@vellumai/assistant 0.5.4 → 0.5.6

package/src/__tests__/memory-regressions.test.ts

@@ -540,23 +540,13 @@ describe("Memory regressions", () => {
 
   test("memory_save sets verificationState to user_confirmed", async () => {
     const { handleMemorySave } = await import("../tools/memory/handlers.js");
-    const legacyConfig = {
-      ...DEFAULT_CONFIG,
-      memory: {
-        ...DEFAULT_CONFIG.memory,
-        simplified: {
-          ...DEFAULT_CONFIG.memory.simplified,
-          enabled: false,
-        },
-      },
-    };
 
     const result = await handleMemorySave(
       {
         statement: "User explicitly saved this preference",
         kind: "preference",
       },
-      legacyConfig,
+      DEFAULT_CONFIG,
       "conv-verify-save",
       "msg-verify-save",
     );
@@ -573,23 +563,13 @@ describe("Memory regressions", () => {
 
   test("memory_save in different scopes creates separate items", async () => {
     const { handleMemorySave } = await import("../tools/memory/handlers.js");
-    const legacyConfig = {
-      ...DEFAULT_CONFIG,
-      memory: {
-        ...DEFAULT_CONFIG.memory,
-        simplified: {
-          ...DEFAULT_CONFIG.memory.simplified,
-          enabled: false,
-        },
-      },
-    };
 
     const sharedArgs = { statement: "I prefer dark mode", kind: "preference" };
 
     // Save in the default scope
     const r1 = await handleMemorySave(
       sharedArgs,
-      legacyConfig,
+      DEFAULT_CONFIG,
       "conv-scope-1",
       "msg-scope-1",
       "default",
@@ -600,7 +580,7 @@ describe("Memory regressions", () => {
     // Save the identical statement in a private scope
     const r2 = await handleMemorySave(
       sharedArgs,
-      legacyConfig,
+      DEFAULT_CONFIG,
       "conv-scope-2",
       "msg-scope-2",
       "private-abc",
@@ -624,7 +604,7 @@ describe("Memory regressions", () => {
     // Saving the same statement again in default scope should dedup (not create a third)
     const r3 = await handleMemorySave(
       sharedArgs,
-      legacyConfig,
+      DEFAULT_CONFIG,
       "conv-scope-3",
       "msg-scope-3",
       "default",
@@ -3227,9 +3207,8 @@ describe("Memory regressions", () => {
       .filter((j) => JSON.parse(j.payload).messageId === "msg-untrusted-gate");
     expect(extractJobs.length).toBe(0);
 
-    // enqueuedJobs reflects legacy embed_segment + archive embed_chunk per
-    // segment, plus the summary job, with extract_items gated off.
-    const expectedJobs = result.indexedSegments * 2 + 1;
+    // enqueuedJobs should reflect: embed jobs + summary (1), no extract (0)
+    const expectedJobs = result.indexedSegments + 1; // embed per segment + summary
     expect(result.enqueuedJobs).toBe(expectedJobs);
   });
 
@@ -3410,9 +3389,8 @@ describe("Memory regressions", () => {
       .filter((j) => JSON.parse(j.payload).messageId === "msg-unverified-gate");
     expect(extractJobs.length).toBe(0);
 
-    // enqueuedJobs reflects legacy embed_segment + archive embed_chunk per
-    // segment, plus the summary job, with extract_items gated off.
-    const expectedJobs = result.indexedSegments * 2 + 1;
+    // enqueuedJobs should reflect: embed jobs + summary (1), no extract (0)
+    const expectedJobs = result.indexedSegments + 1; // embed per segment + summary
     expect(result.enqueuedJobs).toBe(expectedJobs);
   });
 

package/src/__tests__/openai-whisper.test.ts

@@ -0,0 +1,93 @@
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+
+import { OpenAIWhisperProvider } from "../providers/speech-to-text/openai-whisper.js";
+
+// ---------------------------------------------------------------------------
+// Mock fetch — capture outgoing FormData so we can assert filenames
+// ---------------------------------------------------------------------------
+
+const originalFetch = globalThis.fetch;
+
+let capturedFormData: FormData | null = null;
+
+function mockFetch(
+  _url: string | URL | Request,
+  init?: RequestInit,
+): Promise<Response> {
+  if (init?.body instanceof FormData) {
+    capturedFormData = init.body;
+  }
+  return Promise.resolve(
+    new Response(JSON.stringify({ text: "hello world" }), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    }),
+  );
+}
+
+beforeEach(() => {
+  capturedFormData = null;
+  globalThis.fetch = mockFetch as typeof fetch;
+});
+
+afterEach(() => {
+  globalThis.fetch = originalFetch;
+});
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("OpenAIWhisperProvider", () => {
+  const provider = new OpenAIWhisperProvider("test-api-key");
+  const dummyAudio = Buffer.from("fake-audio-data");
+
+  describe("extensionFromMime (via transcribe filename)", () => {
+    test("plain MIME type resolves to correct extension", async () => {
+      await provider.transcribe(dummyAudio, "audio/ogg");
+      const file = capturedFormData?.get("file") as File;
+      expect(file.name).toBe("audio.ogg");
+    });
+
+    test("MIME type with parameters resolves to correct extension", async () => {
+      await provider.transcribe(dummyAudio, "audio/ogg; codecs=opus");
+      const file = capturedFormData?.get("file") as File;
+      expect(file.name).toBe("audio.ogg");
+    });
+
+    test("MIME type with extra whitespace around parameters", async () => {
+      await provider.transcribe(dummyAudio, "audio/mpeg ; bitrate=128");
+      const file = capturedFormData?.get("file") as File;
+      expect(file.name).toBe("audio.mp3");
+    });
+
+    test("unknown MIME type falls back to .audio", async () => {
+      await provider.transcribe(dummyAudio, "audio/unknown-format");
+      const file = capturedFormData?.get("file") as File;
+      expect(file.name).toBe("audio.audio");
+    });
+
+    test("unknown MIME type with parameters still falls back", async () => {
+      await provider.transcribe(dummyAudio, "audio/unknown; foo=bar");
+      const file = capturedFormData?.get("file") as File;
+      expect(file.name).toBe("audio.audio");
+    });
+
+    test.each([
+      ["audio/wav", "audio.wav"],
+      ["audio/x-wav", "audio.wav"],
+      ["audio/mpeg", "audio.mp3"],
+      ["audio/mp3", "audio.mp3"],
+      ["audio/ogg", "audio.ogg"],
+      ["audio/opus", "audio.opus"],
+      ["audio/webm", "audio.webm"],
+      ["audio/mp4", "audio.m4a"],
+      ["audio/x-m4a", "audio.m4a"],
+      ["audio/flac", "audio.flac"],
+    ])("%s → %s", async (mime, expectedFilename) => {
+      await provider.transcribe(dummyAudio, mime);
+      const file = capturedFormData?.get("file") as File;
+      expect(file.name).toBe(expectedFilename);
+    });
+  });
+});

package/src/__tests__/require-fresh-approval.test.ts

@@ -58,6 +58,10 @@ const mockConfig = {
     action: "warn" as const,
     entropyThreshold: 4.0,
   },
+  permissions: {
+    mode: "workspace" as const,
+    dangerouslySkipPermissions: false,
+  },
 };
 
 let fakeToolResult: ToolExecutionResult = { content: "ok", isError: false };

package/src/__tests__/slack-messaging-token-resolution.test.ts

@@ -0,0 +1,319 @@
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+import type { OAuthConnection } from "../oauth/connection.js";
+
+// ── Mocks ───────────────────────────────────────────────────────────────────
+
+const getSecureKeyAsyncMock = mock(
+  async (_key: string): Promise<string | null> => null,
+);
+const isProviderConnectedMock = mock(
+  async (_service: string): Promise<boolean> => false,
+);
+const resolveOAuthConnectionMock = mock(
+  async (
+    _service: string,
+    _opts?: { account?: string },
+  ): Promise<OAuthConnection> =>
+    ({ accessToken: "oauth-token" }) as unknown as OAuthConnection,
+);
+const getConnectionByProviderMock = mock(
+  (_provider: string): { status: string } | undefined => undefined,
+);
+
+mock.module("../security/secure-keys.js", () => ({
+  getSecureKeyAsync: getSecureKeyAsyncMock,
+}));
+
+mock.module("../oauth/oauth-store.js", () => ({
+  isProviderConnected: isProviderConnectedMock,
+  getConnectionByProvider: getConnectionByProviderMock,
+}));
+
+mock.module("../oauth/connection-resolver.js", () => ({
+  resolveOAuthConnection: resolveOAuthConnectionMock,
+}));
+
+// Telegram adapter imports modules that need more stubs
+mock.module("../config/env.js", () => ({
+  getGatewayInternalBaseUrl: () => "http://localhost:3000",
+}));
+mock.module("../memory/conversation-key-store.js", () => ({
+  getOrCreateConversation: async () => "conv-1",
+}));
+mock.module("../memory/external-conversation-store.js", () => ({
+  getExternalConversation: () => undefined,
+  setExternalConversation: () => {},
+}));
+mock.module("../runtime/auth/token-service.js", () => ({
+  mintDaemonDeliveryToken: async () => "delivery-token",
+}));
+
+// Slack client stubs (not exercised in these tests, but required on import)
+mock.module("../messaging/providers/slack/client.js", () => ({}));
+
+// Gmail client stubs
+mock.module("../messaging/providers/gmail/client.js", () => ({}));
+mock.module("../messaging/providers/gmail/people-client.js", () => ({}));
+
+// Telegram client stubs
+mock.module("../messaging/providers/telegram-bot/client.js", () => ({}));
+
+import {
+  getProviderConnection,
+  resolveProvider,
+} from "../config/bundled-skills/messaging/tools/shared.js";
+import { gmailMessagingProvider } from "../messaging/providers/gmail/adapter.js";
+import { slackProvider } from "../messaging/providers/slack/adapter.js";
+import { telegramBotMessagingProvider } from "../messaging/providers/telegram-bot/adapter.js";
+import {
+  getConnectedProviders,
+  registerMessagingProvider,
+} from "../messaging/registry.js";
+
+// Register providers for integration tests
+registerMessagingProvider(slackProvider);
+registerMessagingProvider(gmailMessagingProvider);
+registerMessagingProvider(telegramBotMessagingProvider);
+
+// ── Helpers ─────────────────────────────────────────────────────────────────
+
+function resetAllMocks() {
+  getSecureKeyAsyncMock.mockReset();
+  getSecureKeyAsyncMock.mockImplementation(async () => null);
+  isProviderConnectedMock.mockReset();
+  isProviderConnectedMock.mockImplementation(async () => false);
+  resolveOAuthConnectionMock.mockReset();
+  resolveOAuthConnectionMock.mockImplementation(
+    async () => ({ accessToken: "oauth-token" }) as unknown as OAuthConnection,
+  );
+  getConnectionByProviderMock.mockReset();
+  getConnectionByProviderMock.mockImplementation(() => undefined);
+}
+
+// ── Tests ───────────────────────────────────────────────────────────────────
+
+describe("Slack messaging token resolution", () => {
+  beforeEach(resetAllMocks);
+
+  // ── slackProvider.isConnected() ─────────────────────────────────────────
+
+  describe("slackProvider.isConnected()", () => {
+    test("returns true when slack_channel bot token exists in credential store", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-bot-token" : null,
+      );
+
+      expect(await slackProvider.isConnected!()).toBe(true);
+    });
+
+    test("returns true even if slack_channel connection row is missing (backfill failure resilience)", async () => {
+      // Bot token exists but no connection row — isConnected should still return true
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-bot-token" : null,
+      );
+      // No getConnectionByProvider call expected — Slack adapter checks token first
+
+      expect(await slackProvider.isConnected!()).toBe(true);
+    });
+
+    test("returns true when only integration:slack has active OAuth connection (backwards compat)", async () => {
+      // No bot token
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      // But OAuth provider is connected
+      isProviderConnectedMock.mockImplementation(async (service: string) =>
+        service === "integration:slack" ? true : false,
+      );
+
+      expect(await slackProvider.isConnected!()).toBe(true);
+    });
+
+    test("returns false when neither credential path exists", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      isProviderConnectedMock.mockImplementation(async () => false);
+
+      expect(await slackProvider.isConnected!()).toBe(false);
+    });
+  });
+
+  // ── slackProvider.resolveConnection() ───────────────────────────────────
+
+  describe("slackProvider.resolveConnection()", () => {
+    test("returns bot token string when Socket Mode credentials exist", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token"
+          ? "xoxb-socket-token"
+          : null,
+      );
+
+      const result = await slackProvider.resolveConnection!();
+      expect(result).toBe("xoxb-socket-token");
+    });
+
+    test("returns bot token string even without a slack_channel connection row (token-only resilience)", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-token-only" : null,
+      );
+      // No connection row — resolveConnection should still return the token
+
+      const result = await slackProvider.resolveConnection!();
+      expect(result).toBe("xoxb-token-only");
+    });
+
+    test("returns OAuthConnection when only OAuth integration:slack credentials exist (backwards compat)", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      const oauthConn = {
+        accessToken: "xoxp-oauth-token",
+      } as unknown as OAuthConnection;
+      resolveOAuthConnectionMock.mockImplementation(async () => oauthConn);
+
+      const result = await slackProvider.resolveConnection!();
+      expect(result).toBe(oauthConn);
+      expect(resolveOAuthConnectionMock).toHaveBeenCalledWith(
+        "integration:slack",
+        { account: undefined },
+      );
+    });
+
+    test("throws when no credentials exist at all (no Socket Mode, no OAuth)", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      resolveOAuthConnectionMock.mockImplementation(async () => {
+        throw new Error("No OAuth connection found for integration:slack");
+      });
+
+      await expect(slackProvider.resolveConnection!()).rejects.toThrow(
+        "No OAuth connection found",
+      );
+    });
+  });
+
+  // ── getProviderConnection() integration ─────────────────────────────────
+
+  describe("getProviderConnection()", () => {
+    test("returns bot token string for Slack when Socket Mode credentials exist", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-conn-token" : null,
+      );
+
+      const result = await getProviderConnection(slackProvider);
+      expect(result).toBe("xoxb-conn-token");
+    });
+
+    test("returns OAuthConnection for Slack when only OAuth credentials exist (backwards compat)", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      const oauthConn = {
+        accessToken: "xoxp-oauth-token",
+      } as unknown as OAuthConnection;
+      resolveOAuthConnectionMock.mockImplementation(async () => oauthConn);
+
+      const result = await getProviderConnection(slackProvider);
+      expect(result).toBe(oauthConn);
+    });
+
+    test("throws when no Slack credentials exist", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      resolveOAuthConnectionMock.mockImplementation(async () => {
+        throw new Error("No OAuth connection found");
+      });
+
+      await expect(getProviderConnection(slackProvider)).rejects.toThrow(
+        "No OAuth connection found",
+      );
+    });
+
+    test('Telegram still returns "" (no resolveConnection, uses isConnected path — regression check)', async () => {
+      // Telegram has isConnected but no resolveConnection.
+      // When isConnected returns true, getProviderConnection returns ""
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) => {
+        if (key === "credential/telegram/bot_token") return "bot-token";
+        if (key === "credential/telegram/webhook_secret") return "secret";
+        return null;
+      });
+      getConnectionByProviderMock.mockImplementation((provider: string) =>
+        provider === "telegram" ? { status: "active" } : undefined,
+      );
+
+      const result = await getProviderConnection(telegramBotMessagingProvider);
+      expect(result).toBe("");
+    });
+
+    test("Gmail still calls resolveOAuthConnection (no resolveConnection, no isConnected — regression check)", async () => {
+      // Gmail has neither resolveConnection nor isConnected.
+      // getProviderConnection falls through to resolveOAuthConnection.
+      const oauthConn = {
+        accessToken: "gmail-oauth-token",
+      } as unknown as OAuthConnection;
+      resolveOAuthConnectionMock.mockImplementation(async () => oauthConn);
+
+      const result = await getProviderConnection(gmailMessagingProvider);
+      expect(result).toBe(oauthConn);
+      expect(resolveOAuthConnectionMock).toHaveBeenCalledWith(
+        "integration:google",
+        { account: undefined },
+      );
+    });
+  });
+
+  // ── resolveProvider() multi-platform behavior ───────────────────────────
+
+  describe("resolveProvider() multi-platform behavior", () => {
+    test('throws "Multiple platforms connected" when both Gmail and Slack (Socket Mode) are connected and no platform is specified', async () => {
+      // Slack connected via Socket Mode
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-token" : null,
+      );
+      // Gmail connected via OAuth
+      isProviderConnectedMock.mockImplementation(async (service: string) =>
+        service === "integration:google" ? true : false,
+      );
+
+      await expect(resolveProvider()).rejects.toThrow(
+        "Multiple platforms connected",
+      );
+    });
+
+    test("auto-selects Slack when it is the only connected provider", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-only" : null,
+      );
+      isProviderConnectedMock.mockImplementation(async () => false);
+
+      const provider = await resolveProvider();
+      expect(provider.id).toBe("slack");
+    });
+
+    test("auto-selects Gmail when it is the only connected provider (no Slack credentials)", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      isProviderConnectedMock.mockImplementation(async (service: string) =>
+        service === "integration:google" ? true : false,
+      );
+
+      const provider = await resolveProvider();
+      expect(provider.id).toBe("gmail");
+    });
+  });
+
+  // ── getConnectedProviders() ─────────────────────────────────────────────
+
+  describe("getConnectedProviders()", () => {
+    test("includes Slack when connected via Socket Mode (slack_channel)", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async (key: string) =>
+        key === "credential/slack_channel/bot_token" ? "xoxb-token" : null,
+      );
+      isProviderConnectedMock.mockImplementation(async () => false);
+
+      const connected = await getConnectedProviders();
+      const ids = connected.map((p) => p.id);
+      expect(ids).toContain("slack");
+    });
+
+    test("excludes Slack when no bot token exists", async () => {
+      getSecureKeyAsyncMock.mockImplementation(async () => null);
+      isProviderConnectedMock.mockImplementation(async () => false);
+
+      const connected = await getConnectedProviders();
+      const ids = connected.map((p) => p.id);
+      expect(ids).not.toContain("slack");
+    });
+  });
+});

package/src/__tests__/tool-executor-lifecycle-events.test.ts

@@ -32,6 +32,10 @@ const mockConfig = {
     action: "warn" as const,
     entropyThreshold: 4.0,
   },
+  permissions: {
+    mode: "workspace" as const,
+    dangerouslySkipPermissions: false,
+  },
 };
 
 let checkerDecision: "allow" | "prompt" | "deny" = "allow";

package/src/__tests__/tool-executor.test.ts

@@ -50,6 +50,10 @@ const mockConfig = {
     action: "warn" as const,
     entropyThreshold: 4.0,
   },
+  permissions: {
+    mode: "workspace" as const,
+    dangerouslySkipPermissions: false,
+  },
 };
 
 let fakeToolResult: ToolExecutionResult = { content: "ok", isError: false };