npm - @vellumai/assistant - Versions diffs - 0.6.1 → 0.6.3 - Mend

@vellumai/assistant 0.6.1 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (463) hide show

package/bun.lock +40 -40
package/bunfig.toml +3 -0
package/docker-entrypoint.sh +12 -2
package/docs/architecture/memory.md +1 -1
package/node_modules/@vellumai/ces-contracts/src/handles.ts +7 -9
package/node_modules/@vellumai/ces-contracts/src/rpc.ts +42 -0
package/openapi.yaml +184 -69
package/package.json +41 -41
package/scripts/generate-openapi.ts +1 -2
package/src/__tests__/acp-session.test.ts +43 -0
package/src/__tests__/app-builder-tool-scripts.test.ts +1 -0
package/src/__tests__/app-executors.test.ts +1 -0
package/src/__tests__/app-source-watcher.test.ts +37 -11
package/src/__tests__/approval-routes-http.test.ts +178 -1
package/src/__tests__/assistant-event-hub.test.ts +30 -0
package/src/__tests__/browser-fill-credential.test.ts +229 -94
package/src/__tests__/browser-manager.test.ts +40 -27
package/src/__tests__/catalog-files.test.ts +862 -0
package/src/__tests__/channel-approvals.test.ts +53 -0
package/src/__tests__/checker.test.ts +104 -170
package/src/__tests__/cli-command-risk-guard.test.ts +1 -1
package/src/__tests__/config-managed-gemini-defaults.test.ts +326 -0
package/src/__tests__/config-schema-cmd.test.ts +2 -2
package/src/__tests__/config-schema.test.ts +125 -48
package/src/__tests__/confirmation-request-guardian-bridge.test.ts +23 -0
package/src/__tests__/context-overflow-approval.test.ts +21 -6
package/src/__tests__/conversation-agent-loop-overflow.test.ts +1 -1
package/src/__tests__/conversation-agent-loop.test.ts +1 -1
package/src/__tests__/conversation-analysis-routes.test.ts +169 -0
package/src/__tests__/conversation-attachments.test.ts +80 -4
package/src/__tests__/conversation-confirmation-signals.test.ts +155 -0
package/src/__tests__/conversation-directories-parse.test.ts +105 -0
package/src/__tests__/conversation-fork-crud.test.ts +17 -0
package/src/__tests__/conversation-history-web-search.test.ts +1 -0
package/src/__tests__/conversation-host-access-routes.test.ts +229 -0
package/src/__tests__/conversation-inject-context.test.ts +103 -0
package/src/__tests__/conversation-queue.test.ts +45 -2
package/src/__tests__/conversation-routes-disk-view.test.ts +5 -0
package/src/__tests__/conversation-routes-guardian-reply.test.ts +16 -0
package/src/__tests__/conversation-routes-slash-commands.test.ts +1 -0
package/src/__tests__/conversation-runtime-assembly.test.ts +269 -46
package/src/__tests__/conversation-starter-routes.test.ts +126 -0
package/src/__tests__/conversation-starters-cadence.test.ts +161 -0
package/src/__tests__/conversation-store.test.ts +195 -0
package/src/__tests__/conversation-workspace-cache-state.test.ts +193 -0
package/src/__tests__/credential-execution-approval-bridge.test.ts +32 -3
package/src/__tests__/credential-security-invariants.test.ts +1 -0
package/src/__tests__/credential-vault-unit.test.ts +4 -4
package/src/__tests__/credential-vault.test.ts +152 -13
package/src/__tests__/credentials-cli.test.ts +2 -2
package/src/__tests__/date-context.test.ts +4 -4
package/src/__tests__/embedding-managed-proxy-selection.test.ts +256 -0
package/src/__tests__/extension-id-sync-guard.test.ts +155 -0
package/src/__tests__/fixtures/mock-chrome-extension.ts +375 -0
package/src/__tests__/gateway-only-guard.test.ts +3 -0
package/src/__tests__/gemini-provider.test.ts +2 -2
package/src/__tests__/guardian-routing-invariants.test.ts +70 -2
package/src/__tests__/headless-browser-interactions.test.ts +707 -371
package/src/__tests__/headless-browser-navigate.test.ts +389 -47
package/src/__tests__/headless-browser-read-tools.test.ts +266 -103
package/src/__tests__/headless-browser-snapshot.test.ts +240 -77
package/src/__tests__/host-bash-proxy.test.ts +150 -1
package/src/__tests__/host-browser-e2e-cloud.test.ts +462 -0
package/src/__tests__/host-browser-e2e-self-hosted-capability.test.ts +286 -0
package/src/__tests__/host-browser-e2e-self-hosted.test.ts +374 -0
package/src/__tests__/host-browser-event-routes.test.ts +350 -0
package/src/__tests__/host-browser-proxy.test.ts +444 -0
package/src/__tests__/host-browser-routes.test.ts +198 -0
package/src/__tests__/host-browser-ws-events-e2e.test.ts +320 -0
package/src/__tests__/host-cu-proxy.test.ts +171 -1
package/src/__tests__/host-file-proxy.test.ts +185 -1
package/src/__tests__/host-file-read-tool.test.ts +52 -0
package/src/__tests__/host-proxy-interface.test.ts +165 -0
package/src/__tests__/host-shell-tool.test.ts +1 -11
package/src/__tests__/http-user-message-parity.test.ts +1 -0
package/src/__tests__/init-feature-flag-overrides.test.ts +167 -0
package/src/__tests__/inline-command-runner.test.ts +7 -5
package/src/__tests__/integration-status.test.ts +6 -7
package/src/__tests__/list-messages-tool-merge.test.ts +37 -12
package/src/__tests__/log-export-workspace.test.ts +190 -0
package/src/__tests__/managed-credential-catalog-cli.test.ts +12 -14
package/src/__tests__/mcp-client-auth.test.ts +40 -4
package/src/__tests__/mcp-health-check.test.ts +10 -3
package/src/__tests__/migration-cross-version-compatibility.test.ts +3 -1
package/src/__tests__/migration-export-http.test.ts +61 -2
package/src/__tests__/migration-export-streaming.test.ts +66 -0
package/src/__tests__/migration-import-commit-http.test.ts +101 -1
package/src/__tests__/native-host-marker-sync-guard.test.ts +157 -0
package/src/__tests__/navigate-settings-tab.test.ts +14 -1
package/src/__tests__/notification-broadcaster.test.ts +65 -0
package/src/__tests__/oauth-apps-routes.test.ts +17 -12
package/src/__tests__/oauth-cli.test.ts +707 -60
package/src/__tests__/oauth-connect-orchestrator.test.ts +116 -24
package/src/__tests__/oauth-provider-seed-logos.test.ts +23 -0
package/src/__tests__/oauth-provider-serializer.test.ts +146 -10
package/src/__tests__/oauth-provider-visibility.test.ts +19 -21
package/src/__tests__/oauth-providers-routes.test.ts +50 -14
package/src/__tests__/oauth-store.test.ts +1386 -182
package/src/__tests__/oauth2-gateway-transport.test.ts +211 -20
package/src/__tests__/onboarding-template-contract.test.ts +74 -55
package/src/__tests__/openai-provider.test.ts +2 -2
package/src/__tests__/outlook-categories.test.ts +1 -1
package/src/__tests__/outlook-client-automation.test.ts +1 -1
package/src/__tests__/outlook-compose-tools.test.ts +1 -1
package/src/__tests__/outlook-email-watcher.test.ts +1 -1
package/src/__tests__/outlook-follow-up.test.ts +1 -1
package/src/__tests__/outlook-messaging-provider.test.ts +2 -2
package/src/__tests__/outlook-trash.test.ts +1 -1
package/src/__tests__/outlook-unsubscribe.test.ts +1 -1
package/src/__tests__/permission-checker-host-gate.test.ts +74 -14
package/src/__tests__/permission-mode.test.ts +28 -56
package/src/__tests__/pkb-autoinject.test.ts +96 -0
package/src/__tests__/platform-callback-registration.test.ts +19 -0
package/src/__tests__/post-turn-tool-result-truncation.test.ts +296 -0
package/src/__tests__/proxy-approval-callback.test.ts +18 -0
package/src/__tests__/require-fresh-approval.test.ts +40 -3
package/src/__tests__/sandbox-diagnostics.test.ts +1 -32
package/src/__tests__/sanitize-config-for-transfer.test.ts +132 -0
package/src/__tests__/schedule-routes.test.ts +162 -0
package/src/__tests__/secret-detection-handler.test.ts +84 -0
package/src/__tests__/secret-ingress-http.test.ts +1 -0
package/src/__tests__/send-endpoint-busy.test.ts +3 -0
package/src/__tests__/set-permission-mode.test.ts +13 -250
package/src/__tests__/skills-file-content-endpoint.test.ts +670 -0
package/src/__tests__/skills-files-catalog-fallback.test.ts +450 -0
package/src/__tests__/slack-channel-config.test.ts +12 -15
package/src/__tests__/subagent-detail.test.ts +44 -2
package/src/__tests__/subagent-disposal.test.ts +1 -0
package/src/__tests__/subagent-fork-notifications.test.ts +291 -0
package/src/__tests__/subagent-fork-spawn.test.ts +384 -0
package/src/__tests__/subagent-manager-notify.test.ts +1 -0
package/src/__tests__/subagent-notify-parent.test.ts +1 -0
package/src/__tests__/subagent-spawn-tool-fork.test.ts +411 -0
package/src/__tests__/subagent-tools.test.ts +1 -0
package/src/__tests__/subagent-types.test.ts +1 -0
package/src/__tests__/system-prompt-ask-mode.test.ts +27 -71
package/src/__tests__/system-prompt.test.ts +72 -1
package/src/__tests__/task-scheduler.test.ts +32 -6
package/src/__tests__/telegram-config.test.ts +10 -13
package/src/__tests__/terminal-sandbox.test.ts +1 -1
package/src/__tests__/terminal-tools.test.ts +11 -5
package/src/__tests__/test-preload.ts +14 -0
package/src/__tests__/tool-approval-handler.test.ts +73 -0
package/src/__tests__/tool-domain-event-publisher.test.ts +0 -1
package/src/__tests__/tool-executor-lifecycle-events.test.ts +1 -8
package/src/__tests__/tool-executor.test.ts +0 -1
package/src/__tests__/tool-side-effects-slack-dm.test.ts +22 -0
package/src/__tests__/top-level-renderer.test.ts +73 -1
package/src/__tests__/transport-hints-queue.test.ts +62 -0
package/src/__tests__/trust-store.test.ts +4 -4
package/src/__tests__/trusted-contact-inline-approval-integration.test.ts +109 -0
package/src/__tests__/v2-consent-policy.test.ts +103 -0
package/src/__tests__/workspace-migration-030-seed-pkb-autoinject.test.ts +168 -0
package/src/__tests__/workspace-policy.test.ts +2 -7
package/src/acp/client-handler.ts +30 -4
package/src/agent/loop.ts +12 -35
package/src/approvals/guardian-request-resolvers.ts +21 -15
package/src/browser-session/__tests__/manager.test.ts +297 -0
package/src/browser-session/backends/cdp-inspect.ts +30 -0
package/src/browser-session/backends/extension.ts +26 -0
package/src/browser-session/backends/local.ts +24 -0
package/src/browser-session/events.ts +164 -0
package/src/browser-session/index.ts +27 -0
package/src/browser-session/manager.ts +159 -0
package/src/browser-session/types.ts +28 -0
package/src/channels/__tests__/types.test.ts +134 -0
package/src/channels/types.ts +55 -0
package/src/cli/__tests__/run-assistant-command.ts +34 -7
package/src/cli/__tests__/unknown-command.test.ts +33 -0
package/src/cli/commands/browser-relay.ts +339 -409
package/src/cli/commands/credentials.ts +3 -3
package/src/cli/commands/default-action.ts +68 -1
package/src/cli/commands/email.ts +18 -13
package/src/cli/commands/mcp.ts +16 -4
package/src/cli/commands/oauth/__tests__/connect.test.ts +68 -41
package/src/cli/commands/oauth/__tests__/disconnect.test.ts +21 -21
package/src/cli/commands/oauth/__tests__/mode.test.ts +17 -17
package/src/cli/commands/oauth/__tests__/ping.test.ts +16 -16
package/src/cli/commands/oauth/__tests__/providers-delete.test.ts +31 -33
package/src/cli/commands/oauth/__tests__/providers-register.test.ts +329 -0
package/src/cli/commands/oauth/__tests__/providers-update.test.ts +116 -12
package/src/cli/commands/oauth/__tests__/status.test.ts +10 -10
package/src/cli/commands/oauth/__tests__/token.test.ts +7 -7
package/src/cli/commands/oauth/apps.ts +7 -4
package/src/cli/commands/oauth/connect.ts +16 -2
package/src/cli/commands/oauth/disconnect.ts +1 -1
package/src/cli/commands/oauth/providers.ts +200 -36
package/src/cli/commands/oauth/shared.ts +5 -5
package/src/cli/commands/platform/__tests__/callback-routes-list.test.ts +259 -0
package/src/cli/commands/platform/__tests__/connect.test.ts +1 -1
package/src/cli/commands/platform/__tests__/disconnect.test.ts +1 -1
package/src/cli/commands/platform/__tests__/status.test.ts +1 -1
package/src/cli/commands/platform/index.ts +107 -10
package/src/cli/commands/usage.ts +10 -9
package/src/cli/lib/daemon-credential-client.ts +4 -0
package/src/cli/program.ts +10 -3
package/src/config/assistant-feature-flags.ts +59 -55
package/src/config/bundled-skills/app-builder/SKILL.md +33 -173
package/src/config/bundled-skills/app-builder/references/CUSTOM_ROUTES.md +105 -0
package/src/config/bundled-skills/app-builder/references/INTERACTION_HOOKS.md +56 -0
package/src/config/bundled-skills/app-builder/references/WIDGETS.md +125 -0
package/src/config/bundled-skills/contacts/SKILL.md +3 -0
package/src/config/bundled-skills/document/SKILL.md +4 -0
package/src/config/bundled-skills/gmail/SKILL.md +12 -7
package/src/config/bundled-skills/gmail/TOOLS.json +1 -1
package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts +2 -1
package/src/config/bundled-skills/outlook/SKILL.md +7 -0
package/src/config/bundled-skills/settings/TOOLS.json +1 -1
package/src/config/bundled-skills/settings/tools/navigate-settings-tab.ts +8 -3
package/src/config/bundled-skills/subagent/SKILL.md +21 -0
package/src/config/bundled-skills/subagent/TOOLS.json +8 -4
package/src/config/bundled-skills/tasks/SKILL.md +5 -0
package/src/config/env-registry.ts +14 -0
package/src/config/env.ts +21 -0
package/src/config/feature-flag-registry.json +46 -7
package/src/config/loader.ts +56 -1
package/src/config/sanitize-for-transfer.ts +47 -0
package/src/config/schema.ts +46 -5
package/src/config/schemas/host-browser.ts +66 -0
package/src/config/schemas/memory-lifecycle.ts +1 -1
package/src/config/schemas/memory-retrieval.ts +103 -0
package/src/config/schemas/security.ts +0 -6
package/src/config/schemas/services.ts +16 -0
package/src/config/types.ts +0 -1
package/src/context/post-turn-tool-result-truncation.ts +176 -0
package/src/context/window-manager.ts +19 -1
package/src/credential-execution/approval-bridge.ts +49 -16
package/src/credential-execution/managed-catalog.ts +3 -7
package/src/daemon/__tests__/conversation-tool-setup.test.ts +186 -0
package/src/daemon/app-source-watcher.ts +35 -0
package/src/daemon/config-watcher.ts +6 -2
package/src/daemon/context-overflow-approval.ts +5 -1
package/src/daemon/conversation-agent-loop-handlers.ts +17 -2
package/src/daemon/conversation-agent-loop.ts +74 -19
package/src/daemon/conversation-attachments.ts +40 -1
package/src/daemon/conversation-messaging.ts +3 -0
package/src/daemon/conversation-process.ts +66 -3
package/src/daemon/conversation-queue-manager.ts +8 -0
package/src/daemon/conversation-runtime-assembly.ts +159 -20
package/src/daemon/conversation-surfaces.ts +78 -12
package/src/daemon/conversation-tool-setup.ts +74 -11
package/src/daemon/conversation-workspace.ts +12 -0
package/src/daemon/conversation.ts +227 -11
package/src/daemon/date-context.ts +10 -10
package/src/daemon/first-greeting.ts +3 -2
package/src/daemon/handlers/conversations.ts +9 -139
package/src/daemon/handlers/shared.ts +65 -0
package/src/daemon/handlers/skills.ts +232 -37
package/src/daemon/host-bash-proxy.ts +48 -13
package/src/daemon/host-browser-proxy.ts +191 -0
package/src/daemon/host-cu-proxy.ts +36 -11
package/src/daemon/host-file-proxy.ts +57 -9
package/src/daemon/lifecycle.ts +86 -12
package/src/daemon/message-protocol.ts +7 -0
package/src/daemon/message-types/conversations.ts +59 -13
package/src/daemon/message-types/host-browser.ts +100 -0
package/src/daemon/message-types/messages.ts +5 -6
package/src/daemon/message-types/notifications.ts +12 -0
package/src/daemon/message-types/settings.ts +12 -0
package/src/daemon/message-types/skills.ts +10 -0
package/src/daemon/message-types/subagents.ts +2 -0
package/src/daemon/server.ts +112 -35
package/src/daemon/tool-side-effects.ts +6 -0
package/src/daemon/transport-hints.ts +14 -0
package/src/inbound/platform-callback-registration.ts +18 -17
package/src/index.ts +1 -1
package/src/mcp/client.ts +59 -24
package/src/memory/app-store.ts +31 -1
package/src/memory/conversation-crud.ts +38 -10
package/src/memory/conversation-directories.ts +39 -0
package/src/memory/conversation-group-migration.ts +65 -5
package/src/memory/conversation-starters-cadence.ts +76 -0
package/src/memory/conversation-title-service.ts +5 -2
package/src/memory/db-init.ts +12 -0
package/src/memory/embedding-backend.test.ts +75 -0
package/src/memory/embedding-backend.ts +131 -5
package/src/memory/embedding-gemini.test.ts +54 -0
package/src/memory/embedding-gemini.ts +20 -9
package/src/memory/embedding-local.ts +177 -18
package/src/memory/graph/capability-seed.ts +3 -5
package/src/memory/graph/consolidation.ts +10 -23
package/src/memory/graph/extraction-job.ts +15 -0
package/src/memory/graph/retriever.ts +40 -22
package/src/memory/graph/store.test.ts +7 -3
package/src/memory/graph/store.ts +47 -12
package/src/memory/group-crud.ts +25 -9
package/src/memory/llm-usage-store.ts +45 -4
package/src/memory/migrations/213-oauth-providers-scope-separator.ts +13 -0
package/src/memory/migrations/214-oauth-providers-refresh-url.ts +11 -0
package/src/memory/migrations/215-oauth-providers-revoke.ts +14 -0
package/src/memory/migrations/216-oauth-providers-token-auth-method.ts +30 -0
package/src/memory/migrations/217-conversation-host-access.ts +40 -0
package/src/memory/migrations/218-oauth-providers-logo-url.ts +11 -0
package/src/memory/migrations/index.ts +6 -0
package/src/memory/migrations/registry.ts +8 -0
package/src/memory/schema/conversations.ts +1 -0
package/src/memory/schema/oauth.ts +18 -13
package/src/messaging/provider.ts +1 -1
package/src/notifications/broadcaster.ts +6 -0
package/src/notifications/conversation-pairing.ts +12 -4
package/src/notifications/emit-signal.ts +14 -0
package/src/notifications/signal.ts +11 -0
package/src/oauth/AGENTS.md +76 -0
package/src/oauth/__tests__/identity-verifier.test.ts +24 -19
package/src/oauth/__tests__/seed-providers-managed.test.ts +32 -0
package/src/oauth/byo-connection.test.ts +8 -8
package/src/oauth/byo-connection.ts +7 -7
package/src/oauth/connect-orchestrator.ts +23 -21
package/src/oauth/connect-types.ts +3 -3
package/src/oauth/connection-resolver.test.ts +17 -4
package/src/oauth/connection-resolver.ts +16 -16
package/src/oauth/connection.ts +1 -1
package/src/oauth/manual-token-connection.ts +13 -13
package/src/oauth/oauth-store.ts +214 -100
package/src/oauth/platform-connection.test.ts +5 -5
package/src/oauth/platform-connection.ts +4 -4
package/src/oauth/provider-serializer.ts +31 -5
package/src/oauth/revoke.ts +76 -0
package/src/oauth/seed-providers.ts +127 -87
package/src/oauth/token-persistence.ts +1 -1
package/src/permissions/checker.ts +3 -3
package/src/permissions/defaults.ts +7 -8
package/src/permissions/permission-mode.ts +4 -11
package/src/permissions/prompter.ts +13 -3
package/src/permissions/v2-consent-policy.ts +87 -0
package/src/platform/client.ts +1 -1
package/src/prompts/system-prompt.ts +18 -21
package/src/prompts/templates/BOOTSTRAP-REFERENCE.md +3 -65
package/src/prompts/templates/BOOTSTRAP.md +59 -96
package/src/prompts/templates/SOUL.md +11 -11
package/src/providers/anthropic/client.ts +1 -0
package/src/providers/types.ts +1 -1
package/src/runtime/AGENTS.md +23 -0
package/src/runtime/__tests__/browser-extension-pair-routes.test.ts +715 -0
package/src/runtime/__tests__/capability-tokens.test.ts +258 -0
package/src/runtime/__tests__/chrome-extension-registry.test.ts +518 -0
package/src/runtime/assistant-event-hub.ts +24 -2
package/src/runtime/auth/__tests__/guard-tests.test.ts +1 -0
package/src/runtime/auth/__tests__/middleware.test.ts +116 -1
package/src/runtime/auth/__tests__/route-policy.test.ts +8 -0
package/src/runtime/auth/middleware.ts +98 -0
package/src/runtime/auth/route-policy.ts +6 -7
package/src/runtime/auth/token-service.ts +8 -0
package/src/runtime/capability-tokens.ts +414 -0
package/src/runtime/channel-approvals.ts +18 -5
package/src/runtime/chrome-extension-registry.ts +332 -0
package/src/runtime/confirmation-request-guardian-bridge.ts +6 -0
package/src/runtime/guardian-decision-types.ts +7 -0
package/src/runtime/http-server.ts +425 -70
package/src/runtime/migrations/__tests__/rebind-secrets-credentials.test.ts +172 -0
package/src/runtime/migrations/__tests__/vbundle-builder-credentials.test.ts +276 -0
package/src/runtime/migrations/__tests__/vbundle-import-credentials.test.ts +162 -0
package/src/runtime/migrations/migration-transport.ts +6 -0
package/src/runtime/migrations/migration-wizard.ts +22 -2
package/src/runtime/migrations/rebind-secrets-screen.ts +76 -15
package/src/runtime/migrations/vbundle-builder.ts +145 -38
package/src/runtime/migrations/vbundle-import-analyzer.ts +19 -0
package/src/runtime/migrations/vbundle-importer.ts +55 -5
package/src/runtime/pending-interactions.ts +29 -13
package/src/runtime/routes/approval-routes.ts +90 -16
package/src/runtime/routes/browser-cdp-routes.ts +229 -0
package/src/runtime/routes/browser-extension-pair-routes.ts +497 -0
package/src/runtime/routes/conversation-analysis-routes.ts +18 -5
package/src/runtime/routes/conversation-management-routes.ts +108 -0
package/src/runtime/routes/conversation-routes.ts +308 -28
package/src/runtime/routes/conversation-starter-routes.ts +78 -16
package/src/runtime/routes/group-routes.ts +22 -8
package/src/runtime/routes/guardian-action-routes.ts +24 -13
package/src/runtime/routes/host-browser-routes.ts +279 -0
package/src/runtime/routes/host-file-routes.ts +9 -1
package/src/runtime/routes/identity-routes.ts +259 -16
package/src/runtime/routes/log-export/AGENTS.md +104 -0
package/src/runtime/routes/log-export/__tests__/workspace-allowlist-error-contract.test.ts +103 -0
package/src/runtime/routes/log-export/__tests__/workspace-allowlist.test.ts +716 -0
package/src/runtime/routes/log-export/workspace-allowlist.ts +458 -0
package/src/runtime/routes/log-export-routes.ts +60 -25
package/src/runtime/routes/memory-item-routes.ts +1 -7
package/src/runtime/routes/migration-routes.ts +87 -2
package/src/runtime/routes/oauth-apps.ts +15 -17
package/src/runtime/routes/oauth-providers.ts +4 -0
package/src/runtime/routes/schedule-routes.ts +24 -11
package/src/runtime/routes/settings-routes.ts +9 -97
package/src/runtime/routes/skills-routes.ts +52 -2
package/src/runtime/routes/subagents-routes.ts +14 -10
package/src/runtime/routes/usage-routes.ts +8 -7
package/src/runtime/routes/workspace-routes.test.ts +22 -0
package/src/runtime/routes/workspace-routes.ts +8 -1
package/src/runtime/routes/workspace-utils.ts +2 -0
package/src/schedule/scheduler.ts +7 -5
package/src/security/ces-credential-client.ts +20 -0
package/src/security/ces-rpc-credential-backend.ts +17 -0
package/src/security/credential-backend.ts +5 -0
package/src/security/oauth2.ts +42 -25
package/src/security/secure-keys.ts +118 -25
package/src/security/token-manager.ts +23 -10
package/src/skills/catalog-files.ts +492 -0
package/src/skills/inline-command-runner.ts +12 -14
package/src/subagent/manager.ts +131 -26
package/src/subagent/types.ts +19 -0
package/src/tools/apps/executors.ts +11 -2
package/src/tools/browser/__tests__/auth-detector.test.ts +202 -108
package/src/tools/browser/auth-detector.ts +43 -12
package/src/tools/browser/browser-execution.ts +645 -340
package/src/tools/browser/browser-manager.ts +36 -12
package/src/tools/browser/cdp-client/__tests__/accessibility-snapshot.test.ts +318 -0
package/src/tools/browser/cdp-client/__tests__/cdp-dom-helpers.test.ts +1175 -0
package/src/tools/browser/cdp-client/__tests__/cdp-inspect-client.test.ts +870 -0
package/src/tools/browser/cdp-client/__tests__/extension-cdp-client.test.ts +330 -0
package/src/tools/browser/cdp-client/__tests__/factory.test.ts +377 -0
package/src/tools/browser/cdp-client/__tests__/fixtures/ax-tree-nested-frames.json +64 -0
package/src/tools/browser/cdp-client/__tests__/fixtures/ax-tree-simple.json +69 -0
package/src/tools/browser/cdp-client/__tests__/local-cdp-client.test.ts +310 -0
package/src/tools/browser/cdp-client/__tests__/types.test.ts +96 -0
package/src/tools/browser/cdp-client/accessibility-snapshot.ts +387 -0
package/src/tools/browser/cdp-client/cdp-dom-helpers.ts +695 -0
package/src/tools/browser/cdp-client/cdp-inspect/__tests__/discovery.test.ts +743 -0
package/src/tools/browser/cdp-client/cdp-inspect/__tests__/ws-transport.test.ts +580 -0
package/src/tools/browser/cdp-client/cdp-inspect/discovery.ts +578 -0
package/src/tools/browser/cdp-client/cdp-inspect/ws-transport.ts +579 -0
package/src/tools/browser/cdp-client/cdp-inspect-client.ts +635 -0
package/src/tools/browser/cdp-client/errors.ts +34 -0
package/src/tools/browser/cdp-client/extension-cdp-client.ts +125 -0
package/src/tools/browser/cdp-client/factory.ts +204 -0
package/src/tools/browser/cdp-client/index.ts +14 -0
package/src/tools/browser/cdp-client/local-cdp-client.ts +187 -0
package/src/tools/browser/cdp-client/types.ts +52 -0
package/src/tools/filesystem/edit.ts +1 -1
package/src/tools/filesystem/list.ts +1 -1
package/src/tools/filesystem/read.ts +1 -1
package/src/tools/filesystem/write.ts +2 -1
package/src/tools/host-filesystem/edit.ts +1 -1
package/src/tools/host-filesystem/read.ts +12 -15
package/src/tools/host-filesystem/write.ts +1 -1
package/src/tools/host-terminal/host-shell.ts +21 -16
package/src/tools/permission-checker.ts +77 -100
package/src/tools/registry.ts +0 -2
package/src/tools/secret-detection-handler.ts +34 -1
package/src/tools/shared/filesystem/image-read.ts +61 -40
package/src/tools/skills/sandbox-runner.ts +3 -6
package/src/tools/subagent/spawn.ts +47 -3
package/src/tools/subagent/status.ts +2 -0
package/src/tools/system/register.ts +2 -16
package/src/tools/terminal/safe-env.ts +7 -0
package/src/tools/terminal/sandbox-diagnostics.ts +4 -4
package/src/tools/terminal/sandbox.ts +4 -1
package/src/tools/terminal/shell.ts +24 -21
package/src/tools/tool-approval-handler.ts +48 -2
package/src/tools/types.ts +2 -3
package/src/util/platform.ts +14 -19
package/src/watcher/provider-types.ts +1 -1
package/src/workspace/migrations/029-seed-pkb.ts +1 -0
package/src/workspace/migrations/030-seed-pkb-autoinject.ts +73 -0
package/src/workspace/migrations/registry.ts +2 -0
package/src/workspace/top-level-renderer.ts +19 -1
package/src/__tests__/chrome-cdp.test.ts +0 -419
package/src/__tests__/permission-mode-sse.test.ts +0 -418
package/src/__tests__/permission-mode-store.test.ts +0 -277
package/src/browser-extension-relay/protocol.ts +0 -63
package/src/browser-extension-relay/server.ts +0 -203
package/src/config/schemas/sandbox.ts +0 -14
package/src/permissions/permission-mode-store.ts +0 -180
package/src/tools/browser/chrome-cdp.ts +0 -239
package/src/tools/system/set-permission-mode.ts +0 -103

package/src/__tests__/permission-checker-host-gate.test.ts CHANGED Viewed

@@ -14,11 +14,6 @@
 import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
-import {
-  initPermissionModeStore,
-  resetForTesting as resetPermissionModeStore,
-  setHostAccess,
-} from "../permissions/permission-mode-store.js";
 import type { PermissionPrompter } from "../permissions/prompter.js";
 import { RiskLevel } from "../permissions/types.js";
 import { PermissionChecker } from "../tools/permission-checker.js";
@@ -47,6 +42,13 @@ mock.module("../hooks/manager.js", () => ({
   }),
 }));
+const hostAccessByConversation = new Map<string, boolean>();
+mock.module("../memory/conversation-crud.js", () => ({
+  getConversationHostAccess: (conversationId: string) =>
+    hostAccessByConversation.get(conversationId) ?? false,
+}));
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
@@ -96,13 +98,12 @@ const executionTarget: ExecutionTarget = "host";
 beforeEach(() => {
   _setOverridesForTesting({});
-  resetPermissionModeStore();
-  initPermissionModeStore();
+  hostAccessByConversation.clear();
 });
 afterEach(() => {
   _setOverridesForTesting({});
-  resetPermissionModeStore();
+  hostAccessByConversation.clear();
 });
 // ---------------------------------------------------------------------------
@@ -125,7 +126,7 @@ describe("permission-checker host-access gate (v2)", () => {
     describe("host tools with hostAccess=false", () => {
       beforeEach(() => {
-        setHostAccess(false);
+        hostAccessByConversation.set("test-conv", false);
       });
       for (const toolName of HOST_TOOL_NAMES) {
@@ -151,6 +152,12 @@ describe("permission-checker host-access gate (v2)", () => {
           // The prompter should have been called (interactive dialog)
           expect(promptSpy).toHaveBeenCalled();
+          const call = promptSpy.mock.calls[0] as unknown as unknown[];
+          expect(call[3]).toEqual([]);
+          expect(call[4]).toEqual([]);
+          expect(call[8]).toBe(false);
+          expect(call[10]).toBeUndefined();
+          expect(call[12]).toBe(true);
           // Since the mock prompter returns "allow", the result should be allowed
           expect(result.allowed).toBe(true);
           expect(result.decision).toBe("allow");
@@ -185,7 +192,7 @@ describe("permission-checker host-access gate (v2)", () => {
     describe("host tools with hostAccess=true", () => {
       beforeEach(() => {
-        setHostAccess(true);
+        hostAccessByConversation.set("test-conv", true);
       });
       for (const toolName of HOST_TOOL_NAMES) {
@@ -217,7 +224,7 @@ describe("permission-checker host-access gate (v2)", () => {
         "web_search",
       ]) {
         test(`${toolName} is auto-allowed regardless of hostAccess`, async () => {
-          setHostAccess(false);
+          hostAccessByConversation.set("test-conv", false);
           const checker = new PermissionChecker(makePrompter());
           const result = await checker.checkPermission(
             toolName,
@@ -239,7 +246,7 @@ describe("permission-checker host-access gate (v2)", () => {
     describe("requireFreshApproval bypasses v2 auto-allow", () => {
       beforeEach(() => {
-        setHostAccess(true);
+        hostAccessByConversation.set("test-conv", true);
       });
       test("host tool with requireFreshApproval falls through to prompter", async () => {
@@ -263,6 +270,12 @@ describe("permission-checker host-access gate (v2)", () => {
         );
         expect(promptSpy).toHaveBeenCalled();
+        const call = promptSpy.mock.calls[0] as unknown as unknown[];
+        expect(call[3]).toEqual([]);
+        expect(call[4]).toEqual([]);
+        expect(call[8]).toBe(false);
+        expect(call[10]).toBeUndefined();
+        expect(call[12]).toBe(false);
         expect(result.allowed).toBe(true);
         expect(result.decision).toBe("allow");
       });
@@ -288,6 +301,12 @@ describe("permission-checker host-access gate (v2)", () => {
         );
         expect(promptSpy).toHaveBeenCalled();
+        const call = promptSpy.mock.calls[0] as unknown as unknown[];
+        expect(call[3]).toEqual([]);
+        expect(call[4]).toEqual([]);
+        expect(call[8]).toBe(false);
+        expect(call[10]).toBeUndefined();
+        expect(call[12]).toBe(false);
         expect(result.allowed).toBe(true);
         expect(result.decision).toBe("allow");
       });
@@ -295,7 +314,7 @@ describe("permission-checker host-access gate (v2)", () => {
     describe("non-interactive guardian session with hostAccess=false", () => {
       beforeEach(() => {
-        setHostAccess(false);
+        hostAccessByConversation.set("test-conv", false);
       });
       test("host tool is NOT auto-approved (denies instead of guardian_auto_approve)", async () => {
@@ -329,7 +348,7 @@ describe("permission-checker host-access gate (v2)", () => {
     describe("forcePromptSideEffects bypasses v2 auto-allow for side-effect tools", () => {
       beforeEach(() => {
-        setHostAccess(true);
+        hostAccessByConversation.set("test-conv", true);
       });
       test("host side-effect tool with forcePromptSideEffects falls through to prompter", async () => {
@@ -401,6 +420,47 @@ describe("permission-checker host-access gate (v2)", () => {
         expect(result.decision).toBe("allow");
       });
     });
+    test("host access is evaluated per conversation", async () => {
+      hostAccessByConversation.set("allow-conv", true);
+      hostAccessByConversation.set("deny-conv", false);
+      const promptSpy = mock(() =>
+        Promise.resolve({ decision: "deny" as const }),
+      );
+      const checker = new PermissionChecker({
+        prompt: promptSpy,
+      } as unknown as PermissionPrompter);
+      const allowed = await checker.checkPermission(
+        "host_bash",
+        {},
+        makeTool("host_bash"),
+        makeContext({ conversationId: "allow-conv" }),
+        executionTarget,
+        noopEmit,
+        noopSanitize,
+        Date.now(),
+        noopDiff,
+      );
+      const denied = await checker.checkPermission(
+        "host_bash",
+        {},
+        makeTool("host_bash"),
+        makeContext({ conversationId: "deny-conv" }),
+        executionTarget,
+        noopEmit,
+        noopSanitize,
+        Date.now(),
+        noopDiff,
+      );
+      expect(allowed.allowed).toBe(true);
+      expect(allowed.decision).toBe("allow");
+      expect(denied.allowed).toBe(false);
+      expect(denied.decision).toBe("deny");
+      expect(promptSpy).toHaveBeenCalledTimes(1);
+    });
   });
   describe("when permission-controls-v2 flag is OFF", () => {

package/src/__tests__/permission-mode.test.ts CHANGED Viewed

@@ -6,51 +6,28 @@ import {
   PermissionModeSchema,
 } from "../permissions/permission-mode.js";
-// ---------------------------------------------------------------------------
-// Tests: PermissionModeSchema
-// ---------------------------------------------------------------------------
 describe("PermissionModeSchema", () => {
-  test("parses empty object with correct defaults", () => {
-    const result = PermissionModeSchema.parse({});
-    expect(result.askBeforeActing).toBe(true);
-    expect(result.hostAccess).toBe(false);
+  test("parses empty object with the host-access default", () => {
+    expect(PermissionModeSchema.parse({})).toEqual({ hostAccess: false });
   });
   test("DEFAULT_PERMISSION_MODE matches schema defaults", () => {
-    const parsed = PermissionModeSchema.parse({});
-    expect(parsed).toEqual(DEFAULT_PERMISSION_MODE);
+    expect(PermissionModeSchema.parse({})).toEqual(DEFAULT_PERMISSION_MODE);
   });
-  test("accepts explicit true/true", () => {
-    const result = PermissionModeSchema.parse({
-      askBeforeActing: true,
+  test("accepts explicit host access values", () => {
+    expect(PermissionModeSchema.parse({ hostAccess: true })).toEqual({
       hostAccess: true,
     });
-    expect(result.askBeforeActing).toBe(true);
-    expect(result.hostAccess).toBe(true);
-  });
-  test("accepts explicit false/false", () => {
-    const result = PermissionModeSchema.parse({
-      askBeforeActing: false,
+    expect(PermissionModeSchema.parse({ hostAccess: false })).toEqual({
       hostAccess: false,
     });
-    expect(result.askBeforeActing).toBe(false);
-    expect(result.hostAccess).toBe(false);
   });
   test("round-trips through JSON serialization", () => {
-    const original = { askBeforeActing: false, hostAccess: true };
+    const original = { hostAccess: true };
     const json = JSON.stringify(original);
-    const parsed = PermissionModeSchema.parse(JSON.parse(json));
-    expect(parsed).toEqual(original);
-  });
-  test("rejects non-boolean askBeforeActing", () => {
-    expect(() =>
-      PermissionModeSchema.parse({ askBeforeActing: "yes" }),
-    ).toThrow();
+    expect(PermissionModeSchema.parse(JSON.parse(json))).toEqual(original);
   });
   test("rejects non-boolean hostAccess", () => {
@@ -58,44 +35,39 @@ describe("PermissionModeSchema", () => {
   });
 });
-// ---------------------------------------------------------------------------
-// Tests: PermissionsConfigSchema (permissionMode fields)
-// ---------------------------------------------------------------------------
-describe("PermissionsConfigSchema permissionMode fields", () => {
-  test("defaults askBeforeActing to true and hostAccess to false", () => {
-    const result = PermissionsConfigSchema.parse({});
-    expect(result.askBeforeActing).toBe(true);
-    expect(result.hostAccess).toBe(false);
+describe("PermissionsConfigSchema", () => {
+  test("defaults to workspace mode with host access disabled", () => {
+    expect(PermissionsConfigSchema.parse({})).toEqual({
+      mode: "workspace",
+      hostAccess: false,
+    });
   });
-  test("preserves existing mode field alongside new fields", () => {
-    const result = PermissionsConfigSchema.parse({ mode: "strict" });
-    expect(result.mode).toBe("strict");
-    expect(result.askBeforeActing).toBe(true);
-    expect(result.hostAccess).toBe(false);
+  test("preserves the mode field alongside hostAccess", () => {
+    expect(PermissionsConfigSchema.parse({ mode: "strict" })).toEqual({
+      mode: "strict",
+      hostAccess: false,
+    });
   });
-  test("accepts overridden values for new fields", () => {
-    const result = PermissionsConfigSchema.parse({
+  test("accepts overridden hostAccess values", () => {
+    expect(
+      PermissionsConfigSchema.parse({
+        mode: "workspace",
+        hostAccess: true,
+      }),
+    ).toEqual({
       mode: "workspace",
-      askBeforeActing: false,
       hostAccess: true,
     });
-    expect(result.mode).toBe("workspace");
-    expect(result.askBeforeActing).toBe(false);
-    expect(result.hostAccess).toBe(true);
   });
-  test("round-trips new fields through JSON serialization", () => {
+  test("round-trips hostAccess through JSON serialization", () => {
     const input = {
       mode: "workspace" as const,
-      askBeforeActing: false,
       hostAccess: true,
     };
     const json = JSON.stringify(input);
-    const parsed = PermissionsConfigSchema.parse(JSON.parse(json));
-    expect(parsed.askBeforeActing).toBe(false);
-    expect(parsed.hostAccess).toBe(true);
+    expect(PermissionsConfigSchema.parse(JSON.parse(json))).toEqual(input);
   });
 });

package/src/__tests__/pkb-autoinject.test.ts ADDED Viewed

@@ -0,0 +1,96 @@
+import { mkdirSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+import { readAutoinjectList } from "../daemon/conversation-runtime-assembly.js";
+// ---------------------------------------------------------------------------
+// Setup / Teardown
+// ---------------------------------------------------------------------------
+let pkbDir: string;
+const dirs: string[] = [];
+beforeEach(() => {
+  pkbDir = join(
+    tmpdir(),
+    `vellum-pkb-autoinject-test-${Date.now()}-${Math.random().toString(36).slice(2)}`,
+  );
+  mkdirSync(pkbDir, { recursive: true });
+  dirs.push(pkbDir);
+});
+afterEach(() => {
+  for (const dir of dirs.splice(0)) {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+describe("readAutoinjectList", () => {
+  test("returns null when _autoinject.md does not exist", () => {
+    expect(readAutoinjectList(pkbDir)).toBeNull();
+  });
+  test("returns empty array when _autoinject.md is empty", () => {
+    writeFileSync(join(pkbDir, "_autoinject.md"), "", "utf-8");
+    expect(readAutoinjectList(pkbDir)).toEqual([]);
+  });
+  test("returns empty array when _autoinject.md contains only comments", () => {
+    writeFileSync(
+      join(pkbDir, "_autoinject.md"),
+      "_ This is a comment\n_ Another comment\n",
+      "utf-8",
+    );
+    expect(readAutoinjectList(pkbDir)).toEqual([]);
+  });
+  test("parses standard default content", () => {
+    writeFileSync(
+      join(pkbDir, "_autoinject.md"),
+      "_ comment\n\nINDEX.md\nessentials.md\nthreads.md\nbuffer.md\n",
+      "utf-8",
+    );
+    expect(readAutoinjectList(pkbDir)).toEqual([
+      "INDEX.md",
+      "essentials.md",
+      "threads.md",
+      "buffer.md",
+    ]);
+  });
+  test("parses custom entries", () => {
+    writeFileSync(
+      join(pkbDir, "_autoinject.md"),
+      "INDEX.md\ncustom-topic.md\n",
+      "utf-8",
+    );
+    expect(readAutoinjectList(pkbDir)).toEqual([
+      "INDEX.md",
+      "custom-topic.md",
+    ]);
+  });
+  test("strips blank lines and whitespace", () => {
+    writeFileSync(
+      join(pkbDir, "_autoinject.md"),
+      "INDEX.md\n\n  essentials.md  \n\n",
+      "utf-8",
+    );
+    expect(readAutoinjectList(pkbDir)).toEqual(["INDEX.md", "essentials.md"]);
+  });
+  test("strips comment lines mixed with filenames", () => {
+    writeFileSync(
+      join(pkbDir, "_autoinject.md"),
+      "_ Always loaded files\nINDEX.md\n_ Core facts\nessentials.md\n",
+      "utf-8",
+    );
+    expect(readAutoinjectList(pkbDir)).toEqual(["INDEX.md", "essentials.md"]);
+  });
+});

package/src/__tests__/platform-callback-registration.test.ts CHANGED Viewed

@@ -69,6 +69,25 @@ describe("platform callback registration", () => {
     expect(context.authHeader).toBe("Api-Key ast-managed-key");
   });
+  test("self-hosted assistant with stored credentials is enabled without IS_PLATFORM", async () => {
+    mockIsPlatform = false;
+    mockSecureKeys[credentialKey("vellum", "platform_base_url")] =
+      "https://platform.example.com";
+    mockSecureKeys[credentialKey("vellum", "platform_assistant_id")] =
+      "22222222-3333-4444-8555-666666666666";
+    mockSecureKeys[credentialKey("vellum", "assistant_api_key")] =
+      "ast-self-hosted-key";
+    const context = await resolvePlatformCallbackRegistrationContext();
+    expect(context.enabled).toBe(true);
+    expect(context.isPlatform).toBe(false);
+    expect(context.platformBaseUrl).toBe("https://platform.example.com");
+    expect(context.assistantId).toBe("22222222-3333-4444-8555-666666666666");
+    expect(context.hasAssistantApiKey).toBe(true);
+    expect(context.authHeader).toBe("Api-Key ast-self-hosted-key");
+  });
   test("registerCallbackRoute falls back to assistant API key auth", async () => {
     mockSecureKeys[credentialKey("vellum", "platform_base_url")] =
       "https://platform.example.com";