11
package/src/__tests__/slack-share-routes.test.ts +17 -14
package/src/__tests__/system-prompt.test.ts +0 -1
package/src/__tests__/telegram-bot-username-resolution.test.ts +3 -0
package/src/__tests__/telegram-invite-adapter.test.ts +18 -22
package/src/__tests__/terminal-tools.test.ts +4 -3
package/src/__tests__/test-support/computer-use-skill-harness.ts +3 -2
package/src/__tests__/tool-approval-handler.test.ts +0 -1
package/src/__tests__/tool-execution-pipeline.benchmark.test.ts +0 -1
package/src/__tests__/tool-executor-lifecycle-events.test.ts +0 -1
package/src/__tests__/tool-executor-shell-integration.test.ts +0 -1
package/src/__tests__/tool-executor.test.ts +0 -1
package/src/__tests__/tool-grant-request-escalation.test.ts +0 -1
package/src/__tests__/trust-store-pattern-matches.test.ts +29 -0
package/src/__tests__/trust-store.test.ts +1 -22
package/src/__tests__/trusted-contact-approval-notifier.test.ts +0 -1
package/src/__tests__/trusted-contact-inline-approval-integration.test.ts +0 -1
package/src/__tests__/twilio-config.test.ts +2 -1
package/src/__tests__/twilio-provider.test.ts +4 -2
package/src/__tests__/twilio-routes.test.ts +5 -20
package/src/__tests__/verification-control-plane-policy.test.ts +0 -1
package/src/__tests__/voice-scoped-grant-consumer.test.ts +0 -1
package/src/agent/ax-tree-compaction.test.ts +235 -0
package/src/agent/loop.ts +76 -130
package/src/calls/call-domain.ts +8 -10
package/src/calls/relay-server.ts +9 -13
package/src/calls/twilio-config.ts +4 -8
package/src/calls/twilio-provider.ts +2 -1
package/src/calls/twilio-rest.ts +2 -1
package/src/calls/twilio-routes.ts +1 -2
package/src/calls/voice-ingress-preflight.ts +1 -1
package/src/cli/commands/browser-relay.ts +46 -15
package/src/cli/commands/completions.ts +0 -3
package/src/cli/commands/credentials.ts +110 -23
package/src/cli/commands/oauth/apps.ts +255 -0
package/src/cli/commands/oauth/connections.ts +299 -0
package/src/cli/commands/oauth/index.ts +52 -0
package/src/cli/commands/oauth/providers.ts +242 -0
package/src/cli/commands/skills.ts +4 -338
package/src/cli/program.ts +1 -5
package/src/cli/reference.ts +1 -3
package/src/cli.ts +3 -2
package/src/config/assistant-feature-flags.ts +0 -3
package/src/config/bundled-skills/_shared/CLI_RETRIEVAL_PATTERN.md +1 -1
package/src/config/bundled-skills/claude-code/TOOLS.json +0 -4
package/src/config/bundled-skills/computer-use/SKILL.md +3 -6
package/src/config/bundled-skills/computer-use/TOOLS.json +22 -4
package/src/config/bundled-skills/contacts/tools/google-contacts.ts +29 -32
package/src/config/bundled-skills/gmail/SKILL.md +4 -4
package/src/config/bundled-skills/gmail/tools/gmail-archive.ts +54 -61
package/src/config/bundled-skills/gmail/tools/gmail-attachments.ts +25 -28
package/src/config/bundled-skills/gmail/tools/gmail-draft.ts +14 -17
package/src/config/bundled-skills/gmail/tools/gmail-filters.ts +39 -44
package/src/config/bundled-skills/gmail/tools/gmail-follow-up.ts +61 -58
package/src/config/bundled-skills/gmail/tools/gmail-forward.ts +50 -49
package/src/config/bundled-skills/gmail/tools/gmail-label.ts +11 -13
package/src/config/bundled-skills/gmail/tools/gmail-outreach-scan.ts +148 -146
package/src/config/bundled-skills/gmail/tools/gmail-send-draft.ts +4 -7
package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts +175 -173
package/src/config/bundled-skills/gmail/tools/gmail-trash.ts +4 -7
package/src/config/bundled-skills/gmail/tools/gmail-unsubscribe.ts +71 -76
package/src/config/bundled-skills/gmail/tools/gmail-vacation.ts +32 -38
package/src/config/bundled-skills/google-calendar/SKILL.md +2 -2
package/src/config/bundled-skills/google-calendar/calendar-client.ts +90 -44
package/src/config/bundled-skills/google-calendar/tools/calendar-check-availability.ts +9 -10
package/src/config/bundled-skills/google-calendar/tools/calendar-create-event.ts +5 -6
package/src/config/bundled-skills/google-calendar/tools/calendar-get-event.ts +4 -5
package/src/config/bundled-skills/google-calendar/tools/calendar-list-events.ts +14 -15
package/src/config/bundled-skills/google-calendar/tools/calendar-rsvp.ts +37 -37
package/src/config/bundled-skills/google-calendar/tools/shared.ts +4 -9
package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +24 -3
package/src/config/bundled-skills/messaging/SKILL.md +6 -6
package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts +62 -63
package/src/config/bundled-skills/messaging/tools/messaging-archive-by-sender.ts +15 -16
package/src/config/bundled-skills/messaging/tools/messaging-auth-test.ts +4 -5
package/src/config/bundled-skills/messaging/tools/messaging-list-conversations.ts +6 -7
package/src/config/bundled-skills/messaging/tools/messaging-mark-read.ts +4 -5
package/src/config/bundled-skills/messaging/tools/messaging-read.ts +14 -15
package/src/config/bundled-skills/messaging/tools/messaging-search.ts +4 -5
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +128 -128
package/src/config/bundled-skills/messaging/tools/messaging-sender-digest.ts +33 -34
package/src/config/bundled-skills/messaging/tools/shared.ts +12 -15
package/src/config/bundled-skills/settings/SKILL.md +1 -1
package/src/config/bundled-skills/settings/TOOLS.json +2 -8
package/src/config/bundled-skills/settings/tools/voice-config-update.ts +5 -33
package/src/config/bundled-skills/slack/tools/shared.ts +4 -10
package/src/config/bundled-skills/slack/tools/slack-add-reaction.ts +4 -5
package/src/config/bundled-skills/slack/tools/slack-channel-details.ts +15 -16
package/src/config/bundled-skills/slack/tools/slack-delete-message.ts +4 -5
package/src/config/bundled-skills/slack/tools/slack-edit-message.ts +4 -5
package/src/config/bundled-skills/slack/tools/slack-leave-channel.ts +4 -5
package/src/config/bundled-skills/slack/tools/slack-scan-digest.ts +95 -92
package/src/config/env-registry.ts +14 -83
package/src/config/env.ts +11 -50
package/src/config/feature-flag-registry.json +16 -16
package/src/config/schema.ts +3 -1
package/src/config/skills.ts +21 -2
package/src/context/image-dimensions.ts +229 -0
package/src/context/token-estimator.ts +75 -12
package/src/context/window-manager.ts +49 -10
package/src/daemon/assistant-attachments.ts +1 -13
package/src/daemon/guardian-action-generators.ts +4 -5
package/src/daemon/handlers/config-ingress.ts +8 -33
package/src/daemon/handlers/config-slack-channel.ts +76 -56
package/src/daemon/handlers/config-telegram.ts +53 -24
package/src/daemon/handlers/sessions.ts +10 -24
package/src/daemon/handlers/shared.ts +0 -130
package/src/daemon/host-cu-proxy.ts +401 -0
package/src/daemon/lifecycle.ts +39 -63
package/src/daemon/message-protocol.ts +3 -0
package/src/daemon/message-types/computer-use.ts +2 -119
package/src/daemon/message-types/host-cu.ts +19 -0
package/src/daemon/message-types/integrations.ts +1 -0
package/src/daemon/message-types/messages.ts +3 -0
package/src/daemon/server.ts +14 -21
package/src/daemon/session-agent-loop-handlers.ts +2 -0
package/src/daemon/session-attachments.ts +1 -2
package/src/daemon/session-messaging.ts +3 -1
package/src/daemon/session-slash.ts +1 -1
package/src/daemon/session-surfaces.ts +40 -28
package/src/daemon/session-tool-setup.ts +20 -11
package/src/daemon/session.ts +139 -16
package/src/daemon/tool-side-effects.ts +2 -8
package/src/daemon/watch-handler.ts +2 -2
package/src/email/providers/index.ts +2 -1
package/src/events/tool-metrics-listener.ts +2 -2
package/src/hooks/manager.ts +1 -4
package/src/inbound/public-ingress-urls.ts +7 -7
package/src/instrument.ts +15 -1
package/src/logfire.ts +16 -5
package/src/media/app-icon-generator.ts +30 -4
package/src/media/avatar-router.ts +26 -3
package/src/media/gemini-image-service.ts +28 -2
package/src/memory/conversation-key-store.ts +21 -0
package/src/memory/db-init.ts +4 -0
package/src/memory/guardian-action-store.ts +1 -1
package/src/memory/migrations/149-oauth-tables.ts +60 -0
package/src/memory/migrations/index.ts +1 -0
package/src/memory/schema/guardian.ts +1 -1
package/src/memory/schema/index.ts +1 -0
package/src/memory/schema/oauth.ts +65 -0
package/src/messaging/provider.ts +19 -13
package/src/messaging/providers/gmail/adapter.ts +40 -23
package/src/messaging/providers/gmail/client.ts +283 -122
package/src/messaging/providers/gmail/people-client.ts +32 -24
package/src/messaging/providers/slack/adapter.ts +29 -19
package/src/messaging/providers/slack/client.ts +265 -78
package/src/messaging/providers/telegram-bot/adapter.ts +19 -18
package/src/messaging/providers/whatsapp/adapter.ts +17 -11
package/src/messaging/registry.ts +2 -31
package/src/notifications/copy-composer.ts +0 -5
package/src/notifications/signal.ts +4 -5
package/src/oauth/byo-connection.test.ts +537 -0
package/src/oauth/byo-connection.ts +128 -0
package/src/oauth/connect-orchestrator.ts +139 -56
package/src/oauth/connect-types.ts +17 -23
package/src/oauth/connection-resolver.ts +58 -0
package/src/oauth/connection.ts +38 -0
package/src/oauth/manual-token-connection.ts +104 -0
package/src/oauth/oauth-store.ts +496 -0
package/src/oauth/platform-connection.test.ts +192 -0
package/src/oauth/platform-connection.ts +111 -0
package/src/oauth/provider-behaviors.ts +124 -0
package/src/oauth/scope-policy.ts +9 -2
package/src/oauth/seed-providers.ts +161 -0
package/src/oauth/token-persistence.ts +74 -78
package/src/permissions/checker.ts +8 -4
package/src/permissions/defaults.ts +0 -1
package/src/permissions/prompter.ts +10 -1
package/src/permissions/trust-store.ts +13 -0
package/src/prompts/__tests__/build-cli-reference-section.test.ts +3 -1
package/src/prompts/system-prompt.ts +70 -45
package/src/providers/anthropic/client.ts +133 -24
package/src/providers/gemini/client.ts +15 -6
package/src/providers/managed-proxy/constants.ts +2 -2
package/src/providers/managed-proxy/context.ts +5 -1
package/src/providers/ratelimit.ts +17 -0
package/src/providers/registry.ts +2 -2
package/src/providers/retry.ts +1 -27
package/src/runtime/AGENTS.md +17 -0
package/src/runtime/auth/route-policy.ts +0 -3
package/src/runtime/channel-invite-transports/telegram.ts +2 -1
package/src/runtime/channel-readiness-service.ts +168 -195
package/src/runtime/channel-readiness-types.ts +4 -0
package/src/runtime/channel-reply-delivery.ts +0 -40
package/src/runtime/gateway-client.ts +0 -7
package/src/runtime/guardian-action-conversation-turn.ts +1 -3
package/src/runtime/guardian-action-followup-executor.ts +1 -1
package/src/runtime/guardian-action-message-composer.ts +3 -23
package/src/runtime/http-server.ts +17 -10
package/src/runtime/http-types.ts +2 -3
package/src/runtime/middleware/rate-limiter.ts +74 -20
package/src/runtime/middleware/twilio-validation.ts +1 -11
package/src/runtime/pending-interactions.ts +14 -12
package/src/runtime/routes/channel-delivery-routes.ts +0 -1
package/src/runtime/routes/channel-readiness-routes.ts +2 -0
package/src/runtime/routes/conversation-routes.ts +73 -19
package/src/runtime/routes/diagnostics-routes.ts +11 -9
package/src/runtime/routes/events-routes.ts +21 -11
package/src/runtime/routes/guardian-approval-interception.ts +20 -5
package/src/runtime/routes/host-cu-routes.ts +97 -0
package/src/runtime/routes/inbound-stages/background-dispatch.ts +12 -111
package/src/runtime/routes/integrations/slack/share.ts +6 -6
package/src/runtime/routes/integrations/twilio.ts +6 -5
package/src/runtime/routes/log-export-routes.ts +126 -8
package/src/runtime/routes/secret-routes.ts +3 -2
package/src/runtime/routes/settings-routes.ts +113 -48
package/src/runtime/routes/surface-action-routes.ts +1 -1
package/src/runtime/routes/watch-routes.ts +128 -0
package/src/schedule/integration-status.ts +10 -8
package/src/security/credential-key.ts +14 -0
package/src/security/keychain-broker-client.ts +5 -6
package/src/security/oauth2.ts +1 -1
package/src/security/token-manager.ts +145 -43
package/src/skills/catalog-install.ts +358 -0
package/src/skills/include-graph.ts +32 -0
package/src/telegram/bot-username.ts +2 -3
package/src/tools/apps/definitions.ts +0 -5
package/src/tools/assets/materialize.ts +0 -5
package/src/tools/assets/search.ts +0 -5
package/src/tools/browser/headless-browser.ts +1 -67
package/src/tools/browser/network-recorder.ts +1 -1
package/src/tools/browser/network-recording-types.ts +1 -1
package/src/tools/claude-code/claude-code.ts +0 -5
package/src/tools/computer-use/definitions.ts +46 -11
package/src/tools/computer-use/registry.ts +4 -5
package/src/tools/credentials/broker.ts +5 -4
package/src/tools/credentials/metadata-store.ts +22 -74
package/src/tools/credentials/resolve.ts +2 -1
package/src/tools/credentials/vault.ts +139 -151
package/src/tools/filesystem/edit.ts +1 -6
package/src/tools/filesystem/read.ts +0 -5
package/src/tools/filesystem/write.ts +1 -6
package/src/tools/host-filesystem/edit.ts +1 -6
package/src/tools/host-filesystem/read.ts +1 -6
package/src/tools/host-filesystem/write.ts +1 -6
package/src/tools/mcp/mcp-tool-factory.ts +18 -1
package/src/tools/memory/definitions.ts +0 -5
package/src/tools/network/web-fetch.ts +0 -5
package/src/tools/network/web-search.ts +0 -5
package/src/tools/registry.ts +2 -7
package/src/tools/schema-transforms.ts +99 -0
package/src/tools/skills/load.ts +62 -8
package/src/tools/swarm/delegate.ts +0 -5
package/src/tools/system/avatar-generator.ts +0 -5
package/src/tools/ui-surface/definitions.ts +0 -15
package/src/tools/watch/screen-watch.ts +0 -5
package/src/tools/watch/watch-state.ts +0 -12
package/src/util/logger.ts +7 -41
package/src/util/platform.ts +9 -28
package/src/version.ts +10 -0
package/src/watcher/providers/github.ts +51 -52
package/src/watcher/providers/gmail.ts +88 -80
package/src/watcher/providers/google-calendar.ts +94 -86
package/src/watcher/providers/linear.ts +87 -93
package/src/__tests__/computer-use-session-compaction.test.ts +0 -143
package/src/__tests__/computer-use-session-lifecycle.test.ts +0 -322
package/src/__tests__/computer-use-session-working-dir.test.ts +0 -166
package/src/__tests__/computer-use-skill-baseline.test.ts +0 -78
package/src/__tests__/computer-use-skill-endstate.test.ts +0 -105
package/src/__tests__/computer-use-skill-lifecycle-cleanup.test.ts +0 -249
package/src/__tests__/ride-shotgun-handler.test.ts +0 -452
package/src/cli/commands/dev.ts +0 -129
package/src/cli/commands/map.ts +0 -391
package/src/cli/commands/oauth.ts +0 -77
package/src/config/bundled-skills/computer-use/tools/computer-use-request-control.ts +0 -16
package/src/daemon/computer-use-session.ts +0 -1020
package/src/daemon/ride-shotgun-handler.ts +0 -567
package/src/oauth/provider-profiles.ts +0 -192
package/src/prompts/computer-use-prompt.ts +0 -98
package/src/runtime/routes/computer-use-routes.ts +0 -641
package/src/runtime/telegram-streaming-delivery.test.ts +0 -597
package/src/runtime/telegram-streaming-delivery.ts +0 -383
package/src/tools/computer-use/request-computer-control.ts +0 -61

package/src/__tests__/gateway-only-enforcement.test.ts CHANGED Viewed

@@ -112,9 +112,11 @@ mock.module("../calls/twilio-provider.js", () => ({
   },
 }));
+import { credentialKey } from "../security/credential-key.js";
 const secureKeyStore: Record<string, string | undefined> = {
-  "credential:twilio:account_sid": "AC_test",
-  "credential:twilio:auth_token": "test_token",
+  [credentialKey("twilio", "account_sid")]: "AC_test",
+  [credentialKey("twilio", "auth_token")]: "test_token",
 };
 mock.module("../security/secure-keys.js", () => ({

package/src/__tests__/gateway-only-guard.test.ts CHANGED Viewed

@@ -37,7 +37,6 @@ const ALLOWLIST = new Set([
   // --- Documentation and comments that mention the port for explanatory purposes ---
   "AGENTS.md", // documents the gateway-only rule itself
   "ARCHITECTURE.md", // architecture overview with port references
-  "assistant/docs/runbook-trusted-contacts.md", // operator runbook targeting runtime-only /v1/contacts endpoints
   "assistant/src/runtime/middleware/twilio-validation.ts", // comment explaining proxy URL rewriting
 ]);

package/src/__tests__/gemini-image-service.test.ts CHANGED Viewed

@@ -100,10 +100,13 @@ describe("generateImage", () => {
   test("generate mode returns images from response parts", async () => {
     fakeResponse = imageResponse("image/png", "abc123");
-    const result = await generateImage("test-key", {
-      prompt: "a cat",
-      mode: "generate",
-    });
+    const result = await generateImage(
+      { type: "direct", apiKey: "test-key" },
+      {
+        prompt: "a cat",
+        mode: "generate",
+      },
+    );
     expect(result.images).toHaveLength(1);
     expect(result.images[0].mimeType).toBe("image/png");
@@ -114,10 +117,13 @@ describe("generateImage", () => {
   test("generate mode collects text commentary from response", async () => {
     fakeResponse = imageWithTextResponse("Here is your image");
-    const result = await generateImage("test-key", {
-      prompt: "a dog",
-      mode: "generate",
-    });
+    const result = await generateImage(
+      { type: "direct", apiKey: "test-key" },
+      {
+        prompt: "a dog",
+        mode: "generate",
+      },
+    );
     expect(result.text).toBe("Here is your image");
     expect(result.images).toHaveLength(1);
@@ -126,11 +132,14 @@ describe("generateImage", () => {
   test("edit mode passes source images as inline data", async () => {
     fakeResponse = imageResponse();
-    await generateImage("test-key", {
-      prompt: "remove background",
-      mode: "edit",
-      sourceImages: [{ mimeType: "image/jpeg", dataBase64: "srcdata" }],
-    });
+    await generateImage(
+      { type: "direct", apiKey: "test-key" },
+      {
+        prompt: "remove background",
+        mode: "edit",
+        sourceImages: [{ mimeType: "image/jpeg", dataBase64: "srcdata" }],
+      },
+    );
     expect(lastGenerateParams).not.toBeNull();
     const contents = (lastGenerateParams as Record<string, unknown>)
@@ -148,11 +157,14 @@ describe("generateImage", () => {
   test("model validation rejects unknown models and defaults", async () => {
     fakeResponse = imageResponse();
-    await generateImage("test-key", {
-      prompt: "test",
-      mode: "generate",
-      model: "invalid-model",
-    });
+    await generateImage(
+      { type: "direct", apiKey: "test-key" },
+      {
+        prompt: "test",
+        mode: "generate",
+        model: "invalid-model",
+      },
+    );
     expect(lastGenerateParams).not.toBeNull();
     expect((lastGenerateParams as Record<string, unknown>).model).toBe(
@@ -163,11 +175,14 @@ describe("generateImage", () => {
   test("model validation accepts allowed models", async () => {
     fakeResponse = imageResponse();
-    await generateImage("test-key", {
-      prompt: "test",
-      mode: "generate",
-      model: "gemini-3-pro-image",
-    });
+    await generateImage(
+      { type: "direct", apiKey: "test-key" },
+      {
+        prompt: "test",
+        mode: "generate",
+        model: "gemini-3-pro-image",
+      },
+    );
     expect((lastGenerateParams as Record<string, unknown>).model).toBe(
       "gemini-3-pro-image",
@@ -177,11 +192,14 @@ describe("generateImage", () => {
   test("variants makes parallel calls", async () => {
     fakeResponse = imageResponse();
-    const result = await generateImage("test-key", {
-      prompt: "test",
-      mode: "generate",
-      variants: 3,
-    });
+    const result = await generateImage(
+      { type: "direct", apiKey: "test-key" },
+      {
+        prompt: "test",
+        mode: "generate",
+        variants: 3,
+      },
+    );
     expect(generateCallCount).toBe(3);
     expect(result.images).toHaveLength(3);
@@ -190,11 +208,14 @@ describe("generateImage", () => {
   test("variants are clamped to 1-4", async () => {
     fakeResponse = imageResponse();
-    await generateImage("test-key", {
-      prompt: "test",
-      mode: "generate",
-      variants: 10,
-    });
+    await generateImage(
+      { type: "direct", apiKey: "test-key" },
+      {
+        prompt: "test",
+        mode: "generate",
+        variants: 10,
+      },
+    );
     expect(generateCallCount).toBe(4);
   });
@@ -202,10 +223,13 @@ describe("generateImage", () => {
   test("variants defaults to 1", async () => {
     fakeResponse = imageResponse();
-    await generateImage("test-key", {
-      prompt: "test",
-      mode: "generate",
-    });
+    await generateImage(
+      { type: "direct", apiKey: "test-key" },
+      {
+        prompt: "test",
+        mode: "generate",
+      },
+    );
     expect(generateCallCount).toBe(1);
   });
@@ -213,10 +237,13 @@ describe("generateImage", () => {
   test("handles empty candidates gracefully", async () => {
     fakeResponse = { candidates: [] };
-    const result = await generateImage("test-key", {
-      prompt: "test",
-      mode: "generate",
-    });
+    const result = await generateImage(
+      { type: "direct", apiKey: "test-key" },
+      {
+        prompt: "test",
+        mode: "generate",
+      },
+    );
     expect(result.images).toHaveLength(0);
     expect(result.text).toBeUndefined();
@@ -225,10 +252,13 @@ describe("generateImage", () => {
   test("response config includes TEXT and IMAGE modalities", async () => {
     fakeResponse = imageResponse();
-    await generateImage("test-key", {
-      prompt: "test",
-      mode: "generate",
-    });
+    await generateImage(
+      { type: "direct", apiKey: "test-key" },
+      {
+        prompt: "test",
+        mode: "generate",
+      },
+    );
     const config = (lastGenerateParams as Record<string, unknown>)
       .config as Record<string, unknown>;

package/src/__tests__/gemini-provider.test.ts CHANGED Viewed

@@ -739,14 +739,17 @@ describe("GeminiProvider", () => {
     expect(lastConstructorOpts).toEqual({ apiKey: "test-key" });
   });
-  test("sets httpOptions.baseUrl when managedBaseUrl is provided", () => {
+  test("sets vertexai mode with httpOptions.baseUrl when managedBaseUrl is provided", () => {
     new GeminiProvider("managed-key", "gemini-3-flash", {
-      managedBaseUrl: "https://platform.example.com/v1/runtime-proxy/gemini",
+      managedBaseUrl: "https://platform.example.com/v1/runtime-proxy/vertex",
     });
     expect(lastConstructorOpts).toEqual({
-      apiKey: "managed-key",
+      vertexai: true,
+      project: "proxy",
+      location: "us-central1",
       httpOptions: {
-        baseUrl: "https://platform.example.com/v1/runtime-proxy/gemini",
+        baseUrl: "https://platform.example.com/v1/runtime-proxy/vertex",
+        headers: { Authorization: "Bearer managed-key" },
       },
     });
   });
@@ -756,7 +759,7 @@ describe("GeminiProvider", () => {
       "managed-key",
       "gemini-3-flash",
       {
-        managedBaseUrl: "https://platform.example.com/v1/runtime-proxy/gemini",
+        managedBaseUrl: "https://platform.example.com/v1/runtime-proxy/vertex",
       },
     );
@@ -781,7 +784,7 @@ describe("GeminiProvider", () => {
       "managed-key",
       "gemini-3-flash",
       {
-        managedBaseUrl: "https://platform.example.com/v1/runtime-proxy/gemini",
+        managedBaseUrl: "https://platform.example.com/v1/runtime-proxy/vertex",
       },
     );

package/src/__tests__/guardian-action-conversation-turn.test.ts CHANGED Viewed

@@ -181,25 +181,6 @@ describe("guardian-action-conversation-turn", () => {
     expect(result.replyText).toBe("Sure, I'll call them back right away.");
   });
-  test('classifies "send a text message" as message_back', async () => {
-    const generator = createMockGenerator({
-      disposition: "message_back",
-      replyText: "Got it, I'll send them a text message.",
-    });
-    const result = await processGuardianFollowUpTurn(
-      {
-        questionText: "What is the gate code?",
-        lateAnswerText: "The gate code is 1234",
-        guardianReply: "Just send them a text",
-      },
-      generator,
-    );
-    expect(result.disposition).toBe("message_back");
-    expect(result.replyText).toBe("Got it, I'll send them a text message.");
-  });
   test('classifies "never mind" as decline', async () => {
     const generator = createMockGenerator({
       disposition: "decline",
@@ -448,19 +429,6 @@ describe("guardian-action-conversation-turn", () => {
     expect(updated!.followupAction).toBe("call_back");
   });
-  test("message_back disposition transitions to dispatching with message_back action", () => {
-    const { request } = createAwaitingChoiceRequest("conv-turn-7");
-    const updated = progressFollowupState(
-      request.id,
-      "dispatching",
-      "message_back",
-    );
-    expect(updated).not.toBeNull();
-    expect(updated!.followupState).toBe("dispatching");
-    expect(updated!.followupAction).toBe("message_back");
-  });
   test("decline disposition finalizes to declined", () => {
     const { request } = createAwaitingChoiceRequest("conv-turn-8");
@@ -488,7 +456,7 @@ describe("guardian-action-conversation-turn", () => {
     const second = progressFollowupState(
       request.id,
       "dispatching",
-      "message_back",
+      "call_back",
     );
     expect(second).toBeNull();

package/src/__tests__/guardian-action-copy-generator.test.ts CHANGED Viewed

@@ -33,8 +33,6 @@ const ALL_SCENARIOS: GuardianActionMessageScenario[] = [
   "guardian_superseded_remap",
   "guardian_unknown_code",
   "guardian_auto_matched",
-  "outbound_message_copy",
-  "followup_message_sent",
   "followup_call_started",
   "followup_action_failed",
   "guardian_answer_delivery_failed",
@@ -110,24 +108,6 @@ describe("guardian-action-copy-generator", () => {
       });
       expect(msg).toContain("QFOO12");
     });
-    test("outbound_message_copy includes lateAnswerText and questionText", () => {
-      const msg = getGuardianActionFallbackMessage({
-        scenario: "outbound_message_copy",
-        questionText: "When is the appointment?",
-        lateAnswerText: "It is at 3pm tomorrow.",
-      });
-      expect(msg).toContain("When is the appointment?");
-      expect(msg).toContain("It is at 3pm tomorrow.");
-    });
-    test("outbound_message_copy without lateAnswerText still includes questionText", () => {
-      const msg = getGuardianActionFallbackMessage({
-        scenario: "outbound_message_copy",
-        questionText: "Is the office open?",
-      });
-      expect(msg).toContain("Is the office open?");
-    });
   });
   // -----------------------------------------------------------------------

package/src/__tests__/guardian-action-followup-executor.test.ts CHANGED Viewed

@@ -127,10 +127,7 @@ function resetTables(): void {
  * Create a request in `dispatching` state ready for the executor.
  * The call session has fromNumber='+15550001111' (the counterparty).
  */
-function createDispatchingRequest(
-  convId: string,
-  action: "call_back" | "message_back",
-) {
+function createDispatchingRequest(convId: string, action: "call_back") {
   ensureConversation(convId);
   const session = createCallSession({
     conversationId: convId,
@@ -284,30 +281,6 @@ describe("guardian-action-followup-executor", () => {
     });
   });
-  // ── message_back (unsupported) error path ─────────────────────────────
-  describe("message_back", () => {
-    test("returns failure and finalizes as failed when message_back is dispatched", async () => {
-      const { request } = createDispatchingRequest(
-        "exec-msg-1",
-        "message_back",
-      );
-      const result = await executeFollowupAction(request.id, "message_back");
-      expect(result.ok).toBe(false);
-      if (!result.ok) {
-        expect(result.error).toContain("Unsupported action");
-        expect(result.error).toContain("message_back");
-      }
-      expect(result.guardianReplyText.length).toBeGreaterThan(0);
-      const updated = getGuardianActionRequest(request.id);
-      expect(updated!.followupState).toBe("failed");
-      expect(updated!.followupCompletedAt).toBeGreaterThan(0);
-    });
-  });
   // ── Error handling ──────────────────────────────────────────────────
   describe("error handling", () => {

package/src/__tests__/guardian-action-followup-store.test.ts CHANGED Viewed

@@ -314,7 +314,7 @@ describe("guardian-action-followup-store", () => {
     const request = createTestRequest("conv-followup-15");
     markTimedOutWithReason(request.id, "call_timeout");
     startFollowupFromExpiredRequest(request.id, "Late answer");
-    progressFollowupState(request.id, "dispatching", "message_back");
+    progressFollowupState(request.id, "dispatching", "call_back");
     const result = finalizeFollowup(request.id, "failed");
     expect(result).not.toBeNull();

package/src/__tests__/guardian-action-grant-mint-consume.test.ts CHANGED Viewed

@@ -35,7 +35,6 @@ mock.module("../util/logger.js", () => ({
     new Proxy({} as Record<string, unknown>, {
       get: () => () => {},
     }),
-  isDebug: () => false,
   truncateForLog: (value: string) => value,
 }));

package/src/__tests__/guardian-decision-primitive-canonical.test.ts CHANGED Viewed

@@ -21,7 +21,6 @@ mock.module("../util/logger.js", () => ({
     new Proxy({} as Record<string, unknown>, {
       get: () => () => {},
     }),
-  isDebug: () => false,
   truncateForLog: (value: string) => value,
 }));

package/src/__tests__/guardian-grant-minting.test.ts CHANGED Viewed

@@ -50,6 +50,7 @@ import type { TrustContext } from "../daemon/session-runtime-assembly.js";
 import { getDb, initializeDb, resetDb } from "../memory/db.js";
 import {
   createApprovalRequest,
+  getPendingApprovalForRequest,
   type GuardianApprovalRequest,
 } from "../memory/guardian-approvals.js";
 import * as approvalMessageComposer from "../runtime/approval-message-composer.js";
@@ -247,6 +248,40 @@ describe("guardian grant minting on tool-approval decisions", () => {
     composeSpy.mockRestore();
   });
+  test("guardian reaction approve_always is downgraded to one-time approval", async () => {
+    const requestId = "req-grant-reaction-1";
+    const approval = createTestGuardianApproval(requestId, {
+      conversationId: CONVERSATION_ID,
+      channel: "slack",
+      guardianChatId: GUARDIAN_CHAT,
+    });
+    const handleConfirmationResponse = registerPendingInteraction(
+      requestId,
+      CONVERSATION_ID,
+      TOOL_NAME,
+      TOOL_INPUT,
+    );
+    const result = await handleApprovalInterception({
+      conversationId: "guardian-conv-1",
+      callbackData: "reaction:white_check_mark",
+      content: "",
+      conversationExternalId: GUARDIAN_CHAT,
+      sourceChannel: "slack",
+      actorExternalId: GUARDIAN_USER,
+      replyCallbackUrl: "https://gateway.test/deliver",
+      trustCtx: makeTrustContext(),
+      assistantId: ASSISTANT_ID,
+    });
+    expect(result.handled).toBe(true);
+    expect(result.type).toBe("guardian_decision_applied");
+    expect(handleConfirmationResponse).toHaveBeenCalledWith(requestId, "allow");
+    const updatedApproval = getPendingApprovalForRequest(approval.requestId);
+    expect(updatedApproval).toBeNull();
+  });
   // ── 2. approve_once for non-tool-approval does NOT mint a grant ──
   test("approve_once for informational request (no toolName) does NOT mint a grant", async () => {

package/src/__tests__/guardian-routing-invariants.test.ts CHANGED Viewed

@@ -42,7 +42,6 @@ mock.module("../util/logger.js", () => ({
     new Proxy({} as Record<string, unknown>, {
       get: () => () => {},
     }),
-  isDebug: () => false,
   truncateForLog: (value: string) => value,
 }));

package/src/__tests__/guardian-verification-voice-binding.test.ts CHANGED Viewed

@@ -57,7 +57,6 @@ mock.module("../security/secure-keys.js", () => ({
 mock.module("../config/env.js", () => ({
   isHttpAuthDisabled: () => true,
-  getTwilioUserPhoneNumber: () => null,
 }));
 mock.module("../inbound/public-ingress-urls.js", () => ({

package/src/__tests__/handlers-user-message-approval-consumption.test.ts CHANGED Viewed

@@ -147,7 +147,6 @@ import { handleConfirmationResponse } from "../daemon/handlers/sessions.js";
 interface TestSession {
   messages: Array<{ role: string; content: unknown[] }>;
-  hasEscalationHandler: () => boolean;
   setChannelCapabilities: (caps: unknown) => void;
   isProcessing: () => boolean;
   hasPendingConfirmation: (requestId: string) => boolean;
@@ -181,8 +180,6 @@ function createContext(session: TestSession): {
   const sent: ServerMessage[] = [];
   const ctx: HandlerContext = {
     sessions: new Map(),
-    cuSessions: new Map(),
-    cuObservationParseSequence: new Map(),
     sharedRequestTimestamps: [],
     debounceTimers: new DebouncerMap({ defaultDelayMs: 100 }),
     suppressConfigReload: false,
@@ -202,7 +199,6 @@ function createContext(session: TestSession): {
 function makeSession(overrides: Partial<TestSession> = {}): TestSession {
   return {
     messages: [],
-    hasEscalationHandler: () => true,
     setChannelCapabilities: () => {},
     isProcessing: () => false,
     hasPendingConfirmation: () => true,
@@ -277,39 +273,4 @@ describe("handleConfirmationResponse canonical status sync", () => {
     );
     expect(resolveMock).toHaveBeenCalledWith("req-confirm-allow");
   });
-  test("syncs canonical status to denied for deny decisions in CU sessions", () => {
-    const cuSession = {
-      hasPendingConfirmation: (requestId: string) =>
-        requestId === "req-confirm-deny",
-      handleConfirmationResponse: mock(() => {}),
-    };
-    const { ctx } = createContext(
-      makeSession({
-        hasPendingConfirmation: () => false,
-      }),
-    );
-    ctx.cuSessions.set("cu-1", cuSession as any);
-    const msg: ConfirmationResponse = {
-      type: "confirmation_response",
-      requestId: "req-confirm-deny",
-      decision: "always_deny",
-    };
-    handleConfirmationResponse(msg, ctx);
-    expect(
-      (cuSession.handleConfirmationResponse as any).mock.calls.length,
-    ).toBe(1);
-    expect((cuSession.handleConfirmationResponse as any).mock.calls[0]).toEqual(
-      ["req-confirm-deny", "always_deny", undefined, undefined],
-    );
-    expect(resolveCanonicalGuardianRequestMock).toHaveBeenCalledWith(
-      "req-confirm-deny",
-      "pending",
-      { status: "denied" },
-    );
-    expect(resolveMock).toHaveBeenCalledWith("req-confirm-deny");
-  });
 });

package/src/__tests__/heartbeat-service.test.ts CHANGED Viewed

@@ -67,7 +67,6 @@ mock.module("../util/logger.js", () => ({
     warn: () => {},
     error: () => {},
   }),
-  isDebug: () => false,
 }));
 // Mock conversation title service