npm - @vellumai/assistant - Versions diffs - 0.6.0 → 0.6.1 - Mend

@vellumai/assistant 0.6.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (285) hide show

package/AGENTS.md +4 -0
package/ARCHITECTURE.md +68 -15
package/Dockerfile +2 -2
package/bun.lock +6 -2
package/docker-entrypoint.sh +32 -1
package/docs/architecture/integrations.md +1 -1
package/docs/architecture/memory.md +21 -24
package/openapi.yaml +538 -3
package/package.json +5 -1
package/src/__tests__/anthropic-provider.test.ts +160 -95
package/src/__tests__/app-dir-path-guard.test.ts +1 -0
package/src/__tests__/app-executors.test.ts +47 -1
package/src/__tests__/app-source-watcher.test.ts +159 -0
package/src/__tests__/checker.test.ts +38 -6
package/src/__tests__/config-schema.test.ts +5 -0
package/src/__tests__/conversation-agent-loop-overflow.test.ts +4 -6
package/src/__tests__/conversation-agent-loop.test.ts +4 -51
package/src/__tests__/conversation-history-web-search.test.ts +1 -1
package/src/__tests__/conversation-runtime-assembly.test.ts +653 -832
package/src/__tests__/conversation-runtime-workspace.test.ts +1 -93
package/src/__tests__/conversation-tool-setup-app-refresh.test.ts +17 -4
package/src/__tests__/conversation-wipe.test.ts +2 -6
package/src/__tests__/conversation-workspace-cache-state.test.ts +6 -12
package/src/__tests__/conversation-workspace-injection.test.ts +25 -26
package/src/__tests__/conversation-workspace-tool-tracking.test.ts +1 -1
package/src/__tests__/copy-composer-tc-templates.test.ts +335 -0
package/src/__tests__/date-context.test.ts +76 -210
package/src/__tests__/db-schedule-syntax-migration.test.ts +16 -1
package/src/__tests__/file-list-tool.test.ts +219 -0
package/src/__tests__/first-greeting.test.ts +1 -1
package/src/__tests__/heartbeat-service.test.ts +180 -3
package/src/__tests__/identity-routes.test.ts +328 -0
package/src/__tests__/injection-block.test.ts +24 -0
package/src/__tests__/install-skill-routing.test.ts +7 -6
package/src/__tests__/jobs-store-qdrant-breaker.test.ts +15 -14
package/src/__tests__/list-messages-tool-merge.test.ts +300 -0
package/src/__tests__/llm-context-normalization.test.ts +18 -18
package/src/__tests__/llm-context-route-provider.test.ts +101 -0
package/src/__tests__/llm-request-log-turn-query.test.ts +162 -0
package/src/__tests__/log-export-workspace.test.ts +72 -105
package/src/__tests__/mcp-abort-signal.test.ts +5 -0
package/src/__tests__/mcp-client-auth.test.ts +5 -0
package/src/__tests__/memory-recall-log-store.test.ts +132 -0
package/src/__tests__/migration-export-streaming.test.ts +304 -0
package/src/__tests__/migration-import-commit-http.test.ts +11 -10
package/src/__tests__/mock-fetch.ts +87 -0
package/src/__tests__/notification-decision-recipient-context.test.ts +282 -0
package/src/__tests__/onboarding-template-contract.test.ts +62 -14
package/src/__tests__/parser.test.ts +32 -0
package/src/__tests__/permission-checker-host-gate.test.ts +452 -0
package/src/__tests__/permission-controls-v2-flag.test.ts +55 -0
package/src/__tests__/permission-mode-sse.test.ts +418 -0
package/src/__tests__/permission-mode-store.test.ts +277 -0
package/src/__tests__/permission-mode.test.ts +101 -0
package/src/__tests__/platform-bash-auto-approve.test.ts +359 -0
package/src/__tests__/profiler-routes.test.ts +502 -0
package/src/__tests__/profiler-run-store.test.ts +441 -0
package/src/__tests__/proxy-approval-callback.test.ts +4 -75
package/src/__tests__/registry.test.ts +1 -1
package/src/__tests__/sandbox-host-parity.test.ts +5 -4
package/src/__tests__/scheduler-reuse-conversation.test.ts +368 -0
package/src/__tests__/scrub-corrupted-image-attachments.test.ts +278 -0
package/src/__tests__/search-skills-unified.test.ts +4 -3
package/src/__tests__/send-endpoint-busy.test.ts +42 -3
package/src/__tests__/set-permission-mode.test.ts +274 -0
package/src/__tests__/skill-load-feature-flag.test.ts +12 -0
package/src/__tests__/skill-memory.test.ts +2 -783
package/src/__tests__/strip-memory-injections.test.ts +187 -0
package/src/__tests__/subagent-detail.test.ts +84 -0
package/src/__tests__/subagent-disposal.test.ts +308 -0
package/src/__tests__/subagent-manager-notify.test.ts +19 -10
package/src/__tests__/subagent-notify-parent.test.ts +390 -0
package/src/__tests__/subagent-role-registry.test.ts +108 -0
package/src/__tests__/subagent-tool-filtering.test.ts +71 -0
package/src/__tests__/subagent-tools.test.ts +464 -4
package/src/__tests__/system-prompt-ask-mode.test.ts +139 -0
package/src/__tests__/task-memory-cleanup.test.ts +12 -12
package/src/__tests__/terminal-tools.test.ts +17 -27
package/src/__tests__/test-preload.ts +4 -0
package/src/__tests__/tool-executor.test.ts +4 -26
package/src/__tests__/tool-side-effects-slack-dm.test.ts +1 -0
package/src/__tests__/top-level-renderer.test.ts +10 -13
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +116 -2
package/src/__tests__/workspace-migration-028-recover-conversations-from-disk-view.test.ts +387 -0
package/src/agent/loop.ts +6 -0
package/src/approvals/guardian-request-resolvers.ts +24 -0
package/src/avatar/traits-png-sync.ts +3 -3
package/src/cli/__tests__/run-assistant-command.ts +29 -0
package/src/cli/commands/__tests__/email-download.test.ts +245 -0
package/src/cli/commands/__tests__/email-list.test.ts +192 -0
package/src/cli/commands/__tests__/email-register.test.ts +186 -0
package/src/cli/commands/__tests__/email-send.test.ts +291 -0
package/src/cli/commands/__tests__/email-status.test.ts +181 -0
package/src/cli/commands/__tests__/email-unregister.test.ts +139 -0
package/src/cli/commands/__tests__/routes.test.ts +562 -0
package/src/cli/commands/conversations.ts +1 -8
package/src/cli/commands/email.ts +584 -835
package/src/cli/commands/memory.ts +1 -34
package/src/cli/commands/notifications.ts +7 -2
package/src/cli/commands/oauth/connect.ts +14 -5
package/src/cli/commands/routes.ts +396 -0
package/src/cli/commands/skills.ts +130 -20
package/src/cli/program.ts +2 -0
package/src/cli.ts +1 -120
package/src/config/bundled-skills/app-builder/SKILL.md +4 -1
package/src/config/bundled-skills/gmail/SKILL.md +2 -2
package/src/config/bundled-skills/messaging/SKILL.md +7 -0
package/src/config/bundled-skills/schedule/SKILL.md +22 -2
package/src/config/bundled-skills/schedule/TOOLS.json +8 -0
package/src/config/bundled-skills/settings/tools/avatar-get.ts +3 -13
package/src/config/bundled-skills/settings/tools/avatar-remove.ts +2 -4
package/src/config/bundled-skills/settings/tools/avatar-update.ts +5 -2
package/src/config/bundled-skills/slack/SKILL.md +2 -0
package/src/config/bundled-skills/subagent/SKILL.md +43 -3
package/src/config/bundled-skills/subagent/TOOLS.json +29 -4
package/src/config/env-registry.ts +63 -0
package/src/config/feature-flag-registry.json +17 -1
package/src/config/schema.ts +8 -0
package/src/config/schemas/filing.ts +51 -0
package/src/config/schemas/heartbeat.ts +15 -12
package/src/config/schemas/memory-lifecycle.ts +12 -0
package/src/config/schemas/security.ts +14 -0
package/src/daemon/app-source-watcher.ts +93 -0
package/src/daemon/config-watcher.ts +79 -1
package/src/daemon/conversation-agent-loop-handlers.ts +20 -0
package/src/daemon/conversation-agent-loop.ts +158 -65
package/src/daemon/conversation-history.ts +4 -19
package/src/daemon/conversation-lifecycle.ts +8 -14
package/src/daemon/conversation-process.ts +13 -7
package/src/daemon/conversation-runtime-assembly.ts +300 -306
package/src/daemon/conversation-tool-setup.ts +44 -14
package/src/daemon/conversation-workspace.ts +1 -2
package/src/daemon/conversation.ts +18 -0
package/src/daemon/date-context.ts +26 -53
package/src/daemon/first-greeting.ts +1 -1
package/src/daemon/handlers/conversations.ts +4 -7
package/src/daemon/handlers/shared.test.ts +143 -0
package/src/daemon/handlers/shared.ts +63 -5
package/src/daemon/handlers/skills.ts +11 -18
package/src/daemon/lifecycle.ts +199 -157
package/src/daemon/message-types/conversations.ts +25 -6
package/src/daemon/message-types/messages.ts +9 -1
package/src/daemon/message-types/schedules.ts +1 -0
package/src/daemon/message-types/settings.ts +6 -0
package/src/daemon/profiler-run-store.ts +557 -0
package/src/daemon/server.ts +89 -9
package/src/daemon/shutdown-handlers.ts +5 -0
package/src/daemon/tool-side-effects.ts +23 -3
package/src/export/transcript-formatter.ts +148 -0
package/src/filing/filing-service.ts +228 -0
package/src/heartbeat/heartbeat-service.ts +96 -7
package/src/mcp/client.ts +6 -0
package/src/mcp/mcp-oauth-provider.ts +149 -27
package/src/memory/admin.ts +33 -32
package/src/memory/app-store.ts +69 -0
package/src/memory/conversation-bootstrap.ts +1 -1
package/src/memory/conversation-crud.ts +136 -107
package/src/memory/conversation-group-migration.ts +1 -1
package/src/memory/conversation-queries.ts +58 -12
package/src/memory/conversation-title-service.ts +1 -0
package/src/memory/db-init.ts +182 -376
package/src/memory/graph/bootstrap.ts +75 -66
package/src/memory/graph/capability-seed.ts +167 -15
package/src/memory/graph/consolidation.ts +38 -4
package/src/memory/graph/conversation-graph-memory.ts +133 -104
package/src/memory/graph/extraction-job.ts +9 -4
package/src/memory/graph/extraction.ts +66 -23
package/src/memory/graph/graph-memory-state-store.ts +37 -0
package/src/memory/graph/graph-search.ts +29 -15
package/src/memory/graph/injection.ts +38 -8
package/src/memory/graph/inspect.ts +12 -3
package/src/memory/graph/retriever.ts +365 -262
package/src/memory/graph/store.test.ts +48 -0
package/src/memory/graph/store.ts +150 -11
package/src/memory/graph/tool-handlers.ts +84 -209
package/src/memory/graph/tools.ts +8 -52
package/src/memory/graph/types.ts +24 -0
package/src/memory/job-handlers/cleanup.ts +44 -1
package/src/memory/jobs-store.ts +70 -60
package/src/memory/jobs-worker.ts +44 -28
package/src/memory/llm-request-log-store.ts +96 -12
package/src/memory/memory-recall-log-store.ts +49 -5
package/src/memory/migrations/203-drop-memory-items-tables.ts +33 -1
package/src/memory/migrations/206-memory-graph-node-edits.ts +19 -0
package/src/memory/migrations/206-scrub-corrupted-image-attachments.ts +131 -0
package/src/memory/migrations/207-conversation-graph-memory-state.ts +20 -0
package/src/memory/migrations/208-conversations-last-message-at.ts +35 -0
package/src/memory/migrations/209-strip-thinking-from-consolidated.ts +85 -0
package/src/memory/migrations/210-schedule-reuse-conversation.ts +13 -0
package/src/memory/migrations/211-memory-recall-logs-query-context.ts +21 -0
package/src/memory/migrations/212-llm-request-logs-created-at-index.ts +19 -0
package/src/memory/migrations/index.ts +8 -0
package/src/memory/migrations/registry.ts +8 -0
package/src/memory/schema/conversations.ts +14 -0
package/src/memory/schema/infrastructure.ts +8 -1
package/src/memory/schema/memory-core.ts +0 -51
package/src/memory/schema/memory-graph.ts +15 -0
package/src/memory/task-memory-cleanup.ts +30 -11
package/src/notifications/copy-composer.ts +86 -0
package/src/notifications/decision-engine.ts +35 -0
package/src/permissions/checker.ts +12 -1
package/src/permissions/permission-mode-store.ts +180 -0
package/src/permissions/permission-mode.ts +31 -0
package/src/permissions/workspace-policy.ts +9 -0
package/src/prompts/system-prompt.ts +59 -7
package/src/prompts/templates/BOOTSTRAP-REFERENCE.md +100 -0
package/src/prompts/templates/BOOTSTRAP.md +70 -165
package/src/prompts/templates/HEARTBEAT.md +3 -1
package/src/prompts/templates/SOUL.md +25 -4
package/src/prompts/templates/UPDATES.md +8 -0
package/src/providers/anthropic/client.ts +107 -219
package/src/runtime/auth/route-policy.ts +23 -0
package/src/runtime/http-server.ts +32 -2
package/src/runtime/http-types.ts +12 -1
package/src/runtime/migrations/vbundle-builder.ts +389 -3
package/src/runtime/migrations/vbundle-importer.ts +8 -6
package/src/runtime/routes/__tests__/user-route-dispatcher.test.ts +378 -0
package/src/runtime/routes/app-management-routes.ts +1 -11
package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts +26 -0
package/src/runtime/routes/archive-utils.ts +29 -0
package/src/runtime/routes/avatar-routes.ts +2 -9
package/src/runtime/routes/btw-routes.ts +14 -1
package/src/runtime/routes/conversation-analysis-routes.ts +173 -0
package/src/runtime/routes/conversation-management-routes.ts +1 -14
package/src/runtime/routes/conversation-query-routes.ts +49 -3
package/src/runtime/routes/conversation-routes.ts +264 -44
package/src/runtime/routes/heartbeat-routes.ts +4 -10
package/src/runtime/routes/identity-routes.ts +53 -18
package/src/runtime/routes/llm-context-normalization.ts +14 -10
package/src/runtime/routes/log-export-routes.ts +23 -275
package/src/runtime/routes/memory-item-routes.test.ts +168 -233
package/src/runtime/routes/migration-routes.ts +18 -7
package/src/runtime/routes/profiler-routes.ts +350 -0
package/src/runtime/routes/schedule-routes.ts +27 -12
package/src/runtime/routes/settings-routes.ts +95 -8
package/src/runtime/routes/subagents-routes.ts +28 -7
package/src/runtime/routes/user-route-dispatcher.ts +223 -0
package/src/runtime/routes/user-routes.ts +41 -0
package/src/runtime/routes/workspace-routes.ts +0 -1
package/src/schedule/schedule-store.ts +30 -0
package/src/schedule/scheduler.ts +45 -18
package/src/skills/catalog-install.ts +10 -2
package/src/skills/managed-store.ts +2 -2
package/src/skills/skill-memory.ts +1 -293
package/src/subagent/index.ts +13 -3
package/src/subagent/manager.ts +308 -29
package/src/subagent/types.ts +68 -0
package/src/tasks/task-runner.ts +4 -4
package/src/tools/apps/executors.ts +29 -4
package/src/tools/filesystem/list.ts +93 -0
package/src/tools/permission-checker.ts +78 -0
package/src/tools/registry.ts +4 -0
package/src/tools/schedule/create.ts +3 -0
package/src/tools/schedule/list.ts +1 -0
package/src/tools/schedule/update.ts +6 -0
package/src/tools/shared/filesystem/errors.ts +5 -0
package/src/tools/shared/filesystem/file-ops-service.ts +90 -2
package/src/tools/shared/filesystem/types.ts +17 -0
package/src/tools/shared/shell-output.ts +31 -2
package/src/tools/subagent/abort.ts +12 -2
package/src/tools/subagent/message.ts +9 -2
package/src/tools/subagent/notify-parent.ts +79 -0
package/src/tools/subagent/read.ts +29 -8
package/src/tools/subagent/resolve.ts +21 -0
package/src/tools/subagent/spawn.ts +2 -0
package/src/tools/subagent/status.ts +11 -1
package/src/tools/system/avatar-generator.ts +3 -3
package/src/tools/system/register.ts +23 -0
package/src/tools/system/set-permission-mode.ts +103 -0
package/src/tools/terminal/parser.ts +30 -5
package/src/tools/terminal/safe-env.ts +16 -1
package/src/tools/tool-manifest.ts +6 -0
package/src/tools/types.ts +2 -0
package/src/util/logger.ts +1 -1
package/src/util/platform.ts +50 -17
package/src/workspace/migrations/023-move-config-files-to-workspace.ts +2 -2
package/src/workspace/migrations/024-move-runtime-files-to-workspace.ts +2 -2
package/src/workspace/migrations/028-recover-conversations-from-disk-view.ts +270 -0
package/src/workspace/migrations/029-seed-pkb.ts +84 -0
package/src/workspace/migrations/registry.ts +4 -0
package/src/workspace/top-level-renderer.ts +5 -9
package/src/__tests__/cli-memory.test.ts +0 -377
package/src/__tests__/clipboard.test.ts +0 -88
package/src/cli/cli-memory.ts +0 -179
package/src/util/clipboard.ts +0 -34

package/src/__tests__/permission-mode.test.ts ADDED Viewed

@@ -0,0 +1,101 @@
+import { describe, expect, test } from "bun:test";
+import { PermissionsConfigSchema } from "../config/schemas/security.js";
+import {
+  DEFAULT_PERMISSION_MODE,
+  PermissionModeSchema,
+} from "../permissions/permission-mode.js";
+// ---------------------------------------------------------------------------
+// Tests: PermissionModeSchema
+// ---------------------------------------------------------------------------
+describe("PermissionModeSchema", () => {
+  test("parses empty object with correct defaults", () => {
+    const result = PermissionModeSchema.parse({});
+    expect(result.askBeforeActing).toBe(true);
+    expect(result.hostAccess).toBe(false);
+  });
+  test("DEFAULT_PERMISSION_MODE matches schema defaults", () => {
+    const parsed = PermissionModeSchema.parse({});
+    expect(parsed).toEqual(DEFAULT_PERMISSION_MODE);
+  });
+  test("accepts explicit true/true", () => {
+    const result = PermissionModeSchema.parse({
+      askBeforeActing: true,
+      hostAccess: true,
+    });
+    expect(result.askBeforeActing).toBe(true);
+    expect(result.hostAccess).toBe(true);
+  });
+  test("accepts explicit false/false", () => {
+    const result = PermissionModeSchema.parse({
+      askBeforeActing: false,
+      hostAccess: false,
+    });
+    expect(result.askBeforeActing).toBe(false);
+    expect(result.hostAccess).toBe(false);
+  });
+  test("round-trips through JSON serialization", () => {
+    const original = { askBeforeActing: false, hostAccess: true };
+    const json = JSON.stringify(original);
+    const parsed = PermissionModeSchema.parse(JSON.parse(json));
+    expect(parsed).toEqual(original);
+  });
+  test("rejects non-boolean askBeforeActing", () => {
+    expect(() =>
+      PermissionModeSchema.parse({ askBeforeActing: "yes" }),
+    ).toThrow();
+  });
+  test("rejects non-boolean hostAccess", () => {
+    expect(() => PermissionModeSchema.parse({ hostAccess: "no" })).toThrow();
+  });
+});
+// ---------------------------------------------------------------------------
+// Tests: PermissionsConfigSchema (permissionMode fields)
+// ---------------------------------------------------------------------------
+describe("PermissionsConfigSchema permissionMode fields", () => {
+  test("defaults askBeforeActing to true and hostAccess to false", () => {
+    const result = PermissionsConfigSchema.parse({});
+    expect(result.askBeforeActing).toBe(true);
+    expect(result.hostAccess).toBe(false);
+  });
+  test("preserves existing mode field alongside new fields", () => {
+    const result = PermissionsConfigSchema.parse({ mode: "strict" });
+    expect(result.mode).toBe("strict");
+    expect(result.askBeforeActing).toBe(true);
+    expect(result.hostAccess).toBe(false);
+  });
+  test("accepts overridden values for new fields", () => {
+    const result = PermissionsConfigSchema.parse({
+      mode: "workspace",
+      askBeforeActing: false,
+      hostAccess: true,
+    });
+    expect(result.mode).toBe("workspace");
+    expect(result.askBeforeActing).toBe(false);
+    expect(result.hostAccess).toBe(true);
+  });
+  test("round-trips new fields through JSON serialization", () => {
+    const input = {
+      mode: "workspace" as const,
+      askBeforeActing: false,
+      hostAccess: true,
+    };
+    const json = JSON.stringify(input);
+    const parsed = PermissionsConfigSchema.parse(JSON.parse(json));
+    expect(parsed.askBeforeActing).toBe(false);
+    expect(parsed.hostAccess).toBe(true);
+  });
+});

package/src/__tests__/platform-bash-auto-approve.test.ts ADDED Viewed

@@ -0,0 +1,359 @@
+/**
+ * Tests for platform-hosted bash auto-approval.
+ *
+ * Verifies that bash and host_bash tools are auto-approved without prompting
+ * when running in platform-hosted mode (IS_PLATFORM=true) for guardian actors.
+ * Also verifies that deny rules, non-guardian actors, requireFreshApproval,
+ * and non-bash tools are unaffected by this auto-approval path.
+ */
+import {
+  afterAll,
+  afterEach,
+  beforeEach,
+  describe,
+  expect,
+  mock,
+  test,
+} from "bun:test";
+import type { ScopeOption } from "../permissions/types.js";
+import type { ToolExecutionResult } from "../tools/types.js";
+// ---------------------------------------------------------------------------
+// Mock setup — mirrors require-fresh-approval.test.ts patterns
+// ---------------------------------------------------------------------------
+const mockConfig = {
+  provider: "anthropic",
+  model: "test",
+  maxTokens: 4096,
+  dataDir: "/tmp",
+  timeouts: {
+    shellDefaultTimeoutSec: 120,
+    shellMaxTimeoutSec: 600,
+    permissionTimeoutSec: 300,
+  },
+  sandbox: {
+    enabled: false,
+    backend: "native" as const,
+    docker: {
+      image: "vellum-sandbox:latest",
+      cpus: 1,
+      memoryMb: 512,
+      pidsLimit: 256,
+      network: "none" as const,
+    },
+  },
+  rateLimit: { maxRequestsPerMinute: 0 },
+  secretDetection: {
+    enabled: false,
+    action: "warn" as const,
+    entropyThreshold: 4.0,
+  },
+  permissions: {
+    mode: "workspace" as const,
+  },
+};
+let fakeToolResult: ToolExecutionResult = { content: "ok", isError: false };
+/** Override the check() result for specific tests. */
+let checkResultOverride: { decision: string; reason: string } | undefined;
+/** Override the risk level returned by classifyRisk(). Defaults to "medium". */
+let riskOverride: string = "medium";
+/** Scope options override. */
+let scopeOptionsOverride: ScopeOption[] | undefined;
+mock.module("../config/loader.js", () => ({
+  getConfig: () => mockConfig,
+  loadConfig: () => mockConfig,
+  invalidateConfigCache: () => {},
+  saveConfig: () => {},
+  loadRawConfig: () => ({}),
+  saveRawConfig: () => {},
+  getNestedValue: () => undefined,
+  setNestedValue: () => {},
+}));
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+  truncateForLog: (value: string) => value,
+}));
+mock.module("../permissions/checker.js", () => ({
+  classifyRisk: async () => riskOverride,
+  check: async () => {
+    if (checkResultOverride) return checkResultOverride;
+    return { decision: "allow", reason: "allowed" };
+  },
+  generateAllowlistOptions: () => [
+    { label: "exact", description: "exact", pattern: "exact" },
+  ],
+  generateScopeOptions: () =>
+    scopeOptionsOverride ?? [{ label: "/tmp", scope: "/tmp" }],
+}));
+mock.module("../memory/tool-usage-store.js", () => ({
+  recordToolInvocation: () => {},
+}));
+mock.module("../tools/registry.js", () => ({
+  getTool: (name: string) => {
+    if (name === "unknown_tool") return undefined;
+    return {
+      name,
+      description: "test tool",
+      category: "shell",
+      defaultRiskLevel: "medium",
+      getDefinition: () => ({}),
+      execute: async () => fakeToolResult,
+    };
+  },
+  getAllTools: () => [],
+}));
+mock.module("../tools/shared/filesystem/path-policy.js", () => ({
+  sandboxPolicy: () => ({ ok: false }),
+  hostPolicy: () => ({ ok: false }),
+}));
+mock.module("../tools/terminal/sandbox.js", () => ({
+  wrapCommand: () => ({ command: "", sandboxed: false }),
+}));
+mock.module("../approvals/approval-primitive.js", () => ({
+  consumeGrantForInvocation: async () => ({ ok: false, reason: "no_grant" }),
+}));
+import { PermissionPrompter } from "../permissions/prompter.js";
+import { clearAll as clearAllOverrides } from "../runtime/conversation-approval-overrides.js";
+import { ToolExecutor } from "../tools/executor.js";
+import type { ToolContext as TC } from "../tools/types.js";
+function makeContext(overrides?: Partial<TC>): TC {
+  return {
+    workingDir: "/tmp/project",
+    conversationId: "conversation-1",
+    trustClass: "guardian",
+    isInteractive: true,
+    ...overrides,
+  };
+}
+function makePrompter(): PermissionPrompter {
+  return {
+    prompt: async () => ({ decision: "allow" as const }),
+    resolveConfirmation: () => {},
+    updateSender: () => {},
+    dispose: () => {},
+  } as unknown as PermissionPrompter;
+}
+afterAll(() => {
+  mock.restore();
+});
+// ---------------------------------------------------------------------------
+// Platform-hosted bash auto-approval
+// ---------------------------------------------------------------------------
+describe("platform-hosted bash auto-approval", () => {
+  beforeEach(() => {
+    fakeToolResult = { content: "ok", isError: false };
+    checkResultOverride = undefined;
+    scopeOptionsOverride = undefined;
+    riskOverride = "medium";
+    clearAllOverrides();
+  });
+  afterEach(() => {
+    clearAllOverrides();
+  });
+  test("bash auto-approved in platform-hosted mode", async () => {
+    checkResultOverride = { decision: "prompt", reason: "Needs approval" };
+    let promptCalled = false;
+    const trackingPrompter = {
+      prompt: async () => {
+        promptCalled = true;
+        return { decision: "allow" as const };
+      },
+      resolveConfirmation: () => {},
+      updateSender: () => {},
+      dispose: () => {},
+    } as unknown as PermissionPrompter;
+    const executor = new ToolExecutor(trackingPrompter);
+    const result = await executor.execute(
+      "bash",
+      { command: "echo hello" },
+      makeContext({ isPlatformHosted: true, trustClass: "guardian" }),
+    );
+    expect(promptCalled).toBe(false);
+    expect(result.isError).toBe(false);
+  });
+  test("host_bash NOT auto-approved in platform-hosted mode", async () => {
+    checkResultOverride = { decision: "prompt", reason: "Needs approval" };
+    let promptCalled = false;
+    const trackingPrompter = {
+      prompt: async () => {
+        promptCalled = true;
+        return { decision: "allow" as const };
+      },
+      resolveConfirmation: () => {},
+      updateSender: () => {},
+      dispose: () => {},
+    } as unknown as PermissionPrompter;
+    const executor = new ToolExecutor(trackingPrompter);
+    await executor.execute(
+      "host_bash",
+      { command: "echo hello" },
+      makeContext({ isPlatformHosted: true, trustClass: "guardian" }),
+    );
+    expect(promptCalled).toBe(true);
+  });
+  test("bash NOT auto-approved when not platform-hosted", async () => {
+    checkResultOverride = { decision: "prompt", reason: "Needs approval" };
+    let promptCalled = false;
+    const trackingPrompter = {
+      prompt: async () => {
+        promptCalled = true;
+        return { decision: "allow" as const };
+      },
+      resolveConfirmation: () => {},
+      updateSender: () => {},
+      dispose: () => {},
+    } as unknown as PermissionPrompter;
+    const executor = new ToolExecutor(trackingPrompter);
+    await executor.execute(
+      "bash",
+      { command: "echo hello" },
+      makeContext({ isPlatformHosted: false, trustClass: "guardian" }),
+    );
+    expect(promptCalled).toBe(true);
+  });
+  test("bash NOT auto-approved for non-guardian actors", async () => {
+    checkResultOverride = { decision: "prompt", reason: "Needs approval" };
+    const executor = new ToolExecutor(makePrompter());
+    const result = await executor.execute(
+      "bash",
+      { command: "echo hello" },
+      makeContext({ isPlatformHosted: true, trustClass: "trusted_contact" }),
+    );
+    // Non-guardian actors are blocked by the pre-execution guardian approval
+    // gate before reaching the permission checker. The tool must NOT succeed
+    // via platform auto-approve.
+    expect(result.isError).toBe(true);
+  });
+  test("bash NOT auto-approved when requireFreshApproval is set", async () => {
+    checkResultOverride = { decision: "prompt", reason: "Needs approval" };
+    let promptCalled = false;
+    const trackingPrompter = {
+      prompt: async () => {
+        promptCalled = true;
+        return { decision: "allow" as const };
+      },
+      resolveConfirmation: () => {},
+      updateSender: () => {},
+      dispose: () => {},
+    } as unknown as PermissionPrompter;
+    const executor = new ToolExecutor(trackingPrompter);
+    await executor.execute(
+      "bash",
+      { command: "echo hello" },
+      makeContext({
+        isPlatformHosted: true,
+        trustClass: "guardian",
+        requireFreshApproval: true,
+      }),
+    );
+    expect(promptCalled).toBe(true);
+  });
+  test("deny rules still respected in platform-hosted mode", async () => {
+    checkResultOverride = { decision: "deny", reason: "Explicitly denied" };
+    const executor = new ToolExecutor(makePrompter());
+    const result = await executor.execute(
+      "bash",
+      { command: "rm -rf /" },
+      makeContext({ isPlatformHosted: true, trustClass: "guardian" }),
+    );
+    expect(result.isError).toBe(true);
+    expect(result.content).toContain("Explicitly denied");
+  });
+  test("high-risk bash auto-approved in platform-hosted mode", async () => {
+    riskOverride = "high";
+    checkResultOverride = { decision: "prompt", reason: "High risk command" };
+    let promptCalled = false;
+    const trackingPrompter = {
+      prompt: async () => {
+        promptCalled = true;
+        return { decision: "allow" as const };
+      },
+      resolveConfirmation: () => {},
+      updateSender: () => {},
+      dispose: () => {},
+    } as unknown as PermissionPrompter;
+    const executor = new ToolExecutor(trackingPrompter);
+    const result = await executor.execute(
+      "bash",
+      { command: "rm -rf /tmp/stuff" },
+      makeContext({ isPlatformHosted: true, trustClass: "guardian" }),
+    );
+    expect(promptCalled).toBe(false);
+    expect(result.isError).toBe(false);
+  });
+  test("non-bash tools NOT auto-approved in platform-hosted mode", async () => {
+    checkResultOverride = { decision: "prompt", reason: "Needs approval" };
+    let promptCalled = false;
+    const trackingPrompter = {
+      prompt: async () => {
+        promptCalled = true;
+        return { decision: "allow" as const };
+      },
+      resolveConfirmation: () => {},
+      updateSender: () => {},
+      dispose: () => {},
+    } as unknown as PermissionPrompter;
+    const executor = new ToolExecutor(trackingPrompter);
+    await executor.execute(
+      "file_write",
+      { path: "/tmp/test.txt", content: "hello" },
+      makeContext({ isPlatformHosted: true, trustClass: "guardian" }),
+    );
+    expect(promptCalled).toBe(true);
+  });
+});