@vellumai/assistant 0.6.2 → 0.6.3

package/src/__tests__/require-fresh-approval.test.ts

@@ -108,16 +108,20 @@ mock.module("../permissions/checker.js", () => ({
 
 mock.module("../memory/tool-usage-store.js", () => ({
   recordToolInvocation: () => {},
+  getRecentInvocations: () => [],
+  rotateToolInvocations: () => 0,
 }));
 
 mock.module("../tools/registry.js", () => ({
   getTool: (name: string) => {
     if (name === "unknown_tool") return undefined;
+    const isGmailTool = name.startsWith("gmail_");
     return {
       name,
       description: "test tool",
-      category: "credential-execution",
+      category: isGmailTool ? "gmail" : "credential-execution",
       defaultRiskLevel: "high",
+      executionTarget: isGmailTool ? ("host" as const) : undefined,
       getDefinition: () => ({}),
       execute: async () => fakeToolResult,
     };
@@ -257,6 +261,41 @@ describe("requireFreshApproval: non-interactive guardian denial", () => {
     expect(result.isError).toBe(false);
   });
 
+  test("medium-risk gmail archive is auto-approved in non-interactive guardian sessions", async () => {
+    riskOverride = RiskLevel.Medium;
+    checkResultOverride = {
+      decision: "prompt",
+      reason: "Needs approval",
+    };
+
+    const executor = new ToolExecutor(makePrompter());
+    const result = await executor.execute(
+      "gmail_archive",
+      { query: "in:inbox", confidence: 0.92 },
+      makeContext({ isInteractive: false, trustClass: "guardian" }),
+    );
+
+    expect(result.isError).toBe(false);
+  });
+
+  test("high-risk gmail send_draft is denied in non-interactive guardian sessions", async () => {
+    riskOverride = RiskLevel.High;
+    checkResultOverride = {
+      decision: "prompt",
+      reason: "Needs approval",
+    };
+
+    const executor = new ToolExecutor(makePrompter());
+    const result = await executor.execute(
+      "gmail_send_draft",
+      { draft_id: "draft-123", confidence: 0.99 },
+      makeContext({ isInteractive: false, trustClass: "guardian" }),
+    );
+
+    expect(result.isError).toBe(true);
+    expect(result.content).toContain("requires user approval");
+  });
+
   test("low-risk tools are still auto-approved in non-interactive guardian sessions", async () => {
     riskOverride = RiskLevel.Low;
     checkResultOverride = {

package/src/__tests__/sanitize-config-for-transfer.test.ts

@@ -0,0 +1,132 @@
+import { describe, expect, test } from "bun:test";
+
+import { sanitizeConfigForTransfer } from "../config/sanitize-for-transfer.js";
+
+describe("sanitizeConfigForTransfer", () => {
+  test("strips all four field groups", () => {
+    const input = {
+      ingress: {
+        publicBaseUrl: "https://example.com",
+        enabled: true,
+        webhook: { path: "/hook" },
+      },
+      daemon: { port: 3000, logLevel: "debug" },
+      skills: {
+        load: {
+          extraDirs: ["/custom/skills"],
+          builtIn: true,
+        },
+      },
+      name: "my-assistant",
+    };
+
+    const result = JSON.parse(sanitizeConfigForTransfer(JSON.stringify(input)));
+
+    expect(result.ingress.publicBaseUrl).toBe("");
+    expect(result.ingress.enabled).toBeUndefined();
+    expect(result.daemon).toBeUndefined();
+    expect(result.skills.load.extraDirs).toEqual([]);
+  });
+
+  test("preserves non-target fields unchanged", () => {
+    const input = {
+      name: "test",
+      model: "claude-3",
+      ingress: {
+        publicBaseUrl: "https://example.com",
+        enabled: true,
+        webhook: { path: "/hook" },
+        rateLimit: { max: 100 },
+      },
+      daemon: { port: 3000 },
+      skills: {
+        load: {
+          extraDirs: ["/dir"],
+          builtIn: true,
+        },
+        catalog: ["skill-a"],
+      },
+      memory: { enabled: true },
+    };
+
+    const result = JSON.parse(sanitizeConfigForTransfer(JSON.stringify(input)));
+
+    expect(result.name).toBe("test");
+    expect(result.model).toBe("claude-3");
+    expect(result.memory).toEqual({ enabled: true });
+    expect(result.skills.catalog).toEqual(["skill-a"]);
+    expect(result.skills.load.builtIn).toBe(true);
+  });
+
+  test("preserves nested ingress fields other than publicBaseUrl and enabled", () => {
+    const input = {
+      ingress: {
+        publicBaseUrl: "https://old.url",
+        enabled: false,
+        webhook: { path: "/webhook", secret: "abc" },
+        rateLimit: { max: 50, window: 60 },
+      },
+    };
+
+    const result = JSON.parse(sanitizeConfigForTransfer(JSON.stringify(input)));
+
+    expect(result.ingress.webhook).toEqual({ path: "/webhook", secret: "abc" });
+    expect(result.ingress.rateLimit).toEqual({ max: 50, window: 60 });
+    expect(result.ingress.publicBaseUrl).toBe("");
+    expect(result.ingress.enabled).toBeUndefined();
+  });
+
+  test("handles config missing some target fields", () => {
+    const input = {
+      name: "test",
+      ingress: { webhook: { path: "/hook" } },
+    };
+
+    const result = JSON.parse(sanitizeConfigForTransfer(JSON.stringify(input)));
+
+    expect(result.name).toBe("test");
+    expect(result.ingress.publicBaseUrl).toBe("");
+    expect(result.ingress.webhook).toEqual({ path: "/hook" });
+  });
+
+  test("handles config missing all target fields", () => {
+    const input = {
+      name: "test",
+      model: "claude-3",
+    };
+
+    const result = JSON.parse(sanitizeConfigForTransfer(JSON.stringify(input)));
+
+    expect(result.name).toBe("test");
+    expect(result.model).toBe("claude-3");
+  });
+
+  test("handles empty object", () => {
+    const result = sanitizeConfigForTransfer("{}");
+    expect(JSON.parse(result)).toEqual({});
+  });
+
+  test("handles invalid JSON by returning original string", () => {
+    const malformed = "{ not valid json }}}";
+    const result = sanitizeConfigForTransfer(malformed);
+    expect(result).toBe(malformed);
+  });
+
+  test("handles JSON null by returning original string", () => {
+    const result = sanitizeConfigForTransfer("null");
+    expect(result).toBe("null");
+  });
+
+  test("handles JSON array by returning original string", () => {
+    const result = sanitizeConfigForTransfer("[1, 2, 3]");
+    expect(result).toBe("[1, 2, 3]");
+  });
+
+  test("output uses 2-space indentation with trailing newline", () => {
+    const input = { name: "test" };
+    const result = sanitizeConfigForTransfer(JSON.stringify(input));
+
+    expect(result).toBe(JSON.stringify(input, null, 2) + "\n");
+    expect(result.endsWith("\n")).toBe(true);
+  });
+});

package/src/__tests__/schedule-routes.test.ts

@@ -0,0 +1,162 @@
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+mock.module("../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+import { getDb, initializeDb } from "../memory/db.js";
+import { scheduleRouteDefinitions } from "../runtime/routes/schedule-routes.js";
+import { createSchedule } from "../schedule/schedule-store.js";
+import { scheduleTask } from "../tasks/task-scheduler.js";
+import { createTask } from "../tasks/task-store.js";
+
+initializeDb();
+
+function clearTables(): void {
+  const db = getDb();
+  db.run("DELETE FROM cron_runs");
+  db.run("DELETE FROM cron_jobs");
+  db.run("DELETE FROM task_runs");
+  db.run("DELETE FROM tasks");
+  db.run("DELETE FROM messages");
+  db.run("DELETE FROM conversations");
+}
+
+function getRunNowHandler(sendMessageDeps: {
+  getOrCreateConversation: (
+    conversationId: string,
+    options?: Record<string, unknown>,
+  ) => Promise<unknown>;
+}) {
+  const route = scheduleRouteDefinitions({
+    sendMessageDeps: sendMessageDeps as never,
+  }).find(
+    (candidate) =>
+      candidate.endpoint === "schedules/:id/run" && candidate.method === "POST",
+  );
+  if (!route) {
+    throw new Error("Run-now schedule route not found");
+  }
+  return route.handler;
+}
+
+describe("schedule run-now trust propagation", () => {
+  beforeEach(() => {
+    clearTables();
+  });
+
+  test("manual run-now executes plain schedules with guardian trust", async () => {
+    const schedule = createSchedule({
+      name: "Direct schedule",
+      cronExpression: "* * * * *",
+      message: "scan my inbox",
+      syntax: "cron",
+    });
+
+    const getOrCreateCalls: Array<{
+      conversationId: string;
+      options?: Record<string, unknown>;
+    }> = [];
+    const processCalls: Array<unknown[]> = [];
+    const fakeConversation: {
+      taskRunId?: string;
+      processMessage: (...args: unknown[]) => Promise<string>;
+    } = {
+      taskRunId: "stale-task-run",
+      async processMessage(...args: unknown[]) {
+        processCalls.push(args);
+        return "message-id";
+      },
+    };
+
+    const handler = getRunNowHandler({
+      getOrCreateConversation: async (conversationId, options) => {
+        getOrCreateCalls.push({ conversationId, options });
+        return fakeConversation;
+      },
+    });
+
+    const response = await handler({
+      req: new Request(`http://localhost/v1/schedules/${schedule.id}/run`, {
+        method: "POST",
+      }),
+      url: new URL(`http://localhost/v1/schedules/${schedule.id}/run`),
+      server: {} as never,
+      authContext: {} as never,
+      params: { id: schedule.id },
+    });
+
+    expect(response.status).toBe(200);
+    expect(getOrCreateCalls).toHaveLength(1);
+    expect(getOrCreateCalls[0].options?.trustContext).toEqual({
+      sourceChannel: "vellum",
+      trustClass: "guardian",
+    });
+    expect(processCalls).toHaveLength(1);
+    expect(processCalls[0][0]).toBe("scan my inbox");
+    expect(processCalls[0][6]).toEqual({ isInteractive: false });
+    expect(fakeConversation.taskRunId).toBeUndefined();
+  });
+
+  test("manual run-now executes scheduled tasks with guardian trust and taskRunId", async () => {
+    const task = createTask({
+      title: "Email triage",
+      template: "triage inbox in background",
+    });
+    const schedule = scheduleTask({
+      taskId: task.id,
+      name: "Scheduled task",
+      cronExpression: "* * * * *",
+    });
+
+    const getOrCreateCalls: Array<{
+      conversationId: string;
+      options?: Record<string, unknown>;
+    }> = [];
+    const observedTaskRunIds: Array<string | undefined> = [];
+    const processCalls: Array<unknown[]> = [];
+    const fakeConversation: {
+      taskRunId?: string;
+      processMessage: (...args: unknown[]) => Promise<string>;
+    } = {
+      taskRunId: undefined,
+      async processMessage(...args: unknown[]) {
+        observedTaskRunIds.push(fakeConversation.taskRunId);
+        processCalls.push(args);
+        return "message-id";
+      },
+    };
+
+    const handler = getRunNowHandler({
+      getOrCreateConversation: async (conversationId, options) => {
+        getOrCreateCalls.push({ conversationId, options });
+        return fakeConversation;
+      },
+    });
+
+    const response = await handler({
+      req: new Request(`http://localhost/v1/schedules/${schedule.id}/run`, {
+        method: "POST",
+      }),
+      url: new URL(`http://localhost/v1/schedules/${schedule.id}/run`),
+      server: {} as never,
+      authContext: {} as never,
+      params: { id: schedule.id },
+    });
+
+    expect(response.status).toBe(200);
+    expect(getOrCreateCalls).toHaveLength(1);
+    expect(getOrCreateCalls[0].options?.trustContext).toEqual({
+      sourceChannel: "vellum",
+      trustClass: "guardian",
+    });
+    expect(processCalls).toHaveLength(1);
+    expect(processCalls[0][0]).toBe("triage inbox in background");
+    expect(processCalls[0][6]).toEqual({ isInteractive: false });
+    expect(typeof observedTaskRunIds[0]).toBe("string");
+    expect(fakeConversation.taskRunId).toBeUndefined();
+  });
+});

package/src/__tests__/secret-detection-handler.test.ts

@@ -0,0 +1,84 @@
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
+
+const triggerMock = mock(async () => {});
+const scanTextMock = mock(() => [
+  { type: "api_key", redactedValue: "sk-***redacted***" },
+]);
+
+mock.module("../config/loader.js", () => ({
+  getConfig: () => ({
+    secretDetection: {
+      enabled: true,
+      action: "prompt",
+      entropyThreshold: 4.5,
+      customPatterns: [],
+    },
+  }),
+}));
+
+mock.module("../hooks/manager.js", () => ({
+  getHookManager: () => ({
+    trigger: triggerMock,
+  }),
+}));
+
+mock.module("../security/secret-scanner.js", () => ({
+  compileCustomPatterns: () => [],
+  redactSecrets: (content: string) => content,
+  scanText: scanTextMock,
+}));
+
+import { SecretDetectionHandler } from "../tools/secret-detection-handler.js";
+
+describe("SecretDetectionHandler under v2", () => {
+  beforeEach(() => {
+    _setOverridesForTesting({});
+    triggerMock.mockClear();
+    scanTextMock.mockClear();
+  });
+
+  test("blocks secret output without opening a deterministic approval prompt", async () => {
+    _setOverridesForTesting({ "permission-controls-v2": true });
+
+    const promptMock = mock(async () => ({ decision: "allow" as const }));
+    const handler = new SecretDetectionHandler({
+      prompt: promptMock,
+    } as never);
+    const emitLifecycleEvent = mock(() => {});
+
+    const result = await handler.handle(
+      { content: "secret output", isError: false },
+      "bash",
+      { command: "print-secret" },
+      {
+        conversationId: "conv-1",
+        workingDir: "/tmp",
+        requestId: "req-1",
+        isInteractive: true,
+      } as never,
+      "sandbox",
+      "medium",
+      "allow",
+      Date.now(),
+      emitLifecycleEvent,
+      (_toolName, input) => input,
+    );
+
+    expect(result.earlyReturn).toBe(true);
+    expect(result.result.isError).toBe(true);
+    expect(result.result.content).toContain(
+      "Secret-output approval cards are disabled under v2",
+    );
+    expect(promptMock).not.toHaveBeenCalled();
+    expect(emitLifecycleEvent).toHaveBeenCalledWith(
+      expect.anything(),
+      expect.objectContaining({
+        type: "permission_denied",
+        decision: "deny",
+      }),
+    );
+    expect(triggerMock).toHaveBeenCalled();
+  });
+});

package/src/__tests__/secret-ingress-http.test.ts

@@ -175,6 +175,7 @@ function makeSendMessageDeps() {
     trustContext: undefined,
     hasPendingConfirmation: () => false,
     setHostBashProxy: () => {},
+    setHostBrowserProxy: () => {},
     setHostFileProxy: () => {},
     setHostCuProxy: () => {},
     addPreactivatedSkillId: () => {},

package/src/__tests__/send-endpoint-busy.test.ts

@@ -115,6 +115,7 @@ function makeCompletingConversation(): Conversation {
     usageStats: { inputTokens: 0, outputTokens: 0, estimatedCost: 0 },
     updateClient: () => {},
     setHostBashProxy: () => {},
+    setHostBrowserProxy: () => {},
     setHostFileProxy: () => {},
     setHostCuProxy: () => {},
     addPreactivatedSkillId: () => {},
@@ -173,6 +174,7 @@ function makeHangingConversation(): Conversation {
     usageStats: { inputTokens: 0, outputTokens: 0, estimatedCost: 0 },
     updateClient: () => {},
     setHostBashProxy: () => {},
+    setHostBrowserProxy: () => {},
     setHostFileProxy: () => {},
     setHostCuProxy: () => {},
     addPreactivatedSkillId: () => {},
@@ -259,6 +261,7 @@ function makePendingApprovalConversation(
     usageStats: { inputTokens: 0, outputTokens: 0, estimatedCost: 0 },
     updateClient: () => {},
     setHostBashProxy: () => {},
+    setHostBrowserProxy: () => {},
     setHostFileProxy: () => {},
     setHostCuProxy: () => {},
     addPreactivatedSkillId: () => {},