@vellumai/assistant 0.5.6 → 0.5.7

package/src/__tests__/docker-signing-key-bootstrap.test.ts

@@ -1,31 +1,20 @@
 /**
- * Integration tests for resolveSigningKey() covering the Docker bootstrap
- * lifecycle: fresh fetch from gateway, daemon restart (load from disk),
- * and local mode (file-based load/create).
+ * Tests for resolveSigningKey() covering env var injection (Docker)
+ * and file-based load/create (local mode).
  */
 
-import { mkdtempSync, readFileSync, realpathSync, rmSync } from "node:fs";
+import { mkdirSync, mkdtempSync, realpathSync, rmSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { afterAll, afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 
-// ---------------------------------------------------------------------------
-// Temp directory for signing key persistence
-// ---------------------------------------------------------------------------
-
-const testDir = realpathSync(mkdtempSync(join(tmpdir(), "docker-signing-key-test-")));
-
-// ---------------------------------------------------------------------------
-// Mock platform to redirect signing key file to our temp directory
-// ---------------------------------------------------------------------------
+const testDir = realpathSync(mkdtempSync(join(tmpdir(), "signing-key-test-")));
 
 mock.module("../util/platform.js", () => ({
   getRootDir: () => testDir,
   getDataDir: () => testDir,
   getDbPath: () => join(testDir, "test.db"),
   normalizeAssistantId: (id: string) => (id === "self" ? "self" : id),
-  readLockfile: () => null,
-  writeLockfile: () => {},
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",
@@ -41,53 +30,23 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-// ---------------------------------------------------------------------------
-// Import the functions under test (after mocks are installed)
-// ---------------------------------------------------------------------------
-
-const {
-  resolveSigningKey,
-  loadOrCreateSigningKey: _loadOrCreateSigningKey,
-  BootstrapAlreadyCompleted: _BootstrapAlreadyCompleted,
-} = await import("../runtime/auth/token-service.js");
-
-// ---------------------------------------------------------------------------
-// Test constants
-// ---------------------------------------------------------------------------
+const { resolveSigningKey } = await import("../runtime/auth/token-service.js");
 
-const VALID_32_BYTE_KEY = "ab".repeat(32); // 64 hex chars = 32 bytes
-const SIGNING_KEY_PATH = join(testDir, "protected", "actor-token-signing-key");
+const VALID_HEX_KEY = "ab".repeat(32); // 64 hex chars = 32 bytes
 
-// ---------------------------------------------------------------------------
-// Environment & fetch state management
-// ---------------------------------------------------------------------------
-
-const originalFetch = globalThis.fetch;
 const savedEnv: Record<string, string | undefined> = {};
 
-function saveEnv(...keys: string[]) {
-  for (const key of keys) {
-    savedEnv[key] = process.env[key];
-  }
-}
-
-function restoreEnv() {
-  for (const [key, val] of Object.entries(savedEnv)) {
-    if (val === undefined) {
-      delete process.env[key];
-    } else {
-      process.env[key] = val;
-    }
-  }
-}
-
 beforeEach(() => {
-  saveEnv("IS_CONTAINERIZED", "GATEWAY_INTERNAL_URL");
+  savedEnv.ACTOR_TOKEN_SIGNING_KEY = process.env.ACTOR_TOKEN_SIGNING_KEY;
+  mkdirSync(join(testDir, "protected"), { recursive: true });
 });
 
 afterEach(() => {
-  globalThis.fetch = originalFetch;
-  restoreEnv();
+  if (savedEnv.ACTOR_TOKEN_SIGNING_KEY === undefined) {
+    delete process.env.ACTOR_TOKEN_SIGNING_KEY;
+  } else {
+    process.env.ACTOR_TOKEN_SIGNING_KEY = savedEnv.ACTOR_TOKEN_SIGNING_KEY;
+  }
 });
 
 afterAll(() => {
@@ -96,112 +55,44 @@ afterAll(() => {
   } catch {}
 });
 
-// ---------------------------------------------------------------------------
-// Docker mode tests — resolveSigningKey() bootstrap lifecycle
-// ---------------------------------------------------------------------------
-
-describe("resolveSigningKey — Docker bootstrap lifecycle", () => {
-  test("fresh bootstrap: fetches key from gateway and persists to disk", async () => {
-    process.env.IS_CONTAINERIZED = "true";
-    process.env.GATEWAY_INTERNAL_URL = "http://localhost:19876";
+describe("resolveSigningKey", () => {
+  test("reads key from ACTOR_TOKEN_SIGNING_KEY env var", () => {
+    process.env.ACTOR_TOKEN_SIGNING_KEY = VALID_HEX_KEY;
 
-    // Mock fetch to return a known 32-byte key on first call.
-    globalThis.fetch = (async () =>
-      new Response(JSON.stringify({ key: VALID_32_BYTE_KEY }), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      })) as unknown as typeof fetch;
+    const key = resolveSigningKey();
 
-    const key = await resolveSigningKey();
-
-    // Verify the returned key is a 32-byte buffer with the expected content.
     expect(key).toBeInstanceOf(Buffer);
     expect(key.length).toBe(32);
-    expect(key.toString("hex")).toBe(VALID_32_BYTE_KEY);
-
-    // Verify the key was persisted to disk.
-    const persisted = readFileSync(SIGNING_KEY_PATH);
-    expect(persisted.length).toBe(32);
-    expect(Buffer.from(persisted).equals(key)).toBe(true);
+    expect(key.toString("hex")).toBe(VALID_HEX_KEY);
   });
 
-  test("daemon restart: gateway returns 403, loads persisted key from disk", async () => {
-    process.env.IS_CONTAINERIZED = "true";
-    process.env.GATEWAY_INTERNAL_URL = "http://localhost:19876";
+  test("rejects invalid ACTOR_TOKEN_SIGNING_KEY", () => {
+    process.env.ACTOR_TOKEN_SIGNING_KEY = "tooshort";
 
-    // The previous test persisted the key. Simulate a daemon restart where
-    // the gateway returns 403 (bootstrap already completed).
-    globalThis.fetch = (async () =>
-      new Response(JSON.stringify({ error: "Bootstrap already completed" }), {
-        status: 403,
-      })) as unknown as typeof fetch;
-
-    const key = await resolveSigningKey();
-
-    // Should have loaded the previously persisted key from disk.
-    expect(key).toBeInstanceOf(Buffer);
-    expect(key.length).toBe(32);
-    expect(key.toString("hex")).toBe(VALID_32_BYTE_KEY);
-  });
-});
-
-// ---------------------------------------------------------------------------
-// Local mode tests — resolveSigningKey() file-based path
-// ---------------------------------------------------------------------------
-
-describe("resolveSigningKey — local mode", () => {
-  test("uses file-based loadOrCreateSigningKey without calling fetch", async () => {
-    // Ensure Docker env vars are unset.
-    delete process.env.IS_CONTAINERIZED;
-    delete process.env.GATEWAY_INTERNAL_URL;
-
-    let fetchCalled = false;
-    globalThis.fetch = (async () => {
-      fetchCalled = true;
-      return new Response("should not be called", { status: 500 });
-    }) as unknown as typeof fetch;
-
-    const key = await resolveSigningKey();
-
-    // Should return a valid 32-byte key (loaded from disk or newly created).
-    expect(key).toBeInstanceOf(Buffer);
-    expect(key.length).toBe(32);
-
-    // Crucially, fetch should NOT have been called.
-    expect(fetchCalled).toBe(false);
+    expect(() => resolveSigningKey()).toThrow("Invalid ACTOR_TOKEN_SIGNING_KEY");
   });
 
-  test("IS_CONTAINERIZED=false does not trigger gateway fetch", async () => {
-    process.env.IS_CONTAINERIZED = "false";
-    process.env.GATEWAY_INTERNAL_URL = "http://localhost:19876";
+  test("falls back to file-based load/create when env var is not set", () => {
+    delete process.env.ACTOR_TOKEN_SIGNING_KEY;
 
-    let fetchCalled = false;
-    globalThis.fetch = (async () => {
-      fetchCalled = true;
-      return new Response("should not be called", { status: 500 });
-    }) as unknown as typeof fetch;
-
-    const key = await resolveSigningKey();
+    const key = resolveSigningKey();
 
     expect(key).toBeInstanceOf(Buffer);
     expect(key.length).toBe(32);
-    expect(fetchCalled).toBe(false);
   });
 
-  test("IS_CONTAINERIZED=true without GATEWAY_INTERNAL_URL uses local path", async () => {
-    process.env.IS_CONTAINERIZED = "true";
-    delete process.env.GATEWAY_INTERNAL_URL;
+  test("env var takes priority over file on disk", () => {
+    process.env.ACTOR_TOKEN_SIGNING_KEY = VALID_HEX_KEY;
 
-    let fetchCalled = false;
-    globalThis.fetch = (async () => {
-      fetchCalled = true;
-      return new Response("should not be called", { status: 500 });
-    }) as unknown as typeof fetch;
+    // First call creates a file-based key
+    delete process.env.ACTOR_TOKEN_SIGNING_KEY;
+    const fileKey = resolveSigningKey();
 
-    const key = await resolveSigningKey();
+    // Second call with env var should use the env var, not the file
+    process.env.ACTOR_TOKEN_SIGNING_KEY = "cd".repeat(32);
+    const envKey = resolveSigningKey();
 
-    expect(key).toBeInstanceOf(Buffer);
-    expect(key.length).toBe(32);
-    expect(fetchCalled).toBe(false);
+    expect(envKey.toString("hex")).toBe("cd".repeat(32));
+    expect(envKey.toString("hex")).not.toBe(fileKey.toString("hex"));
   });
 });

package/src/__tests__/dynamic-skill-workflow-prompt.test.ts

@@ -53,9 +53,6 @@ mock.module("../util/logger.js", () => ({
 
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
-    assistantFeatureFlagValues: {
-      "feature_flags.browser.enabled": true,
-    },
     services: {
       inference: {
         mode: "your-own",
@@ -77,17 +74,22 @@ mock.module("../config/loader.js", () => ({
   invalidateConfigCache: () => {},
   getNestedValue: () => undefined,
   setNestedValue: () => {},
-  syncConfigToLockfile: () => {},
 }));
 
 const { buildSystemPrompt } = await import("../prompts/system-prompt.js");
+const { _setOverridesForTesting } =
+  await import("../config/assistant-feature-flags.js");
 
 describe("Dynamic Skill Authoring Workflow moved to tool descriptions", () => {
   beforeEach(() => {
     mkdirSync(TEST_DIR, { recursive: true });
+    _setOverridesForTesting({
+      "feature_flags.browser.enabled": true,
+    });
   });
 
   afterEach(() => {
+    _setOverridesForTesting({});
     if (existsSync(TEST_DIR)) {
       rmSync(TEST_DIR, { recursive: true, force: true });
     }

package/src/__tests__/guardian-routing-state.test.ts

@@ -31,11 +31,6 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-// Mock security check to always pass
-mock.module("../security/secret-ingress.js", () => ({
-  checkIngressForSecrets: () => ({ blocked: false }),
-}));
-
 import { upsertContact } from "../contacts/contact-store.js";
 import { createGuardianBinding } from "../contacts/contacts-write.js";
 import type { TrustContext } from "../daemon/conversation-runtime-assembly.js";

package/src/__tests__/host-shell-tool.test.ts

@@ -846,12 +846,12 @@ describe("host_bash — proxy delegation", () => {
   });
 
   test("propagates VELLUM_UNTRUSTED_SHELL env to proxy under CES lockdown", async () => {
-    // Enable CES shell lockdown
-    const origFlags = (mockConfig as Record<string, unknown>)
-      .assistantFeatureFlagValues;
-    (mockConfig as Record<string, unknown>).assistantFeatureFlagValues = {
+    // Enable CES shell lockdown via the override cache
+    const { _setOverridesForTesting } =
+      await import("../config/assistant-feature-flags.js");
+    _setOverridesForTesting({
       "feature_flags.ces-shell-lockdown.enabled": true,
-    };
+    });
 
     try {
       const proxyResult: ToolExecutionResult = {
@@ -875,8 +875,7 @@ describe("host_bash — proxy delegation", () => {
       expect(calls.length).toBe(1);
       expect(calls[0].input.env).toEqual({ VELLUM_UNTRUSTED_SHELL: "1" });
     } finally {
-      (mockConfig as Record<string, unknown>).assistantFeatureFlagValues =
-        origFlags;
+      _setOverridesForTesting({});
     }
   });
 

package/src/__tests__/http-user-message-parity.test.ts

@@ -2,10 +2,9 @@
  * Tests for HTTP POST /v1/messages behavior after the legacy handleUserMessage
  * legacy entry point was retired.
  *
- * Secret ingress blocking has been ported to the HTTP path. Recording intent
- * interception has been deliberately retired — the HTTP path has dedicated
- * /v1/recording/* endpoints and the model handles recording-related messages
- * through the agent loop.
+ * Recording intent interception has been deliberately retired — the HTTP path
+ * has dedicated /v1/recording/* endpoints and the model handles
+ * recording-related messages through the agent loop.
  *
  * Approval reply interception has parity and is covered by
  * conversation-routes-guardian-reply.test.ts and send-endpoint-busy.test.ts.
@@ -121,12 +120,10 @@ mock.module("../runtime/trust-context-resolver.js", () => ({
   }),
 }));
 
-// Mock config to enable secret detection + ingress blocking
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
     secretDetection: {
       enabled: true,
-      blockIngress: true,
       customPatterns: [],
       entropyThreshold: 3.5,
     },
@@ -238,103 +235,6 @@ async function sendMessage(
   );
 }
 
-// ============================================================================
-// SECRET INGRESS BLOCKING — now ported to HTTP path
-// ============================================================================
-describe("HTTP POST /v1/messages blocks secret ingress", () => {
-  beforeEach(() => {
-    routeGuardianReplyMock.mockClear();
-    listPendingByDestinationMock.mockClear();
-    listCanonicalMock.mockClear();
-    addMessageMock.mockClear();
-  });
-
-  test("handleSendMessage rejects messages containing Telegram bot token patterns", async () => {
-    const secretContent =
-      "Set up Telegram with my bot token 123456789:ABCDefGHIJklmnopQRSTuvwxyz012345678";
-    const persistUserMessage = mock(async () => "persisted-msg-id");
-    const runAgentLoop = mock(async () => undefined);
-    const conversation = makeConversation({ persistUserMessage, runAgentLoop });
-
-    const res = await sendMessage(secretContent, conversation);
-
-    expect(res.status).toBe(422);
-    const body = (await res.json()) as {
-      accepted: boolean;
-      error: string;
-      message: string;
-      detectedTypes: string[];
-    };
-    expect(body.accepted).toBe(false);
-    expect(body.error).toBe("secret_blocked");
-    expect(body.detectedTypes.length).toBeGreaterThan(0);
-
-    // The message should NOT reach the agent loop
-    expect(persistUserMessage).toHaveBeenCalledTimes(0);
-    expect(runAgentLoop).toHaveBeenCalledTimes(0);
-  });
-
-  test("handleSendMessage rejects messages containing AWS credentials", async () => {
-    const secretContent =
-      "Here is my AWS key AKIAQRSTUVWXYZ123456 and secret wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";
-    const persistUserMessage = mock(async () => "persisted-msg-id");
-    const runAgentLoop = mock(async () => undefined);
-    const conversation = makeConversation({ persistUserMessage, runAgentLoop });
-
-    const res = await sendMessage(secretContent, conversation);
-
-    expect(res.status).toBe(422);
-    const body = (await res.json()) as {
-      accepted: boolean;
-      error: string;
-    };
-    expect(body.accepted).toBe(false);
-    expect(body.error).toBe("secret_blocked");
-
-    // The message should NOT reach the agent loop
-    expect(persistUserMessage).toHaveBeenCalledTimes(0);
-    expect(runAgentLoop).toHaveBeenCalledTimes(0);
-  });
-
-  test("handleSendMessage rejects messages containing Stripe live API keys", async () => {
-    const secretContent = "My Stripe key is sk_live_4eC39HqLyjWDarjtT1zdp7dc";
-    const persistUserMessage = mock(async () => "persisted-msg-id");
-    const runAgentLoop = mock(async () => undefined);
-    const conversation = makeConversation({ persistUserMessage, runAgentLoop });
-
-    const res = await sendMessage(secretContent, conversation);
-
-    expect(res.status).toBe(422);
-    const body = (await res.json()) as {
-      accepted: boolean;
-      error: string;
-    };
-    expect(body.accepted).toBe(false);
-    expect(body.error).toBe("secret_blocked");
-
-    // The message should NOT reach the agent loop
-    expect(persistUserMessage).toHaveBeenCalledTimes(0);
-    expect(runAgentLoop).toHaveBeenCalledTimes(0);
-  });
-
-  test("handleSendMessage allows normal messages without secrets", async () => {
-    const normalContent = "What is the weather today?";
-    const persistUserMessage = mock(async () => "persisted-msg-id");
-    const runAgentLoop = mock(async () => undefined);
-    const conversation = makeConversation({ persistUserMessage, runAgentLoop });
-
-    const res = await sendMessage(normalContent, conversation);
-
-    expect(res.status).toBe(202);
-    const body = (await res.json()) as { accepted: boolean };
-    expect(body.accepted).toBe(true);
-
-    // Normal messages proceed to the agent loop
-    expect(persistUserMessage).toHaveBeenCalledTimes(1);
-    expect(runAgentLoop).toHaveBeenCalledTimes(1);
-  });
-});
-
 // ============================================================================
 // RECORDING INTENT — deliberately NOT intercepted on HTTP path
 // ============================================================================

package/src/__tests__/inbound-invite-redemption.test.ts

@@ -35,10 +35,6 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-mock.module("../security/secret-ingress.js", () => ({
-  checkIngressForSecrets: () => ({ blocked: false }),
-}));
-
 mock.module("../config/env.js", () => ({
   isHttpAuthDisabled: () => true,
   getGatewayInternalBaseUrl: () => "http://127.0.0.1:7830",

package/src/__tests__/inline-skill-load-permissions.test.ts

@@ -18,6 +18,8 @@ import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
+import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
+
 // ── Mock setup (must be before any imports from the project) ──────────────
 
 const testDir = mkdtempSync(join(tmpdir(), "inline-skill-perm-test-"));
@@ -46,7 +48,6 @@ interface TestConfig {
   permissions: { mode: "strict" | "workspace" };
   skills: { load: { extraDirs: string[] } };
   sandbox: { enabled: boolean };
-  assistantFeatureFlagValues?: Record<string, boolean>;
   [key: string]: unknown;
 }
 
@@ -54,9 +55,6 @@ const testConfig: TestConfig = {
   permissions: { mode: "workspace" },
   skills: { load: { extraDirs: [] } },
   sandbox: { enabled: true },
-  assistantFeatureFlagValues: {
-    "feature_flags.inline-skill-commands.enabled": true,
-  },
 };
 
 mock.module("../config/loader.js", () => ({
@@ -118,9 +116,9 @@ describe("inline-command skill_load permissions", () => {
     clearCache();
     testConfig.permissions = { mode: "workspace" };
     testConfig.skills = { load: { extraDirs: [] } };
-    testConfig.assistantFeatureFlagValues = {
+    _setOverridesForTesting({
       "feature_flags.inline-skill-commands.enabled": true,
-    };
+    });
     try {
       rmSync(join(testDir, "protected", "trust.json"));
     } catch {
@@ -352,9 +350,9 @@ describe("inline-command skill_load permissions", () => {
       writeDynamicSkill("dynamic-flag-off", "Dynamic Flag Off Skill");
 
       // Disable the feature flag
-      testConfig.assistantFeatureFlagValues = {
+      _setOverridesForTesting({
         "feature_flags.inline-skill-commands.enabled": false,
-      };
+      });
 
       const result = await check(
         "skill_load",

package/src/__tests__/intent-routing.test.ts

@@ -53,8 +53,6 @@ mock.module("../util/logger.js", () => ({
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
     ui: {},
-
-    assistantFeatureFlagValues: {},
     services: {
       inference: {
         mode: "your-own",
@@ -76,7 +74,6 @@ mock.module("../config/loader.js", () => ({
   invalidateConfigCache: () => {},
   getNestedValue: () => undefined,
   setNestedValue: () => {},
-  syncConfigToLockfile: () => {},
 }));
 
 // ── Import after mocks ───────────────────────────────────────────────
@@ -250,16 +247,6 @@ describe("Activation hints in skills catalog", () => {
     expect(line).toContain("voice-setup");
   });
 
-  test("orchestration skill includes hints and avoid-when in catalog line", () => {
-    const prompt = buildSystemPrompt();
-    const line = prompt
-      .split("\n")
-      .find((l) => l.includes("**orchestration**"));
-    expect(line).toBeDefined();
-    expect(line).toContain("parallel");
-    expect(line).toContain("Single-focus");
-  });
-
   test("browser skill includes hints in catalog line", () => {
     const prompt = buildSystemPrompt();
     const line = prompt.split("\n").find((l) => l.includes("**browser**"));