@vellumai/assistant 0.5.15 → 0.5.16

package/src/__tests__/tool-execution-abort-cleanup.test.ts

@@ -13,11 +13,11 @@ import {
 } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
-import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
+
 // ── Shared mock setup ────────────────────────────────────────────────────────
 // Config mock must be declared before importing tool modules so that the
 // mock.module calls are hoisted above the dynamic imports.
-import { mock } from "bun:test";
 
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
@@ -75,15 +75,6 @@ mock.module("../tools/network/script-proxy/index.js", () => ({
   getSessionEnv: () => ({}),
 }));
 
-mock.module("../util/platform.js", () => ({
-  getProtectedDir: () => "/tmp/protected",
-  getDataDir: () => "/tmp",
-  getWorkspaceDir: () => "/tmp/workspace",
-  getConversationsDir: () => "/tmp/workspace/conversations",
-  getDbPath: () => "/tmp/assistant.db",
-  ensureDataDir: () => {},
-}));
-
 mock.module("../tools/credentials/resolve.js", () => ({
   resolveCredentialRef: () => null,
 }));

package/src/__tests__/tool-execution-pipeline.benchmark.test.ts

@@ -15,30 +15,14 @@
  * - Secret scanning < 50ms for large outputs (100KB)
  * - ToolExecutor overhead < 20ms regardless of tool execution time
  */
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { afterAll, beforeAll, describe, expect, mock, test } from "bun:test";
 
-const testDir = mkdtempSync(join(tmpdir(), "tool-pipeline-bench-"));
+import { beforeAll, describe, expect, mock, test } from "bun:test";
 
 // Local registry for ToolExecutor tests — the mock delegates to this map
 // so that registerTool/getTool/getAllTools work for our benchmark tools.
 const localRegistry = new Map<string, import("../tools/types.js").Tool>();
 
 // Mocks must precede imports of modules under test.
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-  getHooksDir: () => join(testDir, "hooks"),
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -192,14 +176,6 @@ describe("Tool execution pipeline benchmark", () => {
     }
   });
 
-  afterAll(() => {
-    try {
-      rmSync(testDir, { recursive: true });
-    } catch {
-      // best effort cleanup
-    }
-  });
-
   test("classifyRisk: low-risk tool (file_read) is fast", async () => {
     const { timings } = await benchmarkAsync(
       () => classifyRisk("file_read", { path: "/tmp/test.ts" }, "/tmp"),

package/src/__tests__/tool-executor-lifecycle-events.test.ts

@@ -34,7 +34,6 @@ const mockConfig = {
   },
   permissions: {
     mode: "workspace" as const,
-    dangerouslySkipPermissions: false,
   },
 };
 

package/src/__tests__/tool-executor.test.ts

@@ -52,7 +52,6 @@ const mockConfig = {
   },
   permissions: {
     mode: "workspace" as const,
-    dangerouslySkipPermissions: false,
   },
 };
 

package/src/__tests__/tool-grant-request-escalation.test.ts

@@ -8,23 +8,9 @@
  * 5. Inline wait-and-resume for trusted-contact grant-gated tools
  */
 
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
 
-const testDir = mkdtempSync(join(tmpdir(), "tool-grant-escalation-test-"));
-
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
+const testDir = process.env.VELLUM_WORKSPACE_DIR!;
 
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
@@ -146,11 +132,6 @@ function resetTables(): void {
 
 afterAll(() => {
   resetDb();
-  try {
-    rmSync(testDir, { recursive: true });
-  } catch {
-    /* best effort */
-  }
 });
 
 // ---------------------------------------------------------------------------

package/src/__tests__/tool-preview-lifecycle.test.ts

@@ -8,29 +8,9 @@
  * - handleToolResult includes toolUseId in emitted tool_result
  * - Event ordering: tool_use_preview_start → input_json_delta → tool_use
  */
-import { join } from "node:path";
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
 // ── Mock platform (must precede imports that read it) ─────────────────────────
-mock.module("../util/platform.js", () => ({
-  getSessionTokenPath: () => "/tmp/test-token",
-  getProtectedDir: () => join("/tmp/test", "protected"),
-  getDataDir: () => "/tmp/test",
-  getWorkspaceDir: () => "/tmp/test/workspace",
-  getWorkspaceSkillsDir: () => "/tmp/test/skills",
-  getSandboxWorkingDir: () => "/tmp/test/sandbox",
-  getTCPPort: () => undefined,
-  getTCPHost: () => "127.0.0.1",
-  isTCPEnabled: () => false,
-  isMacOS: () => false,
-  isLinux: () => true,
-  isWindows: () => false,
-  getPidPath: () => "/tmp/test.pid",
-  getLogPath: () => "/tmp/test.log",
-  getDbPath: () => "/tmp/test.db",
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {

package/src/__tests__/trust-store.test.ts

@@ -1,16 +1,9 @@
-import {
-  mkdirSync,
-  mkdtempSync,
-  readFileSync,
-  rmSync,
-  writeFileSync,
-} from "node:fs";
-import { tmpdir } from "node:os";
+import { mkdirSync, readFileSync, rmSync, writeFileSync } from "node:fs";
 import { dirname, join } from "node:path";
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
 // Create a temp directory for the trust file
-const testDir = mkdtempSync(join(tmpdir(), "trust-store-test-"));
+const testDir = process.env.VELLUM_WORKSPACE_DIR!;
 
 // Point the file-based trust backend at the test temp dir so
 // getGatewaySecurityDir() (which checks this env var first) writes
@@ -18,19 +11,6 @@ const testDir = mkdtempSync(join(tmpdir(), "trust-store-test-"));
 process.env.GATEWAY_SECURITY_DIR = join(testDir, "protected");
 
 // Mock platform module so trust-store writes to temp dir instead of ~/.vellum
-mock.module("../util/platform.js", () => ({
-  getProtectedDir: () => join(testDir, "protected"),
-  getWorkspaceDir: () => join(testDir, "workspace"),
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 // Mock logger to suppress output during tests
 mock.module("../util/logger.js", () => ({
   getLogger: () => ({
@@ -744,7 +724,7 @@ describe("Trust Store", () => {
           rule.id === "default:allow-bash-rm-bootstrap" ||
           rule.id === "default:allow-bash-rm-updates"
         ) {
-          expect(rule.scope).toBe(join(testDir, "workspace"));
+          expect(rule.scope).toBe(testDir);
         } else {
           expect(rule.scope).toBe("everywhere");
         }
@@ -917,7 +897,7 @@ describe("Trust Store", () => {
     });
 
     test("bootstrap delete rule matches only when workingDir is the workspace dir", () => {
-      const workspaceDir = join(testDir, "workspace");
+      const workspaceDir = testDir;
       // Should match when workingDir is the workspace directory — the bootstrap
       // rule (priority 100) outranks the global default allow (priority 50).
       const match = findHighestPriorityRule(
@@ -940,7 +920,7 @@ describe("Trust Store", () => {
     });
 
     test("updates delete rule matches only when workingDir is the workspace dir", () => {
-      const workspaceDir = join(testDir, "workspace");
+      const workspaceDir = testDir;
       const match = findHighestPriorityRule(
         "bash",
         ["rm UPDATES.md"],
@@ -1028,7 +1008,7 @@ describe("Trust Store", () => {
       expect(managed!.tool).toBe("file_write");
       expect(managed!.decision).toBe("ask");
       expect(managed!.priority).toBe(50);
-      expect(managed!.pattern).toContain("workspace/skills/**");
+      expect(managed!.pattern).toContain("skills/**");
 
       const bundled = rules.find(
         (r) => r.id === "default:ask-file_write-bundled-skills",
@@ -1048,7 +1028,7 @@ describe("Trust Store", () => {
       expect(managed!.tool).toBe("file_edit");
       expect(managed!.decision).toBe("ask");
       expect(managed!.priority).toBe(50);
-      expect(managed!.pattern).toContain("workspace/skills/**");
+      expect(managed!.pattern).toContain("skills/**");
 
       const bundled = rules.find(
         (r) => r.id === "default:ask-file_edit-bundled-skills",
@@ -1159,13 +1139,7 @@ describe("Trust Store", () => {
     });
 
     test("findHighestPriorityRule matches default ask for file_write on managed skill path", () => {
-      const skillFile = join(
-        testDir,
-        "workspace",
-        "skills",
-        "my-skill",
-        "SKILL.md",
-      );
+      const skillFile = join(testDir, "skills", "my-skill", "SKILL.md");
       const match = findHighestPriorityRule(
         "file_write",
         [`file_write:${skillFile}`],
@@ -1177,13 +1151,7 @@ describe("Trust Store", () => {
     });
 
     test("findHighestPriorityRule matches default ask for file_edit on managed skill path", () => {
-      const skillFile = join(
-        testDir,
-        "workspace",
-        "skills",
-        "my-skill",
-        "tools.ts",
-      );
+      const skillFile = join(testDir, "skills", "my-skill", "tools.ts");
       const match = findHighestPriorityRule(
         "file_edit",
         [`file_edit:${skillFile}`],

package/src/__tests__/trusted-contact-approval-notifier.test.ts

@@ -9,30 +9,9 @@
  * 5. Delivery failures allow retry on next poll
  */
 
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
-
-const testDir = mkdtempSync(join(tmpdir(), "tc-approval-notifier-test-"));
+import { beforeEach, describe, expect, mock, test } from "bun:test";
 
 // ── Platform mock ──
-// eslint-disable-next-line @typescript-eslint/no-require-imports
-const realPlatform = require("../util/platform.js");
-mock.module("../util/platform.js", () => ({
-  ...realPlatform,
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-  normalizeAssistantId: (id: string) =>
-    id === "self" || id === "" ? "self" : id,
-}));
-
 // ── Logger mock ──
 // eslint-disable-next-line @typescript-eslint/no-require-imports
 const realLogger = require("../util/logger.js");
@@ -255,14 +234,6 @@ describe("trusted-contact pending-approval notifier", () => {
     mockGuardianContact = null;
   });
 
-  afterAll(() => {
-    try {
-      rmSync(testDir, { recursive: true });
-    } catch {
-      /* best effort */
-    }
-  });
-
   test("sends waiting message to trusted contact when pending approval exists", async () => {
     mockPendingApprovals = [
       {

package/src/__tests__/trusted-contact-inline-approval-integration.test.ts

@@ -17,29 +17,14 @@
  *   f. Timeout/stale flow: guardian decision after prompt timeout produces deterministic outcome
  */
 
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
 
-const testDir = mkdtempSync(join(tmpdir(), "tc-inline-approval-integration-"));
+const testDir = process.env.VELLUM_WORKSPACE_DIR!;
 
 // ---------------------------------------------------------------------------
 // Mocks — must be set before any production imports
 // ---------------------------------------------------------------------------
 
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDir,
-  getProtectedDir: () => join(testDir, "protected"),
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -205,11 +190,6 @@ function resetTables(): void {
 
 afterAll(() => {
   resetDb();
-  try {
-    rmSync(testDir, { recursive: true });
-  } catch {
-    /* best effort */
-  }
 });
 
 // ---------------------------------------------------------------------------

package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts

@@ -11,29 +11,12 @@
  * 4. activated — when the trusted contact successfully verifies
  * 5. denied — when the guardian denies the request
  */
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
 
 // ---------------------------------------------------------------------------
 // Test isolation: in-memory SQLite via temp directory
 // ---------------------------------------------------------------------------
 
-const testDir = mkdtempSync(join(tmpdir(), "trusted-contact-lifecycle-notif-"));
-
-mock.module("../util/platform.js", () => ({
-  getProtectedDir: () => join(testDir, "protected"),
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -96,11 +79,6 @@ initializeDb();
 
 afterAll(() => {
   resetDb();
-  try {
-    rmSync(testDir, { recursive: true });
-  } catch {
-    /* best effort */
-  }
 });
 
 // ---------------------------------------------------------------------------

package/src/__tests__/trusted-contact-multichannel.test.ts

@@ -6,29 +6,12 @@
  * These tests confirm no channel-specific assumptions leaked into the
  * trusted contact code paths.
  */
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
 
 // ---------------------------------------------------------------------------
 // Test isolation: in-memory SQLite via temp directory
 // ---------------------------------------------------------------------------
 
-const testDir = mkdtempSync(join(tmpdir(), "trusted-contact-multichannel-"));
-
-mock.module("../util/platform.js", () => ({
-  getProtectedDir: () => join(testDir, "protected"),
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -106,11 +89,6 @@ initializeDb();
 
 afterAll(() => {
   resetDb();
-  try {
-    rmSync(testDir, { recursive: true });
-  } catch {
-    /* best effort */
-  }
 });
 
 // ---------------------------------------------------------------------------

package/src/__tests__/trusted-contact-verification.test.ts

@@ -9,29 +9,12 @@
  * 4. Reactivate previously revoked members on re-verification
  * 5. NOT create a guardian binding (trusted contacts are not guardians)
  */
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
 
 // ---------------------------------------------------------------------------
 // Test isolation: in-memory SQLite via temp directory
 // ---------------------------------------------------------------------------
 
-const testDir = mkdtempSync(join(tmpdir(), "trusted-contact-verify-test-"));
-
-mock.module("../util/platform.js", () => ({
-  getProtectedDir: () => join(testDir, "protected"),
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -59,11 +42,6 @@ initializeDb();
 
 afterAll(() => {
   resetDb();
-  try {
-    rmSync(testDir, { recursive: true });
-  } catch {
-    /* best effort */
-  }
 });
 
 // ---------------------------------------------------------------------------

package/src/__tests__/turn-boundary-resolution.test.ts

@@ -1,28 +1,5 @@
-import { mkdtempSync, realpathSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
 
-const testDir = realpathSync(
-  mkdtempSync(join(tmpdir(), "turn-boundary-resolution-test-")),
-);
-const workspaceDir = join(testDir, ".vellum", "workspace");
-const conversationsDir = join(workspaceDir, "conversations");
-
-mock.module("../util/platform.js", () => ({
-  getProtectedDir: () => join(join(testDir, ".vellum"), "protected"),
-  getDataDir: () => join(workspaceDir, "data"),
-  getWorkspaceDir: () => workspaceDir,
-  getConversationsDir: () => conversationsDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -74,11 +51,6 @@ function toolResultContent(toolUseIds: string[]): string {
 
 afterAll(() => {
   resetDb();
-  try {
-    rmSync(testDir, { recursive: true, force: true });
-  } catch {
-    /* best effort */
-  }
 });
 
 describe("getAssistantMessageIdsInTurn", () => {

package/src/__tests__/twilio-provider.test.ts

@@ -3,26 +3,10 @@
  * fail-closed auth token behavior, and caller ID eligibility checks.
  */
 import { createHmac } from "node:crypto";
-import { mkdtempSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 
 import { credentialKey } from "../security/credential-key.js";
 
-const testDir = mkdtempSync(join(tmpdir(), "twilio-provider-test-"));
-
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {

package/src/__tests__/twilio-routes-twiml.test.ts

@@ -175,18 +175,13 @@ describe("generateTwiML with voice quality profile", () => {
 
     expect(twimlMedium).toContain('interruptSensitivity="medium"');
 
-    const twimlHigh = generateTwiML(
-      callSessionId,
-      relayUrl,
-      welcomeGreeting,
-      {
-        language: "en-US",
-        transcriptionProvider: "Deepgram",
-        ttsProvider: "Google",
-        voice: "Google.en-US-Journey-O",
-        interruptSensitivity: "high",
-      },
-    );
+    const twimlHigh = generateTwiML(callSessionId, relayUrl, welcomeGreeting, {
+      language: "en-US",
+      transcriptionProvider: "Deepgram",
+      ttsProvider: "Google",
+      voice: "Google.en-US-Journey-O",
+      interruptSensitivity: "high",
+    });
 
     expect(twimlHigh).toContain('interruptSensitivity="high"');
   });

package/src/__tests__/twilio-routes.test.ts

@@ -12,9 +12,6 @@
  * - Voice webhook TwiML relay URL generation
  * - Handler-level idempotency concurrency (concurrent duplicates, failure-retry)
  */
-import { mkdtempSync, realpathSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import {
   afterAll,
   beforeEach,
@@ -84,22 +81,6 @@ mock.module("../config/env.js", () => ({
   },
 }));
 
-const testDir = realpathSync(
-  mkdtempSync(join(tmpdir(), "twilio-routes-test-")),
-);
-
-mock.module("../util/platform.js", () => ({
-  getProtectedDir: () => join(testDir, "protected"),
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () => ({
     info: () => {},
@@ -442,11 +423,6 @@ describe("twilio webhook routes", () => {
   afterAll(() => {
     globalThis.fetch = originalFetch;
     resetDb();
-    try {
-      rmSync(testDir, { recursive: true, force: true });
-    } catch {
-      /* best effort */
-    }
   });
 
   // ── Callback idempotency / replay tests ───────────────────────────