@vellumai/assistant 0.5.15 → 0.5.16

package/src/__tests__/checker.test.ts

@@ -432,6 +432,12 @@ describe("Permission Checker", () => {
 
     // shell commands - high risk
     describe("shell — high risk", () => {
+      test("assistant trust clear is high risk", async () => {
+        expect(
+          await classifyRisk("bash", { command: "assistant trust clear" }),
+        ).toBe(RiskLevel.High);
+      });
+
       test("sudo is high risk", async () => {
         expect(await classifyRisk("bash", { command: "sudo rm -rf /" })).toBe(
           RiskLevel.High,
@@ -2017,6 +2023,9 @@ describe("Permission Checker", () => {
     function ensureSkillsDir(): void {
       mkdirSync(join(checkerTestDir, "skills"), { recursive: true });
     }
+    function ensureHooksDir(): void {
+      mkdirSync(join(checkerTestDir, "hooks"), { recursive: true });
+    }
 
     test("file_write to skill directory is High risk", async () => {
       ensureSkillsDir();
@@ -2147,6 +2156,56 @@ describe("Permission Checker", () => {
       expect(risk).toBe(RiskLevel.Low);
     });
 
+    test("file_write to hooks directory is High risk", async () => {
+      ensureHooksDir();
+      const hookPath = join(
+        checkerTestDir,
+        "hooks",
+        "post-tool-use",
+        "hook.sh",
+      );
+      const risk = await classifyRisk("file_write", { path: hookPath });
+      expect(risk).toBe(RiskLevel.High);
+    });
+
+    test("file_edit of hooks config is High risk", async () => {
+      ensureHooksDir();
+      const configPath = join(checkerTestDir, "hooks", "config.json");
+      const risk = await classifyRisk("file_edit", { path: configPath });
+      expect(risk).toBe(RiskLevel.High);
+    });
+
+    test("file_write to hooks directory prompts as High risk", async () => {
+      ensureHooksDir();
+      const hookPath = join(
+        checkerTestDir,
+        "hooks",
+        "post-tool-use",
+        "hook.sh",
+      );
+      const result = await check("file_write", { path: hookPath }, "/tmp");
+      expect(result.decision).toBe("prompt");
+    });
+
+    test("host_file_write to hooks directory is High risk", async () => {
+      ensureHooksDir();
+      const hookPath = join(
+        checkerTestDir,
+        "hooks",
+        "post-tool-use",
+        "hook.sh",
+      );
+      const risk = await classifyRisk("host_file_write", { path: hookPath });
+      expect(risk).toBe(RiskLevel.High);
+    });
+
+    test("host_file_edit of hooks config is High risk", async () => {
+      ensureHooksDir();
+      const configPath = join(checkerTestDir, "hooks", "config.json");
+      const risk = await classifyRisk("host_file_edit", { path: configPath });
+      expect(risk).toBe(RiskLevel.High);
+    });
+
     test("host_file_write to non-skill path remains Medium risk (via registry)", async () => {
       const normalPath = "/tmp/some-file.txt";
       const risk = await classifyRisk("host_file_write", { path: normalPath });

package/src/__tests__/cli-command-risk-guard.test.ts

@@ -157,27 +157,55 @@ describe("CLI command risk guard: elevated assistant subcommands", () => {
     expect(risk).toBe(RiskLevel.Medium);
   });
 
-  test("--help on elevated subcommands is Low risk (read-only)", async () => {
-    const helpCommands = [
+  test("--help on non-elevated subcommands remains Low risk", async () => {
+    // GIVEN non-elevated subcommands with --help / -h flags
+    const lowRiskWithHelp = [
+      "assistant oauth --help",
+      "assistant credentials --help",
+      "assistant trust -h",
+      "assistant keys --help",
+      "assistant config --help",
+    ];
+
+    // WHEN classifying risk
+    // THEN they remain Low since the subcommand itself is Low
+    for (const command of lowRiskWithHelp) {
+      const risk = await classifyRisk("bash", { command });
+      expectLowRisk(command, risk);
+    }
+  });
+
+  test("--help does not downgrade risk on elevated subcommands", async () => {
+    // GIVEN elevated subcommands with --help / -h flags appended
+    const highRiskWithHelp = [
       "assistant oauth token --help",
       "assistant oauth mode --set --help",
       "assistant credentials reveal --help",
+      "assistant trust clear --help",
+      "assistant trust remove -h",
+      "assistant credentials set --help",
+      "assistant credentials delete -h",
+      "assistant keys set --help",
+      "assistant keys delete -h",
+    ];
+
+    const mediumRiskWithHelp = [
       "assistant oauth request --help",
       "assistant oauth connect --help",
       "assistant oauth disconnect -h",
     ];
 
-    for (const command of helpCommands) {
+    // WHEN classifying risk
+    // THEN --help does not bypass the elevated risk level
+    for (const command of highRiskWithHelp) {
       const risk = await classifyRisk("bash", { command });
-      expectLowRisk(command, risk);
+      expect(risk).toBe(RiskLevel.High);
     }
-  });
 
-  test("--help after -- option terminator does not downgrade risk", async () => {
-    const risk = await classifyRisk("bash", {
-      command: "assistant oauth token -- --help",
-    });
-    expect(risk).toBe(RiskLevel.High);
+    for (const command of mediumRiskWithHelp) {
+      const risk = await classifyRisk("bash", { command });
+      expect(risk).toBe(RiskLevel.Medium);
+    }
   });
 
   test("non-sensitive oauth subcommands remain Low risk", async () => {
@@ -205,6 +233,66 @@ describe("CLI command risk guard: elevated assistant subcommands", () => {
       expectLowRisk(command, risk);
     }
   });
+
+  test("assistant credentials set is High risk (modifies stored credentials)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant credentials set",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("assistant credentials delete is High risk (removes stored credentials)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant credentials delete",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("assistant keys set is High risk (modifies API keys)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant keys set anthropic sk-ant-xxx",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("assistant keys delete is High risk (removes API keys)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant keys delete openai",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("non-sensitive keys subcommands remain Low risk", async () => {
+    const lowRiskKeysCommands = ["assistant keys", "assistant keys list"];
+
+    for (const command of lowRiskKeysCommands) {
+      const risk = await classifyRisk("bash", { command });
+      expectLowRisk(command, risk);
+    }
+  });
+
+  test("assistant trust remove is High risk (removes trust rules)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant trust remove abc123",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("assistant trust clear is High risk (clears all trust rules)", async () => {
+    const risk = await classifyRisk("bash", {
+      command: "assistant trust clear",
+    });
+    expect(risk).toBe(RiskLevel.High);
+  });
+
+  test("non-sensitive trust subcommands remain Low risk", async () => {
+    const lowRiskTrustCommands = ["assistant trust", "assistant trust list"];
+
+    for (const command of lowRiskTrustCommands) {
+      const risk = await classifyRisk("bash", { command });
+      expectLowRisk(command, risk);
+    }
+  });
 });
 
 describe("CLI command risk guard: wrapper program propagation", () => {

package/src/__tests__/cli-memory.test.ts

@@ -0,0 +1,372 @@
+import { rmSync } from "node:fs";
+import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
+
+import { Command } from "commander";
+import { eq } from "drizzle-orm";
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+mock.module("../memory/qdrant-client.js", () => ({
+  getQdrantClient: () => ({
+    searchWithFilter: async () => [],
+    hybridSearch: async () => [],
+    upsertPoints: async () => {},
+    deletePoints: async () => {},
+  }),
+  initQdrantClient: () => {},
+}));
+
+// Controllable mock for buildCliProgram
+let mockCommands: { name: string; description: string }[] = [];
+
+function makeMockProgram(): Command {
+  const program = new Command();
+  for (const cmd of mockCommands) {
+    program.command(cmd.name).description(cmd.description);
+  }
+  return program;
+}
+
+mock.module("../cli/program.js", () => ({
+  buildCliProgram: () => makeMockProgram(),
+}));
+
+import { DEFAULT_CONFIG } from "../config/defaults.js";
+
+const TEST_CONFIG = {
+  ...DEFAULT_CONFIG,
+  memory: {
+    ...DEFAULT_CONFIG.memory,
+    enabled: true,
+    extraction: {
+      ...DEFAULT_CONFIG.memory.extraction,
+      useLLM: false,
+    },
+  },
+};
+
+mock.module("../config/loader.js", () => ({
+  loadConfig: () => TEST_CONFIG,
+  getConfig: () => TEST_CONFIG,
+  loadRawConfig: () => ({}),
+  saveRawConfig: () => {},
+  invalidateConfigCache: () => {},
+}));
+
+import {
+  buildCliCapabilityStatement,
+  seedCliCommandMemories,
+  upsertCliCapabilityMemory,
+} from "../cli/cli-memory.js";
+import { getDb, initializeDb, resetDb } from "../memory/db.js";
+import { memoryItems, memoryJobs } from "../memory/schema.js";
+import { ensureDataDir, getDbPath } from "../util/platform.js";
+
+ensureDataDir();
+initializeDb();
+
+afterAll(() => {
+  resetDb();
+});
+
+function resetTables() {
+  const db = getDb();
+  db.run("DELETE FROM memory_item_sources");
+  db.run("DELETE FROM memory_embeddings");
+  db.run("DELETE FROM memory_items");
+  db.run("DELETE FROM memory_jobs");
+}
+
+// ─── buildCliCapabilityStatement ────────────────────────────────────────────
+
+describe("buildCliCapabilityStatement", () => {
+  test("includes 'assistant' prefix, name, and description", () => {
+    const result = buildCliCapabilityStatement("doctor", "Run diagnostic checks");
+    expect(result).toContain('"assistant doctor"');
+    expect(result).toContain("Run diagnostic checks");
+  });
+
+  test("truncates long statements to 500 chars", () => {
+    const longDesc = "x".repeat(600);
+    const result = buildCliCapabilityStatement("test", longDesc);
+    expect(result.length).toBe(500);
+  });
+});
+
+// ─── upsertCliCapabilityMemory ──────────────────────────────────────────────
+
+describe("upsertCliCapabilityMemory", () => {
+  beforeEach(resetTables);
+
+  test("inserts with correct kind, subject, confidence, importance", () => {
+    upsertCliCapabilityMemory("doctor", "Run diagnostic checks");
+
+    const db = getDb();
+    const items = db.select().from(memoryItems).all();
+    expect(items).toHaveLength(1);
+    expect(items[0].kind).toBe("capability");
+    expect(items[0].subject).toBe("cli:doctor");
+    expect(items[0].confidence).toBe(1.0);
+    expect(items[0].importance).toBe(0.7);
+    expect(items[0].status).toBe("active");
+    expect(items[0].scopeId).toBe("default");
+
+    // Should also enqueue an embed_item job
+    const jobs = db.select().from(memoryJobs).all();
+    expect(jobs).toHaveLength(1);
+    expect(jobs[0].type).toBe("embed_item");
+  });
+
+  test("is idempotent (same entry only touches lastSeenAt)", () => {
+    upsertCliCapabilityMemory("doctor", "Run diagnostic checks");
+
+    const db = getDb();
+    const before = db.select().from(memoryItems).all();
+    expect(before).toHaveLength(1);
+    const originalLastSeen = before[0].lastSeenAt;
+
+    // Upsert again
+    upsertCliCapabilityMemory("doctor", "Run diagnostic checks");
+
+    const after = db.select().from(memoryItems).all();
+    expect(after).toHaveLength(1);
+    // Fingerprint should be the same, so only lastSeenAt changes
+    expect(after[0].fingerprint).toBe(before[0].fingerprint);
+    expect(after[0].lastSeenAt).toBeGreaterThanOrEqual(originalLastSeen);
+
+    // Should NOT enqueue a second embed job (only 1 from initial insert)
+    const jobs = db.select().from(memoryJobs).all();
+    expect(jobs).toHaveLength(1);
+  });
+
+  test("updates statement when description changes", () => {
+    upsertCliCapabilityMemory("doctor", "Original description");
+
+    const db = getDb();
+    const before = db.select().from(memoryItems).all();
+    expect(before).toHaveLength(1);
+    expect(before[0].statement).toContain("Original description");
+
+    // Change description
+    upsertCliCapabilityMemory("doctor", "Updated description");
+
+    const after = db.select().from(memoryItems).all();
+    expect(after).toHaveLength(1);
+    expect(after[0].statement).toContain("Updated description");
+    expect(after[0].fingerprint).not.toBe(before[0].fingerprint);
+
+    // Should enqueue a second embed job
+    const jobs = db.select().from(memoryJobs).all();
+    expect(jobs).toHaveLength(2);
+  });
+
+  test("reactivates soft-deleted items", () => {
+    upsertCliCapabilityMemory("doctor", "Run diagnostic checks");
+
+    const db = getDb();
+    // Soft-delete the item
+    db.update(memoryItems)
+      .set({ status: "deleted" })
+      .where(eq(memoryItems.subject, "cli:doctor"))
+      .run();
+
+    const deleted = db.select().from(memoryItems).all();
+    expect(deleted[0].status).toBe("deleted");
+
+    // Clear jobs from initial insert
+    db.run("DELETE FROM memory_jobs");
+
+    // Upsert again — should reactivate
+    upsertCliCapabilityMemory("doctor", "Run diagnostic checks");
+
+    const reactivated = db.select().from(memoryItems).all();
+    expect(reactivated).toHaveLength(1);
+    expect(reactivated[0].status).toBe("active");
+
+    // Should enqueue embed job for reactivated item
+    const jobs = db.select().from(memoryJobs).all();
+    expect(jobs).toHaveLength(1);
+    expect(jobs[0].type).toBe("embed_item");
+  });
+
+  test("does not throw on DB error", () => {
+    resetDb();
+    const db = getDb();
+    db.run("DROP TABLE IF EXISTS memory_items");
+
+    expect(() => {
+      upsertCliCapabilityMemory("doctor", "Run diagnostic checks");
+    }).not.toThrow();
+
+    // Restore DB state for subsequent tests.
+    resetDb();
+    const dbPath = getDbPath();
+    for (const ext of ["", "-wal", "-shm"]) {
+      rmSync(`${dbPath}${ext}`, { force: true });
+    }
+    initializeDb();
+  });
+});
+
+// ─── seedCliCommandMemories ─────────────────────────────────────────────────
+
+describe("seedCliCommandMemories", () => {
+  beforeEach(() => {
+    resetTables();
+    // Reset mock commands
+    mockCommands = [];
+  });
+
+  test("upserts capability memories for all commands", () => {
+    mockCommands = [
+      { name: "doctor", description: "Run diagnostic checks" },
+      { name: "config", description: "Manage configuration" },
+      { name: "keys", description: "Manage API keys" },
+    ];
+
+    seedCliCommandMemories();
+
+    const db = getDb();
+    const items = db
+      .select()
+      .from(memoryItems)
+      .where(eq(memoryItems.kind, "capability"))
+      .all();
+    expect(items).toHaveLength(3);
+
+    const subjects = items.map((i) => i.subject).sort();
+    expect(subjects).toEqual([
+      "cli:config",
+      "cli:doctor",
+      "cli:keys",
+    ]);
+
+    // All should be active
+    for (const item of items) {
+      expect(item.status).toBe("active");
+    }
+  });
+
+  test("prunes stale capabilities for commands no longer registered", () => {
+    // First seed with three commands
+    mockCommands = [
+      { name: "doctor", description: "Run diagnostic checks" },
+      { name: "config", description: "Manage configuration" },
+      { name: "keys", description: "Manage API keys" },
+    ];
+    seedCliCommandMemories();
+
+    const db = getDb();
+    const beforeItems = db
+      .select()
+      .from(memoryItems)
+      .where(eq(memoryItems.kind, "capability"))
+      .all();
+    expect(beforeItems).toHaveLength(3);
+    expect(beforeItems.every((i) => i.status === "active")).toBe(true);
+
+    // Now seed with only doctor — config and keys should be pruned
+    mockCommands = [
+      { name: "doctor", description: "Run diagnostic checks" },
+    ];
+    seedCliCommandMemories();
+
+    const afterItems = db
+      .select()
+      .from(memoryItems)
+      .where(eq(memoryItems.kind, "capability"))
+      .all();
+    expect(afterItems).toHaveLength(3); // still 3 rows, but 2 are soft-deleted
+
+    const active = afterItems.filter((i) => i.status === "active");
+    const deleted = afterItems.filter((i) => i.status === "deleted");
+
+    expect(active).toHaveLength(1);
+    expect(active[0].subject).toBe("cli:doctor");
+
+    expect(deleted).toHaveLength(2);
+    const deletedSubjects = deleted.map((i) => i.subject).sort();
+    expect(deletedSubjects).toEqual(["cli:config", "cli:keys"]);
+  });
+
+  test("handles empty command list without errors", () => {
+    // Pre-populate a CLI command so we can verify it gets pruned
+    upsertCliCapabilityMemory("old-command", "An old command");
+
+    const db = getDb();
+    const beforeItems = db.select().from(memoryItems).all();
+    expect(beforeItems).toHaveLength(1);
+    expect(beforeItems[0].status).toBe("active");
+
+    // Seed with empty commands
+    mockCommands = [];
+    seedCliCommandMemories();
+
+    // The existing command should be pruned (soft-deleted)
+    const afterItems = db.select().from(memoryItems).all();
+    expect(afterItems).toHaveLength(1);
+    expect(afterItems[0].status).toBe("deleted");
+  });
+
+  test("does not prune non-cli capability memories", () => {
+    // Pre-insert a skill capability memory directly into the DB
+    const db = getDb();
+    const now = Date.now();
+    db.insert(memoryItems)
+      .values({
+        id: "skill-test-item",
+        kind: "capability",
+        subject: "skill:test-skill",
+        statement: "The test skill does things.",
+        status: "active",
+        confidence: 1.0,
+        importance: 0.7,
+        fingerprint: "skill-test-fp",
+        sourceType: "extraction",
+        scopeId: "default",
+        firstSeenAt: now,
+        lastSeenAt: now,
+      })
+      .run();
+
+    // Seed with empty commands — CLI pruner runs but should skip skill:* items
+    mockCommands = [];
+    seedCliCommandMemories();
+
+    const item = db
+      .select()
+      .from(memoryItems)
+      .where(eq(memoryItems.subject, "skill:test-skill"))
+      .get();
+    expect(item).toBeDefined();
+    expect(item!.status).toBe("active");
+  });
+
+  test("does not throw on error", () => {
+    mockCommands = [
+      { name: "doctor", description: "Run diagnostic checks" },
+    ];
+
+    // Drop memory_items to force a DB error during the prune phase
+    resetDb();
+    const db = getDb();
+    db.run("DROP TABLE IF EXISTS memory_items");
+
+    expect(() => {
+      seedCliCommandMemories();
+    }).not.toThrow();
+
+    // Restore DB state for subsequent tests.
+    resetDb();
+    const dbPath = getDbPath();
+    for (const ext of ["", "-wal", "-shm"]) {
+      rmSync(`${dbPath}${ext}`, { force: true });
+    }
+    initializeDb();
+  });
+});

package/src/__tests__/computer-use-skill-manifest-regression.test.ts

@@ -52,9 +52,19 @@ describe("computer-use skill manifest regression", () => {
     }
   });
 
-  test("all manifest tools have risk: low", () => {
+  test("read-only tools have risk: low, side-effect tools have risk: medium", () => {
+    const readOnlyTools = new Set([
+      "computer_use_observe",
+      "computer_use_wait",
+      "computer_use_done",
+      "computer_use_respond",
+    ]);
     for (const tool of manifest.tools) {
-      expect(tool.risk).toBe("low");
+      if (readOnlyTools.has(tool.name)) {
+        expect(tool.risk).toBe("low");
+      } else {
+        expect(tool.risk).toBe("medium");
+      }
     }
   });
 

package/src/__tests__/config-schema.test.ts

@@ -421,7 +421,6 @@ describe("AssistantConfigSchema", () => {
     const result = AssistantConfigSchema.parse({});
     expect(result.permissions).toEqual({
       mode: "workspace",
-      dangerouslySkipPermissions: false,
     });
   });
 
@@ -1129,7 +1128,6 @@ describe("loadConfig with schema validation", () => {
     const config = loadConfig();
     expect(config.permissions).toEqual({
       mode: "workspace",
-      dangerouslySkipPermissions: false,
     });
   });