@vellumai/assistant 0.6.2 → 0.6.3

package/src/__tests__/permission-checker-host-gate.test.ts

@@ -14,11 +14,6 @@
 import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 
 import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
-import {
-  initPermissionModeStore,
-  resetForTesting as resetPermissionModeStore,
-  setHostAccess,
-} from "../permissions/permission-mode-store.js";
 import type { PermissionPrompter } from "../permissions/prompter.js";
 import { RiskLevel } from "../permissions/types.js";
 import { PermissionChecker } from "../tools/permission-checker.js";
@@ -47,6 +42,13 @@ mock.module("../hooks/manager.js", () => ({
   }),
 }));
 
+const hostAccessByConversation = new Map<string, boolean>();
+
+mock.module("../memory/conversation-crud.js", () => ({
+  getConversationHostAccess: (conversationId: string) =>
+    hostAccessByConversation.get(conversationId) ?? false,
+}));
+
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
@@ -96,13 +98,12 @@ const executionTarget: ExecutionTarget = "host";
 
 beforeEach(() => {
   _setOverridesForTesting({});
-  resetPermissionModeStore();
-  initPermissionModeStore();
+  hostAccessByConversation.clear();
 });
 
 afterEach(() => {
   _setOverridesForTesting({});
-  resetPermissionModeStore();
+  hostAccessByConversation.clear();
 });
 
 // ---------------------------------------------------------------------------
@@ -125,7 +126,7 @@ describe("permission-checker host-access gate (v2)", () => {
 
     describe("host tools with hostAccess=false", () => {
       beforeEach(() => {
-        setHostAccess(false);
+        hostAccessByConversation.set("test-conv", false);
       });
 
       for (const toolName of HOST_TOOL_NAMES) {
@@ -151,6 +152,12 @@ describe("permission-checker host-access gate (v2)", () => {
 
           // The prompter should have been called (interactive dialog)
           expect(promptSpy).toHaveBeenCalled();
+          const call = promptSpy.mock.calls[0] as unknown as unknown[];
+          expect(call[3]).toEqual([]);
+          expect(call[4]).toEqual([]);
+          expect(call[8]).toBe(false);
+          expect(call[10]).toBeUndefined();
+          expect(call[12]).toBe(true);
           // Since the mock prompter returns "allow", the result should be allowed
           expect(result.allowed).toBe(true);
           expect(result.decision).toBe("allow");
@@ -185,7 +192,7 @@ describe("permission-checker host-access gate (v2)", () => {
 
     describe("host tools with hostAccess=true", () => {
       beforeEach(() => {
-        setHostAccess(true);
+        hostAccessByConversation.set("test-conv", true);
       });
 
       for (const toolName of HOST_TOOL_NAMES) {
@@ -217,7 +224,7 @@ describe("permission-checker host-access gate (v2)", () => {
         "web_search",
       ]) {
         test(`${toolName} is auto-allowed regardless of hostAccess`, async () => {
-          setHostAccess(false);
+          hostAccessByConversation.set("test-conv", false);
           const checker = new PermissionChecker(makePrompter());
           const result = await checker.checkPermission(
             toolName,
@@ -239,7 +246,7 @@ describe("permission-checker host-access gate (v2)", () => {
 
     describe("requireFreshApproval bypasses v2 auto-allow", () => {
       beforeEach(() => {
-        setHostAccess(true);
+        hostAccessByConversation.set("test-conv", true);
       });
 
       test("host tool with requireFreshApproval falls through to prompter", async () => {
@@ -263,6 +270,12 @@ describe("permission-checker host-access gate (v2)", () => {
         );
 
         expect(promptSpy).toHaveBeenCalled();
+        const call = promptSpy.mock.calls[0] as unknown as unknown[];
+        expect(call[3]).toEqual([]);
+        expect(call[4]).toEqual([]);
+        expect(call[8]).toBe(false);
+        expect(call[10]).toBeUndefined();
+        expect(call[12]).toBe(false);
         expect(result.allowed).toBe(true);
         expect(result.decision).toBe("allow");
       });
@@ -288,6 +301,12 @@ describe("permission-checker host-access gate (v2)", () => {
         );
 
         expect(promptSpy).toHaveBeenCalled();
+        const call = promptSpy.mock.calls[0] as unknown as unknown[];
+        expect(call[3]).toEqual([]);
+        expect(call[4]).toEqual([]);
+        expect(call[8]).toBe(false);
+        expect(call[10]).toBeUndefined();
+        expect(call[12]).toBe(false);
         expect(result.allowed).toBe(true);
         expect(result.decision).toBe("allow");
       });
@@ -295,7 +314,7 @@ describe("permission-checker host-access gate (v2)", () => {
 
     describe("non-interactive guardian session with hostAccess=false", () => {
       beforeEach(() => {
-        setHostAccess(false);
+        hostAccessByConversation.set("test-conv", false);
       });
 
       test("host tool is NOT auto-approved (denies instead of guardian_auto_approve)", async () => {
@@ -329,7 +348,7 @@ describe("permission-checker host-access gate (v2)", () => {
 
     describe("forcePromptSideEffects bypasses v2 auto-allow for side-effect tools", () => {
       beforeEach(() => {
-        setHostAccess(true);
+        hostAccessByConversation.set("test-conv", true);
       });
 
       test("host side-effect tool with forcePromptSideEffects falls through to prompter", async () => {
@@ -401,6 +420,47 @@ describe("permission-checker host-access gate (v2)", () => {
         expect(result.decision).toBe("allow");
       });
     });
+
+    test("host access is evaluated per conversation", async () => {
+      hostAccessByConversation.set("allow-conv", true);
+      hostAccessByConversation.set("deny-conv", false);
+
+      const promptSpy = mock(() =>
+        Promise.resolve({ decision: "deny" as const }),
+      );
+      const checker = new PermissionChecker({
+        prompt: promptSpy,
+      } as unknown as PermissionPrompter);
+
+      const allowed = await checker.checkPermission(
+        "host_bash",
+        {},
+        makeTool("host_bash"),
+        makeContext({ conversationId: "allow-conv" }),
+        executionTarget,
+        noopEmit,
+        noopSanitize,
+        Date.now(),
+        noopDiff,
+      );
+      const denied = await checker.checkPermission(
+        "host_bash",
+        {},
+        makeTool("host_bash"),
+        makeContext({ conversationId: "deny-conv" }),
+        executionTarget,
+        noopEmit,
+        noopSanitize,
+        Date.now(),
+        noopDiff,
+      );
+
+      expect(allowed.allowed).toBe(true);
+      expect(allowed.decision).toBe("allow");
+      expect(denied.allowed).toBe(false);
+      expect(denied.decision).toBe("deny");
+      expect(promptSpy).toHaveBeenCalledTimes(1);
+    });
   });
 
   describe("when permission-controls-v2 flag is OFF", () => {

package/src/__tests__/permission-mode.test.ts

@@ -6,51 +6,28 @@ import {
   PermissionModeSchema,
 } from "../permissions/permission-mode.js";
 
-// ---------------------------------------------------------------------------
-// Tests: PermissionModeSchema
-// ---------------------------------------------------------------------------
-
 describe("PermissionModeSchema", () => {
-  test("parses empty object with correct defaults", () => {
-    const result = PermissionModeSchema.parse({});
-    expect(result.askBeforeActing).toBe(true);
-    expect(result.hostAccess).toBe(false);
+  test("parses empty object with the host-access default", () => {
+    expect(PermissionModeSchema.parse({})).toEqual({ hostAccess: false });
   });
 
   test("DEFAULT_PERMISSION_MODE matches schema defaults", () => {
-    const parsed = PermissionModeSchema.parse({});
-    expect(parsed).toEqual(DEFAULT_PERMISSION_MODE);
+    expect(PermissionModeSchema.parse({})).toEqual(DEFAULT_PERMISSION_MODE);
   });
 
-  test("accepts explicit true/true", () => {
-    const result = PermissionModeSchema.parse({
-      askBeforeActing: true,
+  test("accepts explicit host access values", () => {
+    expect(PermissionModeSchema.parse({ hostAccess: true })).toEqual({
       hostAccess: true,
     });
-    expect(result.askBeforeActing).toBe(true);
-    expect(result.hostAccess).toBe(true);
-  });
-
-  test("accepts explicit false/false", () => {
-    const result = PermissionModeSchema.parse({
-      askBeforeActing: false,
+    expect(PermissionModeSchema.parse({ hostAccess: false })).toEqual({
       hostAccess: false,
     });
-    expect(result.askBeforeActing).toBe(false);
-    expect(result.hostAccess).toBe(false);
   });
 
   test("round-trips through JSON serialization", () => {
-    const original = { askBeforeActing: false, hostAccess: true };
+    const original = { hostAccess: true };
     const json = JSON.stringify(original);
-    const parsed = PermissionModeSchema.parse(JSON.parse(json));
-    expect(parsed).toEqual(original);
-  });
-
-  test("rejects non-boolean askBeforeActing", () => {
-    expect(() =>
-      PermissionModeSchema.parse({ askBeforeActing: "yes" }),
-    ).toThrow();
+    expect(PermissionModeSchema.parse(JSON.parse(json))).toEqual(original);
   });
 
   test("rejects non-boolean hostAccess", () => {
@@ -58,44 +35,39 @@ describe("PermissionModeSchema", () => {
   });
 });
 
-// ---------------------------------------------------------------------------
-// Tests: PermissionsConfigSchema (permissionMode fields)
-// ---------------------------------------------------------------------------
-
-describe("PermissionsConfigSchema permissionMode fields", () => {
-  test("defaults askBeforeActing to true and hostAccess to false", () => {
-    const result = PermissionsConfigSchema.parse({});
-    expect(result.askBeforeActing).toBe(true);
-    expect(result.hostAccess).toBe(false);
+describe("PermissionsConfigSchema", () => {
+  test("defaults to workspace mode with host access disabled", () => {
+    expect(PermissionsConfigSchema.parse({})).toEqual({
+      mode: "workspace",
+      hostAccess: false,
+    });
   });
 
-  test("preserves existing mode field alongside new fields", () => {
-    const result = PermissionsConfigSchema.parse({ mode: "strict" });
-    expect(result.mode).toBe("strict");
-    expect(result.askBeforeActing).toBe(true);
-    expect(result.hostAccess).toBe(false);
+  test("preserves the mode field alongside hostAccess", () => {
+    expect(PermissionsConfigSchema.parse({ mode: "strict" })).toEqual({
+      mode: "strict",
+      hostAccess: false,
+    });
   });
 
-  test("accepts overridden values for new fields", () => {
-    const result = PermissionsConfigSchema.parse({
+  test("accepts overridden hostAccess values", () => {
+    expect(
+      PermissionsConfigSchema.parse({
+        mode: "workspace",
+        hostAccess: true,
+      }),
+    ).toEqual({
       mode: "workspace",
-      askBeforeActing: false,
       hostAccess: true,
     });
-    expect(result.mode).toBe("workspace");
-    expect(result.askBeforeActing).toBe(false);
-    expect(result.hostAccess).toBe(true);
   });
 
-  test("round-trips new fields through JSON serialization", () => {
+  test("round-trips hostAccess through JSON serialization", () => {
     const input = {
       mode: "workspace" as const,
-      askBeforeActing: false,
       hostAccess: true,
     };
     const json = JSON.stringify(input);
-    const parsed = PermissionsConfigSchema.parse(JSON.parse(json));
-    expect(parsed.askBeforeActing).toBe(false);
-    expect(parsed.hostAccess).toBe(true);
+    expect(PermissionsConfigSchema.parse(JSON.parse(json))).toEqual(input);
   });
 });

package/src/__tests__/platform-callback-registration.test.ts

@@ -69,6 +69,25 @@ describe("platform callback registration", () => {
     expect(context.authHeader).toBe("Api-Key ast-managed-key");
   });
 
+  test("self-hosted assistant with stored credentials is enabled without IS_PLATFORM", async () => {
+    mockIsPlatform = false;
+    mockSecureKeys[credentialKey("vellum", "platform_base_url")] =
+      "https://platform.example.com";
+    mockSecureKeys[credentialKey("vellum", "platform_assistant_id")] =
+      "22222222-3333-4444-8555-666666666666";
+    mockSecureKeys[credentialKey("vellum", "assistant_api_key")] =
+      "ast-self-hosted-key";
+
+    const context = await resolvePlatformCallbackRegistrationContext();
+
+    expect(context.enabled).toBe(true);
+    expect(context.isPlatform).toBe(false);
+    expect(context.platformBaseUrl).toBe("https://platform.example.com");
+    expect(context.assistantId).toBe("22222222-3333-4444-8555-666666666666");
+    expect(context.hasAssistantApiKey).toBe(true);
+    expect(context.authHeader).toBe("Api-Key ast-self-hosted-key");
+  });
+
   test("registerCallbackRoute falls back to assistant API key auth", async () => {
     mockSecureKeys[credentialKey("vellum", "platform_base_url")] =
       "https://platform.example.com";

package/src/__tests__/post-turn-tool-result-truncation.test.ts

@@ -0,0 +1,296 @@
+import { existsSync, mkdtempSync, readFileSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+
+import {
+  buildTruncatedContent,
+  derefToolResultReReads,
+  getToolResultFilePath,
+  postTurnTruncateToolResults,
+  REREAD_STUB,
+  TARGET_CHARS,
+  THRESHOLD_CHARS,
+  TOOL_RESULT_DIR,
+  TRUNCATION_MARKER,
+} from "../context/post-turn-tool-result-truncation.js";
+import type { ContentBlock, Message } from "../providers/types.js";
+
+function makeToolResult(
+  content: string,
+  toolUseId = "tool_use_1",
+  is_error = false,
+): ContentBlock {
+  return {
+    type: "tool_result" as const,
+    tool_use_id: toolUseId,
+    content,
+    ...(is_error ? { is_error: true } : {}),
+  };
+}
+
+function makeMessages(blocks: ContentBlock[]): Message[] {
+  return [{ role: "user", content: blocks }];
+}
+
+describe("postTurnTruncateToolResults", () => {
+  let convDir: string;
+
+  beforeEach(() => {
+    convDir = mkdtempSync(join(tmpdir(), "tool-result-trunc-"));
+  });
+
+  afterEach(() => {
+    rmSync(convDir, { recursive: true, force: true });
+  });
+
+  test("result below threshold is returned unchanged, no file written", () => {
+    const shortContent = "a".repeat(THRESHOLD_CHARS);
+    const messages = makeMessages([makeToolResult(shortContent)]);
+
+    const { messages: result, truncatedCount } =
+      postTurnTruncateToolResults(messages, { conversationDir: convDir });
+
+    expect(truncatedCount).toBe(0);
+    expect(result).toBe(messages); // same reference — no copy
+    expect(existsSync(join(convDir, TOOL_RESULT_DIR))).toBe(false);
+  });
+
+  test("result above threshold is truncated, file written with original content", () => {
+    const longContent = "x".repeat(THRESHOLD_CHARS + 1);
+    const toolUseId = "tool_use_abc";
+    const messages = makeMessages([makeToolResult(longContent, toolUseId)]);
+
+    const { messages: result, truncatedCount } =
+      postTurnTruncateToolResults(messages, { conversationDir: convDir });
+
+    expect(truncatedCount).toBe(1);
+
+    const block = result[0].content[0] as { type: "tool_result"; content: string };
+    expect(block.content).toContain(TRUNCATION_MARKER);
+    expect(block.content.length).toBeLessThan(longContent.length);
+
+    // Verify file on disk contains original content.
+    const filePath = getToolResultFilePath(convDir, toolUseId);
+    expect(existsSync(filePath)).toBe(true);
+    expect(readFileSync(filePath, "utf-8")).toBe(longContent);
+  });
+
+  test("error result above threshold is unchanged", () => {
+    const longContent = "e".repeat(THRESHOLD_CHARS + 100);
+    const messages = makeMessages([
+      makeToolResult(longContent, "tool_err", true),
+    ]);
+
+    const { messages: result, truncatedCount } =
+      postTurnTruncateToolResults(messages, { conversationDir: convDir });
+
+    expect(truncatedCount).toBe(0);
+    expect(result).toBe(messages);
+  });
+
+  test("already-truncated result is unchanged (idempotency)", () => {
+    // Simulate a result that was already truncated in a prior pass.
+    const alreadyTruncated =
+      "prefix..." +
+      `\n\n...(500 tokens omitted ${TRUNCATION_MARKER} /some/path.txt)\n\n` +
+      "...suffix".padEnd(THRESHOLD_CHARS + 1, "z");
+    const messages = makeMessages([
+      makeToolResult(alreadyTruncated, "tool_idempotent"),
+    ]);
+
+    const { messages: result, truncatedCount } =
+      postTurnTruncateToolResults(messages, { conversationDir: convDir });
+
+    expect(truncatedCount).toBe(0);
+    expect(result).toBe(messages);
+  });
+
+  test("multiple results in one turn are each evaluated independently", () => {
+    const short = "s".repeat(100);
+    const long1 = "a".repeat(THRESHOLD_CHARS + 1);
+    const long2 = "b".repeat(THRESHOLD_CHARS + 2);
+    const messages = makeMessages([
+      makeToolResult(short, "tool_short"),
+      makeToolResult(long1, "tool_long1"),
+      makeToolResult(long2, "tool_long2"),
+    ]);
+
+    const { messages: result, truncatedCount } =
+      postTurnTruncateToolResults(messages, { conversationDir: convDir });
+
+    expect(truncatedCount).toBe(2);
+
+    // Short result unchanged.
+    const b0 = result[0].content[0] as { type: "tool_result"; content: string };
+    expect(b0.content).toBe(short);
+
+    // Both long results truncated.
+    const b1 = result[0].content[1] as { type: "tool_result"; content: string };
+    const b2 = result[0].content[2] as { type: "tool_result"; content: string };
+    expect(b1.content).toContain(TRUNCATION_MARKER);
+    expect(b2.content).toContain(TRUNCATION_MARKER);
+  });
+
+  test("prefix/suffix split preserves first and last halves of TARGET_CHARS", () => {
+    // Build content where each char is its position modulo 10 so we can verify slicing.
+    const longContent = Array.from({ length: THRESHOLD_CHARS + 500 }, (_, i) =>
+      String(i % 10),
+    ).join("");
+
+    const filePath = "/tmp/fake-path.txt";
+    const stub = buildTruncatedContent(longContent, filePath);
+
+    const half = Math.floor(TARGET_CHARS / 2);
+    const expectedPrefix = longContent.slice(0, half);
+    const expectedSuffix = longContent.slice(-half);
+
+    expect(stub.startsWith(expectedPrefix)).toBe(true);
+    expect(stub.endsWith(expectedSuffix)).toBe(true);
+    expect(stub).toContain(TRUNCATION_MARKER);
+    expect(stub).toContain(filePath);
+  });
+
+  test("file path is deterministic for the same toolUseId", () => {
+    const id = "tool_use_deterministic";
+    const path1 = getToolResultFilePath("/some/dir", id);
+    const path2 = getToolResultFilePath("/some/dir", id);
+    expect(path1).toBe(path2);
+
+    // Different IDs produce different paths.
+    const path3 = getToolResultFilePath("/some/dir", "tool_use_other");
+    expect(path3).not.toBe(path1);
+  });
+});
+
+describe("derefToolResultReReads", () => {
+  function makeToolUse(
+    id: string,
+    name: string,
+    input: Record<string, unknown>,
+  ): ContentBlock {
+    return { type: "tool_use" as const, id, name, input };
+  }
+
+  test("file_read of .tool-results/ path: tool_result content replaced with REREAD_STUB", () => {
+    const toolUseId = "tu_reread_1";
+    const messages: Message[] = [
+      {
+        role: "assistant",
+        content: [
+          makeToolUse(toolUseId, "file_read", {
+            path: `/home/user/.vellum/workspace/conversations/abc/${TOOL_RESULT_DIR}/abc123.txt`,
+          }),
+        ],
+      },
+      {
+        role: "user",
+        content: [makeToolResult("full file contents here", toolUseId)],
+      },
+    ];
+
+    const { messages: result, dereferencedCount } =
+      derefToolResultReReads(messages);
+
+    expect(dereferencedCount).toBe(1);
+    const block = result[1].content[0] as { type: "tool_result"; content: string };
+    expect(block.content).toBe(REREAD_STUB);
+  });
+
+  test("file_read of normal path: tool_result unchanged", () => {
+    const toolUseId = "tu_normal_read";
+    const originalContent = "some file contents";
+    const messages: Message[] = [
+      {
+        role: "assistant",
+        content: [
+          makeToolUse(toolUseId, "file_read", {
+            path: "src/foo.ts",
+          }),
+        ],
+      },
+      {
+        role: "user",
+        content: [makeToolResult(originalContent, toolUseId)],
+      },
+    ];
+
+    const { messages: result, dereferencedCount } =
+      derefToolResultReReads(messages);
+
+    expect(dereferencedCount).toBe(0);
+    expect(result).toBe(messages); // same reference — no copy
+    const block = result[1].content[0] as { type: "tool_result"; content: string };
+    expect(block.content).toBe(originalContent);
+  });
+
+  test("non-file_read tool: tool_result unchanged even if output mentions .tool-results/", () => {
+    const toolUseId = "tu_bash";
+    const outputMentioningDir = `Found file at /home/user/${TOOL_RESULT_DIR}/abc.txt`;
+    const messages: Message[] = [
+      {
+        role: "assistant",
+        content: [
+          makeToolUse(toolUseId, "bash", {
+            command: "ls",
+          }),
+        ],
+      },
+      {
+        role: "user",
+        content: [makeToolResult(outputMentioningDir, toolUseId)],
+      },
+    ];
+
+    const { messages: result, dereferencedCount } =
+      derefToolResultReReads(messages);
+
+    expect(dereferencedCount).toBe(0);
+    expect(result).toBe(messages);
+    const block = result[1].content[0] as { type: "tool_result"; content: string };
+    expect(block.content).toBe(outputMentioningDir);
+  });
+
+  test("multiple re-reads in one turn: each deduplicated independently", () => {
+    const tu1 = "tu_multi_1";
+    const tu2 = "tu_multi_2";
+    const tuNormal = "tu_multi_normal";
+    const messages: Message[] = [
+      {
+        role: "assistant",
+        content: [
+          makeToolUse(tu1, "file_read", {
+            path: `/workspace/conv/${TOOL_RESULT_DIR}/aaa.txt`,
+          }),
+          makeToolUse(tu2, "file_read", {
+            path: `/workspace/conv/${TOOL_RESULT_DIR}/bbb.txt`,
+          }),
+          makeToolUse(tuNormal, "file_read", {
+            path: "src/bar.ts",
+          }),
+        ],
+      },
+      {
+        role: "user",
+        content: [
+          makeToolResult("re-read content 1", tu1),
+          makeToolResult("re-read content 2", tu2),
+          makeToolResult("normal read content", tuNormal),
+        ],
+      },
+    ];
+
+    const { messages: result, dereferencedCount } =
+      derefToolResultReReads(messages);
+
+    expect(dereferencedCount).toBe(2);
+
+    const b0 = result[1].content[0] as { type: "tool_result"; content: string };
+    const b1 = result[1].content[1] as { type: "tool_result"; content: string };
+    const b2 = result[1].content[2] as { type: "tool_result"; content: string };
+
+    expect(b0.content).toBe(REREAD_STUB);
+    expect(b1.content).toBe(REREAD_STUB);
+    expect(b2.content).toBe("normal read content"); // unchanged
+  });
+});

package/src/__tests__/proxy-approval-callback.test.ts

@@ -1,5 +1,6 @@
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
+import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
 import type { ProxyApprovalRequest } from "../outbound-proxy/index.js";
 
 // ---------------------------------------------------------------------------
@@ -110,6 +111,23 @@ describe("createProxyApprovalCallback", () => {
     addRuleMock.mockClear();
     findHighestPriorityRuleMock.mockClear();
     findHighestPriorityRuleMock.mockReturnValue(null);
+    _setOverridesForTesting({});
+  });
+
+  test("suppresses network approval cards under v2 and auto-allows", async () => {
+    _setOverridesForTesting({ "permission-controls-v2": true });
+
+    const ctx = makeContext();
+    const prompterSendToClient = mock(() => {});
+    const prompter = new PermissionPrompter(prompterSendToClient);
+
+    const callback = createProxyApprovalCallback(prompter, ctx);
+    const result = await callback(makeAskMissingCredentialRequest());
+
+    expect(result).toBe(true);
+    expect(prompterSendToClient).not.toHaveBeenCalled();
+    expect(findHighestPriorityRuleMock).not.toHaveBeenCalled();
+    expect(addRuleMock).not.toHaveBeenCalled();
   });
 
   test("returns true when user allows an ask_missing_credential request", async () => {