@vellumai/assistant 0.5.16 → 0.6.1

package/src/avatar/traits-png-sync.ts

@@ -3,7 +3,7 @@ import { mkdirSync, renameSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
 
 import { getLogger } from "../util/logger.js";
-import { getWorkspaceDir } from "../util/platform.js";
+import { AVATAR_IMAGE_FILENAME, getAvatarDir } from "../util/platform.js";
 import { renderCharacterAscii } from "./ascii-renderer.js";
 import { getCharacterComponents } from "./character-components.js";
 import { renderCharacterPng } from "./png-renderer.js";
@@ -64,7 +64,7 @@ function writeAvatarFiles(
   pngBuffer: Buffer,
   asciiArt: string | null,
 ): boolean {
-  const pngPath = join(avatarDir, "avatar-image.png");
+  const pngPath = join(avatarDir, AVATAR_IMAGE_FILENAME);
   const pngTmp = `${pngPath}.${randomUUID()}.tmp`;
   writeFileSync(pngTmp, pngBuffer);
   renameSync(pngTmp, pngPath);
@@ -144,7 +144,7 @@ export function writeTraitsAndRenderAvatar(
     };
   }
 
-  const avatarDir = join(getWorkspaceDir(), "data", "avatar");
+  const avatarDir = getAvatarDir();
   const traitsPath = join(avatarDir, "character-traits.json");
 
   try {

package/src/bundler/app-compiler.ts

@@ -11,7 +11,7 @@
 
 import { existsSync, rmSync } from "node:fs";
 import { mkdir, readdir, readFile, writeFile } from "node:fs/promises";
-import { dirname, join } from "node:path";
+import { dirname, join, resolve } from "node:path";
 
 import { getLogger } from "../util/logger.js";
 import { ensureCompilerTools } from "./compiler-tools.js";
@@ -79,6 +79,161 @@ function parseEsbuildStderr(stderr: string): {
   return { errors, warnings };
 }
 
+/**
+ * Decode JS string escape sequences (\xHH, \uHHHH, \u{H+}, standard
+ * escapes) so that obfuscated specifiers like `"\x2e\x2e/etc/passwd"` are
+ * normalised before the path-containment check.
+ */
+function decodeJsEscapes(raw: string): string {
+  return raw.replace(
+    /\\(?:x([0-9a-fA-F]{2})|u\{([0-9a-fA-F]+)\}|u([0-9a-fA-F]{4})|([nrtbfv0'"\\]))/g,
+    (_, hex2, codePoint, hex4, std) => {
+      if (hex2) return String.fromCharCode(parseInt(hex2, 16));
+      if (codePoint) return String.fromCodePoint(parseInt(codePoint, 16));
+      if (hex4) return String.fromCharCode(parseInt(hex4, 16));
+      const map: Record<string, string> = {
+        n: "\n",
+        r: "\r",
+        t: "\t",
+        b: "\b",
+        f: "\f",
+        v: "\v",
+        "0": "\0",
+        "'": "'",
+        '"': '"',
+        "\\": "\\",
+      };
+      return map[std] ?? std;
+    },
+  );
+}
+
+/**
+ * Strip JS block comments and line comments from source, replacing them
+ * with same-length whitespace so character offsets (used for line-number
+ * calculation) are preserved.  String literals are left intact.
+ */
+function stripJsComments(source: string): string {
+  let out = "";
+  for (let i = 0; i < source.length; ) {
+    const c = source[i];
+    const next = source[i + 1];
+
+    // String literal — pass through unchanged
+    if (c === '"' || c === "'" || c === "`") {
+      const q = c;
+      out += source[i++];
+      while (i < source.length && source[i] !== q) {
+        if (source[i] === "\\") {
+          out += source[i++]; // backslash
+        }
+        if (i < source.length) out += source[i++]; // char or escaped char
+      }
+      if (i < source.length) out += source[i++]; // closing quote
+      continue;
+    }
+
+    // Block comment → replace with spaces (keep newlines for line counting)
+    if (c === "/" && next === "*") {
+      out += "  "; // replace /*
+      i += 2;
+      while (
+        i < source.length &&
+        !(source[i] === "*" && source[i + 1] === "/")
+      ) {
+        out += source[i] === "\n" ? "\n" : " ";
+        i++;
+      }
+      if (i < source.length) {
+        out += "  "; // replace */
+        i += 2;
+      }
+      continue;
+    }
+
+    // Line comment → replace with spaces
+    if (c === "/" && next === "/") {
+      out += "  "; // replace //
+      i += 2;
+      while (i < source.length && source[i] !== "\n") {
+        out += " ";
+        i++;
+      }
+      continue;
+    }
+
+    out += source[i++];
+  }
+  return out;
+}
+
+/**
+ * Validate that all relative/absolute import paths in source files resolve
+ * within the app directory. This prevents crafted apps from importing
+ * arbitrary host files (e.g. `import data from '../../../../etc/passwd'`).
+ */
+async function validateImportPaths(
+  srcDir: string,
+  appDir: string,
+): Promise<CompileDiagnostic[]> {
+  const resolvedAppDir = resolve(appDir);
+  const errors: CompileDiagnostic[] = [];
+
+  const files = await readdir(srcDir, { recursive: true });
+  for (const file of files) {
+    const fileName = String(file);
+    const isJs = /\.[jt]sx?$/.test(fileName);
+    const isCss = /\.css$/.test(fileName);
+    if (!isJs && !isCss) continue;
+
+    const filePath = join(srcDir, fileName);
+    const content = await readFile(filePath, "utf-8");
+    const fileDir = dirname(filePath);
+
+    // Strip JS comments so patterns like `from /* */ "path"` are detected
+    const scannable = isJs ? stripJsComments(content) : content;
+
+    const specifiers: Array<{ specifier: string; index: number }> = [];
+
+    if (isJs) {
+      // Match: from "x", import "x", import("x"), require("x")
+      const re = /(?:from|import|require)\s*\(?\s*["']([^"']+)["']/g;
+      for (const m of scannable.matchAll(re)) {
+        specifiers.push({ specifier: m[1], index: m.index! });
+      }
+    } else {
+      // CSS: @import "x", @import url("x"), url("x")
+      const re =
+        /(?:@import\s+(?:url\s*\(\s*)?|url\s*\(\s*)["']?([^"')\s;]+)["']?/g;
+      for (const m of content.matchAll(re)) {
+        if (m[1]) specifiers.push({ specifier: m[1], index: m.index! });
+      }
+    }
+
+    for (const { specifier, index } of specifiers) {
+      // Decode JS string escapes so \x2e\x2e/… is normalised to ../../…
+      const decoded = isJs ? decodeJsEscapes(specifier) : specifier;
+
+      // Only validate path-based imports (starting with . or /)
+      if (!decoded.startsWith(".") && !decoded.startsWith("/")) continue;
+
+      const resolved = resolve(fileDir, decoded);
+      if (
+        !resolved.startsWith(resolvedAppDir + "/") &&
+        resolved !== resolvedAppDir
+      ) {
+        const line = content.substring(0, index).split("\n").length;
+        errors.push({
+          text: `Import "${specifier}" resolves outside the app directory`,
+          location: { file: fileName, line, column: 0 },
+        });
+      }
+    }
+  }
+
+  return errors;
+}
+
 /**
  * Scan source files for bare import specifiers and pre-install any
  * allowlisted packages into the shared cache so esbuild can resolve them.
@@ -86,6 +241,7 @@ function parseEsbuildStderr(stderr: string): {
 async function resolveAppImports(srcDir: string): Promise<void> {
   const importRe = /(?:import|from)\s+["']([^"'.][^"']*)["']/g;
   const seen = new Set<string>();
+  const failed: string[] = [];
 
   const files = await readdir(srcDir, { recursive: true });
   for (const file of files) {
@@ -97,9 +253,19 @@ async function resolveAppImports(srcDir: string): Promise<void> {
       const pkg = packageName(specifier);
       if (seen.has(pkg)) continue;
       seen.add(pkg);
-      await resolvePackage(pkg);
+      const result = await resolvePackage(pkg);
+      if (result === null) {
+        failed.push(pkg);
+      }
     }
   }
+
+  if (failed.length > 0) {
+    log.warn(
+      { failed },
+      "Some imported packages could not be resolved — esbuild may fail",
+    );
+  }
 }
 
 /**
@@ -137,6 +303,17 @@ export async function compileApp(appDir: string): Promise<CompileResult> {
     };
   }
 
+  // Validate that path-based imports don't escape the app directory
+  const pathErrors = await validateImportPaths(srcDir, appDir);
+  if (pathErrors.length > 0) {
+    const durationMs = Math.round(performance.now() - start);
+    log.info(
+      { durationMs, errorCount: pathErrors.length },
+      "Build blocked: imports resolve outside app directory",
+    );
+    return { ok: false, errors: pathErrors, warnings: [], durationMs };
+  }
+
   // Scan source files for bare imports and JIT-install allowed packages
   await resolveAppImports(srcDir);
 

package/src/bundler/package-resolver.ts

@@ -10,6 +10,7 @@ import { mkdir, stat } from "node:fs/promises";
 import { homedir } from "node:os";
 import { join } from "node:path";
 
+import { ensureBun } from "../util/bun-runtime.js";
 import { getLogger } from "../util/logger.js";
 
 const log = getLogger("package-resolver");
@@ -117,14 +118,11 @@ async function installPackage(
   log.info({ pkg }, "Installing package into shared cache");
 
   try {
-    const proc = Bun.spawn(["bun", "install", "--no-save", pkg], {
+    const bunPath = await ensureBun();
+    const proc = Bun.spawn([bunPath, "install", "--no-save", pkg], {
       cwd: cacheDir,
       stdout: "pipe",
       stderr: "pipe",
-      env: {
-        ...process.env,
-        PATH: `${homedir()}/.bun/bin:${process.env.PATH}`,
-      },
     });
 
     // Race against timeout

package/src/cli/__tests__/notifications.test.ts

@@ -55,7 +55,7 @@ mock.module("../../channels/config.js", () => ({
 
 import { Command } from "commander";
 
-import { getDb, initializeDb, resetDb } from "../../memory/db.js";
+import { getDb, initializeDb } from "../../memory/db.js";
 import { createEvent } from "../../notifications/events-store.js";
 import { registerNotificationsCommand } from "../commands/notifications.js";
 
@@ -129,7 +129,6 @@ beforeEach(() => {
 });
 
 afterAll(() => {
-  resetDb();
   process.exitCode = 0;
 });
 

package/src/cli/__tests__/run-assistant-command.ts

@@ -0,0 +1,29 @@
+/**
+ * CLI test utility — run an assistant CLI command via the real program,
+ * capturing stdout.
+ */
+export async function runAssistantCommand(...args: string[]): Promise<string> {
+  const { buildCliProgram } = await import("../program.js");
+  const program = buildCliProgram();
+  program.exitOverride();
+  program.configureOutput({ writeErr: () => {}, writeOut: () => {} });
+
+  const chunks: string[] = [];
+  const originalWrite = process.stdout.write;
+  process.stdout.write = ((chunk: string | Uint8Array) => {
+    chunks.push(
+      typeof chunk === "string" ? chunk : new TextDecoder().decode(chunk),
+    );
+    return true;
+  }) as typeof process.stdout.write;
+
+  try {
+    await program.parseAsync(["node", "assistant", ...args]);
+  } catch {
+    /* commander exit override throws */
+  } finally {
+    process.stdout.write = originalWrite;
+  }
+
+  return chunks.join("");
+}

package/src/cli/commands/__tests__/email-download.test.ts

@@ -0,0 +1,245 @@
+import { existsSync, readFileSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+
+import {
+  getMockFetchCalls,
+  mockFetch,
+  resetMockFetch,
+} from "../../../__tests__/mock-fetch.js";
+import { _setOverridesForTesting } from "../../../config/assistant-feature-flags.js";
+import { setPlatformAssistantId } from "../../../config/env.js";
+import { credentialKey } from "../../../security/credential-key.js";
+import {
+  _resetBackend,
+  deleteSecureKeyAsync,
+  setSecureKeyAsync,
+} from "../../../security/secure-keys.js";
+import { runAssistantCommand } from "../../__tests__/run-assistant-command.js";
+
+const ASSISTANT_ID = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee";
+const MESSAGE_ID = "msg-001";
+const API_KEY_CREDENTIAL = credentialKey("vellum", "assistant_api_key");
+
+const SAMPLE_MESSAGE = {
+  id: MESSAGE_ID,
+  direction: "inbound",
+  from_address: "user@example.com",
+  to_addresses: ["mybot@vellum.me"],
+  subject: "Hello bot",
+  body_text: "Hi, this is a test message.",
+  body_html: "<p>Hi, this is a <b>test</b> message.</p>",
+  in_reply_to: "",
+  references: [],
+  created_at: "2026-04-05T12:00:00Z",
+};
+
+function mockDetailSuccess(msg = SAMPLE_MESSAGE, status = 200): void {
+  mockFetch(`/emails/${msg.id}/`, {}, { body: msg, status });
+}
+
+let savedCesUrl: string | undefined;
+let savedContainerized: string | undefined;
+let tmpOutputPath: string;
+
+beforeEach(async () => {
+  process.exitCode = 0;
+
+  savedCesUrl = process.env.CES_CREDENTIAL_URL;
+  savedContainerized = process.env.IS_CONTAINERIZED;
+  delete process.env.CES_CREDENTIAL_URL;
+  delete process.env.IS_CONTAINERIZED;
+
+  _resetBackend();
+  resetMockFetch();
+  _setOverridesForTesting({ "email-channel": true });
+  setPlatformAssistantId(ASSISTANT_ID);
+  await setSecureKeyAsync(API_KEY_CREDENTIAL, "test-api-key");
+
+  tmpOutputPath = join(tmpdir(), `email-download-test-${Date.now()}.txt`);
+});
+
+afterEach(() => {
+  resetMockFetch();
+  _setOverridesForTesting({});
+  setPlatformAssistantId(undefined);
+  _resetBackend();
+
+  if (savedCesUrl !== undefined) process.env.CES_CREDENTIAL_URL = savedCesUrl;
+  else delete process.env.CES_CREDENTIAL_URL;
+  if (savedContainerized !== undefined)
+    process.env.IS_CONTAINERIZED = savedContainerized;
+  else delete process.env.IS_CONTAINERIZED;
+
+  if (existsSync(tmpOutputPath)) rmSync(tmpOutputPath);
+});
+
+describe("assistant email download", () => {
+  test("default format shows headers and plain-text body", async () => {
+    mockDetailSuccess();
+
+    const output = await runAssistantCommand("email", "download", MESSAGE_ID);
+
+    expect(output).toContain("From:    user@example.com");
+    expect(output).toContain("To:      mybot@vellum.me");
+    expect(output).toContain("Subject: Hello bot");
+    expect(output).toContain("Hi, this is a test message.");
+    expect(process.exitCode).toBe(0);
+  });
+
+  test("--format json returns full message object", async () => {
+    mockDetailSuccess();
+
+    const output = await runAssistantCommand(
+      "email",
+      "download",
+      MESSAGE_ID,
+      "--format",
+      "json",
+    );
+
+    const parsed = JSON.parse(output.trim());
+    expect(parsed.id).toBe(MESSAGE_ID);
+    expect(parsed.body_text).toBe("Hi, this is a test message.");
+    expect(parsed.body_html).toContain("<b>test</b>");
+    expect(process.exitCode).toBe(0);
+  });
+
+  test("--json flag also returns JSON", async () => {
+    mockDetailSuccess();
+
+    const output = await runAssistantCommand(
+      "email",
+      "--json",
+      "download",
+      MESSAGE_ID,
+    );
+
+    const parsed = JSON.parse(output.trim());
+    expect(parsed.id).toBe(MESSAGE_ID);
+    expect(process.exitCode).toBe(0);
+  });
+
+  test("--format html returns HTML body", async () => {
+    mockDetailSuccess();
+
+    const output = await runAssistantCommand(
+      "email",
+      "download",
+      MESSAGE_ID,
+      "--format",
+      "html",
+    );
+
+    expect(output).toContain("<p>Hi, this is a <b>test</b> message.</p>");
+    expect(process.exitCode).toBe(0);
+  });
+
+  test("--format html with no HTML body returns error", async () => {
+    mockDetailSuccess({ ...SAMPLE_MESSAGE, body_html: "" });
+
+    const output = await runAssistantCommand(
+      "email",
+      "download",
+      MESSAGE_ID,
+      "--format",
+      "html",
+    );
+
+    expect(process.exitCode).toBe(1);
+    // stderr output from log.error, but stdout may be empty — check exitCode
+    expect(output).not.toContain("<p>");
+  });
+
+  test("--output writes to file", async () => {
+    mockDetailSuccess();
+
+    await runAssistantCommand(
+      "email",
+      "download",
+      MESSAGE_ID,
+      "-o",
+      tmpOutputPath,
+    );
+
+    expect(process.exitCode).toBe(0);
+    expect(existsSync(tmpOutputPath)).toBe(true);
+    const content = readFileSync(tmpOutputPath, "utf-8");
+    expect(content).toContain("From:    user@example.com");
+    expect(content).toContain("Hi, this is a test message.");
+  });
+
+  test("calls correct URL", async () => {
+    mockDetailSuccess();
+
+    await runAssistantCommand("email", "download", MESSAGE_ID);
+
+    const calls = getMockFetchCalls();
+    expect(calls).toHaveLength(1);
+    expect(calls[0].path).toContain(
+      `/v1/assistants/${ASSISTANT_ID}/emails/${MESSAGE_ID}/`,
+    );
+  });
+
+  test("404 returns error", async () => {
+    mockFetch(
+      `/emails/${MESSAGE_ID}/`,
+      {},
+      { body: { detail: "Not found." }, status: 404 },
+    );
+
+    const output = await runAssistantCommand(
+      "email",
+      "--json",
+      "download",
+      MESSAGE_ID,
+    );
+
+    expect(process.exitCode).toBe(1);
+    const parsed = JSON.parse(output.trim());
+    expect(parsed.error).toContain("Not found");
+  });
+
+  test("missing platform credentials returns error", async () => {
+    await deleteSecureKeyAsync(API_KEY_CREDENTIAL);
+
+    const output = await runAssistantCommand(
+      "email",
+      "--json",
+      "download",
+      MESSAGE_ID,
+    );
+
+    expect(process.exitCode).toBe(1);
+    const parsed = JSON.parse(output.trim());
+    expect(parsed.error).toContain("Platform credentials not configured");
+  });
+
+  test("missing assistant ID returns error", async () => {
+    setPlatformAssistantId("");
+
+    const output = await runAssistantCommand(
+      "email",
+      "--json",
+      "download",
+      MESSAGE_ID,
+    );
+
+    expect(process.exitCode).toBe(1);
+    const parsed = JSON.parse(output.trim());
+    expect(parsed.error).toContain("Assistant ID");
+  });
+
+  test("in_reply_to header shown when present", async () => {
+    mockDetailSuccess({
+      ...SAMPLE_MESSAGE,
+      in_reply_to: "<orig@mail.gmail.com>",
+    });
+
+    const output = await runAssistantCommand("email", "download", MESSAGE_ID);
+
+    expect(output).toContain("In-Reply-To: <orig@mail.gmail.com>");
+    expect(process.exitCode).toBe(0);
+  });
+});