@vellumai/assistant 0.5.5 → 0.5.7

package/src/__tests__/channel-readiness-service.test.ts

@@ -1,15 +1,9 @@
-import { beforeEach, describe, expect, mock, spyOn, test } from "bun:test";
+import { beforeEach, describe, expect, mock, test } from "bun:test";
 
 let mockTwilioPhoneNumber: string | undefined;
 let mockRawConfig: Record<string, unknown> | undefined;
 let mockSecureKeys: Record<string, string>;
 let mockHasTwilioCredentials: boolean;
-let mockGatewayHealth = {
-  target: "http://127.0.0.1:7830",
-  healthy: true,
-  localDeployment: true,
-  error: undefined as string | undefined,
-};
 
 mock.module("../calls/twilio-rest.js", () => ({
   getPhoneNumberSid: async () => null,
@@ -57,14 +51,12 @@ mock.module("../runtime/channel-invite-transports/whatsapp.js", () => ({
 import type { ChannelId } from "../channels/types.js";
 import {
   ChannelReadinessService,
-  createReadinessService,
   REMOTE_TTL_MS,
 } from "../runtime/channel-readiness-service.js";
 import type {
   ChannelProbe,
   ReadinessCheckResult,
 } from "../runtime/channel-readiness-types.js";
-import * as localGatewayHealth from "../runtime/local-gateway-health.js";
 
 // ── Test helpers ────────────────────────────────────────────────────────────
 
@@ -104,12 +96,6 @@ describe("ChannelReadinessService", () => {
     mockRawConfig = undefined;
     mockSecureKeys = {};
     mockHasTwilioCredentials = false;
-    mockGatewayHealth = {
-      target: "http://127.0.0.1:7830",
-      healthy: true,
-      localDeployment: true,
-      error: undefined,
-    };
   });
 
   test("local checks run on every call (no caching of local results)", async () => {
@@ -403,49 +389,4 @@ describe("ChannelReadinessService", () => {
 
     expect(probe.remoteCallCount).toBe(1);
   });
-
-  test("voice readiness includes gateway_health when ingress is configured", async () => {
-    mockHasTwilioCredentials = true;
-    mockTwilioPhoneNumber = "+15550001111";
-    mockRawConfig = {
-      ingress: {
-        enabled: true,
-        publicBaseUrl: "https://voice.example.com",
-      },
-    };
-    mockGatewayHealth = {
-      target: "http://127.0.0.1:7830",
-      healthy: false,
-      localDeployment: true,
-      error: "connect ECONNREFUSED 127.0.0.1:7830",
-    };
-
-    const probeLocalGatewayHealthSpy = spyOn(
-      localGatewayHealth,
-      "probeLocalGatewayHealth",
-    ).mockImplementation(async () => ({
-      ...mockGatewayHealth,
-    }));
-
-    let snapshot: Awaited<
-      ReturnType<ChannelReadinessService["getReadiness"]>
-    >[number];
-    try {
-      const readinessService = createReadinessService();
-      [snapshot] = await readinessService.getReadiness("phone");
-    } finally {
-      probeLocalGatewayHealthSpy.mockRestore();
-    }
-
-    const gatewayHealthCheck = snapshot.localChecks.find(
-      (check) => check.name === "gateway_health",
-    );
-    expect(gatewayHealthCheck).toBeDefined();
-    expect(gatewayHealthCheck?.passed).toBe(false);
-    expect(snapshot.reasons).toContainEqual({
-      code: "gateway_health",
-      text: "Local gateway is not serving requests at http://127.0.0.1:7830: connect ECONNREFUSED 127.0.0.1:7830",
-    });
-    expect(snapshot.ready).toBe(false);
-  });
 });

package/src/__tests__/checker.test.ts

@@ -1606,13 +1606,15 @@ describe("Permission Checker", () => {
       expect(options[0].description).toContain("compound");
     });
 
-    test("compound command via pipeline yields exact-only allowlist option", async () => {
+    test("compound command via pipeline yields exact + action-key allowlist options", async () => {
       const options = await generateAllowlistOptions("bash", {
         command: "git log | grep fix",
       });
-      expect(options).toHaveLength(1);
+      expect(options.length).toBeGreaterThanOrEqual(2);
       expect(options[0].description).toContain("compound");
       expect(options[0].pattern).toBe("git log | grep fix");
+      // Pipeline action keys should be offered as broader options
+      expect(options.some((o) => o.pattern.startsWith("action:"))).toBe(true);
     });
 
     test("compound command via && yields exact-only allowlist option", async () => {

package/src/__tests__/cli-command-risk-guard.test.ts

@@ -0,0 +1,112 @@
+// Guard test: assistant CLI commands must always classify as Low risk.
+//
+// The assistant uses its own CLI tools during normal operation. If these
+// commands require user approval, it blocks autonomous assistant workflows.
+// See #18982 / #18998 for the regression that motivated this guard.
+
+import { mkdtempSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { describe, expect, mock, test } from "bun:test";
+
+const guardTestDir = mkdtempSync(join(tmpdir(), "cli-risk-guard-test-"));
+
+mock.module("../util/platform.js", () => ({
+  getRootDir: () => guardTestDir,
+  getDataDir: () => join(guardTestDir, "data"),
+  getWorkspaceSkillsDir: () => join(guardTestDir, "skills"),
+  isMacOS: () => process.platform === "darwin",
+  isLinux: () => process.platform === "linux",
+  isWindows: () => process.platform === "win32",
+  getPidPath: () => join(guardTestDir, "test.pid"),
+  getDbPath: () => join(guardTestDir, "test.db"),
+  getLogPath: () => join(guardTestDir, "test.log"),
+  ensureDataDir: () => {},
+}));
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: (_target: Record<string, unknown>, _prop: string) => {
+        return () => {};
+      },
+    }),
+}));
+
+mock.module("../config/loader.js", () => ({
+  getConfig: () => ({
+    permissions: { mode: "workspace" },
+    skills: { load: { extraDirs: [] } },
+    sandbox: { enabled: true },
+  }),
+  loadConfig: () => ({}),
+  invalidateConfigCache: () => {},
+  saveConfig: () => {},
+  loadRawConfig: () => ({}),
+  saveRawConfig: () => {},
+  getNestedValue: () => undefined,
+  setNestedValue: () => {},
+}));
+
+import { buildCliProgram } from "../cli/program.js";
+import { classifyRisk } from "../permissions/checker.js";
+import { RiskLevel } from "../permissions/types.js";
+
+/**
+ * Assert that a command classifies as Low risk, with a descriptive failure
+ * message that guides developers toward the correct fix.
+ */
+function expectLowRisk(command: string, actual: RiskLevel): void {
+  if (actual !== RiskLevel.Low) {
+    throw new Error(
+      `"${command}" classified as ${actual} instead of Low. ` +
+        `assistant CLI commands must always be Low risk — the assistant ` +
+        `uses its own CLI during normal operation. If you need risk ` +
+        `escalation for specific subcommands, add them to an allowlist ` +
+        `in this guard test with justification.`,
+    );
+  }
+  expect(actual).toBe(RiskLevel.Low);
+}
+
+// Dynamically extract subcommand names from the CLI program definition.
+// This ensures new commands added to program.ts are automatically covered
+// by this guard test without manual list maintenance.
+const program = buildCliProgram();
+const ASSISTANT_SUBCOMMANDS = program.commands.map((c) => c.name());
+
+describe("CLI command risk guard: assistant commands", () => {
+  test("subcommand discovery found a reasonable number of commands", () => {
+    // Sanity check: if mocking breaks and no commands are registered,
+    // the risk guard would vacuously pass. Require a minimum count to
+    // catch that failure mode. Update this threshold when commands are
+    // removed (but it should only grow).
+    expect(ASSISTANT_SUBCOMMANDS.length).toBeGreaterThanOrEqual(20);
+  });
+
+  test("all assistant CLI subcommands classify as Low risk", async () => {
+    for (const subcommand of ASSISTANT_SUBCOMMANDS) {
+      const command = `assistant ${subcommand}`;
+      const risk = await classifyRisk("bash", { command });
+      expectLowRisk(command, risk);
+    }
+  });
+
+  test("bare assistant command classifies as Low risk", async () => {
+    const risk = await classifyRisk("bash", { command: "assistant" });
+    expectLowRisk("assistant", risk);
+  });
+
+  test("assistant with flags classifies as Low risk", async () => {
+    const flagCommands = [
+      "assistant --version",
+      "assistant --help",
+      "assistant doctor --verbose",
+    ];
+
+    for (const command of flagCommands) {
+      const risk = await classifyRisk("bash", { command });
+      expectLowRisk(command, risk);
+    }
+  });
+});

package/src/__tests__/config-schema-cmd.test.ts

@@ -88,7 +88,6 @@ mock.module("../config/loader.js", () => ({
   invalidateConfigCache: () => {},
   getNestedValue: () => undefined,
   setNestedValue: () => {},
-  syncConfigToLockfile: () => {},
 }));
 
 import { Command } from "commander";

package/src/__tests__/config-schema.test.ts

@@ -137,7 +137,6 @@ describe("AssistantConfigSchema", () => {
       action: "redact",
       entropyThreshold: 4.0,
       allowOneTimeSend: false,
-      blockIngress: true,
     });
     expect(result.auditLog).toEqual({ retentionDays: 0 });
   });
@@ -437,7 +436,7 @@ describe("AssistantConfigSchema", () => {
 
   test("defaults permissions.mode to workspace", () => {
     const result = AssistantConfigSchema.parse({});
-    expect(result.permissions).toEqual({ mode: "workspace" });
+    expect(result.permissions).toEqual({ mode: "workspace", dangerouslySkipPermissions: false });
   });
 
   test("accepts explicit permissions.mode strict", () => {
@@ -638,6 +637,7 @@ describe("AssistantConfigSchema", () => {
       voice: {
         language: "en-US",
         transcriptionProvider: "Deepgram",
+        ttsProvider: "elevenlabs",
       },
       callerIdentity: {
         allowPerCallOverride: true,
@@ -1139,7 +1139,7 @@ describe("loadConfig with schema validation", () => {
   test("defaults permissions.mode to workspace when not specified", () => {
     writeConfig({});
     const config = loadConfig();
-    expect(config.permissions).toEqual({ mode: "workspace" });
+    expect(config.permissions).toEqual({ mode: "workspace", dangerouslySkipPermissions: false });
   });
 
   test("loads explicit permissions.mode strict", () => {

package/src/__tests__/context-window-manager.test.ts

@@ -344,6 +344,84 @@ describe("ContextWindowManager", () => {
     expect(result.compactedPersistedMessages).toBe(4);
   });
 
+  test("adjusts keep boundary to preserve tool_use/tool_result pairs", async () => {
+    const provider = createProvider(() => ({
+      content: [{ type: "text", text: "## Goals\n- compacted summary" }],
+      model: "mock-model",
+      usage: { inputTokens: 75, outputTokens: 20 },
+      stopReason: "end_turn",
+    }));
+    // Configure budget so compaction keeps only the last user turn,
+    // which would normally split the tool pair because the last user
+    // turn start is a mixed message (tool_result + text) whose matching
+    // tool_use lives in the preceding assistant message.
+    const manager = new ContextWindowManager({
+      provider,
+      systemPrompt: "system prompt",
+      config: makeConfig({
+        maxInputTokens: 320,
+        targetBudgetRatio: 0.58,
+      }),
+    });
+    const long = "k".repeat(220);
+    const history: Message[] = [
+      message("user", `u1 ${long}`), // index 0: old user turn (long)
+      message("assistant", `a1 ${long}`), // index 1: assistant reply (long)
+      message("user", `u2 ${long}`), // index 2: second user turn (long)
+      {
+        // index 3: assistant with tool_use
+        role: "assistant",
+        content: [
+          {
+            type: "tool_use",
+            id: "t1",
+            name: "read_file",
+            input: { path: "/tmp/a" },
+          },
+        ],
+      },
+      {
+        // index 4: user with tool_result AND text (mixed = user turn start)
+        // Without adjustForToolPairs, the raw boundary would land here,
+        // orphaning the tool_result from its tool_use at index 3.
+        role: "user",
+        content: [
+          { type: "tool_result", tool_use_id: "t1", content: "file contents" },
+          { type: "text", text: "thanks, now continue" },
+        ],
+      },
+    ];
+
+    const result = await manager.maybeCompact(history);
+    expect(result.compacted).toBe(true);
+    // The kept messages must include the tool_use assistant message (index 3)
+    // and tool_result user message (index 4) as a pair, not split them.
+    // Verify no orphaned tool_result blocks exist in the kept messages.
+    const keptMessages = result.messages;
+    for (let i = 0; i < keptMessages.length; i++) {
+      const msg = keptMessages[i];
+      if (msg.role !== "user") continue;
+      for (const block of msg.content) {
+        if (block.type === "tool_result") {
+          // Every tool_result must have a matching tool_use in a preceding assistant message
+          const toolUseId = (block as { tool_use_id: string }).tool_use_id;
+          const hasMatchingToolUse = keptMessages
+            .slice(0, i)
+            .some(
+              (prev) =>
+                prev.role === "assistant" &&
+                prev.content.some(
+                  (b) =>
+                    b.type === "tool_use" &&
+                    (b as { id: string }).id === toolUseId,
+                ),
+            );
+          expect(hasMatchingToolUse).toBe(true);
+        }
+      }
+    }
+  });
+
   test("counts mixed tool_result+text user messages as persisted", async () => {
     const provider = createProvider(() => ({
       content: [{ type: "text", text: "## Goals\n- mixed summary" }],

package/src/__tests__/conversation-attention-telegram.test.ts

@@ -31,11 +31,6 @@ mock.module("../util/logger.js", () => ({
   truncateForLog: (value: string) => value,
 }));
 
-// Mock security check to always pass
-mock.module("../security/secret-ingress.js", () => ({
-  checkIngressForSecrets: () => ({ blocked: false }),
-}));
-
 // Mock render to return the raw content as text
 mock.module("../daemon/handlers/shared.js", () => ({
   renderHistoryContent: (content: unknown) => ({

package/src/__tests__/conversation-init.benchmark.test.ts

@@ -111,10 +111,8 @@ mock.module("../util/platform.js", () => ({
   getTCPPort: () => 8765,
   isIOSPairingEnabled: () => false,
   isTCPEnabled: () => false,
-  readLockfile: () => null,
   readPlatformToken: () => null,
   readSessionToken: () => null,
-  writeLockfile: () => {},
   ensureDataDir: () => {},
 }));
 

package/src/__tests__/conversation-skill-tools.test.ts

@@ -209,11 +209,9 @@ mock.module("../util/logger.js", () => ({
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
     skills: { entries: {}, allowBundled: null },
-    assistantFeatureFlagValues: {},
   }),
   loadConfig: () => ({
     skills: { entries: {}, allowBundled: null },
-    assistantFeatureFlagValues: {},
   }),
   invalidateConfigCache: () => {},
 }));
@@ -1721,58 +1719,6 @@ describe("bundled skill: gmail", () => {
   });
 });
 
-describe("bundled skill: claude-code", () => {
-  let sessionState: Map<string, string>;
-
-  beforeEach(() => {
-    mockCatalog = [];
-    mockManifests = {};
-    mockRegisteredTools = new Map();
-    mockUnregisteredSkillIds = [];
-    mockSkillRefCount = new Map();
-    mockSkillRefCount = new Map();
-    mockVersionHashes = {};
-    mockVersionHashErrors = new Set();
-    sessionState = new Map<string, string>();
-  });
-
-  test("claude-code skill activation registers claude_code in allowedToolNames", () => {
-    mockCatalog = [
-      makeSkill("claude-code", "/path/to/bundled-skills/claude-code"),
-    ];
-    mockManifests = { "claude-code": makeManifest(["claude_code"]) };
-
-    const history: Message[] = [
-      ...skillLoadMessages('<loaded_skill id="claude-code" />'),
-    ];
-
-    const result = projectSkillTools(history, {
-      previouslyActiveSkillIds: sessionState,
-    });
-
-    expect(result.toolDefinitions).toEqual([]);
-    expect(result.allowedToolNames).toEqual(new Set(["claude_code"]));
-  });
-
-  test("claude_code tool is absent when claude-code skill is not active", () => {
-    mockCatalog = [
-      makeSkill("claude-code", "/path/to/bundled-skills/claude-code"),
-    ];
-    mockManifests = { "claude-code": makeManifest(["claude_code"]) };
-
-    const history: Message[] = [
-      { role: "user", content: [{ type: "text", text: "Hello" }] },
-    ];
-
-    const result = projectSkillTools(history, {
-      previouslyActiveSkillIds: sessionState,
-    });
-
-    expect(result.toolDefinitions).toHaveLength(0);
-    expect(result.allowedToolNames.has("claude_code")).toBe(false);
-  });
-});
-
 // ---------------------------------------------------------------------------
 // Bundled skill: app-builder
 // ---------------------------------------------------------------------------

package/src/__tests__/conversation-title-service.test.ts

@@ -1,6 +1,6 @@
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
-const mockRunBtwSidechain = mock(async () => ({
+const mockRunBtwSidechain = mock(async (_params: Record<string, unknown>) => ({
   text: "Project kickoff",
   hadTextDeltas: true,
   response: {
@@ -93,6 +93,8 @@ describe("conversation-title-service", () => {
     expect(mockRunBtwSidechain).toHaveBeenCalledWith(
       expect.objectContaining({
         provider,
+        systemPrompt: expect.stringContaining("conversation titles"),
+        tools: [],
         maxTokens: 37,
         modelIntent: "latency-optimized",
         timeoutMs: 10_000,
@@ -105,6 +107,93 @@ describe("conversation-title-service", () => {
     );
   });
 
+  test("regeneration extracts text from JSON content blocks", async () => {
+    mockGetMessages.mockReturnValueOnce([
+      {
+        role: "user",
+        content: JSON.stringify([
+          { type: "text", text: "Help me plan the kickoff" },
+        ]),
+      },
+      {
+        role: "assistant",
+        content: JSON.stringify([
+          { type: "text", text: "Sure, here's a plan" },
+          { type: "tool_use", id: "toolu_1", name: "web_search", input: {} },
+        ]),
+      },
+      {
+        role: "user",
+        content: JSON.stringify([{ type: "text", text: "Looks good" }]),
+      },
+    ]);
+
+    const provider = {
+      name: "test-provider",
+      sendMessage: mock(async () => {
+        throw new Error("should not call directly");
+      }),
+    };
+
+    await regenerateConversationTitle({ conversationId: "conv-1", provider });
+
+    // The prompt sent to the sidechain should contain plain text, not raw JSON
+    const prompt = (mockRunBtwSidechain.mock.calls[0] as any)?.[0]
+      ?.content as string;
+    expect(prompt).not.toContain('"type":"text"');
+    expect(prompt).not.toContain('"type":"tool_use"');
+    // Tool metadata should NOT appear in the title prompt
+    expect(prompt).not.toContain("Tool use");
+    expect(prompt).not.toContain("web_search");
+    expect(prompt).toContain("Help me plan the kickoff");
+    expect(prompt).toContain("Sure, here's a plan");
+    expect(prompt).toContain("Looks good");
+  });
+
+  test("regeneration extracts text from tool_result content blocks", async () => {
+    mockGetMessages.mockReturnValueOnce([
+      {
+        role: "user",
+        content: JSON.stringify([
+          { type: "text", text: "Search for restaurants" },
+        ]),
+      },
+      {
+        role: "assistant",
+        content: JSON.stringify([
+          { type: "tool_use", id: "toolu_1", name: "web_search", input: {} },
+        ]),
+      },
+      {
+        role: "user",
+        content: JSON.stringify([
+          {
+            type: "tool_result",
+            tool_use_id: "toolu_1",
+            content: "Found 3 restaurants nearby",
+          },
+        ]),
+      },
+    ]);
+
+    const provider = {
+      name: "test-provider",
+      sendMessage: mock(async () => {
+        throw new Error("should not call directly");
+      }),
+    };
+
+    await regenerateConversationTitle({ conversationId: "conv-1", provider });
+
+    const prompt = (mockRunBtwSidechain.mock.calls[0] as any)?.[0]
+      ?.content as string;
+    expect(prompt).not.toContain('"type":"tool_result"');
+    // Tool-only assistant message should be skipped entirely
+    expect(prompt).not.toContain("Tool use");
+    expect(prompt).toContain("Search for restaurants");
+    expect(prompt).toContain("Found 3 restaurants nearby");
+  });
+
   test("uses the BTW side-chain helper for title regeneration", async () => {
     const provider = {
       name: "test-provider",
@@ -123,6 +212,8 @@ describe("conversation-title-service", () => {
     expect(mockRunBtwSidechain).toHaveBeenCalledWith(
       expect.objectContaining({
         provider,
+        systemPrompt: expect.stringContaining("conversation titles"),
+        tools: [],
         maxTokens: 37,
         modelIntent: "latency-optimized",
         timeoutMs: 10_000,
@@ -134,4 +225,29 @@ describe("conversation-title-service", () => {
       1,
     );
   });
+
+  test("title prompt content does not contain generation instructions", async () => {
+    const provider = {
+      name: "test-provider",
+      sendMessage: mock(async () => {
+        throw new Error("provider.sendMessage should not be called directly");
+      }),
+    };
+
+    await generateAndPersistConversationTitle({
+      conversationId: "conv-1",
+      provider,
+      userMessage: "Help me plan the kickoff",
+    });
+
+    const call = mockRunBtwSidechain.mock.calls[0]![0] as {
+      content: string;
+      systemPrompt: string;
+    };
+    // Instructions should be in systemPrompt, not in content
+    expect(call.content).not.toContain("Generate a very short title");
+    expect(call.content).not.toContain("do NOT respond");
+    expect(call.systemPrompt).toContain("Do NOT respond");
+    expect(call.systemPrompt).toContain("Maximum 5 words");
+  });
 });