@vellumai/assistant 0.5.6 → 0.5.8

package/src/__tests__/ces-rpc-credential-backend.test.ts

@@ -0,0 +1,199 @@
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+import { CesRpcMethod } from "@vellumai/ces-contracts";
+
+// ---------------------------------------------------------------------------
+// Mock state
+// ---------------------------------------------------------------------------
+
+const callFn = mock(
+  async (_method: string, _request: unknown): Promise<unknown> => ({}),
+);
+
+const isReadyFn = mock((): boolean => true);
+
+// ---------------------------------------------------------------------------
+// Mock modules — before importing module under test
+// ---------------------------------------------------------------------------
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+// Import after mocking
+import type { CesClient } from "../credential-execution/client.js";
+import { CesRpcCredentialBackend } from "../security/ces-rpc-credential-backend.js";
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function createMockClient(): CesClient {
+  return {
+    handshake: mock(async () => ({ accepted: true })),
+    call: callFn as CesClient["call"],
+    updateAssistantApiKey: mock(async () => ({ updated: true })),
+    isReady: isReadyFn,
+    close: mock(() => {}),
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("CesRpcCredentialBackend", () => {
+  let client: CesClient;
+  let backend: CesRpcCredentialBackend;
+
+  beforeEach(() => {
+    callFn.mockClear();
+    isReadyFn.mockClear();
+
+    isReadyFn.mockReturnValue(true);
+
+    client = createMockClient();
+    backend = new CesRpcCredentialBackend(client);
+  });
+
+  test("has name 'ces-rpc'", () => {
+    expect(backend.name).toBe("ces-rpc");
+  });
+
+  // -------------------------------------------------------------------------
+  // isAvailable
+  // -------------------------------------------------------------------------
+
+  describe("isAvailable", () => {
+    test("returns true when client is ready", () => {
+      isReadyFn.mockReturnValue(true);
+      expect(backend.isAvailable()).toBe(true);
+    });
+
+    test("returns false when client is not ready", () => {
+      isReadyFn.mockReturnValue(false);
+      expect(backend.isAvailable()).toBe(false);
+    });
+  });
+
+  // -------------------------------------------------------------------------
+  // get
+  // -------------------------------------------------------------------------
+
+  describe("get", () => {
+    test("delegates to CesRpcMethod.GetCredential and returns value when found", async () => {
+      callFn.mockResolvedValue({ found: true, value: "my-secret" });
+
+      const result = await backend.get("test-account");
+
+      expect(callFn).toHaveBeenCalledWith(CesRpcMethod.GetCredential, {
+        account: "test-account",
+      });
+      expect(result).toEqual({ value: "my-secret", unreachable: false });
+    });
+
+    test("returns undefined value when credential not found", async () => {
+      callFn.mockResolvedValue({ found: false });
+
+      const result = await backend.get("missing-account");
+
+      expect(callFn).toHaveBeenCalledWith(CesRpcMethod.GetCredential, {
+        account: "missing-account",
+      });
+      expect(result).toEqual({ value: undefined, unreachable: false });
+    });
+
+    test("returns unreachable when RPC call throws", async () => {
+      callFn.mockRejectedValue(new Error("transport error"));
+
+      const result = await backend.get("broken-account");
+
+      expect(result).toEqual({ value: undefined, unreachable: true });
+    });
+  });
+
+  // -------------------------------------------------------------------------
+  // set
+  // -------------------------------------------------------------------------
+
+  describe("set", () => {
+    test("delegates to CesRpcMethod.SetCredential and returns true on success", async () => {
+      callFn.mockResolvedValue({ ok: true });
+
+      const result = await backend.set("test-account", "new-secret");
+
+      expect(callFn).toHaveBeenCalledWith(CesRpcMethod.SetCredential, {
+        account: "test-account",
+        value: "new-secret",
+      });
+      expect(result).toBe(true);
+    });
+
+    test("returns false when RPC call throws", async () => {
+      callFn.mockRejectedValue(new Error("transport error"));
+
+      const result = await backend.set("test-account", "new-secret");
+
+      expect(result).toBe(false);
+    });
+  });
+
+  // -------------------------------------------------------------------------
+  // delete
+  // -------------------------------------------------------------------------
+
+  describe("delete", () => {
+    test("delegates to CesRpcMethod.DeleteCredential and returns the result", async () => {
+      callFn.mockResolvedValue({ result: "deleted" });
+
+      const result = await backend.delete("test-account");
+
+      expect(callFn).toHaveBeenCalledWith(CesRpcMethod.DeleteCredential, {
+        account: "test-account",
+      });
+      expect(result).toBe("deleted");
+    });
+
+    test("returns not-found result from CES", async () => {
+      callFn.mockResolvedValue({ result: "not-found" });
+
+      const result = await backend.delete("nonexistent-account");
+
+      expect(result).toBe("not-found");
+    });
+
+    test("returns 'error' when RPC call throws", async () => {
+      callFn.mockRejectedValue(new Error("transport error"));
+
+      const result = await backend.delete("test-account");
+
+      expect(result).toBe("error");
+    });
+  });
+
+  // -------------------------------------------------------------------------
+  // list
+  // -------------------------------------------------------------------------
+
+  describe("list", () => {
+    test("delegates to CesRpcMethod.ListCredentials and returns accounts", async () => {
+      callFn.mockResolvedValue({ accounts: ["account-a", "account-b"] });
+
+      const result = await backend.list();
+
+      expect(callFn).toHaveBeenCalledWith(CesRpcMethod.ListCredentials, {});
+      expect(result).toEqual({ accounts: ["account-a", "account-b"], unreachable: false });
+    });
+
+    test("returns unreachable when RPC call throws", async () => {
+      callFn.mockRejectedValue(new Error("transport error"));
+
+      const result = await backend.list();
+
+      expect(result).toEqual({ accounts: [], unreachable: true });
+    });
+  });
+});

package/src/__tests__/ces-startup-timeout.test.ts

@@ -0,0 +1,40 @@
+import { describe, expect, mock, test } from "bun:test";
+
+import type { CesClient } from "../credential-execution/client.js";
+import {
+  awaitCesClientWithTimeout,
+  DEFAULT_CES_STARTUP_TIMEOUT_MS,
+} from "../credential-execution/startup-timeout.js";
+
+describe("awaitCesClientWithTimeout", () => {
+  test("clears the fallback timer when the CES client resolves first", async () => {
+    const onTimeout = mock(() => {});
+    const client = { isReady: () => true } as unknown as CesClient;
+
+    const result = await awaitCesClientWithTimeout(Promise.resolve(client), {
+      timeoutMs: 25,
+      onTimeout,
+    });
+
+    expect(result).toBe(client);
+
+    await new Promise((resolve) => setTimeout(resolve, 40));
+    expect(onTimeout).not.toHaveBeenCalled();
+  });
+
+  test("returns undefined and runs the fallback handler when the timeout wins", async () => {
+    const onTimeout = mock(() => {});
+
+    const result = await awaitCesClientWithTimeout(new Promise(() => {}), {
+      timeoutMs: 10,
+      onTimeout,
+    });
+
+    expect(result).toBeUndefined();
+    expect(onTimeout).toHaveBeenCalledTimes(1);
+  });
+
+  test("exports the daemon CES startup timeout constant", () => {
+    expect(DEFAULT_CES_STARTUP_TIMEOUT_MS).toBe(20_000);
+  });
+});

package/src/__tests__/channel-approval-routes.test.ts

@@ -38,11 +38,6 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-// Mock security check to always pass
-mock.module("../security/secret-ingress.js", () => ({
-  checkIngressForSecrets: () => ({ blocked: false }),
-}));
-
 // Mock render to return the raw content as text
 mock.module("../daemon/handlers/shared.js", () => ({
   renderHistoryContent: (content: unknown) => ({

package/src/__tests__/channel-readiness-service.test.ts

@@ -1,15 +1,9 @@
-import { beforeEach, describe, expect, mock, spyOn, test } from "bun:test";
+import { beforeEach, describe, expect, mock, test } from "bun:test";
 
 let mockTwilioPhoneNumber: string | undefined;
 let mockRawConfig: Record<string, unknown> | undefined;
 let mockSecureKeys: Record<string, string>;
 let mockHasTwilioCredentials: boolean;
-let mockGatewayHealth = {
-  target: "http://127.0.0.1:7830",
-  healthy: true,
-  localDeployment: true,
-  error: undefined as string | undefined,
-};
 
 mock.module("../calls/twilio-rest.js", () => ({
   getPhoneNumberSid: async () => null,
@@ -57,14 +51,12 @@ mock.module("../runtime/channel-invite-transports/whatsapp.js", () => ({
 import type { ChannelId } from "../channels/types.js";
 import {
   ChannelReadinessService,
-  createReadinessService,
   REMOTE_TTL_MS,
 } from "../runtime/channel-readiness-service.js";
 import type {
   ChannelProbe,
   ReadinessCheckResult,
 } from "../runtime/channel-readiness-types.js";
-import * as localGatewayHealth from "../runtime/local-gateway-health.js";
 
 // ── Test helpers ────────────────────────────────────────────────────────────
 
@@ -104,12 +96,6 @@ describe("ChannelReadinessService", () => {
     mockRawConfig = undefined;
     mockSecureKeys = {};
     mockHasTwilioCredentials = false;
-    mockGatewayHealth = {
-      target: "http://127.0.0.1:7830",
-      healthy: true,
-      localDeployment: true,
-      error: undefined,
-    };
   });
 
   test("local checks run on every call (no caching of local results)", async () => {
@@ -403,49 +389,4 @@ describe("ChannelReadinessService", () => {
 
     expect(probe.remoteCallCount).toBe(1);
   });
-
-  test("voice readiness includes gateway_health when ingress is configured", async () => {
-    mockHasTwilioCredentials = true;
-    mockTwilioPhoneNumber = "+15550001111";
-    mockRawConfig = {
-      ingress: {
-        enabled: true,
-        publicBaseUrl: "https://voice.example.com",
-      },
-    };
-    mockGatewayHealth = {
-      target: "http://127.0.0.1:7830",
-      healthy: false,
-      localDeployment: true,
-      error: "connect ECONNREFUSED 127.0.0.1:7830",
-    };
-
-    const probeLocalGatewayHealthSpy = spyOn(
-      localGatewayHealth,
-      "probeLocalGatewayHealth",
-    ).mockImplementation(async () => ({
-      ...mockGatewayHealth,
-    }));
-
-    let snapshot: Awaited<
-      ReturnType<ChannelReadinessService["getReadiness"]>
-    >[number];
-    try {
-      const readinessService = createReadinessService();
-      [snapshot] = await readinessService.getReadiness("phone");
-    } finally {
-      probeLocalGatewayHealthSpy.mockRestore();
-    }
-
-    const gatewayHealthCheck = snapshot.localChecks.find(
-      (check) => check.name === "gateway_health",
-    );
-    expect(gatewayHealthCheck).toBeDefined();
-    expect(gatewayHealthCheck?.passed).toBe(false);
-    expect(snapshot.reasons).toContainEqual({
-      code: "gateway_health",
-      text: "Local gateway is not serving requests at http://127.0.0.1:7830: connect ECONNREFUSED 127.0.0.1:7830",
-    });
-    expect(snapshot.ready).toBe(false);
-  });
 });

package/src/__tests__/checker.test.ts

@@ -1606,13 +1606,15 @@ describe("Permission Checker", () => {
       expect(options[0].description).toContain("compound");
     });
 
-    test("compound command via pipeline yields exact-only allowlist option", async () => {
+    test("compound command via pipeline yields exact + action-key allowlist options", async () => {
       const options = await generateAllowlistOptions("bash", {
         command: "git log | grep fix",
       });
-      expect(options).toHaveLength(1);
+      expect(options.length).toBeGreaterThanOrEqual(2);
       expect(options[0].description).toContain("compound");
       expect(options[0].pattern).toBe("git log | grep fix");
+      // Pipeline action keys should be offered as broader options
+      expect(options.some((o) => o.pattern.startsWith("action:"))).toBe(true);
     });
 
     test("compound command via && yields exact-only allowlist option", async () => {

package/src/__tests__/cli-command-risk-guard.test.ts

@@ -0,0 +1,112 @@
+// Guard test: assistant CLI commands must always classify as Low risk.
+//
+// The assistant uses its own CLI tools during normal operation. If these
+// commands require user approval, it blocks autonomous assistant workflows.
+// See #18982 / #18998 for the regression that motivated this guard.
+
+import { mkdtempSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { describe, expect, mock, test } from "bun:test";
+
+const guardTestDir = mkdtempSync(join(tmpdir(), "cli-risk-guard-test-"));
+
+mock.module("../util/platform.js", () => ({
+  getRootDir: () => guardTestDir,
+  getDataDir: () => join(guardTestDir, "data"),
+  getWorkspaceSkillsDir: () => join(guardTestDir, "skills"),
+  isMacOS: () => process.platform === "darwin",
+  isLinux: () => process.platform === "linux",
+  isWindows: () => process.platform === "win32",
+  getPidPath: () => join(guardTestDir, "test.pid"),
+  getDbPath: () => join(guardTestDir, "test.db"),
+  getLogPath: () => join(guardTestDir, "test.log"),
+  ensureDataDir: () => {},
+}));
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: (_target: Record<string, unknown>, _prop: string) => {
+        return () => {};
+      },
+    }),
+}));
+
+mock.module("../config/loader.js", () => ({
+  getConfig: () => ({
+    permissions: { mode: "workspace" },
+    skills: { load: { extraDirs: [] } },
+    sandbox: { enabled: true },
+  }),
+  loadConfig: () => ({}),
+  invalidateConfigCache: () => {},
+  saveConfig: () => {},
+  loadRawConfig: () => ({}),
+  saveRawConfig: () => {},
+  getNestedValue: () => undefined,
+  setNestedValue: () => {},
+}));
+
+import { buildCliProgram } from "../cli/program.js";
+import { classifyRisk } from "../permissions/checker.js";
+import { RiskLevel } from "../permissions/types.js";
+
+/**
+ * Assert that a command classifies as Low risk, with a descriptive failure
+ * message that guides developers toward the correct fix.
+ */
+function expectLowRisk(command: string, actual: RiskLevel): void {
+  if (actual !== RiskLevel.Low) {
+    throw new Error(
+      `"${command}" classified as ${actual} instead of Low. ` +
+        `assistant CLI commands must always be Low risk — the assistant ` +
+        `uses its own CLI during normal operation. If you need risk ` +
+        `escalation for specific subcommands, add them to an allowlist ` +
+        `in this guard test with justification.`,
+    );
+  }
+  expect(actual).toBe(RiskLevel.Low);
+}
+
+// Dynamically extract subcommand names from the CLI program definition.
+// This ensures new commands added to program.ts are automatically covered
+// by this guard test without manual list maintenance.
+const program = buildCliProgram();
+const ASSISTANT_SUBCOMMANDS = program.commands.map((c) => c.name());
+
+describe("CLI command risk guard: assistant commands", () => {
+  test("subcommand discovery found a reasonable number of commands", () => {
+    // Sanity check: if mocking breaks and no commands are registered,
+    // the risk guard would vacuously pass. Require a minimum count to
+    // catch that failure mode. Update this threshold when commands are
+    // removed (but it should only grow).
+    expect(ASSISTANT_SUBCOMMANDS.length).toBeGreaterThanOrEqual(20);
+  });
+
+  test("all assistant CLI subcommands classify as Low risk", async () => {
+    for (const subcommand of ASSISTANT_SUBCOMMANDS) {
+      const command = `assistant ${subcommand}`;
+      const risk = await classifyRisk("bash", { command });
+      expectLowRisk(command, risk);
+    }
+  });
+
+  test("bare assistant command classifies as Low risk", async () => {
+    const risk = await classifyRisk("bash", { command: "assistant" });
+    expectLowRisk("assistant", risk);
+  });
+
+  test("assistant with flags classifies as Low risk", async () => {
+    const flagCommands = [
+      "assistant --version",
+      "assistant --help",
+      "assistant doctor --verbose",
+    ];
+
+    for (const command of flagCommands) {
+      const risk = await classifyRisk("bash", { command });
+      expectLowRisk(command, risk);
+    }
+  });
+});

package/src/__tests__/config-schema-cmd.test.ts

@@ -88,7 +88,6 @@ mock.module("../config/loader.js", () => ({
   invalidateConfigCache: () => {},
   getNestedValue: () => undefined,
   setNestedValue: () => {},
-  syncConfigToLockfile: () => {},
 }));
 
 import { Command } from "commander";
@@ -205,7 +204,6 @@ describe("z.toJSONSchema integration", () => {
     expect(properties).toBeDefined();
     // Check that top-level keys are present
     expect(properties.services).toBeDefined();
-    expect(properties.providerOrder).toBeDefined();
     expect(properties.maxTokens).toBeDefined();
     expect(properties.calls).toBeDefined();
     expect(properties.memory).toBeDefined();

package/src/__tests__/config-schema.test.ts

@@ -137,7 +137,6 @@ describe("AssistantConfigSchema", () => {
       action: "redact",
       entropyThreshold: 4.0,
       allowOneTimeSend: false,
-      blockIngress: true,
     });
     expect(result.auditLog).toEqual({ retentionDays: 0 });
   });
@@ -638,6 +637,9 @@ describe("AssistantConfigSchema", () => {
       voice: {
         language: "en-US",
         transcriptionProvider: "Deepgram",
+        ttsProvider: "elevenlabs",
+        hints: [],
+        interruptSensitivity: "low",
       },
       callerIdentity: {
         allowPerCallOverride: true,

package/src/__tests__/conversation-abort-tool-results.test.ts

@@ -129,7 +129,6 @@ mock.module("../memory/retriever.js", () => ({
     injectedText: "",
 
     semanticHits: 0,
-    recencyHits: 0,
     injectedTokens: 0,
     latencyMs: 0,
   }),

package/src/__tests__/conversation-agent-loop-overflow.test.ts

@@ -168,7 +168,6 @@ mock.module("../memory/retriever.js", () => ({
     injectedText: "",
 
     semanticHits: 0,
-    recencyHits: 0,
     injectedTokens: 0,
     latencyMs: 0,
   }),
@@ -199,7 +198,6 @@ mock.module("../daemon/conversation-memory.js", () => ({
       injectedText: "",
 
       semanticHits: 0,
-      recencyHits: 0,
       injectedTokens: 0,
       latencyMs: 0,
       tier1Count: 0,

package/src/__tests__/conversation-agent-loop.test.ts

@@ -158,7 +158,6 @@ mock.module("../memory/retriever.js", () => ({
     injectedText: "",
 
     semanticHits: 0,
-    recencyHits: 0,
     injectedTokens: 0,
     latencyMs: 0,
   }),
@@ -189,7 +188,6 @@ mock.module("../daemon/conversation-memory.js", () => ({
       injectedText: "",
 
       semanticHits: 0,
-      recencyHits: 0,
       injectedTokens: 0,
       latencyMs: 0,
       tier1Count: 0,
@@ -614,7 +612,7 @@ describe("session-agent-loop", () => {
   });
 
   describe("LLM request log persistence", () => {
-    test("record request log prefers the actual provider from failover", async () => {
+    test("record request log captures the actual provider name", async () => {
       const events: ServerMessage[] = [];
       const rawRequest = {
         model: "gpt-4.1",
@@ -768,7 +766,7 @@ describe("session-agent-loop", () => {
   });
 
   describe("usage accounting", () => {
-    test("records the actual provider for failover-served usage", async () => {
+    test("records the actual provider for usage accounting", async () => {
       const events: ServerMessage[] = [];
 
       const agentLoopRun: AgentLoopRun = async (messages, onEvent) => {

package/src/__tests__/conversation-attention-telegram.test.ts

@@ -31,11 +31,6 @@ mock.module("../util/logger.js", () => ({
   truncateForLog: (value: string) => value,
 }));
 
-// Mock security check to always pass
-mock.module("../security/secret-ingress.js", () => ({
-  checkIngressForSecrets: () => ({ blocked: false }),
-}));
-
 // Mock render to return the raw content as text
 mock.module("../daemon/handlers/shared.js", () => ({
   renderHistoryContent: (content: unknown) => ({

package/src/__tests__/conversation-confirmation-signals.test.ts

@@ -154,7 +154,6 @@ mock.module("../memory/retriever.js", () => ({
     injectedText: "",
 
     semanticHits: 0,
-    recencyHits: 0,
     injectedTokens: 0,
     latencyMs: 0,
   }),

package/src/__tests__/conversation-error.test.ts

@@ -6,7 +6,7 @@ import {
   classifyConversationError,
   isUserCancellation,
 } from "../daemon/conversation-error.js";
-import { ProviderError } from "../util/errors.js";
+import { ProviderError, ProviderNotConfiguredError } from "../util/errors.js";
 
 describe("isUserCancellation", () => {
   it("returns false for non-AbortError even when abort flag is set", () => {
@@ -278,6 +278,20 @@ describe("classifyConversationError", () => {
     });
   });
 
+  describe("provider not configured errors", () => {
+    it("classifies ProviderNotConfiguredError as PROVIDER_NOT_CONFIGURED", () => {
+      const err = new ProviderNotConfiguredError("anthropic", []);
+      const result = classifyConversationError(err, baseCtx);
+      expect(result.code).toBe("PROVIDER_NOT_CONFIGURED");
+      expect(result.userMessage).toBe(
+        "No API key configured for inference. Add one in Settings to start chatting.",
+      );
+      expect(result.retryable).toBe(true);
+      expect(result.errorCategory).toBe("provider_not_configured");
+      expect(result.debugDetails).toBeDefined();
+    });
+  });
+
   describe("streaming corruption errors", () => {
     const cases = [
       "Unexpected event order, got message_start before receiving message_stop",

package/src/__tests__/conversation-init.benchmark.test.ts

@@ -111,10 +111,8 @@ mock.module("../util/platform.js", () => ({
   getTCPPort: () => 8765,
   isIOSPairingEnabled: () => false,
   isTCPEnabled: () => false,
-  readLockfile: () => null,
   readPlatformToken: () => null,
   readSessionToken: () => null,
-  writeLockfile: () => {},
   ensureDataDir: () => {},
 }));
 

package/src/__tests__/conversation-messaging-secret-redirect.test.ts

@@ -28,7 +28,7 @@ mock.module("../security/secure-keys.js", () => ({
   setSecureKeyAsync: async (key?: string, value?: string) =>
     setSecureKeyMock(key, value),
   deleteSecureKeyAsync: async () => "deleted" as const,
-  listSecureKeysAsync: async () => [],
+  listSecureKeysAsync: async () => ({ accounts: [], unreachable: false }),
   _resetBackend: () => {},
 }));
 

package/src/__tests__/conversation-pre-run-repair.test.ts

@@ -119,7 +119,6 @@ mock.module("../memory/retriever.js", () => ({
     injectedText: "",
 
     semanticHits: 0,
-    recencyHits: 0,
     injectedTokens: 0,
     latencyMs: 0,
   }),

package/src/__tests__/conversation-provider-retry-repair.test.ts

@@ -188,7 +188,6 @@ mock.module("../memory/retriever.js", () => ({
     injectedText: "",
 
     semanticHits: 0,
-    recencyHits: 0,
     injectedTokens: 0,
     latencyMs: 0,
   }),

package/src/__tests__/conversation-queue.test.ts

@@ -204,7 +204,6 @@ mock.module("../memory/retriever.js", () => ({
     injectedText: "",
 
     semanticHits: 0,
-    recencyHits: 0,
     injectedTokens: 0,
     latencyMs: 0,
   }),