@vellumai/assistant 0.4.51 → 0.4.53

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (220) hide show
  1. package/ARCHITECTURE.md +2 -2
  2. package/docs/architecture/keychain-broker.md +19 -6
  3. package/docs/architecture/memory.md +3 -3
  4. package/package.json +1 -1
  5. package/src/__tests__/approval-cascade.test.ts +3 -1
  6. package/src/__tests__/approval-routes-http.test.ts +0 -1
  7. package/src/__tests__/asset-materialize-tool.test.ts +0 -1
  8. package/src/__tests__/asset-search-tool.test.ts +0 -1
  9. package/src/__tests__/assistant-events-sse-hardening.test.ts +0 -1
  10. package/src/__tests__/attachments-store.test.ts +0 -1
  11. package/src/__tests__/avatar-e2e.test.ts +6 -1
  12. package/src/__tests__/browser-fill-credential.test.ts +3 -0
  13. package/src/__tests__/btw-routes.test.ts +39 -0
  14. package/src/__tests__/call-controller.test.ts +0 -1
  15. package/src/__tests__/call-domain.test.ts +1 -0
  16. package/src/__tests__/call-routes-http.test.ts +1 -2
  17. package/src/__tests__/canonical-guardian-store.test.ts +33 -2
  18. package/src/__tests__/channel-readiness-routes.test.ts +1 -0
  19. package/src/__tests__/channel-readiness-service.test.ts +1 -0
  20. package/src/__tests__/claude-code-skill-regression.test.ts +6 -2
  21. package/src/__tests__/claude-code-tool-profiles.test.ts +7 -2
  22. package/src/__tests__/config-loader-backfill.test.ts +1 -2
  23. package/src/__tests__/config-schema.test.ts +6 -37
  24. package/src/__tests__/conversation-routes-slash-commands.test.ts +0 -1
  25. package/src/__tests__/credential-broker-server-use.test.ts +16 -16
  26. package/src/__tests__/credential-security-invariants.test.ts +14 -0
  27. package/src/__tests__/credential-vault-unit.test.ts +4 -4
  28. package/src/__tests__/error-handler-friendly-messages.test.ts +4 -5
  29. package/src/__tests__/gateway-only-enforcement.test.ts +0 -2
  30. package/src/__tests__/host-shell-tool.test.ts +0 -1
  31. package/src/__tests__/http-user-message-parity.test.ts +19 -0
  32. package/src/__tests__/list-messages-attachments.test.ts +0 -1
  33. package/src/__tests__/log-export-workspace.test.ts +233 -0
  34. package/src/__tests__/managed-proxy-context.test.ts +1 -1
  35. package/src/__tests__/managed-skill-lifecycle.test.ts +0 -1
  36. package/src/__tests__/media-generate-image.test.ts +7 -2
  37. package/src/__tests__/media-reuse-story.e2e.test.ts +1 -1
  38. package/src/__tests__/memory-regressions.test.ts +0 -1
  39. package/src/__tests__/migration-cross-version-compatibility.test.ts +0 -1
  40. package/src/__tests__/migration-export-http.test.ts +0 -1
  41. package/src/__tests__/migration-import-commit-http.test.ts +0 -1
  42. package/src/__tests__/migration-import-preflight-http.test.ts +0 -1
  43. package/src/__tests__/migration-validate-http.test.ts +0 -1
  44. package/src/__tests__/notification-schedule-dedup.test.ts +237 -0
  45. package/src/__tests__/oauth-cli.test.ts +1 -10
  46. package/src/__tests__/oauth-store.test.ts +3 -5
  47. package/src/__tests__/oauth2-gateway-transport.test.ts +5 -4
  48. package/src/__tests__/onboarding-starter-tasks.test.ts +1 -1
  49. package/src/__tests__/onboarding-template-contract.test.ts +1 -2
  50. package/src/__tests__/pricing.test.ts +0 -11
  51. package/src/__tests__/provider-commit-message-generator.test.ts +21 -14
  52. package/src/__tests__/provider-fail-open-selection.test.ts +9 -8
  53. package/src/__tests__/provider-managed-proxy-integration.test.ts +27 -24
  54. package/src/__tests__/provider-registry-ollama.test.ts +8 -2
  55. package/src/__tests__/recording-handler.test.ts +0 -1
  56. package/src/__tests__/relay-server.test.ts +0 -1
  57. package/src/__tests__/runtime-attachment-metadata.test.ts +0 -1
  58. package/src/__tests__/runtime-events-sse-parity.test.ts +0 -1
  59. package/src/__tests__/runtime-events-sse.test.ts +0 -1
  60. package/src/__tests__/script-proxy-injection-runtime.test.ts +4 -0
  61. package/src/__tests__/secret-routes-managed-proxy.test.ts +0 -1
  62. package/src/__tests__/secret-scanner-executor.test.ts +0 -1
  63. package/src/__tests__/send-endpoint-busy.test.ts +0 -1
  64. package/src/__tests__/session-abort-tool-results.test.ts +3 -1
  65. package/src/__tests__/session-agent-loop-overflow.test.ts +1012 -838
  66. package/src/__tests__/session-agent-loop.test.ts +2 -2
  67. package/src/__tests__/session-confirmation-signals.test.ts +3 -1
  68. package/src/__tests__/session-error.test.ts +5 -4
  69. package/src/__tests__/session-history-web-search.test.ts +34 -9
  70. package/src/__tests__/session-pre-run-repair.test.ts +3 -1
  71. package/src/__tests__/session-provider-retry-repair.test.ts +31 -26
  72. package/src/__tests__/session-queue.test.ts +3 -1
  73. package/src/__tests__/session-runtime-assembly.test.ts +118 -0
  74. package/src/__tests__/session-slash-known.test.ts +31 -13
  75. package/src/__tests__/session-slash-queue.test.ts +3 -1
  76. package/src/__tests__/session-slash-unknown.test.ts +3 -1
  77. package/src/__tests__/session-workspace-cache-state.test.ts +3 -1
  78. package/src/__tests__/session-workspace-injection.test.ts +3 -1
  79. package/src/__tests__/session-workspace-tool-tracking.test.ts +3 -1
  80. package/src/__tests__/shell-tool-proxy-mode.test.ts +0 -1
  81. package/src/__tests__/skill-script-runner-sandbox.test.ts +0 -1
  82. package/src/__tests__/skillssh-registry.test.ts +21 -0
  83. package/src/__tests__/slack-share-routes.test.ts +1 -1
  84. package/src/__tests__/swarm-recursion.test.ts +5 -1
  85. package/src/__tests__/swarm-session-integration.test.ts +25 -14
  86. package/src/__tests__/swarm-tool.test.ts +5 -2
  87. package/src/__tests__/telegram-bot-username-resolution.test.ts +2 -4
  88. package/src/__tests__/token-estimator-accuracy.benchmark.test.ts +1521 -0
  89. package/src/__tests__/tool-execution-abort-cleanup.test.ts +0 -1
  90. package/src/__tests__/tool-executor-lifecycle-events.test.ts +0 -1
  91. package/src/__tests__/tool-executor-shell-integration.test.ts +0 -1
  92. package/src/__tests__/tool-executor.test.ts +0 -1
  93. package/src/__tests__/trust-store.test.ts +5 -1
  94. package/src/__tests__/twilio-routes.test.ts +2 -2
  95. package/src/__tests__/verification-control-plane-policy.test.ts +0 -1
  96. package/src/__tests__/voice-quality.test.ts +2 -1
  97. package/src/__tests__/voice-scoped-grant-consumer.test.ts +0 -1
  98. package/src/__tests__/web-search.test.ts +1 -1
  99. package/src/agent/loop.ts +17 -1
  100. package/src/bundler/app-bundler.ts +40 -24
  101. package/src/calls/call-controller.ts +16 -0
  102. package/src/calls/relay-server.ts +29 -13
  103. package/src/calls/voice-control-protocol.ts +1 -0
  104. package/src/calls/voice-quality.ts +1 -1
  105. package/src/calls/voice-session-bridge.ts +9 -3
  106. package/src/channels/types.ts +16 -0
  107. package/src/cli/commands/bash.ts +173 -0
  108. package/src/cli/commands/doctor.ts +5 -23
  109. package/src/cli/commands/oauth/connections.ts +4 -2
  110. package/src/cli/commands/oauth/providers.ts +1 -13
  111. package/src/cli/program.ts +2 -0
  112. package/src/cli/reference.ts +1 -0
  113. package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +2 -1
  114. package/src/config/bundled-skills/media-processing/tools/analyze-keyframes.ts +3 -5
  115. package/src/config/bundled-skills/media-processing/tools/extract-keyframes.ts +2 -3
  116. package/src/config/bundled-skills/messaging/TOOLS.json +41 -1
  117. package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts +2 -1
  118. package/src/config/bundled-skills/messaging/tools/messaging-archive-by-sender.ts +2 -1
  119. package/src/config/bundled-skills/messaging/tools/messaging-auth-test.ts +2 -1
  120. package/src/config/bundled-skills/messaging/tools/messaging-list-conversations.ts +2 -1
  121. package/src/config/bundled-skills/messaging/tools/messaging-mark-read.ts +2 -1
  122. package/src/config/bundled-skills/messaging/tools/messaging-read.ts +2 -1
  123. package/src/config/bundled-skills/messaging/tools/messaging-search.ts +2 -1
  124. package/src/config/bundled-skills/messaging/tools/messaging-send.ts +2 -1
  125. package/src/config/bundled-skills/messaging/tools/messaging-sender-digest.ts +2 -1
  126. package/src/config/bundled-skills/messaging/tools/shared.ts +2 -1
  127. package/src/config/bundled-skills/phone-calls/references/CONFIG.md +1 -1
  128. package/src/config/bundled-skills/transcribe/tools/transcribe-media.ts +5 -6
  129. package/src/config/feature-flag-registry.json +8 -0
  130. package/src/config/loader.ts +7 -135
  131. package/src/config/schema.ts +0 -6
  132. package/src/config/schemas/channels.ts +1 -0
  133. package/src/config/schemas/elevenlabs.ts +2 -2
  134. package/src/contacts/contact-store.ts +21 -25
  135. package/src/contacts/contacts-write.ts +6 -6
  136. package/src/contacts/types.ts +2 -0
  137. package/src/context/token-estimator.ts +35 -2
  138. package/src/context/window-manager.ts +16 -2
  139. package/src/daemon/config-watcher.ts +24 -6
  140. package/src/daemon/context-overflow-reducer.ts +13 -2
  141. package/src/daemon/handlers/config-ingress.ts +25 -8
  142. package/src/daemon/handlers/config-model.ts +21 -15
  143. package/src/daemon/handlers/config-telegram.ts +18 -6
  144. package/src/daemon/handlers/dictation.ts +0 -429
  145. package/src/daemon/handlers/skills.ts +1 -200
  146. package/src/daemon/lifecycle.ts +8 -5
  147. package/src/daemon/message-types/contacts.ts +2 -0
  148. package/src/daemon/message-types/integrations.ts +1 -0
  149. package/src/daemon/message-types/sessions.ts +2 -0
  150. package/src/daemon/parse-actual-tokens-from-error.test.ts +75 -0
  151. package/src/daemon/server.ts +23 -2
  152. package/src/daemon/session-agent-loop-handlers.ts +1 -1
  153. package/src/daemon/session-agent-loop.ts +27 -79
  154. package/src/daemon/session-error.ts +5 -4
  155. package/src/daemon/session-process.ts +17 -10
  156. package/src/daemon/session-runtime-assembly.ts +50 -0
  157. package/src/daemon/session-slash.ts +32 -20
  158. package/src/daemon/session.ts +1 -0
  159. package/src/events/domain-events.ts +1 -0
  160. package/src/media/app-icon-generator.ts +2 -1
  161. package/src/media/avatar-router.ts +3 -2
  162. package/src/memory/canonical-guardian-store.ts +25 -3
  163. package/src/memory/db-init.ts +12 -0
  164. package/src/memory/embedding-backend.ts +25 -16
  165. package/src/memory/migrations/158-channel-interaction-columns.ts +18 -0
  166. package/src/memory/migrations/159-drop-contact-interaction-columns.ts +16 -0
  167. package/src/memory/migrations/160-drop-loopback-port-column.ts +13 -0
  168. package/src/memory/migrations/index.ts +3 -0
  169. package/src/memory/retriever.test.ts +19 -12
  170. package/src/memory/schema/contacts.ts +2 -2
  171. package/src/memory/schema/oauth.ts +0 -1
  172. package/src/oauth/byo-connection.ts +55 -49
  173. package/src/oauth/connect-orchestrator.ts +5 -3
  174. package/src/oauth/connect-types.ts +9 -2
  175. package/src/oauth/manual-token-connection.ts +9 -7
  176. package/src/oauth/oauth-store.ts +2 -8
  177. package/src/oauth/provider-behaviors.ts +10 -0
  178. package/src/oauth/seed-providers.ts +13 -5
  179. package/src/permissions/checker.ts +20 -1
  180. package/src/prompts/__tests__/build-cli-reference-section.test.ts +1 -1
  181. package/src/prompts/system-prompt.ts +2 -11
  182. package/src/prompts/templates/BOOTSTRAP.md +1 -3
  183. package/src/providers/anthropic/client.ts +16 -8
  184. package/src/providers/managed-proxy/constants.ts +1 -1
  185. package/src/providers/registry.ts +21 -15
  186. package/src/providers/types.ts +1 -1
  187. package/src/runtime/auth/route-policy.ts +4 -0
  188. package/src/runtime/channel-invite-transports/telegram.ts +12 -6
  189. package/src/runtime/channel-retry-sweep.ts +6 -0
  190. package/src/runtime/http-types.ts +1 -0
  191. package/src/runtime/middleware/error-handler.ts +1 -2
  192. package/src/runtime/routes/app-management-routes.ts +1 -0
  193. package/src/runtime/routes/btw-routes.ts +20 -1
  194. package/src/runtime/routes/conversation-routes.ts +32 -13
  195. package/src/runtime/routes/inbound-message-handler.ts +10 -2
  196. package/src/runtime/routes/inbound-stages/background-dispatch.ts +4 -0
  197. package/src/runtime/routes/inbound-stages/edit-intercept.ts +5 -5
  198. package/src/runtime/routes/integrations/slack/share.ts +5 -5
  199. package/src/runtime/routes/log-export-routes.ts +122 -10
  200. package/src/runtime/routes/session-query-routes.ts +3 -3
  201. package/src/runtime/routes/settings-routes.ts +53 -0
  202. package/src/runtime/routes/workspace-routes.ts +3 -0
  203. package/src/runtime/verification-templates.ts +1 -1
  204. package/src/security/oauth2.ts +4 -4
  205. package/src/security/secure-keys.ts +24 -3
  206. package/src/security/token-manager.ts +7 -8
  207. package/src/signals/bash.ts +157 -0
  208. package/src/skills/skillssh-registry.ts +6 -1
  209. package/src/swarm/backend-claude-code.ts +6 -6
  210. package/src/swarm/worker-backend.ts +1 -1
  211. package/src/swarm/worker-runner.ts +1 -1
  212. package/src/telegram/bot-username.ts +11 -0
  213. package/src/tools/claude-code/claude-code.ts +4 -4
  214. package/src/tools/credentials/broker.ts +7 -5
  215. package/src/tools/credentials/vault.ts +3 -2
  216. package/src/tools/network/__tests__/web-search.test.ts +18 -86
  217. package/src/tools/network/web-search.ts +9 -15
  218. package/src/util/platform.ts +7 -1
  219. package/src/util/pricing.ts +0 -1
  220. package/src/workspace/provider-commit-message-generator.ts +10 -6
package/src/__tests__/skillssh-registry.test.ts CHANGED
@@ -427,6 +427,27 @@ describe("fetchSkillFromGitHub", () => {
427
427
  expect(files["scripts/filter.sh"]).toBe("#!/bin/bash\necho filter");
428
428
  });
429
429
 
430
+ test("surfaces non-404 errors from tree lookup instead of misleading 'not found'", async () => {
431
+ mockFetchImpl = (url: string | URL | Request) => {
432
+ const urlStr = url.toString();
433
+ // Probe for conventional path returns 404
434
+ if (urlStr.includes("/contents/skills/my-skill")) {
435
+ return Promise.resolve(new Response("Not Found", { status: 404 }));
436
+ }
437
+ // Tree API returns a rate-limit error
438
+ if (urlStr.includes("/git/trees/")) {
439
+ return Promise.resolve(
440
+ new Response("rate limit exceeded", { status: 403 }),
441
+ );
442
+ }
443
+ return Promise.resolve(new Response("not found", { status: 404 }));
444
+ };
445
+
446
+ await expect(
447
+ fetchSkillFromGitHub("owner", "repo", "my-skill"),
448
+ ).rejects.toThrow("GitHub API error while searching repo tree: HTTP 403");
449
+ });
450
+
430
451
  test("throws when skill not found in tree either", async () => {
431
452
  mockFetchImpl = (url: string | URL | Request) => {
432
453
  const urlStr = url.toString();
package/src/__tests__/slack-share-routes.test.ts CHANGED
@@ -6,7 +6,7 @@ import { beforeEach, describe, expect, mock, test } from "bun:test";
6
6
 
7
7
  const secureKeyValues = new Map<string, string>();
8
8
  mock.module("../security/secure-keys.js", () => ({
9
- getSecureKey: (key: string) => secureKeyValues.get(key),
9
+ getSecureKeyAsync: async (key: string) => secureKeyValues.get(key),
10
10
  setSecureKeyAsync: async () => {},
11
11
  }));
12
12
 
package/src/__tests__/swarm-recursion.test.ts CHANGED
@@ -37,7 +37,6 @@ mock.module("../config/loader.js", () => ({
37
37
 
38
38
  provider: "anthropic",
39
39
  providerOrder: ["anthropic"],
40
- apiKeys: { anthropic: "test-key" },
41
40
  swarm: {
42
41
  enabled: true,
43
42
  maxWorkers: 3,
@@ -67,6 +66,11 @@ const mockProvider = {
67
66
  };
68
67
  },
69
68
  };
69
+ mock.module("../security/secure-keys.js", () => ({
70
+ getSecureKeyAsync: async () => "test-api-key",
71
+ getSecureKey: () => "test-api-key",
72
+ }));
73
+
70
74
  mock.module("../providers/registry.js", () => ({
71
75
  getProvider: () => mockProvider,
72
76
  getFailoverProvider: () => mockProvider,
package/src/__tests__/swarm-session-integration.test.ts CHANGED
@@ -18,7 +18,6 @@ mock.module("../hooks/manager.js", () => ({
18
18
  }));
19
19
 
20
20
  let swarmEnabled = true;
21
- let hasApiKey = true;
22
21
 
23
22
  mock.module("../config/loader.js", () => ({
24
23
  getConfig: () => ({
@@ -26,7 +25,6 @@ mock.module("../config/loader.js", () => ({
26
25
 
27
26
  provider: "anthropic",
28
27
  providerOrder: ["anthropic"],
29
- apiKeys: { anthropic: hasApiKey ? "test-key" : "" },
30
28
  swarm: {
31
29
  enabled: swarmEnabled,
32
30
  maxWorkers: 2,
@@ -56,6 +54,12 @@ const mockTestProvider = {
56
54
  };
57
55
  },
58
56
  };
57
+ let mockAnthropicKey: string | undefined = "test-api-key";
58
+ mock.module("../security/secure-keys.js", () => ({
59
+ getSecureKeyAsync: async () => mockAnthropicKey,
60
+ getSecureKey: () => mockAnthropicKey,
61
+ }));
62
+
59
63
  mock.module("../providers/registry.js", () => ({
60
64
  getProvider: () => mockTestProvider,
61
65
  getFailoverProvider: () => mockTestProvider,
@@ -103,7 +107,6 @@ describe("swarm through AgentLoop", () => {
103
107
  beforeEach(() => {
104
108
  _resetSwarmActive();
105
109
  swarmEnabled = true;
106
- hasApiKey = true;
107
110
  });
108
111
 
109
112
  test("agent loop calls swarm_delegate and receives tool result", async () => {
@@ -253,7 +256,6 @@ describe("swarm regression tests", () => {
253
256
  beforeEach(() => {
254
257
  _resetSwarmActive();
255
258
  swarmEnabled = true;
256
- hasApiKey = true;
257
259
  });
258
260
 
259
261
  test("swarm_delegate returns graceful message when disabled", async () => {
@@ -298,17 +300,26 @@ describe("swarm regression tests", () => {
298
300
  });
299
301
 
300
302
  test("worker backend reports unavailable when no API key", async () => {
301
- hasApiKey = false;
302
-
303
- const result = await swarmDelegateTool.execute(
304
- { objective: "Task without key" },
305
- makeContext(),
306
- );
303
+ const prevKey = mockAnthropicKey;
304
+ const prevEnv = process.env.ANTHROPIC_API_KEY;
305
+ mockAnthropicKey = undefined;
306
+ delete process.env.ANTHROPIC_API_KEY;
307
+ try {
308
+ const result = await swarmDelegateTool.execute(
309
+ { objective: "Task without key" },
310
+ makeContext(),
311
+ );
307
312
 
308
- // The tool should still complete — the orchestrator handles backend failures
309
- // The result may show failed tasks but shouldn't throw
310
- expect(result.content).toBeTruthy();
311
- hasApiKey = true;
313
+ // The tool should still complete — the orchestrator handles backend failures
314
+ // Tasks should fail because no backend is available
315
+ expect(result.content).toBeTruthy();
316
+ expect(result.content).toContain("failed");
317
+ } finally {
318
+ mockAnthropicKey = prevKey;
319
+ if (prevEnv !== undefined) {
320
+ process.env.ANTHROPIC_API_KEY = prevEnv;
321
+ }
322
+ }
312
323
  });
313
324
 
314
325
  test("progress chunks stream through onOutput", async () => {
package/src/__tests__/swarm-tool.test.ts CHANGED
@@ -17,7 +17,6 @@ mock.module("../config/loader.js", () => ({
17
17
 
18
18
  provider: "anthropic",
19
19
  providerOrder: ["anthropic"],
20
- apiKeys: { anthropic: "test-key" },
21
20
  swarm: {
22
21
  enabled: true,
23
22
  maxWorkers: 3,
@@ -32,7 +31,6 @@ mock.module("../config/loader.js", () => ({
32
31
  getSwarmDisabledConfig: () => ({
33
32
  provider: "anthropic",
34
33
  providerOrder: ["anthropic"],
35
- apiKeys: { anthropic: "test-key" },
36
34
  swarm: {
37
35
  enabled: false,
38
36
  maxWorkers: 3,
@@ -63,6 +61,11 @@ const mockProvider = {
63
61
  };
64
62
  },
65
63
  };
64
+ mock.module("../security/secure-keys.js", () => ({
65
+ getSecureKeyAsync: async () => "test-api-key",
66
+ getSecureKey: () => "test-api-key",
67
+ }));
68
+
66
69
  mock.module("../providers/registry.js", () => ({
67
70
  getProvider: () => mockProvider,
68
71
  getFailoverProvider: () => mockProvider,
package/src/__tests__/telegram-bot-username-resolution.test.ts CHANGED
@@ -21,6 +21,7 @@ let mockConfigWriteCalls: Array<{
21
21
 
22
22
  mock.module("../telegram/bot-username.js", () => ({
23
23
  getTelegramBotUsername: () => mockBotUsername,
24
+ getTelegramBotId: () => (mockBotUsername ? "123456" : undefined),
24
25
  }));
25
26
 
26
27
  mock.module("../config/loader.js", () => ({
@@ -37,10 +38,7 @@ mock.module("../config/loader.js", () => ({
37
38
  }));
38
39
 
39
40
  mock.module("../security/secure-keys.js", () => ({
40
- getSecureKey: (_keyId: string) => mockSecureKey,
41
- setSecureKey: (_account: string, _value: string) => true,
42
- deleteSecureKey: (_account: string) => "deleted" as const,
43
- listSecureKeys: () => [] as string[],
41
+ getSecureKeyAsync: async (_keyId: string) => mockSecureKey,
44
42
  }));
45
43
 
46
44
  // Suppress logger output during tests