@vellumai/assistant 0.5.0 → 0.5.2

package/src/__tests__/media-visibility-policy.test.ts

@@ -1,190 +0,0 @@
-import { describe, expect, test } from "bun:test";
-
-import {
-  type AttachmentContext,
-  filterVisibleAttachments,
-  isAttachmentVisible,
-} from "../daemon/media-visibility-policy.js";
-
-// ---------------------------------------------------------------------------
-// isAttachmentVisible
-// ---------------------------------------------------------------------------
-
-describe("isAttachmentVisible", () => {
-  const standardAttachment: AttachmentContext = {
-    conversationId: "conv-standard-001",
-    isPrivate: false,
-  };
-
-  const privateAttachmentA: AttachmentContext = {
-    conversationId: "conv-private-aaa",
-    isPrivate: true,
-  };
-
-  const privateAttachmentB: AttachmentContext = {
-    conversationId: "conv-private-bbb",
-    isPrivate: true,
-  };
-
-  describe("standard conversation attachments", () => {
-    test("visible from a standard conversation", () => {
-      const ctx: AttachmentContext = {
-        conversationId: "conv-other",
-        isPrivate: false,
-      };
-      expect(isAttachmentVisible(standardAttachment, ctx)).toBe(true);
-    });
-
-    test("visible from a different standard conversation", () => {
-      const ctx: AttachmentContext = {
-        conversationId: "conv-standard-002",
-        isPrivate: false,
-      };
-      expect(isAttachmentVisible(standardAttachment, ctx)).toBe(true);
-    });
-
-    test("visible from a private conversation", () => {
-      const ctx: AttachmentContext = {
-        conversationId: "conv-private-xyz",
-        isPrivate: true,
-      };
-      expect(isAttachmentVisible(standardAttachment, ctx)).toBe(true);
-    });
-
-    test("visible when isPrivate is explicitly false", () => {
-      const attachment: AttachmentContext = {
-        conversationId: "conv-001",
-        isPrivate: false,
-      };
-      const ctx: AttachmentContext = {
-        conversationId: "conv-002",
-        isPrivate: false,
-      };
-      expect(isAttachmentVisible(attachment, ctx)).toBe(true);
-    });
-  });
-
-  describe("private conversation attachments", () => {
-    test("visible from the same private conversation", () => {
-      const ctx: AttachmentContext = {
-        conversationId: privateAttachmentA.conversationId,
-        isPrivate: true,
-      };
-      expect(isAttachmentVisible(privateAttachmentA, ctx)).toBe(true);
-    });
-
-    test("NOT visible from a different private conversation", () => {
-      const ctx: AttachmentContext = {
-        conversationId: privateAttachmentB.conversationId,
-        isPrivate: true,
-      };
-      expect(isAttachmentVisible(privateAttachmentA, ctx)).toBe(false);
-    });
-
-    test("NOT visible from a standard conversation", () => {
-      const ctx: AttachmentContext = {
-        conversationId: "conv-standard-001",
-        isPrivate: false,
-      };
-      expect(isAttachmentVisible(privateAttachmentA, ctx)).toBe(false);
-    });
-
-    test("NOT visible when context is standard (isPrivate false)", () => {
-      const ctx: AttachmentContext = {
-        conversationId: privateAttachmentA.conversationId,
-        isPrivate: false,
-      };
-      expect(isAttachmentVisible(privateAttachmentA, ctx)).toBe(false);
-    });
-
-    test("NOT visible from standard conversation even with same conversationId", () => {
-      // Edge case: same conversationId but the context is not marked as private
-      const ctx: AttachmentContext = {
-        conversationId: privateAttachmentA.conversationId,
-        isPrivate: false,
-      };
-      expect(isAttachmentVisible(privateAttachmentA, ctx)).toBe(false);
-    });
-  });
-});
-
-// ---------------------------------------------------------------------------
-// filterVisibleAttachments
-// ---------------------------------------------------------------------------
-
-describe("filterVisibleAttachments", () => {
-  interface TestAttachment {
-    id: string;
-    conversationId: string;
-    isPrivate: boolean;
-  }
-
-  const getContext = (a: TestAttachment): AttachmentContext => ({
-    conversationId: a.conversationId,
-    isPrivate: a.isPrivate,
-  });
-
-  const standardAtt: TestAttachment = {
-    id: "att-1",
-    conversationId: "conv-std",
-    isPrivate: false,
-  };
-  const privateAttA: TestAttachment = {
-    id: "att-2",
-    conversationId: "conv-priv-a",
-    isPrivate: true,
-  };
-  const privateAttB: TestAttachment = {
-    id: "att-3",
-    conversationId: "conv-priv-b",
-    isPrivate: true,
-  };
-
-  const allAttachments = [standardAtt, privateAttA, privateAttB];
-
-  test("returns all standard attachments regardless of context", () => {
-    const ctx: AttachmentContext = {
-      conversationId: "conv-unrelated",
-      isPrivate: false,
-    };
-    const result = filterVisibleAttachments(allAttachments, ctx, getContext);
-    expect(result).toEqual([standardAtt]);
-  });
-
-  test("includes matching private attachment when in same private conversation", () => {
-    const ctx: AttachmentContext = {
-      conversationId: "conv-priv-a",
-      isPrivate: true,
-    };
-    const result = filterVisibleAttachments(allAttachments, ctx, getContext);
-    expect(result).toEqual([standardAtt, privateAttA]);
-  });
-
-  test("includes only the private attachment for the current thread, not others", () => {
-    const ctx: AttachmentContext = {
-      conversationId: "conv-priv-b",
-      isPrivate: true,
-    };
-    const result = filterVisibleAttachments(allAttachments, ctx, getContext);
-    expect(result).toEqual([standardAtt, privateAttB]);
-  });
-
-  test("returns empty array when input is empty", () => {
-    const ctx: AttachmentContext = {
-      conversationId: "conv-std",
-      isPrivate: false,
-    };
-    const result = filterVisibleAttachments([], ctx, getContext);
-    expect(result).toEqual([]);
-  });
-
-  test("preserves original attachment objects (referential identity)", () => {
-    const ctx: AttachmentContext = {
-      conversationId: "conv-priv-a",
-      isPrivate: true,
-    };
-    const result = filterVisibleAttachments(allAttachments, ctx, getContext);
-    expect(result[0]).toBe(standardAtt);
-    expect(result[1]).toBe(privateAttA);
-  });
-});

package/src/config/bundled-skills/app-builder/tools/app-file-edit.ts

@@ -1,14 +0,0 @@
-import * as appStore from "../../../../memory/app-store.js";
-import type { AppFileEditInput } from "../../../../tools/apps/executors.js";
-import { executeAppFileEdit } from "../../../../tools/apps/executors.js";
-import type {
-  ToolContext,
-  ToolExecutionResult,
-} from "../../../../tools/types.js";
-
-export async function run(
-  input: Record<string, unknown>,
-  _context: ToolContext,
-): Promise<ToolExecutionResult> {
-  return executeAppFileEdit(input as unknown as AppFileEditInput, appStore);
-}

package/src/config/bundled-skills/app-builder/tools/app-file-list.ts

@@ -1,13 +0,0 @@
-import * as appStore from "../../../../memory/app-store.js";
-import { executeAppFileList } from "../../../../tools/apps/executors.js";
-import type {
-  ToolContext,
-  ToolExecutionResult,
-} from "../../../../tools/types.js";
-
-export async function run(
-  input: Record<string, unknown>,
-  _context: ToolContext,
-): Promise<ToolExecutionResult> {
-  return executeAppFileList({ app_id: input.app_id as string }, appStore);
-}

package/src/config/bundled-skills/app-builder/tools/app-file-read.ts

@@ -1,21 +0,0 @@
-import * as appStore from "../../../../memory/app-store.js";
-import { executeAppFileRead } from "../../../../tools/apps/executors.js";
-import type {
-  ToolContext,
-  ToolExecutionResult,
-} from "../../../../tools/types.js";
-
-export async function run(
-  input: Record<string, unknown>,
-  _context: ToolContext,
-): Promise<ToolExecutionResult> {
-  return executeAppFileRead(
-    {
-      app_id: input.app_id as string,
-      path: input.path as string,
-      offset: input.offset as number | undefined,
-      limit: input.limit as number | undefined,
-    },
-    appStore,
-  );
-}

package/src/config/bundled-skills/app-builder/tools/app-file-write.ts

@@ -1,14 +0,0 @@
-import * as appStore from "../../../../memory/app-store.js";
-import type { AppFileWriteInput } from "../../../../tools/apps/executors.js";
-import { executeAppFileWrite } from "../../../../tools/apps/executors.js";
-import type {
-  ToolContext,
-  ToolExecutionResult,
-} from "../../../../tools/types.js";
-
-export async function run(
-  input: Record<string, unknown>,
-  _context: ToolContext,
-): Promise<ToolExecutionResult> {
-  return executeAppFileWrite(input as unknown as AppFileWriteInput, appStore);
-}

package/src/config/bundled-skills/app-builder/tools/app-list.ts

@@ -1,13 +0,0 @@
-import * as appStore from "../../../../memory/app-store.js";
-import { executeAppList } from "../../../../tools/apps/executors.js";
-import type {
-  ToolContext,
-  ToolExecutionResult,
-} from "../../../../tools/types.js";
-
-export async function run(
-  _input: Record<string, unknown>,
-  _context: ToolContext,
-): Promise<ToolExecutionResult> {
-  return executeAppList(appStore);
-}

package/src/config/bundled-skills/app-builder/tools/app-update.ts

@@ -1,23 +0,0 @@
-import * as appStore from "../../../../memory/app-store.js";
-import { executeAppUpdate } from "../../../../tools/apps/executors.js";
-import type {
-  ToolContext,
-  ToolExecutionResult,
-} from "../../../../tools/types.js";
-
-export async function run(
-  input: Record<string, unknown>,
-  _context: ToolContext,
-): Promise<ToolExecutionResult> {
-  return executeAppUpdate(
-    {
-      app_id: input.app_id as string,
-      name: input.name as string | undefined,
-      description: input.description as string | undefined,
-      schema_json: input.schema_json as string | undefined,
-      html: input.html as string | undefined,
-      pages: input.pages as Record<string, string> | undefined,
-    },
-    appStore,
-  );
-}

package/src/daemon/media-visibility-policy.ts

@@ -1,59 +0,0 @@
-/**
- * Centralized policy for attachment visibility across conversation types.
- *
- * Private-conversation attachments are scoped: they are only visible when the
- * current context is the *same* private conversation. Standard (non-private)
- * conversation attachments are visible everywhere.
- *
- * This is a pure policy module -- no IO, no database queries, just logic.
- * Actual enforcement in tools happens downstream (e.g., attachment-list
- * and attachment-retrieve tools check this before returning results).
- */
-
-export interface AttachmentContext {
-  conversationId: string;
-  /** Callers must always resolve this — omitting it would silently fail open. */
-  isPrivate: boolean;
-}
-
-/**
- * Determine whether a single attachment is visible from the given context.
- *
- * Rules:
- * 1. Attachments from standard (non-private) conversations are always visible.
- * 2. Attachments from private conversations are only visible when the current
- *    context matches the same private conversation (same conversationId).
- */
-export function isAttachmentVisible(
-  attachment: AttachmentContext,
-  currentContext: AttachmentContext,
-): boolean {
-  // Standard conversation attachments are universally visible
-  if (!attachment.isPrivate) {
-    return true;
-  }
-
-  // Private conversation attachments require the viewer to be in the same private conversation
-  return (
-    currentContext.isPrivate === true &&
-    currentContext.conversationId === attachment.conversationId
-  );
-}
-
-/**
- * Filter a list of attachments to only those visible from the current context.
- *
- * @param attachments - The full list of attachments to filter.
- * @param currentContext - The conversation context from which visibility is evaluated.
- * @param getContext - Extracts the conversation context from each attachment
- *   record (since the caller's attachment type may differ from AttachmentContext).
- */
-export function filterVisibleAttachments<T>(
-  attachments: T[],
-  currentContext: AttachmentContext,
-  getContext: (attachment: T) => AttachmentContext,
-): T[] {
-  return attachments.filter((a) =>
-    isAttachmentVisible(getContext(a), currentContext),
-  );
-}

package/src/tools/assets/materialize.ts

@@ -1,248 +0,0 @@
-/**
- * asset_materialize - write a stored attachment to a sandbox file path.
- *
- * Accepts an attachment ID (from asset_search) and a destination path
- * within the sandbox working directory. Decodes the base64 content and
- * writes it to disk so scripts and other tools can consume it as a
- * regular file.
- */
-
-import { copyFileSync, mkdirSync, writeFileSync } from "node:fs";
-import { dirname } from "node:path";
-
-import { eq } from "drizzle-orm";
-
-import {
-  type AttachmentContext,
-  isAttachmentVisible,
-} from "../../daemon/media-visibility-policy.js";
-import {
-  getAttachmentContent,
-  getFilePathForAttachment,
-} from "../../memory/attachments-store.js";
-import { getConversationType } from "../../memory/conversation-crud.js";
-import { getDb } from "../../memory/db.js";
-import { attachments } from "../../memory/schema.js";
-import { RiskLevel } from "../../permissions/types.js";
-import type { ToolDefinition } from "../../providers/types.js";
-import { registerTool } from "../registry.js";
-import { sandboxPolicy } from "../shared/filesystem/path-policy.js";
-import type { Tool, ToolContext, ToolExecutionResult } from "../types.js";
-import { getAttachmentSourceConversations } from "./search.js";
-
-// ---------------------------------------------------------------------------
-// Size limit - prevent materializing excessively large attachments
-// ---------------------------------------------------------------------------
-
-/** 100 MB ceiling for materialized files. */
-export const MAX_MATERIALIZE_BYTES = 100 * 1024 * 1024;
-
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-
-function formatBytes(bytes: number): string {
-  if (bytes < 1024) return `${bytes} B`;
-  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
-  return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
-}
-
-/**
- * Load attachment metadata by its primary key.
- *
- * Not scoped by assistantId because attachment access is enforced by
- * conversation visibility checks in execute().
- */
-function loadAttachmentById(attachmentId: string): {
-  id: string;
-  originalFilename: string;
-  mimeType: string;
-  sizeBytes: number;
-} | null {
-  const db = getDb();
-  const row = db
-    .select({
-      id: attachments.id,
-      originalFilename: attachments.originalFilename,
-      mimeType: attachments.mimeType,
-      sizeBytes: attachments.sizeBytes,
-    })
-    .from(attachments)
-    .where(eq(attachments.id, attachmentId))
-    .get();
-
-  return row ?? null;
-}
-
-// ---------------------------------------------------------------------------
-// Tool definition
-// ---------------------------------------------------------------------------
-
-const definition: ToolDefinition = {
-  name: "asset_materialize",
-  description:
-    "Copy a stored attachment to a file on disk inside the sandbox directory. " +
-    "Use attachment IDs from asset_search results. The file can then be used " +
-    "as input to scripts, tools, or other processing.",
-  input_schema: {
-    type: "object",
-    properties: {
-      attachment_id: {
-        type: "string",
-        description:
-          "The ID of the attachment to materialize (from asset_search results).",
-      },
-      destination_path: {
-        type: "string",
-        description:
-          "Path where the file should be written, relative to (or inside) the sandbox working directory.",
-      },
-    },
-    required: ["attachment_id", "destination_path"],
-  },
-};
-
-// ---------------------------------------------------------------------------
-// Tool class
-// ---------------------------------------------------------------------------
-
-class AssetMaterializeTool implements Tool {
-  name = "asset_materialize";
-  description = definition.description;
-  category = "assets";
-  defaultRiskLevel = RiskLevel.Low;
-
-  getDefinition(): ToolDefinition {
-    return definition;
-  }
-
-  async execute(
-    input: Record<string, unknown>,
-    context: ToolContext,
-  ): Promise<ToolExecutionResult> {
-    const attachmentId = input.attachment_id as string | undefined;
-    const destinationPath = input.destination_path as string | undefined;
-
-    // --- Input validation ---------------------------------------------------
-
-    if (!attachmentId || typeof attachmentId !== "string") {
-      return {
-        content: "Error: attachment_id is required and must be a string.",
-        isError: true,
-      };
-    }
-
-    if (!destinationPath || typeof destinationPath !== "string") {
-      return {
-        content: "Error: destination_path is required and must be a string.",
-        isError: true,
-      };
-    }
-
-    // --- Sandbox path enforcement -------------------------------------------
-
-    const pathCheck = sandboxPolicy(destinationPath, context.workingDir, {
-      mustExist: false,
-    });
-    if (!pathCheck.ok) {
-      return {
-        content: `Error: ${pathCheck.error}`,
-        isError: true,
-      };
-    }
-
-    const resolvedPath = pathCheck.resolved;
-
-    // --- Load attachment ----------------------------------------------------
-
-    const attachment = loadAttachmentById(attachmentId);
-    if (!attachment) {
-      return {
-        content: `Error: Attachment "${attachmentId}" not found.`,
-        isError: true,
-      };
-    }
-
-    // --- Visibility check ---------------------------------------------------
-    // Reject materialization of attachments from private conversations the caller
-    // does not belong to. This prevents cross-conversation data leakage.
-
-    const currentConversationType = getConversationType(context.conversationId);
-    const currentContext: AttachmentContext = {
-      conversationId: context.conversationId,
-      isPrivate: currentConversationType === "private",
-    };
-
-    const sources = getAttachmentSourceConversations(attachmentId);
-    if (sources.length > 0) {
-      const hasStandard = sources.some((s) => s.conversationType !== "private");
-      if (!hasStandard) {
-        // All sources are private - check if the caller is in any of those conversations
-        const callerInSourceConversation = sources.some((s) =>
-          isAttachmentVisible(
-            { conversationId: s.conversationId, isPrivate: true },
-            currentContext,
-          ),
-        );
-        if (!callerInSourceConversation) {
-          return {
-            content:
-              `Error: Attachment "${attachment.originalFilename}" is from a private conversation ` +
-              `and cannot be accessed from this context. You can only access this ` +
-              `attachment from within the private conversation where it was shared.`,
-            isError: true,
-          };
-        }
-      }
-    }
-
-    // --- Size check ---------------------------------------------------------
-
-    if (attachment.sizeBytes > MAX_MATERIALIZE_BYTES) {
-      return {
-        content:
-          `Error: Attachment "${attachment.originalFilename}" is ${formatBytes(attachment.sizeBytes)}, ` +
-          `which exceeds the ${formatBytes(MAX_MATERIALIZE_BYTES)} materialization limit.`,
-        isError: true,
-      };
-    }
-
-    // --- Write to disk -------------------------------------------------------
-
-    try {
-      // Ensure parent directories exist
-      mkdirSync(dirname(resolvedPath), { recursive: true });
-
-      // For file-backed attachments, copy directly from the on-disk path
-      // to avoid reading potentially large files into memory. For inline
-      // attachments, decode the base64 content from the database.
-      const filePath = getFilePathForAttachment(attachmentId);
-      if (filePath) {
-        copyFileSync(filePath, resolvedPath);
-      } else {
-        const buffer = getAttachmentContent(attachmentId);
-        if (!buffer) {
-          return {
-            content: `Error: Could not read content for attachment "${attachmentId}".`,
-            isError: true,
-          };
-        }
-        writeFileSync(resolvedPath, buffer);
-      }
-
-      return {
-        content:
-          `Materialized "${attachment.originalFilename}" (${attachment.mimeType}, ` +
-          `${formatBytes(attachment.sizeBytes)}) to ${resolvedPath}`,
-        isError: false,
-      };
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      return { content: `Error writing file: ${msg}`, isError: true };
-    }
-  }
-}
-
-export const assetMaterializeTool = new AssetMaterializeTool();
-
-registerTool(assetMaterializeTool);