@vellumai/assistant 0.5.9 → 0.5.11

package/src/__tests__/acp-session.test.ts

@@ -1,11 +1,9 @@
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
-import {
-  resolvePermission,
-  VellumAcpClientHandler,
-} from "../acp/client-handler.js";
+import { VellumAcpClientHandler } from "../acp/client-handler.js";
 import { AcpSessionManager } from "../acp/session-manager.js";
 import type { ServerMessage } from "../daemon/message-protocol.js";
+import * as pendingInteractions from "../runtime/pending-interactions.js";
 
 // ---------------------------------------------------------------------------
 // VellumAcpClientHandler tests
@@ -14,18 +12,17 @@ import type { ServerMessage } from "../daemon/message-protocol.js";
 describe("VellumAcpClientHandler", () => {
   let sent: ServerMessage[];
   let sendToVellum: (msg: ServerMessage) => void;
-  let pendingPermissions: Map<string, { resolve: (optionId: string) => void }>;
   let handler: VellumAcpClientHandler;
 
   beforeEach(() => {
     sent = [];
     sendToVellum = (msg) => sent.push(msg);
-    pendingPermissions = new Map();
     handler = new VellumAcpClientHandler(
       "session-1",
       sendToVellum,
-      pendingPermissions,
+      "conv-parent",
     );
+    pendingInteractions.clear();
   });
 
   describe("sessionUpdate", () => {
@@ -152,7 +149,7 @@ describe("VellumAcpClientHandler", () => {
   });
 
   describe("requestPermission", () => {
-    test("sends permission request and resolves when permission is granted", async () => {
+    test("sends confirmation_request and resolves when permission is granted", async () => {
       const resultPromise = handler.requestPermission({
         toolCall: {
           title: "Run command",
@@ -165,52 +162,135 @@ describe("VellumAcpClientHandler", () => {
         ],
       } as any);
 
-      // Should have sent a permission request
+      // Should have sent a standard confirmation_request with ACP context
       expect(sent).toHaveLength(1);
       const msg = sent[0] as any;
-      expect(msg.type).toBe("acp_permission_request");
-      expect(msg.acpSessionId).toBe("session-1");
-      expect(msg.toolTitle).toBe("Run command");
-      expect(msg.toolKind).toBe("execute");
-      expect(msg.options).toHaveLength(2);
-
-      // A pending permission should exist
-      expect(pendingPermissions.size).toBe(1);
+      expect(msg.type).toBe("confirmation_request");
+      expect(msg.toolName).toBe("ACP Agent: Run command");
+      expect(msg.riskLevel).toBe("medium"); // ACP defaults to medium
+      expect(msg.persistentDecisionsAllowed).toBe(false);
+      expect(msg.allowlistOptions).toEqual([]);
+      // ACP-specific fields passed through for client rendering
+      expect(msg.acpToolKind).toBe("execute");
+      expect(msg.acpOptions).toEqual([
+        { optionId: "allow", name: "Allow", kind: "allow_once" },
+        { optionId: "deny", name: "Deny", kind: "reject_once" },
+      ]);
+
       const requestId = msg.requestId;
 
-      // Resolve the permission
-      resolvePermission(pendingPermissions, requestId, "allow");
+      // Resolve via the pendingInteractions tracker (same as POST /v1/confirm)
+      const interaction = pendingInteractions.resolve(requestId);
+      expect(interaction).toBeDefined();
+      expect(interaction!.kind).toBe("acp_confirmation");
+      interaction!.directResolve!("allow");
 
       const result = await resultPromise;
       expect(result).toEqual({
         outcome: { outcome: "selected", optionId: "allow" },
       });
-      expect(pendingPermissions.size).toBe(0);
     });
-  });
-});
 
-// ---------------------------------------------------------------------------
-// resolvePermission standalone tests
-// ---------------------------------------------------------------------------
+    test("maps deny decision to reject_once option", async () => {
+      const resultPromise = handler.requestPermission({
+        toolCall: {
+          title: "Write file",
+          kind: "edit",
+          rawInput: { path: "/tmp/test.txt" },
+        },
+        options: [
+          { optionId: "opt-allow", name: "Allow", kind: "allow_once" },
+          { optionId: "opt-deny", name: "Deny", kind: "reject_once" },
+        ],
+      } as any);
 
-describe("resolvePermission", () => {
-  test("resolves and removes the pending entry", () => {
-    let resolved = "";
-    const pending = new Map<string, { resolve: (id: string) => void }>();
-    pending.set("req-1", { resolve: (id) => (resolved = id) });
+      const msg = sent[0] as any;
+      expect(msg.riskLevel).toBe("medium"); // ACP defaults to medium
 
-    resolvePermission(pending, "req-1", "allow");
+      const interaction = pendingInteractions.resolve(msg.requestId);
+      interaction!.directResolve!("deny");
 
-    expect(resolved).toBe("allow");
-    expect(pending.size).toBe(0);
-  });
+      const result = await resultPromise;
+      expect(result).toEqual({
+        outcome: { outcome: "selected", optionId: "opt-deny" },
+      });
+    });
+
+    test("defaults riskLevel to medium for all ACP permissions", async () => {
+      handler.requestPermission({
+        toolCall: {
+          title: "Read file",
+          kind: "read",
+        },
+        options: [{ optionId: "allow", name: "Allow", kind: "allow_once" }],
+      } as any);
+
+      const msg = sent[0] as any;
+      expect(msg.riskLevel).toBe("medium");
+    });
+
+    test("ACP registration survives sendToVellum overwrite (makeEventSender race)", async () => {
+      // Simulate makeEventSender: when sendToVellum is called with a
+      // confirmation_request, it overwrites the pendingInteractions entry
+      // with a normal "confirmation" (no directResolve). This is what
+      // happens in production because sendToVellum goes through the
+      // conversation's event sender.
+      const overwritingSend = (msg: ServerMessage) => {
+        sent.push(msg);
+        if ((msg as any).type === "confirmation_request") {
+          pendingInteractions.register((msg as any).requestId, {
+            conversation: {} as any, // fake conversation
+            conversationId: "conv-123",
+            kind: "confirmation",
+            confirmationDetails: {
+              toolName: (msg as any).toolName,
+              input: (msg as any).input,
+              riskLevel: (msg as any).riskLevel,
+              allowlistOptions: [],
+              scopeOptions: [],
+            },
+            // NO directResolve — this is the bug scenario
+          });
+        }
+      };
+
+      // Create handler with the overwriting sender
+      const racyHandler = new VellumAcpClientHandler(
+        "session-racy",
+        overwritingSend,
+        "conv-racy",
+      );
+
+      const resultPromise = racyHandler.requestPermission({
+        toolCall: {
+          title: "Write file",
+          kind: "edit",
+          rawInput: "test",
+        },
+        options: [
+          { optionId: "yes", name: "Allow", kind: "allow_once" },
+          { optionId: "no", name: "Deny", kind: "reject_once" },
+        ],
+      } as any);
 
-  test("is a no-op when request ID is not found", () => {
-    const pending = new Map<string, { resolve: (id: string) => void }>();
-    // Should not throw
-    resolvePermission(pending, "nonexistent", "allow");
-    expect(pending.size).toBe(0);
+      const requestId = (sent[sent.length - 1] as any).requestId;
+
+      // The critical assertion: after requestPermission completes setup,
+      // the pendingInteractions entry must be the ACP one with directResolve,
+      // NOT the overwritten "confirmation" without it.
+      const interaction = pendingInteractions.resolve(requestId);
+      expect(interaction).toBeDefined();
+      expect(interaction!.kind).toBe("acp_confirmation");
+      expect(interaction!.directResolve).toBeDefined();
+
+      // Resolve it — this would fail silently if the overwrite won
+      interaction!.directResolve!("allow");
+
+      const result = await resultPromise;
+      expect(result).toEqual({
+        outcome: { outcome: "selected", optionId: "yes" },
+      });
+    });
   });
 });
 
@@ -270,11 +350,126 @@ describe("AcpSessionManager", () => {
     });
   });
 
-  describe("resolvePermission", () => {
-    test("logs warning for unknown request ID (no throw)", () => {
-      const manager = new AcpSessionManager(5);
-      // Should not throw — just logs a warning
-      manager.resolvePermission("unknown-req", "allow");
+  describe("session cleanup after prompt", () => {
+    test("completed session is removed from the session map", async () => {
+      let resolvePrompt: (v: { stopReason: string }) => void;
+      const promptPromise = new Promise<{ stopReason: string }>((r) => {
+        resolvePrompt = r;
+      });
+
+      const manager = new AcpSessionManager(1);
+      const sendToVellum = mock(() => {});
+
+      // Inject a fake session directly into the manager to avoid needing
+      // a real child process.
+      const fakeProcess = {
+        prompt: () => promptPromise,
+        kill: mock(() => {}),
+        spawn: mock(() => {}),
+        initialize: mock(() => Promise.resolve()),
+        createSession: mock(() => Promise.resolve("proto-session")),
+        cancel: mock(() => Promise.resolve()),
+      };
+      const fakeHandler = new VellumAcpClientHandler(
+        "test-session",
+        sendToVellum,
+        "conv-1",
+      );
+
+      // Access private sessions map via any cast
+      const sessions = (manager as any).sessions as Map<string, any>;
+      const entry = {
+        process: fakeProcess,
+        state: {
+          id: "test-session",
+          agentId: "agent-1",
+          acpSessionId: "proto-session",
+          status: "running",
+          startedAt: Date.now(),
+        },
+        clientHandler: fakeHandler,
+        sendToVellum,
+        currentPrompt: null as any,
+        parentConversationId: "conv-1",
+        cwd: "/tmp",
+      };
+      sessions.set("test-session", entry);
+
+      // Fire the prompt in the background via the private method
+      const bgPromise = (manager as any).firePromptInBackground(
+        "test-session",
+        entry,
+        "proto-session",
+        "do something",
+      );
+      entry.currentPrompt = bgPromise;
+
+      // Session exists before completion
+      expect((manager.getStatus() as any[]).length).toBe(1);
+
+      // Complete the prompt
+      resolvePrompt!({ stopReason: "end_turn" });
+      await bgPromise;
+
+      // Session should be cleaned up
+      expect((manager.getStatus() as any[]).length).toBe(0);
+      expect(fakeProcess.kill).toHaveBeenCalled();
+    });
+
+    test("failed session is removed from the session map", async () => {
+      const manager = new AcpSessionManager(1);
+      const sendToVellum = mock(() => {});
+
+      let rejectPrompt: (e: Error) => void;
+      const promptPromise = new Promise<{ stopReason: string }>((_r, rej) => {
+        rejectPrompt = rej;
+      });
+
+      const fakeProcess = {
+        prompt: () => promptPromise,
+        kill: mock(() => {}),
+      };
+      const fakeHandler = new VellumAcpClientHandler(
+        "test-session-2",
+        sendToVellum,
+        "conv-2",
+      );
+
+      const sessions = (manager as any).sessions as Map<string, any>;
+      const entry = {
+        process: fakeProcess,
+        state: {
+          id: "test-session-2",
+          agentId: "agent-1",
+          acpSessionId: "proto-session-2",
+          status: "running",
+          startedAt: Date.now(),
+        },
+        clientHandler: fakeHandler,
+        sendToVellum,
+        currentPrompt: null as any,
+        parentConversationId: "conv-2",
+        cwd: "/tmp",
+      };
+      sessions.set("test-session-2", entry);
+
+      const bgPromise = (manager as any).firePromptInBackground(
+        "test-session-2",
+        entry,
+        "proto-session-2",
+        "do something",
+      );
+      entry.currentPrompt = bgPromise;
+
+      expect((manager.getStatus() as any[]).length).toBe(1);
+
+      // Fail the prompt
+      rejectPrompt!(new Error("agent crashed"));
+      await bgPromise;
+
+      // Session should be cleaned up even on failure
+      expect((manager.getStatus() as any[]).length).toBe(0);
+      expect(fakeProcess.kill).toHaveBeenCalled();
     });
   });
 

package/src/__tests__/assistant-feature-flag-guard.test.ts

@@ -7,11 +7,11 @@ import { describe, expect, test } from "bun:test";
  * Guard tests for assistant feature flags.
  *
  * 1. Key format validation: ensure production code uses the canonical
- *    `feature_flags.<flagId>.enabled` format, not the legacy
- *    `skills.<id>.enabled` format.
+ *    simple kebab-case format (e.g., "browser", "ces-tools"), not the
+ *    legacy `skills.<id>.enabled` format.
  *
  * 2. Declaration coverage: ensure all assistant-scope flag keys in the
- *    unified registry conform to the canonical format.
+ *    unified registry conform to the simple kebab-case format.
  *
  * See AGENTS.md "Assistant Feature Flags" for the full convention.
  */
@@ -53,7 +53,7 @@ function loadRegistry(): Registry {
   return JSON.parse(raw);
 }
 
-const CANONICAL_KEY_RE = /^feature_flags\.[a-z0-9][a-z0-9._-]*\.enabled$/;
+const CANONICAL_KEY_RE = /^[a-z0-9][a-z0-9-]*$/;
 
 /**
  * Files allowed to contain the legacy `skills.<id>.enabled` key format.
@@ -126,13 +126,13 @@ describe("assistant feature flag guard", () => {
     if (violations.length > 0) {
       const message = [
         "Found production files using the legacy `skills.<id>.enabled` key format.",
-        "New code must use the canonical format: `feature_flags.<id>.enabled`.",
+        'New code must use the canonical simple kebab-case format (e.g., "browser", "ces-tools").',
         'See AGENTS.md "Assistant Feature Flags" for the convention.',
         "",
         "Violations:",
         ...violations.map((f) => `  - ${f}`),
         "",
-        "To fix: replace `skills.<id>.enabled` with `feature_flags.<id>.enabled`.",
+        "To fix: replace `skills.<id>.enabled` with the simple kebab-case format.",
         "If backward-compat access is genuinely needed, add to LEGACY_KEY_ALLOWLIST in assistant-feature-flag-guard.test.ts.",
       ].join("\n");
 
@@ -144,7 +144,7 @@ describe("assistant feature flag guard", () => {
   // Test: unified registry key format (assistant-scope only)
   // ---------------------------------------------------------------------------
 
-  test("all assistant-scope keys in the unified registry use the canonical feature_flags.<id>.enabled format", () => {
+  test("all assistant-scope keys in the unified registry use the canonical simple kebab-case format", () => {
     const registry = loadRegistry();
     const assistantFlags = registry.flags.filter(
       (f) => f.scope === "assistant",
@@ -156,7 +156,7 @@ describe("assistant feature flag guard", () => {
     if (violations.length > 0) {
       const message = [
         "Found assistant-scope keys in the unified registry that do not match the canonical format.",
-        "Expected format: feature_flags.<flagId>.enabled",
+        'Expected format: simple kebab-case (e.g., "browser", "ces-tools")',
         "",
         "Violations:",
         ...violations.map((k) => `  - ${k}`),

package/src/__tests__/assistant-feature-flag-guardrails.test.ts

@@ -1,8 +1,8 @@
 /**
  * Guard tests for assistant feature flag conventions:
  *
- * 1. Key format: all feature flag keys used in production code must follow the
- *    canonical `feature_flags.<flag_id>.enabled` format. Any remaining
+ * 1. Key format: all feature flag keys used in production code must use
+ *    simple kebab-case format (e.g., "browser", "ces-tools"). Any remaining
  *    `skills.<id>.enabled` usage outside of migration/backward-compat code is
  *    flagged — including template literal forms like `skills.${skillId}.enabled`.
  *
@@ -10,11 +10,6 @@
  *    `isAssistantFeatureFlagEnabled('<key>', ...)` in production code must be
  *    declared in the unified registry. This keeps flag usage declarative while
  *    allowing skills to exist without corresponding feature flags.
- *
- * 3. Indirect key coverage: all `feature_flags.<id>.enabled` string literals
- *    anywhere in production code (maps, constants, variables, etc.) must be
- *    declared in the unified registry. This catches indirect key patterns that
- *    Guard 2 would miss, such as flag keys stored in lookup maps or constants.
  */
 
 import { execSync } from "node:child_process";
@@ -115,8 +110,8 @@ describe("assistant feature flag key format guard", () => {
     if (violations.length > 0) {
       const message = [
         "Found production TypeScript files using legacy `skills.<id>.enabled` key format.",
-        "Use the canonical `feature_flags.<id>.enabled` format instead.",
-        "Call `isAssistantFeatureFlagEnabled(`feature_flags.${skillId}.enabled`, config)` to check skill flags.",
+        "Use simple kebab-case keys instead (e.g., `contacts`, `browser`).",
+        "Call `isAssistantFeatureFlagEnabled(skillId, config)` to check skill flags.",
         "",
         "Violations:",
         ...violations.map((f) => `  - ${f}`),
@@ -149,7 +144,7 @@ describe("assistant feature flag declaration coverage guard", () => {
     // multiline regex so that calls split across lines are still caught:
     //
     //   isAssistantFeatureFlagEnabled(
-    //     'feature_flags.foo.enabled',
+    //     'browser',
     //     config,
     //   )
     //
@@ -202,79 +197,3 @@ describe("assistant feature flag declaration coverage guard", () => {
     }
   });
 });
-
-// ---------------------------------------------------------------------------
-// Guard 3: Indirect key coverage — flag key literals anywhere in production code
-// ---------------------------------------------------------------------------
-
-describe("assistant feature flag indirect key coverage guard", () => {
-  test("all feature_flags.<id>.enabled string literals in production code are declared in the unified registry", () => {
-    const repoRoot = getRepoRoot();
-
-    // Load the unified registry and extract all declared keys (any scope)
-    const registry = loadRegistry();
-    const declaredKeys = new Set(registry.flags.map((f) => f.key));
-
-    // Search for any string literal matching the canonical key pattern
-    // in production .ts files under assistant/src/ and gateway/src/.
-    // This catches keys in maps, constants, variables, or any other
-    // indirect patterns that Guard 2 would miss.
-    let grepOutput = "";
-    try {
-      grepOutput = execSync(
-        `git grep -nE "feature_flags\\.[a-z0-9_-]+\\.enabled\\b" -- 'assistant/src/**/*.ts' 'gateway/src/**/*.ts'`,
-        { encoding: "utf-8", cwd: repoRoot },
-      ).trim();
-    } catch (err) {
-      // Exit code 1 means no matches — happy path
-      if ((err as { status?: number }).status === 1) {
-        return;
-      }
-      throw err;
-    }
-
-    const keyPattern = /feature_flags\.[a-z0-9_-]+\.enabled\b/g;
-    const undeclared: string[] = [];
-
-    for (const line of grepOutput.split("\n")) {
-      if (!line) continue;
-
-      // Format: "file:line:content"
-      const colonIdx = line.indexOf(":");
-      if (colonIdx === -1) continue;
-      const filePath = line.slice(0, colonIdx);
-
-      // Skip test files and persisted-data migration files (they reference retired flag keys by design)
-      if (isTestFile(filePath)) continue;
-      if (
-        filePath.includes("/workspace/migrations/") ||
-        filePath.includes("/memory/migrations/")
-      )
-        continue;
-
-      // Extract all key occurrences from this line
-      const content = line.slice(colonIdx + 1);
-      for (const match of content.matchAll(keyPattern)) {
-        const key = match[0];
-        if (!declaredKeys.has(key)) {
-          undeclared.push(`${filePath}: ${key}`);
-        }
-      }
-    }
-
-    if (undeclared.length > 0) {
-      const message = [
-        "Found feature_flags.<id>.enabled string literals in production code that are NOT declared in the unified registry.",
-        "This catches indirect flag key usage (maps, constants, variables) that the direct-call guard misses.",
-        `Registry: meta/feature-flags/feature-flag-registry.json`,
-        "",
-        "Undeclared keys:",
-        ...undeclared.map((k) => `  - ${k}`),
-        "",
-        "To fix: add the missing key(s) to the unified registry, or remove the stale reference.",
-      ].join("\n");
-
-      expect(undeclared, message).toEqual([]);
-    }
-  });
-});

package/src/__tests__/assistant-feature-flags-integration.test.ts

@@ -45,7 +45,7 @@ let currentConfig: Record<string, unknown> = {
 };
 
 const DECLARED_FLAG_ID = "contacts";
-const DECLARED_FLAG_KEY = `feature_flags.${DECLARED_FLAG_ID}.enabled`;
+const DECLARED_FLAG_KEY = DECLARED_FLAG_ID;
 const DECLARED_SKILL_ID = "contacts";
 
 // eslint-disable-next-line @typescript-eslint/no-require-imports
@@ -201,7 +201,7 @@ describe("buildSystemPrompt assistant feature flag filtering", () => {
 
     _setOverridesForTesting({
       [DECLARED_FLAG_KEY]: false,
-      "feature_flags.browser.enabled": true,
+      browser: true,
     });
 
     currentConfig = {
@@ -286,7 +286,7 @@ describe("buildSystemPrompt assistant feature flag filtering", () => {
 
     _setOverridesForTesting({
       [DECLARED_FLAG_KEY]: false,
-      "feature_flags.email-channel.enabled": false,
+      "email-channel": false,
     });
 
     currentConfig = {
@@ -356,7 +356,7 @@ describe("buildSystemPrompt assistant feature flag filtering", () => {
       "browser",
     );
 
-    _setOverridesForTesting({ "feature_flags.browser.enabled": false });
+    _setOverridesForTesting({ browser: false });
 
     currentConfig = {
       services: {
@@ -478,21 +478,14 @@ describe("isAssistantFeatureFlagEnabled", () => {
   test("unknown flag defaults to true when no persisted override", () => {
     const config = {} as any;
 
-    expect(
-      isAssistantFeatureFlagEnabled(
-        "feature_flags.unknown-skill.enabled",
-        config,
-      ),
-    ).toBe(true);
+    expect(isAssistantFeatureFlagEnabled("unknown-skill", config)).toBe(true);
   });
 
   test("undeclared flag respects persisted override", () => {
-    _setOverridesForTesting({ "feature_flags.browser.enabled": false });
+    _setOverridesForTesting({ browser: false });
     const config = {} as any;
 
-    expect(
-      isAssistantFeatureFlagEnabled("feature_flags.browser.enabled", config),
-    ).toBe(false);
+    expect(isAssistantFeatureFlagEnabled("browser", config)).toBe(false);
   });
 });
 

package/src/__tests__/browser-skill-endstate.test.ts

@@ -39,7 +39,7 @@ describe("browser skill migration end-state", () => {
   beforeAll(async () => {
     __resetRegistryForTesting();
     _setOverridesForTesting({
-      "feature_flags.browser.enabled": true,
+      browser: true,
     });
     await initializeTools();
   });

package/src/__tests__/btw-routes.test.ts

@@ -61,6 +61,12 @@ mock.module("../prompts/system-prompt.js", () => ({
   buildSystemPrompt: mockBuildSystemPrompt,
 }));
 
+mock.module("../prompts/persona-resolver.js", () => ({
+  resolveGuardianPersona: () => null,
+  resolveChannelPersona: () => null,
+  resolveUserPersona: () => null,
+}));
+
 // ---------------------------------------------------------------------------
 // Imports (after mocks)
 // ---------------------------------------------------------------------------
@@ -304,7 +310,9 @@ describe("POST /v1/btw", () => {
     // System prompt built by buildSystemPrompt({ excludeBootstrap: true })
     expect(systemPrompt).toBe(MOCK_SYSTEM_PROMPT);
     expect(mockBuildSystemPrompt).toHaveBeenCalledWith({
+      channelPersona: null,
       excludeBootstrap: true,
+      userPersona: null,
     });
 
     // Options: tool_choice must be "none"