@vellumai/assistant 0.5.15 → 0.6.0

package/src/__tests__/task-scheduler.test.ts

@@ -1,20 +1,4 @@
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
-
-const testDir = mkdtempSync(join(tmpdir(), "task-scheduler-test-"));
-
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
+import { beforeEach, describe, expect, mock, test } from "bun:test";
 
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
@@ -23,7 +7,7 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-import { getDb, initializeDb, resetDb } from "../memory/db.js";
+import { getDb, initializeDb } from "../memory/db.js";
 import {
   createSchedule,
   getSchedule,
@@ -49,15 +33,6 @@ function forceScheduleDue(scheduleId: string): void {
   ]);
 }
 
-afterAll(() => {
-  resetDb();
-  try {
-    rmSync(testDir, { recursive: true });
-  } catch {
-    /* best effort */
-  }
-});
-
 // ── scheduleTask helper ─────────────────────────────────────────────
 
 describe("scheduleTask", () => {

package/src/__tests__/terminal-tools.test.ts

@@ -1,6 +1,3 @@
-import { mkdtempSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
 import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 
 import type { ShellOutputResult } from "../tools/shared/shell-output.js";
@@ -16,20 +13,7 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-const testTmpDir = mkdtempSync(join(tmpdir(), "terminal-test-"));
-
-mock.module("../util/platform.js", () => ({
-  getProtectedDir: () => join(testTmpDir, "protected"),
-  getDataDir: () => join(testTmpDir, "data"),
-  getSandboxWorkingDir: () => join(testTmpDir, "sandbox"),
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testTmpDir, "test.pid"),
-  getDbPath: () => join(testTmpDir, "test.db"),
-  getLogPath: () => join(testTmpDir, "test.log"),
-  ensureDataDir: () => {},
-}));
+const testTmpDir = process.env.VELLUM_WORKSPACE_DIR!;
 
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({

package/src/__tests__/test-preload.ts

@@ -16,12 +16,15 @@ import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { afterAll } from "bun:test";
 
+import { resetDb } from "../memory/db-connection.js";
+
 const testDir = realpathSync(
   mkdtempSync(join(tmpdir(), "vellum-test-workspace-")),
 );
 process.env.VELLUM_WORKSPACE_DIR = testDir;
 
 afterAll(() => {
+  resetDb();
   delete process.env.VELLUM_WORKSPACE_DIR;
   try {
     rmSync(testDir, { recursive: true, force: true });

package/src/__tests__/token-estimator-accuracy.benchmark.test.ts

@@ -216,85 +216,6 @@ function makeSystemPrompt(size: "small" | "production" = "small"): string {
     "Each MCP server entry requires: name, command, args, and optional env.",
   );
 
-  // Dynamic skills catalog (~5K chars)
-  sections.push("", "## Available Skills", "<available_skills>");
-  const skillCategories = [
-    {
-      id: "gmail",
-      name: "Gmail",
-      desc: "Send, search, draft, and manage Gmail messages",
-    },
-    {
-      id: "calendar",
-      name: "Google Calendar",
-      desc: "Create, list, update, and delete calendar events",
-    },
-    {
-      id: "slack",
-      name: "Slack",
-      desc: "Send messages, search channels, manage threads",
-    },
-    { id: "contacts", name: "Contacts", desc: "Search and manage contacts" },
-    {
-      id: "tasks",
-      name: "Tasks",
-      desc: "Create, list, update, and complete tasks",
-    },
-    {
-      id: "browser",
-      name: "Browser",
-      desc: "Navigate web pages, take screenshots, interact with web content",
-    },
-    {
-      id: "schedule",
-      name: "Schedule",
-      desc: "Set reminders and schedule recurring tasks",
-    },
-    {
-      id: "messaging",
-      name: "Messaging",
-      desc: "Send iMessage and SMS messages",
-    },
-    {
-      id: "sequences",
-      name: "Sequences",
-      desc: "Create and manage multi-step automation workflows",
-    },
-    {
-      id: "playbooks",
-      name: "Playbooks",
-      desc: "Execute pre-defined operational playbooks",
-    },
-    {
-      id: "notes",
-      name: "Notes",
-      desc: "Create and manage notes in Apple Notes",
-    },
-    { id: "music", name: "Music", desc: "Control Apple Music playback" },
-    {
-      id: "photos",
-      name: "Photos",
-      desc: "Search and manage photos in Apple Photos",
-    },
-    {
-      id: "maps",
-      name: "Maps",
-      desc: "Search locations, get directions, find nearby places",
-    },
-    {
-      id: "weather",
-      name: "Weather",
-      desc: "Get current weather and forecasts",
-    },
-  ];
-  for (const skill of skillCategories) {
-    sections.push(
-      `  <skill id="${skill.id}" name="${skill.name}" description="${skill.desc}" ` +
-        `credential_setup="oauth" enabled="true" />`,
-    );
-  }
-  sections.push("</available_skills>");
-
   // Attachment handling (~1K chars)
   sections.push(
     "",

package/src/__tests__/tool-approval-handler.test.ts

@@ -1,20 +1,6 @@
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
-
-const testDir = mkdtempSync(join(tmpdir(), "tool-approval-handler-test-"));
-
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+const testDir = process.env.VELLUM_WORKSPACE_DIR!;
 
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
@@ -57,7 +43,7 @@ import {
   mintGrantFromDecision,
   type MintGrantParams,
 } from "../approvals/approval-primitive.js";
-import { getDb, initializeDb, resetDb } from "../memory/db.js";
+import { getDb, initializeDb } from "../memory/db.js";
 import { scopedApprovalGrants } from "../memory/schema.js";
 import { computeToolApprovalDigest } from "../security/tool-approval-digest.js";
 import { ToolApprovalHandler } from "../tools/tool-approval-handler.js";
@@ -70,15 +56,6 @@ function clearTables(): void {
   db.delete(scopedApprovalGrants).run();
 }
 
-afterAll(() => {
-  resetDb();
-  try {
-    rmSync(testDir, { recursive: true });
-  } catch {
-    /* best effort */
-  }
-});
-
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------

package/src/__tests__/tool-execution-abort-cleanup.test.ts

@@ -13,11 +13,11 @@ import {
 } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
-import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
+
 // ── Shared mock setup ────────────────────────────────────────────────────────
 // Config mock must be declared before importing tool modules so that the
 // mock.module calls are hoisted above the dynamic imports.
-import { mock } from "bun:test";
 
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
@@ -75,15 +75,6 @@ mock.module("../tools/network/script-proxy/index.js", () => ({
   getSessionEnv: () => ({}),
 }));
 
-mock.module("../util/platform.js", () => ({
-  getProtectedDir: () => "/tmp/protected",
-  getDataDir: () => "/tmp",
-  getWorkspaceDir: () => "/tmp/workspace",
-  getConversationsDir: () => "/tmp/workspace/conversations",
-  getDbPath: () => "/tmp/assistant.db",
-  ensureDataDir: () => {},
-}));
-
 mock.module("../tools/credentials/resolve.js", () => ({
   resolveCredentialRef: () => null,
 }));

package/src/__tests__/tool-execution-pipeline.benchmark.test.ts

@@ -15,30 +15,14 @@
  * - Secret scanning < 50ms for large outputs (100KB)
  * - ToolExecutor overhead < 20ms regardless of tool execution time
  */
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { afterAll, beforeAll, describe, expect, mock, test } from "bun:test";
 
-const testDir = mkdtempSync(join(tmpdir(), "tool-pipeline-bench-"));
+import { beforeAll, describe, expect, mock, test } from "bun:test";
 
 // Local registry for ToolExecutor tests — the mock delegates to this map
 // so that registerTool/getTool/getAllTools work for our benchmark tools.
 const localRegistry = new Map<string, import("../tools/types.js").Tool>();
 
 // Mocks must precede imports of modules under test.
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-  getHooksDir: () => join(testDir, "hooks"),
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {
@@ -192,14 +176,6 @@ describe("Tool execution pipeline benchmark", () => {
     }
   });
 
-  afterAll(() => {
-    try {
-      rmSync(testDir, { recursive: true });
-    } catch {
-      // best effort cleanup
-    }
-  });
-
   test("classifyRisk: low-risk tool (file_read) is fast", async () => {
     const { timings } = await benchmarkAsync(
       () => classifyRisk("file_read", { path: "/tmp/test.ts" }, "/tmp"),

package/src/__tests__/tool-executor-lifecycle-events.test.ts

@@ -34,7 +34,6 @@ const mockConfig = {
   },
   permissions: {
     mode: "workspace" as const,
-    dangerouslySkipPermissions: false,
   },
 };
 

package/src/__tests__/tool-executor.test.ts

@@ -52,7 +52,6 @@ const mockConfig = {
   },
   permissions: {
     mode: "workspace" as const,
-    dangerouslySkipPermissions: false,
   },
 };
 

package/src/__tests__/tool-grant-request-escalation.test.ts

@@ -8,23 +8,9 @@
  * 5. Inline wait-and-resume for trusted-contact grant-gated tools
  */
 
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
-
-const testDir = mkdtempSync(join(tmpdir(), "tool-grant-escalation-test-"));
-
-mock.module("../util/platform.js", () => ({
-  getDataDir: () => testDir,
-  isMacOS: () => process.platform === "darwin",
-  isLinux: () => process.platform === "linux",
-  isWindows: () => process.platform === "win32",
-  getPidPath: () => join(testDir, "test.pid"),
-  getDbPath: () => join(testDir, "test.db"),
-  getLogPath: () => join(testDir, "test.log"),
-  ensureDataDir: () => {},
-}));
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+const testDir = process.env.VELLUM_WORKSPACE_DIR!;
 
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
@@ -123,7 +109,7 @@ import {
   getCanonicalGuardianRequest,
   listCanonicalGuardianRequests,
 } from "../memory/canonical-guardian-store.js";
-import { getDb, initializeDb, resetDb } from "../memory/db.js";
+import { getDb, initializeDb } from "../memory/db.js";
 import { scopedApprovalGrants } from "../memory/schema.js";
 import { computeToolApprovalDigest } from "../security/tool-approval-digest.js";
 import {
@@ -144,15 +130,6 @@ function resetTables(): void {
   db.run("DELETE FROM canonical_guardian_requests");
 }
 
-afterAll(() => {
-  resetDb();
-  try {
-    rmSync(testDir, { recursive: true });
-  } catch {
-    /* best effort */
-  }
-});
-
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------

package/src/__tests__/tool-preview-lifecycle.test.ts

@@ -8,29 +8,9 @@
  * - handleToolResult includes toolUseId in emitted tool_result
  * - Event ordering: tool_use_preview_start → input_json_delta → tool_use
  */
-import { join } from "node:path";
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
 // ── Mock platform (must precede imports that read it) ─────────────────────────
-mock.module("../util/platform.js", () => ({
-  getSessionTokenPath: () => "/tmp/test-token",
-  getProtectedDir: () => join("/tmp/test", "protected"),
-  getDataDir: () => "/tmp/test",
-  getWorkspaceDir: () => "/tmp/test/workspace",
-  getWorkspaceSkillsDir: () => "/tmp/test/skills",
-  getSandboxWorkingDir: () => "/tmp/test/sandbox",
-  getTCPPort: () => undefined,
-  getTCPHost: () => "127.0.0.1",
-  isTCPEnabled: () => false,
-  isMacOS: () => false,
-  isLinux: () => true,
-  isWindows: () => false,
-  getPidPath: () => "/tmp/test.pid",
-  getLogPath: () => "/tmp/test.log",
-  getDbPath: () => "/tmp/test.db",
-  ensureDataDir: () => {},
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () =>
     new Proxy({} as Record<string, unknown>, {

package/src/__tests__/tool-side-effects-slack-dm.test.ts

@@ -0,0 +1,276 @@
+/**
+ * Tests for the bash post-execution hook that dispatches Slack DMs
+ * for channel verification sessions. Validates that the hook only
+ * delivers when an active session exists with a matching destination.
+ */
+
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+// ---------------------------------------------------------------------------
+// Mocks — must be set up before importing the module under test
+// ---------------------------------------------------------------------------
+
+const mockFindActiveSession = mock(() => null as unknown);
+mock.module("../runtime/channel-verification-service.js", () => ({
+  findActiveSession: mockFindActiveSession,
+}));
+
+const mockDeliverVerificationSlack = mock(() => {});
+mock.module("../runtime/verification-outbound-actions.js", () => ({
+  deliverVerificationSlack: mockDeliverVerificationSlack,
+}));
+
+// Stub out transitive dependencies to prevent import errors
+mock.module("../bundler/app-compiler.js", () => ({
+  compileApp: mock(() => Promise.resolve({ ok: true })),
+}));
+mock.module("../media/app-icon-generator.js", () => ({
+  generateAppIcon: mock(() => Promise.resolve()),
+}));
+mock.module("../memory/app-store.js", () => ({
+  getApp: mock(() => null),
+  getAppDirPath: mock(() => ""),
+  isMultifileApp: mock(() => false),
+}));
+mock.module("../services/published-app-updater.js", () => ({
+  updatePublishedAppDeployment: mock(() => Promise.resolve()),
+}));
+mock.module("../daemon/conversation-surfaces.js", () => ({
+  refreshSurfacesForApp: mock(() => {}),
+}));
+mock.module("../daemon/doordash-steps.js", () => ({
+  isDoordashCommand: mock(() => false),
+  updateDoordashProgress: mock(() => {}),
+}));
+
+const mockLogWarn = mock((_obj: unknown, _msg: string) => {});
+const mockLogInfo = mock((_obj: unknown, _msg: string) => {});
+const mockLogError = mock((_obj: unknown, _msg: string) => {});
+mock.module("../util/logger.js", () => ({
+  getLogger: () => ({
+    warn: mockLogWarn,
+    info: mockLogInfo,
+    error: mockLogError,
+    debug: () => {},
+    trace: () => {},
+  }),
+}));
+
+// ---------------------------------------------------------------------------
+// Import after mocks — dynamic import ensures mock.module() calls above
+// are registered before tool-side-effects.ts evaluates its top-level
+// `const log = getLogger(...)`.
+// ---------------------------------------------------------------------------
+
+import type { SideEffectContext } from "../daemon/tool-side-effects.js";
+
+const { runPostExecutionSideEffects } =
+  await import("../daemon/tool-side-effects.js");
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+const dummySideEffectCtx = {
+  ctx: {} as SideEffectContext["ctx"],
+} satisfies SideEffectContext;
+
+function callWithBashHook(
+  command: string,
+  content: string,
+  isError = false,
+): void {
+  runPostExecutionSideEffects(
+    "bash",
+    { command },
+    { content, isError },
+    dummySideEffectCtx,
+  );
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("bash hook — Slack DM dispatch with session validation", () => {
+  beforeEach(() => {
+    mockFindActiveSession.mockReset();
+    mockDeliverVerificationSlack.mockReset();
+    mockLogWarn.mockReset();
+    mockLogInfo.mockReset();
+    mockLogError.mockReset();
+  });
+
+  test("legitimate verification dispatches DM", () => {
+    mockFindActiveSession.mockReturnValue({
+      destinationAddress: "U123",
+      status: "awaiting_response",
+    });
+
+    const output = JSON.stringify({
+      _pendingSlackDm: {
+        userId: "U123",
+        text: "code",
+        assistantId: "aid",
+      },
+    });
+
+    callWithBashHook(
+      "assistant channel-verification-sessions create ...",
+      output,
+    );
+
+    expect(mockDeliverVerificationSlack).toHaveBeenCalledTimes(1);
+    expect(mockDeliverVerificationSlack).toHaveBeenCalledWith(
+      "U123",
+      "code",
+      "aid",
+    );
+  });
+
+  test("no active session — DM not dispatched", () => {
+    mockFindActiveSession.mockReturnValue(null);
+
+    const output = JSON.stringify({
+      _pendingSlackDm: {
+        userId: "U123",
+        text: "code",
+        assistantId: "aid",
+      },
+    });
+
+    callWithBashHook(
+      "assistant channel-verification-sessions create ...",
+      output,
+    );
+
+    expect(mockDeliverVerificationSlack).not.toHaveBeenCalled();
+    expect(mockLogWarn).toHaveBeenCalledWith(
+      expect.objectContaining({ userId: "U123" }),
+      expect.stringContaining("no active Slack verification session"),
+    );
+  });
+
+  test("userId mismatch — DM not dispatched", () => {
+    mockFindActiveSession.mockReturnValue({
+      destinationAddress: "U999",
+      status: "awaiting_response",
+    });
+
+    const output = JSON.stringify({
+      _pendingSlackDm: {
+        userId: "U_ATTACKER",
+        text: "code",
+        assistantId: "aid",
+      },
+    });
+
+    callWithBashHook(
+      "assistant channel-verification-sessions create ...",
+      output,
+    );
+
+    expect(mockDeliverVerificationSlack).not.toHaveBeenCalled();
+    expect(mockLogWarn).toHaveBeenCalledWith(
+      expect.objectContaining({ userId: "U_ATTACKER", expected: "U999" }),
+      expect.stringContaining("does not match active session destination"),
+    );
+  });
+
+  test("command without verification substring — hook is no-op", () => {
+    mockFindActiveSession.mockReturnValue({
+      destinationAddress: "U123",
+      status: "awaiting_response",
+    });
+
+    const output = JSON.stringify({
+      _pendingSlackDm: {
+        userId: "U123",
+        text: "code",
+        assistantId: "aid",
+      },
+    });
+
+    callWithBashHook("echo hello", output);
+
+    expect(mockDeliverVerificationSlack).not.toHaveBeenCalled();
+  });
+
+  test("output without _pendingSlackDm — hook is no-op", () => {
+    mockFindActiveSession.mockReturnValue({
+      destinationAddress: "U123",
+      status: "awaiting_response",
+    });
+
+    callWithBashHook(
+      "assistant channel-verification-sessions create ...",
+      JSON.stringify({ success: true, sessionId: "s1" }),
+    );
+
+    expect(mockDeliverVerificationSlack).not.toHaveBeenCalled();
+  });
+
+  test("multi-line JSON output — dispatches from correct line", () => {
+    mockFindActiveSession.mockReturnValue({
+      destinationAddress: "U123",
+      status: "awaiting_response",
+    });
+
+    const cancelResult = JSON.stringify({ success: true, cancelled: true });
+    const createResult = JSON.stringify({
+      _pendingSlackDm: {
+        userId: "U123",
+        text: "verify-code",
+        assistantId: "aid2",
+      },
+    });
+    const multiLineOutput = `${cancelResult}\n${createResult}`;
+
+    callWithBashHook(
+      "assistant channel-verification-sessions create ...",
+      multiLineOutput,
+    );
+
+    expect(mockDeliverVerificationSlack).toHaveBeenCalledTimes(1);
+    expect(mockDeliverVerificationSlack).toHaveBeenCalledWith(
+      "U123",
+      "verify-code",
+      "aid2",
+    );
+  });
+
+  test("multi-line — rejected first line does not block valid second line", () => {
+    mockFindActiveSession.mockReturnValue({
+      destinationAddress: "U200",
+      status: "awaiting_response",
+    });
+
+    const staleResult = JSON.stringify({
+      _pendingSlackDm: {
+        userId: "U100",
+        text: "stale-code",
+        assistantId: "aid",
+      },
+    });
+    const validResult = JSON.stringify({
+      _pendingSlackDm: {
+        userId: "U200",
+        text: "valid-code",
+        assistantId: "aid2",
+      },
+    });
+    const multiLineOutput = `${staleResult}\n${validResult}`;
+
+    callWithBashHook(
+      "assistant channel-verification-sessions create ...",
+      multiLineOutput,
+    );
+
+    expect(mockDeliverVerificationSlack).toHaveBeenCalledTimes(1);
+    expect(mockDeliverVerificationSlack).toHaveBeenCalledWith(
+      "U200",
+      "valid-code",
+      "aid2",
+    );
+  });
+});