@vellumai/assistant 0.4.48 → 0.4.49

package/src/__tests__/approval-primitive.test.ts

@@ -21,7 +21,6 @@ mock.module("../util/logger.js", () => ({
     new Proxy({} as Record<string, unknown>, {
       get: () => () => {},
     }),
-  isDebug: () => false,
   truncateForLog: (value: string) => value,
 }));
 

package/src/__tests__/approval-routes-http.test.ts

@@ -118,6 +118,7 @@ function makeIdleSession(opts?: {
     updateClient: () => {},
     setHostBashProxy: () => {},
     setHostFileProxy: () => {},
+    setHostCuProxy: () => {},
     enqueueMessage: () => ({ queued: false, requestId: "noop" }),
     hasAnyPendingConfirmation: () => false,
     runAgentLoop: async (
@@ -181,6 +182,7 @@ function makeConfirmationEmittingSession(opts?: {
     updateClient: () => {},
     setHostBashProxy: () => {},
     setHostFileProxy: () => {},
+    setHostCuProxy: () => {},
     enqueueMessage: () => ({ queued: false, requestId: "noop" }),
     hasAnyPendingConfirmation: () => false,
     runAgentLoop: async (

package/src/__tests__/assistant-attachments.test.ts

@@ -10,7 +10,6 @@ import {
   estimateBase64Bytes,
   inferMimeType,
   MAX_ASSISTANT_ATTACHMENT_BYTES,
-  MAX_ASSISTANT_ATTACHMENTS,
   validateDrafts,
 } from "../daemon/assistant-attachments.js";
 
@@ -163,33 +162,27 @@ describe("validateDrafts", () => {
     expect(result.warnings[0]).toContain("exceeds");
   });
 
-  test("truncates beyond max count", () => {
-    const drafts = Array.from(
-      { length: MAX_ASSISTANT_ATTACHMENTS + 2 },
-      (_, i) => makeDraft({ filename: `file-${i}.txt` }),
+  test("accepts many drafts without count limit", () => {
+    const drafts = Array.from({ length: 20 }, (_, i) =>
+      makeDraft({ filename: `file-${i}.txt` }),
     );
     const result = validateDrafts(drafts);
-    expect(result.accepted).toHaveLength(MAX_ASSISTANT_ATTACHMENTS);
-    expect(result.warnings).toHaveLength(2);
-    expect(result.warnings[0]).toContain(
-      `file-${MAX_ASSISTANT_ATTACHMENTS}.txt`,
-    );
-    expect(result.warnings[0]).toContain("exceeded maximum");
+    expect(result.accepted).toHaveLength(20);
+    expect(result.warnings).toHaveLength(0);
   });
 
-  test("rejects oversized before applying count cap", () => {
+  test("rejects oversized while accepting all valid drafts", () => {
     const drafts = [
       makeDraft({
         filename: "big.bin",
         sizeBytes: MAX_ASSISTANT_ATTACHMENT_BYTES + 1,
       }),
-      ...Array.from({ length: MAX_ASSISTANT_ATTACHMENTS }, (_, i) =>
+      ...Array.from({ length: 10 }, (_, i) =>
         makeDraft({ filename: `ok-${i}.txt` }),
       ),
     ];
     const result = validateDrafts(drafts);
-    // big.bin rejected for size; all MAX_ASSISTANT_ATTACHMENTS ok files accepted
-    expect(result.accepted).toHaveLength(MAX_ASSISTANT_ATTACHMENTS);
+    expect(result.accepted).toHaveLength(10);
     expect(result.warnings).toHaveLength(1);
     expect(result.warnings[0]).toContain("big.bin");
   });
@@ -431,11 +424,8 @@ describe("contentBlocksToDrafts", () => {
 // ---------------------------------------------------------------------------
 
 describe("validateDrafts with reversed tool drafts", () => {
-  test("most recent tool screenshots win the attachment cap when reversed before validation", () => {
-    // Simulate a browser session producing many screenshots chronologically.
-    // After reversing, the most recent (highest index) should appear first
-    // and win the MAX_ASSISTANT_ATTACHMENTS cap.
-    const totalScreenshots = MAX_ASSISTANT_ATTACHMENTS + 3;
+  test("all tool screenshots accepted after reversing", () => {
+    const totalScreenshots = 8;
     const toolDrafts = Array.from({ length: totalScreenshots }, (_, i) =>
       makeDraft({
         sourceType: "tool_block",
@@ -446,23 +436,11 @@ describe("validateDrafts with reversed tool drafts", () => {
       }),
     );
 
-    // Reverse to prioritize most recent
     toolDrafts.reverse();
 
     const result = validateDrafts(toolDrafts);
-    expect(result.accepted).toHaveLength(MAX_ASSISTANT_ATTACHMENTS);
-
-    // The accepted drafts should be the most recent screenshots (highest step numbers)
-    const acceptedFilenames = result.accepted.map((d) => d.filename);
-    for (let i = 0; i < MAX_ASSISTANT_ATTACHMENTS; i++) {
-      expect(acceptedFilenames[i]).toBe(
-        `screenshot-step-${totalScreenshots - 1 - i}.png`,
-      );
-    }
-
-    // The oldest screenshots should be dropped
-    expect(result.warnings).toHaveLength(3);
-    expect(result.warnings[0]).toContain("screenshot-step-2.png");
+    expect(result.accepted).toHaveLength(totalScreenshots);
+    expect(result.warnings).toHaveLength(0);
   });
 });
 

package/src/__tests__/assistant-feature-flag-guardrails.test.ts

@@ -10,6 +10,11 @@
  *    `isAssistantFeatureFlagEnabled('<key>', ...)` in production code must be
  *    declared in the unified registry. This keeps flag usage declarative while
  *    allowing skills to exist without corresponding feature flags.
+ *
+ * 3. Indirect key coverage: all `feature_flags.<id>.enabled` string literals
+ *    anywhere in production code (maps, constants, variables, etc.) must be
+ *    declared in the unified registry. This catches indirect key patterns that
+ *    Guard 2 would miss, such as flag keys stored in lookup maps or constants.
  */
 
 import { execSync } from "node:child_process";
@@ -197,3 +202,74 @@ describe("assistant feature flag declaration coverage guard", () => {
     }
   });
 });
+
+// ---------------------------------------------------------------------------
+// Guard 3: Indirect key coverage — flag key literals anywhere in production code
+// ---------------------------------------------------------------------------
+
+describe("assistant feature flag indirect key coverage guard", () => {
+  test("all feature_flags.<id>.enabled string literals in production code are declared in the unified registry", () => {
+    const repoRoot = getRepoRoot();
+
+    // Load the unified registry and extract all declared keys (any scope)
+    const registry = loadRegistry();
+    const declaredKeys = new Set(registry.flags.map((f) => f.key));
+
+    // Search for any string literal matching the canonical key pattern
+    // in production .ts files under assistant/src/ and gateway/src/.
+    // This catches keys in maps, constants, variables, or any other
+    // indirect patterns that Guard 2 would miss.
+    let grepOutput = "";
+    try {
+      grepOutput = execSync(
+        `git grep -nE "feature_flags\\.[a-z0-9_-]+\\.enabled\\b" -- 'assistant/src/**/*.ts' 'gateway/src/**/*.ts'`,
+        { encoding: "utf-8", cwd: repoRoot },
+      ).trim();
+    } catch (err) {
+      // Exit code 1 means no matches — happy path
+      if ((err as { status?: number }).status === 1) {
+        return;
+      }
+      throw err;
+    }
+
+    const keyPattern = /feature_flags\.[a-z0-9_-]+\.enabled\b/g;
+    const undeclared: string[] = [];
+
+    for (const line of grepOutput.split("\n")) {
+      if (!line) continue;
+
+      // Format: "file:line:content"
+      const colonIdx = line.indexOf(":");
+      if (colonIdx === -1) continue;
+      const filePath = line.slice(0, colonIdx);
+
+      // Skip test files
+      if (isTestFile(filePath)) continue;
+
+      // Extract all key occurrences from this line
+      const content = line.slice(colonIdx + 1);
+      for (const match of content.matchAll(keyPattern)) {
+        const key = match[0];
+        if (!declaredKeys.has(key)) {
+          undeclared.push(`${filePath}: ${key}`);
+        }
+      }
+    }
+
+    if (undeclared.length > 0) {
+      const message = [
+        "Found feature_flags.<id>.enabled string literals in production code that are NOT declared in the unified registry.",
+        "This catches indirect flag key usage (maps, constants, variables) that the direct-call guard misses.",
+        `Registry: meta/feature-flags/feature-flag-registry.json`,
+        "",
+        "Undeclared keys:",
+        ...undeclared.map((k) => `  - ${k}`),
+        "",
+        "To fix: add the missing key(s) to the unified registry, or remove the stale reference.",
+      ].join("\n");
+
+      expect(undeclared, message).toEqual([]);
+    }
+  });
+});

package/src/__tests__/assistant-feature-flags-integration.test.ts

@@ -75,7 +75,6 @@ mock.module("../util/logger.js", () => ({
   ...realLogger,
   getLogger: () => noopLogger,
   getCliLogger: () => noopLogger,
-  isDebug: () => false,
   truncateForLog: (v: string) => v,
   initLogger: () => {},
   pruneOldLogFiles: () => 0,

package/src/__tests__/browser-skill-baseline-tool-payload.test.ts

@@ -55,10 +55,10 @@ describe("browser skill cutover — startup tool payload", () => {
     const definitions = getAllToolDefinitions();
     const serialized = JSON.stringify(definitions);
     // Startup payload is ~22 000 chars without browser tools.
-    // Floor at 15 000 catches accidental wholesale removal; ceiling at 35 000
+    // Floor at 14 000 catches accidental wholesale removal; ceiling at 35 000
     // gives headroom while still catching browser tool leakage
     // (~4 640 chars would push it past the ceiling).
-    expect(serialized.length).toBeGreaterThan(15_000);
+    expect(serialized.length).toBeGreaterThan(14_000);
     expect(serialized.length).toBeLessThan(35_000);
   });
 

package/src/__tests__/channel-guardian.test.ts

@@ -1305,8 +1305,6 @@ function createMockCtx(): {
   let captured: ChannelVerificationSessionResponse | null = null;
   const ctx = {
     sessions: new Map(),
-    cuSessions: new Map(),
-    cuObservationParseSequence: new Map(),
     sharedRequestTimestamps: [],
     debounceTimers: {
       schedule: () => {},

package/src/__tests__/channel-readiness-routes.test.ts

@@ -11,7 +11,6 @@ import { beforeEach, describe, expect, mock, test } from "bun:test";
 // Mocks — must be set up before importing the service
 // ---------------------------------------------------------------------------
 
-let mockTwilioPhoneNumberEnv: string | undefined;
 let mockRawConfig: Record<string, unknown> | undefined;
 let mockSecureKeys: Record<string, string>;
 let mockHasTwilioCredentials: boolean;
@@ -23,16 +22,27 @@ mock.module("../calls/twilio-rest.js", () => ({
   getTollFreeVerificationStatus: async () => null,
 }));
 
-mock.module("../config/env.js", () => ({
-  getTwilioPhoneNumberEnv: () => mockTwilioPhoneNumberEnv,
-}));
+mock.module("../config/env.js", () => ({}));
 
 mock.module("../config/loader.js", () => ({
   loadRawConfig: () => mockRawConfig,
+  loadConfig: () => {
+    const raw = mockRawConfig ?? {};
+    const wa = (raw.whatsapp ?? {}) as Record<string, unknown>;
+    const tw = (raw.twilio ?? {}) as Record<string, unknown>;
+    return {
+      twilio: { phoneNumber: (tw.phoneNumber as string) ?? "" },
+      whatsapp: { phoneNumber: (wa.phoneNumber as string) ?? "" },
+    };
+  },
   getConfig: () => {
     const raw = mockRawConfig ?? {};
     const wa = (raw.whatsapp ?? {}) as Record<string, unknown>;
-    return { whatsapp: { phoneNumber: (wa.phoneNumber as string) ?? "" } };
+    const tw = (raw.twilio ?? {}) as Record<string, unknown>;
+    return {
+      twilio: { phoneNumber: (tw.phoneNumber as string) ?? "" },
+      whatsapp: { phoneNumber: (wa.phoneNumber as string) ?? "" },
+    };
   },
   invalidateConfigCache: () => {},
 }));
@@ -60,7 +70,6 @@ import { credentialKey } from "../security/credential-key.js";
 
 describe("channel readiness routes — email and WhatsApp probes", () => {
   beforeEach(() => {
-    mockTwilioPhoneNumberEnv = undefined;
     mockRawConfig = undefined;
     mockSecureKeys = {};
     mockHasTwilioCredentials = false;

package/src/__tests__/channel-readiness-service.test.ts

@@ -1,6 +1,6 @@
 import { beforeEach, describe, expect, mock, spyOn, test } from "bun:test";
 
-let mockTwilioPhoneNumberEnv: string | undefined;
+let mockTwilioPhoneNumber: string | undefined;
 let mockRawConfig: Record<string, unknown> | undefined;
 let mockSecureKeys: Record<string, string>;
 let mockHasTwilioCredentials: boolean;
@@ -27,16 +27,17 @@ mock.module("../channels/config.js", () => ({
   }),
 }));
 
-mock.module("../config/env.js", () => ({
-  getTwilioPhoneNumberEnv: () => mockTwilioPhoneNumberEnv,
-}));
+mock.module("../config/env.js", () => ({}));
 
 mock.module("../config/loader.js", () => ({
   loadRawConfig: () => mockRawConfig,
+  loadConfig: () => ({
+    twilio: { phoneNumber: mockTwilioPhoneNumber ?? "" },
+    whatsapp: { phoneNumber: "" },
+  }),
   getConfig: () => ({
-    whatsapp: {
-      phoneNumber: "",
-    },
+    twilio: { phoneNumber: mockTwilioPhoneNumber ?? "" },
+    whatsapp: { phoneNumber: "" },
   }),
 }));
 
@@ -100,7 +101,7 @@ describe("ChannelReadinessService", () => {
 
   beforeEach(() => {
     service = new ChannelReadinessService();
-    mockTwilioPhoneNumberEnv = undefined;
+    mockTwilioPhoneNumber = undefined;
     mockRawConfig = undefined;
     mockSecureKeys = {};
     mockHasTwilioCredentials = false;
@@ -406,7 +407,7 @@ describe("ChannelReadinessService", () => {
 
   test("voice readiness includes gateway_health when ingress is configured", async () => {
     mockHasTwilioCredentials = true;
-    mockTwilioPhoneNumberEnv = "+15550001111";
+    mockTwilioPhoneNumber = "+15550001111";
     mockRawConfig = {
       ingress: {
         enabled: true,

package/src/__tests__/checker.test.ts

@@ -135,9 +135,7 @@ registerTool(mockBundledSkillTool);
 // Register CU tools so classifyRisk returns their declared Low risk level
 // instead of falling through to Medium (unknown tool).
 import { registerComputerUseActionTools } from "../tools/computer-use/registry.js";
-import { requestComputerControlTool } from "../tools/computer-use/request-computer-control.js";
 registerComputerUseActionTools();
-registerTool(requestComputerControlTool);
 
 function writeSkill(
   skillId: string,
@@ -673,14 +671,14 @@ describe("Permission Checker", () => {
       expect(result.decision).toBe("allow");
     });
 
-    test("file_write within workspace with no rule → auto-allowed in workspace mode", async () => {
+    test("file_write within workspace with no rule → prompt (medium risk bypasses workspace auto-allow)", async () => {
       const result = await check(
         "file_write",
         { path: "/tmp/file.txt" },
         "/tmp",
       );
-      expect(result.decision).toBe("allow");
-      expect(result.reason).toContain("workspace-scoped");
+      expect(result.decision).toBe("prompt");
+      expect(result.reason).toContain("medium risk");
     });
 
     test("file_write outside workspace with no rule → prompt", async () => {
@@ -897,19 +895,6 @@ describe("Permission Checker", () => {
       );
     });
 
-    test("computer_use_request_control prompts by default via computer-use ask rule", async () => {
-      const result = await check(
-        "computer_use_request_control",
-        { task: "Open system settings" },
-        "/tmp",
-      );
-      expect(result.decision).toBe("prompt");
-      expect(result.reason).toContain("ask rule");
-      expect(result.matchedRule?.id).toBe(
-        "default:ask-computer_use_request_control-global",
-      );
-    });
-
     test("higher-priority allow rule can override default computer-use ask rule", async () => {
       addRule(
         "computer_use_click",
@@ -4407,11 +4392,6 @@ describe("computer-use tool permission defaults", () => {
       expect(risk).toBe(RiskLevel.Low);
     }
   });
-
-  test("computer_use_request_control classifies as Low risk", async () => {
-    const risk = await classifyRisk("computer_use_request_control", {});
-    expect(risk).toBe(RiskLevel.Low);
-  });
 });
 
 // ---------------------------------------------------------------------------
@@ -4588,24 +4568,24 @@ describe("workspace mode — auto-allow workspace-scoped operations", () => {
     expect(result.reason).toContain("Workspace mode");
   });
 
-  test("file_write within workspace → allow (workspace-scoped)", async () => {
+  test("file_write within workspace → prompt (Medium risk bypasses workspace auto-allow)", async () => {
     const result = await check(
       "file_write",
       { file_path: "/home/user/my-project/src/index.ts" },
       workspaceDir,
     );
-    expect(result.decision).toBe("allow");
-    expect(result.reason).toContain("Workspace mode");
+    expect(result.decision).toBe("prompt");
+    expect(result.reason).toContain("medium risk");
   });
 
-  test("file_edit within workspace → allow (workspace-scoped)", async () => {
+  test("file_edit within workspace → prompt (Medium risk bypasses workspace auto-allow)", async () => {
     const result = await check(
       "file_edit",
       { file_path: "/home/user/my-project/src/index.ts" },
       workspaceDir,
     );
-    expect(result.decision).toBe("allow");
-    expect(result.reason).toContain("Workspace mode");
+    expect(result.decision).toBe("prompt");
+    expect(result.reason).toContain("medium risk");
   });
 
   // ── file operations outside workspace follow risk-based fallback ──

package/src/__tests__/computer-use-skill-manifest-regression.test.ts

@@ -29,7 +29,7 @@ const manifestPath = resolve(
 const manifest = JSON.parse(readFileSync(manifestPath, "utf-8"));
 
 describe("computer-use skill manifest regression", () => {
-  test("manifest has exactly 12 tools", () => {
+  test("manifest has exactly 11 tools", () => {
     expect(manifest.tools).toHaveLength(COMPUTER_USE_TOOL_COUNT);
   });
 

package/src/__tests__/computer-use-tools.test.ts

@@ -13,7 +13,6 @@ import {
   computerUseTypeTextTool,
   computerUseWaitTool,
 } from "../tools/computer-use/definitions.js";
-import { requestComputerControlTool } from "../tools/computer-use/request-computer-control.js";
 import { forwardComputerUseProxyTool } from "../tools/computer-use/skill-proxy-bridge.js";
 import type { ToolContext } from "../tools/types.js";
 
@@ -40,22 +39,20 @@ const ctx: ToolContext = {
 // ── Tool definitions ────────────────────────────────────────────────
 
 describe("computer-use tool definitions", () => {
-  test("allComputerUseTools contains 10 tools", () => {
-    expect(allComputerUseTools.length).toBe(10);
+  test("allComputerUseTools contains 11 tools", () => {
+    expect(allComputerUseTools.length).toBe(11);
   });
 
   test("all tools have proxy execution mode", () => {
     for (const tool of allComputerUseTools) {
       expect(tool.executionMode).toBe("proxy");
     }
-    expect(requestComputerControlTool.executionMode).toBe("proxy");
   });
 
   test("all tools belong to computer-use category", () => {
     for (const tool of allComputerUseTools) {
       expect(tool.category).toBe("computer-use");
     }
-    expect(requestComputerControlTool.category).toBe("computer-use");
   });
 
   test("all tools have unique names", () => {
@@ -225,20 +222,6 @@ describe("computer_use_respond", () => {
   });
 });
 
-// ── request_computer_control ────────────────────────────────────────
-
-describe("computer_use_request_control", () => {
-  test("requires task parameter", () => {
-    expect(schema(requestComputerControlTool).required).toContain("task");
-  });
-
-  test("execute throws proxy error", () => {
-    expect(() => requestComputerControlTool.execute({}, ctx)).toThrow(
-      "surfaceProxyResolver",
-    );
-  });
-});
-
 // ── skill-proxy-bridge ──────────────────────────────────────────────
 
 describe("forwardComputerUseProxyTool", () => {

package/src/__tests__/config-watcher.test.ts

@@ -54,7 +54,6 @@ mock.module("../util/logger.js", () => ({
     new Proxy({} as Record<string, unknown>, {
       get: () => () => {},
     }),
-  isDebug: () => false,
   truncateForLog: (v: string) => v,
 }));
 

package/src/__tests__/confirmation-request-guardian-bridge.test.ts

@@ -31,7 +31,6 @@ mock.module("../util/logger.js", () => ({
     new Proxy({} as Record<string, unknown>, {
       get: () => () => {},
     }),
-  isDebug: () => false,
   truncateForLog: (value: string) => value,
 }));