@vellumai/assistant 0.5.11 → 0.5.13

package/src/__tests__/onboarding-template-contract.test.ts

@@ -57,8 +57,8 @@ describe("onboarding template contracts", () => {
     test("contains wrapping-up criteria with required conditions", () => {
       const lower = bootstrap.toLowerCase();
       expect(lower).toContain("wrapping up");
-      expect(lower).toContain("done with onboarding");
-      expect(lower).toContain("vibe");
+      expect(lower).toContain("delete");
+      expect(lower).toContain("bootstrap.md");
       expect(lower).toContain("two suggestions");
     });
 

package/src/__tests__/platform.test.ts

@@ -1,15 +1,8 @@
 import { randomBytes } from "node:crypto";
-import { existsSync, mkdirSync, rmSync, writeFileSync } from "node:fs";
-import { homedir, tmpdir } from "node:os";
+import { existsSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
 import { join } from "node:path";
-import { afterEach, describe, expect, mock, test } from "bun:test";
-
-// Mutable homedir override — when set, resolveInstanceDataDir reads from here.
-let homedirOverride: string | undefined;
-mock.module("node:os", () => ({
-  homedir: () => homedirOverride ?? homedir(),
-  tmpdir,
-}));
+import { afterEach, describe, expect, test } from "bun:test";
 
 import {
   ensureDataDir,
@@ -28,7 +21,6 @@ import {
   getWorkspaceHooksDir,
   getWorkspacePromptPath,
   getWorkspaceSkillsDir,
-  resolveInstanceDataDir,
 } from "../util/platform.js";
 
 const originalBaseDataDir = process.env.BASE_DATA_DIR;
@@ -39,7 +31,6 @@ afterEach(() => {
   } else {
     process.env.BASE_DATA_DIR = originalBaseDataDir;
   }
-  homedirOverride = undefined;
 });
 
 // Baseline path characterization: documents current pre-migration path layout.
@@ -155,159 +146,3 @@ describe("workspace path primitives", () => {
     expect(getWorkspaceDir()).toBe("/tmp/custom-base/.vellum/workspace");
   });
 });
-
-describe("resolveInstanceDataDir", () => {
-  function makeTempHome(): string {
-    const dir = join(
-      tmpdir(),
-      `platform-home-${randomBytes(4).toString("hex")}`,
-    );
-    mkdirSync(dir, { recursive: true });
-    homedirOverride = dir;
-    return dir;
-  }
-
-  function writeLockfileToHome(
-    home: string,
-    data: Record<string, unknown>,
-  ): void {
-    writeFileSync(
-      join(home, ".vellum.lock.json"),
-      JSON.stringify(data, null, 2),
-    );
-  }
-
-  test("returns undefined when no lockfile exists", () => {
-    makeTempHome();
-    expect(resolveInstanceDataDir()).toBeUndefined();
-  });
-
-  test("returns sole local assistant instanceDir when no activeAssistant", () => {
-    const home = makeTempHome();
-    writeLockfileToHome(home, {
-      assistants: [
-        {
-          assistantId: "vellum-calm-stork",
-          cloud: "local",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-calm-stork",
-          },
-        },
-      ],
-    });
-    expect(resolveInstanceDataDir()).toBe(
-      "/Users/test/.local/share/vellum/assistants/vellum-calm-stork",
-    );
-  });
-
-  test("returns active assistant instanceDir when activeAssistant matches", () => {
-    const home = makeTempHome();
-    writeLockfileToHome(home, {
-      activeAssistant: "vellum-bold-fox",
-      assistants: [
-        {
-          assistantId: "vellum-calm-stork",
-          cloud: "local",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-calm-stork",
-          },
-        },
-        {
-          assistantId: "vellum-bold-fox",
-          cloud: "local",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-bold-fox",
-          },
-        },
-      ],
-    });
-    expect(resolveInstanceDataDir()).toBe(
-      "/Users/test/.local/share/vellum/assistants/vellum-bold-fox",
-    );
-  });
-
-  test("returns undefined when multiple local assistants and no activeAssistant", () => {
-    const home = makeTempHome();
-    writeLockfileToHome(home, {
-      assistants: [
-        {
-          assistantId: "vellum-calm-stork",
-          cloud: "local",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-calm-stork",
-          },
-        },
-        {
-          assistantId: "vellum-bold-fox",
-          cloud: "local",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-bold-fox",
-          },
-        },
-      ],
-    });
-    expect(resolveInstanceDataDir()).toBeUndefined();
-  });
-
-  test("returns undefined when lockfile has no assistants array", () => {
-    const home = makeTempHome();
-    writeLockfileToHome(home, { version: 1 });
-    expect(resolveInstanceDataDir()).toBeUndefined();
-  });
-
-  test("returns undefined when lockfile is malformed JSON", () => {
-    const home = makeTempHome();
-    writeFileSync(join(home, ".vellum.lock.json"), "{{not json");
-    expect(resolveInstanceDataDir()).toBeUndefined();
-  });
-
-  test("treats assistants without cloud field as local", () => {
-    const home = makeTempHome();
-    writeLockfileToHome(home, {
-      assistants: [
-        {
-          assistantId: "vellum-quiet-owl",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-quiet-owl",
-          },
-        },
-      ],
-    });
-    expect(resolveInstanceDataDir()).toBe(
-      "/Users/test/.local/share/vellum/assistants/vellum-quiet-owl",
-    );
-  });
-
-  test("ignores cloud assistants when resolving", () => {
-    const home = makeTempHome();
-    writeLockfileToHome(home, {
-      assistants: [
-        {
-          assistantId: "vellum-cloud-eagle",
-          cloud: "platform",
-          resources: {
-            instanceDir: "/some/cloud/path",
-          },
-        },
-        {
-          assistantId: "vellum-local-robin",
-          cloud: "local",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-local-robin",
-          },
-        },
-      ],
-    });
-    // Only one local assistant, so it auto-selects
-    expect(resolveInstanceDataDir()).toBe(
-      "/Users/test/.local/share/vellum/assistants/vellum-local-robin",
-    );
-  });
-});

package/src/__tests__/secret-routes-managed-proxy.test.ts

@@ -6,6 +6,7 @@ let lastGeminiConstructorOpts: Record<string, unknown> | null = null;
 let secureKeyStore: Record<string, string | undefined> = {};
 const metadataUpserts: Array<{ service: string; field: string }> = [];
 const metadataDeletes: Array<{ service: string; field: string }> = [];
+let providerRefreshCalls = 0;
 
 const PLATFORM_BASE_URL = "https://platform.example.com";
 const ASSISTANT_API_KEY_PATH = credentialKey("vellum", "assistant_api_key");
@@ -137,6 +138,29 @@ function makeDeleteCredentialRequest(name: string): Request {
   });
 }
 
+function makeAddApiKeyRequest(name: string, value: string): Request {
+  return new Request("http://localhost/v1/secrets", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      type: "api_key",
+      name,
+      value,
+    }),
+  });
+}
+
+function makeDeleteApiKeyRequest(name: string): Request {
+  return new Request("http://localhost/v1/secrets", {
+    method: "DELETE",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      type: "api_key",
+      name,
+    }),
+  });
+}
+
 describe("secret routes managed proxy registry sync", () => {
   beforeEach(async () => {
     secureKeyStore = {};
@@ -144,6 +168,7 @@ describe("secret routes managed proxy registry sync", () => {
     metadataDeletes.length = 0;
     lastGeminiConstructorOpts = null;
     platformBaseUrlOverride = undefined;
+    providerRefreshCalls = 0;
     await initializeProviders(mockConfig);
   });
 
@@ -169,6 +194,33 @@ describe("secret routes managed proxy registry sync", () => {
     expect(lastGeminiConstructorOpts).toBeDefined();
   });
 
+  test("provider API key writes notify live-conversation refresh listeners", async () => {
+    const res = await handleAddSecret(
+      makeAddApiKeyRequest("fireworks", "fw-key"),
+      {
+        onProviderCredentialsChanged: () => {
+          providerRefreshCalls++;
+        },
+      },
+    );
+
+    expect(res.status).toBe(201);
+    expect(secureKeyStore.fireworks).toBe("fw-key");
+    expect(providerRefreshCalls).toBe(1);
+
+    const deleteRes = await handleDeleteSecret(
+      makeDeleteApiKeyRequest("fireworks"),
+      {
+        onProviderCredentialsChanged: () => {
+          providerRefreshCalls++;
+        },
+      },
+    );
+
+    expect(deleteRes.status).toBe(200);
+    expect(providerRefreshCalls).toBe(2);
+  });
+
   test("deleting vellum:assistant_api_key clears managed fallback providers immediately", async () => {
     secureKeyStore[ASSISTANT_API_KEY_PATH] = "ast-managed-key";
     await initializeProviders(mockConfig);
@@ -190,6 +242,32 @@ describe("secret routes managed proxy registry sync", () => {
     expect(listProviders()).toEqual([]);
   });
 
+  test("managed proxy credential writes notify live-conversation refresh listeners", async () => {
+    const res = await handleAddSecret(
+      makeAddCredentialRequest("vellum:assistant_api_key", "ast-managed-key"),
+      {
+        onProviderCredentialsChanged: () => {
+          providerRefreshCalls++;
+        },
+      },
+    );
+
+    expect(res.status).toBe(201);
+    expect(providerRefreshCalls).toBe(1);
+
+    const deleteRes = await handleDeleteSecret(
+      makeDeleteCredentialRequest("vellum:assistant_api_key"),
+      {
+        onProviderCredentialsChanged: () => {
+          providerRefreshCalls++;
+        },
+      },
+    );
+
+    expect(deleteRes.status).toBe(200);
+    expect(providerRefreshCalls).toBe(2);
+  });
+
   test("storing vellum:platform_base_url sets override and triggers initializeProviders", async () => {
     const res = await handleAddSecret(
       makeAddCredentialRequest(

package/src/__tests__/secure-keys-managed-failover.test.ts

@@ -0,0 +1,73 @@
+import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+import type { CesClient } from "../credential-execution/client.js";
+import {
+  _resetBackend,
+  getActiveBackendName,
+  getSecureKeyAsync,
+  setCesClient,
+} from "../security/secure-keys.js";
+
+const rpcCall = mock(async () => ({ found: false }));
+const originalFetch = globalThis.fetch;
+
+let rpcReady = true;
+
+function createMockCesClient(): CesClient {
+  return {
+    handshake: mock(async () => ({ accepted: true })),
+    call: rpcCall as CesClient["call"],
+    updateAssistantApiKey: mock(async () => ({ updated: true })),
+    isReady: () => rpcReady,
+    close: mock(() => {}),
+  };
+}
+
+describe("secure-keys managed CES failover", () => {
+  beforeEach(() => {
+    _resetBackend();
+    rpcCall.mockClear();
+    rpcReady = true;
+    process.env.IS_CONTAINERIZED = "1";
+    process.env.CES_CREDENTIAL_URL = "http://localhost:8090";
+    process.env.CES_SERVICE_TOKEN = "test-token";
+    const mockFetch = mock(async () => {
+      return new Response(JSON.stringify({ value: "http-secret" }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      });
+    }) as unknown as typeof fetch;
+    mockFetch.preconnect = originalFetch.preconnect;
+    globalThis.fetch = mockFetch;
+  });
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+    delete process.env.IS_CONTAINERIZED;
+    delete process.env.CES_CREDENTIAL_URL;
+    delete process.env.CES_SERVICE_TOKEN;
+    _resetBackend();
+  });
+
+  test("falls back from dead CES RPC transport to CES HTTP in managed mode", async () => {
+    setCesClient(createMockCesClient());
+
+    expect(await getSecureKeyAsync("openai")).toBeUndefined();
+    expect(getActiveBackendName()).toBe("ces-rpc");
+    expect(rpcCall).toHaveBeenCalledTimes(1);
+
+    rpcReady = false;
+
+    expect(await getSecureKeyAsync("openai")).toBe("http-secret");
+    expect(getActiveBackendName()).toBe("ces-http");
+    expect(rpcCall).toHaveBeenCalledTimes(1);
+    expect(globalThis.fetch).toHaveBeenCalledTimes(1);
+  });
+});

package/src/__tests__/skill-feature-flags.test.ts

@@ -19,6 +19,7 @@ afterEach(() => {
 const DECLARED_FLAG_ID = "contacts";
 const DECLARED_FLAG_KEY = DECLARED_FLAG_ID;
 const DECLARED_SKILL_ID = "contacts";
+const APP_BUILDER_MULTIFILE_FLAG_KEY = "app-builder-multifile";
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
@@ -158,6 +159,13 @@ describe("isAssistantFeatureFlagEnabled", () => {
     // browser is declared in the registry with defaultEnabled: true
     expect(isAssistantFeatureFlagEnabled("browser", config)).toBe(true);
   });
+
+  test("app-builder-multifile defaults to enabled when no override is set", () => {
+    const config = makeConfig();
+    expect(
+      isAssistantFeatureFlagEnabled(APP_BUILDER_MULTIFILE_FLAG_KEY, config),
+    ).toBe(true);
+  });
 });
 
 // ---------------------------------------------------------------------------

package/src/__tests__/skill-secret-handling-guard.test.ts

@@ -0,0 +1,212 @@
+import { execSync } from "node:child_process";
+import { describe, expect, test } from "bun:test";
+
+/**
+ * Guard test: SKILL.md files must never instruct the assistant to accept
+ * secrets (passwords, API keys, tokens, etc.) pasted directly in chat.
+ *
+ * Secrets must always be collected via `credential_store prompt`, which
+ * presents a secure native UI that keeps the value out of conversation
+ * history and LLM context.
+ *
+ * This guard prevents regressions like the gmail/messaging bundled skill
+ * violation where SKILL.md contained "Include client_secret too if they
+ * provide one" — directing the assistant to accept a secret value from
+ * the chat stream.
+ */
+
+/** SKILL.md files permitted to contain otherwise-violating patterns. */
+const ALLOWLIST = new Set<string>([
+  // Add paths here only if there is a genuine, documented exception.
+]);
+
+/**
+ * Words that indicate the line is about a secret/credential value.
+ */
+const SECRET_WORDS =
+  "secret|password|api[_\\s-]?key|auth[_\\s-]?token|private[_\\s-]?key|access[_\\s-]?token|client[_\\s-]?secret|signing[_\\s-]?key|bearer[_\\s-]?token";
+
+/**
+ * Patterns that indicate the assistant is being told to accept a secret
+ * value directly in chat, rather than via credential_store prompt.
+ */
+const VIOLATION_PATTERNS: RegExp[] = [
+  // "accept <secret> in/via/from chat/plaintext/the conversation"
+  new RegExp(
+    `accept\\s+.*(?:${SECRET_WORDS}).*\\b(?:in|via|from)\\s+(?:chat|plaintext|the\\s+conversation)`,
+    "i",
+  ),
+  new RegExp(
+    `accept\\s+.*\\b(?:in|via|from)\\s+(?:chat|plaintext|the\\s+conversation).*(?:${SECRET_WORDS})`,
+    "i",
+  ),
+  // "ask (the user|them) (for|to share/send/paste/type/provide) <secret>" where destination is chat
+  // Must have "the user" or "them" as the object to avoid matching third-party descriptions
+  // like "Discord will ask for a 2FA code before revealing the secret"
+  new RegExp(
+    `ask\\s+(?:the\\s+user|them)\\s+(?:for|to\\s+(?:share|send|paste|type|provide))\\s+(?:the\\s+|their\\s+|a\\s+)?(?:${SECRET_WORDS})`,
+    "i",
+  ),
+  // "Include <secret> too if they provide one" — the original gmail violation pattern
+  new RegExp(
+    `include\\s+(?:the\\s+)?(?:${SECRET_WORDS})\\s+(?:too|as\\s+well|also)\\s+if\\s+they\\s+provide`,
+    "i",
+  ),
+  // "<secret> pasted/typed/sent in chat/conversation/plaintext"
+  new RegExp(
+    `(?:${SECRET_WORDS})\\s+(?:pasted|typed|sent|provided|shared)\\s+(?:in|via|through)\\s+(?:chat|conversation|plaintext)`,
+    "i",
+  ),
+  // "paste/type/send <secret> in chat/here/the conversation"
+  new RegExp(
+    `(?:paste|type|send|share|provide)\\s+(?:the\\s+|your\\s+|their\\s+)?(?:${SECRET_WORDS})\\s+(?:in\\s+(?:chat|the\\s+conversation)|here)`,
+    "i",
+  ),
+];
+
+/**
+ * Lines containing these negation words are typically instructing the
+ * assistant NOT to do something — these are not violations.
+ */
+const NEGATION_PATTERNS =
+  /\b(?:never|do\s+not|don['']t|must\s+not|should\s+not|shouldn['']t)\b|\bNOT\b/;
+
+/**
+ * Lines that are YAML-style field values within a credential_store prompt
+ * block (label, description, placeholder). These contain secret-related
+ * words but are secure UI text, not chat instructions.
+ */
+const CREDENTIAL_STORE_UI_FIELD =
+  /^\s*(?:[-*]\s+)?(?:label|description|placeholder)\s*[:=]\s*/i;
+
+interface Violation {
+  file: string;
+  line: number;
+  text: string;
+}
+
+function findViolations(): Violation[] {
+  const repoRoot = process.cwd() + "/..";
+
+  // Find all SKILL.md files tracked by git
+  let skillFiles: string[];
+  try {
+    const output = execSync(`git grep -l "" -- '*/SKILL.md'`, {
+      encoding: "utf-8",
+      cwd: repoRoot,
+    }).trim();
+    skillFiles = output.split("\n").filter((f) => f.length > 0);
+  } catch (err) {
+    if ((err as { status?: number }).status === 1) {
+      return []; // no SKILL.md files found
+    }
+    throw err;
+  }
+
+  // Filter to skills/ and assistant/src/config/bundled-skills/ directories
+  skillFiles = skillFiles.filter(
+    (f) =>
+      f.startsWith("skills/") ||
+      f.startsWith("assistant/src/config/bundled-skills/"),
+  );
+
+  const violations: Violation[] = [];
+
+  for (const filePath of skillFiles) {
+    if (ALLOWLIST.has(filePath)) continue;
+
+    let content: string;
+    try {
+      content = execSync(`git show HEAD:${filePath}`, {
+        encoding: "utf-8",
+        cwd: repoRoot,
+      });
+    } catch {
+      continue;
+    }
+
+    const lines = content.split("\n");
+
+    // Track whether we're inside a credential_store prompt block
+    // (indented YAML-like content after a credential_store mention)
+    let inCredentialStoreBlock = false;
+    let blockIndent = 0;
+
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      const lineNumber = i + 1;
+
+      // Track credential_store prompt blocks
+      if (/credential_store\s+prompt/i.test(line)) {
+        inCredentialStoreBlock = true;
+        blockIndent = line.search(/\S/);
+        continue;
+      }
+
+      // Exit credential_store block when indentation returns to same or lesser level
+      if (inCredentialStoreBlock) {
+        const currentIndent = line.search(/\S/);
+        if (
+          currentIndent !== -1 &&
+          currentIndent <= blockIndent &&
+          line.trim().length > 0
+        ) {
+          inCredentialStoreBlock = false;
+        }
+      }
+
+      // Skip empty lines
+      if (line.trim().length === 0) continue;
+
+      // Skip negation lines — these instruct NOT to do something
+      if (NEGATION_PATTERNS.test(line)) continue;
+
+      // Skip credential_store UI field lines (label:, description:, placeholder:)
+      if (inCredentialStoreBlock && CREDENTIAL_STORE_UI_FIELD.test(line))
+        continue;
+
+      // Strip markdown backticks before pattern matching so that
+      // violations like `client_secret` are caught the same as bare words.
+      const stripped = line.replace(/`/g, "");
+
+      // Check against violation patterns
+      for (const pattern of VIOLATION_PATTERNS) {
+        if (pattern.test(stripped)) {
+          violations.push({
+            file: filePath,
+            line: lineNumber,
+            text: line.trim(),
+          });
+          break; // one violation per line is enough
+        }
+      }
+    }
+  }
+
+  return violations;
+}
+
+describe("SKILL.md secret handling guard", () => {
+  test("no SKILL.md files instruct accepting secrets in chat", () => {
+    const violations = findViolations();
+
+    if (violations.length > 0) {
+      const message = [
+        "Found SKILL.md files that instruct accepting secrets directly in chat.",
+        "Secrets must always be collected via `credential_store prompt`, which",
+        "presents a secure native UI that keeps values out of conversation history.",
+        "",
+        "Violations:",
+        ...violations.map((v) => `  - ${v.file}:${v.line}: ${v.text}`),
+        "",
+        "To fix: replace chat-based secret collection with a `credential_store prompt` call.",
+        "See any *-setup skill (e.g. skills/slack-app-setup/SKILL.md) for the correct pattern.",
+        "",
+        "If this is a genuine exception, add the file path to the ALLOWLIST in",
+        "skill-secret-handling-guard.test.ts.",
+      ].join("\n");
+
+      expect(violations, message).toEqual([]);
+    }
+  });
+});

package/src/__tests__/skills-uninstall.test.ts

@@ -58,7 +58,7 @@ describe("assistant skills uninstall", () => {
 
     // GIVEN a skill is installed locally
     installFakeSkill("weather");
-    writeSkillsIndex("- weather\n- google-oauth-applescript\n");
+    writeSkillsIndex("- weather\n- google-oauth-app-setup\n");
 
     // WHEN we uninstall the skill
     uninstallSkillLocally("weather");
@@ -71,7 +71,7 @@ describe("assistant skills uninstall", () => {
     expect(index).not.toContain("weather");
 
     // AND other skills should remain in the index
-    expect(index).toContain("google-oauth-applescript");
+    expect(index).toContain("google-oauth-app-setup");
   });
 
   test("errors when skill is not installed", () => {