@vellumai/assistant 0.4.49 → 0.4.50

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.4.49",
+  "version": "0.4.50",
   "type": "module",
   "exports": {
     ".": "./src/index.ts"
@@ -22,7 +22,7 @@
     "test:stable": "EXCLUDE_EXPERIMENTAL=true bash scripts/test.sh",
     "test:bench": "find src/__tests__ -maxdepth 1 -type f -name '*.benchmark.test.ts' -print0 | xargs -0 -P 1 -I {} bun test {}",
     "test:filesystem-tools": "bash scripts/test-filesystem-tools.sh",
-    "postinstall": "cd .. && git config core.hooksPath || git config core.hooksPath .githooks 2>/dev/null || true"
+    "postinstall": "cd .. && (git config core.hooksPath || git config core.hooksPath .githooks 2>/dev/null || true) && (bun run meta/feature-flags/sync-bundled-copies.ts 2>/dev/null || true)"
   },
   "dependencies": {
     "@anthropic-ai/claude-agent-sdk": "^0.2.42",

package/src/__tests__/agent-loop.test.ts

@@ -869,11 +869,13 @@ describe("AgentLoop", () => {
     await loop.run([userMessage], () => {}, undefined, undefined, onCheckpoint);
 
     expect(checkpoints).toHaveLength(1);
-    expect(checkpoints[0]).toEqual({
+    expect(checkpoints[0]).toMatchObject({
       turnIndex: 0,
       toolCount: 1,
       hasToolUse: true,
     });
+    // history should contain the full conversation at checkpoint time
+    expect(checkpoints[0].history.length).toBeGreaterThanOrEqual(3);
   });
 
   // 17. Returning 'continue' lets the loop proceed normally

package/src/__tests__/anthropic-provider.test.ts

@@ -392,8 +392,8 @@ describe("AnthropicProvider — Cache-Control Characterization", () => {
     expect(user.content[1].cache_control).toEqual({ type: "ephemeral" });
   });
 
-  test("workspace + dynamic profile: cache still lands on trailing block", async () => {
-    // Simulates workspace prepended + dynamic profile appended
+  test("workspace + multi-block user message: cache still lands on trailing block", async () => {
+    // Simulates workspace prepended + extra context block appended
     const injectedUser: Message = {
       role: "user",
       content: [
@@ -670,7 +670,9 @@ describe("AnthropicProvider — Cache-Control Characterization", () => {
   // ensureToolPairing — server_tool_use / web_search_tool_result pairing
   // -----------------------------------------------------------------------
 
-  test("server_tool_use with missing web_search_tool_result gets synthetic result injected", async () => {
+  test("server_tool_use without web_search_tool_result passes through as-is (no synthetic injection)", async () => {
+    // Server-side tools are self-paired within the assistant message.
+    // ensureToolPairing should NOT inject synthetic results for them.
     const messages: Message[] = [
       userMsg("Search for something"),
       {
@@ -684,7 +686,7 @@ describe("AnthropicProvider — Cache-Control Characterization", () => {
           },
         ],
       },
-      userMsg("Thanks"), // user text but no web_search_tool_result
+      userMsg("Thanks"),
     ];
     await provider.sendMessage(messages);
 
@@ -697,14 +699,17 @@ describe("AnthropicProvider — Cache-Control Characterization", () => {
       }>;
     }>;
 
-    // The user message after assistant should contain a synthetic web_search_tool_result
-    const userAfterAssistant = sent[2];
-    expect(userAfterAssistant.role).toBe("user");
-    expect(userAfterAssistant.content[0].type).toBe("web_search_tool_result");
-    expect(userAfterAssistant.content[0].tool_use_id).toBe("srvtoolu_abc123");
+    // server_tool_use stays in the assistant message, no synthetic result injected
+    expect(sent).toHaveLength(3);
+    expect(sent[1].role).toBe("assistant");
+    expect(sent[1].content[0].type).toBe("server_tool_use");
+    expect(sent[2].role).toBe("user");
+    expect(sent[2].content[0].type).toBe("text"); // original user text, not a synthetic result
   });
 
-  test("server_tool_use at end of messages gets synthetic web_search_tool_result appended", async () => {
+  test("server_tool_use at end of messages is not modified (no synthetic append)", async () => {
+    // Server-side tools don't need cross-message pairing, so no synthetic
+    // user message should be appended.
     const messages: Message[] = [
       userMsg("Search something"),
       {
@@ -726,11 +731,10 @@ describe("AnthropicProvider — Cache-Control Characterization", () => {
       content: Array<{ type: string; tool_use_id?: string }>;
     }>;
 
-    // A synthetic user message should have been appended
-    expect(sent).toHaveLength(3);
-    expect(sent[2].role).toBe("user");
-    expect(sent[2].content[0].type).toBe("web_search_tool_result");
-    expect(sent[2].content[0].tool_use_id).toBe("srvtoolu_end");
+    // No synthetic user message appended — just the original 2 messages
+    expect(sent).toHaveLength(2);
+    expect(sent[1].role).toBe("assistant");
+    expect(sent[1].content[0].type).toBe("server_tool_use");
   });
 
   test("server_tool_use with matching web_search_tool_result passes through unchanged", async () => {
@@ -781,7 +785,85 @@ describe("AnthropicProvider — Cache-Control Characterization", () => {
     expect(resultBlocks[0].tool_use_id).toBe("srvtoolu_ok");
   });
 
-  test("mixed tool_use and server_tool_use with partial results gets missing ones filled", async () => {
+  test("server_tool_use + web_search_tool_result + tool_use in same assistant message stays intact", async () => {
+    // This is the core bug scenario: Anthropic returns server_tool_use,
+    // web_search_tool_result, text, and tool_use all in one assistant message.
+    // The server pair must stay together in the assistant message.
+    const messages: Message[] = [
+      userMsg("Search and fetch"),
+      {
+        role: "assistant",
+        content: [
+          {
+            type: "server_tool_use",
+            id: "srvtoolu_search",
+            name: "web_search",
+            input: { query: "test" },
+          },
+          {
+            type: "web_search_tool_result",
+            tool_use_id: "srvtoolu_search",
+            content: [
+              {
+                type: "web_search_result",
+                url: "https://example.com",
+                title: "Example",
+                encrypted_content: "enc_123",
+              },
+            ],
+          },
+          { type: "text", text: "Based on the search results..." },
+          {
+            type: "tool_use",
+            id: "tu_fetch",
+            name: "fetch_url",
+            input: { url: "https://example.com" },
+          },
+        ],
+      },
+      toolResultMsg("tu_fetch", "page content here"),
+    ];
+    await provider.sendMessage(messages);
+
+    const sent = lastStreamParams!.messages as Array<{
+      role: string;
+      content: Array<{
+        type: string;
+        id?: string;
+        tool_use_id?: string;
+      }>;
+    }>;
+
+    // The server_tool_use pair (server_tool_use + web_search_tool_result) should
+    // be in the leading portion of the assistant message, before tool_use.
+    // splitAssistantForToolPairing: leading=[server_tool_use, web_search_tool_result, text],
+    // toolUseBlocks=[tool_use], carryover=[]
+    const assistantMsg = sent[1];
+    expect(assistantMsg.role).toBe("assistant");
+    const blockTypes = assistantMsg.content.map((b) => b.type);
+    expect(blockTypes).toContain("server_tool_use");
+    expect(blockTypes).toContain("web_search_tool_result");
+    expect(blockTypes).toContain("tool_use");
+
+    // The tool_result for the client-side tool_use should be in the user message
+    const userMsg2 = sent[2];
+    expect(userMsg2.role).toBe("user");
+    expect(
+      userMsg2.content.some(
+        (b) => b.type === "tool_result" && b.tool_use_id === "tu_fetch",
+      ),
+    ).toBe(true);
+
+    // No synthetic web_search_tool_result injected anywhere
+    const allBlocks = sent.flatMap((m) => m.content);
+    const webSearchResults = allBlocks.filter(
+      (b) => b.type === "web_search_tool_result",
+    );
+    expect(webSearchResults).toHaveLength(1); // only the original one
+    expect(webSearchResults[0].tool_use_id).toBe("srvtoolu_search");
+  });
+
+  test("mixed tool_use and server_tool_use — only client-side tool_use gets pairing, server tools pass through", async () => {
     const messages: Message[] = [
       userMsg("Do things"),
       {
@@ -796,7 +878,7 @@ describe("AnthropicProvider — Cache-Control Characterization", () => {
           },
         ],
       },
-      // Only tu_a has a result
+      // Only tu_a has a result — server_tool_use doesn't need one in the user message
       toolResultMsg("tu_a", "result A"),
     ];
     await provider.sendMessage(messages);
@@ -806,20 +888,29 @@ describe("AnthropicProvider — Cache-Control Characterization", () => {
       content: Array<{
         type: string;
         tool_use_id?: string;
+        id?: string;
       }>;
     }>;
 
+    // Assistant message should have tool_use in paired portion, server_tool_use in carryover
+    // ensureToolPairing splits: paired = [tool_use(tu_a)], carryover = [server_tool_use(srvtoolu_b)]
+    // Result: assistant(tool_use) → user(tool_result) → assistant(server_tool_use) → user(continue)
+    const assistantMsg = sent[1];
+    expect(assistantMsg.role).toBe("assistant");
+    expect(assistantMsg.content[0].type).toBe("tool_use");
+
     const userAfterAssistant = sent[2];
-    // Should have tool_result for tu_a and synthetic web_search_tool_result for srvtoolu_b
-    expect(userAfterAssistant.content).toHaveLength(2);
+    expect(userAfterAssistant.role).toBe("user");
+    // Only tool_result for tu_a — no synthetic web_search_tool_result
     expect(userAfterAssistant.content[0]).toMatchObject({
       type: "tool_result",
       tool_use_id: "tu_a",
     });
-    expect(userAfterAssistant.content[1]).toMatchObject({
-      type: "web_search_tool_result",
-      tool_use_id: "srvtoolu_b",
-    });
+
+    // server_tool_use preserved in a carryover assistant message
+    const carryoverAssistant = sent[3];
+    expect(carryoverAssistant.role).toBe("assistant");
+    expect(carryoverAssistant.content[0].type).toBe("server_tool_use");
   });
 
   test("assistant message with only unknown blocks gets placeholder text", async () => {

package/src/__tests__/approval-cascade.test.ts

@@ -81,7 +81,6 @@ mock.module("../config/loader.js", () => ({
     timeouts: { permissionTimeoutSec: 300 },
     apiKeys: {},
     skills: { entries: {}, allowBundled: true },
-    memory: { retrieval: { injectionStrategy: "inline" } },
     permissions: { mode: "workspace" },
   }),
   loadRawConfig: () => ({}),
@@ -130,18 +129,6 @@ mock.module("../security/secret-allowlist.js", () => ({
   resetAllowlist: () => {},
 }));
 
-mock.module("../memory/admin.js", () => ({
-  getMemoryConflictAndCleanupStats: () => ({
-    conflicts: { pending: 0, resolved: 0, oldestPendingAgeMs: null },
-    cleanup: {
-      resolvedBacklog: 0,
-      supersededBacklog: 0,
-      resolvedCompleted24h: 0,
-      supersededCompleted24h: 0,
-    },
-  }),
-}));
-
 mock.module("../memory/conversation-crud.js", () => ({
   getConversationThreadType: () => "default",
   setConversationOriginChannelIfUnset: () => {},
@@ -182,13 +169,12 @@ mock.module("../memory/retriever.js", () => ({
     enabled: false,
     degraded: false,
     injectedText: "",
-    lexicalHits: 0,
+
     semanticHits: 0,
     recencyHits: 0,
     injectedTokens: 0,
     latencyMs: 0,
   }),
-  injectMemoryRecallIntoUserMessage: (msg: Message) => msg,
   stripMemoryRecallMessages: (msgs: Message[]) => msgs,
 }));
 

package/src/__tests__/approval-routes-http.test.ts

@@ -119,6 +119,7 @@ function makeIdleSession(opts?: {
     setHostBashProxy: () => {},
     setHostFileProxy: () => {},
     setHostCuProxy: () => {},
+    addPreactivatedSkillId: () => {},
     enqueueMessage: () => ({ queued: false, requestId: "noop" }),
     hasAnyPendingConfirmation: () => false,
     runAgentLoop: async (
@@ -183,6 +184,7 @@ function makeConfirmationEmittingSession(opts?: {
     setHostBashProxy: () => {},
     setHostFileProxy: () => {},
     setHostCuProxy: () => {},
+    addPreactivatedSkillId: () => {},
     enqueueMessage: () => ({ queued: false, requestId: "noop" }),
     hasAnyPendingConfirmation: () => false,
     runAgentLoop: async (

package/src/__tests__/assistant-feature-flag-guard.test.ts

@@ -170,29 +170,6 @@ describe("assistant feature flag guard", () => {
   // Test: registry entries have required fields
   // ---------------------------------------------------------------------------
 
-  // ---------------------------------------------------------------------------
-  // Test: bundled registry copy stays in sync with canonical meta/ copy
-  // ---------------------------------------------------------------------------
-
-  test("bundled assistant/src/config/feature-flag-registry.json matches canonical meta/ copy", () => {
-    const canonicalPath = getRegistryPath();
-    const bundledPath = join(
-      process.cwd(),
-      "src",
-      "config",
-      "feature-flag-registry.json",
-    );
-
-    const canonical = JSON.parse(readFileSync(canonicalPath, "utf-8"));
-    const bundled = JSON.parse(readFileSync(bundledPath, "utf-8"));
-
-    expect(bundled).toEqual(canonical);
-  });
-
-  // ---------------------------------------------------------------------------
-  // Test: registry entries have required fields
-  // ---------------------------------------------------------------------------
-
   test("all assistant-scope entries in the unified registry have required fields", () => {
     const registry = loadRegistry();
     const assistantFlags = registry.flags.filter(

package/src/__tests__/canonical-guardian-store.test.ts

@@ -26,11 +26,13 @@ mock.module("../util/logger.js", () => ({
 import {
   createCanonicalGuardianDelivery,
   createCanonicalGuardianRequest,
+  expireAllPendingCanonicalRequests,
   getCanonicalGuardianRequest,
   listCanonicalGuardianDeliveries,
   listCanonicalGuardianRequests,
   listPendingCanonicalGuardianRequestsByDestinationChat,
   listPendingCanonicalGuardianRequestsByDestinationConversation,
+  listPendingRequestsByConversationScope,
   resolveCanonicalGuardianRequest,
   updateCanonicalGuardianDelivery,
   updateCanonicalGuardianRequest,
@@ -717,4 +719,97 @@ describe("canonical-guardian-store", () => {
     );
     expect(pending).toHaveLength(0);
   });
+
+  // ── listPendingRequestsByConversationScope expiry filtering ─────────
+
+  test("listPendingRequestsByConversationScope excludes expired requests", () => {
+    // Create a pending request that has already expired
+    createCanonicalGuardianRequest({
+      kind: "tool_approval",
+      sourceType: "desktop",
+      conversationId: "conv-scope-1",
+      guardianPrincipalId: TEST_PRINCIPAL,
+      expiresAt: new Date(Date.now() - 10_000).toISOString(),
+    });
+
+    // Create a pending request that has not expired
+    const unexpired = createCanonicalGuardianRequest({
+      kind: "tool_approval",
+      sourceType: "desktop",
+      conversationId: "conv-scope-1",
+      guardianPrincipalId: TEST_PRINCIPAL,
+      expiresAt: new Date(Date.now() + 60_000).toISOString(),
+    });
+
+    const results = listPendingRequestsByConversationScope("conv-scope-1");
+    expect(results).toHaveLength(1);
+    expect(results[0].id).toBe(unexpired.id);
+  });
+
+  test("listPendingRequestsByConversationScope includes requests with no expiresAt", () => {
+    const noExpiry = createCanonicalGuardianRequest({
+      kind: "tool_approval",
+      sourceType: "desktop",
+      conversationId: "conv-scope-2",
+      guardianPrincipalId: TEST_PRINCIPAL,
+    });
+
+    const results = listPendingRequestsByConversationScope("conv-scope-2");
+    expect(results).toHaveLength(1);
+    expect(results[0].id).toBe(noExpiry.id);
+  });
+
+  // ── expireAllPendingCanonicalRequests ───────────────────────────────
+
+  test("expireAllPendingCanonicalRequests transitions all pending to expired", () => {
+    const req1 = createCanonicalGuardianRequest({
+      kind: "tool_approval",
+      sourceType: "desktop",
+      conversationId: "conv-bulk-1",
+      guardianPrincipalId: TEST_PRINCIPAL,
+      expiresAt: new Date(Date.now() + 60_000).toISOString(),
+    });
+    const req2 = createCanonicalGuardianRequest({
+      kind: "tool_approval",
+      sourceType: "channel",
+      conversationId: "conv-bulk-2",
+      guardianPrincipalId: TEST_PRINCIPAL,
+      expiresAt: new Date(Date.now() + 60_000).toISOString(),
+    });
+
+    const count = expireAllPendingCanonicalRequests();
+    expect(count).toBe(2);
+
+    expect(getCanonicalGuardianRequest(req1.id)!.status).toBe("expired");
+    expect(getCanonicalGuardianRequest(req2.id)!.status).toBe("expired");
+  });
+
+  test("expireAllPendingCanonicalRequests does not affect already-resolved requests", () => {
+    const approved = createCanonicalGuardianRequest({
+      kind: "tool_approval",
+      sourceType: "desktop",
+      conversationId: "conv-bulk-3",
+      guardianPrincipalId: TEST_PRINCIPAL,
+    });
+    updateCanonicalGuardianRequest(approved.id, { status: "approved" });
+
+    const denied = createCanonicalGuardianRequest({
+      kind: "tool_approval",
+      sourceType: "desktop",
+      conversationId: "conv-bulk-3",
+      guardianPrincipalId: TEST_PRINCIPAL,
+    });
+    updateCanonicalGuardianRequest(denied.id, { status: "denied" });
+
+    const count = expireAllPendingCanonicalRequests();
+    expect(count).toBe(0);
+
+    expect(getCanonicalGuardianRequest(approved.id)!.status).toBe("approved");
+    expect(getCanonicalGuardianRequest(denied.id)!.status).toBe("denied");
+  });
+
+  test("expireAllPendingCanonicalRequests returns 0 when no pending requests exist", () => {
+    const count = expireAllPendingCanonicalRequests();
+    expect(count).toBe(0);
+  });
 });

package/src/__tests__/checker.test.ts

@@ -895,6 +895,19 @@ describe("Permission Checker", () => {
       );
     });
 
+    test("computer_use_observe prompts by default via computer-use ask rule", async () => {
+      const result = await check(
+        "computer_use_observe",
+        { reason: "Check current screen state before acting" },
+        "/tmp",
+      );
+      expect(result.decision).toBe("prompt");
+      expect(result.reason).toContain("ask rule");
+      expect(result.matchedRule?.id).toBe(
+        "default:ask-computer_use_observe-global",
+      );
+    });
+
     test("higher-priority allow rule can override default computer-use ask rule", async () => {
       addRule(
         "computer_use_click",

package/src/__tests__/config-schema.test.ts

@@ -161,60 +161,7 @@ describe("AssistantConfigSchema", () => {
     expect(result.secretDetection.action).toBe("block");
   });
 
-  test("applies memory.conflicts defaults", () => {
-    const result = AssistantConfigSchema.parse({});
-    expect(result.memory.conflicts).toEqual({
-      enabled: true,
-      gateMode: "soft",
-      resolverLlmTimeoutMs: 12000,
-      relevanceThreshold: 0.3,
-      conflictableKinds: [
-        "preference",
-        "profile",
-        "constraint",
-        "instruction",
-        "style",
-      ],
-    });
-  });
-
-  test("rejects invalid memory.conflicts.relevanceThreshold", () => {
-    const result = AssistantConfigSchema.safeParse({
-      memory: { conflicts: { relevanceThreshold: 2 } },
-    });
-    expect(result.success).toBe(false);
-  });
-
-  test("rejects invalid memory.conflicts.conflictableKinds entry", () => {
-    const result = AssistantConfigSchema.safeParse({
-      memory: { conflicts: { conflictableKinds: ["invalid_kind"] } },
-    });
-    expect(result.success).toBe(false);
-  });
-
-  test("rejects empty memory.conflicts.conflictableKinds", () => {
-    const result = AssistantConfigSchema.safeParse({
-      memory: { conflicts: { conflictableKinds: [] } },
-    });
-    expect(result.success).toBe(false);
-  });
-
-  test("applies memory.profile defaults", () => {
-    const result = AssistantConfigSchema.parse({});
-    expect(result.memory.profile).toEqual({
-      enabled: true,
-      maxInjectTokens: 800,
-    });
-  });
-
-  test("rejects invalid memory.profile.maxInjectTokens", () => {
-    const result = AssistantConfigSchema.safeParse({
-      memory: { profile: { maxInjectTokens: 0 } },
-    });
-    expect(result.success).toBe(false);
-  });
-
-  test("applies rollout defaults for dynamic budget and entity relation features", () => {
+  test("applies rollout defaults for dynamic budget", () => {
     const result = AssistantConfigSchema.parse({});
     expect(result.memory.retrieval.dynamicBudget).toEqual({
       enabled: true,
@@ -222,19 +169,6 @@ describe("AssistantConfigSchema", () => {
       maxInjectTokens: 10000,
       targetHeadroomTokens: 10000,
     });
-    expect(result.memory.entity.extractRelations).toEqual({
-      enabled: true,
-      backfillBatchSize: 200,
-    });
-    expect(result.memory.entity.relationRetrieval).toEqual({
-      enabled: true,
-      maxSeedEntities: 8,
-      maxNeighborEntities: 20,
-      maxEdges: 40,
-      neighborScoreMultiplier: 0.7,
-      maxDepth: 3,
-      depthDecay: true,
-    });
   });
 
   test("applies memory.cleanup defaults", () => {
@@ -242,7 +176,6 @@ describe("AssistantConfigSchema", () => {
     expect(result.memory.cleanup).toEqual({
       enabled: true,
       enqueueIntervalMs: 6 * 60 * 60 * 1000,
-      resolvedConflictRetentionMs: 30 * 24 * 60 * 60 * 1000,
       supersededItemRetentionMs: 30 * 24 * 60 * 60 * 1000,
       conversationRetentionDays: 90,
     });