@vellumai/assistant 0.6.1 → 0.6.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.6.1",
+  "version": "0.6.3",
   "license": "MIT",
   "type": "module",
   "exports": {
@@ -29,38 +29,38 @@
     "prepack": "node ../scripts/prepack-bundled-deps.mjs"
   },
   "dependencies": {
-    "@agentclientprotocol/sdk": "^0.16.1",
-    "@anthropic-ai/sdk": "^0.78.0",
-    "@google/genai": "^1.40.0",
-    "@modelcontextprotocol/sdk": "^1.15.1",
-    "@qdrant/js-client-rest": "^1.16.2",
-    "@resvg/resvg-js": "^2.6.2",
-    "@sentry/node": "^10.38.0",
+    "@agentclientprotocol/sdk": "0.16.1",
+    "@anthropic-ai/sdk": "0.78.0",
+    "@google/genai": "1.45.0",
+    "@modelcontextprotocol/sdk": "1.27.1",
+    "@qdrant/js-client-rest": "1.17.0",
+    "@resvg/resvg-js": "2.6.2",
+    "@sentry/node": "10.43.0",
     "@vellumai/ces-contracts": "file:../packages/ces-contracts",
     "@vellumai/credential-storage": "file:../packages/credential-storage",
     "@vellumai/egress-proxy": "file:../packages/egress-proxy",
-    "agentmail": "^0.1.0",
-    "archiver": "^7.0.1",
-    "commander": "^13.1.0",
-    "croner": "^10.0.1",
-    "dotenv": "^17.3.1",
-    "drizzle-orm": "^0.38.4",
-    "jszip": "^3.10.1",
-    "minimatch": "^10.2.4",
-    "openai": "^6.18.0",
-    "pino": "^9.6.0",
-    "pino-pretty": "^13.1.3",
-    "playwright": "^1.58.2",
-    "postgres": "^3.4.8",
-    "qrcode": "^1.5.4",
-    "react": "^19.2.4",
-    "rrule": "^2.8.1",
-    "tldts": "^7.0.23",
+    "agentmail": "0.1.19",
+    "archiver": "7.0.1",
+    "commander": "13.1.0",
+    "croner": "10.0.1",
+    "dotenv": "17.3.1",
+    "drizzle-orm": "0.38.4",
+    "jszip": "3.10.1",
+    "minimatch": "10.2.4",
+    "openai": "6.29.0",
+    "pino": "9.14.0",
+    "pino-pretty": "13.1.3",
+    "playwright": "1.58.2",
+    "postgres": "3.4.8",
+    "qrcode": "1.5.4",
+    "react": "19.2.4",
+    "rrule": "2.8.1",
+    "tldts": "7.0.25",
     "tree-sitter-bash": "0.25.1",
-    "uuid": "^11.1.0",
+    "uuid": "11.1.0",
     "web-tree-sitter": "0.26.5",
-    "yaml": "^2.7.1",
-    "zod": "^4.3.6"
+    "yaml": "2.8.2",
+    "zod": "4.3.6"
   },
   "engines": {
     "node": ">=20.12.0"
@@ -75,18 +75,18 @@
     "path-to-regexp": "^8.4.0"
   },
   "devDependencies": {
-    "@types/archiver": "^7.0.0",
-    "@types/bun": "^1.2.4",
-    "@types/node": "^25.2.2",
-    "@types/react": "^19.2.14",
-    "@types/uuid": "^10.0.0",
-    "drizzle-kit": "^0.30.4",
-    "eslint": "^10.0.0",
-    "eslint-plugin-simple-import-sort": "^12.1.1",
-    "fast-check": "^4.5.3",
-    "knip": "^5.83.1",
-    "prettier": "^3.8.1",
-    "typescript": "^5.7.3",
-    "typescript-eslint": "^8.54.0"
+    "@types/archiver": "7.0.0",
+    "@types/bun": "1.3.10",
+    "@types/node": "25.5.0",
+    "@types/react": "19.2.14",
+    "@types/uuid": "10.0.0",
+    "drizzle-kit": "0.30.6",
+    "eslint": "10.0.3",
+    "eslint-plugin-simple-import-sort": "12.1.1",
+    "fast-check": "4.6.0",
+    "knip": "5.86.0",
+    "prettier": "3.8.1",
+    "typescript": "5.9.3",
+    "typescript-eslint": "8.57.0"
   }
 }

package/scripts/generate-openapi.ts

@@ -212,8 +212,7 @@ async function collectRoutesFromModules(): Promise<RouteEntry[]> {
  * here if openapi.yaml is also stale. Plan items B2/C2 address this gap.
  */
 const INLINE_ROUTES: RouteEntry[] = [
-  { endpoint: "browser-relay/status", method: "GET" },
-  { endpoint: "browser-relay/command", method: "POST" },
+  { endpoint: "browser-cdp", method: "POST" },
   { endpoint: "conversations", method: "GET" },
   { endpoint: "conversations/seen", method: "POST" },
   { endpoint: "conversations/unread", method: "POST" },

package/src/__tests__/acp-session.test.ts

@@ -2,6 +2,7 @@ import { beforeEach, describe, expect, mock, test } from "bun:test";
 
 import { VellumAcpClientHandler } from "../acp/client-handler.js";
 import { AcpSessionManager } from "../acp/session-manager.js";
+import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
 import type { ServerMessage } from "../daemon/message-protocol.js";
 import * as pendingInteractions from "../runtime/pending-interactions.js";
 
@@ -15,6 +16,7 @@ describe("VellumAcpClientHandler", () => {
   let handler: VellumAcpClientHandler;
 
   beforeEach(() => {
+    _setOverridesForTesting({});
     sent = [];
     sendToVellum = (msg) => sent.push(msg);
     handler = new VellumAcpClientHandler(
@@ -229,6 +231,47 @@ describe("VellumAcpClientHandler", () => {
       expect(msg.riskLevel).toBe("medium");
     });
 
+    test("suppresses ACP confirmation UI under v2 and chooses the allow option", async () => {
+      _setOverridesForTesting({ "permission-controls-v2": true });
+
+      const result = await handler.requestPermission({
+        toolCall: {
+          title: "Read file",
+          kind: "read",
+          rawInput: "/tmp/example.txt",
+        },
+        options: [
+          { optionId: "allow", name: "Allow", kind: "allow_once" },
+          { optionId: "deny", name: "Deny", kind: "reject_once" },
+        ],
+      } as any);
+
+      expect(result).toEqual({
+        outcome: { outcome: "selected", optionId: "allow" },
+      });
+      expect(sent).toHaveLength(0);
+      expect(handler.pendingRequestIds.size).toBe(0);
+    });
+
+    test("suppresses ACP confirmation UI under v2 and cancels when no allow option exists", async () => {
+      _setOverridesForTesting({ "permission-controls-v2": true });
+
+      const result = await handler.requestPermission({
+        toolCall: {
+          title: "Read file",
+          kind: "read",
+          rawInput: "/tmp/example.txt",
+        },
+        options: [{ optionId: "deny", name: "Deny", kind: "reject_once" }],
+      } as any);
+
+      expect(result).toEqual({
+        outcome: { outcome: "cancelled" },
+      });
+      expect(sent).toHaveLength(0);
+      expect(handler.pendingRequestIds.size).toBe(0);
+    });
+
     test("ACP registration survives sendToVellum overwrite (makeEventSender race)", async () => {
       // Simulate makeEventSender: when sendToVellum is called with a
       // confirmation_request, it overwrites the pendingInteractions entry

package/src/__tests__/app-builder-tool-scripts.test.ts

@@ -25,6 +25,7 @@ function makeMockStore(overrides: Partial<AppStore> = {}): AppStore {
   return {
     getApp: () => makeApp(),
     listApps: () => [makeApp()],
+    appFileExists: () => false,
     createApp: (params) =>
       makeApp({ name: params.name, description: params.description }),
     updateApp: (id, updates) => makeApp({ id, ...updates }),

package/src/__tests__/app-executors.test.ts

@@ -56,6 +56,7 @@ function mockStore(
   return {
     getApp: (id: string) => (id === app.id ? app : null),
     listApps: () => [app],
+    appFileExists: (_appId: string, path: string) => path in files,
     createApp: () => app,
     updateApp: () => app,
     deleteApp: () => {},

package/src/__tests__/app-source-watcher.test.ts

@@ -21,23 +21,25 @@ const testDirNameMap = new Map<string, string>([["my-app", "app-id-1"]]);
 
 let capturedWatchCallback: ((eventType: string, filename: string | null) => void) | null = null;
 const mockWatcher = { close: mock(() => {}) };
+const mockExistsSync = mock((p: string): boolean => p === TEST_APPS_DIR);
+const mockWatch = mock(
+  (
+    _path: string,
+    _opts: Record<string, unknown>,
+    callback: (eventType: string, filename: string | null) => void,
+  ) => {
+    capturedWatchCallback = callback;
+    return mockWatcher;
+  },
+);
 
 mock.module("node:fs", () => {
   // eslint-disable-next-line @typescript-eslint/no-require-imports
   const actualFs = require("node:fs");
   return {
     ...actualFs,
-    existsSync: mock((p: string) => p === TEST_APPS_DIR),
-    watch: mock(
-      (
-        _path: string,
-        _opts: Record<string, unknown>,
-        callback: (eventType: string, filename: string | null) => void,
-      ) => {
-        capturedWatchCallback = callback;
-        return mockWatcher;
-      },
-    ),
+    existsSync: mockExistsSync,
+    watch: mockWatch,
   };
 });
 
@@ -67,6 +69,8 @@ describe("AppSourceWatcher", () => {
     onChangeSpy = mock(() => {});
     capturedWatchCallback = null;
     mockWatcher.close.mockClear();
+    // Reset existsSync to default behavior for each test
+    mockExistsSync.mockImplementation((p: string) => p === TEST_APPS_DIR);
   });
 
   afterEach(() => {
@@ -156,4 +160,26 @@ describe("AppSourceWatcher", () => {
 
     expect(mockWatcher.close).toHaveBeenCalledTimes(1);
   });
+
+  test("ensureStarted() initializes watcher after apps directory is created", () => {
+    // Simulate apps dir not existing at start time
+    mockExistsSync.mockImplementation((_p: string) => false);
+
+    watcher.start(onChangeSpy);
+    expect(capturedWatchCallback).toBeNull(); // watcher didn't start
+
+    // Simulate apps dir now existing (e.g. after app_create)
+    mockExistsSync.mockImplementation((p: string) => p === TEST_APPS_DIR);
+
+    watcher.ensureStarted();
+    expect(capturedWatchCallback).not.toBeNull(); // watcher started
+  });
+
+  test("ensureStarted() is a no-op when watcher is already running", () => {
+    watcher.start(onChangeSpy);
+    const callCountAfterStart = mockWatch.mock.calls.length;
+
+    watcher.ensureStarted();
+    expect(mockWatch.mock.calls.length).toBe(callCountAfterStart); // no extra watch call
+  });
 });

package/src/__tests__/approval-routes-http.test.ts

@@ -6,6 +6,7 @@
  */
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
+import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
 import type { Conversation } from "../daemon/conversation.js";
 import type { ServerMessage } from "../daemon/message-protocol.js";
 
@@ -68,6 +69,7 @@ mock.module("../permissions/trust-store.js", () => ({
 }));
 
 import { getDb, initializeDb } from "../memory/db.js";
+import { CONVERSATION_HOST_ACCESS_PROMPT } from "../permissions/v2-consent-policy.js";
 import { AssistantEventHub } from "../runtime/assistant-event-hub.js";
 import { RuntimeHttpServer } from "../runtime/http-server.js";
 import * as pendingInteractions from "../runtime/pending-interactions.js";
@@ -109,6 +111,7 @@ function makeIdleSession(opts?: {
     usageStats: { inputTokens: 0, outputTokens: 0, estimatedCost: 0 },
     updateClient: () => {},
     setHostBashProxy: () => {},
+    setHostBrowserProxy: () => {},
     setHostFileProxy: () => {},
     setHostCuProxy: () => {},
     addPreactivatedSkillId: () => {},
@@ -174,6 +177,7 @@ function makeConfirmationEmittingSession(opts?: {
     usageStats: { inputTokens: 0, outputTokens: 0, estimatedCost: 0 },
     updateClient: () => {},
     setHostBashProxy: () => {},
+    setHostBrowserProxy: () => {},
     setHostFileProxy: () => {},
     setHostCuProxy: () => {},
     addPreactivatedSkillId: () => {},
@@ -221,6 +225,7 @@ describe("standalone approval endpoints — HTTP layer", () => {
   let eventHub: AssistantEventHub;
 
   beforeEach(() => {
+    _setOverridesForTesting({});
     const db = getDb();
     db.run("DELETE FROM messages");
     db.run("DELETE FROM conversations");
@@ -359,7 +364,21 @@ describe("standalone approval endpoints — HTTP layer", () => {
     });
 
     test("returns 400 for invalid decision", async () => {
-      await startServer(() => makeIdleSession());
+      const session = makeIdleSession();
+      await startServer(() => session);
+
+      pendingInteractions.register("req-1", {
+        conversation: session,
+        conversationId: "conv-1",
+        kind: "confirmation",
+        confirmationDetails: {
+          toolName: "shell_command",
+          input: { command: "ls" },
+          riskLevel: "medium",
+          allowlistOptions: [],
+          scopeOptions: [],
+        },
+      });
 
       const res = await fetch(url("confirm"), {
         method: "POST",
@@ -371,6 +390,124 @@ describe("standalone approval endpoints — HTTP layer", () => {
 
       await stopServer();
     });
+
+    test("rejects temporal approval decisions for conversation host-access prompts", async () => {
+      let confirmedDecision: string | undefined;
+
+      const session = makeIdleSession({
+        onConfirmation: (_reqId, dec) => {
+          confirmedDecision = dec;
+        },
+      });
+
+      await startServer(() => session);
+
+      pendingInteractions.register("req-host-access", {
+        conversation: session,
+        conversationId: "conv-1",
+        kind: "confirmation",
+        confirmationDetails: {
+          toolName: "host_bash",
+          input: { command: "ls" },
+          riskLevel: "medium",
+          ...CONVERSATION_HOST_ACCESS_PROMPT,
+        },
+      });
+
+      const res = await fetch(url("confirm"), {
+        method: "POST",
+        headers: { "Content-Type": "application/json", ...AUTH_HEADERS },
+        body: JSON.stringify({
+          requestId: "req-host-access",
+          decision: "allow_10m",
+        }),
+      });
+      const body = (await res.json()) as { error?: { message?: string } };
+
+      expect(res.status).toBe(403);
+      expect(body.error?.message).toContain(
+        "Conversation host-access prompts only accept allow or deny",
+      );
+      expect(confirmedDecision).toBeUndefined();
+      expect(pendingInteractions.get("req-host-access")).toBeDefined();
+
+      await stopServer();
+    });
+
+    test("canonicalizes advertised legacy allow verbs to one-time allow under v2", async () => {
+      _setOverridesForTesting({ "permission-controls-v2": true });
+      let handledDecision: string | undefined;
+      const handlingSession = makeIdleSession({
+        onConfirmation: (_requestId, decision) => {
+          handledDecision = decision;
+        },
+      });
+      await startServer(() => handlingSession);
+
+      pendingInteractions.register("req-v2", {
+        conversation: handlingSession,
+        conversationId: "conv-1",
+        kind: "confirmation",
+        confirmationDetails: {
+          toolName: "shell_command",
+          input: { command: "ls" },
+          riskLevel: "medium",
+          allowlistOptions: [],
+          scopeOptions: [],
+          temporaryOptionsAvailable: ["allow_10m"],
+        },
+      });
+
+      const res = await fetch(url("confirm"), {
+        method: "POST",
+        headers: { "Content-Type": "application/json", ...AUTH_HEADERS },
+        body: JSON.stringify({
+          requestId: "req-v2",
+          decision: "allow_10m",
+        }),
+      });
+
+      expect(res.status).toBe(200);
+      expect(handledDecision).toBe("allow");
+      expect(pendingInteractions.get("req-v2")).toBeUndefined();
+
+      await stopServer();
+    });
+
+    test("rejects unadvertised legacy approval verbs under v2", async () => {
+      _setOverridesForTesting({ "permission-controls-v2": true });
+      const session = makeIdleSession();
+      await startServer(() => session);
+
+      pendingInteractions.register("req-v2-invalid", {
+        conversation: session,
+        conversationId: "conv-1",
+        kind: "confirmation",
+        confirmationDetails: {
+          toolName: "shell_command",
+          input: { command: "ls" },
+          riskLevel: "medium",
+          allowlistOptions: [],
+          scopeOptions: [],
+        },
+      });
+
+      const res = await fetch(url("confirm"), {
+        method: "POST",
+        headers: { "Content-Type": "application/json", ...AUTH_HEADERS },
+        body: JSON.stringify({
+          requestId: "req-v2-invalid",
+          decision: "allow_10m",
+        }),
+      });
+      const body = (await res.json()) as { error?: { message?: string } };
+
+      expect(res.status).toBe(400);
+      expect(body.error?.message).toContain("resolve to allow or deny");
+      expect(pendingInteractions.get("req-v2-invalid")).toBeDefined();
+
+      await stopServer();
+    });
   });
 
   // ── POST /v1/secret ──────────────────────────────────────────────────
@@ -625,6 +762,46 @@ describe("standalone approval endpoints — HTTP layer", () => {
       await stopServer();
     });
 
+    test("returns 403 for trust rules under v2", async () => {
+      _setOverridesForTesting({ "permission-controls-v2": true });
+      const session = makeIdleSession();
+      await startServer(() => session);
+
+      pendingInteractions.register("req-v2-trust", {
+        conversation: session,
+        conversationId: "conv-1",
+        kind: "confirmation",
+        confirmationDetails: {
+          toolName: "shell_command",
+          input: { command: "ls" },
+          riskLevel: "medium",
+          allowlistOptions: [
+            { label: "Allow ls", description: "test", pattern: "ls" },
+          ],
+          scopeOptions: [{ label: "Conversation", scope: "session" }],
+          persistentDecisionsAllowed: true,
+        },
+      });
+
+      const res = await fetch(url("trust-rules"), {
+        method: "POST",
+        headers: { "Content-Type": "application/json", ...AUTH_HEADERS },
+        body: JSON.stringify({
+          requestId: "req-v2-trust",
+          pattern: "ls",
+          scope: "session",
+          decision: "allow",
+        }),
+      });
+      const body = (await res.json()) as { error?: { message?: string } };
+
+      expect(res.status).toBe(403);
+      expect(body.error?.message).toContain("permission-controls-v2");
+      expect(pendingInteractions.get("req-v2-trust")).toBeDefined();
+
+      await stopServer();
+    });
+
     test("returns 403 when pattern does not match allowlist", async () => {
       const session = makeIdleSession();
       await startServer(() => session);

package/src/__tests__/assistant-event-hub.test.ts

@@ -102,6 +102,36 @@ describe("AssistantEventHub — fanout", () => {
     const hub = new AssistantEventHub();
     await expect(hub.publish(makeEvent())).resolves.toBeUndefined();
   });
+
+  test("hasSubscribersForEvent returns true for assistant-wide subscribers", () => {
+    const hub = new AssistantEventHub();
+    hub.subscribe({ assistantId: "ast_1" }, () => {});
+
+    expect(
+      hub.hasSubscribersForEvent({
+        assistantId: "ast_1",
+        conversationId: "sess_A",
+      }),
+    ).toBe(true);
+  });
+
+  test("hasSubscribersForEvent honors conversation scoping", () => {
+    const hub = new AssistantEventHub();
+    hub.subscribe({ assistantId: "ast_1", conversationId: "sess_A" }, () => {});
+
+    expect(
+      hub.hasSubscribersForEvent({
+        assistantId: "ast_1",
+        conversationId: "sess_A",
+      }),
+    ).toBe(true);
+    expect(
+      hub.hasSubscribersForEvent({
+        assistantId: "ast_1",
+        conversationId: "sess_B",
+      }),
+    ).toBe(false);
+  });
 });
 
 // ── Unsubscribe / cleanup ────────────────────────────────────────────────────