npm - @vellumai/assistant - Versions diffs - 0.4.56 → 0.4.57 - Mend

@vellumai/assistant 0.4.56 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (450) hide show

package/ARCHITECTURE.md +10 -10
package/Dockerfile +3 -0
package/README.md +11 -11
package/docs/architecture/integrations.md +2 -2
package/docs/architecture/memory.md +3 -4
package/docs/credential-execution-service.md +13 -20
package/node_modules/@vellumai/ces-contracts/src/error.ts +5 -4
package/package.json +1 -1
package/src/__tests__/actor-token-service.test.ts +7 -7
package/src/__tests__/anthropic-provider.test.ts +172 -0
package/src/__tests__/app-builder-tool-scripts.test.ts +15 -1
package/src/__tests__/approval-cascade.test.ts +2 -2
package/src/__tests__/approval-routes-http.test.ts +3 -4
package/src/__tests__/asset-materialize-tool.test.ts +5 -5
package/src/__tests__/asset-search-tool.test.ts +1 -1
package/src/__tests__/assistant-attachments.test.ts +5 -5
package/src/__tests__/assistant-events-sse-hardening.test.ts +1 -1
package/src/__tests__/assistant-feature-flags-integration.test.ts +50 -38
package/src/__tests__/attachments-store.test.ts +2 -2
package/src/__tests__/avatar-e2e.test.ts +5 -3
package/src/__tests__/browser-skill-endstate.test.ts +0 -1
package/src/__tests__/call-routes-http.test.ts +2 -2
package/src/__tests__/callback-handoff-copy.test.ts +1 -1
package/src/__tests__/cancel-resolves-conversation-key.test.ts +158 -0
package/src/__tests__/channel-readiness-routes.test.ts +0 -1
package/src/__tests__/channel-readiness-service.test.ts +0 -1
package/src/__tests__/checker.test.ts +31 -32
package/src/__tests__/chrome-cdp.test.ts +47 -18
package/src/__tests__/claude-code-skill-regression.test.ts +2 -2
package/src/__tests__/config-schema-cmd.test.ts +2 -2
package/src/__tests__/config-schema.test.ts +9 -18
package/src/__tests__/confirmation-request-guardian-bridge.test.ts +1 -1
package/src/__tests__/conversation-abort-tool-results.test.ts +4 -4
package/src/__tests__/conversation-agent-loop-overflow.test.ts +2 -2
package/src/__tests__/conversation-agent-loop.test.ts +11 -4
package/src/__tests__/conversation-attachments.test.ts +1 -1
package/src/__tests__/conversation-confirmation-signals.test.ts +2 -2
package/src/__tests__/conversation-error.test.ts +33 -0
package/src/__tests__/conversation-init.benchmark.test.ts +0 -1
package/src/__tests__/conversation-load-history-repair.test.ts +1 -1
package/src/__tests__/conversation-pairing.test.ts +1 -1
package/src/__tests__/conversation-pre-run-repair.test.ts +4 -4
package/src/__tests__/conversation-provider-retry-repair.test.ts +4 -4
package/src/__tests__/conversation-queue.test.ts +23 -14
package/src/__tests__/conversation-routes-slash-commands.test.ts +3 -3
package/src/__tests__/conversation-runtime-assembly.test.ts +185 -173
package/src/__tests__/conversation-seed-composer.test.ts +1 -1
package/src/__tests__/conversation-slash-queue.test.ts +4 -4
package/src/__tests__/conversation-slash-unknown.test.ts +4 -4
package/src/__tests__/conversation-starter-routes.test.ts +291 -0
package/src/__tests__/conversation-wipe.test.ts +438 -0
package/src/__tests__/conversation-workspace-cache-state.test.ts +2 -3
package/src/__tests__/conversation-workspace-injection.test.ts +4 -5
package/src/__tests__/conversation-workspace-tool-tracking.test.ts +4 -5
package/src/__tests__/credential-security-e2e.test.ts +20 -0
package/src/__tests__/credential-security-invariants.test.ts +1 -0
package/src/__tests__/credential-vault-unit.test.ts +227 -0
package/src/__tests__/credentials-cli.test.ts +3 -0
package/src/__tests__/date-context.test.ts +59 -377
package/src/__tests__/drop-capability-card-state-migration.test.ts +169 -0
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +11 -45
package/src/__tests__/emit-signal-routing-intent.test.ts +3 -3
package/src/__tests__/encrypted-store.test.ts +237 -15
package/src/__tests__/ephemeral-permissions.test.ts +4 -5
package/src/__tests__/event-bus.test.ts +3 -3
package/src/__tests__/gateway-only-enforcement.test.ts +2 -2
package/src/__tests__/gateway-only-guard.test.ts +1 -0
package/src/__tests__/gemini-image-service.test.ts +4 -4
package/src/__tests__/gemini-provider.test.ts +6 -9
package/src/__tests__/guardian-binding-drift-heal.test.ts +128 -0
package/src/__tests__/guardian-dispatch.test.ts +0 -1
package/src/__tests__/host-shell-tool.test.ts +6 -6
package/src/__tests__/http-user-message-parity.test.ts +2 -2
package/src/__tests__/intent-routing.test.ts +51 -99
package/src/__tests__/invite-routes-http.test.ts +5 -0
package/src/__tests__/list-messages-attachments.test.ts +1 -1
package/src/__tests__/managed-proxy-context.test.ts +2 -5
package/src/__tests__/managed-skill-lifecycle.test.ts +8 -8
package/src/__tests__/media-generate-image.test.ts +32 -15
package/src/__tests__/media-reuse-story.e2e.test.ts +1 -1
package/src/__tests__/memory-context-benchmark.benchmark.test.ts +1 -1
package/src/__tests__/memory-lifecycle-e2e.test.ts +24 -18
package/src/__tests__/memory-recall-quality.test.ts +4 -3
package/src/__tests__/memory-regressions.test.ts +86 -90
package/src/__tests__/migration-cross-version-compatibility.test.ts +32 -32
package/src/__tests__/migration-export-http.test.ts +26 -27
package/src/__tests__/migration-import-commit-http.test.ts +165 -37
package/src/__tests__/migration-import-preflight-http.test.ts +81 -20
package/src/__tests__/migration-validate-http.test.ts +16 -16
package/src/__tests__/model-intents.test.ts +1 -1
package/src/__tests__/no-domain-routing-in-prompt-guard.test.ts +1 -1
package/src/__tests__/notification-broadcaster.test.ts +1 -1
package/src/__tests__/notification-decision-fallback.test.ts +2 -2
package/src/__tests__/notification-decision-identity.test.ts +8 -9
package/src/__tests__/notification-decision-strategy.test.ts +1 -1
package/src/__tests__/notification-deep-link.test.ts +1 -1
package/src/__tests__/notification-guardian-path.test.ts +0 -1
package/src/__tests__/notification-schedule-dedup.test.ts +7 -7
package/src/__tests__/oauth-store.test.ts +1 -3
package/src/__tests__/oauth2-gateway-transport.test.ts +6 -1
package/src/__tests__/onboarding-template-contract.test.ts +23 -59
package/src/__tests__/provider-error-scenarios.test.ts +154 -0
package/src/__tests__/provider-fail-open-selection.test.ts +2 -2
package/src/__tests__/provider-managed-proxy-integration.test.ts +8 -9
package/src/__tests__/provider-registry-ollama.test.ts +5 -2
package/src/__tests__/qdrant-manager.test.ts +7 -7
package/src/__tests__/ratelimit.test.ts +0 -74
package/src/__tests__/recording-handler.test.ts +0 -1
package/src/__tests__/require-fresh-approval.test.ts +1 -1
package/src/__tests__/runtime-attachment-metadata.test.ts +1 -1
package/src/__tests__/runtime-events-sse-parity.test.ts +1 -1
package/src/__tests__/runtime-events-sse.test.ts +1 -1
package/src/__tests__/scheduler-recurrence.test.ts +46 -2
package/src/__tests__/schema-transforms.test.ts +114 -54
package/src/__tests__/secret-onetime-send.test.ts +20 -0
package/src/__tests__/secret-routes-managed-proxy.test.ts +5 -2
package/src/__tests__/secret-scanner-executor.test.ts +1 -2
package/src/__tests__/send-endpoint-busy.test.ts +63 -4
package/src/__tests__/send-notification-tool.test.ts +2 -2
package/src/__tests__/shell-credential-ref.test.ts +0 -1
package/src/__tests__/shell-tool-proxy-mode.test.ts +1 -2
package/src/__tests__/skill-memory.test.ts +547 -0
package/src/__tests__/skill-script-runner-sandbox.test.ts +1 -2
package/src/__tests__/slack-app-setup-skill-regression.test.ts +37 -0
package/src/__tests__/slack-channel-config.test.ts +109 -94
package/src/__tests__/swarm-conversation-integration.test.ts +2 -2
package/src/__tests__/swarm-recursion.test.ts +2 -2
package/src/__tests__/swarm-tool.test.ts +2 -2
package/src/__tests__/system-prompt.test.ts +19 -66
package/src/__tests__/telegram-config.test.ts +121 -0
package/src/__tests__/terminal-tools.test.ts +1 -1
package/src/__tests__/tool-execution-abort-cleanup.test.ts +1 -2
package/src/__tests__/tool-executor-lifecycle-events.test.ts +1 -1
package/src/__tests__/tool-executor-shell-integration.test.ts +1 -1
package/src/__tests__/tool-executor.test.ts +1 -1
package/src/__tests__/trace-emitter.test.ts +8 -1
package/src/__tests__/trust-store.test.ts +7 -8
package/src/__tests__/twilio-routes.test.ts +1 -18
package/src/__tests__/user-reference.test.ts +82 -2
package/src/__tests__/vbundle-pax-and-symlink.test.ts +196 -0
package/src/__tests__/verification-control-plane-policy.test.ts +1 -1
package/src/approvals/guardian-request-resolvers.ts +3 -3
package/src/avatar/ascii-renderer.ts +2 -2
package/src/avatar/png-renderer.ts +2 -2
package/src/avatar/resvg-lazy.ts +21 -0
package/src/calls/guardian-dispatch.ts +1 -1
package/src/calls/relay-access-wait.ts +2 -2
package/src/calls/twilio-rest.ts +0 -248
package/src/cli/AGENTS.md +5 -8
package/src/cli/__tests__/notifications.test.ts +5 -5
package/src/cli/commands/avatar.ts +64 -2
package/src/cli/commands/conversations.ts +131 -1
package/src/cli/commands/credentials.ts +2 -0
package/src/cli/commands/notifications.ts +3 -3
package/src/cli.ts +10 -0
package/src/config/bundled-skills/acp/SKILL.md +5 -5
package/src/config/bundled-skills/acp/TOOLS.json +6 -6
package/src/config/bundled-skills/app-builder/SKILL.md +42 -42
package/src/config/bundled-skills/app-builder/TOOLS.json +10 -10
package/src/config/bundled-skills/browser/SKILL.md +15 -15
package/src/config/bundled-skills/browser/TOOLS.json +14 -14
package/src/config/bundled-skills/chatgpt-import/SKILL.md +2 -2
package/src/config/bundled-skills/chatgpt-import/TOOLS.json +1 -1
package/src/config/bundled-skills/chatgpt-import/tools/chatgpt-import.ts +1 -1
package/src/config/bundled-skills/claude-code/SKILL.md +5 -5
package/src/config/bundled-skills/computer-use/SKILL.md +2 -2
package/src/config/bundled-skills/computer-use/TOOLS.json +15 -15
package/src/config/bundled-skills/contacts/SKILL.md +3 -3
package/src/config/bundled-skills/contacts/TOOLS.json +4 -4
package/src/config/bundled-skills/document/SKILL.md +4 -4
package/src/config/bundled-skills/document/TOOLS.json +2 -2
package/src/config/bundled-skills/followups/TOOLS.json +3 -3
package/src/config/bundled-skills/gmail/SKILL.md +32 -32
package/src/config/bundled-skills/gmail/TOOLS.json +16 -16
package/src/config/bundled-skills/gmail/tools/gmail-archive.ts +1 -1
package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts +1 -1
package/src/config/bundled-skills/google-calendar/SKILL.md +1 -1
package/src/config/bundled-skills/google-calendar/TOOLS.json +5 -5
package/src/config/bundled-skills/google-calendar/types.ts +1 -1
package/src/config/bundled-skills/heartbeat/SKILL.md +43 -0
package/src/config/bundled-skills/image-studio/SKILL.md +3 -3
package/src/config/bundled-skills/image-studio/TOOLS.json +2 -3
package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +16 -12
package/src/config/bundled-skills/media-processing/SKILL.md +40 -40
package/src/config/bundled-skills/media-processing/TOOLS.json +8 -8
package/src/config/bundled-skills/media-processing/__tests__/concurrency-pool.test.ts +2 -2
package/src/config/bundled-skills/media-processing/__tests__/preprocess.test.ts +1 -1
package/src/config/bundled-skills/media-processing/services/gemini-map.ts +5 -5
package/src/config/bundled-skills/media-processing/services/gemini-video.ts +2 -2
package/src/config/bundled-skills/media-processing/services/preprocess.ts +2 -2
package/src/config/bundled-skills/media-processing/services/processing-pipeline.ts +2 -2
package/src/config/bundled-skills/media-processing/services/reduce.ts +3 -3
package/src/config/bundled-skills/media-processing/tools/generate-clip.ts +2 -2
package/src/config/bundled-skills/media-processing/tools/query-media-events.ts +1 -1
package/src/config/bundled-skills/messaging/SKILL.md +29 -25
package/src/config/bundled-skills/messaging/TOOLS.json +11 -11
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +1 -1
package/src/config/bundled-skills/messaging/tools/shared.ts +1 -1
package/src/config/bundled-skills/notifications/SKILL.md +3 -3
package/src/config/bundled-skills/notifications/TOOLS.json +2 -2
package/src/config/bundled-skills/notifications/tools/send-notification.ts +3 -3
package/src/config/bundled-skills/orchestration/SKILL.md +1 -1
package/src/config/bundled-skills/orchestration/TOOLS.json +1 -1
package/src/config/bundled-skills/phone-calls/SKILL.md +18 -14
package/src/config/bundled-skills/phone-calls/TOOLS.json +3 -3
package/src/config/bundled-skills/phone-calls/references/CONFIG.md +2 -2
package/src/config/bundled-skills/phone-calls/references/TRANSCRIPTS.md +2 -2
package/src/config/bundled-skills/phone-calls/references/TROUBLESHOOTING.md +1 -1
package/src/config/bundled-skills/playbooks/TOOLS.json +4 -4
package/src/config/bundled-skills/schedule/SKILL.md +26 -26
package/src/config/bundled-skills/schedule/TOOLS.json +5 -5
package/src/config/bundled-skills/screen-watch/SKILL.md +3 -3
package/src/config/bundled-skills/screen-watch/TOOLS.json +1 -1
package/src/config/bundled-skills/sequences/SKILL.md +2 -2
package/src/config/bundled-skills/sequences/TOOLS.json +10 -10
package/src/config/bundled-skills/sequences/tools/sequence-analytics.ts +2 -2
package/src/config/bundled-skills/sequences/tools/sequence-enroll.ts +2 -2
package/src/config/bundled-skills/sequences/tools/sequence-enrollment-list.ts +1 -1
package/src/config/bundled-skills/sequences/tools/sequence-get.ts +1 -1
package/src/config/bundled-skills/sequences/tools/sequence-import.ts +3 -3
package/src/config/bundled-skills/sequences/tools/sequence-list.ts +1 -1
package/src/config/bundled-skills/sequences/tools/sequence-update.ts +1 -1
package/src/config/bundled-skills/settings/TOOLS.json +3 -3
package/src/config/bundled-skills/settings/tools/open-system-settings.ts +1 -1
package/src/config/bundled-skills/skill-management/TOOLS.json +5 -5
package/src/config/bundled-skills/skills-catalog/SKILL.md +84 -0
package/src/config/bundled-skills/slack/SKILL.md +2 -2
package/src/config/bundled-skills/slack/TOOLS.json +8 -8
package/src/config/bundled-skills/slack/tools/slack-scan-digest.ts +3 -3
package/src/config/bundled-skills/subagent/TOOLS.json +5 -5
package/src/config/bundled-skills/tasks/SKILL.md +1 -1
package/src/config/bundled-skills/tasks/TOOLS.json +9 -9
package/src/config/bundled-skills/transcribe/SKILL.md +5 -5
package/src/config/bundled-skills/transcribe/TOOLS.json +1 -1
package/src/config/bundled-skills/transcribe/tools/transcribe-media.ts +10 -10
package/src/config/bundled-skills/watcher/SKILL.md +4 -4
package/src/config/bundled-skills/watcher/TOOLS.json +5 -5
package/src/config/feature-flag-registry.json +33 -17
package/src/config/schemas/sandbox.ts +1 -1
package/src/config/schemas/services.ts +13 -3
package/src/config/schemas/timeouts.ts +0 -10
package/src/contacts/contact-store.ts +63 -0
package/src/contacts/contacts-write.ts +1 -1
package/src/daemon/assistant-attachments.ts +2 -2
package/src/daemon/conversation-agent-loop-handlers.ts +2 -2
package/src/daemon/conversation-agent-loop.ts +7 -30
package/src/daemon/conversation-error.ts +24 -0
package/src/daemon/conversation-memory.ts +8 -7
package/src/daemon/conversation-runtime-assembly.ts +139 -274
package/src/daemon/conversation-slash.ts +7 -26
package/src/daemon/conversation-surfaces.ts +14 -0
package/src/daemon/conversation-tool-setup.ts +9 -8
package/src/daemon/conversation.ts +2 -0
package/src/daemon/daemon-control.ts +1 -1
package/src/daemon/date-context.ts +10 -83
package/src/daemon/handlers/config-channels.ts +12 -2
package/src/daemon/handlers/config-slack-channel.ts +7 -1
package/src/daemon/handlers/config-telegram.ts +6 -1
package/src/daemon/handlers/conversations.ts +2 -2
package/src/daemon/handlers/skills.ts +4 -0
package/src/daemon/lifecycle.ts +28 -4
package/src/daemon/providers-setup.ts +1 -1
package/src/daemon/server.ts +1 -5
package/src/daemon/shutdown-handlers.ts +9 -3
package/src/daemon/tool-side-effects.ts +40 -0
package/src/daemon/trace-emitter.ts +25 -2
package/src/events/domain-events.ts +1 -1
package/src/events/tool-permission-telemetry-listener.ts +46 -0
package/src/inbound/platform-callback-registration.ts +0 -18
package/src/media/app-icon-generator.ts +15 -8
package/src/media/avatar-router.ts +15 -8
package/src/media/gemini-image-service.ts +125 -21
package/src/memory/attachments-store.ts +3 -3
package/src/memory/channel-verification-sessions.ts +6 -6
package/src/memory/conversation-crud.ts +196 -1
package/src/memory/{thread-starters-cadence.ts → conversation-starters-cadence.ts} +9 -42
package/src/memory/conversation-title-service.ts +2 -3
package/src/memory/db-init.ts +25 -1
package/src/memory/invite-store.ts +4 -4
package/src/memory/items-extractor.ts +4 -4
package/src/memory/job-handlers/{thread-starters.ts → conversation-starters.ts} +123 -38
package/src/memory/jobs-store.ts +3 -2
package/src/memory/jobs-worker.ts +7 -5
package/src/memory/lifecycle-events-store.ts +63 -0
package/src/memory/migrations/172-rename-created-by-session-id.ts +27 -0
package/src/memory/migrations/173-rename-source-session-id.ts +16 -0
package/src/memory/migrations/174-rename-thread-starters-table.ts +52 -0
package/src/memory/migrations/175-create-lifecycle-events.ts +15 -0
package/src/memory/migrations/176-drop-capability-card-state.ts +36 -0
package/src/memory/migrations/177-create-trace-events-table.ts +40 -0
package/src/memory/migrations/index.ts +6 -0
package/src/memory/migrations/registry.ts +13 -0
package/src/memory/retriever.test.ts +223 -96
package/src/memory/retriever.ts +115 -138
package/src/memory/schema/calls.ts +1 -1
package/src/memory/schema/contacts.ts +1 -1
package/src/memory/schema/infrastructure.ts +29 -0
package/src/memory/schema/memory-core.ts +7 -17
package/src/memory/schema/notifications.ts +1 -1
package/src/memory/search/formatting.ts +23 -6
package/src/memory/search/lexical.ts +2 -0
package/src/memory/search/semantic.ts +2 -0
package/src/memory/search/staleness.ts +1 -0
package/src/memory/search/types.ts +4 -0
package/src/memory/task-memory-cleanup.ts +96 -6
package/src/memory/trace-event-store.ts +148 -0
package/src/notifications/README.md +1 -1
package/src/notifications/decision-engine.ts +2 -2
package/src/notifications/emit-signal.ts +4 -4
package/src/notifications/events-store.ts +4 -4
package/src/notifications/signal.ts +1 -1
package/src/oauth/manual-token-connection.ts +49 -25
package/src/permissions/checker.ts +6 -5
package/src/permissions/defaults.ts +4 -4
package/src/prompts/__tests__/build-cli-reference-section.test.ts +9 -90
package/src/prompts/cache-boundary.ts +8 -0
package/src/prompts/system-prompt.ts +105 -634
package/src/prompts/templates/BOOTSTRAP.md +166 -33
package/src/prompts/templates/IDENTITY.md +8 -23
package/src/prompts/templates/SOUL.md +20 -41
package/src/prompts/templates/USER.md +3 -19
package/src/prompts/user-reference.ts +14 -16
package/src/providers/anthropic/client.ts +46 -2
package/src/providers/gemini/client.ts +6 -9
package/src/providers/managed-proxy/constants.ts +1 -7
package/src/providers/managed-proxy/context.ts +0 -1
package/src/providers/model-intents.ts +5 -5
package/src/providers/openai/client.ts +10 -1
package/src/providers/openrouter/client.ts +1 -0
package/src/providers/ratelimit.ts +0 -35
package/src/providers/registry.ts +3 -5
package/src/providers/retry.ts +18 -1
package/src/runtime/access-request-helper.ts +1 -1
package/src/runtime/auth/route-policy.ts +7 -0
package/src/runtime/channel-verification-service.ts +1 -1
package/src/runtime/confirmation-request-guardian-bridge.ts +1 -1
package/src/runtime/guardian-vellum-migration.ts +63 -1
package/src/runtime/http-server.ts +8 -4
package/src/runtime/migrations/vbundle-builder.ts +212 -32
package/src/runtime/migrations/vbundle-import-analyzer.ts +74 -8
package/src/runtime/migrations/vbundle-importer.ts +66 -1
package/src/runtime/migrations/vbundle-validator.ts +17 -3
package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts +4 -4
package/src/runtime/routes/attachment-routes.ts +2 -2
package/src/runtime/routes/btw-routes.ts +9 -0
package/src/runtime/routes/channel-verification-routes.ts +19 -2
package/src/runtime/routes/conversation-management-routes.ts +55 -1
package/src/runtime/routes/conversation-query-routes.ts +1 -1
package/src/runtime/routes/conversation-routes.ts +49 -5
package/src/runtime/routes/conversation-starter-routes.ts +207 -0
package/src/runtime/routes/guardian-bootstrap-routes.ts +13 -9
package/src/runtime/routes/inbound-stages/escalation-intercept.ts +1 -1
package/src/runtime/routes/inbound-stages/verification-intercept.ts +1 -1
package/src/runtime/routes/migration-routes.ts +25 -13
package/src/runtime/routes/secret-routes.ts +18 -0
package/src/runtime/routes/settings-routes.ts +8 -8
package/src/runtime/routes/telemetry-routes.ts +53 -0
package/src/runtime/routes/trace-event-routes.ts +62 -0
package/src/runtime/tool-grant-request-helper.ts +1 -1
package/src/runtime/verification-outbound-actions.ts +47 -31
package/src/security/encrypted-store.ts +263 -78
package/src/skills/catalog-install.ts +10 -0
package/src/skills/managed-store.ts +2 -0
package/src/skills/skill-memory.ts +220 -0
package/src/subagent/manager.ts +1 -4
package/src/telemetry/types.ts +10 -1
package/src/telemetry/usage-telemetry-reporter.test.ts +1 -1
package/src/telemetry/usage-telemetry-reporter.ts +51 -4
package/src/tools/AGENTS.md +11 -11
package/src/tools/acp/spawn.ts +1 -1
package/src/tools/apps/executors.ts +8 -8
package/src/tools/apps/registry.ts +1 -1
package/src/tools/assets/materialize.ts +6 -6
package/src/tools/assets/search.ts +10 -10
package/src/tools/browser/__tests__/auth-cache.test.ts +2 -2
package/src/tools/browser/__tests__/auth-detector.test.ts +4 -4
package/src/tools/browser/auth-detector.ts +6 -6
package/src/tools/browser/browser-execution.ts +13 -13
package/src/tools/browser/browser-manager.ts +3 -3
package/src/tools/browser/chrome-cdp.ts +5 -5
package/src/tools/browser/jit-auth.ts +2 -2
package/src/tools/browser/network-recorder.test.ts +2 -2
package/src/tools/browser/network-recorder.ts +3 -3
package/src/tools/browser/runtime-check.ts +3 -3
package/src/tools/claude-code/claude-code.ts +2 -2
package/src/tools/computer-use/definitions.ts +18 -18
package/src/tools/credential-execution/make-authenticated-request.ts +4 -4
package/src/tools/credential-execution/manage-secure-command-tool.ts +3 -3
package/src/tools/credential-execution/run-authenticated-command.ts +4 -4
package/src/tools/credentials/broker-types.ts +5 -5
package/src/tools/credentials/broker.ts +15 -15
package/src/tools/credentials/metadata-store.ts +2 -2
package/src/tools/credentials/resolve.ts +1 -1
package/src/tools/credentials/selection.ts +1 -1
package/src/tools/credentials/tool-policy.ts +1 -1
package/src/tools/credentials/vault.ts +115 -25
package/src/tools/execution-target.ts +2 -2
package/src/tools/executor.ts +7 -7
package/src/tools/filesystem/edit.ts +2 -2
package/src/tools/filesystem/read.ts +1 -1
package/src/tools/filesystem/write.ts +1 -1
package/src/tools/host-filesystem/edit.ts +2 -1
package/src/tools/host-filesystem/read.ts +2 -1
package/src/tools/host-filesystem/write.ts +1 -1
package/src/tools/host-terminal/host-shell.ts +9 -8
package/src/tools/mcp/mcp-tool-factory.ts +7 -6
package/src/tools/memory/definitions.ts +6 -5
package/src/tools/memory/handlers.test.ts +1 -1
package/src/tools/network/__tests__/web-search.test.ts +3 -3
package/src/tools/network/domain-normalize.ts +2 -2
package/src/tools/network/script-proxy/session-manager.ts +10 -10
package/src/tools/network/web-fetch.ts +1 -1
package/src/tools/network/web-search.ts +3 -3
package/src/tools/permission-checker.ts +8 -8
package/src/tools/registry.ts +7 -7
package/src/tools/schedule/list.ts +2 -2
package/src/tools/schema-transforms.ts +31 -21
package/src/tools/secret-detection-handler.ts +1 -1
package/src/tools/sensitive-output-placeholders.ts +1 -1
package/src/tools/shared/filesystem/edit-engine.ts +1 -1
package/src/tools/shared/filesystem/file-ops-service.ts +3 -3
package/src/tools/shared/filesystem/image-read.ts +25 -5
package/src/tools/shared/filesystem/path-policy.ts +2 -2
package/src/tools/shared/shell-output.ts +1 -1
package/src/tools/side-effects.ts +1 -1
package/src/tools/skills/execute.ts +1 -1
package/src/tools/skills/load.ts +3 -3
package/src/tools/skills/sandbox-runner.ts +3 -3
package/src/tools/subagent/read.ts +1 -1
package/src/tools/subagent/spawn.ts +2 -2
package/src/tools/swarm/delegate.ts +3 -3
package/src/tools/system/request-permission.ts +5 -4
package/src/tools/terminal/backends/native.ts +4 -4
package/src/tools/terminal/parser.ts +6 -6
package/src/tools/terminal/sandbox-diagnostics.ts +1 -1
package/src/tools/terminal/shell.ts +16 -16
package/src/tools/tool-approval-handler.ts +21 -12
package/src/tools/tool-manifest.ts +4 -4
package/src/tools/types.ts +3 -3
package/src/tools/ui-surface/definitions.ts +9 -37
package/src/tools/watcher/list.ts +1 -1
package/src/util/logger.ts +7 -2
package/src/util/retry.ts +29 -1
package/src/workspace/migrations/007-web-search-provider-rename.ts +37 -0
package/src/workspace/migrations/registry.ts +2 -0
package/src/__tests__/cli-help-reference-sync.test.ts +0 -26
package/src/__tests__/onboarding-starter-tasks.test.ts +0 -190
package/src/cli/reference.ts +0 -38
package/src/memory/job-handlers/capability-cards.ts +0 -420
package/src/runtime/routes/thread-starter-routes.ts +0 -294

package/src/__tests__/migration-cross-version-compatibility.test.ts CHANGED Viewed

@@ -53,13 +53,14 @@ function toArrayBuffer(data: Uint8Array): ArrayBuffer {
 const testDir = realpathSync(
   mkdtempSync(join(tmpdir(), "migration-cross-version-test-")),
 );
-const testDbDir = join(testDir, "db");
+const testDbDir = join(testDir, "data", "db");
 const testDbPath = join(testDbDir, "assistant.db");
 const testConfigPath = join(testDir, "config.json");
 mock.module("../util/platform.js", () => ({
   getRootDir: () => testDir,
-  getDataDir: () => testDir,
+  getDataDir: () => join(testDir, "data"),
+  getWorkspaceDir: () => testDir,
   getWorkspaceConfigPath: () => testConfigPath,
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
@@ -83,9 +84,8 @@ mock.module("../config/loader.js", () => ({
     model: "test",
     provider: "test",
     memory: { enabled: false },
-    rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
+    rateLimit: { maxRequestsPerMinute: 0 },
     secretDetection: { enabled: false },
-    sandbox: { enabled: false },
   }),
 }));
@@ -445,7 +445,7 @@ describe("schema version compatibility", () => {
       { schema_version: "3.0" },
     );
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const result = commitImport({
       archiveData: vbundle,
       pathResolver: resolver,
@@ -463,7 +463,7 @@ describe("schema version compatibility", () => {
       schema_version: "5.0-beta",
     });
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const validationResult = validateVBundle(vbundle);
     expect(validationResult.manifest).toBeDefined();
@@ -774,9 +774,10 @@ describe("round-trip: export -> validate -> preflight -> import", () => {
     expect(preflightBody.files).toBeDefined();
     expect(preflightBody.manifest).toBeDefined();
-    // The files should show "unchanged" since we exported from the same disk
+    // The files should show "unchanged" since we exported from the same disk.
+    // New format uses workspace/ prefix for archive paths.
     const dbFile = preflightBody.files!.find(
-      (f) => f.path === "data/db/assistant.db",
+      (f) => f.path === "workspace/data/db/assistant.db",
     );
     expect(dbFile).toBeDefined();
     expect(dbFile!.action).toBe("unchanged");
@@ -829,7 +830,7 @@ describe("round-trip: export -> validate -> preflight -> import", () => {
     );
     // Step 3: Analyze (preflight)
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const report = analyzeImport({
       manifest: validationResult.manifest!,
       pathResolver: resolver,
@@ -888,13 +889,14 @@ describe("partial failure scenarios", () => {
       { path: "data/db/assistant.db", data: newDbData },
     ]);
-    // Point to a path that cannot be written (a non-existent deeply nested
-    // directory whose parent is a regular file, not a directory)
-    const blockerPath = join(testDir, "blocker-file");
-    writeFileSync(blockerPath, "I am a file, not a directory");
-    const impossibleDbPath = join(blockerPath, "nested", "deep", "db.db");
+    // Point to a workspace path where data/db cannot be created
+    // (a regular file blocks directory creation)
+    const blockerWorkspace = join(testDir, "blocker-workspace");
+    mkdirSync(blockerWorkspace, { recursive: true });
+    // Create "data" as a regular file — mkdirSync("data/db") will fail
+    writeFileSync(join(blockerWorkspace, "data"), "I am a file, not a directory");
-    const resolver = new DefaultPathResolver(impossibleDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, blockerWorkspace);
     const result = commitImport({
       archiveData: vbundle,
       pathResolver: resolver,
@@ -908,11 +910,11 @@ describe("partial failure scenarios", () => {
     }
     // Clean up
-    rmSync(blockerPath, { force: true });
+    rmSync(blockerWorkspace, { recursive: true, force: true });
   });
   test("commitImport with invalid archive returns validation_failed", () => {
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const result = commitImport({
       archiveData: new Uint8Array([0xba, 0xad, 0xf0, 0x0d]),
       pathResolver: resolver,
@@ -1000,7 +1002,7 @@ describe("partial failure scenarios", () => {
     ]);
     const corruptVBundle = gzipSync(tar);
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const result = commitImport({
       archiveData: corruptVBundle,
       pathResolver: resolver,
@@ -1032,7 +1034,7 @@ describe("edge cases", () => {
     expect(result.manifest?.files[0].size).toBe(0);
     // Import should also succeed
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const importResult = commitImport({
       archiveData: vbundle,
       pathResolver: resolver,
@@ -1186,7 +1188,10 @@ describe("edge cases", () => {
     expect(missingError!.message).toContain("data/extra/ghost.bin");
   });
-  test("bundle with only manifest (no required db) fails validation", () => {
+  test("bundle with only manifest (no data files) is valid", () => {
+    // After the workspace walk refactor, only manifest.json is required.
+    // A bundle with no data files is structurally valid — it just won't
+    // restore anything meaningful.
     const manifestWithoutChecksum = {
       schema_version: "1.0",
       created_at: new Date().toISOString(),
@@ -1205,12 +1210,7 @@ describe("edge cases", () => {
     const vbundle = gzipSync(tar);
     const result = validateVBundle(vbundle);
-    expect(result.is_valid).toBe(false);
-    expect(
-      result.errors.some(
-        (e) => e.code === "MISSING_ENTRY" && e.path === "data/db/assistant.db",
-      ),
-    ).toBe(true);
+    expect(result.is_valid).toBe(true);
   });
   test("completely empty gzip content (no tar entries) fails gracefully", () => {
@@ -1424,7 +1424,7 @@ describe("diagnostic quality", () => {
   });
   test("import commit validation_failed response includes error codes and messages", () => {
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const result = commitImport({
       archiveData: new Uint8Array([0x00]),
       pathResolver: resolver,
@@ -1633,7 +1633,7 @@ describe("builder -> validator consistency", () => {
 describe("import analyzer edge cases", () => {
   test("all-unchanged files produce correct summary", () => {
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const existingConfig = new Uint8Array(readFileSync(testConfigPath));
     const report = analyzeImport({
@@ -1666,8 +1666,8 @@ describe("import analyzer edge cases", () => {
   test("all-create scenario (fresh install) produces correct summary", () => {
     const resolver = new DefaultPathResolver(
-      join(testDir, "nonexistent-dir", "db.db"),
-      join(testDir, "nonexistent-dir", "config.json"),
+      undefined,
+      join(testDir, "nonexistent-workspace"),
     );
     const report = analyzeImport({
@@ -1698,7 +1698,7 @@ describe("import analyzer edge cases", () => {
   });
   test("mixed create/overwrite/unchanged produces accurate counts", () => {
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     // db: different from disk -> overwrite
     // config: same as disk -> unchanged
@@ -1731,7 +1731,7 @@ describe("import analyzer edge cases", () => {
   });
   test("unknown archive path produces UNKNOWN_ARCHIVE_PATH conflict", () => {
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const report = analyzeImport({
       manifest: {

package/src/__tests__/migration-export-http.test.ts CHANGED Viewed

@@ -27,13 +27,14 @@ import { afterAll, beforeAll, describe, expect, mock, test } from "bun:test";
 const testDir = realpathSync(
   mkdtempSync(join(tmpdir(), "migration-export-http-test-")),
 );
-const testDbDir = join(testDir, "db");
+const testDbDir = join(testDir, "data", "db");
 const testDbPath = join(testDbDir, "assistant.db");
 const testConfigPath = join(testDir, "config.json");
 mock.module("../util/platform.js", () => ({
   getRootDir: () => testDir,
-  getDataDir: () => testDir,
+  getDataDir: () => join(testDir, "data"),
+  getWorkspaceDir: () => testDir,
   getWorkspaceConfigPath: () => testConfigPath,
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
@@ -57,9 +58,8 @@ mock.module("../config/loader.js", () => ({
     model: "test",
     provider: "test",
     memory: { enabled: false },
-    rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
+    rateLimit: { maxRequestsPerMinute: 0 },
     secretDetection: { enabled: false },
-    sandbox: { enabled: false },
   }),
 }));
@@ -206,10 +206,10 @@ describe("handleMigrationExport", () => {
     expect(manifest.created_at).toBeDefined();
     expect(manifest.manifest_sha256).toBeDefined();
-    // Verify file entries
+    // Verify file entries — workspace walk uses workspace/ prefix
     const filePaths = manifest.files.map((f) => f.path);
-    expect(filePaths).toContain("data/db/assistant.db");
-    expect(filePaths).toContain("config/settings.json");
+    expect(filePaths).toContain("workspace/data/db/assistant.db");
+    expect(filePaths).toContain("workspace/config.json");
     // Verify each file entry has proper sha256 and size
     for (const file of manifest.files) {
@@ -299,7 +299,7 @@ describe("export data population", () => {
     const archiveData = new Uint8Array(await res.arrayBuffer());
     const entries = parseTarEntries(archiveData);
-    const dbEntry = entries.find((e) => e.name === "data/db/assistant.db");
+    const dbEntry = entries.find((e) => e.name === "workspace/data/db/assistant.db");
     expect(dbEntry).toBeDefined();
     expect(dbEntry!.data.length).toBe(SQLITE_HEADER.length);
     // Verify the exported data matches the test fixture exactly
@@ -315,7 +315,7 @@ describe("export data population", () => {
     const archiveData = new Uint8Array(await res.arrayBuffer());
     const entries = parseTarEntries(archiveData);
-    const configEntry = entries.find((e) => e.name === "config/settings.json");
+    const configEntry = entries.find((e) => e.name === "workspace/config.json");
     expect(configEntry).toBeDefined();
     const configContent = new TextDecoder().decode(configEntry!.data);
@@ -336,13 +336,13 @@ describe("export data population", () => {
     const manifest = validationResult.manifest!;
     const dbFile = manifest.files.find(
-      (f) => f.path === "data/db/assistant.db",
+      (f) => f.path === "workspace/data/db/assistant.db",
     );
     expect(dbFile).toBeDefined();
     expect(dbFile!.size).toBe(SQLITE_HEADER.length);
     const configFile = manifest.files.find(
-      (f) => f.path === "config/settings.json",
+      (f) => f.path === "workspace/config.json",
     );
     expect(configFile).toBeDefined();
     const expectedConfigSize = Buffer.byteLength(
@@ -382,7 +382,7 @@ describe("export data population", () => {
     const manifest = validationResult.manifest!;
     const dbFile = manifest.files.find(
-      (f) => f.path === "data/db/assistant.db",
+      (f) => f.path === "workspace/data/db/assistant.db",
     );
     expect(dbFile).toBeDefined();
     // The skeleton used size 0 — real export should have actual content
@@ -398,7 +398,7 @@ describe("export data population", () => {
     const archiveData = new Uint8Array(await res.arrayBuffer());
     const entries = parseTarEntries(archiveData);
-    const configEntry = entries.find((e) => e.name === "config/settings.json");
+    const configEntry = entries.find((e) => e.name === "workspace/config.json");
     expect(configEntry).toBeDefined();
     const configContent = new TextDecoder().decode(configEntry!.data);
@@ -413,42 +413,41 @@ describe("export data population", () => {
 // ---------------------------------------------------------------------------
 describe("export graceful fallback", () => {
-  test("missing database produces valid archive with empty db entry", async () => {
+  test("nonexistent workspace produces valid archive with no files", async () => {
     const { buildExportVBundle } =
       await import("../runtime/migrations/vbundle-builder.js");
     const result = buildExportVBundle({
-      dbPath: join(testDir, "nonexistent.db"),
-      configPath: testConfigPath,
+      workspaceDir: join(testDir, "nonexistent-workspace"),
     });
     const validationResult = validateVBundle(result.archive);
     expect(validationResult.is_valid).toBe(true);
-    const dbFile = result.manifest.files.find(
-      (f) => f.path === "data/db/assistant.db",
-    );
-    expect(dbFile).toBeDefined();
-    expect(dbFile!.size).toBe(0);
+    expect(result.manifest.files).toHaveLength(0);
   });
-  test("missing config produces valid archive with empty JSON config", async () => {
+  test("workspace walk includes db and config under workspace/ prefix", async () => {
     const { buildExportVBundle } =
       await import("../runtime/migrations/vbundle-builder.js");
     const result = buildExportVBundle({
-      dbPath: testDbPath,
-      configPath: join(testDir, "nonexistent-config.json"),
+      workspaceDir: testDir,
     });
     const validationResult = validateVBundle(result.archive);
     expect(validationResult.is_valid).toBe(true);
+    const dbFile = result.manifest.files.find(
+      (f) => f.path === "workspace/data/db/assistant.db",
+    );
+    expect(dbFile).toBeDefined();
+    expect(dbFile!.size).toBeGreaterThan(0);
     const configFile = result.manifest.files.find(
-      (f) => f.path === "config/settings.json",
+      (f) => f.path === "workspace/config.json",
     );
     expect(configFile).toBeDefined();
-    expect(configFile!.size).toBe(2); // "{}" is 2 bytes
+    expect(configFile!.size).toBeGreaterThan(0);
   });
 });

package/src/__tests__/migration-import-commit-http.test.ts CHANGED Viewed

@@ -48,13 +48,14 @@ function toArrayBuffer(data: Uint8Array): ArrayBuffer {
 const testDir = realpathSync(
   mkdtempSync(join(tmpdir(), "migration-import-commit-http-test-")),
 );
-const testDbDir = join(testDir, "db");
+const testDbDir = join(testDir, "data", "db");
 const testDbPath = join(testDbDir, "assistant.db");
 const testConfigPath = join(testDir, "config.json");
 mock.module("../util/platform.js", () => ({
   getRootDir: () => testDir,
-  getDataDir: () => testDir,
+  getDataDir: () => join(testDir, "data"),
+  getWorkspaceDir: () => testDir,
   getWorkspaceConfigPath: () => testConfigPath,
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
@@ -78,9 +79,8 @@ mock.module("../config/loader.js", () => ({
     model: "test",
     provider: "test",
     memory: { enabled: false },
-    rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
+    rateLimit: { maxRequestsPerMinute: 0 },
     secretDetection: { enabled: false },
-    sandbox: { enabled: false },
   }),
 }));
@@ -377,10 +377,13 @@ describe("handleMigrationImport", () => {
     expect(writtenData).toEqual(newDbData);
   });
-  test("creates backup of existing files before overwriting", async () => {
+  test("workspace is cleared before restore — files are created fresh", async () => {
+    // Only new-format bundles (workspace/ prefix) trigger workspace clearing.
+    // With clearing, existing files are removed before writing, so all files
+    // in the bundle are "created" (not "overwritten") and no backups are made.
     const newDbData = new Uint8Array([0x01, 0x02, 0x03]);
     const vbundle = createValidVBundle([
-      { path: "data/db/assistant.db", data: newDbData },
+      { path: "workspace/data/db/assistant.db", data: newDbData },
     ]);
     const req = new Request("http://localhost/v1/migrations/import", {
       method: "POST",
@@ -392,29 +395,22 @@ describe("handleMigrationImport", () => {
     const body = (await res.json()) as ImportCommitResponse;
     expect(body.success).toBe(true);
-    expect(body.summary.backups_created).toBeGreaterThan(0);
+    expect(body.summary.backups_created).toBe(0);
-    // Verify backup was created
-    const dbFile = body.files.find((f) => f.path === "data/db/assistant.db");
+    const dbFile = body.files.find(
+      (f) => f.path === "workspace/data/db/assistant.db",
+    );
     expect(dbFile).toBeDefined();
-    expect(dbFile!.action).toBe("overwritten");
-    expect(dbFile!.backup_path).not.toBeNull();
-    expect(existsSync(dbFile!.backup_path!)).toBe(true);
-    // Verify backup contains the original data
-    const backupData = new Uint8Array(readFileSync(dbFile!.backup_path!));
-    expect(backupData).toEqual(EXISTING_DB_DATA);
+    expect(dbFile!.action).toBe("created");
   });
-  test("reports correct actions for created and overwritten files", async () => {
-    // Remove the config file so it will be "created" instead of "overwritten"
-    rmSync(testConfigPath, { force: true });
+  test("reports all files as created after workspace clear", async () => {
+    // New-format workspace/ paths trigger clearing — both files are fresh.
     const newDbData = new Uint8Array([0xaa, 0xbb]);
     const newConfigData = new TextEncoder().encode('{"provider":"openai"}');
     const vbundle = createValidVBundle([
-      { path: "data/db/assistant.db", data: newDbData },
-      { path: "config/settings.json", data: newConfigData },
+      { path: "workspace/data/db/assistant.db", data: newDbData },
+      { path: "workspace/config.json", data: newConfigData },
     ]);
     const req = new Request("http://localhost/v1/migrations/import", {
       method: "POST",
@@ -427,14 +423,16 @@ describe("handleMigrationImport", () => {
     expect(body.success).toBe(true);
-    const dbFile = body.files.find((f) => f.path === "data/db/assistant.db");
+    const dbFile = body.files.find(
+      (f) => f.path === "workspace/data/db/assistant.db",
+    );
     const configFile = body.files.find(
-      (f) => f.path === "config/settings.json",
+      (f) => f.path === "workspace/config.json",
     );
-    expect(dbFile!.action).toBe("overwritten");
+    // Both are "created" because workspace was cleared before writing
+    expect(dbFile!.action).toBe("created");
     expect(configFile!.action).toBe("created");
-    expect(configFile!.backup_path).toBeNull();
   });
   test("summary counts match file details", async () => {
@@ -641,7 +639,7 @@ describe("commitImport", () => {
       { path: "data/db/assistant.db", data: newDbData },
     ]);
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const result = commitImport({
       archiveData: vbundle,
       pathResolver: resolver,
@@ -655,7 +653,7 @@ describe("commitImport", () => {
   });
   test("returns validation_failed for invalid bundles", () => {
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const result = commitImport({
       archiveData: new Uint8Array([0xba, 0xad]),
       pathResolver: resolver,
@@ -671,17 +669,16 @@ describe("commitImport", () => {
   });
   test("creates parent directories if they do not exist", () => {
-    // Use a path that does not exist yet
-    const nonexistentDir = join(testDir, "new-subdir");
-    const newDbPath = join(nonexistentDir, "assistant.db");
-    const newConfigPath = join(testDir, "new-config.json");
+    // Use a workspace that does not exist yet
+    const nonexistentWorkspace = join(testDir, "new-workspace");
+    const expectedDbPath = join(nonexistentWorkspace, "data", "db", "assistant.db");
     const dbData = new Uint8Array([0x01, 0x02, 0x03]);
     const vbundle = createValidVBundle([
       { path: "data/db/assistant.db", data: dbData },
     ]);
-    const resolver = new DefaultPathResolver(newDbPath, newConfigPath);
+    const resolver = new DefaultPathResolver(undefined, nonexistentWorkspace);
     const result = commitImport({
       archiveData: vbundle,
       pathResolver: resolver,
@@ -690,11 +687,11 @@ describe("commitImport", () => {
     expect(result.ok).toBe(true);
     if (result.ok) {
       expect(result.report.files[0].action).toBe("created");
-      expect(existsSync(newDbPath)).toBe(true);
+      expect(existsSync(expectedDbPath)).toBe(true);
     }
     // Clean up
-    rmSync(nonexistentDir, { recursive: true, force: true });
+    rmSync(nonexistentWorkspace, { recursive: true, force: true });
   });
   test("post-write integrity: written file SHA-256 matches expected", () => {
@@ -705,7 +702,7 @@ describe("commitImport", () => {
       { path: "data/db/assistant.db", data: newDbData },
     ]);
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const result = commitImport({
       archiveData: vbundle,
       pathResolver: resolver,
@@ -735,7 +732,7 @@ describe("commitImport", () => {
       { path: "config/settings.json", data: newConfigData },
     ]);
-    const resolver = new DefaultPathResolver(testDbPath, testConfigPath);
+    const resolver = new DefaultPathResolver(undefined, testDir);
     const result = commitImport({
       archiveData: vbundle,
       pathResolver: resolver,
@@ -755,6 +752,137 @@ describe("commitImport", () => {
   });
 });
+// ---------------------------------------------------------------------------
+// Workspace clearing tests
+// ---------------------------------------------------------------------------
+describe("commitImport — workspace clearing", () => {
+  const skillsDir = join(testDir, "skills");
+  const hooksDir = join(testDir, "hooks");
+  afterEach(() => {
+    // Restore test fixture files for subsequent tests
+    mkdirSync(testDbDir, { recursive: true });
+    writeFileSync(testDbPath, EXISTING_DB_DATA);
+    writeFileSync(testConfigPath, JSON.stringify(EXISTING_CONFIG, null, 2));
+    // Clean up skills/hooks dirs
+    for (const dir of [skillsDir, hooksDir]) {
+      if (existsSync(dir)) rmSync(dir, { recursive: true, force: true });
+    }
+  });
+  test("clears stale files via workspace clearing (new-format workspace/ entries)", () => {
+    mkdirSync(join(skillsDir, "stale-skill"), { recursive: true });
+    writeFileSync(join(skillsDir, "stale-skill", "SKILL.md"), "stale");
+    const skillData = new TextEncoder().encode("# New Skill");
+    const vbundle = createValidVBundle([
+      { path: "workspace/skills/new-skill/SKILL.md", data: skillData },
+    ]);
+    const resolver = new DefaultPathResolver(undefined, testDir);
+    const result = commitImport({
+      archiveData: vbundle,
+      pathResolver: resolver,
+      workspaceDir: testDir,
+    });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    // New skill written
+    expect(existsSync(join(skillsDir, "new-skill", "SKILL.md"))).toBe(true);
+    expect(readFileSync(join(skillsDir, "new-skill", "SKILL.md"), "utf8")).toBe(
+      "# New Skill",
+    );
+    // Stale skill removed by workspace clearing
+    expect(existsSync(join(skillsDir, "stale-skill"))).toBe(false);
+  });
+  test("old-format skills/ entries do not trigger workspace clearing", () => {
+    mkdirSync(join(skillsDir, "stale-skill"), { recursive: true });
+    writeFileSync(join(skillsDir, "stale-skill", "SKILL.md"), "stale");
+    const skillData = new TextEncoder().encode("# New Skill");
+    const vbundle = createValidVBundle([
+      { path: "skills/new-skill/SKILL.md", data: skillData },
+    ]);
+    const resolver = new DefaultPathResolver(undefined, testDir);
+    const result = commitImport({
+      archiveData: vbundle,
+      pathResolver: resolver,
+      workspaceDir: testDir,
+    });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    // New skill written
+    expect(existsSync(join(skillsDir, "new-skill", "SKILL.md"))).toBe(true);
+    // Stale skill survives — old-format bundles don't trigger workspace clearing
+    expect(existsSync(join(skillsDir, "stale-skill", "SKILL.md"))).toBe(true);
+  });
+  test("hooks/ entries import to hooksDir (not workspace/hooks/)", () => {
+    // Use a separate hooks dir outside the workspace, like production layout
+    const externalHooksDir = join(testDir, ".hooks-external");
+    mkdirSync(externalHooksDir, { recursive: true });
+    const hookData = new TextEncoder().encode("#!/bin/sh\necho new");
+    const vbundle = createValidVBundle([
+      { path: "hooks/new-hook/hook.sh", data: hookData },
+    ]);
+    const resolver = new DefaultPathResolver(undefined, testDir, externalHooksDir);
+    const result = commitImport({
+      archiveData: vbundle,
+      pathResolver: resolver,
+      workspaceDir: testDir,
+    });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    // Hook written to the external hooks dir, not workspace/hooks/
+    expect(existsSync(join(externalHooksDir, "new-hook", "hook.sh"))).toBe(true);
+    expect(
+      readFileSync(join(externalHooksDir, "new-hook", "hook.sh"), "utf8"),
+    ).toBe("#!/bin/sh\necho new");
+    // Cleanup
+    rmSync(externalHooksDir, { recursive: true, force: true });
+  });
+  test("without workspaceDir, no clearing happens", () => {
+    mkdirSync(join(skillsDir, "existing-skill"), { recursive: true });
+    writeFileSync(
+      join(skillsDir, "existing-skill", "SKILL.md"),
+      "should survive",
+    );
+    const vbundle = createValidVBundle([
+      { path: "skills/new-skill/SKILL.md", data: new TextEncoder().encode("new") },
+    ]);
+    const resolver = new DefaultPathResolver(undefined, testDir);
+    // No workspaceDir — no clearing
+    const result = commitImport({
+      archiveData: vbundle,
+      pathResolver: resolver,
+    });
+    expect(result.ok).toBe(true);
+    // Existing skill survives (no workspace clearing without workspaceDir)
+    expect(existsSync(join(skillsDir, "existing-skill", "SKILL.md"))).toBe(
+      true,
+    );
+  });
+});
 // ---------------------------------------------------------------------------
 // Auth policy registration tests
 // ---------------------------------------------------------------------------