@vellumai/assistant 0.6.1 → 0.6.2

package/src/__tests__/managed-credential-catalog-cli.test.ts

@@ -45,7 +45,10 @@ mock.module("../security/secure-keys.js", () => ({
 
 // Mock global fetch
 const _originalFetch = globalThis.fetch;
-const mockFetch = async (input: string | URL | Request, init?: RequestInit) => {
+const mockFetch = async (
+  input: string | URL | Request,
+  _init?: RequestInit,
+) => {
   const url =
     typeof input === "string"
       ? input
@@ -57,14 +60,6 @@ const mockFetch = async (input: string | URL | Request, init?: RequestInit) => {
     return new Response("Not Found", { status: 404 });
   }
 
-  // Verify the Authorization header never leaks secrets into the request path
-  const authHeader = init?.headers
-    ? (init.headers as Record<string, string>)["Authorization"]
-    : undefined;
-  if (authHeader && !authHeader.startsWith("Api-Key ")) {
-    throw new Error("Unexpected auth header format");
-  }
-
   return new Response(JSON.stringify(entry.body), {
     status: entry.status,
     headers: { "Content-Type": "application/json" },
@@ -266,17 +261,17 @@ describe("fetchManagedCatalog", () => {
     expect(descriptor.handle).toBe("platform_oauth:conn_minimal");
   });
 
-  test("error messages never contain API key values", async () => {
+  test("error messages never contain sensitive details", async () => {
     mockPlatformBaseUrl = "https://platform.example.com";
     mockAssistantApiKey = "sk-super-secret-key-12345";
     mockPlatformAssistantId = "ast-uuid-1234";
 
-    // Simulate a network error
+    // Simulate a network error whose message contains sensitive data
     const savedFetch = globalThis.fetch;
     const errorFetch: typeof fetch = Object.assign(
       async () => {
         throw new Error(
-          "Connect failed to https://platform.example.com/v1/assistants/ast-uuid-1234/oauth/managed/catalog/ with Api-Key sk-super-secret-key-12345",
+          "Connect failed to https://platform.example.com/v1/assistants/ast-uuid-1234/oauth/managed/catalog/ with Bearer sk-super-secret-key-12345",
         );
       },
       { preconnect: savedFetch.preconnect },
@@ -287,9 +282,12 @@ describe("fetchManagedCatalog", () => {
       const result = await fetchManagedCatalog();
       expect(result.ok).toBe(false);
       expect(result.error).toBeDefined();
-      // Ensure the raw API key is not in the error message
+      // Raw error message (with URL, API key, etc.) must not leak
       expect(result.error).not.toContain("sk-super-secret-key-12345");
-      expect(result.error).toContain("[REDACTED]");
+      expect(result.error).not.toContain("platform.example.com");
+      expect(result.error).not.toContain("Connect failed");
+      // Should only contain the error class name
+      expect(result.error).toContain("Error");
     } finally {
       globalThis.fetch = savedFetch;
     }

package/src/__tests__/navigate-settings-tab.test.ts

@@ -14,7 +14,7 @@ const CANONICAL_TABS = [
   "Sounds",
   "Permissions & Privacy",
   "Billing",
-  "Archived Conversations",
+  "Archive",
   "Schedules",
   "Developer",
 ];
@@ -85,4 +85,17 @@ describe("navigate-settings-tab", () => {
     expect(result.isError).toBe(false);
     expect(result.content).toContain("Developer");
   });
+
+  test("normalizes legacy 'Archived Conversations' alias to 'Archive'", async () => {
+    const messages: unknown[] = [];
+    const result = await run(
+      { tab: "Archived Conversations" },
+      makeContext((msg) => messages.push(msg)),
+    );
+
+    expect(result.isError).toBe(false);
+    expect(result.content).toContain("Archive");
+    expect(messages).toHaveLength(1);
+    expect(messages[0]).toEqual({ type: "navigate_settings", tab: "Archive" });
+  });
 });

package/src/__tests__/notification-broadcaster.test.ts

@@ -583,4 +583,69 @@ describe("notification broadcaster", () => {
     expect(vellumCall).toBeDefined();
     expect(vellumCall!.options?.bindingContext).toBeUndefined();
   });
+
+  // ── conversationMetadata propagation ──────────────────────────────
+
+  test("onConversationCreated includes groupId and source from conversationMetadata", async () => {
+    const vellumAdapter = new MockAdapter("vellum");
+    const broadcaster = new NotificationBroadcaster([vellumAdapter]);
+    const createdCalls: ConversationCreatedInfo[] = [];
+    broadcaster.setOnConversationCreated((info) => createdCalls.push(info));
+
+    const signal = makeSignal({
+      sourceEventName: "schedule.complete",
+      conversationMetadata: {
+        groupId: "system:scheduled",
+        source: "schedule",
+        scheduleJobId: "job-abc-123",
+      },
+    });
+    const decision = makeDecision();
+
+    await broadcaster.broadcastDecision(signal, decision);
+
+    expect(createdCalls).toHaveLength(1);
+    expect(createdCalls[0].groupId).toBe("system:scheduled");
+    expect(createdCalls[0].source).toBe("schedule");
+    expect(createdCalls[0].sourceEventName).toBe("schedule.complete");
+  });
+
+  test("onConversationCreated omits groupId and source when conversationMetadata is absent", async () => {
+    const vellumAdapter = new MockAdapter("vellum");
+    const broadcaster = new NotificationBroadcaster([vellumAdapter]);
+    const createdCalls: ConversationCreatedInfo[] = [];
+    broadcaster.setOnConversationCreated((info) => createdCalls.push(info));
+
+    const signal = makeSignal(); // no conversationMetadata
+    const decision = makeDecision();
+
+    await broadcaster.broadcastDecision(signal, decision);
+
+    expect(createdCalls).toHaveLength(1);
+    expect(createdCalls[0].groupId).toBeUndefined();
+    expect(createdCalls[0].source).toBeUndefined();
+  });
+
+  test("per-dispatch callback receives conversationMetadata fields", async () => {
+    const vellumAdapter = new MockAdapter("vellum");
+    const broadcaster = new NotificationBroadcaster([vellumAdapter]);
+    const dispatchCalls: ConversationCreatedInfo[] = [];
+
+    const signal = makeSignal({
+      sourceEventName: "schedule.complete",
+      conversationMetadata: {
+        groupId: "system:scheduled",
+        source: "schedule",
+      },
+    });
+    const decision = makeDecision();
+
+    await broadcaster.broadcastDecision(signal, decision, {
+      onConversationCreated: (info) => dispatchCalls.push(info),
+    });
+
+    expect(dispatchCalls).toHaveLength(1);
+    expect(dispatchCalls[0].groupId).toBe("system:scheduled");
+    expect(dispatchCalls[0].source).toBe("schedule");
+  });
 });

package/src/__tests__/onboarding-template-contract.test.ts

@@ -104,11 +104,12 @@ describe("onboarding template contracts", () => {
       expect(bootstrap).toContain("Check my email");
     });
 
-    test("includes daily briefing and channel suggestions in getting set up", () => {
+    test("keeps momentum by chaining off the first task", () => {
       const lower = bootstrap.toLowerCase();
-      expect(lower).toContain("daily briefing");
-      expect(lower).toContain("slack");
-      expect(lower).toContain("telegram");
+      expect(lower).toContain("keep the momentum");
+      expect(lower).toContain("don't pivot to setup");
+      expect(lower).toContain("chain off the task");
+      expect(lower).toContain("while we're at it");
     });
   });
 

package/src/__tests__/pkb-autoinject.test.ts

@@ -0,0 +1,96 @@
+import { mkdirSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+
+import { readAutoinjectList } from "../daemon/conversation-runtime-assembly.js";
+
+// ---------------------------------------------------------------------------
+// Setup / Teardown
+// ---------------------------------------------------------------------------
+
+let pkbDir: string;
+const dirs: string[] = [];
+
+beforeEach(() => {
+  pkbDir = join(
+    tmpdir(),
+    `vellum-pkb-autoinject-test-${Date.now()}-${Math.random().toString(36).slice(2)}`,
+  );
+  mkdirSync(pkbDir, { recursive: true });
+  dirs.push(pkbDir);
+});
+
+afterEach(() => {
+  for (const dir of dirs.splice(0)) {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("readAutoinjectList", () => {
+  test("returns null when _autoinject.md does not exist", () => {
+    expect(readAutoinjectList(pkbDir)).toBeNull();
+  });
+
+  test("returns empty array when _autoinject.md is empty", () => {
+    writeFileSync(join(pkbDir, "_autoinject.md"), "", "utf-8");
+    expect(readAutoinjectList(pkbDir)).toEqual([]);
+  });
+
+  test("returns empty array when _autoinject.md contains only comments", () => {
+    writeFileSync(
+      join(pkbDir, "_autoinject.md"),
+      "_ This is a comment\n_ Another comment\n",
+      "utf-8",
+    );
+    expect(readAutoinjectList(pkbDir)).toEqual([]);
+  });
+
+  test("parses standard default content", () => {
+    writeFileSync(
+      join(pkbDir, "_autoinject.md"),
+      "_ comment\n\nINDEX.md\nessentials.md\nthreads.md\nbuffer.md\n",
+      "utf-8",
+    );
+    expect(readAutoinjectList(pkbDir)).toEqual([
+      "INDEX.md",
+      "essentials.md",
+      "threads.md",
+      "buffer.md",
+    ]);
+  });
+
+  test("parses custom entries", () => {
+    writeFileSync(
+      join(pkbDir, "_autoinject.md"),
+      "INDEX.md\ncustom-topic.md\n",
+      "utf-8",
+    );
+    expect(readAutoinjectList(pkbDir)).toEqual([
+      "INDEX.md",
+      "custom-topic.md",
+    ]);
+  });
+
+  test("strips blank lines and whitespace", () => {
+    writeFileSync(
+      join(pkbDir, "_autoinject.md"),
+      "INDEX.md\n\n  essentials.md  \n\n",
+      "utf-8",
+    );
+    expect(readAutoinjectList(pkbDir)).toEqual(["INDEX.md", "essentials.md"]);
+  });
+
+  test("strips comment lines mixed with filenames", () => {
+    writeFileSync(
+      join(pkbDir, "_autoinject.md"),
+      "_ Always loaded files\nINDEX.md\n_ Core facts\nessentials.md\n",
+      "utf-8",
+    );
+    expect(readAutoinjectList(pkbDir)).toEqual(["INDEX.md", "essentials.md"]);
+  });
+});

package/src/__tests__/require-fresh-approval.test.ts

@@ -416,7 +416,6 @@ describe("requireFreshApproval: persistent decisions disabled", () => {
         _allowlistOptions: unknown[],
         _scopeOptions: unknown[],
         _previewDiff: unknown,
-        _sandboxed: boolean | undefined,
         _conversationId: string,
         _executionTarget: string,
         persistentDecisionsAllowed: boolean,
@@ -467,7 +466,6 @@ describe("requireFreshApproval: persistent decisions disabled", () => {
         _allowlistOptions: unknown[],
         _scopeOptions: unknown[],
         _previewDiff: unknown,
-        _sandboxed: boolean | undefined,
         _conversationId: string,
         _executionTarget: string,
         persistentDecisionsAllowed: boolean,

package/src/__tests__/sandbox-diagnostics.test.ts

@@ -10,22 +10,6 @@ mock.module("node:child_process", () => ({
   execSync: execSyncMock,
 }));
 
-// Mock config loader — return a config with sandbox settings
-let mockSandboxConfig: {
-  enabled: boolean;
-} = {
-  enabled: true,
-};
-
-mock.module("../config/loader.js", () => ({
-  getConfig: () => ({
-    ui: {},
-
-    sandbox: mockSandboxConfig,
-  }),
-  loadRawConfig: () => ({}),
-}));
-
 mock.module("../util/logger.js", () => ({
   getLogger: () => ({
     error: () => {},
@@ -49,9 +33,6 @@ function setPlatform(platform: string): void {
 
 beforeEach(() => {
   execSyncMock.mockReset();
-  mockSandboxConfig = {
-    enabled: true,
-  };
   // Default: all commands succeed.
   execSyncMock.mockImplementation(() => undefined);
 });
@@ -62,26 +43,14 @@ afterEach(() => {
 });
 
 describe("runSandboxDiagnostics — config reporting", () => {
-  test("reports sandbox enabled state", () => {
-    const result = runSandboxDiagnostics();
-    expect(result.config.enabled).toBe(true);
-  });
-
-  test("reports sandbox disabled state", () => {
-    mockSandboxConfig.enabled = false;
+  test("reports sandbox disabled (sandbox removed)", () => {
     const result = runSandboxDiagnostics();
     expect(result.config.enabled).toBe(false);
   });
 });
 
 describe("runSandboxDiagnostics — active backend reason", () => {
-  test("explains native backend selection", () => {
-    const result = runSandboxDiagnostics();
-    expect(result.activeBackendReason).toContain("Native backend");
-  });
-
   test("explains when sandbox is disabled", () => {
-    mockSandboxConfig.enabled = false;
     const result = runSandboxDiagnostics();
     expect(result.activeBackendReason).toContain("disabled");
   });

package/src/__tests__/terminal-sandbox.test.ts

@@ -2,7 +2,7 @@ import * as realChildProcess from "node:child_process";
 import * as realFs from "node:fs";
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
-import type { SandboxConfig } from "../config/schema.js";
+import type { SandboxConfig } from "../tools/terminal/sandbox.js";
 
 let platform = "linux";
 

package/src/__tests__/terminal-tools.test.ts

@@ -65,13 +65,13 @@ mock.module("../tools/network/script-proxy/index.js", () => ({
 
 // ── Imports (after mocks) ───────────────────────────────────────────────────
 
-import type { SandboxConfig } from "../config/schema.js";
 import { parse } from "../tools/terminal/parser.js";
 import {
   ALWAYS_INJECTED_ENV_VARS,
   buildSanitizedEnv,
   SAFE_ENV_VARS,
 } from "../tools/terminal/safe-env.js";
+import type { SandboxConfig } from "../tools/terminal/sandbox.js";
 import { wrapCommand } from "../tools/terminal/sandbox.js";
 import { ToolError } from "../util/errors.js";
 
@@ -455,10 +455,7 @@ describe("buildSanitizedEnv", () => {
   test("result is a plain object with no prototype-inherited secrets", () => {
     const env = buildSanitizedEnv();
     const keys = Object.keys(env);
-    const safeKeys: string[] = [
-      ...SAFE_ENV_VARS,
-      ...ALWAYS_INJECTED_ENV_VARS,
-    ];
+    const safeKeys: string[] = [...SAFE_ENV_VARS, ...ALWAYS_INJECTED_ENV_VARS];
     for (const key of keys) {
       expect(safeKeys).toContain(key);
     }

package/src/__tests__/test-preload.ts

@@ -25,11 +25,25 @@ process.env.VELLUM_WORKSPACE_DIR = testDir;
 process.env.VELLUM_PLATFORM_URL = "https://test-platform.vellum.ai";
 process.exitCode = 0;
 
+// Prevent tests from routing credential writes through the real CES
+// (Credential Execution Service). Without this, setSecureKeyAsync() in
+// containerized environments writes to the live credential store.
+const savedIsContainerized = process.env.IS_CONTAINERIZED;
+const savedCesCredentialUrl = process.env.CES_CREDENTIAL_URL;
+delete process.env.IS_CONTAINERIZED;
+delete process.env.CES_CREDENTIAL_URL;
+
 afterAll(() => {
   resetDb();
   process.exitCode = 0;
   delete process.env.VELLUM_WORKSPACE_DIR;
   delete process.env.VELLUM_PLATFORM_URL;
+  if (savedIsContainerized !== undefined) {
+    process.env.IS_CONTAINERIZED = savedIsContainerized;
+  }
+  if (savedCesCredentialUrl !== undefined) {
+    process.env.CES_CREDENTIAL_URL = savedCesCredentialUrl;
+  }
   try {
     rmSync(testDir, { recursive: true, force: true });
   } catch {

package/src/__tests__/tool-domain-event-publisher.test.ts

@@ -37,7 +37,6 @@ describe("createToolDomainEventPublisher", () => {
       reason: "needs approval",
       allowlistOptions: [],
       scopeOptions: [],
-      sandboxed: true,
     });
 
     await publish({

package/src/__tests__/tool-executor-lifecycle-events.test.ts

@@ -41,7 +41,6 @@ let checkerDecision: "allow" | "prompt" | "deny" = "allow";
 let checkerReason = "allowed";
 let checkerRisk = "low";
 let promptDecision: "allow" | "always_allow" | "deny" | "always_deny" = "allow";
-let sandboxed = false;
 let fakeToolResult: ToolExecutionResult = { content: "ok", isError: false };
 let toolThrow: Error | null = null;
 
@@ -151,7 +150,7 @@ mock.module("../tools/shared/filesystem/path-policy.js", () => ({
 }));
 
 mock.module("../tools/terminal/sandbox.js", () => ({
-  wrapCommand: () => ({ command: "", sandboxed }),
+  wrapCommand: () => ({ command: "", sandboxed: false }),
 }));
 
 import { PermissionPrompter } from "../permissions/prompter.js";
@@ -193,7 +192,6 @@ describe("ToolExecutor lifecycle events", () => {
     checkerReason = "allowed";
     checkerRisk = "low";
     promptDecision = "allow";
-    sandboxed = false;
     fakeToolResult = { content: "ok", isError: false };
     toolThrow = null;
   });
@@ -231,7 +229,6 @@ describe("ToolExecutor lifecycle events", () => {
     checkerReason = "medium risk: requires approval";
     checkerRisk = "medium";
     promptDecision = "deny";
-    sandboxed = true;
 
     const events: ToolLifecycleEvent[] = [];
     const executor = new ToolExecutor(makePrompter());
@@ -256,7 +253,6 @@ describe("ToolExecutor lifecycle events", () => {
     expect(promptEvent.executionTarget).toBe("sandbox");
     expect(promptEvent.riskLevel).toBe("medium");
     expect(promptEvent.reason).toBe("medium risk: requires approval");
-    expect(promptEvent.sandboxed).toBe(true);
     expect(promptEvent.allowlistOptions).toEqual([
       { label: "exact", description: "exact", pattern: "exact" },
     ]);
@@ -276,7 +272,6 @@ describe("ToolExecutor lifecycle events", () => {
     checkerDecision = "prompt";
     checkerReason = "guardrail prompt";
     checkerRisk = "high";
-    sandboxed = true;
 
     const events: ToolLifecycleEvent[] = [];
     const executor = new ToolExecutor(
@@ -580,7 +575,6 @@ describe("ToolExecutor lifecycle events", () => {
     checkerReason = "Matched trust rule";
     checkerRisk = "low";
     promptDecision = "allow";
-    sandboxed = true;
 
     const events: ToolLifecycleEvent[] = [];
     const executor = new ToolExecutor(makePrompter());
@@ -602,7 +596,6 @@ describe("ToolExecutor lifecycle events", () => {
     expect(promptEvent.reason).toBe(
       "Private conversation: side-effect tools require explicit approval",
     );
-    expect(promptEvent.sandboxed).toBe(true);
   });
 
   test("no permission_prompt event for read-only tool even with forcePromptSideEffects", async () => {

package/src/__tests__/tool-executor.test.ts

@@ -1949,7 +1949,6 @@ describe("ToolExecutor persistentDecisionsAllowed contract", () => {
         _allowlistOptions: AllowlistOption[],
         _scopeOptions: ScopeOption[],
         _diff: unknown,
-        _sandboxed: unknown,
         _conversationId: unknown,
         _executionTarget: unknown,
         persistentDecisionsAllowed: boolean | undefined,

package/src/__tests__/transport-hints-queue.test.ts

@@ -0,0 +1,77 @@
+import { describe, expect, test } from "bun:test";
+
+import type {
+  MacosTransportMetadata,
+  NonMacosTransportMetadata,
+} from "../daemon/message-types/conversations.js";
+import { buildTransportHints } from "../daemon/transport-hints.js";
+
+// ---------------------------------------------------------------------------
+// buildTransportHints
+// ---------------------------------------------------------------------------
+
+describe("buildTransportHints", () => {
+  test("produces correct hints for macOS transport", () => {
+    const transport: MacosTransportMetadata = {
+      channelId: "vellum",
+      interfaceId: "macos",
+      hostHomeDir: "/Users/alice",
+      hostUsername: "alice",
+    };
+
+    const hints = buildTransportHints(transport);
+
+    expect(hints).toContain("User is messaging from interface: macos");
+    expect(hints).toContain("Host home directory: /Users/alice");
+    expect(hints).toContain("Host username: alice");
+    expect(hints).toHaveLength(3);
+  });
+
+  test("produces correct hints for non-macOS transport", () => {
+    const transport: NonMacosTransportMetadata = {
+      channelId: "vellum",
+      interfaceId: "ios",
+    };
+
+    const hints = buildTransportHints(transport);
+
+    expect(hints).toContain("User is messaging from interface: ios");
+    expect(hints).toHaveLength(1);
+    // Should not include host environment hints
+    expect(hints.some((h) => h.includes("Host home directory"))).toBe(false);
+    expect(hints.some((h) => h.includes("Host username"))).toBe(false);
+  });
+
+  test("includes client-provided hints", () => {
+    const transport: MacosTransportMetadata = {
+      channelId: "vellum",
+      interfaceId: "macos",
+      hostHomeDir: "/Users/bob",
+      hostUsername: "bob",
+      hints: ["custom hint"],
+    };
+
+    const hints = buildTransportHints(transport);
+
+    expect(hints).toContain("User is messaging from interface: macos");
+    expect(hints).toContain("Host home directory: /Users/bob");
+    expect(hints).toContain("Host username: bob");
+    expect(hints).toContain("custom hint");
+    expect(hints).toHaveLength(4);
+  });
+
+  test("handles missing optional fields on macOS transport", () => {
+    const transport: MacosTransportMetadata = {
+      channelId: "vellum",
+      interfaceId: "macos",
+    };
+
+    const hints = buildTransportHints(transport);
+
+    expect(hints).toContain("User is messaging from interface: macos");
+    // Without hostHomeDir and hostUsername, only the interface hint is present
+    expect(hints).toHaveLength(1);
+    expect(hints.some((h) => h.includes("Host home directory"))).toBe(false);
+    expect(hints.some((h) => h.includes("Host username"))).toBe(false);
+  });
+});

package/src/__tests__/trust-store.test.ts

@@ -909,8 +909,8 @@ describe("Trust Store", () => {
       expect(match!.id).toBe("default:allow-bash-rm-bootstrap");
       expect(match!.decision).toBe("allow");
       expect(match!.allowHighRisk).toBe(true);
-      // Outside workspace, the bootstrap rule doesn't match — with sandbox
-      // disabled (the default), there is no catch-all bash allow rule either.
+      // Outside workspace, the bootstrap rule doesn't match — without
+      // IS_CONTAINERIZED there is no catch-all bash allow rule either.
       const other = findHighestPriorityRule(
         "bash",
         ["rm BOOTSTRAP.md"],
@@ -930,8 +930,8 @@ describe("Trust Store", () => {
       expect(match!.id).toBe("default:allow-bash-rm-updates");
       expect(match!.decision).toBe("allow");
       expect(match!.allowHighRisk).toBe(true);
-      // Outside workspace, should NOT match the updates rule — with sandbox
-      // disabled (the default), there is no catch-all bash allow rule either.
+      // Outside workspace, should NOT match the updates rule — without
+      // IS_CONTAINERIZED there is no catch-all bash allow rule either.
       const other = findHighestPriorityRule(
         "bash",
         ["rm UPDATES.md"],