@vellumai/assistant 0.4.48 → 0.4.49

package/src/__tests__/conversation-routes-guardian-reply.test.ts

@@ -171,6 +171,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       hasPendingConfirmation: () => false,
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
+      setHostCuProxy: () => {},
     } as unknown as import("../daemon/session.js").Session;
 
     const req = new Request("http://localhost/v1/messages", {
@@ -246,6 +247,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       hasPendingConfirmation: () => false,
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
+      setHostCuProxy: () => {},
     } as unknown as import("../daemon/session.js").Session;
 
     const req = new Request("http://localhost/v1/messages", {
@@ -317,6 +319,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
         requestId === "tool-approval-live",
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
+      setHostCuProxy: () => {},
     } as unknown as import("../daemon/session.js").Session;
 
     const req = new Request("http://localhost/v1/messages", {
@@ -392,6 +395,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       hasPendingConfirmation: (id: string) => id === "tool-req-code-1",
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
+      setHostCuProxy: () => {},
     } as unknown as import("../daemon/session.js").Session;
 
     const req = new Request("http://localhost/v1/messages", {
@@ -463,6 +467,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       hasPendingConfirmation: (id: string) => id === "pending-reject-1",
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
+      setHostCuProxy: () => {},
     } as unknown as import("../daemon/session.js").Session;
 
     const req = new Request("http://localhost/v1/messages", {
@@ -528,6 +533,7 @@ describe("handleSendMessage canonical guardian reply interception", () => {
       hasPendingConfirmation: (id: string) => id === "pending-1",
       setHostBashProxy: () => {},
       setHostFileProxy: () => {},
+      setHostCuProxy: () => {},
     } as unknown as import("../daemon/session.js").Session;
 
     const req = new Request("http://localhost/v1/messages", {
@@ -559,4 +565,142 @@ describe("handleSendMessage canonical guardian reply interception", () => {
     expect(persistUserMessage).toHaveBeenCalledTimes(1);
     expect(runAgentLoop).toHaveBeenCalledTimes(1);
   });
+
+  test("desktop sessions do not pass approvalConversationGenerator to routeGuardianReply", async () => {
+    listPendingByDestinationMock.mockReturnValue([
+      { id: "pending-1", kind: "access_request" },
+    ]);
+    listCanonicalMock.mockReturnValue([]);
+    routeGuardianReplyMock.mockResolvedValue({
+      consumed: false,
+      decisionApplied: false,
+      type: "not_consumed",
+    });
+
+    const mockGenerator = mock(async () => ({}));
+    const persistUserMessage = mock(async () => "persisted-user-id");
+    const runAgentLoop = mock(async () => undefined);
+    const session = {
+      setTrustContext: () => {},
+      updateClient: () => {},
+      emitConfirmationStateChanged: () => {},
+      emitActivityState: () => {},
+      setTurnChannelContext: () => {},
+      setTurnInterfaceContext: () => {},
+      ensureActorScopedHistory: async () => {},
+      usageStats: { inputTokens: 0, outputTokens: 0, estimatedCost: 0 },
+      isProcessing: () => false,
+      hasAnyPendingConfirmation: () => false,
+      denyAllPendingConfirmations: () => {},
+      enqueueMessage: () => ({ queued: true, requestId: "queued-id" }),
+      persistUserMessage,
+      runAgentLoop,
+      getMessages: () => [] as unknown[],
+      assistantId: "self",
+      trustContext: undefined,
+      hasPendingConfirmation: () => false,
+      setHostBashProxy: () => {},
+      setHostFileProxy: () => {},
+      setHostCuProxy: () => {},
+    } as unknown as import("../daemon/session.js").Session;
+
+    const req = new Request("http://localhost/v1/messages", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        conversationKey: "guardian-thread-key",
+        content: "no sorry, beats 0 and 3 should be new threads",
+        sourceChannel: "vellum",
+        interface: "macos",
+      }),
+    });
+
+    await handleSendMessage(
+      req,
+      {
+        sendMessageDeps: {
+          getOrCreateSession: async () => session,
+          assistantEventHub: { publish: async () => {} } as any,
+          resolveAttachments: () => [],
+        },
+        approvalConversationGenerator: mockGenerator as any,
+      },
+      testAuthContext,
+    );
+
+    expect(routeGuardianReplyMock).toHaveBeenCalledTimes(1);
+    const routerCall = (routeGuardianReplyMock as any).mock
+      .calls[0][0] as Record<string, unknown>;
+    // Desktop (vellum) should suppress the NL engine
+    expect(routerCall.approvalConversationGenerator).toBeUndefined();
+  });
+
+  test("channel sessions pass approvalConversationGenerator to routeGuardianReply", async () => {
+    listPendingByDestinationMock.mockReturnValue([
+      { id: "pending-1", kind: "access_request" },
+    ]);
+    listCanonicalMock.mockReturnValue([]);
+    routeGuardianReplyMock.mockResolvedValue({
+      consumed: false,
+      decisionApplied: false,
+      type: "not_consumed",
+    });
+
+    const mockGenerator = mock(async () => ({}));
+    const persistUserMessage = mock(async () => "persisted-user-id");
+    const runAgentLoop = mock(async () => undefined);
+    const session = {
+      setTrustContext: () => {},
+      updateClient: () => {},
+      emitConfirmationStateChanged: () => {},
+      emitActivityState: () => {},
+      setTurnChannelContext: () => {},
+      setTurnInterfaceContext: () => {},
+      ensureActorScopedHistory: async () => {},
+      usageStats: { inputTokens: 0, outputTokens: 0, estimatedCost: 0 },
+      isProcessing: () => false,
+      hasAnyPendingConfirmation: () => false,
+      denyAllPendingConfirmations: () => {},
+      enqueueMessage: () => ({ queued: true, requestId: "queued-id" }),
+      persistUserMessage,
+      runAgentLoop,
+      getMessages: () => [] as unknown[],
+      assistantId: "self",
+      trustContext: undefined,
+      hasPendingConfirmation: () => false,
+      setHostBashProxy: () => {},
+      setHostFileProxy: () => {},
+      setHostCuProxy: () => {},
+    } as unknown as import("../daemon/session.js").Session;
+
+    const req = new Request("http://localhost/v1/messages", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        conversationKey: "guardian-thread-key",
+        content: "no sorry, beats 0 and 3 should be new threads",
+        sourceChannel: "telegram",
+        interface: "telegram",
+      }),
+    });
+
+    await handleSendMessage(
+      req,
+      {
+        sendMessageDeps: {
+          getOrCreateSession: async () => session,
+          assistantEventHub: { publish: async () => {} } as any,
+          resolveAttachments: () => [],
+        },
+        approvalConversationGenerator: mockGenerator as any,
+      },
+      testAuthContext,
+    );
+
+    expect(routeGuardianReplyMock).toHaveBeenCalledTimes(1);
+    const routerCall = (routeGuardianReplyMock as any).mock
+      .calls[0][0] as Record<string, unknown>;
+    // Channel sessions should receive the NL engine
+    expect(routerCall.approvalConversationGenerator).toBe(mockGenerator);
+  });
 });

package/src/__tests__/conversation-routes-slash-commands.test.ts

@@ -203,6 +203,7 @@ function makeSession() {
     hasPendingConfirmation: () => false,
     setHostBashProxy: () => {},
     setHostFileProxy: () => {},
+    setHostCuProxy: () => {},
     usageStats: {
       inputTokens: 1000,
       outputTokens: 500,

package/src/__tests__/credential-metadata-store.test.ts

@@ -294,49 +294,35 @@ describe("credential metadata store", () => {
     });
   });
 
-  // ── v4 Schema: hasRefreshToken ──────────────────────────────────────
+  // ── v5 Schema: OAuth fields removed ─────────────────────────────────
 
-  describe("v4 schema — hasRefreshToken", () => {
-    test("creates record with hasRefreshToken", () => {
+  describe("v5 schema — OAuth fields removed from CredentialMetadata", () => {
+    test("CredentialMetadata does not include hasRefreshToken", () => {
       const record = upsertCredentialMetadata("github", "access_token", {
-        hasRefreshToken: true,
+        allowedTools: ["api_request"],
       });
-      expect(record.hasRefreshToken).toBe(true);
+      // hasRefreshToken was removed in v5 — field should not exist
+      expect("hasRefreshToken" in record).toBe(false);
     });
 
-    test("creates record with hasRefreshToken false", () => {
-      const record = upsertCredentialMetadata("github", "access_token", {
-        hasRefreshToken: false,
-      });
-      expect(record.hasRefreshToken).toBe(false);
+    test("CredentialMetadata does not include oauth2TokenUrl", () => {
+      const record = upsertCredentialMetadata("github", "access_token");
+      expect("oauth2TokenUrl" in record).toBe(false);
     });
 
-    test("defaults hasRefreshToken to undefined when not provided", () => {
+    test("CredentialMetadata does not include oauth2ClientId", () => {
       const record = upsertCredentialMetadata("github", "access_token");
-      expect(record.hasRefreshToken).toBeUndefined();
+      expect("oauth2ClientId" in record).toBe(false);
     });
 
-    test("updates hasRefreshToken on existing record", () => {
-      upsertCredentialMetadata("github", "access_token", {
-        hasRefreshToken: false,
-      });
-      const updated = upsertCredentialMetadata("github", "access_token", {
-        hasRefreshToken: true,
-      });
-      expect(updated.hasRefreshToken).toBe(true);
+    test("CredentialMetadata does not include expiresAt", () => {
+      const record = upsertCredentialMetadata("github", "access_token");
+      expect("expiresAt" in record).toBe(false);
     });
 
-    test("round-trip: hasRefreshToken survives serialization", () => {
-      upsertCredentialMetadata("github", "access_token", {
-        hasRefreshToken: true,
-        allowedTools: ["api_request"],
-      });
-
-      // Re-read from disk
-      const loaded = getCredentialMetadata("github", "access_token");
-      expect(loaded).toBeDefined();
-      expect(loaded!.hasRefreshToken).toBe(true);
-      expect(loaded!.allowedTools).toEqual(["api_request"]);
+    test("CredentialMetadata does not include grantedScopes", () => {
+      const record = upsertCredentialMetadata("github", "access_token");
+      expect("grantedScopes" in record).toBe(false);
     });
   });
 
@@ -417,7 +403,7 @@ describe("credential metadata store", () => {
       expect(record!.credentialId).toBe("cred-stable-id");
     });
 
-    test("v2 file is migrated to v4 (strips oauth2ClientSecret)", () => {
+    test("v2 file is migrated to v5 (strips oauth2ClientSecret and OAuth fields)", () => {
       const v2Data = {
         version: 2,
         credentials: [
@@ -449,16 +435,16 @@ describe("credential metadata store", () => {
       expect(record!.alias).toBe("fal-primary");
       expect(record!.injectionTemplates).toHaveLength(1);
       expect(record!.injectionTemplates![0].hostPattern).toBe("*.fal.ai");
-      // oauth2ClientSecret must be stripped by v2→v3 migration
+      // oauth2ClientSecret must be stripped by migration
       expect("oauth2ClientSecret" in record!).toBe(false);
 
-      // On-disk file should be upgraded to v4
+      // On-disk file should be upgraded to v5
       const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
-      expect(raw.version).toBe(4);
+      expect(raw.version).toBe(5);
       expect(raw.credentials[0]).not.toHaveProperty("oauth2ClientSecret");
     });
 
-    test("v3 file is migrated to v4 (removes ghost refresh_token records)", () => {
+    test("v3 file is migrated to v5 (removes ghost refresh_token records)", () => {
       const v3Data = {
         version: 3,
         credentials: [
@@ -488,11 +474,12 @@ describe("credential metadata store", () => {
       // Ghost refresh_token record removed
       expect(records).toHaveLength(1);
       expect(records[0].field).toBe("access_token");
-      expect(records[0].hasRefreshToken).toBe(true);
+      // hasRefreshToken is stripped in v5 migration (OAuth fields moved to SQLite)
+      expect("hasRefreshToken" in records[0]).toBe(false);
 
-      // On-disk file should be upgraded to v4
+      // On-disk file should be upgraded to v5
       const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
-      expect(raw.version).toBe(4);
+      expect(raw.version).toBe(5);
       expect(raw.credentials).toHaveLength(1);
       expect(raw.credentials[0].field).toBe("access_token");
     });
@@ -528,11 +515,12 @@ describe("credential metadata store", () => {
       expect(record!.alias).toBe("fal-primary");
       expect(record!.injectionTemplates).toHaveLength(1);
       expect(record!.injectionTemplates![0].hostPattern).toBe("*.fal.ai");
-      expect(record!.hasRefreshToken).toBeUndefined();
+      // hasRefreshToken is stripped in v5 migration
+      expect("hasRefreshToken" in record!).toBe(false);
 
-      // On-disk file should be upgraded to v4
+      // On-disk file should be upgraded to v5
       const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
-      expect(raw.version).toBe(4);
+      expect(raw.version).toBe(5);
     });
 
     test("v3 migration handles multiple services with ghost records", () => {
@@ -592,16 +580,16 @@ describe("credential metadata store", () => {
       // refresh_token records removed, only access_token records remain
       expect(records).toHaveLength(3);
       expect(records.every((r) => r.field !== "refresh_token")).toBe(true);
-      // github and stripe had refresh tokens
+      // hasRefreshToken is stripped in v5 migration — none should have it
       const github = records.find((r) => r.service === "github");
       const slack = records.find((r) => r.service === "slack");
       const stripe = records.find((r) => r.service === "stripe");
-      expect(github!.hasRefreshToken).toBe(true);
-      expect(slack!.hasRefreshToken).toBeUndefined();
-      expect(stripe!.hasRefreshToken).toBe(true);
+      expect("hasRefreshToken" in github!).toBe(false);
+      expect("hasRefreshToken" in slack!).toBe(false);
+      expect("hasRefreshToken" in stripe!).toBe(false);
     });
 
-    test("v4 file is loaded without migration", () => {
+    test("v4 file is migrated to v5 (strips hasRefreshToken and OAuth fields)", () => {
       const v4Data = {
         version: 4,
         credentials: [
@@ -623,10 +611,15 @@ describe("credential metadata store", () => {
       const record = getCredentialMetadata("fal-ai", "api_key");
       expect(record).toBeDefined();
       expect(record!.alias).toBe("fal-primary");
-      expect(record!.hasRefreshToken).toBe(true);
+      // hasRefreshToken is stripped in v5 migration
+      expect("hasRefreshToken" in record!).toBe(false);
+
+      // On-disk file should be upgraded to v5
+      const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
+      expect(raw.version).toBe(5);
     });
 
-    test("future version (v5+) returns unknown version and refuses writes", () => {
+    test("future version (v6+) returns unknown version and refuses writes", () => {
       const futureData = {
         version: 99,
         credentials: [],
@@ -661,7 +654,7 @@ describe("credential metadata store", () => {
       },
     );
 
-    test("upsert on migrated v1 file saves as v4", () => {
+    test("upsert on migrated v1 file saves as v5", () => {
       const v1Data = {
         version: 1,
         credentials: [
@@ -681,13 +674,13 @@ describe("credential metadata store", () => {
       // Upsert triggers load (migration) + save (at current version)
       upsertCredentialMetadata("github", "token", { alias: "gh-main" });
 
-      // Verify on-disk file is now v4
+      // Verify on-disk file is now v5
       const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
-      expect(raw.version).toBe(4);
+      expect(raw.version).toBe(5);
       expect(raw.credentials[0].alias).toBe("gh-main");
     });
 
-    test("v1 load auto-persists as v4 on disk without requiring a write", () => {
+    test("v1 load auto-persists as v5 on disk without requiring a write", () => {
       const v1Data = {
         version: 1,
         credentials: [
@@ -704,15 +697,15 @@ describe("credential metadata store", () => {
       };
       writeFileSync(META_PATH, JSON.stringify(v1Data, null, 2), "utf-8");
 
-      // A read-only operation should still persist the v4 upgrade
+      // A read-only operation should still persist the v5 upgrade
       listCredentialMetadata();
 
       const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
-      expect(raw.version).toBe(4);
+      expect(raw.version).toBe(5);
       expect(raw.credentials[0].credentialId).toBe("cred-autopersist");
     });
 
-    test("v1 file with multiple credentials migrates all records", () => {
+    test("v1 file with multiple credentials migrates all records (strips OAuth fields)", () => {
       const v1Data = {
         version: 1,
         credentials: [
@@ -761,13 +754,11 @@ describe("credential metadata store", () => {
         expect(r.injectionTemplates).toBeUndefined();
       }
 
-      // Original v1 fields preserved
-      expect(records[0].grantedScopes).toEqual(["repo", "user"]);
-      expect(records[1].expiresAt).toBe(1800000000000);
-      expect(records[2].oauth2TokenUrl).toBe(
-        "https://connect.stripe.com/oauth/token",
-      );
-      expect(records[2].oauth2ClientId).toBe("ca_test123");
+      // OAuth-specific fields are stripped by v5 migration
+      expect("grantedScopes" in records[0]).toBe(false);
+      expect("expiresAt" in records[1]).toBe(false);
+      expect("oauth2TokenUrl" in records[2]).toBe(false);
+      expect("oauth2ClientId" in records[2]).toBe(false);
     });
   });
 
@@ -808,20 +799,20 @@ describe("credential metadata store", () => {
     test("file with non-array credentials field is treated as empty list", () => {
       writeFileSync(
         META_PATH,
-        JSON.stringify({ version: 4, credentials: "not-an-array" }),
+        JSON.stringify({ version: 5, credentials: "not-an-array" }),
         "utf-8",
       );
       expect(listCredentialMetadata()).toEqual([]);
     });
 
     test("file with missing credentials field is treated as empty list", () => {
-      writeFileSync(META_PATH, JSON.stringify({ version: 4 }), "utf-8");
+      writeFileSync(META_PATH, JSON.stringify({ version: 5 }), "utf-8");
       expect(listCredentialMetadata()).toEqual([]);
     });
 
     test("malformed records within credentials array are filtered out", () => {
       const data = {
-        version: 4,
+        version: 5,
         credentials: [
           // Valid record
           {
@@ -931,7 +922,7 @@ describe("credential metadata store", () => {
 
       const raw = readFileSync(META_PATH, "utf-8");
       const parsed = JSON.parse(raw);
-      expect(parsed.version).toBe(4);
+      expect(parsed.version).toBe(5);
       expect(parsed.credentials).toHaveLength(1);
       expect(parsed.credentials[0].service).toBe("slack");
     });
@@ -939,23 +930,23 @@ describe("credential metadata store", () => {
     test("file written by saveFile has version field", () => {
       upsertCredentialMetadata("test", "key");
       const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
-      expect(raw.version).toBe(4);
+      expect(raw.version).toBe(5);
     });
   });
 
   // ── Empty credential lists ────────────────────────────────────────
 
   describe("empty credential lists", () => {
-    test("empty v4 file returns empty array", () => {
+    test("empty v5 file returns empty array", () => {
       writeFileSync(
         META_PATH,
-        JSON.stringify({ version: 4, credentials: [] }, null, 2),
+        JSON.stringify({ version: 5, credentials: [] }, null, 2),
         "utf-8",
       );
       expect(listCredentialMetadata()).toEqual([]);
     });
 
-    test("empty v1 file is migrated to v4 with empty credentials", () => {
+    test("empty v1 file is migrated to v5 with empty credentials", () => {
       writeFileSync(
         META_PATH,
         JSON.stringify({ version: 1, credentials: [] }, null, 2),
@@ -963,9 +954,9 @@ describe("credential metadata store", () => {
       );
       expect(listCredentialMetadata()).toEqual([]);
 
-      // Should be persisted as v4
+      // Should be persisted as v5
       const raw = JSON.parse(readFileSync(META_PATH, "utf-8"));
-      expect(raw.version).toBe(4);
+      expect(raw.version).toBe(5);
       expect(raw.credentials).toEqual([]);
     });
 

package/src/__tests__/credential-security-invariants.test.ts

@@ -229,10 +229,13 @@ describe("Invariant 2: no generic plaintext secret read API", () => {
       "runtime/routes/integrations/slack/share.ts", // Slack share routes credential lookup
       "mcp/client.ts", // MCP client cached-token lookup
       "oauth/token-persistence.ts", // OAuth token persistence (set/delete tokens)
+      "oauth/connection-resolver.ts", // resolve OAuthConnection from oauth-store (access_token lookup)
       "runtime/routes/secret-routes.ts", // HTTP secret management routes (set/delete secrets)
-      "daemon/ride-shotgun-handler.ts", // learn session cookie persistence
       "daemon/session-messaging.ts", // credential storage during session messaging
       "runtime/routes/settings-routes.ts", // settings routes OAuth credential lookup (client_secret)
+      "oauth/oauth-store.ts", // OAuth provider disconnect (delete stored tokens)
+      "cli/commands/oauth/connections.ts", // CLI OAuth connection delete (legacy credential cleanup)
+      "oauth/manual-token-connection.ts", // manual-token provider backfill (keychain credential existence check)
     ]);
 
     const thisDir = dirname(fileURLToPath(import.meta.url));
@@ -499,16 +502,17 @@ describe("Invariant 6: oauth2ClientSecret not in metadata, only in secure store"
     rmSync(TEST_DIR, { recursive: true, force: true });
   });
 
-  test("upsertCredentialMetadata does not accept oauth2ClientSecret", () => {
+  test("upsertCredentialMetadata does not accept oauth2ClientSecret or other OAuth fields", () => {
     const record = upsertCredentialMetadata(
       "integration:gmail",
       "access_token",
       {
-        oauth2TokenUrl: "https://oauth2.googleapis.com/token",
-        oauth2ClientId: "test-client-id",
+        allowedTools: ["api_request"],
       },
     );
     expect("oauth2ClientSecret" in record).toBe(false);
+    expect("oauth2TokenUrl" in record).toBe(false);
+    expect("oauth2ClientId" in record).toBe(false);
   });
 
   test("client secret is read from secure store, not metadata", () => {
@@ -517,13 +521,15 @@ describe("Invariant 6: oauth2ClientSecret not in metadata, only in secure store"
       "my-secret",
     );
     upsertCredentialMetadata("integration:gmail", "access_token", {
-      oauth2TokenUrl: "https://oauth2.googleapis.com/token",
-      oauth2ClientId: "test-client-id",
+      allowedTools: ["api_request"],
     });
 
     const meta = getCredentialMetadata("integration:gmail", "access_token");
     expect(meta).toBeDefined();
     expect("oauth2ClientSecret" in meta!).toBe(false);
+    // OAuth-specific fields are no longer in metadata (v5)
+    expect("oauth2TokenUrl" in meta!).toBe(false);
+    expect("oauth2ClientId" in meta!).toBe(false);
 
     // Secret is in secure store
     expect(
@@ -564,7 +570,7 @@ describe("Invariant 6: oauth2ClientSecret not in metadata, only in secure store"
       readFileSync(join(TEST_DIR, "metadata.json"), "utf-8"),
     );
     expect(raw.credentials[0]).not.toHaveProperty("oauth2ClientSecret");
-    expect(raw.version).toBe(4);
+    expect(raw.version).toBe(5);
   });
 });