@vellumai/assistant 0.5.9 → 0.5.11

package/src/__tests__/platform-callback-registration.test.ts

@@ -0,0 +1,119 @@
+import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
+
+import { credentialKey } from "../security/credential-key.js";
+
+let mockIsContainerized = true;
+let mockPlatformBaseUrl = "";
+let mockPlatformAssistantId = "";
+let mockPlatformInternalApiKey = "";
+let mockSecureKeys: Record<string, string> = {};
+
+mock.module("../config/env-registry.js", () => ({
+  getIsContainerized: () => mockIsContainerized,
+}));
+
+mock.module("../config/env.js", () => ({
+  getPlatformBaseUrl: () => mockPlatformBaseUrl,
+  getPlatformAssistantId: () => mockPlatformAssistantId,
+  getPlatformInternalApiKey: () => mockPlatformInternalApiKey,
+}));
+
+mock.module("../security/secure-keys.js", () => ({
+  getSecureKeyAsync: async (key: string) => mockSecureKeys[key] ?? undefined,
+}));
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () => ({
+    debug: () => {},
+    info: () => {},
+    warn: () => {},
+    error: () => {},
+  }),
+}));
+
+const originalFetch = globalThis.fetch;
+
+const {
+  registerCallbackRoute,
+  resolvePlatformCallbackRegistrationContext,
+} = await import("../inbound/platform-callback-registration.js");
+
+describe("platform callback registration", () => {
+  beforeEach(() => {
+    mockIsContainerized = true;
+    mockPlatformBaseUrl = "";
+    mockPlatformAssistantId = "";
+    mockPlatformInternalApiKey = "";
+    mockSecureKeys = {};
+    globalThis.fetch = originalFetch;
+  });
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+  });
+
+  test("resolves managed callback context from stored credentials", async () => {
+    mockSecureKeys[credentialKey("vellum", "platform_base_url")] =
+      "https://platform.example.com";
+    mockSecureKeys[credentialKey("vellum", "platform_assistant_id")] =
+      "11111111-2222-4333-8444-555555555555";
+    mockSecureKeys[credentialKey("vellum", "assistant_api_key")] =
+      "ast-managed-key";
+
+    const context = await resolvePlatformCallbackRegistrationContext();
+
+    expect(context.enabled).toBe(true);
+    expect(context.containerized).toBe(true);
+    expect(context.platformBaseUrl).toBe("https://platform.example.com");
+    expect(context.assistantId).toBe(
+      "11111111-2222-4333-8444-555555555555",
+    );
+    expect(context.hasInternalApiKey).toBe(false);
+    expect(context.hasAssistantApiKey).toBe(true);
+    expect(context.authHeader).toBe("Api-Key ast-managed-key");
+  });
+
+  test("registerCallbackRoute falls back to assistant API key auth", async () => {
+    mockSecureKeys[credentialKey("vellum", "platform_base_url")] =
+      "https://platform.example.com";
+    mockSecureKeys[credentialKey("vellum", "platform_assistant_id")] =
+      "11111111-2222-4333-8444-555555555555";
+    mockSecureKeys[credentialKey("vellum", "assistant_api_key")] =
+      "ast-managed-key";
+
+    globalThis.fetch = mock(
+      async (input: RequestInfo | URL, init?: RequestInit) => {
+        expect(String(input)).toBe(
+          "https://platform.example.com/v1/internal/gateway/callback-routes/register/",
+        );
+        const headers = new Headers(init?.headers);
+        expect(headers.get("Authorization")).toBe("Api-Key ast-managed-key");
+        expect(headers.get("Content-Type")).toBe("application/json");
+        expect(JSON.parse(String(init?.body))).toEqual({
+          assistant_id: "11111111-2222-4333-8444-555555555555",
+          callback_path: "webhooks/telegram",
+          type: "telegram",
+        });
+
+        return new Response(
+          JSON.stringify({
+            callback_url:
+              "https://platform.example.com/v1/gateway/callbacks/x/",
+            callback_path:
+              "11111111-2222-4333-8444-555555555555/webhooks/telegram",
+            type: "telegram",
+            assistant_id: "11111111-2222-4333-8444-555555555555",
+          }),
+          {
+            status: 201,
+            headers: { "content-type": "application/json" },
+          },
+        );
+      },
+    ) as unknown as typeof fetch;
+
+    await expect(
+      registerCallbackRoute("webhooks/telegram", "telegram"),
+    ).resolves.toBe("https://platform.example.com/v1/gateway/callbacks/x/");
+  });
+});

package/src/__tests__/secret-ingress-channel.test.ts

@@ -0,0 +1,261 @@
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+// ---------------------------------------------------------------------------
+// Mocks — must be declared before any imports that depend on them
+// ---------------------------------------------------------------------------
+
+let mockConfig: Record<string, unknown> = {
+  secretDetection: {
+    enabled: true,
+    blockIngress: true,
+  },
+};
+
+mock.module("../config/loader.js", () => ({
+  getConfig: () => mockConfig,
+  loadConfig: () => mockConfig,
+  invalidateConfigCache: () => {},
+}));
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+mock.module("../util/platform.js", () => ({
+  getRootDir: () => "/tmp/vellum-test-secret-ingress-channel",
+  getWorkspaceDir: () => "/tmp/vellum-test-secret-ingress-channel/workspace",
+}));
+
+const storePayloadMock = mock((_eventId: string, _payload: unknown) => {});
+const clearPayloadMock = mock((_eventId: string) => {});
+
+mock.module("../memory/delivery-crud.js", () => ({
+  storePayload: (eventId: string, payload: unknown) =>
+    storePayloadMock(eventId, payload),
+  clearPayload: (eventId: string) => clearPayloadMock(eventId),
+  recordInbound: () => ({
+    eventId: "evt-test",
+    conversationId: "conv-test",
+    accepted: true,
+    duplicate: false,
+  }),
+}));
+
+const markProcessedMock = mock((_eventId: string) => {});
+
+mock.module("../memory/delivery-status.js", () => ({
+  markProcessed: (eventId: string) => markProcessedMock(eventId),
+}));
+
+mock.module("../memory/conversation-attention-store.js", () => ({
+  recordConversationSeenSignal: () => {},
+}));
+
+// ---------------------------------------------------------------------------
+// Imports (after mocks)
+// ---------------------------------------------------------------------------
+
+import {
+  runSecretIngressCheck,
+  type SecretIngressCheckParams,
+} from "../runtime/routes/inbound-stages/secret-ingress-check.js";
+import { resetAllowlist } from "../security/secret-allowlist.js";
+
+function makeParams(
+  overrides: Partial<SecretIngressCheckParams> = {},
+): SecretIngressCheckParams {
+  return {
+    eventId: "evt-test-1",
+    sourceChannel: "slack",
+    conversationExternalId: "ext-conv-1",
+    externalMessageId: "ext-msg-1",
+    conversationId: "conv-1",
+    content: "hello",
+    trimmedContent: "hello",
+    attachmentIds: undefined,
+    sourceMetadata: undefined,
+    actorDisplayName: "Test User",
+    actorExternalId: "user-1",
+    actorUsername: "testuser",
+    trustCtx: {
+      trustClass: "member" as const,
+      sourceChannel: "slack" as const,
+    } as any,
+    replyCallbackUrl: undefined,
+    canonicalAssistantId: "self",
+    ...overrides,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("secret ingress — channel inbound path", () => {
+  beforeEach(() => {
+    mockConfig = {
+      secretDetection: {
+        enabled: true,
+        blockIngress: true,
+      },
+    };
+    storePayloadMock.mockClear();
+    clearPayloadMock.mockClear();
+    markProcessedMock.mockClear();
+    resetAllowlist();
+  });
+
+  test("channel inbound with GOCSPX- secret returns blocked: true", () => {
+    const secret = "GOCSPX-abcdefghijklmnopqrstuvwxyz12";
+    const result = runSecretIngressCheck(
+      makeParams({
+        content: `My secret is ${secret}`,
+        trimmedContent: `My secret is ${secret}`,
+      }),
+    );
+
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("Google OAuth Client Secret");
+  });
+
+  test("channel inbound with normal text returns blocked: false", () => {
+    const result = runSecretIngressCheck(
+      makeParams({
+        content: "Hello, how can I help?",
+        trimmedContent: "Hello, how can I help?",
+      }),
+    );
+
+    expect(result.blocked).toBe(false);
+  });
+
+  test("payload is cleared when blocked", () => {
+    const secret = "GOCSPX-abcdefghijklmnopqrstuvwxyz12";
+    runSecretIngressCheck(
+      makeParams({
+        eventId: "evt-clear-test",
+        content: `Secret: ${secret}`,
+        trimmedContent: `Secret: ${secret}`,
+      }),
+    );
+
+    // storePayload should have been called (it persists before checking)
+    expect(storePayloadMock).toHaveBeenCalledTimes(1);
+    // clearPayload should have been called to remove the secret-bearing payload
+    expect(clearPayloadMock).toHaveBeenCalledWith("evt-clear-test");
+  });
+
+  test("payload is NOT cleared for normal messages", () => {
+    runSecretIngressCheck(
+      makeParams({
+        content: "Normal message",
+        trimmedContent: "Normal message",
+      }),
+    );
+
+    expect(storePayloadMock).toHaveBeenCalledTimes(1);
+    expect(clearPayloadMock).not.toHaveBeenCalled();
+  });
+
+  test("event is marked as processed (not dead-lettered) when blocked — verified via caller contract", () => {
+    // The inbound-message-handler calls markProcessed when runSecretIngressCheck
+    // returns blocked: true. We verify the check returns blocked: true, which
+    // triggers the markProcessed call in the handler.
+    const secret = "ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij1234";
+    const result = runSecretIngressCheck(
+      makeParams({
+        content: secret,
+        trimmedContent: secret,
+      }),
+    );
+
+    expect(result.blocked).toBe(true);
+
+    // Simulate the handler's behavior: mark processed on block
+    // (This mirrors inbound-message-handler.ts lines 663-666)
+    if (result.blocked) {
+      markProcessedMock("evt-test-1");
+    }
+    expect(markProcessedMock).toHaveBeenCalledWith("evt-test-1");
+  });
+
+  test("channel inbound with GitHub token is blocked", () => {
+    const token = "ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij1234";
+    const result = runSecretIngressCheck(
+      makeParams({
+        content: `Token: ${token}`,
+        trimmedContent: `Token: ${token}`,
+      }),
+    );
+
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("GitHub Token");
+  });
+
+  test("channel inbound with Slack bot token is blocked", () => {
+    const token = "xoxb-1234567890-9876543210-AbCdEfGhIjKlMnOpQrStUvWx";
+    const result = runSecretIngressCheck(
+      makeParams({
+        content: token,
+        trimmedContent: token,
+      }),
+    );
+
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("Slack Bot Token");
+  });
+
+  test("channel inbound with JWT is not blocked (excluded pattern)", () => {
+    const jwt =
+      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U";
+    const result = runSecretIngressCheck(
+      makeParams({
+        content: jwt,
+        trimmedContent: jwt,
+      }),
+    );
+
+    expect(result.blocked).toBe(false);
+  });
+
+  test("channel inbound with blockIngress: false allows secrets through", () => {
+    mockConfig = {
+      secretDetection: {
+        enabled: true,
+        blockIngress: false,
+      },
+    };
+
+    const secret = "GOCSPX-abcdefghijklmnopqrstuvwxyz12";
+    const result = runSecretIngressCheck(
+      makeParams({
+        content: secret,
+        trimmedContent: secret,
+      }),
+    );
+
+    expect(result.blocked).toBe(false);
+    expect(clearPayloadMock).not.toHaveBeenCalled();
+  });
+
+  test("background dispatch is skipped when blocked (caller reads blocked flag)", () => {
+    // The inbound-message-handler skips processChannelMessageInBackground
+    // when ingressResult.blocked is true. We verify the function returns
+    // the correct blocked flag that the handler uses for this decision.
+    const secret = "AKIAIOSFODNN7EXAMPLE";
+    const result = runSecretIngressCheck(
+      makeParams({
+        content: `AWS: ${secret}`,
+        trimmedContent: `AWS: ${secret}`,
+      }),
+    );
+
+    // blocked: true means the caller (inbound-message-handler) will skip
+    // the background dispatch branch
+    expect(result.blocked).toBe(true);
+    expect(result.detectedTypes).toContain("AWS Access Key");
+  });
+});

package/src/__tests__/secret-ingress-cli.test.ts

@@ -0,0 +1,201 @@
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+// ---------------------------------------------------------------------------
+// Mocks — must be declared before any imports that depend on them
+// ---------------------------------------------------------------------------
+
+let mockConfig: Record<string, unknown> = {
+  secretDetection: {
+    enabled: true,
+    blockIngress: true,
+  },
+};
+
+mock.module("../config/loader.js", () => ({
+  getConfig: () => mockConfig,
+  loadConfig: () => mockConfig,
+  invalidateConfigCache: () => {},
+}));
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+mock.module("../util/platform.js", () => ({
+  getRootDir: () => "/tmp/vellum-test-secret-ingress-cli",
+  getWorkspaceDir: () => "/tmp/vellum-test-secret-ingress-cli/workspace",
+  getSignalsDir: () => "/tmp/vellum-test-secret-ingress-cli/signals",
+}));
+
+// ---------------------------------------------------------------------------
+// Test: CLI signal path uses registerUserMessageCallback which calls
+// checkIngressForSecrets before calling persistAndProcessMessage.
+//
+// We test the callback behavior directly rather than the full signal file
+// flow, since the signal handler is just file I/O around the callback.
+// ---------------------------------------------------------------------------
+
+import { resetAllowlist } from "../security/secret-allowlist.js";
+import { checkIngressForSecrets } from "../security/secret-ingress.js";
+
+/**
+ * Simulates the user-message callback registered in DaemonServer.start().
+ * This mirrors the logic in assistant/src/daemon/server.ts lines 512-556.
+ */
+function makeUserMessageCallback() {
+  const persistAndProcessMessageMock = mock(
+    async (
+      _conversationKey: string,
+      _content: string,
+      _sourceChannel: string,
+      _sourceInterface: string,
+    ) => undefined,
+  );
+
+  const callback = async (params: {
+    conversationKey: string;
+    content: string;
+    sourceChannel: string;
+    sourceInterface: string;
+  }): Promise<{ accepted: boolean; error?: string; message?: string }> => {
+    // This is the secret check that runs before any persistence
+    const ingressResult = checkIngressForSecrets(params.content);
+    if (ingressResult.blocked) {
+      return {
+        accepted: false,
+        error: "secret_blocked" as const,
+        message: ingressResult.userNotice,
+      };
+    }
+
+    // If not blocked, would call persistAndProcessMessage
+    await persistAndProcessMessageMock(
+      params.conversationKey,
+      params.content,
+      params.sourceChannel,
+      params.sourceInterface,
+    );
+    return { accepted: true };
+  };
+
+  return { callback, persistAndProcessMessageMock };
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("secret ingress — CLI signal path", () => {
+  beforeEach(() => {
+    mockConfig = {
+      secretDetection: {
+        enabled: true,
+        blockIngress: true,
+      },
+    };
+    resetAllowlist();
+  });
+
+  test("CLI signal with secret content returns accepted: false with error: secret_blocked", async () => {
+    const { callback, persistAndProcessMessageMock } =
+      makeUserMessageCallback();
+
+    const result = await callback({
+      conversationKey: "test-key",
+      content: "Here is my token: ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij1234",
+      sourceChannel: "vellum",
+      sourceInterface: "cli",
+    });
+
+    expect(result.accepted).toBe(false);
+    expect(result.error).toBe("secret_blocked");
+    expect(result.message).toBeDefined();
+    expect(persistAndProcessMessageMock).not.toHaveBeenCalled();
+  });
+
+  test("CLI signal with normal text returns accepted: true", async () => {
+    const { callback, persistAndProcessMessageMock } =
+      makeUserMessageCallback();
+
+    const result = await callback({
+      conversationKey: "test-key",
+      content: "Hello, how are you?",
+      sourceChannel: "vellum",
+      sourceInterface: "cli",
+    });
+
+    expect(result.accepted).toBe(true);
+    expect(result.error).toBeUndefined();
+    expect(persistAndProcessMessageMock).toHaveBeenCalledTimes(1);
+  });
+
+  test("persistAndProcessMessage is NOT called when blocked", async () => {
+    const { callback, persistAndProcessMessageMock } =
+      makeUserMessageCallback();
+
+    // AWS access key
+    await callback({
+      conversationKey: "test-key",
+      content: "AWS key: AKIAIOSFODNN7EXAMPLE",
+      sourceChannel: "vellum",
+      sourceInterface: "cli",
+    });
+
+    expect(persistAndProcessMessageMock).not.toHaveBeenCalled();
+  });
+
+  test("CLI signal with Anthropic API key is blocked", async () => {
+    const { callback } = makeUserMessageCallback();
+
+    const key =
+      "sk-ant-api03-abcDefGhiJklMnoPqrStuVwxYz0123456789AbCdEfGhIjKlMnOpQrStUvWxYz0123456789AbCdEfGhIj";
+    const result = await callback({
+      conversationKey: "test-key",
+      content: `Key: ${key}`,
+      sourceChannel: "vellum",
+      sourceInterface: "cli",
+    });
+
+    expect(result.accepted).toBe(false);
+    expect(result.error).toBe("secret_blocked");
+  });
+
+  test("CLI signal with JWT is not blocked (excluded pattern)", async () => {
+    const { callback } = makeUserMessageCallback();
+
+    const result = await callback({
+      conversationKey: "test-key",
+      content:
+        "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U",
+      sourceChannel: "vellum",
+      sourceInterface: "cli",
+    });
+
+    expect(result.accepted).toBe(true);
+  });
+
+  test("CLI signal with blockIngress: false allows secrets through", async () => {
+    mockConfig = {
+      secretDetection: {
+        enabled: true,
+        blockIngress: false,
+      },
+    };
+
+    const { callback, persistAndProcessMessageMock } =
+      makeUserMessageCallback();
+
+    const result = await callback({
+      conversationKey: "test-key",
+      content: "ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij1234",
+      sourceChannel: "vellum",
+      sourceInterface: "cli",
+    });
+
+    expect(result.accepted).toBe(true);
+    expect(persistAndProcessMessageMock).toHaveBeenCalledTimes(1);
+  });
+});