npm - @vellumai/assistant - Versions diffs - 0.4.56 → 0.5.0 - Mend

@vellumai/assistant 0.4.56 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (457) hide show

package/ARCHITECTURE.md +10 -10
package/Dockerfile +3 -0
package/README.md +11 -11
package/docs/architecture/integrations.md +2 -2
package/docs/architecture/memory.md +3 -4
package/docs/credential-execution-service.md +13 -20
package/node_modules/@vellumai/ces-contracts/src/error.ts +5 -4
package/package.json +1 -1
package/src/__tests__/actor-token-service.test.ts +7 -7
package/src/__tests__/anthropic-provider.test.ts +172 -0
package/src/__tests__/app-builder-tool-scripts.test.ts +15 -1
package/src/__tests__/approval-cascade.test.ts +2 -2
package/src/__tests__/approval-routes-http.test.ts +3 -4
package/src/__tests__/asset-materialize-tool.test.ts +5 -5
package/src/__tests__/asset-search-tool.test.ts +1 -1
package/src/__tests__/assistant-attachments.test.ts +5 -5
package/src/__tests__/assistant-events-sse-hardening.test.ts +1 -1
package/src/__tests__/assistant-feature-flags-integration.test.ts +50 -38
package/src/__tests__/attachments-store.test.ts +2 -2
package/src/__tests__/avatar-e2e.test.ts +5 -3
package/src/__tests__/browser-skill-endstate.test.ts +0 -1
package/src/__tests__/call-routes-http.test.ts +2 -2
package/src/__tests__/callback-handoff-copy.test.ts +1 -1
package/src/__tests__/cancel-resolves-conversation-key.test.ts +158 -0
package/src/__tests__/channel-readiness-routes.test.ts +0 -1
package/src/__tests__/channel-readiness-service.test.ts +0 -1
package/src/__tests__/checker.test.ts +31 -32
package/src/__tests__/chrome-cdp.test.ts +47 -18
package/src/__tests__/claude-code-skill-regression.test.ts +2 -2
package/src/__tests__/config-schema-cmd.test.ts +2 -2
package/src/__tests__/config-schema.test.ts +9 -18
package/src/__tests__/confirmation-request-guardian-bridge.test.ts +1 -1
package/src/__tests__/conversation-abort-tool-results.test.ts +4 -4
package/src/__tests__/conversation-agent-loop-overflow.test.ts +2 -2
package/src/__tests__/conversation-agent-loop.test.ts +11 -4
package/src/__tests__/conversation-attachments.test.ts +1 -1
package/src/__tests__/conversation-confirmation-signals.test.ts +2 -2
package/src/__tests__/conversation-error.test.ts +33 -0
package/src/__tests__/conversation-init.benchmark.test.ts +0 -1
package/src/__tests__/conversation-load-history-repair.test.ts +1 -1
package/src/__tests__/conversation-pairing.test.ts +1 -1
package/src/__tests__/conversation-pre-run-repair.test.ts +4 -4
package/src/__tests__/conversation-provider-retry-repair.test.ts +4 -4
package/src/__tests__/conversation-queue.test.ts +23 -14
package/src/__tests__/conversation-routes-slash-commands.test.ts +3 -3
package/src/__tests__/conversation-runtime-assembly.test.ts +204 -185
package/src/__tests__/conversation-seed-composer.test.ts +1 -1
package/src/__tests__/conversation-slash-queue.test.ts +4 -4
package/src/__tests__/conversation-slash-unknown.test.ts +4 -4
package/src/__tests__/conversation-starter-routes.test.ts +291 -0
package/src/__tests__/conversation-wipe.test.ts +438 -0
package/src/__tests__/conversation-workspace-cache-state.test.ts +2 -3
package/src/__tests__/conversation-workspace-injection.test.ts +4 -5
package/src/__tests__/conversation-workspace-tool-tracking.test.ts +4 -5
package/src/__tests__/credential-security-e2e.test.ts +20 -0
package/src/__tests__/credential-security-invariants.test.ts +1 -0
package/src/__tests__/credential-vault-unit.test.ts +227 -0
package/src/__tests__/credentials-cli.test.ts +3 -0
package/src/__tests__/date-context.test.ts +59 -377
package/src/__tests__/drop-capability-card-state-migration.test.ts +169 -0
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +11 -45
package/src/__tests__/emit-signal-routing-intent.test.ts +3 -3
package/src/__tests__/encrypted-store.test.ts +249 -15
package/src/__tests__/ephemeral-permissions.test.ts +4 -5
package/src/__tests__/event-bus.test.ts +3 -3
package/src/__tests__/file-read-tool.test.ts +40 -0
package/src/__tests__/gateway-only-enforcement.test.ts +2 -2
package/src/__tests__/gateway-only-guard.test.ts +1 -0
package/src/__tests__/gemini-image-service.test.ts +4 -4
package/src/__tests__/gemini-provider.test.ts +6 -9
package/src/__tests__/guardian-binding-drift-heal.test.ts +128 -0
package/src/__tests__/guardian-dispatch.test.ts +0 -1
package/src/__tests__/host-file-read-tool.test.ts +87 -0
package/src/__tests__/host-shell-tool.test.ts +6 -6
package/src/__tests__/http-user-message-parity.test.ts +2 -2
package/src/__tests__/identity-intro-cache.test.ts +209 -0
package/src/__tests__/intent-routing.test.ts +51 -99
package/src/__tests__/invite-routes-http.test.ts +5 -0
package/src/__tests__/list-messages-attachments.test.ts +1 -1
package/src/__tests__/managed-proxy-context.test.ts +2 -5
package/src/__tests__/managed-skill-lifecycle.test.ts +8 -8
package/src/__tests__/media-generate-image.test.ts +32 -15
package/src/__tests__/media-reuse-story.e2e.test.ts +1 -1
package/src/__tests__/memory-context-benchmark.benchmark.test.ts +1 -1
package/src/__tests__/memory-lifecycle-e2e.test.ts +24 -18
package/src/__tests__/memory-recall-quality.test.ts +4 -3
package/src/__tests__/memory-regressions.test.ts +86 -90
package/src/__tests__/migration-cross-version-compatibility.test.ts +32 -32
package/src/__tests__/migration-export-http.test.ts +26 -27
package/src/__tests__/migration-import-commit-http.test.ts +165 -37
package/src/__tests__/migration-import-preflight-http.test.ts +81 -20
package/src/__tests__/migration-validate-http.test.ts +16 -16
package/src/__tests__/model-intents.test.ts +2 -2
package/src/__tests__/no-domain-routing-in-prompt-guard.test.ts +1 -1
package/src/__tests__/non-member-access-request.test.ts +3 -3
package/src/__tests__/notification-broadcaster.test.ts +1 -1
package/src/__tests__/notification-decision-fallback.test.ts +2 -2
package/src/__tests__/notification-decision-identity.test.ts +8 -9
package/src/__tests__/notification-decision-strategy.test.ts +1 -1
package/src/__tests__/notification-deep-link.test.ts +1 -1
package/src/__tests__/notification-guardian-path.test.ts +0 -1
package/src/__tests__/notification-schedule-dedup.test.ts +7 -7
package/src/__tests__/oauth-store.test.ts +1 -3
package/src/__tests__/oauth2-gateway-transport.test.ts +6 -1
package/src/__tests__/onboarding-template-contract.test.ts +23 -59
package/src/__tests__/provider-error-scenarios.test.ts +154 -0
package/src/__tests__/provider-fail-open-selection.test.ts +2 -2
package/src/__tests__/provider-managed-proxy-integration.test.ts +8 -9
package/src/__tests__/provider-registry-ollama.test.ts +5 -2
package/src/__tests__/qdrant-manager.test.ts +7 -7
package/src/__tests__/ratelimit.test.ts +0 -74
package/src/__tests__/recording-handler.test.ts +0 -1
package/src/__tests__/require-fresh-approval.test.ts +1 -1
package/src/__tests__/runtime-attachment-metadata.test.ts +1 -1
package/src/__tests__/runtime-events-sse-parity.test.ts +1 -1
package/src/__tests__/runtime-events-sse.test.ts +1 -1
package/src/__tests__/scheduler-recurrence.test.ts +46 -2
package/src/__tests__/schema-transforms.test.ts +114 -54
package/src/__tests__/secret-onetime-send.test.ts +20 -0
package/src/__tests__/secret-routes-managed-proxy.test.ts +5 -2
package/src/__tests__/secret-scanner-executor.test.ts +1 -2
package/src/__tests__/send-endpoint-busy.test.ts +63 -4
package/src/__tests__/send-notification-tool.test.ts +2 -2
package/src/__tests__/shell-credential-ref.test.ts +0 -1
package/src/__tests__/shell-tool-proxy-mode.test.ts +1 -2
package/src/__tests__/skill-memory.test.ts +549 -0
package/src/__tests__/skill-script-runner-sandbox.test.ts +1 -2
package/src/__tests__/slack-app-setup-skill-regression.test.ts +37 -0
package/src/__tests__/slack-channel-config.test.ts +109 -94
package/src/__tests__/swarm-conversation-integration.test.ts +2 -2
package/src/__tests__/swarm-recursion.test.ts +2 -2
package/src/__tests__/swarm-tool.test.ts +2 -2
package/src/__tests__/system-prompt.test.ts +19 -66
package/src/__tests__/telegram-config.test.ts +121 -0
package/src/__tests__/terminal-tools.test.ts +1 -1
package/src/__tests__/tool-execution-abort-cleanup.test.ts +1 -2
package/src/__tests__/tool-executor-lifecycle-events.test.ts +1 -1
package/src/__tests__/tool-executor-shell-integration.test.ts +1 -1
package/src/__tests__/tool-executor.test.ts +1 -1
package/src/__tests__/trace-emitter.test.ts +8 -1
package/src/__tests__/trust-store.test.ts +7 -8
package/src/__tests__/twilio-routes.test.ts +1 -18
package/src/__tests__/user-reference.test.ts +82 -2
package/src/__tests__/vbundle-pax-and-symlink.test.ts +196 -0
package/src/__tests__/verification-control-plane-policy.test.ts +1 -1
package/src/approvals/guardian-request-resolvers.ts +3 -3
package/src/avatar/ascii-renderer.ts +2 -2
package/src/avatar/png-renderer.ts +2 -2
package/src/avatar/resvg-lazy.ts +21 -0
package/src/calls/guardian-dispatch.ts +1 -1
package/src/calls/relay-access-wait.ts +2 -2
package/src/calls/twilio-rest.ts +0 -248
package/src/cli/AGENTS.md +5 -8
package/src/cli/__tests__/notifications.test.ts +5 -5
package/src/cli/commands/avatar.ts +64 -2
package/src/cli/commands/conversations.ts +131 -1
package/src/cli/commands/credentials.ts +2 -0
package/src/cli/commands/notifications.ts +3 -3
package/src/cli.ts +10 -0
package/src/config/bundled-skills/acp/SKILL.md +5 -5
package/src/config/bundled-skills/acp/TOOLS.json +6 -6
package/src/config/bundled-skills/app-builder/SKILL.md +42 -42
package/src/config/bundled-skills/app-builder/TOOLS.json +10 -10
package/src/config/bundled-skills/browser/SKILL.md +15 -15
package/src/config/bundled-skills/browser/TOOLS.json +14 -14
package/src/config/bundled-skills/chatgpt-import/SKILL.md +2 -2
package/src/config/bundled-skills/chatgpt-import/TOOLS.json +1 -1
package/src/config/bundled-skills/chatgpt-import/tools/chatgpt-import.ts +1 -1
package/src/config/bundled-skills/claude-code/SKILL.md +5 -5
package/src/config/bundled-skills/computer-use/SKILL.md +2 -2
package/src/config/bundled-skills/computer-use/TOOLS.json +15 -15
package/src/config/bundled-skills/contacts/SKILL.md +3 -3
package/src/config/bundled-skills/contacts/TOOLS.json +4 -4
package/src/config/bundled-skills/document/SKILL.md +4 -4
package/src/config/bundled-skills/document/TOOLS.json +2 -2
package/src/config/bundled-skills/followups/TOOLS.json +3 -3
package/src/config/bundled-skills/gmail/SKILL.md +32 -32
package/src/config/bundled-skills/gmail/TOOLS.json +16 -16
package/src/config/bundled-skills/gmail/tools/gmail-archive.ts +1 -1
package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts +1 -1
package/src/config/bundled-skills/google-calendar/SKILL.md +1 -1
package/src/config/bundled-skills/google-calendar/TOOLS.json +5 -5
package/src/config/bundled-skills/google-calendar/types.ts +1 -1
package/src/config/bundled-skills/heartbeat/SKILL.md +43 -0
package/src/config/bundled-skills/image-studio/SKILL.md +3 -3
package/src/config/bundled-skills/image-studio/TOOLS.json +2 -3
package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +16 -12
package/src/config/bundled-skills/media-processing/SKILL.md +40 -40
package/src/config/bundled-skills/media-processing/TOOLS.json +8 -8
package/src/config/bundled-skills/media-processing/__tests__/concurrency-pool.test.ts +2 -2
package/src/config/bundled-skills/media-processing/__tests__/preprocess.test.ts +1 -1
package/src/config/bundled-skills/media-processing/services/gemini-map.ts +5 -5
package/src/config/bundled-skills/media-processing/services/gemini-video.ts +2 -2
package/src/config/bundled-skills/media-processing/services/preprocess.ts +2 -2
package/src/config/bundled-skills/media-processing/services/processing-pipeline.ts +2 -2
package/src/config/bundled-skills/media-processing/services/reduce.ts +3 -3
package/src/config/bundled-skills/media-processing/tools/generate-clip.ts +2 -2
package/src/config/bundled-skills/media-processing/tools/query-media-events.ts +1 -1
package/src/config/bundled-skills/messaging/SKILL.md +29 -25
package/src/config/bundled-skills/messaging/TOOLS.json +11 -11
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +1 -1
package/src/config/bundled-skills/messaging/tools/shared.ts +1 -1
package/src/config/bundled-skills/notifications/SKILL.md +3 -3
package/src/config/bundled-skills/notifications/TOOLS.json +2 -2
package/src/config/bundled-skills/notifications/tools/send-notification.ts +3 -3
package/src/config/bundled-skills/orchestration/SKILL.md +1 -1
package/src/config/bundled-skills/orchestration/TOOLS.json +1 -1
package/src/config/bundled-skills/phone-calls/SKILL.md +18 -14
package/src/config/bundled-skills/phone-calls/TOOLS.json +3 -3
package/src/config/bundled-skills/phone-calls/references/CONFIG.md +2 -2
package/src/config/bundled-skills/phone-calls/references/TRANSCRIPTS.md +2 -2
package/src/config/bundled-skills/phone-calls/references/TROUBLESHOOTING.md +1 -1
package/src/config/bundled-skills/playbooks/TOOLS.json +4 -4
package/src/config/bundled-skills/schedule/SKILL.md +26 -26
package/src/config/bundled-skills/schedule/TOOLS.json +5 -5
package/src/config/bundled-skills/screen-watch/SKILL.md +3 -3
package/src/config/bundled-skills/screen-watch/TOOLS.json +1 -1
package/src/config/bundled-skills/sequences/SKILL.md +2 -2
package/src/config/bundled-skills/sequences/TOOLS.json +10 -10
package/src/config/bundled-skills/sequences/tools/sequence-analytics.ts +2 -2
package/src/config/bundled-skills/sequences/tools/sequence-enroll.ts +2 -2
package/src/config/bundled-skills/sequences/tools/sequence-enrollment-list.ts +1 -1
package/src/config/bundled-skills/sequences/tools/sequence-get.ts +1 -1
package/src/config/bundled-skills/sequences/tools/sequence-import.ts +3 -3
package/src/config/bundled-skills/sequences/tools/sequence-list.ts +1 -1
package/src/config/bundled-skills/sequences/tools/sequence-update.ts +1 -1
package/src/config/bundled-skills/settings/TOOLS.json +3 -3
package/src/config/bundled-skills/settings/tools/open-system-settings.ts +1 -1
package/src/config/bundled-skills/skill-management/TOOLS.json +5 -5
package/src/config/bundled-skills/skills-catalog/SKILL.md +84 -0
package/src/config/bundled-skills/slack/SKILL.md +2 -2
package/src/config/bundled-skills/slack/TOOLS.json +8 -8
package/src/config/bundled-skills/slack/tools/slack-scan-digest.ts +3 -3
package/src/config/bundled-skills/subagent/TOOLS.json +5 -5
package/src/config/bundled-skills/tasks/SKILL.md +1 -1
package/src/config/bundled-skills/tasks/TOOLS.json +9 -9
package/src/config/bundled-skills/transcribe/SKILL.md +5 -5
package/src/config/bundled-skills/transcribe/TOOLS.json +1 -1
package/src/config/bundled-skills/transcribe/tools/transcribe-media.ts +10 -10
package/src/config/bundled-skills/watcher/SKILL.md +4 -4
package/src/config/bundled-skills/watcher/TOOLS.json +5 -5
package/src/config/feature-flag-registry.json +33 -17
package/src/config/schemas/sandbox.ts +1 -1
package/src/config/schemas/services.ts +13 -3
package/src/config/schemas/timeouts.ts +0 -10
package/src/contacts/contact-store.ts +63 -0
package/src/contacts/contacts-write.ts +1 -1
package/src/daemon/assistant-attachments.ts +2 -2
package/src/daemon/conversation-agent-loop-handlers.ts +2 -2
package/src/daemon/conversation-agent-loop.ts +7 -30
package/src/daemon/conversation-error.ts +24 -0
package/src/daemon/conversation-memory.ts +8 -7
package/src/daemon/conversation-runtime-assembly.ts +141 -275
package/src/daemon/conversation-slash.ts +7 -26
package/src/daemon/conversation-surfaces.ts +14 -0
package/src/daemon/conversation-tool-setup.ts +9 -8
package/src/daemon/conversation.ts +2 -0
package/src/daemon/daemon-control.ts +1 -1
package/src/daemon/date-context.ts +10 -83
package/src/daemon/handlers/config-channels.ts +12 -2
package/src/daemon/handlers/config-slack-channel.ts +7 -1
package/src/daemon/handlers/config-telegram.ts +6 -1
package/src/daemon/handlers/conversations.ts +2 -2
package/src/daemon/handlers/skills.ts +4 -0
package/src/daemon/lifecycle.ts +28 -4
package/src/daemon/providers-setup.ts +1 -1
package/src/daemon/server.ts +1 -5
package/src/daemon/shutdown-handlers.ts +9 -3
package/src/daemon/tool-side-effects.ts +40 -0
package/src/daemon/trace-emitter.ts +26 -2
package/src/events/domain-events.ts +1 -1
package/src/events/tool-permission-telemetry-listener.ts +46 -0
package/src/inbound/platform-callback-registration.ts +0 -18
package/src/media/app-icon-generator.ts +15 -8
package/src/media/avatar-router.ts +15 -8
package/src/media/gemini-image-service.ts +125 -21
package/src/memory/attachments-store.ts +3 -3
package/src/memory/channel-verification-sessions.ts +6 -6
package/src/memory/conversation-crud.ts +196 -1
package/src/memory/{thread-starters-cadence.ts → conversation-starters-cadence.ts} +9 -42
package/src/memory/conversation-title-service.ts +2 -3
package/src/memory/db-init.ts +25 -1
package/src/memory/invite-store.ts +4 -4
package/src/memory/items-extractor.ts +4 -4
package/src/memory/job-handlers/{thread-starters.ts → conversation-starters.ts} +123 -38
package/src/memory/jobs-store.ts +3 -2
package/src/memory/jobs-worker.ts +7 -5
package/src/memory/lifecycle-events-store.ts +63 -0
package/src/memory/migrations/172-rename-created-by-session-id.ts +27 -0
package/src/memory/migrations/173-rename-source-session-id.ts +16 -0
package/src/memory/migrations/174-rename-thread-starters-table.ts +52 -0
package/src/memory/migrations/175-create-lifecycle-events.ts +15 -0
package/src/memory/migrations/176-drop-capability-card-state.ts +36 -0
package/src/memory/migrations/177-create-trace-events-table.ts +40 -0
package/src/memory/migrations/index.ts +6 -0
package/src/memory/migrations/registry.ts +13 -0
package/src/memory/retriever.test.ts +223 -96
package/src/memory/retriever.ts +115 -138
package/src/memory/schema/calls.ts +1 -1
package/src/memory/schema/contacts.ts +1 -1
package/src/memory/schema/infrastructure.ts +29 -0
package/src/memory/schema/memory-core.ts +7 -17
package/src/memory/schema/notifications.ts +1 -1
package/src/memory/search/formatting.ts +23 -6
package/src/memory/search/lexical.ts +2 -0
package/src/memory/search/semantic.ts +2 -0
package/src/memory/search/staleness.ts +5 -1
package/src/memory/search/types.ts +4 -0
package/src/memory/task-memory-cleanup.ts +96 -6
package/src/memory/trace-event-store.ts +148 -0
package/src/notifications/README.md +1 -1
package/src/notifications/decision-engine.ts +45 -4
package/src/notifications/emit-signal.ts +5 -4
package/src/notifications/events-store.ts +4 -4
package/src/notifications/signal.ts +1 -1
package/src/oauth/manual-token-connection.ts +49 -25
package/src/permissions/checker.ts +6 -5
package/src/permissions/defaults.ts +4 -4
package/src/prompts/__tests__/build-cli-reference-section.test.ts +9 -90
package/src/prompts/cache-boundary.ts +8 -0
package/src/prompts/system-prompt.ts +105 -634
package/src/prompts/templates/BOOTSTRAP.md +172 -33
package/src/prompts/templates/IDENTITY.md +8 -24
package/src/prompts/templates/SOUL.md +20 -41
package/src/prompts/templates/USER.md +3 -19
package/src/prompts/user-reference.ts +14 -16
package/src/providers/anthropic/client.ts +51 -19
package/src/providers/gemini/client.ts +6 -9
package/src/providers/managed-proxy/constants.ts +1 -7
package/src/providers/managed-proxy/context.ts +0 -1
package/src/providers/model-intents.ts +5 -5
package/src/providers/openai/client.ts +10 -1
package/src/providers/openrouter/client.ts +1 -0
package/src/providers/ratelimit.ts +0 -35
package/src/providers/registry.ts +3 -5
package/src/providers/retry.ts +18 -1
package/src/runtime/access-request-helper.ts +16 -2
package/src/runtime/auth/route-policy.ts +7 -0
package/src/runtime/channel-verification-service.ts +1 -1
package/src/runtime/confirmation-request-guardian-bridge.ts +1 -1
package/src/runtime/guardian-vellum-migration.ts +61 -1
package/src/runtime/http-server.ts +8 -4
package/src/runtime/migrations/vbundle-builder.ts +212 -32
package/src/runtime/migrations/vbundle-import-analyzer.ts +74 -8
package/src/runtime/migrations/vbundle-importer.ts +66 -1
package/src/runtime/migrations/vbundle-validator.ts +17 -3
package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts +4 -4
package/src/runtime/routes/attachment-routes.ts +2 -2
package/src/runtime/routes/btw-routes.ts +93 -0
package/src/runtime/routes/channel-verification-routes.ts +19 -2
package/src/runtime/routes/conversation-management-routes.ts +55 -1
package/src/runtime/routes/conversation-query-routes.ts +1 -1
package/src/runtime/routes/conversation-routes.ts +49 -5
package/src/runtime/routes/conversation-starter-routes.ts +207 -0
package/src/runtime/routes/guardian-bootstrap-routes.ts +13 -9
package/src/runtime/routes/identity-intro-cache.ts +105 -0
package/src/runtime/routes/identity-routes.ts +51 -0
package/src/runtime/routes/inbound-stages/escalation-intercept.ts +1 -1
package/src/runtime/routes/inbound-stages/verification-intercept.ts +1 -1
package/src/runtime/routes/migration-routes.ts +25 -13
package/src/runtime/routes/secret-routes.ts +18 -0
package/src/runtime/routes/settings-routes.ts +9 -9
package/src/runtime/routes/telemetry-routes.ts +53 -0
package/src/runtime/routes/trace-event-routes.ts +62 -0
package/src/runtime/tool-grant-request-helper.ts +1 -1
package/src/runtime/verification-outbound-actions.ts +47 -31
package/src/security/encrypted-store.ts +262 -78
package/src/skills/catalog-install.ts +10 -0
package/src/skills/managed-store.ts +2 -0
package/src/skills/skill-memory.ts +222 -0
package/src/subagent/manager.ts +1 -4
package/src/telemetry/types.ts +10 -1
package/src/telemetry/usage-telemetry-reporter.test.ts +7 -2
package/src/telemetry/usage-telemetry-reporter.ts +53 -4
package/src/tools/AGENTS.md +11 -11
package/src/tools/acp/spawn.ts +1 -1
package/src/tools/apps/executors.ts +8 -8
package/src/tools/apps/registry.ts +1 -1
package/src/tools/assets/materialize.ts +6 -6
package/src/tools/assets/search.ts +10 -10
package/src/tools/browser/__tests__/auth-cache.test.ts +2 -2
package/src/tools/browser/__tests__/auth-detector.test.ts +4 -4
package/src/tools/browser/auth-detector.ts +6 -6
package/src/tools/browser/browser-execution.ts +13 -13
package/src/tools/browser/browser-manager.ts +3 -3
package/src/tools/browser/chrome-cdp.ts +5 -5
package/src/tools/browser/jit-auth.ts +2 -2
package/src/tools/browser/network-recorder.test.ts +2 -2
package/src/tools/browser/network-recorder.ts +3 -3
package/src/tools/browser/runtime-check.ts +3 -3
package/src/tools/claude-code/claude-code.ts +2 -2
package/src/tools/computer-use/definitions.ts +18 -18
package/src/tools/credential-execution/make-authenticated-request.ts +4 -4
package/src/tools/credential-execution/manage-secure-command-tool.ts +3 -3
package/src/tools/credential-execution/run-authenticated-command.ts +4 -4
package/src/tools/credentials/broker-types.ts +5 -5
package/src/tools/credentials/broker.ts +15 -15
package/src/tools/credentials/metadata-store.ts +2 -2
package/src/tools/credentials/resolve.ts +1 -1
package/src/tools/credentials/selection.ts +1 -1
package/src/tools/credentials/tool-policy.ts +1 -1
package/src/tools/credentials/vault.ts +115 -25
package/src/tools/execution-target.ts +2 -2
package/src/tools/executor.ts +7 -7
package/src/tools/filesystem/edit.ts +2 -2
package/src/tools/filesystem/read.ts +15 -4
package/src/tools/filesystem/write.ts +1 -1
package/src/tools/host-filesystem/edit.ts +2 -1
package/src/tools/host-filesystem/read.ts +18 -1
package/src/tools/host-filesystem/write.ts +1 -1
package/src/tools/host-terminal/host-shell.ts +9 -8
package/src/tools/mcp/mcp-tool-factory.ts +7 -6
package/src/tools/memory/definitions.ts +6 -5
package/src/tools/memory/handlers.test.ts +1 -1
package/src/tools/network/__tests__/web-search.test.ts +3 -3
package/src/tools/network/domain-normalize.ts +2 -2
package/src/tools/network/script-proxy/session-manager.ts +10 -10
package/src/tools/network/web-fetch.ts +1 -1
package/src/tools/network/web-search.ts +3 -3
package/src/tools/permission-checker.ts +8 -8
package/src/tools/registry.ts +7 -7
package/src/tools/schedule/list.ts +2 -2
package/src/tools/schema-transforms.ts +31 -21
package/src/tools/secret-detection-handler.ts +1 -1
package/src/tools/sensitive-output-placeholders.ts +1 -1
package/src/tools/shared/filesystem/edit-engine.ts +1 -1
package/src/tools/shared/filesystem/file-ops-service.ts +3 -3
package/src/tools/shared/filesystem/image-read.ts +25 -5
package/src/tools/shared/filesystem/path-policy.ts +2 -2
package/src/tools/shared/shell-output.ts +1 -1
package/src/tools/side-effects.ts +1 -1
package/src/tools/skills/execute.ts +1 -1
package/src/tools/skills/load.ts +3 -3
package/src/tools/skills/sandbox-runner.ts +3 -3
package/src/tools/subagent/read.ts +1 -1
package/src/tools/subagent/spawn.ts +2 -2
package/src/tools/swarm/delegate.ts +3 -3
package/src/tools/system/request-permission.ts +5 -4
package/src/tools/terminal/backends/native.ts +4 -4
package/src/tools/terminal/parser.ts +6 -6
package/src/tools/terminal/sandbox-diagnostics.ts +1 -1
package/src/tools/terminal/shell.ts +16 -16
package/src/tools/tool-approval-handler.ts +21 -12
package/src/tools/tool-manifest.ts +4 -4
package/src/tools/types.ts +3 -3
package/src/tools/ui-surface/definitions.ts +9 -37
package/src/tools/watcher/list.ts +1 -1
package/src/util/logger.ts +7 -2
package/src/util/pricing.ts +4 -0
package/src/util/retry.ts +29 -1
package/src/workspace/migrations/007-web-search-provider-rename.ts +37 -0
package/src/workspace/migrations/registry.ts +2 -0
package/src/__tests__/cli-help-reference-sync.test.ts +0 -26
package/src/__tests__/onboarding-starter-tasks.test.ts +0 -190
package/src/cli/reference.ts +0 -38
package/src/memory/job-handlers/capability-cards.ts +0 -420
package/src/runtime/routes/thread-starter-routes.ts +0 -294

package/src/__tests__/send-endpoint-busy.test.ts CHANGED Viewed

@@ -16,7 +16,10 @@ mock.module("../config/env.js", () => ({ isHttpAuthDisabled: () => true }));
 import { createGuardianBinding } from "../contacts/contacts-write.js";
 import type { Conversation } from "../daemon/conversation.js";
 import type { ServerMessage } from "../daemon/message-protocol.js";
-import { createCanonicalGuardianRequest } from "../memory/canonical-guardian-store.js";
+import {
+  createCanonicalGuardianRequest,
+  getCanonicalGuardianRequest,
+} from "../memory/canonical-guardian-store.js";
 import { getOrCreateConversation } from "../memory/conversation-key-store.js";
 const testDir = realpathSync(
@@ -49,7 +52,7 @@ mock.module("../config/loader.js", () => ({
     model: "test",
     provider: "test",
     memory: { enabled: false },
-    rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
+    rateLimit: { maxRequestsPerMinute: 0 },
     secretDetection: { enabled: false },
     contextWindow: { maxInputTokens: 200000 },
     services: {
@@ -61,9 +64,9 @@ mock.module("../config/loader.js", () => ({
       "image-generation": {
         mode: "your-own",
         provider: "gemini",
-        model: "gemini-2.5-flash-image",
+        model: "gemini-3.1-flash-image-preview",
       },
-      "web-search": { mode: "your-own", provider: "anthropic-native" },
+      "web-search": { mode: "your-own", provider: "inference-provider-native" },
     },
   }),
 }));
@@ -896,4 +899,60 @@ describe("POST /v1/messages — queue-if-busy and hub publishing", () => {
     await stopServer();
   });
+  test("auto-deny resolves canonical guardian request so stale records do not cause pending_interaction_not_found", async () => {
+    const conversationKey = "conv-auto-deny-canonical";
+    const { conversationId } = getOrCreateConversation(conversationKey);
+    const requestId = "req-auto-deny-canonical";
+    // Step 1: Create a pending approval conversation with a canonical request.
+    const { conversation, denyAllPendingConfirmationsMock } =
+      makePendingApprovalConversation(requestId, false);
+    pendingInteractions.register(requestId, {
+      conversation,
+      conversationId,
+      kind: "confirmation",
+    });
+    createCanonicalGuardianRequest({
+      id: requestId,
+      kind: "tool_approval",
+      sourceType: "desktop",
+      sourceChannel: "vellum",
+      conversationId,
+      toolName: "bash",
+      guardianPrincipalId: "test-principal-id",
+      status: "pending",
+      requestCode: "STALE1",
+      expiresAt: Date.now() + 5 * 60 * 1000,
+    });
+    await startServer(() => conversation);
+    // Step 2: Send a non-approval message to trigger auto-deny of the
+    // pending confirmation. "do something else" is not an approval phrase,
+    // so tryConsumeCanonicalGuardianReply won't consume it, and the
+    // auto-deny path will fire.
+    const res = await fetch(messagesUrl(), {
+      method: "POST",
+      headers: { "Content-Type": "application/json", ...AUTH_HEADERS },
+      body: JSON.stringify({
+        conversationKey,
+        content: "do something else instead",
+        sourceChannel: "vellum",
+        interface: "macos",
+      }),
+    });
+    expect(res.status).toBe(202);
+    expect(denyAllPendingConfirmationsMock).toHaveBeenCalledTimes(1);
+    // Step 3: Verify the canonical guardian request was resolved to "denied".
+    // Without the fix, this would remain "pending", causing
+    // pending_interaction_not_found errors on subsequent "yes" messages.
+    const canonicalRequest = getCanonicalGuardianRequest(requestId);
+    expect(canonicalRequest).toBeDefined();
+    expect(canonicalRequest!.status).toBe("denied");
+    await stopServer();
+  });
 });

package/src/__tests__/send-notification-tool.test.ts CHANGED Viewed

@@ -39,7 +39,7 @@ describe("send-notification tool", () => {
     expect(emitNotificationSignalMock).toHaveBeenCalledWith({
       sourceEventName: "user.send_notification",
       sourceChannel: "assistant_tool",
-      sourceSessionId: "conv-override",
+      sourceContextId: "conv-override",
       attentionHints: {
         requiresAction: true,
         urgency: "high",
@@ -50,7 +50,7 @@ describe("send-notification tool", () => {
       contextPayload: {
         requestedMessage: "Your verification code is 123456",
         requestedByTool: "send_notification",
-        requestedBySessionId: "conv-1",
+        requestedByContextId: "conv-1",
         requestedTitle: "Verification code",
         requestedByConversationId: "conv-override",
         preferredChannels: ["vellum"],

package/src/__tests__/shell-credential-ref.test.ts CHANGED Viewed

@@ -23,7 +23,6 @@ mock.module("../config/loader.js", () => ({
     ui: {},
     timeouts: { shellDefaultTimeoutSec: 120, shellMaxTimeoutSec: 600 },
-    sandbox: { enabled: false, backend: "none" },
     secretDetection: { allowOneTimeSend: false },
   }),
 }));

package/src/__tests__/shell-tool-proxy-mode.test.ts CHANGED Viewed

@@ -34,8 +34,7 @@ const mockConfig = {
     shellMaxTimeoutSec: 600,
     permissionTimeoutSec: 300,
   },
-  sandbox: { enabled: false },
-  rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
+  rateLimit: { maxRequestsPerMinute: 0 },
   secretDetection: {
     enabled: true,
     action: "warn" as const,

package/src/__tests__/skill-memory.test.ts ADDED Viewed

@@ -0,0 +1,549 @@
+import { mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
+import { eq } from "drizzle-orm";
+const testDir = mkdtempSync(join(tmpdir(), "skill-memory-"));
+mock.module("../util/platform.js", () => ({
+  getDataDir: () => testDir,
+  isMacOS: () => process.platform === "darwin",
+  isLinux: () => process.platform === "linux",
+  isWindows: () => process.platform === "win32",
+  getPidPath: () => join(testDir, "test.pid"),
+  getDbPath: () => join(testDir, "test.db"),
+  getLogPath: () => join(testDir, "test.log"),
+  ensureDataDir: () => {},
+  getWorkspaceSkillsDir: () => join(testDir, "skills"),
+  getWorkspaceConfigPath: () => join(testDir, "config.json"),
+  readPlatformToken: () => undefined,
+}));
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+mock.module("../memory/qdrant-client.js", () => ({
+  getQdrantClient: () => ({
+    searchWithFilter: async () => [],
+    hybridSearch: async () => [],
+    upsertPoints: async () => {},
+    deletePoints: async () => {},
+  }),
+  initQdrantClient: () => {},
+}));
+// Controllable mock for resolveCatalog used by seedCatalogSkillMemories
+let mockResolveCatalog: () => Promise<
+  import("../skills/catalog-install.js").CatalogSkill[]
+> = async () => [];
+mock.module("../skills/catalog-install.js", () => ({
+  resolveCatalog: (..._args: unknown[]) => mockResolveCatalog(),
+}));
+// Controllable mock for isAssistantFeatureFlagEnabled used by seedCatalogSkillMemories
+let mockIsFeatureFlagEnabled: (key: string) => boolean = () => true;
+mock.module("../config/assistant-feature-flags.js", () => ({
+  isAssistantFeatureFlagEnabled: (key: string, _config: unknown) =>
+    mockIsFeatureFlagEnabled(key),
+  getAssistantFeatureFlagDefaults: () => ({}),
+}));
+import { DEFAULT_CONFIG } from "../config/defaults.js";
+const TEST_CONFIG = {
+  ...DEFAULT_CONFIG,
+  memory: {
+    ...DEFAULT_CONFIG.memory,
+    enabled: true,
+    extraction: {
+      ...DEFAULT_CONFIG.memory.extraction,
+      useLLM: false,
+    },
+  },
+};
+mock.module("../config/loader.js", () => ({
+  loadConfig: () => TEST_CONFIG,
+  getConfig: () => TEST_CONFIG,
+  loadRawConfig: () => ({}),
+  saveRawConfig: () => {},
+  invalidateConfigCache: () => {},
+}));
+import { getDb, initializeDb, resetDb } from "../memory/db.js";
+import { memoryItems, memoryJobs } from "../memory/schema.js";
+import type { CatalogSkill } from "../skills/catalog-install.js";
+import {
+  buildCapabilityStatement,
+  deleteSkillCapabilityMemory,
+  seedCatalogSkillMemories,
+  upsertSkillCapabilityMemory,
+} from "../skills/skill-memory.js";
+initializeDb();
+afterAll(() => {
+  resetDb();
+  try {
+    rmSync(testDir, { recursive: true });
+  } catch {
+    // best effort cleanup
+  }
+});
+function resetTables() {
+  const db = getDb();
+  db.run("DELETE FROM memory_item_sources");
+  db.run("DELETE FROM memory_embeddings");
+  db.run("DELETE FROM memory_items");
+  db.run("DELETE FROM memory_jobs");
+}
+function makeSkill(overrides: Partial<CatalogSkill> = {}): CatalogSkill {
+  return {
+    id: "test-skill",
+    name: "Test Skill",
+    description: "A skill for testing",
+    ...overrides,
+  };
+}
+// ─── buildCapabilityStatement ────────────────────────────────────────────────
+describe("buildCapabilityStatement", () => {
+  test("includes display name, id, and description", () => {
+    const entry = makeSkill({
+      metadata: { vellum: { "display-name": "My Skill" } },
+    });
+    const result = buildCapabilityStatement(entry);
+    expect(result).toContain('"My Skill"');
+    expect(result).toContain("(test-skill)");
+    expect(result).toContain("A skill for testing");
+  });
+  test("includes activation hints when present", () => {
+    const entry = makeSkill({
+      metadata: {
+        vellum: {
+          "display-name": "My Skill",
+          "activation-hints": ["user asks to search", "needs web data"],
+        },
+      },
+    });
+    const result = buildCapabilityStatement(entry);
+    expect(result).toContain("Use when:");
+    expect(result).toContain("user asks to search");
+    expect(result).toContain("needs web data");
+  });
+  test("works without metadata (falls back to name)", () => {
+    const entry = makeSkill({ metadata: undefined });
+    const result = buildCapabilityStatement(entry);
+    expect(result).toContain('"Test Skill"');
+    expect(result).toContain("(test-skill)");
+    expect(result).toContain("A skill for testing");
+  });
+  test("truncates long statements to 500 chars", () => {
+    const longDesc = "x".repeat(600);
+    const entry = makeSkill({ description: longDesc });
+    const result = buildCapabilityStatement(entry);
+    expect(result.length).toBe(500);
+  });
+});
+// ─── upsertSkillCapabilityMemory ─────────────────────────────────────────────
+describe("upsertSkillCapabilityMemory", () => {
+  beforeEach(resetTables);
+  test("inserts with correct kind, subject, confidence, importance", () => {
+    const entry = makeSkill();
+    upsertSkillCapabilityMemory("test-skill", entry);
+    const db = getDb();
+    const items = db.select().from(memoryItems).all();
+    expect(items).toHaveLength(1);
+    expect(items[0].kind).toBe("capability");
+    expect(items[0].subject).toBe("skill:test-skill");
+    expect(items[0].confidence).toBe(1.0);
+    expect(items[0].importance).toBe(0.7);
+    expect(items[0].status).toBe("active");
+    expect(items[0].scopeId).toBe("default");
+    // Should also enqueue an embed_item job
+    const jobs = db.select().from(memoryJobs).all();
+    expect(jobs).toHaveLength(1);
+    expect(jobs[0].type).toBe("embed_item");
+  });
+  test("is idempotent (same entry only touches lastSeenAt)", () => {
+    const entry = makeSkill();
+    upsertSkillCapabilityMemory("test-skill", entry);
+    const db = getDb();
+    const before = db.select().from(memoryItems).all();
+    expect(before).toHaveLength(1);
+    const originalLastSeen = before[0].lastSeenAt;
+    // Upsert again
+    upsertSkillCapabilityMemory("test-skill", entry);
+    const after = db.select().from(memoryItems).all();
+    expect(after).toHaveLength(1);
+    // Fingerprint should be the same, so only lastSeenAt changes
+    expect(after[0].fingerprint).toBe(before[0].fingerprint);
+    expect(after[0].lastSeenAt).toBeGreaterThanOrEqual(originalLastSeen);
+    // Should NOT enqueue a second embed job (only 1 from initial insert)
+    const jobs = db.select().from(memoryJobs).all();
+    expect(jobs).toHaveLength(1);
+  });
+  test("updates statement when description changes", () => {
+    const entry = makeSkill({ description: "Original description" });
+    upsertSkillCapabilityMemory("test-skill", entry);
+    const db = getDb();
+    const before = db.select().from(memoryItems).all();
+    expect(before).toHaveLength(1);
+    expect(before[0].statement).toContain("Original description");
+    // Change description
+    const updatedEntry = makeSkill({ description: "Updated description" });
+    upsertSkillCapabilityMemory("test-skill", updatedEntry);
+    const after = db.select().from(memoryItems).all();
+    expect(after).toHaveLength(1);
+    expect(after[0].statement).toContain("Updated description");
+    expect(after[0].fingerprint).not.toBe(before[0].fingerprint);
+    // Should enqueue a second embed job
+    const jobs = db.select().from(memoryJobs).all();
+    expect(jobs).toHaveLength(2);
+  });
+  test("reactivates soft-deleted items", () => {
+    const entry = makeSkill();
+    upsertSkillCapabilityMemory("test-skill", entry);
+    const db = getDb();
+    // Soft-delete the item
+    db.update(memoryItems)
+      .set({ status: "deleted" })
+      .where(eq(memoryItems.subject, "skill:test-skill"))
+      .run();
+    const deleted = db.select().from(memoryItems).all();
+    expect(deleted[0].status).toBe("deleted");
+    // Clear jobs from initial insert
+    db.run("DELETE FROM memory_jobs");
+    // Upsert again — should reactivate
+    upsertSkillCapabilityMemory("test-skill", entry);
+    const reactivated = db.select().from(memoryItems).all();
+    expect(reactivated).toHaveLength(1);
+    expect(reactivated[0].status).toBe("active");
+    // Should enqueue embed job for reactivated item
+    const jobs = db.select().from(memoryJobs).all();
+    expect(jobs).toHaveLength(1);
+    expect(jobs[0].type).toBe("embed_item");
+  });
+  test("does not throw on DB error", () => {
+    // Close the DB connection to force errors, then reinitialize
+    resetDb();
+    // getDb() will create a new connection, but we can force a DB error by
+    // dropping the table it reads from. Use a fresh DB without initialization.
+    // Instead, verify the try/catch by closing and reopening:
+    // resetDb closes the connection; getDb lazily reconnects.
+    // We drop the memory_items table to force an error on the next query.
+    const db = getDb();
+    db.run("DROP TABLE IF EXISTS memory_items");
+    expect(() => {
+      upsertSkillCapabilityMemory("test-skill", makeSkill());
+    }).not.toThrow();
+    // Restore DB state for subsequent tests
+    resetDb();
+    initializeDb();
+  });
+});
+// ─── deleteSkillCapabilityMemory ─────────────────────────────────────────────
+describe("deleteSkillCapabilityMemory", () => {
+  beforeEach(resetTables);
+  test("soft-deletes matching item", () => {
+    const entry = makeSkill();
+    upsertSkillCapabilityMemory("test-skill", entry);
+    const db = getDb();
+    const before = db.select().from(memoryItems).all();
+    expect(before).toHaveLength(1);
+    expect(before[0].status).toBe("active");
+    deleteSkillCapabilityMemory("test-skill");
+    const after = db.select().from(memoryItems).all();
+    expect(after).toHaveLength(1);
+    expect(after[0].status).toBe("deleted");
+  });
+  test("is no-op for missing item", () => {
+    // Should not throw when no matching item exists
+    expect(() => {
+      deleteSkillCapabilityMemory("nonexistent-skill");
+    }).not.toThrow();
+    const db = getDb();
+    const items = db.select().from(memoryItems).all();
+    expect(items).toHaveLength(0);
+  });
+  test("does not throw on DB error", () => {
+    // Close and reopen DB, then drop the table to force a query error
+    resetDb();
+    const db = getDb();
+    db.run("DROP TABLE IF EXISTS memory_items");
+    expect(() => {
+      deleteSkillCapabilityMemory("test-skill");
+    }).not.toThrow();
+    // Restore DB state for subsequent tests
+    resetDb();
+    initializeDb();
+  });
+});
+// ─── seedCatalogSkillMemories ─────────────────────────────────────────────
+describe("seedCatalogSkillMemories", () => {
+  beforeEach(() => {
+    resetTables();
+    // Reset mocks to defaults
+    mockResolveCatalog = async () => [];
+    mockIsFeatureFlagEnabled = () => true;
+  });
+  test("upserts capability memories for all catalog entries", async () => {
+    const skills: CatalogSkill[] = [
+      makeSkill({ id: "skill-a", name: "Skill A", description: "Does A" }),
+      makeSkill({ id: "skill-b", name: "Skill B", description: "Does B" }),
+      makeSkill({ id: "skill-c", name: "Skill C", description: "Does C" }),
+    ];
+    mockResolveCatalog = async () => skills;
+    await seedCatalogSkillMemories();
+    const db = getDb();
+    const items = db
+      .select()
+      .from(memoryItems)
+      .where(eq(memoryItems.kind, "capability"))
+      .all();
+    expect(items).toHaveLength(3);
+    const subjects = items.map((i) => i.subject).sort();
+    expect(subjects).toEqual([
+      "skill:skill-a",
+      "skill:skill-b",
+      "skill:skill-c",
+    ]);
+    // All should be active
+    for (const item of items) {
+      expect(item.status).toBe("active");
+    }
+  });
+  test("prunes stale capabilities for skills no longer in catalog", async () => {
+    // First seed with three skills
+    const initialSkills: CatalogSkill[] = [
+      makeSkill({ id: "skill-a", name: "Skill A", description: "Does A" }),
+      makeSkill({ id: "skill-b", name: "Skill B", description: "Does B" }),
+      makeSkill({ id: "skill-c", name: "Skill C", description: "Does C" }),
+    ];
+    mockResolveCatalog = async () => initialSkills;
+    await seedCatalogSkillMemories();
+    const db = getDb();
+    const beforeItems = db
+      .select()
+      .from(memoryItems)
+      .where(eq(memoryItems.kind, "capability"))
+      .all();
+    expect(beforeItems).toHaveLength(3);
+    expect(beforeItems.every((i) => i.status === "active")).toBe(true);
+    // Now seed with only skill-a — skill-b and skill-c should be pruned
+    mockResolveCatalog = async () => [
+      makeSkill({ id: "skill-a", name: "Skill A", description: "Does A" }),
+    ];
+    await seedCatalogSkillMemories();
+    const afterItems = db
+      .select()
+      .from(memoryItems)
+      .where(eq(memoryItems.kind, "capability"))
+      .all();
+    expect(afterItems).toHaveLength(3); // still 3 rows, but 2 are soft-deleted
+    const active = afterItems.filter((i) => i.status === "active");
+    const deleted = afterItems.filter((i) => i.status === "deleted");
+    expect(active).toHaveLength(1);
+    expect(active[0].subject).toBe("skill:skill-a");
+    expect(deleted).toHaveLength(2);
+    const deletedSubjects = deleted.map((i) => i.subject).sort();
+    expect(deletedSubjects).toEqual(["skill:skill-b", "skill:skill-c"]);
+  });
+  test("handles empty catalog without errors", async () => {
+    // Pre-populate a skill so we can verify it gets pruned
+    upsertSkillCapabilityMemory(
+      "existing-skill",
+      makeSkill({ id: "existing-skill" }),
+    );
+    const db = getDb();
+    const beforeItems = db.select().from(memoryItems).all();
+    expect(beforeItems).toHaveLength(1);
+    expect(beforeItems[0].status).toBe("active");
+    // Seed with empty catalog
+    mockResolveCatalog = async () => [];
+    await seedCatalogSkillMemories();
+    // The existing skill should be pruned (soft-deleted)
+    const afterItems = db.select().from(memoryItems).all();
+    expect(afterItems).toHaveLength(1);
+    expect(afterItems[0].status).toBe("deleted");
+  });
+  test("does not throw when resolveCatalog rejects", async () => {
+    mockResolveCatalog = async () => {
+      throw new Error("Network failure");
+    };
+    // Best-effort: should not propagate the error
+    await expect(seedCatalogSkillMemories()).resolves.toBeUndefined();
+  });
+  test("skips skills whose feature flag is disabled", async () => {
+    const skills: CatalogSkill[] = [
+      makeSkill({
+        id: "unflagged-skill",
+        name: "Unflagged",
+        description: "No flag",
+      }),
+      makeSkill({
+        id: "flagged-skill",
+        name: "Flagged",
+        description: "Has flag",
+        metadata: { vellum: { "feature-flag": "my_gated_feature" } },
+      }),
+    ];
+    mockResolveCatalog = async () => skills;
+    // Disable the feature flag for the flagged skill
+    mockIsFeatureFlagEnabled = (key: string) =>
+      key !== "feature_flags.my_gated_feature.enabled";
+    await seedCatalogSkillMemories();
+    const db = getDb();
+    const items = db
+      .select()
+      .from(memoryItems)
+      .where(eq(memoryItems.kind, "capability"))
+      .all();
+    // Only the unflagged skill should have a capability row
+    expect(items).toHaveLength(1);
+    expect(items[0].subject).toBe("skill:unflagged-skill");
+    expect(items[0].status).toBe("active");
+  });
+  test("prunes pre-existing capability for a skill whose flag becomes disabled", async () => {
+    // First seed with both skills, all flags enabled
+    const skills: CatalogSkill[] = [
+      makeSkill({
+        id: "unflagged-skill",
+        name: "Unflagged",
+        description: "No flag",
+      }),
+      makeSkill({
+        id: "flagged-skill",
+        name: "Flagged",
+        description: "Has flag",
+        metadata: { vellum: { "feature-flag": "my_gated_feature" } },
+      }),
+    ];
+    mockResolveCatalog = async () => skills;
+    mockIsFeatureFlagEnabled = () => true;
+    await seedCatalogSkillMemories();
+    const db = getDb();
+    const beforeItems = db
+      .select()
+      .from(memoryItems)
+      .where(eq(memoryItems.kind, "capability"))
+      .all();
+    expect(beforeItems).toHaveLength(2);
+    expect(beforeItems.every((i) => i.status === "active")).toBe(true);
+    // Now disable the flag — the flagged skill should be pruned
+    mockIsFeatureFlagEnabled = (key: string) =>
+      key !== "feature_flags.my_gated_feature.enabled";
+    await seedCatalogSkillMemories();
+    const afterItems = db
+      .select()
+      .from(memoryItems)
+      .where(eq(memoryItems.kind, "capability"))
+      .all();
+    expect(afterItems).toHaveLength(2); // still 2 rows, but one soft-deleted
+    const active = afterItems.filter((i) => i.status === "active");
+    const deleted = afterItems.filter((i) => i.status === "deleted");
+    expect(active).toHaveLength(1);
+    expect(active[0].subject).toBe("skill:unflagged-skill");
+    expect(deleted).toHaveLength(1);
+    expect(deleted[0].subject).toBe("skill:flagged-skill");
+  });
+  test("does not throw on DB error during pruning", async () => {
+    mockResolveCatalog = async () => [
+      makeSkill({ id: "skill-a", name: "Skill A", description: "Does A" }),
+    ];
+    // Drop memory_items to force a DB error during the prune phase
+    resetDb();
+    const db = getDb();
+    db.run("DROP TABLE IF EXISTS memory_items");
+    await expect(seedCatalogSkillMemories()).resolves.toBeUndefined();
+    // Restore DB state for subsequent tests
+    resetDb();
+    initializeDb();
+  });
+});

package/src/__tests__/skill-script-runner-sandbox.test.ts CHANGED Viewed

@@ -17,8 +17,7 @@ const mockConfig = {
     shellMaxTimeoutSec: 600,
     permissionTimeoutSec: 300,
   },
-  sandbox: { enabled: false },
-  rateLimit: { maxRequestsPerMinute: 0, maxTokensPerSession: 0 },
+  rateLimit: { maxRequestsPerMinute: 0 },
   secretDetection: {
     enabled: true,
     action: "warn" as const,