@vellumai/assistant 0.6.2 → 0.6.3

package/src/__tests__/acp-session.test.ts

@@ -2,6 +2,7 @@ import { beforeEach, describe, expect, mock, test } from "bun:test";
 
 import { VellumAcpClientHandler } from "../acp/client-handler.js";
 import { AcpSessionManager } from "../acp/session-manager.js";
+import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
 import type { ServerMessage } from "../daemon/message-protocol.js";
 import * as pendingInteractions from "../runtime/pending-interactions.js";
 
@@ -15,6 +16,7 @@ describe("VellumAcpClientHandler", () => {
   let handler: VellumAcpClientHandler;
 
   beforeEach(() => {
+    _setOverridesForTesting({});
     sent = [];
     sendToVellum = (msg) => sent.push(msg);
     handler = new VellumAcpClientHandler(
@@ -229,6 +231,47 @@ describe("VellumAcpClientHandler", () => {
       expect(msg.riskLevel).toBe("medium");
     });
 
+    test("suppresses ACP confirmation UI under v2 and chooses the allow option", async () => {
+      _setOverridesForTesting({ "permission-controls-v2": true });
+
+      const result = await handler.requestPermission({
+        toolCall: {
+          title: "Read file",
+          kind: "read",
+          rawInput: "/tmp/example.txt",
+        },
+        options: [
+          { optionId: "allow", name: "Allow", kind: "allow_once" },
+          { optionId: "deny", name: "Deny", kind: "reject_once" },
+        ],
+      } as any);
+
+      expect(result).toEqual({
+        outcome: { outcome: "selected", optionId: "allow" },
+      });
+      expect(sent).toHaveLength(0);
+      expect(handler.pendingRequestIds.size).toBe(0);
+    });
+
+    test("suppresses ACP confirmation UI under v2 and cancels when no allow option exists", async () => {
+      _setOverridesForTesting({ "permission-controls-v2": true });
+
+      const result = await handler.requestPermission({
+        toolCall: {
+          title: "Read file",
+          kind: "read",
+          rawInput: "/tmp/example.txt",
+        },
+        options: [{ optionId: "deny", name: "Deny", kind: "reject_once" }],
+      } as any);
+
+      expect(result).toEqual({
+        outcome: { outcome: "cancelled" },
+      });
+      expect(sent).toHaveLength(0);
+      expect(handler.pendingRequestIds.size).toBe(0);
+    });
+
     test("ACP registration survives sendToVellum overwrite (makeEventSender race)", async () => {
       // Simulate makeEventSender: when sendToVellum is called with a
       // confirmation_request, it overwrites the pendingInteractions entry

package/src/__tests__/app-builder-tool-scripts.test.ts

@@ -25,6 +25,7 @@ function makeMockStore(overrides: Partial<AppStore> = {}): AppStore {
   return {
     getApp: () => makeApp(),
     listApps: () => [makeApp()],
+    appFileExists: () => false,
     createApp: (params) =>
       makeApp({ name: params.name, description: params.description }),
     updateApp: (id, updates) => makeApp({ id, ...updates }),

package/src/__tests__/app-executors.test.ts

@@ -56,6 +56,7 @@ function mockStore(
   return {
     getApp: (id: string) => (id === app.id ? app : null),
     listApps: () => [app],
+    appFileExists: (_appId: string, path: string) => path in files,
     createApp: () => app,
     updateApp: () => app,
     deleteApp: () => {},

package/src/__tests__/app-source-watcher.test.ts

@@ -21,23 +21,25 @@ const testDirNameMap = new Map<string, string>([["my-app", "app-id-1"]]);
 
 let capturedWatchCallback: ((eventType: string, filename: string | null) => void) | null = null;
 const mockWatcher = { close: mock(() => {}) };
+const mockExistsSync = mock((p: string): boolean => p === TEST_APPS_DIR);
+const mockWatch = mock(
+  (
+    _path: string,
+    _opts: Record<string, unknown>,
+    callback: (eventType: string, filename: string | null) => void,
+  ) => {
+    capturedWatchCallback = callback;
+    return mockWatcher;
+  },
+);
 
 mock.module("node:fs", () => {
   // eslint-disable-next-line @typescript-eslint/no-require-imports
   const actualFs = require("node:fs");
   return {
     ...actualFs,
-    existsSync: mock((p: string) => p === TEST_APPS_DIR),
-    watch: mock(
-      (
-        _path: string,
-        _opts: Record<string, unknown>,
-        callback: (eventType: string, filename: string | null) => void,
-      ) => {
-        capturedWatchCallback = callback;
-        return mockWatcher;
-      },
-    ),
+    existsSync: mockExistsSync,
+    watch: mockWatch,
   };
 });
 
@@ -67,6 +69,8 @@ describe("AppSourceWatcher", () => {
     onChangeSpy = mock(() => {});
     capturedWatchCallback = null;
     mockWatcher.close.mockClear();
+    // Reset existsSync to default behavior for each test
+    mockExistsSync.mockImplementation((p: string) => p === TEST_APPS_DIR);
   });
 
   afterEach(() => {
@@ -156,4 +160,26 @@ describe("AppSourceWatcher", () => {
 
     expect(mockWatcher.close).toHaveBeenCalledTimes(1);
   });
+
+  test("ensureStarted() initializes watcher after apps directory is created", () => {
+    // Simulate apps dir not existing at start time
+    mockExistsSync.mockImplementation((_p: string) => false);
+
+    watcher.start(onChangeSpy);
+    expect(capturedWatchCallback).toBeNull(); // watcher didn't start
+
+    // Simulate apps dir now existing (e.g. after app_create)
+    mockExistsSync.mockImplementation((p: string) => p === TEST_APPS_DIR);
+
+    watcher.ensureStarted();
+    expect(capturedWatchCallback).not.toBeNull(); // watcher started
+  });
+
+  test("ensureStarted() is a no-op when watcher is already running", () => {
+    watcher.start(onChangeSpy);
+    const callCountAfterStart = mockWatch.mock.calls.length;
+
+    watcher.ensureStarted();
+    expect(mockWatch.mock.calls.length).toBe(callCountAfterStart); // no extra watch call
+  });
 });

package/src/__tests__/approval-routes-http.test.ts

@@ -6,6 +6,7 @@
  */
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
+import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
 import type { Conversation } from "../daemon/conversation.js";
 import type { ServerMessage } from "../daemon/message-protocol.js";
 
@@ -68,6 +69,7 @@ mock.module("../permissions/trust-store.js", () => ({
 }));
 
 import { getDb, initializeDb } from "../memory/db.js";
+import { CONVERSATION_HOST_ACCESS_PROMPT } from "../permissions/v2-consent-policy.js";
 import { AssistantEventHub } from "../runtime/assistant-event-hub.js";
 import { RuntimeHttpServer } from "../runtime/http-server.js";
 import * as pendingInteractions from "../runtime/pending-interactions.js";
@@ -109,6 +111,7 @@ function makeIdleSession(opts?: {
     usageStats: { inputTokens: 0, outputTokens: 0, estimatedCost: 0 },
     updateClient: () => {},
     setHostBashProxy: () => {},
+    setHostBrowserProxy: () => {},
     setHostFileProxy: () => {},
     setHostCuProxy: () => {},
     addPreactivatedSkillId: () => {},
@@ -174,6 +177,7 @@ function makeConfirmationEmittingSession(opts?: {
     usageStats: { inputTokens: 0, outputTokens: 0, estimatedCost: 0 },
     updateClient: () => {},
     setHostBashProxy: () => {},
+    setHostBrowserProxy: () => {},
     setHostFileProxy: () => {},
     setHostCuProxy: () => {},
     addPreactivatedSkillId: () => {},
@@ -221,6 +225,7 @@ describe("standalone approval endpoints — HTTP layer", () => {
   let eventHub: AssistantEventHub;
 
   beforeEach(() => {
+    _setOverridesForTesting({});
     const db = getDb();
     db.run("DELETE FROM messages");
     db.run("DELETE FROM conversations");
@@ -359,7 +364,21 @@ describe("standalone approval endpoints — HTTP layer", () => {
     });
 
     test("returns 400 for invalid decision", async () => {
-      await startServer(() => makeIdleSession());
+      const session = makeIdleSession();
+      await startServer(() => session);
+
+      pendingInteractions.register("req-1", {
+        conversation: session,
+        conversationId: "conv-1",
+        kind: "confirmation",
+        confirmationDetails: {
+          toolName: "shell_command",
+          input: { command: "ls" },
+          riskLevel: "medium",
+          allowlistOptions: [],
+          scopeOptions: [],
+        },
+      });
 
       const res = await fetch(url("confirm"), {
         method: "POST",
@@ -371,6 +390,124 @@ describe("standalone approval endpoints — HTTP layer", () => {
 
       await stopServer();
     });
+
+    test("rejects temporal approval decisions for conversation host-access prompts", async () => {
+      let confirmedDecision: string | undefined;
+
+      const session = makeIdleSession({
+        onConfirmation: (_reqId, dec) => {
+          confirmedDecision = dec;
+        },
+      });
+
+      await startServer(() => session);
+
+      pendingInteractions.register("req-host-access", {
+        conversation: session,
+        conversationId: "conv-1",
+        kind: "confirmation",
+        confirmationDetails: {
+          toolName: "host_bash",
+          input: { command: "ls" },
+          riskLevel: "medium",
+          ...CONVERSATION_HOST_ACCESS_PROMPT,
+        },
+      });
+
+      const res = await fetch(url("confirm"), {
+        method: "POST",
+        headers: { "Content-Type": "application/json", ...AUTH_HEADERS },
+        body: JSON.stringify({
+          requestId: "req-host-access",
+          decision: "allow_10m",
+        }),
+      });
+      const body = (await res.json()) as { error?: { message?: string } };
+
+      expect(res.status).toBe(403);
+      expect(body.error?.message).toContain(
+        "Conversation host-access prompts only accept allow or deny",
+      );
+      expect(confirmedDecision).toBeUndefined();
+      expect(pendingInteractions.get("req-host-access")).toBeDefined();
+
+      await stopServer();
+    });
+
+    test("canonicalizes advertised legacy allow verbs to one-time allow under v2", async () => {
+      _setOverridesForTesting({ "permission-controls-v2": true });
+      let handledDecision: string | undefined;
+      const handlingSession = makeIdleSession({
+        onConfirmation: (_requestId, decision) => {
+          handledDecision = decision;
+        },
+      });
+      await startServer(() => handlingSession);
+
+      pendingInteractions.register("req-v2", {
+        conversation: handlingSession,
+        conversationId: "conv-1",
+        kind: "confirmation",
+        confirmationDetails: {
+          toolName: "shell_command",
+          input: { command: "ls" },
+          riskLevel: "medium",
+          allowlistOptions: [],
+          scopeOptions: [],
+          temporaryOptionsAvailable: ["allow_10m"],
+        },
+      });
+
+      const res = await fetch(url("confirm"), {
+        method: "POST",
+        headers: { "Content-Type": "application/json", ...AUTH_HEADERS },
+        body: JSON.stringify({
+          requestId: "req-v2",
+          decision: "allow_10m",
+        }),
+      });
+
+      expect(res.status).toBe(200);
+      expect(handledDecision).toBe("allow");
+      expect(pendingInteractions.get("req-v2")).toBeUndefined();
+
+      await stopServer();
+    });
+
+    test("rejects unadvertised legacy approval verbs under v2", async () => {
+      _setOverridesForTesting({ "permission-controls-v2": true });
+      const session = makeIdleSession();
+      await startServer(() => session);
+
+      pendingInteractions.register("req-v2-invalid", {
+        conversation: session,
+        conversationId: "conv-1",
+        kind: "confirmation",
+        confirmationDetails: {
+          toolName: "shell_command",
+          input: { command: "ls" },
+          riskLevel: "medium",
+          allowlistOptions: [],
+          scopeOptions: [],
+        },
+      });
+
+      const res = await fetch(url("confirm"), {
+        method: "POST",
+        headers: { "Content-Type": "application/json", ...AUTH_HEADERS },
+        body: JSON.stringify({
+          requestId: "req-v2-invalid",
+          decision: "allow_10m",
+        }),
+      });
+      const body = (await res.json()) as { error?: { message?: string } };
+
+      expect(res.status).toBe(400);
+      expect(body.error?.message).toContain("resolve to allow or deny");
+      expect(pendingInteractions.get("req-v2-invalid")).toBeDefined();
+
+      await stopServer();
+    });
   });
 
   // ── POST /v1/secret ──────────────────────────────────────────────────
@@ -625,6 +762,46 @@ describe("standalone approval endpoints — HTTP layer", () => {
       await stopServer();
     });
 
+    test("returns 403 for trust rules under v2", async () => {
+      _setOverridesForTesting({ "permission-controls-v2": true });
+      const session = makeIdleSession();
+      await startServer(() => session);
+
+      pendingInteractions.register("req-v2-trust", {
+        conversation: session,
+        conversationId: "conv-1",
+        kind: "confirmation",
+        confirmationDetails: {
+          toolName: "shell_command",
+          input: { command: "ls" },
+          riskLevel: "medium",
+          allowlistOptions: [
+            { label: "Allow ls", description: "test", pattern: "ls" },
+          ],
+          scopeOptions: [{ label: "Conversation", scope: "session" }],
+          persistentDecisionsAllowed: true,
+        },
+      });
+
+      const res = await fetch(url("trust-rules"), {
+        method: "POST",
+        headers: { "Content-Type": "application/json", ...AUTH_HEADERS },
+        body: JSON.stringify({
+          requestId: "req-v2-trust",
+          pattern: "ls",
+          scope: "session",
+          decision: "allow",
+        }),
+      });
+      const body = (await res.json()) as { error?: { message?: string } };
+
+      expect(res.status).toBe(403);
+      expect(body.error?.message).toContain("permission-controls-v2");
+      expect(pendingInteractions.get("req-v2-trust")).toBeDefined();
+
+      await stopServer();
+    });
+
     test("returns 403 when pattern does not match allowlist", async () => {
       const session = makeIdleSession();
       await startServer(() => session);