@vellumai/assistant 0.5.13 → 0.5.15

package/src/__tests__/native-web-search.test.ts

@@ -44,26 +44,29 @@ mock.module("@anthropic-ai/sdk", () => ({
   default: class MockAnthropic {
     static APIError = FakeAPIError;
     constructor(_args: Record<string, unknown>) {}
-    messages = {
-      stream: (
-        params: Record<string, unknown>,
-        _options?: Record<string, unknown>,
-      ) => {
-        lastStreamParams = JSON.parse(JSON.stringify(params));
-        const handlers: Record<string, ((...args: unknown[]) => void)[]> = {};
-        return {
-          on(event: string, cb: (...args: unknown[]) => void) {
-            (handlers[event] ??= []).push(cb);
-            return this;
-          },
-          async finalMessage() {
-            // Fire any pending stream events
-            for (const ev of pendingStreamEvents) {
-              for (const cb of handlers["streamEvent"] ?? []) cb(ev);
-            }
-            return { ...fakeResponse, content: fakeResponseContent };
-          },
-        };
+    beta = {
+      messages: {
+        stream: (
+          params: Record<string, unknown>,
+          _options?: Record<string, unknown>,
+        ) => {
+          lastStreamParams = JSON.parse(JSON.stringify(params));
+          const handlers: Record<string, ((...args: unknown[]) => void)[]> =
+            {};
+          return {
+            on(event: string, cb: (...args: unknown[]) => void) {
+              (handlers[event] ??= []).push(cb);
+              return this;
+            },
+            async finalMessage() {
+              // Fire any pending stream events
+              for (const ev of pendingStreamEvents) {
+                for (const cb of handlers["streamEvent"] ?? []) cb(ev);
+              }
+              return { ...fakeResponse, content: fakeResponseContent };
+            },
+          };
+        },
       },
     };
   },
@@ -371,13 +374,13 @@ describe("Native Web Search — Tool Filtering", () => {
 
     const tools = lastStreamParams!.tools as Array<{
       name: string;
-      cache_control?: { type: string };
+      cache_control?: { type: string; ttl?: string };
     }>;
 
     // file_read is the last custom tool (only custom tool in this case)
     // and it should get cache_control since it's the last in the mappedOther list
     expect(tools[0].name).toBe("file_read");
-    expect(tools[0].cache_control).toEqual({ type: "ephemeral" });
+    expect(tools[0].cache_control).toEqual({ type: "ephemeral", ttl: "1h" });
 
     // Native web search tool should NOT have cache_control set by the mapping logic
     // (it's appended after the mapped custom tools)

package/src/__tests__/non-member-access-request.test.ts

@@ -7,29 +7,12 @@
  * 3. Create a guardian approval request for the access request
  * 4. Deduplicate: don't create duplicate requests for repeated messages
  */
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
 
 // ---------------------------------------------------------------------------
 // Test isolation: in-memory SQLite via temp directory
 // ---------------------------------------------------------------------------
 
-const testDir = mkdtempSync(join(tmpdir(), "non-member-access-request-test-"));
-
-mock.module("../util/platform.js", () => ({
-  getRootDir: () => testDir,
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -92,11 +75,6 @@ initializeDb();
 
 afterAll(() => {
   resetDb();
-  try {
-    rmSync(testDir, { recursive: true });
-  } catch {
-    /* best effort */
-  }
 });
 
 // ---------------------------------------------------------------------------

package/src/__tests__/notification-guardian-path.test.ts

@@ -5,27 +5,11 @@
  * pipeline (including conversation-created callbacks) without a custom dispatch path.
  */
 
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
 
 import type { ConversationCreatedInfo } from "../notifications/broadcaster.js";
 import type { NotificationDeliveryResult } from "../notifications/types.js";
 
-const testDir = mkdtempSync(join(tmpdir(), "notification-guardian-path-"));
-
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -152,11 +136,6 @@ describe("ASK_GUARDIAN canonical notification path", () => {
 
   afterAll(() => {
     resetDb();
-    try {
-      rmSync(testDir, { recursive: true });
-    } catch {
-      /* best effort */
-    }
   });
 
   test("dispatches through emitNotificationSignal with guardian context metadata", async () => {

package/src/__tests__/notification-schedule-dedup.test.ts

@@ -14,25 +14,7 @@
  * signals, and `checkDedupe` never finds a matching row.
  */
 
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
-
-const testDir = mkdtempSync(
-  join(tmpdir(), "notification-schedule-dedup-test-"),
-);
-
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
+import { beforeEach, describe, expect, mock, test } from "bun:test";
 
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
@@ -54,12 +36,6 @@ import type { NotificationDecision } from "../notifications/types.js";
 
 initializeDb();
 
-afterAll(() => {
-  try {
-    rmSync(testDir, { recursive: true, force: true });
-  } catch {}
-});
-
 beforeEach(() => {
   // Clear notification events between tests for isolation
   getDb().delete(notificationEvents).run();

package/src/__tests__/oauth-apps-routes.test.ts

@@ -10,7 +10,7 @@ const mockListConnections = mock(() => [
   {
     id: "conn-1",
     providerKey: "google",
-    accountInfo: "{\"email\":\"alice@example.com\"}",
+    accountInfo: '{"email":"alice@example.com"}',
     grantedScopes: '["email","profile"]',
     status: "active",
     hasRefreshToken: 1,
@@ -37,7 +37,44 @@ mock.module("../oauth/oauth-store.js", () => ({
   getApp: mockGetApp,
   getAppClientSecret: mock(() => Promise.resolve(undefined)),
   getConnection: mock(() => undefined),
-  getProvider: mock(() => undefined),
+  getProvider: mock((providerKey: string) =>
+    providerKey === "google"
+      ? {
+          providerKey: "google",
+          displayName: "Google",
+          description: "Google OAuth provider",
+          dashboardUrl: "https://console.cloud.google.com/apis/credentials",
+          clientIdPlaceholder: null,
+          requiresClientSecret: 1,
+          managedServiceConfigKey: "google-oauth",
+          authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+          tokenUrl: "https://oauth2.googleapis.com/token",
+          tokenEndpointAuthMethod: null,
+          userinfoUrl: null,
+          baseUrl: null,
+          defaultScopes: "[]",
+          scopePolicy: "[]",
+          extraParams: null,
+          callbackTransport: null,
+          pingUrl: null,
+          pingMethod: null,
+          pingHeaders: null,
+          pingBody: null,
+          loopbackPort: null,
+          injectionTemplates: null,
+          appType: null,
+          setupNotes: null,
+          identityUrl: null,
+          identityMethod: null,
+          identityHeaders: null,
+          identityBody: null,
+          identityFormat: null,
+          identityOkField: null,
+          createdAt: 1735689500000,
+          updatedAt: 1735689550000,
+        }
+      : undefined,
+  ),
   listApps: mock(() => []),
   listConnections: mockListConnections,
   upsertApp: mock(() =>
@@ -101,3 +138,67 @@ describe("GET /v1/oauth/apps/:appId/connections", () => {
     expect(body.connections[1]?.has_refresh_token).toBe(false);
   });
 });
+
+describe("GET /v1/oauth/apps", () => {
+  test("returns provider metadata with correct types when provider exists", async () => {
+    const req = new Request(
+      "http://localhost/v1/oauth/apps?provider_key=google",
+    );
+    const url = new URL(req.url);
+    const res = await getRoute("GET", "oauth/apps").handler({
+      req,
+      url,
+      server: null as never,
+      authContext: null as never,
+      params: {},
+    });
+
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as {
+      provider: {
+        provider_key: string;
+        display_name: string | null;
+        description: string | null;
+        dashboard_url: string | null;
+        client_id_placeholder: string | null;
+        requires_client_secret: boolean;
+        supports_managed_mode: boolean;
+      } | null;
+      apps: unknown[];
+    };
+
+    expect(body.provider).not.toBeNull();
+    expect(body.provider!.provider_key).toBe("google");
+    expect(body.provider!.display_name).toBe("Google");
+    expect(body.provider!.description).toBe("Google OAuth provider");
+
+    // requires_client_secret is normalised to a boolean by the shared serializer
+    expect(body.provider!.requires_client_secret).toBe(true);
+    expect(typeof body.provider!.requires_client_secret).toBe("boolean");
+
+    // supports_managed_mode is derived from the presence of managedServiceConfigKey
+    expect(body.provider!.supports_managed_mode).toBe(true);
+  });
+
+  test("returns null provider when provider does not exist", async () => {
+    const req = new Request(
+      "http://localhost/v1/oauth/apps?provider_key=unknown",
+    );
+    const url = new URL(req.url);
+    const res = await getRoute("GET", "oauth/apps").handler({
+      req,
+      url,
+      server: null as never,
+      authContext: null as never,
+      params: {},
+    });
+
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as {
+      provider: unknown;
+      apps: unknown[];
+    };
+
+    expect(body.provider).toBeNull();
+  });
+});

package/src/__tests__/oauth-cli.test.ts

@@ -406,6 +406,7 @@ describe("assistant oauth providers list", () => {
       defaultScopes: "[]",
       scopePolicy: "{}",
       extraParams: null,
+      managedServiceConfigKey: "google-oauth",
       createdAt: "2025-01-01T00:00:00.000Z",
       updatedAt: "2025-01-01T00:00:00.000Z",
     },
@@ -416,6 +417,7 @@ describe("assistant oauth providers list", () => {
       defaultScopes: "[]",
       scopePolicy: "{}",
       extraParams: null,
+      managedServiceConfigKey: "google-calendar-oauth",
       createdAt: "2025-01-01T00:00:00.000Z",
       updatedAt: "2025-01-01T00:00:00.000Z",
     },
@@ -426,6 +428,7 @@ describe("assistant oauth providers list", () => {
       defaultScopes: "[]",
       scopePolicy: "{}",
       extraParams: null,
+      managedServiceConfigKey: null,
       createdAt: "2025-01-01T00:00:00.000Z",
       updatedAt: "2025-01-01T00:00:00.000Z",
     },
@@ -436,6 +439,7 @@ describe("assistant oauth providers list", () => {
       defaultScopes: "[]",
       scopePolicy: "{}",
       extraParams: null,
+      managedServiceConfigKey: null,
       createdAt: "2025-01-01T00:00:00.000Z",
       updatedAt: "2025-01-01T00:00:00.000Z",
     },
@@ -535,6 +539,54 @@ describe("assistant oauth providers list", () => {
     expect(keys).toContain("google-calendar");
     expect(keys).toContain("slack");
   });
+
+  test("--supports-managed returns only providers with managedServiceConfigKey set", async () => {
+    const { exitCode, stdout } = await runCli([
+      "providers",
+      "list",
+      "--supports-managed",
+      "--json",
+    ]);
+    expect(exitCode).toBe(0);
+    const parsed = JSON.parse(stdout);
+    expect(parsed).toHaveLength(2);
+    const keys = parsed.map((p: { providerKey: string }) => p.providerKey);
+    expect(keys).toContain("google");
+    expect(keys).toContain("google-calendar");
+    expect(keys).not.toContain("slack");
+    expect(keys).not.toContain("twitter");
+  });
+
+  test("--supports-managed combined with --provider-key applies both filters (AND)", async () => {
+    const { exitCode, stdout } = await runCli([
+      "providers",
+      "list",
+      "--supports-managed",
+      "--provider-key",
+      "google",
+      "--json",
+    ]);
+    expect(exitCode).toBe(0);
+    const parsed = JSON.parse(stdout);
+    // Both google and google-calendar match --provider-key "google" AND have
+    // managedServiceConfigKey set, so both are returned.
+    expect(parsed).toHaveLength(2);
+    const keys = parsed.map((p: { providerKey: string }) => p.providerKey);
+    expect(keys).toContain("google");
+    expect(keys).toContain("google-calendar");
+  });
+
+  test("without --supports-managed all providers are returned (existing behavior)", async () => {
+    const { exitCode, stdout } = await runCli(["providers", "list", "--json"]);
+    expect(exitCode).toBe(0);
+    const parsed = JSON.parse(stdout);
+    expect(parsed).toHaveLength(4);
+    const keys = parsed.map((p: { providerKey: string }) => p.providerKey);
+    expect(keys).toContain("google");
+    expect(keys).toContain("google-calendar");
+    expect(keys).toContain("slack");
+    expect(keys).toContain("twitter");
+  });
 });
 
 // ---------------------------------------------------------------------------

package/src/__tests__/oauth-provider-profiles.test.ts

@@ -1,21 +1,5 @@
-import { mkdtempSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { describe, expect, mock, test } from "bun:test";
 
-const testDir = mkdtempSync(join(tmpdir(), "oauth-provider-profiles-test-"));
-
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => ":memory:",
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {

package/src/__tests__/oauth-provider-serializer.test.ts

@@ -0,0 +1,232 @@
+import { describe, expect, test } from "bun:test";
+
+import type { OAuthProviderRow } from "../oauth/oauth-store.js";
+import {
+  serializeProvider,
+  serializeProviderSummary,
+} from "../oauth/provider-serializer.js";
+
+/** Helper to build a minimal valid provider row with sensible defaults. */
+function makeRow(overrides: Partial<OAuthProviderRow> = {}): OAuthProviderRow {
+  const now = Date.now();
+  return {
+    providerKey: "test-provider",
+    authUrl: "https://auth.example.com/authorize",
+    tokenUrl: "https://auth.example.com/token",
+    tokenEndpointAuthMethod: null,
+    userinfoUrl: null,
+    baseUrl: null,
+    defaultScopes: "[]",
+    scopePolicy: "{}",
+    extraParams: null,
+    callbackTransport: null,
+    pingUrl: null,
+    pingMethod: null,
+    pingHeaders: null,
+    pingBody: null,
+    managedServiceConfigKey: null,
+    displayName: null,
+    description: null,
+    dashboardUrl: null,
+    clientIdPlaceholder: null,
+    requiresClientSecret: 1,
+    loopbackPort: null,
+    injectionTemplates: null,
+    appType: null,
+    setupNotes: null,
+    identityUrl: null,
+    identityMethod: null,
+    identityHeaders: null,
+    identityBody: null,
+    identityResponsePaths: null,
+    identityFormat: null,
+    identityOkField: null,
+    createdAt: now,
+    updatedAt: now,
+    ...overrides,
+  };
+}
+
+describe("serializeProvider", () => {
+  test("parses JSON fields correctly", () => {
+    const row = makeRow({
+      defaultScopes: JSON.stringify(["openid", "email"]),
+      scopePolicy: JSON.stringify({ required: ["openid"] }),
+      extraParams: JSON.stringify({ access_type: "offline" }),
+      pingHeaders: JSON.stringify({ "X-Api-Version": "2" }),
+      pingBody: JSON.stringify({ query: "{ me { id } }" }),
+      injectionTemplates: JSON.stringify([
+        {
+          hostPattern: "api.example.com",
+          injectionType: "header",
+          headerName: "Authorization",
+          valuePrefix: "Bearer ",
+        },
+      ]),
+      setupNotes: JSON.stringify(["Enable the API", "Add test users"]),
+      identityHeaders: JSON.stringify({ "Notion-Version": "2022-06-28" }),
+      identityBody: JSON.stringify({ query: "{ viewer { email } }" }),
+      identityResponsePaths: JSON.stringify(["email", "name"]),
+    });
+
+    const result = serializeProvider(row)!;
+
+    expect(result.defaultScopes).toEqual(["openid", "email"]);
+    expect(result.scopePolicy).toEqual({ required: ["openid"] });
+    expect(result.extraParams).toEqual({ access_type: "offline" });
+    expect(result.pingHeaders).toEqual({ "X-Api-Version": "2" });
+    expect(result.pingBody).toEqual({ query: "{ me { id } }" });
+    expect(result.injectionTemplates).toEqual([
+      {
+        hostPattern: "api.example.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ]);
+    expect(result.setupNotes).toEqual(["Enable the API", "Add test users"]);
+    expect(result.identityHeaders).toEqual({ "Notion-Version": "2022-06-28" });
+    expect(result.identityBody).toEqual({ query: "{ viewer { email } }" });
+    expect(result.identityResponsePaths).toEqual(["email", "name"]);
+  });
+
+  test("returns empty defaults for null/missing JSON fields", () => {
+    const row = makeRow();
+    const result = serializeProvider(row)!;
+
+    expect(result.defaultScopes).toEqual([]);
+    expect(result.scopePolicy).toEqual({});
+    expect(result.extraParams).toBeNull();
+    expect(result.pingHeaders).toBeNull();
+    expect(result.pingBody).toBeNull();
+    expect(result.injectionTemplates).toBeNull();
+    expect(result.setupNotes).toBeNull();
+    expect(result.identityHeaders).toBeNull();
+    expect(result.identityBody).toBeNull();
+    expect(result.identityResponsePaths).toBeNull();
+  });
+
+  test("supportsManagedMode is true when managedServiceConfigKey is non-null", () => {
+    const row = makeRow({ managedServiceConfigKey: "google-managed" });
+    const result = serializeProvider(row)!;
+    expect(result.supportsManagedMode).toBe(true);
+  });
+
+  test("supportsManagedMode is false when managedServiceConfigKey is null", () => {
+    const row = makeRow({ managedServiceConfigKey: null });
+    const result = serializeProvider(row)!;
+    expect(result.supportsManagedMode).toBe(false);
+  });
+
+  test("requiresClientSecret defaults to true when value is 1", () => {
+    const row = makeRow({ requiresClientSecret: 1 });
+    const result = serializeProvider(row)!;
+    expect(result.requiresClientSecret).toBe(true);
+  });
+
+  test("requiresClientSecret is false when value is 0", () => {
+    const row = makeRow({ requiresClientSecret: 0 });
+    const result = serializeProvider(row)!;
+    expect(result.requiresClientSecret).toBe(false);
+  });
+
+  test("requiresClientSecret defaults to true when coerced from default integer 1", () => {
+    // The DB column defaults to 1 — verify the serializer treats it as true.
+    const row = makeRow();
+    const result = serializeProvider(row)!;
+    expect(result.requiresClientSecret).toBe(true);
+  });
+
+  test("timestamps are converted to ISO strings", () => {
+    const ts = 1700000000000;
+    const row = makeRow({ createdAt: ts, updatedAt: ts });
+    const result = serializeProvider(row)!;
+
+    expect(result.createdAt).toBe(new Date(ts).toISOString());
+    expect(result.updatedAt).toBe(new Date(ts).toISOString());
+  });
+
+  test("accepts a redirectUri override via options", () => {
+    const row = makeRow();
+    const result = serializeProvider(row, {
+      redirectUri: "http://localhost:8080/oauth/callback",
+    })!;
+    expect(result.redirectUri).toBe("http://localhost:8080/oauth/callback");
+  });
+
+  test("redirectUri defaults to null when no override is provided", () => {
+    const row = makeRow();
+    const result = serializeProvider(row)!;
+    expect(result.redirectUri).toBeNull();
+  });
+
+  test("returns undefined for undefined input", () => {
+    expect(serializeProvider(undefined)).toBeUndefined();
+  });
+
+  test("returns null for null input", () => {
+    expect(serializeProvider(null)).toBeNull();
+  });
+});
+
+describe("serializeProviderSummary", () => {
+  test("returns the expected subset of fields in snake_case", () => {
+    const row = makeRow({
+      providerKey: "google",
+      displayName: "Google",
+      description: "Google OAuth 2.0",
+      dashboardUrl: "https://console.cloud.google.com",
+      clientIdPlaceholder: "your-client-id.apps.googleusercontent.com",
+      requiresClientSecret: 1,
+      managedServiceConfigKey: "google-managed",
+    });
+
+    const result = serializeProviderSummary(row)!;
+
+    expect(result).toEqual({
+      provider_key: "google",
+      display_name: "Google",
+      description: "Google OAuth 2.0",
+      dashboard_url: "https://console.cloud.google.com",
+      client_id_placeholder: "your-client-id.apps.googleusercontent.com",
+      requires_client_secret: true,
+      supports_managed_mode: true,
+    });
+  });
+
+  test("nullifies missing optional fields", () => {
+    const row = makeRow({
+      displayName: null,
+      description: null,
+      dashboardUrl: null,
+      clientIdPlaceholder: null,
+    });
+
+    const result = serializeProviderSummary(row)!;
+
+    expect(result.display_name).toBeNull();
+    expect(result.description).toBeNull();
+    expect(result.dashboard_url).toBeNull();
+    expect(result.client_id_placeholder).toBeNull();
+  });
+
+  test("requires_client_secret is false when value is 0", () => {
+    const row = makeRow({ requiresClientSecret: 0 });
+    const result = serializeProviderSummary(row)!;
+    expect(result.requires_client_secret).toBe(false);
+  });
+
+  test("supports_managed_mode is false when managedServiceConfigKey is null", () => {
+    const row = makeRow({ managedServiceConfigKey: null });
+    const result = serializeProviderSummary(row)!;
+    expect(result.supports_managed_mode).toBe(false);
+  });
+
+  test("returns null for null input", () => {
+    expect(serializeProviderSummary(null)).toBeNull();
+  });
+
+  test("returns null for undefined input", () => {
+    expect(serializeProviderSummary(undefined)).toBeNull();
+  });
+});