@vellumai/assistant 0.4.49 → 0.4.51

package/src/__tests__/twilio-config.test.ts

@@ -14,6 +14,7 @@ mock.module("../util/logger.js", () => ({
 
 mock.module("../security/secure-keys.js", () => ({
   getSecureKey: (key: string) => mockSecureKeys[key] ?? null,
+  getSecureKeyAsync: async (key: string) => mockSecureKeys[key] ?? null,
 }));
 
 mock.module("../config/loader.js", () => ({
@@ -41,8 +42,8 @@ describe("twilio-config", () => {
     };
   });
 
-  test("returns config when credentials and phone number are set", () => {
-    const config = getTwilioConfig();
+  test("returns config when credentials and phone number are set", async () => {
+    const config = await getTwilioConfig();
     expect(config.accountSid).toBe("AC_test_sid");
     expect(config.authToken).toBe("test_auth_token");
     expect(config.phoneNumber).toBe("+15551234567");
@@ -50,16 +51,16 @@ describe("twilio-config", () => {
     expect(config.wssBaseUrl).toBe("wss://test.example.com/twilio/relay");
   });
 
-  test("throws ConfigError when account SID is missing", () => {
+  test("throws ConfigError when account SID is missing", async () => {
     mockLoadConfigResult = {
       twilio: { accountSid: "", phoneNumber: "+15551234567" },
     };
-    expect(() => getTwilioConfig()).toThrow(
+    expect(getTwilioConfig()).rejects.toThrow(
       /Twilio credentials not configured/,
     );
   });
 
-  test("throws ConfigError when auth token is missing", () => {
+  test("throws ConfigError when auth token is missing", async () => {
     mockSecureKeys = {};
     mockLoadConfigResult = {
       twilio: {
@@ -67,26 +68,26 @@ describe("twilio-config", () => {
         phoneNumber: "+15551234567",
       },
     };
-    expect(() => getTwilioConfig()).toThrow(
+    expect(getTwilioConfig()).rejects.toThrow(
       /Twilio credentials not configured/,
     );
   });
 
-  test("throws ConfigError when phone number is missing", () => {
+  test("throws ConfigError when phone number is missing", async () => {
     mockLoadConfigResult = {
       twilio: {
         accountSid: "AC_test_sid",
         phoneNumber: "",
       },
     };
-    expect(() => getTwilioConfig()).toThrow(
+    expect(getTwilioConfig()).rejects.toThrow(
       /Twilio phone number not configured/,
     );
   });
 
-  test("throws ConfigError when twilio config section is absent", () => {
+  test("throws ConfigError when twilio config section is absent", async () => {
     mockLoadConfigResult = {};
-    expect(() => getTwilioConfig()).toThrow(
+    expect(getTwilioConfig()).rejects.toThrow(
       /Twilio credentials not configured/,
     );
   });

package/src/__tests__/twilio-provider.test.ts

@@ -46,6 +46,11 @@ mock.module("../security/secure-keys.js", () => ({
     if (key === credentialKey("twilio", "account_sid")) return mockAccountSid;
     return undefined;
   },
+  getSecureKeyAsync: async (key: string) => {
+    if (key === credentialKey("twilio", "auth_token")) return mockAuthToken;
+    if (key === credentialKey("twilio", "account_sid")) return mockAccountSid;
+    return undefined;
+  },
 }));
 
 import { TwilioConversationRelayProvider } from "../calls/twilio-provider.js";
@@ -143,15 +148,15 @@ describe("TwilioConversationRelayProvider", () => {
   });
 
   describe("getAuthToken", () => {
-    test("returns the auth token when configured", () => {
+    test("returns the auth token when configured", async () => {
       mockAuthToken = "my-secret-token";
-      const token = TwilioConversationRelayProvider.getAuthToken();
+      const token = await TwilioConversationRelayProvider.getAuthToken();
       expect(token).toBe("my-secret-token");
     });
 
-    test("returns null when auth token is not configured", () => {
+    test("returns null when auth token is not configured", async () => {
       mockAuthToken = undefined;
-      const token = TwilioConversationRelayProvider.getAuthToken();
+      const token = await TwilioConversationRelayProvider.getAuthToken();
       expect(token).toBeNull();
     });
   });

package/src/__tests__/voice-invite-redemption.test.ts

@@ -23,7 +23,11 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-import { findContactChannel } from "../contacts/contact-store.js";
+import {
+  findContactChannel,
+  getContact,
+  upsertContact,
+} from "../contacts/contact-store.js";
 import { upsertContactChannel } from "../contacts/contacts-write.js";
 import { getSqlite, initializeDb, resetDb } from "../memory/db.js";
 import { createInvite, revokeInvite } from "../memory/invite-store.js";
@@ -47,6 +51,11 @@ function resetTables() {
   getSqlite().run("DELETE FROM contacts");
 }
 
+/** Create a throwaway contact and return its ID, for use as the invite's contactId. */
+function createTargetContact(displayName = "Target Contact"): string {
+  return upsertContact({ displayName, role: "contact" }).id;
+}
+
 // ---------------------------------------------------------------------------
 // generateVoiceCode
 // ---------------------------------------------------------------------------
@@ -140,14 +149,18 @@ describe("redeemVoiceInviteCode", () => {
       expiresInMs?: number;
       voiceCodeDigits?: number;
       assistantId?: string;
+      contactId?: string;
     } = {},
   ) {
     const digits = opts.voiceCodeDigits ?? 6;
     const code = generateVoiceCode(digits);
     const codeHash = hashVoiceCode(code);
 
+    const contactId = opts.contactId ?? createTargetContact();
+
     const { invite } = createInvite({
       sourceChannel: "phone",
+      contactId,
       maxUses: opts.maxUses ?? 1,
       expiresInMs: opts.expiresInMs,
       expectedExternalUserId: opts.callerPhone ?? "+15551234567",
@@ -277,11 +290,13 @@ describe("redeemVoiceInviteCode", () => {
     // Create a non-voice invite with voice code metadata to simulate a
     // hypothetical misconfiguration. The redemption service filters by
     // sourceChannel='phone', so non-phone invites are invisible.
+    const targetContactId = createTargetContact();
     const code = generateVoiceCode(6);
     const codeHash = hashVoiceCode(code);
 
     createInvite({
       sourceChannel: "telegram",
+      contactId: targetContactId,
       maxUses: 1,
       expectedExternalUserId: "+15551234567",
       voiceCodeHash: codeHash,
@@ -301,16 +316,21 @@ describe("redeemVoiceInviteCode", () => {
 
   test("already-member caller gets already_member outcome", () => {
     const phone = "+15551234567";
-    const { code } = createVoiceInvite({ callerPhone: phone });
 
     // Pre-create an active member for this phone on voice channel
-    upsertContactChannel({
+    const member = upsertContactChannel({
       sourceChannel: "phone",
       externalUserId: phone,
       status: "active",
       policy: "allow",
     });
 
+    // Create a voice invite targeting the same contact that owns the channel
+    const { code } = createVoiceInvite({
+      callerPhone: phone,
+      contactId: member!.contact.id,
+    });
+
     const result = redeemVoiceInviteCode({
       callerExternalUserId: phone,
       sourceChannel: "phone",
@@ -327,15 +347,21 @@ describe("redeemVoiceInviteCode", () => {
 
   test("blocked member gets generic failure to avoid leaking membership status", () => {
     const phone = "+15551234567";
-    const { code } = createVoiceInvite({ callerPhone: phone });
 
-    upsertContactChannel({
+    // Pre-create a blocked member and find their contact
+    const member = upsertContactChannel({
       sourceChannel: "phone",
       externalUserId: phone,
       status: "blocked",
       policy: "deny",
     });
 
+    // Create a voice invite targeting the same contact that owns the channel
+    const { code } = createVoiceInvite({
+      callerPhone: phone,
+      contactId: member!.contact.id,
+    });
+
     const result = redeemVoiceInviteCode({
       callerExternalUserId: phone,
       sourceChannel: "phone",
@@ -354,4 +380,58 @@ describe("redeemVoiceInviteCode", () => {
 
     expect(result).toEqual({ ok: false, reason: "invalid_or_expired" });
   });
+
+  test("binds redeemer to the invite's target contact, not the guardian, on voice redemption", () => {
+    const phone = "+15559998888";
+
+    // Pre-create a guardian contact with a revoked phone channel
+    const guardianContact = upsertContact({
+      displayName: "Guardian",
+      role: "guardian",
+      channels: [
+        {
+          type: "phone",
+          address: phone,
+          externalUserId: phone,
+          status: "revoked",
+        },
+      ],
+    });
+
+    // Create a separate target contact "Mom"
+    const momContact = upsertContact({
+      displayName: "Mom",
+      role: "contact",
+    });
+
+    // Create a voice invite targeting Mom's contact
+    const { code } = createVoiceInvite({
+      callerPhone: phone,
+      contactId: momContact.id,
+    });
+
+    const result = redeemVoiceInviteCode({
+      callerExternalUserId: phone,
+      sourceChannel: "phone",
+      code,
+    });
+
+    // Should succeed — redeemer's channel is bound to Mom
+    expect(result.ok).toBe(true);
+    expect((result as { type: string }).type).toBe("redeemed");
+
+    // Verify the redeemer's phone is now bound to Mom's contact
+    const contactResult = findContactChannel({
+      channelType: "phone",
+      externalUserId: phone,
+    });
+    expect(contactResult).not.toBeNull();
+    expect(contactResult!.contact.id).toBe(momContact.id);
+    expect(contactResult!.channel.status).toBe("active");
+
+    // Verify the original guardian contact was NOT modified
+    const guardian = getContact(guardianContact.id);
+    expect(guardian).not.toBeNull();
+    expect(guardian!.role).toBe("guardian");
+  });
 });

package/src/agent/ax-tree-compaction.test.ts

@@ -182,6 +182,57 @@ describe("compactAxTreeHistory", () => {
     expect(result).toEqual([]);
   });
 
+  test("counts AX trees per block, not per message", () => {
+    // One message has two AX tree blocks — they should count as 2 trees
+    const messages: Message[] = [
+      {
+        role: "user",
+        content: [
+          {
+            type: "tool_result",
+            tool_use_id: "t1a",
+            content: "<ax-tree>\ntree-1a\n</ax-tree>",
+            is_error: false,
+          },
+          {
+            type: "tool_result",
+            tool_use_id: "t1b",
+            content: "<ax-tree>\ntree-1b\n</ax-tree>",
+            is_error: false,
+          },
+        ],
+      },
+      assistantText("ok"),
+      axTreeToolResult("t2", "tree-2"),
+    ];
+
+    const result = compactAxTreeHistory(messages);
+
+    // 3 total AX tree blocks, keep last 2 → strip only first block (t1a)
+    const msg0 = result[0];
+    const block0 = msg0.content[0];
+    expect(block0.type).toBe("tool_result");
+    if (block0.type === "tool_result") {
+      expect(block0.content).toContain("<ax_tree_omitted />");
+      expect(block0.content).not.toContain("<ax-tree>");
+    }
+
+    // Second block in same message (t1b) should be kept
+    const block1 = msg0.content[1];
+    expect(block1.type).toBe("tool_result");
+    if (block1.type === "tool_result") {
+      expect(block1.content).toContain("<ax-tree>");
+      expect(block1.content).not.toContain("<ax_tree_omitted />");
+    }
+
+    // Last message (t2) should also be kept
+    const lastBlock = result[2].content[0];
+    expect(lastBlock.type).toBe("tool_result");
+    if (lastBlock.type === "tool_result") {
+      expect(lastBlock.content).toContain("<ax-tree>");
+    }
+  });
+
   test("is pure — does not mutate input messages", () => {
     const messages: Message[] = [
       axTreeToolResult("t1", "tree-1"),

package/src/agent/loop.ts

@@ -35,6 +35,7 @@ export interface CheckpointInfo {
   turnIndex: number;
   toolCount: number;
   hasToolUse: boolean;
+  history: Message[]; // current history snapshot for token estimation
 }
 
 export type CheckpointDecision = "continue" | "yield";
@@ -71,7 +72,13 @@ export type AgentEvent =
       toolUseId: string;
       accumulatedJson: string;
     }
-  | { type: "server_tool_start"; name: string; toolUseId: string }
+  | {
+      type: "server_tool_start";
+      name: string;
+      toolUseId: string;
+      input: Record<string, unknown>;
+    }
+  | { type: "server_tool_complete"; toolUseId: string }
   | { type: "error"; error: Error }
   | {
       type: "usage";
@@ -305,6 +312,12 @@ export class AgentLoop {
                   type: "server_tool_start",
                   name: event.name,
                   toolUseId: event.toolUseId,
+                  input: event.input,
+                });
+              } else if (event.type === "server_tool_complete") {
+                onEvent({
+                  type: "server_tool_complete",
+                  toolUseId: event.toolUseId,
                 });
               }
             },
@@ -561,6 +574,7 @@ export class AgentLoop {
             turnIndex: toolUseTurns - 1, // 0-based (toolUseTurns was already incremented)
             toolCount: toolUseBlocks.length,
             hasToolUse: true,
+            history,
           });
           if (decision === "yield") {
             break;
@@ -622,40 +636,53 @@ export function escapeAxTreeContent(content: string): string {
  * `MAX_AX_TREES_IN_HISTORY` `<ax-tree>` blocks have been replaced with a
  * short placeholder.  This keeps the conversation context small so that
  * TTFT does not grow linearly with step count in computer-use sessions.
+ *
+ * Counting is per-block, not per-message — a single user message can
+ * contain multiple tool_result blocks each with their own AX tree snapshot.
  */
 export function compactAxTreeHistory(messages: Message[]): Message[] {
-  // Collect indices of user messages that contain an <ax-tree> block
-  const indicesWithAxTree: number[] = [];
+  // Collect (messageIndex, blockIndex) for every tool_result block with <ax-tree>
+  const axBlocks: Array<{ msgIdx: number; blockIdx: number }> = [];
   for (let i = 0; i < messages.length; i++) {
     const msg = messages[i];
     if (msg.role !== "user") continue;
-    for (const block of msg.content) {
+    for (let j = 0; j < msg.content.length; j++) {
+      const block = msg.content[j];
       if (
         block.type === "tool_result" &&
         typeof block.content === "string" &&
         block.content.includes("<ax-tree>")
       ) {
-        indicesWithAxTree.push(i);
-        break;
+        axBlocks.push({ msgIdx: i, blockIdx: j });
       }
     }
   }
 
-  if (indicesWithAxTree.length <= MAX_AX_TREES_IN_HISTORY) {
+  if (axBlocks.length <= MAX_AX_TREES_IN_HISTORY) {
     return messages;
   }
 
-  const toStrip = new Set(indicesWithAxTree.slice(0, -MAX_AX_TREES_IN_HISTORY));
+  // Build a set of "msgIdx:blockIdx" keys for blocks that should be stripped
+  const toStrip = new Set(
+    axBlocks
+      .slice(0, -MAX_AX_TREES_IN_HISTORY)
+      .map((b) => `${b.msgIdx}:${b.blockIdx}`),
+  );
 
   return messages.map((msg, idx) => {
-    if (!toStrip.has(idx)) return msg;
+    // Quick check: does this message have any blocks to strip?
+    const hasStripTarget = msg.content.some((_, j) =>
+      toStrip.has(`${idx}:${j}`),
+    );
+    if (!hasStripTarget) return msg;
+
     return {
       ...msg,
-      content: msg.content.map((block) => {
+      content: msg.content.map((block, j) => {
         if (
+          toStrip.has(`${idx}:${j}`) &&
           block.type === "tool_result" &&
-          typeof block.content === "string" &&
-          block.content.includes("<ax-tree>")
+          typeof block.content === "string"
         ) {
           return {
             ...block,

package/src/approvals/AGENTS.md

@@ -16,7 +16,7 @@ Conversational guardian verification control-plane invocation is guardian-only.
 
 ## Memory Provenance Invariant
 
-All memory extraction and retrieval decisions must consider actor-role provenance. Untrusted actors (non-guardian, unverified_channel) must not trigger profile extraction or receive memory recall/conflict disclosures. This invariant is enforced in `indexer.ts` (write gate) and `session-memory.ts` (read gate).
+All memory retrieval decisions must consider actor-role provenance. Untrusted actors (non-guardian, unverified_channel) must not receive memory recall results. This invariant is enforced in `indexer.ts` (write gate) and `session-memory.ts` (read gate).
 
 ## Guardian Privilege Isolation Invariant
 

package/src/approvals/guardian-request-resolvers.ts

@@ -424,11 +424,17 @@ const accessRequestResolver: GuardianRequestResolver = {
           dedupeKey: `trusted-contact:denied:${request.id}`,
         });
       } else if (desktopDeliverUrl && requesterChatId) {
+        // For Slack, route to DM via requesterExternalUserId (user ID) instead
+        // of requesterChatId (channel ID) to avoid posting in public channels.
+        const targetChatId =
+          channel === "slack" && requesterExternalUserId
+            ? requesterExternalUserId
+            : requesterChatId;
         try {
           await deliverChannelReply(
             desktopDeliverUrl,
             {
-              chatId: requesterChatId,
+              chatId: targetChatId,
               text: "Your access request has been denied by the guardian.",
               assistantId,
             },
@@ -601,11 +607,17 @@ const accessRequestResolver: GuardianRequestResolver = {
         });
       }
     } else if (desktopDeliverUrl && requesterChatId) {
+      // For Slack, route to DM via requesterExternalUserId (user ID) instead
+      // of requesterChatId (channel ID) to avoid posting in public channels.
+      const targetChatId =
+        channel === "slack" && requesterExternalUserId
+          ? requesterExternalUserId
+          : requesterChatId;
       try {
         await deliverChannelReply(
           desktopDeliverUrl,
           {
-            chatId: requesterChatId,
+            chatId: targetChatId,
             text:
               "Your access request has been approved! " +
               "Please enter the 6-digit verification code you receive from the guardian.",

package/src/bundler/compiler-tools.ts

@@ -6,6 +6,7 @@
  * same pattern as EmbeddingRuntimeManager.
  */
 
+import { createHash } from "node:crypto";
 import {
   chmodSync,
   existsSync,
@@ -54,11 +55,69 @@ function npmTarballUrl(pkg: string, version: string): string {
   return `https://registry.npmjs.org/${encoded}/-/${basename}-${version}.tgz`;
 }
 
+async function fetchNpmIntegrity(
+  pkg: string,
+  version: string,
+): Promise<string> {
+  const encoded = pkg.replace("/", "%2f");
+  const metadataUrl = `https://registry.npmjs.org/${encoded}/${version}`;
+  const response = await fetch(metadataUrl);
+  if (!response.ok) {
+    throw new Error(
+      `Failed to fetch npm metadata for ${pkg}@${version}: ${response.status} ${response.statusText}`,
+    );
+  }
+
+  const data = (await response.json()) as {
+    dist?: { integrity?: string; shasum?: string };
+  };
+
+  if (
+    typeof data.dist?.integrity === "string" &&
+    data.dist.integrity.length > 0
+  ) {
+    return data.dist.integrity;
+  }
+
+  if (typeof data.dist?.shasum === "string" && data.dist.shasum.length > 0) {
+    return `sha1-${Buffer.from(data.dist.shasum, "hex").toString("base64")}`;
+  }
+
+  throw new Error(`Missing npm integrity metadata for ${pkg}@${version}`);
+}
+
+function verifyIntegrity(
+  tarball: Uint8Array,
+  integrity: string,
+  pkg: string,
+  version: string,
+): void {
+  const [algorithm, expectedDigest] = integrity.split("-", 2);
+  if (!algorithm || !expectedDigest) {
+    throw new Error(`Invalid integrity metadata for ${pkg}@${version}`);
+  }
+
+  if (algorithm !== "sha512" && algorithm !== "sha1") {
+    throw new Error(
+      `Unsupported integrity algorithm ${algorithm} for ${pkg}@${version}`,
+    );
+  }
+
+  const actualDigest = createHash(algorithm).update(tarball).digest("base64");
+  if (actualDigest !== expectedDigest) {
+    throw new Error(`Integrity verification failed for ${pkg}@${version}`);
+  }
+}
+
 async function downloadAndExtract(
+  pkg: string,
+  version: string,
   url: string,
   targetDir: string,
 ): Promise<void> {
-  log.info({ url, targetDir }, "Downloading npm package");
+  log.info({ pkg, version, url, targetDir }, "Downloading npm package");
+
+  const integrity = await fetchNpmIntegrity(pkg, version);
 
   const response = await fetch(url);
   if (!response.ok) {
@@ -67,7 +126,8 @@ async function downloadAndExtract(
     );
   }
 
-  const tarball = await response.arrayBuffer();
+  const tarball = new Uint8Array(await response.arrayBuffer());
+  verifyIntegrity(tarball, integrity, pkg, version);
   mkdirSync(targetDir, { recursive: true });
 
   const tmpTar = join(targetDir, `download-${Date.now()}.tgz`);
@@ -191,10 +251,14 @@ async function install(baseDir: string): Promise<void> {
     // Download esbuild binary + preact in parallel
     await Promise.all([
       downloadAndExtract(
+        `@esbuild/${esbuildPlatform}`,
+        ESBUILD_VERSION,
         npmTarballUrl(`@esbuild/${esbuildPlatform}`, ESBUILD_VERSION),
         join(tmpDir, "esbuild-pkg"),
       ),
       downloadAndExtract(
+        "preact",
+        PREACT_VERSION,
         npmTarballUrl("preact", PREACT_VERSION),
         join(tmpDir, "node_modules", "preact"),
       ),