@vellumai/assistant 0.5.11 → 0.5.12

package/src/__tests__/cli-command-risk-guard.test.ts

@@ -1,7 +1,8 @@
-// Guard test: assistant CLI commands must always classify as Low risk.
+// Guard test: assistant CLI commands must classify at the expected risk level.
 //
-// The assistant uses its own CLI tools during normal operation. If these
-// commands require user approval, it blocks autonomous assistant workflows.
+// The assistant uses its own CLI tools during normal operation. Most commands
+// should be Low risk so they don't block autonomous workflows. Certain
+// sensitive subcommands are intentionally elevated to Medium or High.
 // See #18982 / #18998 for the regression that motivated this guard.
 
 import { mkdtempSync } from "node:fs";
@@ -60,10 +61,10 @@ function expectLowRisk(command: string, actual: RiskLevel): void {
   if (actual !== RiskLevel.Low) {
     throw new Error(
       `"${command}" classified as ${actual} instead of Low. ` +
-        `assistant CLI commands must always be Low risk — the assistant ` +
+        `assistant CLI commands must be Low risk by default — the assistant ` +
         `uses its own CLI during normal operation. If you need risk ` +
-        `escalation for specific subcommands, add them to an allowlist ` +
-        `in this guard test with justification.`,
+        `escalation for specific subcommands, add them to the elevated ` +
+        `risk tests in this guard test with justification.`,
     );
   }
   expect(actual).toBe(RiskLevel.Low);
@@ -86,6 +87,9 @@ describe("CLI command risk guard: assistant commands", () => {
 
   test("all assistant CLI subcommands classify as Low risk", async () => {
     for (const subcommand of ASSISTANT_SUBCOMMANDS) {
+      // Subcommands with elevated children are tested separately below.
+      // The bare top-level subcommand (e.g. `assistant oauth`) is still
+      // expected to be Low.
       const command = `assistant ${subcommand}`;
       const risk = await classifyRisk("bash", { command });
       expectLowRisk(command, risk);
@@ -110,3 +114,174 @@ describe("CLI command risk guard: assistant commands", () => {
     }
   });
 });
+
+// Sensitive subcommands that are intentionally elevated above Low risk.
+// Each entry documents why the elevation is necessary.
+
+describe("CLI command risk guard: elevated assistant subcommands", () => {
+  test("assistant oauth token is High risk (exposes raw tokens)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant oauth token",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("assistant oauth mode --set is High risk (changes auth mode)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant oauth mode --set managed",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("assistant oauth mode --set=value is High risk (equals syntax)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant oauth mode google --set=managed",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("assistant oauth mode without --set is Low risk (read-only)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant oauth mode",
+    });
+    expect(risk).toBe(RiskLevel.Low);
+  });
+
+  test("assistant credentials reveal is High risk (exposes secrets)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant credentials reveal",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("assistant oauth request is Medium risk (initiates OAuth flow)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant oauth request",
+    });
+    expect(risk).toBe(RiskLevel.Medium);
+  });
+
+  test("assistant oauth connect is Medium risk (modifies OAuth connections)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant oauth connect",
+    });
+    expect(risk).toBe(RiskLevel.Medium);
+  });
+
+  test("assistant oauth disconnect is Medium risk (removes OAuth connections)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant oauth disconnect",
+    });
+    expect(risk).toBe(RiskLevel.Medium);
+  });
+
+  test("--help on elevated subcommands is Low risk (read-only)", async () => {
+    const helpCommands = [
+      "assistant oauth token --help",
+      "assistant oauth mode --set --help",
+      "assistant credentials reveal --help",
+      "assistant oauth request --help",
+      "assistant oauth connect --help",
+      "assistant oauth disconnect -h",
+    ];
+
+    for (const command of helpCommands) {
+      const risk = await classifyRisk("bash", { command });
+      expectLowRisk(command, risk);
+    }
+  });
+
+  test("--help after -- option terminator does not downgrade risk", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant oauth token -- --help",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("non-sensitive oauth subcommands remain Low risk", async () => {
+    const lowRiskOauthCommands = [
+      "assistant oauth apps",
+      "assistant oauth apps list",
+      "assistant oauth providers",
+      "assistant oauth status",
+    ];
+
+    for (const command of lowRiskOauthCommands) {
+      const risk = await classifyRisk("bash", { command });
+      expectLowRisk(command, risk);
+    }
+  });
+
+  test("non-sensitive credentials subcommands remain Low risk", async () => {
+    const lowRiskCredCommands = [
+      "assistant credentials",
+      "assistant credentials list",
+    ];
+
+    for (const command of lowRiskCredCommands) {
+      const risk = await classifyRisk("bash", { command });
+      expectLowRisk(command, risk);
+    }
+  });
+});
+
+describe("CLI command risk guard: wrapper program propagation", () => {
+  test("env assistant oauth token is High risk", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "env assistant oauth token",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("nice assistant credentials reveal is High risk", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "nice assistant credentials reveal",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("timeout 30 assistant oauth request is Medium risk", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "timeout 30 assistant oauth request",
+    });
+    expect(risk).toBe(RiskLevel.Medium);
+  });
+
+  test("timeout 30 assistant oauth token is High risk", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "timeout 30 assistant oauth token",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("timeout 30 git push is Medium risk", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "timeout 30 git push",
+    });
+    expect(risk).toBe(RiskLevel.Medium);
+  });
+
+  test("timeout 30 git status is Low risk", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "timeout 30 git status",
+    });
+    expectLowRisk("timeout 30 git status", risk);
+  });
+
+  test("env assistant config is Low risk", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "env assistant config",
+    });
+    expectLowRisk("env assistant config", risk);
+  });
+
+  test("env git push is Medium risk (not Low)", async () => {
+    const risk = await classifyRisk("bash", { command: "env git push" });
+    expect(risk).toBe(RiskLevel.Medium);
+  });
+
+  test("env git status is Low risk", async () => {
+    const risk = await classifyRisk("bash", { command: "env git status" });
+    expectLowRisk("env git status", risk);
+  });
+});

package/src/__tests__/conversation-delete-schedule-cleanup.test.ts

@@ -0,0 +1,396 @@
+/**
+ * Tests that deleting or wiping a conversation with an associated schedule
+ * job also deletes the schedule, preventing orphaned scheduled automations.
+ */
+
+import { mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
+
+const testDir = mkdtempSync(
+  join(tmpdir(), "conv-delete-schedule-cleanup-test-"),
+);
+
+mock.module("../util/platform.js", () => ({
+  getRootDir: () => testDir,
+  getDataDir: () => testDir,
+  isMacOS: () => process.platform === "darwin",
+  isLinux: () => process.platform === "linux",
+  isWindows: () => process.platform === "win32",
+  getPidPath: () => join(testDir, "test.pid"),
+  getDbPath: () => join(testDir, "test.db"),
+  getLogPath: () => join(testDir, "test.log"),
+  ensureDataDir: () => {},
+}));
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+mock.module("../config/env.js", () => ({
+  isHttpAuthDisabled: () => true,
+  hasUngatedHttpAuthDisabled: () => false,
+}));
+
+import type { Database } from "bun:sqlite";
+
+import {
+  createConversation,
+  getConversation,
+} from "../memory/conversation-crud.js";
+import { getDb, initializeDb, resetDb } from "../memory/db.js";
+import { conversationManagementRouteDefinitions } from "../runtime/routes/conversation-management-routes.js";
+import { createSchedule, getSchedule } from "../schedule/schedule-store.js";
+
+initializeDb();
+
+afterAll(() => {
+  resetDb();
+  try {
+    rmSync(testDir, { recursive: true });
+  } catch {
+    /* best effort */
+  }
+});
+
+function getRawDb(): Database {
+  return (getDb() as unknown as { $client: Database }).$client;
+}
+
+/** Build route definitions with minimal deps. */
+function getRoutes() {
+  const routes = conversationManagementRouteDefinitions({
+    switchConversation: async () => null,
+    renameConversation: () => true,
+    clearAllConversations: () => 0,
+    cancelGeneration: () => true,
+    destroyConversation: () => {},
+    undoLastMessage: async () => null,
+    regenerateResponse: async () => null,
+  });
+  return routes;
+}
+
+function getDeleteHandler() {
+  const deleteRoute = getRoutes().find(
+    (r) => r.endpoint === "conversations/:id" && r.method === "DELETE",
+  );
+  if (!deleteRoute) throw new Error("DELETE conversations/:id route not found");
+  return deleteRoute.handler;
+}
+
+function getWipeHandler() {
+  const wipeRoute = getRoutes().find(
+    (r) => r.endpoint === "conversations/:id/wipe" && r.method === "POST",
+  );
+  if (!wipeRoute)
+    throw new Error("POST conversations/:id/wipe route not found");
+  return wipeRoute.handler;
+}
+
+describe("DELETE /conversations/:id — schedule cleanup", () => {
+  beforeEach(() => {
+    getRawDb().run("DELETE FROM cron_runs");
+    getRawDb().run("DELETE FROM cron_jobs");
+    getRawDb().run("DELETE FROM memory_item_sources");
+    getRawDb().run("DELETE FROM memory_segments");
+    getRawDb().run("DELETE FROM memory_items");
+    getRawDb().run("DELETE FROM memory_summaries");
+    getRawDb().run("DELETE FROM memory_embeddings");
+    getRawDb().run("DELETE FROM memory_jobs");
+    getRawDb().run("DELETE FROM tool_invocations");
+    getRawDb().run("DELETE FROM llm_request_logs");
+    getRawDb().run("DELETE FROM messages");
+    getRawDb().run("DELETE FROM conversations");
+  });
+
+  test("deleting a conversation with a scheduleJobId removes the schedule", async () => {
+    // Create a schedule job
+    const schedule = createSchedule({
+      name: "Daily standup",
+      expression: "0 9 * * 1-5",
+      message: "Time for standup!",
+    });
+
+    // Create a conversation linked to that schedule
+    const conv = createConversation({
+      source: "schedule",
+      scheduleJobId: schedule.id,
+    });
+
+    // Verify the schedule exists
+    expect(getSchedule(schedule.id)).not.toBeNull();
+
+    // Call the DELETE handler
+    const handler = getDeleteHandler();
+    const req = new Request(`http://localhost/v1/conversations/${conv.id}`, {
+      method: "DELETE",
+    });
+    const response = await handler({
+      req,
+      url: new URL(req.url),
+      server: {} as never,
+      authContext: undefined as never,
+      params: { id: conv.id },
+    });
+
+    expect(response.status).toBe(204);
+
+    // Schedule should be deleted
+    expect(getSchedule(schedule.id)).toBeNull();
+
+    // Conversation should be deleted
+    expect(getConversation(conv.id)).toBeNull();
+  });
+
+  test("deleting a conversation without a scheduleJobId does not affect schedules", async () => {
+    // Create a schedule job (not linked to any conversation)
+    const schedule = createSchedule({
+      name: "Unrelated schedule",
+      expression: "0 12 * * *",
+      message: "Noon check",
+    });
+
+    // Create a conversation with no schedule link
+    const conv = createConversation("no-schedule-conv");
+
+    // Call the DELETE handler
+    const handler = getDeleteHandler();
+    const req = new Request(`http://localhost/v1/conversations/${conv.id}`, {
+      method: "DELETE",
+    });
+    const response = await handler({
+      req,
+      url: new URL(req.url),
+      server: {} as never,
+      authContext: undefined as never,
+      params: { id: conv.id },
+    });
+
+    expect(response.status).toBe(204);
+
+    // Unrelated schedule should still exist
+    expect(getSchedule(schedule.id)).not.toBeNull();
+
+    // Conversation should be deleted
+    expect(getConversation(conv.id)).toBeNull();
+  });
+
+  test("deleting a conversation with a schedule also removes its cron_runs", async () => {
+    // Create a schedule job
+    const schedule = createSchedule({
+      name: "Recurring job",
+      expression: "0 9 * * *",
+      message: "Daily task",
+    });
+
+    // Create a conversation linked to the schedule
+    const conv = createConversation({
+      source: "schedule",
+      scheduleJobId: schedule.id,
+    });
+
+    // Insert a cron_run record for this schedule
+    const now = Date.now();
+    getRawDb()
+      .query(
+        `INSERT INTO cron_runs (id, job_id, conversation_id, status, started_at, created_at)
+         VALUES ('run-1', ?, ?, 'ok', ?, ?)`,
+      )
+      .run(schedule.id, conv.id, now, now);
+
+    // Verify the run exists
+    const runBefore = getRawDb()
+      .query("SELECT * FROM cron_runs WHERE id = 'run-1'")
+      .get();
+    expect(runBefore).not.toBeNull();
+
+    // Call the DELETE handler
+    const handler = getDeleteHandler();
+    const req = new Request(`http://localhost/v1/conversations/${conv.id}`, {
+      method: "DELETE",
+    });
+    const response = await handler({
+      req,
+      url: new URL(req.url),
+      server: {} as never,
+      authContext: undefined as never,
+      params: { id: conv.id },
+    });
+
+    expect(response.status).toBe(204);
+
+    // Schedule and its runs should be deleted (FK cascade)
+    expect(getSchedule(schedule.id)).toBeNull();
+    const runAfter = getRawDb()
+      .query("SELECT * FROM cron_runs WHERE id = 'run-1'")
+      .get();
+    expect(runAfter).toBeNull();
+  });
+
+  test("deleting one of multiple conversations sharing a schedule preserves the schedule", async () => {
+    // Recurring schedules create a new conversation per run, all sharing
+    // the same scheduleJobId.  Deleting an earlier run conversation must
+    // NOT cancel the schedule while other conversations still reference it.
+    const schedule = createSchedule({
+      name: "Recurring daily",
+      expression: "0 9 * * *",
+      message: "Daily task",
+    });
+
+    // Two conversations referencing the same schedule (simulates two runs)
+    const conv1 = createConversation({
+      source: "schedule",
+      scheduleJobId: schedule.id,
+    });
+    createConversation({
+      source: "schedule",
+      scheduleJobId: schedule.id,
+    });
+
+    // Delete the first conversation
+    const handler = getDeleteHandler();
+    const req = new Request(`http://localhost/v1/conversations/${conv1.id}`, {
+      method: "DELETE",
+    });
+    const response = await handler({
+      req,
+      url: new URL(req.url),
+      server: {} as never,
+      authContext: undefined as never,
+      params: { id: conv1.id },
+    });
+
+    expect(response.status).toBe(204);
+
+    // Schedule should still exist because another conversation references it
+    expect(getSchedule(schedule.id)).not.toBeNull();
+  });
+
+  test("deleting one scheduled conversation does not affect other schedules", async () => {
+    // Create two separate schedules
+    const scheduleA = createSchedule({
+      name: "Schedule A",
+      expression: "0 9 * * *",
+      message: "Task A",
+    });
+    const scheduleB = createSchedule({
+      name: "Schedule B",
+      expression: "0 17 * * *",
+      message: "Task B",
+    });
+
+    // Create conversations linked to each schedule
+    const convA = createConversation({
+      source: "schedule",
+      scheduleJobId: scheduleA.id,
+    });
+    createConversation({
+      source: "schedule",
+      scheduleJobId: scheduleB.id,
+    });
+
+    // Delete only conversation A
+    const handler = getDeleteHandler();
+    const req = new Request(`http://localhost/v1/conversations/${convA.id}`, {
+      method: "DELETE",
+    });
+    const response = await handler({
+      req,
+      url: new URL(req.url),
+      server: {} as never,
+      authContext: undefined as never,
+      params: { id: convA.id },
+    });
+
+    expect(response.status).toBe(204);
+
+    // Schedule A should be deleted
+    expect(getSchedule(scheduleA.id)).toBeNull();
+
+    // Schedule B should still exist
+    expect(getSchedule(scheduleB.id)).not.toBeNull();
+  });
+});
+
+describe("POST /conversations/:id/wipe — schedule cleanup", () => {
+  beforeEach(() => {
+    getRawDb().run("DELETE FROM cron_runs");
+    getRawDb().run("DELETE FROM cron_jobs");
+    getRawDb().run("DELETE FROM memory_item_sources");
+    getRawDb().run("DELETE FROM memory_segments");
+    getRawDb().run("DELETE FROM memory_items");
+    getRawDb().run("DELETE FROM memory_summaries");
+    getRawDb().run("DELETE FROM memory_embeddings");
+    getRawDb().run("DELETE FROM memory_jobs");
+    getRawDb().run("DELETE FROM tool_invocations");
+    getRawDb().run("DELETE FROM llm_request_logs");
+    getRawDb().run("DELETE FROM messages");
+    getRawDb().run("DELETE FROM conversations");
+  });
+
+  test("wiping a conversation with a scheduleJobId removes the schedule", async () => {
+    const schedule = createSchedule({
+      name: "Wipe-test schedule",
+      expression: "0 9 * * 1-5",
+      message: "Time for standup!",
+    });
+
+    const conv = createConversation({
+      source: "schedule",
+      scheduleJobId: schedule.id,
+    });
+
+    expect(getSchedule(schedule.id)).not.toBeNull();
+
+    const handler = getWipeHandler();
+    const req = new Request(
+      `http://localhost/v1/conversations/${conv.id}/wipe`,
+      { method: "POST" },
+    );
+    const response = await handler({
+      req,
+      url: new URL(req.url),
+      server: {} as never,
+      authContext: undefined as never,
+      params: { id: conv.id },
+    });
+
+    expect(response.status).toBe(200);
+
+    // Schedule should be deleted
+    expect(getSchedule(schedule.id)).toBeNull();
+  });
+
+  test("wiping a conversation without a scheduleJobId does not affect schedules", async () => {
+    const schedule = createSchedule({
+      name: "Unrelated schedule",
+      expression: "0 12 * * *",
+      message: "Noon check",
+    });
+
+    const conv = createConversation("no-schedule-wipe");
+
+    const handler = getWipeHandler();
+    const req = new Request(
+      `http://localhost/v1/conversations/${conv.id}/wipe`,
+      { method: "POST" },
+    );
+    const response = await handler({
+      req,
+      url: new URL(req.url),
+      server: {} as never,
+      authContext: undefined as never,
+      params: { id: conv.id },
+    });
+
+    expect(response.status).toBe(200);
+
+    // Unrelated schedule should still exist
+    expect(getSchedule(schedule.id)).not.toBeNull();
+  });
+});

package/src/__tests__/conversation-error.test.ts

@@ -435,11 +435,12 @@ describe("classifyConversationError", () => {
       expect(result.retryable).toBe(true);
     });
 
-    it("classifies ProviderError with 401 as PROVIDER_BILLING (non-retryable)", () => {
+    it("classifies ProviderError with 401 as PROVIDER_NOT_CONFIGURED (non-retryable)", () => {
       const err = new ProviderError("Unauthorized", "anthropic", 401);
       const result = classifyConversationError(err, baseCtx);
-      expect(result.code).toBe("PROVIDER_BILLING");
+      expect(result.code).toBe("PROVIDER_NOT_CONFIGURED");
       expect(result.retryable).toBe(false);
+      expect(result.errorCategory).toBe("provider_not_configured");
     });
 
     it("classifies ProviderError with 402 as credits_exhausted (non-retryable)", () => {

package/src/__tests__/credential-security-invariants.test.ts

@@ -483,13 +483,9 @@ describe("Invariant 6: oauth2ClientSecret not in metadata, only in secure store"
   });
 
   test("upsertCredentialMetadata does not accept oauth2ClientSecret or other OAuth fields", () => {
-    const record = upsertCredentialMetadata(
-      "integration:google",
-      "access_token",
-      {
-        allowedTools: ["api_request"],
-      },
-    );
+    const record = upsertCredentialMetadata("google", "access_token", {
+      allowedTools: ["api_request"],
+    });
     expect("oauth2ClientSecret" in record).toBe(false);
     expect("oauth2TokenUrl" in record).toBe(false);
     expect("oauth2ClientId" in record).toBe(false);
@@ -497,14 +493,14 @@ describe("Invariant 6: oauth2ClientSecret not in metadata, only in secure store"
 
   test("client secret is read from secure store, not metadata", async () => {
     await setSecureKeyAsync(
-      credentialKey("integration:google", "client_secret"),
+      credentialKey("google", "client_secret"),
       "my-secret",
     );
-    upsertCredentialMetadata("integration:google", "access_token", {
+    upsertCredentialMetadata("google", "access_token", {
       allowedTools: ["api_request"],
     });
 
-    const meta = getCredentialMetadata("integration:google", "access_token");
+    const meta = getCredentialMetadata("google", "access_token");
     expect(meta).toBeDefined();
     expect("oauth2ClientSecret" in meta!).toBe(false);
     // OAuth-specific fields are no longer in metadata (v5)
@@ -513,9 +509,7 @@ describe("Invariant 6: oauth2ClientSecret not in metadata, only in secure store"
 
     // Secret is in secure store
     expect(
-      await getSecureKeyAsync(
-        credentialKey("integration:google", "client_secret"),
-      ),
+      await getSecureKeyAsync(credentialKey("google", "client_secret")),
     ).toBe("my-secret");
   });
 
@@ -525,7 +519,7 @@ describe("Invariant 6: oauth2ClientSecret not in metadata, only in secure store"
       credentials: [
         {
           credentialId: "cred-v2-secret",
-          service: "integration:google",
+          service: "google",
           field: "access_token",
           allowedTools: [],
           allowedDomains: [],
@@ -543,7 +537,7 @@ describe("Invariant 6: oauth2ClientSecret not in metadata, only in secure store"
       "utf-8",
     );
 
-    const meta = getCredentialMetadata("integration:google", "access_token");
+    const meta = getCredentialMetadata("google", "access_token");
     expect(meta).toBeDefined();
     expect("oauth2ClientSecret" in meta!).toBe(false);