@vellumai/assistant 0.6.1 → 0.6.3

package/src/__tests__/host-file-proxy.test.ts

@@ -1,7 +1,13 @@
-import { afterEach, describe, expect, test } from "bun:test";
+import { afterEach, describe, expect, jest, test } from "bun:test";
 
 const { HostFileProxy } = await import("../daemon/host-file-proxy.js");
 
+// Minimal PNG header
+const PNG_HEADER = Buffer.from([
+  0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a, 0x00, 0x00, 0x00, 0x0d, 0x49,
+  0x48, 0x44, 0x52,
+]);
+
 describe("HostFileProxy", () => {
   let proxy: InstanceType<typeof HostFileProxy>;
   let sentMessages: unknown[];
@@ -77,6 +83,39 @@ describe("HostFileProxy", () => {
       expect(result.content).toContain("ENOENT");
     });
 
+    test("rebuilds image tool results from proxied image payloads", async () => {
+      setup();
+
+      const resultPromise = proxy.request(
+        {
+          operation: "read",
+          path: "/Users/test/Desktop/screenshot.png",
+        },
+        "session-1",
+      );
+
+      const sent = sentMessages[0] as Record<string, unknown>;
+      const requestId = sent.requestId as string;
+
+      proxy.resolve(requestId, {
+        content: "Image loaded on host",
+        isError: false,
+        imageData: PNG_HEADER.toString("base64"),
+      });
+
+      const result = await resultPromise;
+      expect(result.isError).toBe(false);
+      expect(result.content).toContain("Image loaded");
+      expect(result.content).toContain("/Users/test/Desktop/screenshot.png");
+      expect(result.contentBlocks).toHaveLength(1);
+      expect(result.contentBlocks?.[0]).toMatchObject({
+        type: "image",
+        source: {
+          media_type: "image/png",
+        },
+      });
+    });
+
     test("handles write operations", async () => {
       setup();
 
@@ -377,6 +416,151 @@ describe("HostFileProxy", () => {
     });
   });
 
+  describe("abort listener lifecycle", () => {
+    // Helper that wraps an AbortSignal to observe add/removeEventListener
+    // invocations without tripping over tsc's strict overload matching on
+    // AbortSignal itself.
+    type Spied = {
+      signal: AbortSignal;
+      addCalls: string[];
+      removeCalls: string[];
+    };
+    function spySignal(source: AbortSignal): Spied {
+      const addCalls: string[] = [];
+      const removeCalls: string[] = [];
+
+      const s = source as any;
+      const origAdd = source.addEventListener.bind(source);
+      const origRemove = source.removeEventListener.bind(source);
+      s.addEventListener = (
+        type: string,
+
+        ...rest: any[]
+      ) => {
+        addCalls.push(type);
+
+        return (origAdd as any)(type, ...rest);
+      };
+      s.removeEventListener = (
+        type: string,
+
+        ...rest: any[]
+      ) => {
+        removeCalls.push(type);
+
+        return (origRemove as any)(type, ...rest);
+      };
+      return { signal: source, addCalls, removeCalls };
+    }
+
+    test("removes abort listener from signal after resolve completes", async () => {
+      setup();
+      const controller = new AbortController();
+      const spy = spySignal(controller.signal);
+
+      const resultPromise = proxy.request(
+        { operation: "read", path: "/tmp/test.txt" },
+        "session-1",
+        spy.signal,
+      );
+
+      expect(spy.addCalls).toEqual(["abort"]);
+      expect(spy.removeCalls).toEqual([]);
+
+      const requestId = (sentMessages[0] as Record<string, unknown>)
+        .requestId as string;
+      proxy.resolve(requestId, { content: "file contents", isError: false });
+      await resultPromise;
+
+      // Listener is detached after normal completion.
+      expect(spy.removeCalls).toEqual(["abort"]);
+
+      // Subsequent aborts are harmless no-ops (no side effects on the proxy).
+      controller.abort();
+      // No additional emitted envelopes from the late abort.
+      expect(sentMessages).toHaveLength(1);
+    });
+
+    test("removes abort listener from signal on timer timeout", async () => {
+      setup();
+
+      jest.useFakeTimers();
+      try {
+        const controller = new AbortController();
+        const spy = spySignal(controller.signal);
+
+        const resultPromise = proxy.request(
+          { operation: "read", path: "/tmp/slow.txt" },
+          "session-1",
+          spy.signal,
+        );
+
+        expect(spy.addCalls).toEqual(["abort"]);
+        expect(spy.removeCalls).toEqual([]);
+
+        const requestId = (sentMessages[0] as Record<string, unknown>)
+          .requestId as string;
+        expect(proxy.hasPendingRequest(requestId)).toBe(true);
+
+        // Advance past the 30s internal timeout.
+        jest.advanceTimersByTime(31 * 1000);
+
+        const result = await resultPromise;
+        expect(result.isError).toBe(true);
+        expect(result.content).toContain("Host file proxy timed out");
+        expect(proxy.hasPendingRequest(requestId)).toBe(false);
+
+        // Listener is detached after the timer fires.
+        expect(spy.removeCalls).toEqual(["abort"]);
+
+        // Subsequent aborts should be harmless — no cancel emitted.
+        controller.abort();
+        expect(sentMessages).toHaveLength(1);
+      } finally {
+        jest.useRealTimers();
+      }
+    });
+  });
+
+  describe("sender throws synchronously", () => {
+    test("rejects the promise, clears pending state and timer, invokes onInternalResolve", async () => {
+      const resolvedIds: string[] = [];
+      sentMessages = [];
+      sendToClient = () => {
+        throw new Error("transport down");
+      };
+      proxy = new HostFileProxy(sendToClient, (id) => resolvedIds.push(id));
+
+      const resultPromise = proxy.request(
+        { operation: "read", path: "/tmp/test.txt" },
+        "session-1",
+      );
+
+      await expect(resultPromise).rejects.toThrow("transport down");
+
+      // The internal resolve should fire exactly once as part of cleanup.
+      expect(resolvedIds).toHaveLength(1);
+
+      // Issue a new request on a fresh (non-throwing) sender and verify
+      // the proxy is still functional — no stale timers or bookkeeping
+      // from the failed request.
+      sentMessages = [];
+      proxy.updateSender((msg) => sentMessages.push(msg), true);
+      const okPromise = proxy.request(
+        { operation: "read", path: "/tmp/ok.txt" },
+        "session-1",
+      );
+      expect(sentMessages).toHaveLength(1);
+      const okRequestId = (sentMessages[0] as Record<string, unknown>)
+        .requestId as string;
+      expect(proxy.hasPendingRequest(okRequestId)).toBe(true);
+      proxy.resolve(okRequestId, { content: "ok", isError: false });
+      const okResult = await okPromise;
+      expect(okResult.content).toBe("ok");
+      expect(okResult.isError).toBe(false);
+    });
+  });
+
   describe("onInternalResolve callback", () => {
     test("fires on abort", async () => {
       const resolvedIds: string[] = [];

package/src/__tests__/host-file-read-tool.test.ts

@@ -3,6 +3,7 @@ import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { afterEach, describe, expect, test } from "bun:test";
 
+import type { HostFileInput } from "../daemon/host-file-proxy.js";
 import { hostFileReadTool } from "../tools/host-filesystem/read.js";
 import type { ToolContext } from "../tools/types.js";
 
@@ -165,6 +166,57 @@ describe("host_file_read tool", () => {
 });
 
 describe("host_file_read image support", () => {
+  test("uses host proxy for image reads when available", async () => {
+    const requests: Array<{
+      input: HostFileInput;
+      conversationId: string;
+      signal?: AbortSignal;
+    }> = [];
+    const proxyContext: ToolContext = {
+      ...makeContext(),
+      hostFileProxy: {
+        isAvailable: () => true,
+        request: async (input, conversationId, signal) => {
+          requests.push({ input, conversationId, signal });
+          return {
+            content: "Image loaded: /host/screenshot.png",
+            isError: false,
+            contentBlocks: [
+              {
+                type: "image",
+                source: {
+                  type: "base64",
+                  media_type: "image/png",
+                  data: PNG_HEADER.toString("base64"),
+                },
+              },
+            ],
+          };
+        },
+      } as ToolContext["hostFileProxy"],
+    };
+
+    const result = await hostFileReadTool.execute(
+      { path: "/host/screenshot.png" },
+      proxyContext,
+    );
+
+    expect(result.isError).toBe(false);
+    expect(result.contentBlocks).toHaveLength(1);
+    expect(requests).toEqual([
+      {
+        input: {
+          operation: "read",
+          path: "/host/screenshot.png",
+          offset: undefined,
+          limit: undefined,
+        },
+        conversationId: "test-conversation",
+        signal: undefined,
+      },
+    ]);
+  });
+
   test("returns image content block for .png file", async () => {
     const dir = makeTempDir();
     const filePath = join(dir, "screenshot.png");

package/src/__tests__/host-proxy-interface.test.ts

@@ -0,0 +1,165 @@
+import { describe, expect, test } from "bun:test";
+
+import type { HostProxyInterfaceId, InterfaceId } from "../channels/types.js";
+import { supportsHostProxy } from "../channels/types.js";
+import type {
+  ConversationTransportMetadata,
+  HostProxyTransportMetadata,
+  NonHostProxyTransportMetadata,
+} from "../daemon/message-types/conversations.js";
+import { isHostProxyTransport } from "../daemon/message-types/conversations.js";
+
+// ---------------------------------------------------------------------------
+// supportsHostProxy — runtime behavior
+// ---------------------------------------------------------------------------
+
+describe("supportsHostProxy (runtime)", () => {
+  test("no-arg form returns true for host-proxy interfaces", () => {
+    expect(supportsHostProxy("macos")).toBe(true);
+  });
+
+  test("no-arg form returns false for interfaces without host-proxy support", () => {
+    const nonHostProxyIds: InterfaceId[] = [
+      "ios",
+      "cli",
+      "telegram",
+      "phone",
+      "vellum",
+      "whatsapp",
+      "slack",
+      "email",
+      "chrome-extension",
+    ];
+    for (const id of nonHostProxyIds) {
+      expect(supportsHostProxy(id)).toBe(false);
+    }
+  });
+
+  test("capability form grants host_browser to chrome-extension", () => {
+    expect(supportsHostProxy("chrome-extension", "host_browser")).toBe(true);
+    expect(supportsHostProxy("chrome-extension", "host_bash")).toBe(false);
+    expect(supportsHostProxy("chrome-extension", "host_file")).toBe(false);
+    expect(supportsHostProxy("chrome-extension", "host_cu")).toBe(false);
+  });
+
+  test("capability form grants host_bash/file/cu to macOS but not host_browser", () => {
+    expect(supportsHostProxy("macos", "host_bash")).toBe(true);
+    expect(supportsHostProxy("macos", "host_file")).toBe(true);
+    expect(supportsHostProxy("macos", "host_cu")).toBe(true);
+    expect(supportsHostProxy("macos", "host_browser")).toBe(false);
+  });
+
+  test("capability form rejects everything for non-host-proxy interfaces", () => {
+    expect(supportsHostProxy("ios", "host_bash")).toBe(false);
+    expect(supportsHostProxy("cli", "host_file")).toBe(false);
+    expect(supportsHostProxy("telegram", "host_browser")).toBe(false);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// supportsHostProxy — type predicate (compile-time contract)
+// ---------------------------------------------------------------------------
+
+describe("supportsHostProxy (type predicate)", () => {
+  test("no-arg form narrows InterfaceId to HostProxyInterfaceId", () => {
+    const id: InterfaceId = "macos";
+    if (supportsHostProxy(id)) {
+      // Inside this branch, TypeScript narrows `id` to HostProxyInterfaceId.
+      // If the overload were wrong, this assignment would fail to type-check
+      // and the test file wouldn't compile.
+      const narrowed: HostProxyInterfaceId = id;
+      expect(narrowed).toBe("macos");
+    } else {
+      throw new Error("expected narrowing branch to be taken for macos");
+    }
+  });
+
+  test("narrowing reaches through discriminated transport union", () => {
+    // Build a value typed as the full union so TypeScript can't cheat.
+    const transport: ConversationTransportMetadata = {
+      channelId: "vellum",
+      interfaceId: "macos",
+      hostHomeDir: "/Users/alice",
+      hostUsername: "alice",
+    };
+
+    if (transport.interfaceId && supportsHostProxy(transport.interfaceId)) {
+      // Narrowing the discriminant narrows the union member — after this
+      // check, `transport` should be HostProxyTransportMetadata and the
+      // host-env fields are directly accessible.
+      const narrowed: HostProxyTransportMetadata = transport;
+      expect(narrowed.hostHomeDir).toBe("/Users/alice");
+      expect(narrowed.hostUsername).toBe("alice");
+    } else {
+      throw new Error("expected host-proxy branch for macos transport");
+    }
+  });
+
+  test("non-host-proxy branch narrows to NonHostProxyTransportMetadata", () => {
+    const transport: ConversationTransportMetadata = {
+      channelId: "vellum",
+      interfaceId: "ios",
+    };
+
+    if (transport.interfaceId && supportsHostProxy(transport.interfaceId)) {
+      throw new Error("expected non-host-proxy branch for ios transport");
+    } else {
+      // `transport` is NonHostProxyTransportMetadata here.
+      const narrowed: NonHostProxyTransportMetadata = transport;
+      expect(narrowed.interfaceId).toBe("ios");
+    }
+  });
+});
+
+// ---------------------------------------------------------------------------
+// isHostProxyTransport — type guard on ConversationTransportMetadata
+// ---------------------------------------------------------------------------
+
+describe("isHostProxyTransport", () => {
+  test("returns true for macOS transport and narrows to HostProxyTransportMetadata", () => {
+    const transport: ConversationTransportMetadata = {
+      channelId: "vellum",
+      interfaceId: "macos",
+      hostHomeDir: "/Users/alice",
+      hostUsername: "alice",
+    };
+
+    expect(isHostProxyTransport(transport)).toBe(true);
+
+    if (isHostProxyTransport(transport)) {
+      const narrowed: HostProxyTransportMetadata = transport;
+      expect(narrowed.hostHomeDir).toBe("/Users/alice");
+      expect(narrowed.hostUsername).toBe("alice");
+    } else {
+      throw new Error("narrowing branch not taken");
+    }
+  });
+
+  test("returns false for every non-host-proxy interface", () => {
+    const nonHostProxyIds: Array<Exclude<InterfaceId, HostProxyInterfaceId>> = [
+      "ios",
+      "cli",
+      "telegram",
+      "phone",
+      "vellum",
+      "whatsapp",
+      "slack",
+      "email",
+      "chrome-extension",
+    ];
+    for (const interfaceId of nonHostProxyIds) {
+      const transport: ConversationTransportMetadata = {
+        channelId: "vellum",
+        interfaceId,
+      };
+      expect(isHostProxyTransport(transport)).toBe(false);
+    }
+  });
+
+  test("returns false when interfaceId is absent", () => {
+    const transport: ConversationTransportMetadata = {
+      channelId: "vellum",
+    };
+    expect(isHostProxyTransport(transport)).toBe(false);
+  });
+});

package/src/__tests__/host-shell-tool.test.ts

@@ -36,7 +36,6 @@ const mockConfig = {
     entropyThreshold: 4.0,
   },
   auditLog: { retentionDays: 0 },
-  sandbox: { enabled: true },
 };
 
 // Track whether wrapCommand was ever called — host_bash must never invoke it
@@ -149,10 +148,6 @@ describe("host_bash tool", () => {
     const dir = mkdtempSync(join(tmpdir(), "host-shell-plain-"));
     testDirs.push(dir);
 
-    // Verify the tool executes successfully even when sandbox is enabled in config,
-    // proving it bypasses the sandbox entirely
-    expect(mockConfig.sandbox.enabled).toBe(true);
-
     spawnCalls.length = 0;
 
     const result = await hostShellTool.execute(
@@ -236,10 +231,7 @@ describe("host_bash — baseline: no sandbox isolation", () => {
     expect(spawnCalls[0].args[2]).toBe("ls -la /tmp");
   });
 
-  test("sandbox config being enabled does not affect host_bash", async () => {
-    // The mock config has sandbox.enabled = true
-    expect(mockConfig.sandbox.enabled).toBe(true);
-
+  test("host_bash always spawns plain bash without wrapCommand", async () => {
     const dir = mkdtempSync(join(tmpdir(), "host-shell-sandbox-cfg-"));
     testDirs.push(dir);
 
@@ -255,9 +247,7 @@ describe("host_bash — baseline: no sandbox isolation", () => {
     );
 
     expect(result.isError).toBe(false);
-    // Must never call wrapCommand regardless of config
     expect(wrapCommandCallCount).toBe(0);
-    // Must still spawn plain bash
     expect(spawnCalls[0].command).toBe("bash");
   });
 });

package/src/__tests__/http-user-message-parity.test.ts

@@ -178,6 +178,7 @@ function makeConversation(overrides: Record<string, unknown> = {}) {
     setTrustContext: () => {},
     updateClient: () => {},
     setHostBashProxy: () => {},
+    setHostBrowserProxy: () => {},
     setHostFileProxy: () => {},
     setHostCuProxy: () => {},
     addPreactivatedSkillId: () => {},

package/src/__tests__/init-feature-flag-overrides.test.ts

@@ -0,0 +1,167 @@
+/**
+ * Tests for initFeatureFlagOverrides() — the async gateway fetch that
+ * pre-populates the feature flag cache before CLI program construction.
+ */
+import { afterEach, beforeEach, describe, expect, it } from "bun:test";
+
+import {
+  clearFeatureFlagOverridesCache,
+  initFeatureFlagOverrides,
+  isAssistantFeatureFlagEnabled,
+} from "../config/assistant-feature-flags.js";
+import * as tokenService from "../runtime/auth/token-service.js";
+import { getMockFetchCalls, mockFetch, resetMockFetch } from "./mock-fetch.js";
+
+const VALID_HEX_KEY = "ab".repeat(32);
+
+beforeEach(() => {
+  clearFeatureFlagOverridesCache();
+  tokenService._resetSigningKeyForTesting();
+
+  // Set up a signing key so mintEdgeRelayToken() works
+  process.env.ACTOR_TOKEN_SIGNING_KEY = VALID_HEX_KEY;
+  tokenService.initAuthSigningKey(tokenService.resolveSigningKey());
+});
+
+afterEach(() => {
+  resetMockFetch();
+  clearFeatureFlagOverridesCache();
+  tokenService._resetSigningKeyForTesting();
+  delete process.env.ACTOR_TOKEN_SIGNING_KEY;
+});
+
+describe("initFeatureFlagOverrides", () => {
+  it("populates cache from gateway fetch response", async () => {
+    mockFetch(
+      "/v1/feature-flags",
+      { method: "GET" },
+      {
+        body: {
+          flags: [
+            {
+              key: "foo-enabled",
+              enabled: true,
+              label: "Foo",
+              defaultEnabled: false,
+              description: "",
+            },
+            {
+              key: "bar-enabled",
+              enabled: true,
+              label: "Bar",
+              defaultEnabled: true,
+              description: "",
+            },
+          ],
+        },
+        status: 200,
+      },
+    );
+
+    await initFeatureFlagOverrides();
+
+    const config = {} as any;
+    expect(isAssistantFeatureFlagEnabled("foo-enabled", config)).toBe(true);
+    expect(isAssistantFeatureFlagEnabled("bar-enabled", config)).toBe(true);
+
+    // Verify fetch was called with correct URL and auth header
+    const calls = getMockFetchCalls();
+    expect(calls.length).toBe(1);
+    expect(calls[0].path).toContain("/v1/feature-flags");
+    const headers = calls[0].init.headers as Record<string, string> | undefined;
+    expect(headers).toHaveProperty("Authorization");
+  });
+
+  it("sends a valid Bearer JWT in the Authorization header", async () => {
+    mockFetch(
+      "/v1/feature-flags",
+      { method: "GET" },
+      { body: { flags: [] }, status: 200 },
+    );
+
+    await initFeatureFlagOverrides();
+
+    const calls = getMockFetchCalls();
+    expect(calls.length).toBe(1);
+    const headers = calls[0].init.headers as Record<string, string> | undefined;
+    const authHeader = headers?.Authorization;
+
+    expect(authHeader).toBeDefined();
+    expect(authHeader).toMatch(/^Bearer /);
+
+    // Verify it's a valid JWT (three dot-separated base64url segments)
+    const token = authHeader!.replace("Bearer ", "");
+    const parts = token.split(".");
+    expect(parts.length).toBe(3);
+  });
+
+  it("falls back gracefully when gateway is unreachable", async () => {
+    mockFetch("/v1/feature-flags", { method: "GET" }, { status: 500 });
+
+    // Should not throw
+    await initFeatureFlagOverrides();
+
+    // Without gateway data or file, undeclared flags default to true
+    const config = {} as any;
+    expect(isAssistantFeatureFlagEnabled("foo-enabled", config)).toBe(true);
+  });
+
+  it("falls back gracefully on non-OK HTTP status", async () => {
+    mockFetch(
+      "/v1/feature-flags",
+      { method: "GET" },
+      { body: "Unauthorized", status: 401 },
+    );
+
+    await initFeatureFlagOverrides();
+
+    // Undeclared flags default to true without overrides
+    const config = {} as any;
+    expect(isAssistantFeatureFlagEnabled("foo-enabled", config)).toBe(true);
+  });
+
+  it("initializes signing key lazily when not yet set", async () => {
+    // Reset signing key to simulate fresh CLI subprocess
+    tokenService._resetSigningKeyForTesting();
+    delete process.env.ACTOR_TOKEN_SIGNING_KEY;
+
+    expect(tokenService.isSigningKeyInitialized()).toBe(false);
+
+    mockFetch(
+      "/v1/feature-flags",
+      { method: "GET" },
+      {
+        body: {
+          flags: [{ key: "expected-enabled", enabled: true }],
+        },
+        status: 200,
+      },
+    );
+
+    await initFeatureFlagOverrides();
+
+    // Signing key should have been initialized during the fetch
+    expect(tokenService.isSigningKeyInitialized()).toBe(true);
+
+    // And the flag should be resolved correctly
+    const config = {} as any;
+    expect(isAssistantFeatureFlagEnabled("expected-enabled", config)).toBe(
+      true,
+    );
+  });
+
+  it("does not cache empty gateway response", async () => {
+    mockFetch(
+      "/v1/feature-flags",
+      { method: "GET" },
+      { body: { flags: [] }, status: 200 },
+    );
+
+    await initFeatureFlagOverrides();
+
+    // Undeclared flags without overrides default to true (not false from
+    // a cached empty map)
+    const config = {} as any;
+    expect(isAssistantFeatureFlagEnabled("foo-enabled", config)).toBe(true);
+  });
+});

package/src/__tests__/inline-command-runner.test.ts

@@ -11,7 +11,6 @@ const mockConfig = {
   model: "test",
   maxTokens: 4096,
   dataDir: "/tmp",
-  sandbox: { enabled: true },
   timeouts: {
     shellDefaultTimeoutSec: 120,
     shellMaxTimeoutSec: 600,
@@ -104,20 +103,23 @@ describe("runInlineCommand", () => {
   // ── Sandbox enforcement ──────────────────────────────────────────────────
 
   describe("sandbox enforcement", () => {
-    test("always passes sandbox config with enabled=true", async () => {
+    test("always passes sandbox config with enabled=false", async () => {
       lastWrapCall = null;
       await runInlineCommand("echo sandbox-check", CWD);
 
       expect(lastWrapCall).not.toBeNull();
-      expect(lastWrapCall!.config.enabled).toBe(true);
+      expect(lastWrapCall!.config.enabled).toBe(false);
     });
 
-    test("always passes networkMode=off", async () => {
+    test("does not pass networkMode when sandbox is disabled", async () => {
       lastWrapCall = null;
       await runInlineCommand("echo network-check", CWD);
 
       expect(lastWrapCall).not.toBeNull();
-      expect(lastWrapCall!.options?.networkMode).toBe("off");
+      // networkMode is a no-op when sandbox is disabled (wrapCommand returns
+      // a plain bash invocation), so it is not passed. Network isolation is
+      // provided by the Docker/platform-managed container.
+      expect(lastWrapCall!.options).toBeUndefined();
     });
 
     test("uses the provided workingDir as cwd", async () => {