@vellumai/assistant 0.5.10 → 0.5.11

package/src/__tests__/secret-ingress-http.test.ts

@@ -0,0 +1,312 @@
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+// ---------------------------------------------------------------------------
+// Mocks — must be declared before any imports that depend on them
+// ---------------------------------------------------------------------------
+
+const BASE_CONFIG = {
+  contextWindow: { maxInputTokens: 100000 },
+  services: { inference: { model: "test-model", provider: "test-provider" } },
+};
+
+let mockConfig: Record<string, unknown> = {
+  secretDetection: {
+    enabled: true,
+    blockIngress: true,
+  },
+  ...BASE_CONFIG,
+};
+
+mock.module("../config/env.js", () => ({ isHttpAuthDisabled: () => true }));
+
+mock.module("../config/loader.js", () => ({
+  getConfig: () => mockConfig,
+  loadConfig: () => mockConfig,
+  invalidateConfigCache: () => {},
+}));
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+mock.module("../util/platform.js", () => ({
+  getRootDir: () => "/tmp/vellum-test-secret-ingress-http",
+  getWorkspaceDir: () => "/tmp/vellum-test-secret-ingress-http/workspace",
+}));
+
+mock.module("../memory/conversation-key-store.js", () => ({
+  getOrCreateConversation: () => ({ conversationId: "conv-test" }),
+  getConversationByKey: () => null,
+}));
+
+mock.module("../memory/attachments-store.js", () => ({
+  getAttachmentsByIds: () => [],
+}));
+
+mock.module("../memory/canonical-guardian-store.js", () => ({
+  createCanonicalGuardianRequest: () => ({
+    id: "canonical-id",
+    requestCode: "ABC123",
+  }),
+  generateCanonicalRequestCode: () => "ABC123",
+  listPendingCanonicalGuardianRequestsByDestinationConversation: () => [],
+  listCanonicalGuardianRequests: () => [],
+  listPendingRequestsByConversationScope: () => [],
+}));
+
+mock.module("../runtime/confirmation-request-guardian-bridge.js", () => ({
+  bridgeConfirmationRequestToGuardian: async () => undefined,
+}));
+
+const addMessageMock = mock(
+  async (
+    _conversationId: string,
+    _role: string,
+    _content?: string,
+    _metadata?: Record<string, unknown>,
+  ) => ({
+    id: "persisted-msg-id",
+  }),
+);
+
+mock.module("../memory/conversation-crud.js", () => ({
+  addMessage: (
+    conversationId: string,
+    role: string,
+    content: string,
+    metadata?: Record<string, unknown>,
+  ) => addMessageMock(conversationId, role, content, metadata),
+  getMessages: () => [],
+  provenanceFromTrustContext: () => undefined,
+  setConversationOriginChannelIfUnset: () => {},
+  setConversationOriginInterfaceIfUnset: () => {},
+  getConversationType: () => undefined,
+  getConversationMemoryScopeId: () => undefined,
+}));
+
+mock.module("../runtime/local-actor-identity.js", () => ({
+  resolveLocalTrustContext: () => ({
+    trustClass: "guardian",
+    sourceChannel: "vellum",
+  }),
+}));
+
+mock.module("../runtime/trust-context-resolver.js", () => ({
+  resolveTrustContext: () => ({
+    trustClass: "guardian",
+    sourceChannel: "vellum",
+  }),
+  withSourceChannel: (sourceChannel: unknown, ctx: unknown) => ({
+    ...(ctx as Record<string, unknown>),
+    sourceChannel,
+  }),
+}));
+
+mock.module("../runtime/guardian-reply-router.js", () => ({
+  routeGuardianReply: async () => ({
+    consumed: false,
+    decisionApplied: false,
+    type: "not_consumed" as const,
+  }),
+}));
+
+// ---------------------------------------------------------------------------
+// Imports (after mocks)
+// ---------------------------------------------------------------------------
+
+import type { AuthContext } from "../runtime/auth/types.js";
+import { handleSendMessage } from "../runtime/routes/conversation-routes.js";
+
+const testAuthContext: AuthContext = {
+  subject: "actor:self:test-user",
+  principalType: "actor",
+  assistantId: "self",
+  actorPrincipalId: "test-user",
+  scopeProfile: "actor_client_v1",
+  scopes: new Set([
+    "chat.read",
+    "chat.write",
+    "approval.read",
+    "approval.write",
+    "settings.read",
+    "settings.write",
+    "attachments.read",
+    "attachments.write",
+    "calls.read",
+    "calls.write",
+    "feature_flags.read",
+    "feature_flags.write",
+  ]),
+  policyEpoch: 1,
+};
+
+function makeRequest(body: Record<string, unknown>): Request {
+  return new Request("http://localhost/v1/messages", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      conversationKey: "test-conversation",
+      sourceChannel: "vellum",
+      interface: "macos",
+      ...body,
+    }),
+  });
+}
+
+const persistUserMessageMock = mock(async () => "persisted-id");
+const runAgentLoopMock = mock(async () => undefined);
+
+function makeSendMessageDeps() {
+  const session = {
+    setTrustContext: () => {},
+    updateClient: () => {},
+    emitConfirmationStateChanged: () => {},
+    emitActivityState: () => {},
+    setTurnChannelContext: () => {},
+    setTurnInterfaceContext: () => {},
+    ensureActorScopedHistory: async () => {},
+    usageStats: { inputTokens: 0, outputTokens: 0, estimatedCost: 0 },
+    isProcessing: () => false,
+    hasAnyPendingConfirmation: () => false,
+    denyAllPendingConfirmations: () => {},
+    enqueueMessage: () => ({ queued: true, requestId: "queued-id" }),
+    persistUserMessage: persistUserMessageMock,
+    runAgentLoop: runAgentLoopMock,
+    getMessages: () => [] as unknown[],
+    assistantId: "self",
+    trustContext: undefined,
+    hasPendingConfirmation: () => false,
+    setHostBashProxy: () => {},
+    setHostFileProxy: () => {},
+    setHostCuProxy: () => {},
+    addPreactivatedSkillId: () => {},
+  } as unknown as import("../daemon/conversation.js").Conversation;
+
+  return {
+    sendMessageDeps: {
+      getOrCreateConversation: async () => session,
+      assistantEventHub: { publish: async () => {} } as any,
+      resolveAttachments: () => [],
+    },
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("secret ingress — HTTP route", () => {
+  beforeEach(() => {
+    mockConfig = {
+      secretDetection: {
+        enabled: true,
+        blockIngress: true,
+      },
+      ...BASE_CONFIG,
+    };
+    persistUserMessageMock.mockClear();
+    runAgentLoopMock.mockClear();
+    addMessageMock.mockClear();
+  });
+
+  test("POST /v1/messages with GitHub token returns 422 secret_blocked", async () => {
+    const req = makeRequest({
+      content: "Here is my token: ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij1234",
+    });
+
+    const res = await handleSendMessage(
+      req,
+      makeSendMessageDeps(),
+      testAuthContext,
+    );
+    expect(res.status).toBe(422);
+
+    const body = (await res.json()) as Record<string, unknown>;
+    expect(body.error).toBe("secret_blocked");
+    expect(body.accepted).toBe(false);
+    expect(body.detectedTypes).toContain("GitHub Token");
+  });
+
+  test("POST /v1/messages with normal text returns 202 accepted", async () => {
+    const req = makeRequest({
+      content: "Hello, can you help me with my project?",
+    });
+
+    const res = await handleSendMessage(
+      req,
+      makeSendMessageDeps(),
+      testAuthContext,
+    );
+    expect(res.status).toBe(202);
+  });
+
+  test("POST /v1/messages with bypassSecretCheck: true and secret returns 202", async () => {
+    const req = makeRequest({
+      content: "ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij1234",
+      bypassSecretCheck: true,
+    });
+
+    const res = await handleSendMessage(
+      req,
+      makeSendMessageDeps(),
+      testAuthContext,
+    );
+    expect(res.status).toBe(202);
+  });
+
+  test("POST /v1/messages with JWT eyJ... returns 202 (not in curated patterns)", async () => {
+    const req = makeRequest({
+      content:
+        "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U",
+    });
+
+    const res = await handleSendMessage(
+      req,
+      makeSendMessageDeps(),
+      testAuthContext,
+    );
+    expect(res.status).toBe(202);
+  });
+
+  test("POST /v1/messages with blockIngress: false config and secret returns 202", async () => {
+    mockConfig = {
+      secretDetection: {
+        enabled: true,
+        blockIngress: false,
+      },
+      ...BASE_CONFIG,
+    };
+
+    const req = makeRequest({
+      content: "ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij1234",
+    });
+
+    const res = await handleSendMessage(
+      req,
+      makeSendMessageDeps(),
+      testAuthContext,
+    );
+    expect(res.status).toBe(202);
+  });
+
+  test("message is NOT persisted when blocked", async () => {
+    const req = makeRequest({
+      content: "AKIAIOSFODNN7EXAMPLE",
+    });
+
+    const res = await handleSendMessage(
+      req,
+      makeSendMessageDeps(),
+      testAuthContext,
+    );
+    expect(res.status).toBe(422);
+
+    // persistUserMessage should not have been called
+    expect(persistUserMessageMock).not.toHaveBeenCalled();
+    // addMessage should not have been called
+    expect(addMessageMock).not.toHaveBeenCalled();
+  });
+});

package/src/__tests__/secret-ingress.test.ts

@@ -0,0 +1,283 @@
+import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
+
+// ---------------------------------------------------------------------------
+// Mocks — must be declared before any imports that depend on them
+// ---------------------------------------------------------------------------
+
+let mockConfig = {
+  secretDetection: {
+    enabled: true,
+    blockIngress: true,
+  },
+};
+
+mock.module("../config/loader.js", () => ({
+  getConfig: () => mockConfig,
+  loadConfig: () => mockConfig,
+  invalidateConfigCache: () => {},
+}));
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () => ({
+    info: () => {},
+    warn: () => {},
+    error: () => {},
+    debug: () => {},
+    trace: () => {},
+    fatal: () => {},
+    silent: () => {},
+    child: function () {
+      return this;
+    },
+  }),
+}));
+
+mock.module("../util/platform.js", () => ({
+  getRootDir: () => "/tmp/vellum-test-ingress",
+  getWorkspaceDir: () => "/tmp/vellum-test-ingress/workspace",
+}));
+
+import { resetAllowlist } from "../security/secret-allowlist.js";
+import { checkIngressForSecrets } from "../security/secret-ingress.js";
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("checkIngressForSecrets", () => {
+  beforeEach(() => {
+    mockConfig = {
+      secretDetection: {
+        enabled: true,
+        blockIngress: true,
+      },
+    };
+    resetAllowlist();
+  });
+
+  afterEach(() => {
+    resetAllowlist();
+  });
+
+  // ── Blocked patterns ───────────────────────────────────────────────
+
+  test("blocks Google OAuth secret (GOCSPX-*)", () => {
+    const result = checkIngressForSecrets(
+      "My client secret is GOCSPX-abcdefghijklmnopqrstuvwxyz12",
+    );
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("Google OAuth Client Secret");
+    expect(result.userNotice).toBeDefined();
+  });
+
+  test("blocks GitHub PAT (ghp_*)", () => {
+    const result = checkIngressForSecrets(
+      "Here is my token: ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij",
+    );
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("GitHub Token");
+  });
+
+  test("blocks Slack bot token (xoxb-*)", () => {
+    const result = checkIngressForSecrets(
+      "Use this: xoxb-1234567890-9876543210-AbCdEfGhIjKlMnOpQrStUvWx",
+    );
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("Slack Bot Token");
+  });
+
+  test("blocks Anthropic API key (sk-ant-*)", () => {
+    const key =
+      "sk-ant-api03-abcDefGhiJklMnoPqrStuVwxYz0123456789AbCdEfGhIjKlMnOpQrStUvWxYz0123456789AbCdEfGhIj";
+    const result = checkIngressForSecrets(`Key: ${key}`);
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("Anthropic API Key");
+  });
+
+  test("blocks private key header", () => {
+    const result = checkIngressForSecrets(
+      "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAK...",
+    );
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("Private Key");
+  });
+
+  test("blocks AWS access key (AKIA*)", () => {
+    const result = checkIngressForSecrets("AWS key: AKIAIOSFODNN7EXAMPLE");
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("AWS Access Key");
+  });
+
+  test("blocks Stripe secret key (sk_live_*)", () => {
+    const result = checkIngressForSecrets("sk_live_abcdefghijklmnopqrstuvwx");
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("Stripe Secret Key");
+  });
+
+  test("blocks SendGrid API key", () => {
+    const result = checkIngressForSecrets(
+      "SG.abcdefghijklmnopqrstuv.ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrst",
+    );
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("SendGrid API Key");
+  });
+
+  test("blocks npm token", () => {
+    const result = checkIngressForSecrets(
+      "npm_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij",
+    );
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("npm Token");
+  });
+
+  test("blocks OpenAI project key (sk-proj-*)", () => {
+    const key = "sk-proj-AbCdEfGhIjKlMnOpQrStUvWxYz0123456789AbCd";
+    const result = checkIngressForSecrets(`My key: ${key}`);
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("OpenAI Project Key");
+  });
+
+  test("blocks Google API key (AIza*)", () => {
+    const result = checkIngressForSecrets(
+      "AIzaSyA0123456789abcdefghijklmnopqrstuvw",
+    );
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("Google API Key");
+  });
+
+  test("blocks GitLab PAT (glpat-*)", () => {
+    const result = checkIngressForSecrets("glpat-abcdefghijklmnopqrst");
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("GitLab Token");
+  });
+
+  test("blocks Telegram Bot Token", () => {
+    const result = checkIngressForSecrets(
+      "Bot token: 123456789:ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghi",
+    );
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("Telegram Bot Token");
+  });
+
+  test("blocks Twilio API Key (SK*)", () => {
+    const result = checkIngressForSecrets(
+      "Twilio key: SK0123456789abcdef0123456789abcdef",
+    );
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("Twilio API Key");
+  });
+
+  // ── Not blocked (excluded patterns) ────────────────────────────────
+
+  test("does not block normal text", () => {
+    const result = checkIngressForSecrets(
+      "Hello, can you help me set up my project?",
+    );
+    expect(result.blocked).toBe(false);
+    expect(result.detectedTypes).toHaveLength(0);
+  });
+
+  test("does not block high-entropy hex (40-char git SHA)", () => {
+    const result = checkIngressForSecrets(
+      "Commit: a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0",
+    );
+    expect(result.blocked).toBe(false);
+  });
+
+  test("does not block UUID", () => {
+    const result = checkIngressForSecrets(
+      "ID: 550e8400-e29b-41d4-a716-446655440000",
+    );
+    expect(result.blocked).toBe(false);
+  });
+
+  test("does not block JWT (eyJ...)", () => {
+    const result = checkIngressForSecrets(
+      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U",
+    );
+    expect(result.blocked).toBe(false);
+  });
+
+  test("does not block password=mysecretvalue (generic assignment)", () => {
+    const result = checkIngressForSecrets(
+      'password=mysecretvalue\nsecret="hello world"',
+    );
+    expect(result.blocked).toBe(false);
+  });
+
+  test("does not block postgres connection string", () => {
+    const result = checkIngressForSecrets(
+      "postgres://user:pass@host:5432/mydb",
+    );
+    expect(result.blocked).toBe(false);
+  });
+
+  // ── Config flags ───────────────────────────────────────────────────
+
+  test("does not block when secretDetection.enabled is false", () => {
+    mockConfig = {
+      secretDetection: {
+        enabled: false,
+        blockIngress: true,
+      },
+    };
+    const result = checkIngressForSecrets(
+      "ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij",
+    );
+    expect(result.blocked).toBe(false);
+  });
+
+  test("does not block when blockIngress is false", () => {
+    mockConfig = {
+      secretDetection: {
+        enabled: true,
+        blockIngress: false,
+      },
+    };
+    const result = checkIngressForSecrets(
+      "ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij",
+    );
+    expect(result.blocked).toBe(false);
+  });
+
+  // ── Placeholder / test values ──────────────────────────────────────
+
+  test("does not block placeholder test keys (sk-test-*)", () => {
+    const result = checkIngressForSecrets("sk-test-abc123");
+    expect(result.blocked).toBe(false);
+  });
+
+  test("does not block fake_ prefixed values", () => {
+    // A GitHub-like token with fake_ prefix
+    const result = checkIngressForSecrets(
+      "fake_ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij",
+    );
+    expect(result.blocked).toBe(false);
+  });
+
+  test("does not block repeated character patterns", () => {
+    // AKIA followed by 16 repeated X characters
+    const result = checkIngressForSecrets("AKIAXXXXXXXXXXXXXXXX");
+    expect(result.blocked).toBe(false);
+  });
+
+  // ── Multiple secrets ───────────────────────────────────────────────
+
+  test("reports multiple detected types", () => {
+    const result = checkIngressForSecrets(
+      "AWS: AKIAIOSFODNN7EXAMPLE\nGitHub: ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij",
+    );
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("AWS Access Key");
+    expect(result.detectedTypes).toContain("GitHub Token");
+    expect(result.detectedTypes.length).toBe(2);
+  });
+
+  test("user notice does not echo secret values", () => {
+    const secret = "AKIAIOSFODNN7EXAMPLE";
+    const result = checkIngressForSecrets(`Key: ${secret}`);
+    expect(result.blocked).toBe(true);
+    expect(result.userNotice).toBeDefined();
+    expect(result.userNotice!).not.toContain(secret);
+  });
+});

package/src/__tests__/secret-onetime-send.test.ts

@@ -47,7 +47,7 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-// Track keychain writes
+// Track credential store writes
 const storedKeys = new Map<string, string>();
 mock.module("../security/secure-keys.js", () => {
   const syncSet = (key: string, value: string) => {
@@ -112,7 +112,7 @@ describe("one-time send override", () => {
     );
     expect(result.isError).toBe(true);
     expect(result.content).toContain("not enabled");
-    // Value must NOT be stored in keychain
+    // Value must NOT be stored in credential store
     expect(storedKeys.has(credentialKey("svc", "key"))).toBe(false);
   });
 
@@ -134,11 +134,11 @@ describe("one-time send override", () => {
     );
     expect(result.isError).toBe(false);
     expect(result.content).toContain("NOT saved");
-    // Value must NOT be stored in keychain
+    // Value must NOT be stored in credential store
     expect(storedKeys.has(credentialKey("svc", "key"))).toBe(false);
   });
 
-  test("store delivery always persists to keychain regardless of allowOneTimeSend", async () => {
+  test("store delivery always persists to credential store regardless of allowOneTimeSend", async () => {
     mockConfig.secretDetection.allowOneTimeSend = true;
     const context = {
       workingDir: "/tmp",

package/src/__tests__/skill-feature-flags-integration.test.ts

@@ -137,7 +137,7 @@ describe("frontmatter feature-flag integration", () => {
     expect(skill!.featureFlag).toBe("contacts");
 
     const key = skillFlagKey(skill!);
-    expect(key).toBe("feature_flags.contacts.enabled");
+    expect(key).toBe("contacts");
   });
 
   test("skillFlagKey returns undefined for skill without feature-flag", () => {
@@ -162,7 +162,7 @@ describe("frontmatter feature-flag integration", () => {
 
   test("resolveSkillStates includes skill with featureFlag when flag is ON", () => {
     _setOverridesForTesting({
-      "feature_flags.contacts.enabled": true,
+      contacts: true,
     });
     const skill = buildSkillSummary("contacts", SKILL_MD_WITH_FLAG)!;
     const config = makeConfig();
@@ -176,7 +176,7 @@ describe("frontmatter feature-flag integration", () => {
     const skill = buildSkillSummary("plain-skill", SKILL_MD_WITHOUT_FLAG)!;
     // Even with an explicit false override for this skill ID, it should pass through
     _setOverridesForTesting({
-      "feature_flags.plain-skill.enabled": false,
+      "plain-skill": false,
     });
     const config = makeConfig();
 
@@ -200,7 +200,7 @@ describe("frontmatter feature-flag integration", () => {
 
     // Step 3: Derive the flag key
     const key = skillFlagKey(skill);
-    expect(key).toBe("feature_flags.contacts.enabled");
+    expect(key).toBe("contacts");
 
     // Step 4: Check flag state — "contacts" has defaultEnabled: true in registry
     const configDefault = makeConfig();