@vellumai/assistant 0.6.2 → 0.6.3

package/src/__tests__/v2-consent-policy.test.ts

@@ -0,0 +1,103 @@
+import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
+
+import { _setOverridesForTesting } from "../config/assistant-feature-flags.js";
+import type { ToolContext } from "../tools/types.js";
+
+const hostAccessByConversation = new Map<string, boolean>();
+
+mock.module("../memory/conversation-crud.js", () => ({
+  getConversationHostAccess: (conversationId: string) =>
+    hostAccessByConversation.get(conversationId) ?? false,
+}));
+
+function makeContext(overrides?: Partial<ToolContext>): ToolContext {
+  return {
+    workingDir: "/tmp/test",
+    conversationId: "test-conv",
+    trustClass: "guardian",
+    isInteractive: true,
+    ...overrides,
+  } as ToolContext;
+}
+
+beforeEach(() => {
+  _setOverridesForTesting({});
+  hostAccessByConversation.clear();
+});
+
+afterEach(() => {
+  _setOverridesForTesting({});
+  hostAccessByConversation.clear();
+});
+
+describe("v2-consent-policy", () => {
+  test("returns legacy when the flag is disabled", async () => {
+    const { evaluateV2ConsentDisposition } =
+      await import("../permissions/v2-consent-policy.js");
+
+    expect(evaluateV2ConsentDisposition("host_bash", {}, makeContext())).toBe(
+      "legacy",
+    );
+  });
+
+  test("auto-allows non-host tools when the flag is enabled", async () => {
+    _setOverridesForTesting({ "permission-controls-v2": true });
+    const { evaluateV2ConsentDisposition } =
+      await import("../permissions/v2-consent-policy.js");
+
+    expect(evaluateV2ConsentDisposition("bash", {}, makeContext())).toBe(
+      "auto_allow",
+    );
+  });
+
+  test("uses conversation-scoped host access when the flag is enabled", async () => {
+    _setOverridesForTesting({ "permission-controls-v2": true });
+    hostAccessByConversation.set("allowed-conv", true);
+    hostAccessByConversation.set("blocked-conv", false);
+    const { evaluateV2ConsentDisposition } =
+      await import("../permissions/v2-consent-policy.js");
+
+    expect(
+      evaluateV2ConsentDisposition(
+        "host_bash",
+        {},
+        makeContext({ conversationId: "allowed-conv" }),
+      ),
+    ).toBe("auto_allow");
+    expect(
+      evaluateV2ConsentDisposition(
+        "host_bash",
+        {},
+        makeContext({ conversationId: "blocked-conv" }),
+      ),
+    ).toBe("prompt_host_access");
+  });
+
+  test("host-access prompts are identified by the stripped-down prompt shape", async () => {
+    _setOverridesForTesting({ "permission-controls-v2": true });
+    const {
+      CONVERSATION_HOST_ACCESS_PROMPT,
+      isConversationHostAccessEnablePrompt,
+    } = await import("../permissions/v2-consent-policy.js");
+
+    expect(
+      isConversationHostAccessEnablePrompt({
+        toolName: "host_bash",
+        ...CONVERSATION_HOST_ACCESS_PROMPT,
+      }),
+    ).toBe(true);
+    expect(
+      isConversationHostAccessEnablePrompt({
+        toolName: "host_bash",
+        ...CONVERSATION_HOST_ACCESS_PROMPT,
+        allowlistOptions: [
+          {
+            label: "Specific command",
+            description: "legacy rule",
+            pattern: "bash:*",
+          },
+        ],
+      }),
+    ).toBe(false);
+  });
+});

package/src/acp/client-handler.ts

@@ -32,6 +32,7 @@ import type {
 
 import type { ServerMessage } from "../daemon/message-protocol.js";
 import type { UserDecision } from "../permissions/types.js";
+import { isPermissionControlsV2Enabled } from "../permissions/v2-consent-policy.js";
 import * as pendingInteractions from "../runtime/pending-interactions.js";
 import { getLogger } from "../util/logger.js";
 
@@ -184,6 +185,15 @@ export class VellumAcpClientHandler implements Client {
       kind: opt.kind,
     }));
 
+    if (isPermissionControlsV2Enabled()) {
+      const allowOptionId = findAllowOptionId(options);
+      return {
+        outcome: allowOptionId
+          ? { outcome: "selected", optionId: allowOptionId }
+          : { outcome: "cancelled" },
+      };
+    }
+
     // Send the confirmation_request first — this triggers makeEventSender
     // which registers a normal "confirmation" entry in pendingInteractions.
     this.sendToVellum({
@@ -422,15 +432,31 @@ function mapDecisionToOptionId(
     const alwaysDeny = options.find((o) => o.kind === "reject_always");
     if (alwaysDeny) return alwaysDeny.optionId;
   }
-  const denyOpt =
-    options.find((o) => o.kind === "reject_once") ??
-    options.find((o) => o.kind === "reject_always");
-  if (denyOpt) return denyOpt.optionId;
+  const denyOpt = findRejectOptionId(options);
+  if (denyOpt) return denyOpt;
 
   // Fallback: return first option
   return options[0]?.optionId ?? "deny";
 }
 
+function findRejectOptionId(
+  options: Array<{ optionId: string; kind: string }>,
+): string | undefined {
+  return (
+    options.find((o) => o.kind === "reject_once")?.optionId ??
+    options.find((o) => o.kind === "reject_always")?.optionId
+  );
+}
+
+function findAllowOptionId(
+  options: Array<{ optionId: string; kind: string }>,
+): string | undefined {
+  return (
+    options.find((o) => o.kind === "allow_once")?.optionId ??
+    options.find((o) => o.kind === "allow_always")?.optionId
+  );
+}
+
 /**
  * Extracts text from a ContentBlock.
  */

package/src/agent/loop.ts

@@ -82,7 +82,12 @@ export type AgentEvent =
       toolUseId: string;
       input: Record<string, unknown>;
     }
-  | { type: "server_tool_complete"; toolUseId: string; isError: boolean }
+  | {
+      type: "server_tool_complete";
+      toolUseId: string;
+      isError: boolean;
+      content?: unknown[];
+    }
   | { type: "error"; error: Error }
   | {
       type: "usage";
@@ -98,7 +103,7 @@ export type AgentEvent =
     };
 
 const DEFAULT_CONFIG: AgentLoopConfig = {
-  maxTokens: 16000,
+  maxTokens: 64000,
   effort: "high",
   minTurnIntervalMs: 150,
 };
@@ -344,6 +349,7 @@ export class AgentLoop {
                   type: "server_tool_complete",
                   toolUseId: event.toolUseId,
                   isError: event.isError,
+                  ...(event.content ? { content: event.content } : {}),
                 });
               }
             },
@@ -709,10 +715,10 @@ export function compactAxTreeHistory(messages: Message[]): Message[] {
  * once by the LLM on the turn it was captured, then replaced with a text
  * placeholder on subsequent turns.
  *
- * We look for the last user message with tool_results (not just the last user
- * message) because the empty-response nudge path appends a text-only user
- * message after the tool results. Preserving images in that case ensures
- * the model still sees the screenshot on the retry.
+ * We target the last user message with tool_results (not just the last user
+ * message) because a plain-text user message may follow the tool-result
+ * turn. Using the last user message unconditionally would leave the most
+ * recent tool screenshots unprotected from stripping.
  */
 function stripOldImageBlocks(history: Message[]): Message[] {
   // Find the last user message that contains tool_result blocks.

package/src/approvals/guardian-request-resolvers.ts

@@ -26,6 +26,7 @@ import {
 } from "../notifications/signal.js";
 import { addRule } from "../permissions/trust-store.js";
 import type { UserDecision } from "../permissions/types.js";
+import { isPermissionControlsV2Enabled } from "../permissions/v2-consent-policy.js";
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "../runtime/assistant-scope.js";
 import { mintDaemonDeliveryToken } from "../runtime/auth/token-service.js";
 import type { ApprovalAction } from "../runtime/channel-approval-types.js";
@@ -192,8 +193,9 @@ const pendingInteractionResolver: GuardianRequestResolver = {
     // Handle approve_always: persist a trust rule when the confirmation
     // explicitly allows persistence and provides explicit options.
     if (
-      decision.action === "approve_always" ||
-      decision.action === "approve_once"
+      !isPermissionControlsV2Enabled() &&
+      (decision.action === "approve_always" ||
+        decision.action === "approve_once")
     ) {
       const details = interaction.confirmationDetails;
       if (
@@ -237,19 +239,23 @@ const pendingInteractionResolver: GuardianRequestResolver = {
     // temporal modes (approve_10m, approve_conversation) reach the session with
     // the correct UserDecision instead of collapsing to plain "allow".
     let userDecision: UserDecision;
-    switch (decision.action) {
-      case "reject":
-        userDecision = "deny";
-        break;
-      case "approve_10m":
-        userDecision = "allow_10m";
-        break;
-      case "approve_conversation":
-        userDecision = "allow_conversation";
-        break;
-      default:
-        userDecision = "allow";
-        break;
+    if (isPermissionControlsV2Enabled()) {
+      userDecision = decision.action === "reject" ? "deny" : "allow";
+    } else {
+      switch (decision.action) {
+        case "reject":
+          userDecision = "deny";
+          break;
+        case "approve_10m":
+          userDecision = "allow_10m";
+          break;
+        case "approve_conversation":
+          userDecision = "allow_conversation";
+          break;
+        default:
+          userDecision = "allow";
+          break;
+      }
     }
     resolved.conversation!.handleConfirmationResponse(
       request.id,

package/src/browser-session/__tests__/manager.test.ts

@@ -0,0 +1,297 @@
+import { describe, expect, test } from "bun:test";
+
+import {
+  type BrowserBackend,
+  BrowserSessionManager,
+  type CdpCommand,
+  type CdpResult,
+  createExtensionBackend,
+  createLocalBackend,
+} from "../index.js";
+
+interface MockBackendState {
+  available: boolean;
+  disposed: boolean;
+  lastCommand?: CdpCommand;
+  lastSignal?: AbortSignal;
+  sendImpl?: (command: CdpCommand, signal?: AbortSignal) => Promise<CdpResult>;
+}
+
+function createMockExtensionBackend(state: MockBackendState): BrowserBackend {
+  return createExtensionBackend({
+    isAvailable: () => state.available,
+    sendCdp: async (command, signal) => {
+      state.lastCommand = command;
+      state.lastSignal = signal;
+      if (state.sendImpl) return state.sendImpl(command, signal);
+      return { result: { ok: true } };
+    },
+    dispose: () => {
+      state.disposed = true;
+    },
+  });
+}
+
+function createMockLocalBackend(state: MockBackendState): BrowserBackend {
+  return createLocalBackend({
+    isAvailable: () => state.available,
+    sendCdp: async (command, signal) => {
+      state.lastCommand = command;
+      state.lastSignal = signal;
+      if (state.sendImpl) return state.sendImpl(command, signal);
+      return { result: { ok: true, kind: "local" } };
+    },
+    dispose: () => {
+      state.disposed = true;
+    },
+  });
+}
+
+describe("BrowserSessionManager", () => {
+  test("selectBackend throws when no backend is available", () => {
+    const state: MockBackendState = { available: false, disposed: false };
+    const manager = new BrowserSessionManager({
+      backends: [createMockExtensionBackend(state)],
+    });
+    expect(() => manager.selectBackend()).toThrow(
+      "No available browser backend",
+    );
+  });
+
+  test("selectBackend returns the extension backend when available", () => {
+    const state: MockBackendState = { available: true, disposed: false };
+    const backend = createMockExtensionBackend(state);
+    const manager = new BrowserSessionManager({ backends: [backend] });
+    const selected = manager.selectBackend();
+    expect(selected.kind).toBe("extension");
+    expect(selected).toBe(backend);
+  });
+
+  test("createSession returns a session with a new uuid stored in the map", () => {
+    const state: MockBackendState = { available: true, disposed: false };
+    const manager = new BrowserSessionManager({
+      backends: [createMockExtensionBackend(state)],
+    });
+    const session = manager.createSession();
+    expect(session.id).toBeTruthy();
+    expect(session.backendKind).toBe("extension");
+    // Lookup round-trips.
+    expect(manager.getSession(session.id)).toEqual(session);
+    // Two sessions get unique ids.
+    const another = manager.createSession();
+    expect(another.id).not.toBe(session.id);
+  });
+
+  test("send delegates to backend.send and returns the CDP result", async () => {
+    const expectedResult: CdpResult = { result: { value: 42 } };
+    const state: MockBackendState = {
+      available: true,
+      disposed: false,
+      sendImpl: async () => expectedResult,
+    };
+    const manager = new BrowserSessionManager({
+      backends: [createMockExtensionBackend(state)],
+    });
+    const result = await manager.send(undefined, {
+      method: "Browser.getVersion",
+      params: { foo: "bar" },
+    });
+    expect(result).toEqual(expectedResult);
+    expect(state.lastCommand).toEqual({
+      method: "Browser.getVersion",
+      params: { foo: "bar" },
+    });
+  });
+
+  test("send with an aborted signal propagates the abort", async () => {
+    const state: MockBackendState = {
+      available: true,
+      disposed: false,
+      sendImpl: async (_command, signal) => {
+        if (signal?.aborted) {
+          throw new Error("aborted");
+        }
+        return { result: { ok: true } };
+      },
+    };
+    const manager = new BrowserSessionManager({
+      backends: [createMockExtensionBackend(state)],
+    });
+    const controller = new AbortController();
+    controller.abort();
+    await expect(
+      manager.send(
+        undefined,
+        { method: "Browser.getVersion" },
+        controller.signal,
+      ),
+    ).rejects.toThrow("aborted");
+    expect(state.lastSignal).toBe(controller.signal);
+  });
+
+  test("disposeAll calls backend.dispose and clears the session map", () => {
+    const state: MockBackendState = { available: true, disposed: false };
+    const manager = new BrowserSessionManager({
+      backends: [createMockExtensionBackend(state)],
+    });
+    const session = manager.createSession();
+    expect(manager.getSession(session.id)).toBeDefined();
+    manager.disposeAll();
+    expect(state.disposed).toBe(true);
+    expect(manager.getSession(session.id)).toBeUndefined();
+  });
+
+  test("send with a known sessionId routes through the matching backend", async () => {
+    const expectedResult: CdpResult = { result: { routed: true } };
+    const state: MockBackendState = {
+      available: true,
+      disposed: false,
+      sendImpl: async () => expectedResult,
+    };
+    const manager = new BrowserSessionManager({
+      backends: [createMockExtensionBackend(state)],
+    });
+    const session = manager.createSession();
+    const result = await manager.send(session.id, {
+      method: "Browser.getVersion",
+    });
+    expect(result).toEqual(expectedResult);
+    expect(state.lastCommand).toEqual({ method: "Browser.getVersion" });
+  });
+
+  test("send with an unknown sessionId throws", async () => {
+    const state: MockBackendState = { available: true, disposed: false };
+    const manager = new BrowserSessionManager({
+      backends: [createMockExtensionBackend(state)],
+    });
+    await expect(
+      manager.send("does-not-exist", { method: "Browser.getVersion" }),
+    ).rejects.toThrow("Unknown browser session: does-not-exist");
+    // The mock backend should not have received the command.
+    expect(state.lastCommand).toBeUndefined();
+  });
+
+  test("send with a sessionId of a disposed session throws", async () => {
+    const state: MockBackendState = { available: true, disposed: false };
+    const manager = new BrowserSessionManager({
+      backends: [createMockExtensionBackend(state)],
+    });
+    const session = manager.createSession();
+    manager.disposeSession(session.id);
+    await expect(
+      manager.send(session.id, { method: "Browser.getVersion" }),
+    ).rejects.toThrow(`Unknown browser session: ${session.id}`);
+    expect(state.lastCommand).toBeUndefined();
+  });
+
+  test("selectBackend returns a local backend when it is the only registration", () => {
+    const state: MockBackendState = { available: true, disposed: false };
+    const backend = createMockLocalBackend(state);
+    const manager = new BrowserSessionManager({ backends: [backend] });
+    const selected = manager.selectBackend();
+    expect(selected.kind).toBe("local");
+    expect(selected).toBe(backend);
+  });
+
+  test("createSession tags sessions with the local backend kind", () => {
+    const state: MockBackendState = { available: true, disposed: false };
+    const manager = new BrowserSessionManager({
+      backends: [createMockLocalBackend(state)],
+    });
+    const session = manager.createSession();
+    expect(session.backendKind).toBe("local");
+  });
+
+  test("send routes through local backend when its session is used", async () => {
+    const state: MockBackendState = { available: true, disposed: false };
+    const manager = new BrowserSessionManager({
+      backends: [createMockLocalBackend(state)],
+    });
+    const session = manager.createSession();
+    const result = await manager.send(session.id, {
+      method: "Runtime.evaluate",
+      params: { expression: "1+1" },
+    });
+    expect(result).toEqual({ result: { ok: true, kind: "local" } });
+    expect(state.lastCommand).toEqual({
+      method: "Runtime.evaluate",
+      params: { expression: "1+1" },
+    });
+  });
+
+  test("selectBackend falls back to the first available backend when earlier ones are unavailable", () => {
+    const extState: MockBackendState = { available: false, disposed: false };
+    const localState: MockBackendState = { available: true, disposed: false };
+    const ext = createMockExtensionBackend(extState);
+    const local = createMockLocalBackend(localState);
+    const manager = new BrowserSessionManager({ backends: [ext, local] });
+    const selected = manager.selectBackend();
+    expect(selected.kind).toBe("local");
+    expect(selected).toBe(local);
+  });
+
+  test("selectBackend prefers the first available backend", () => {
+    const extState: MockBackendState = { available: true, disposed: false };
+    const localState: MockBackendState = { available: true, disposed: false };
+    const ext = createMockExtensionBackend(extState);
+    const local = createMockLocalBackend(localState);
+    const manager = new BrowserSessionManager({ backends: [ext, local] });
+    const selected = manager.selectBackend();
+    expect(selected.kind).toBe("extension");
+    expect(selected).toBe(ext);
+  });
+
+  test("send routes to the backend matching the session's backendKind when multiple backends are registered", async () => {
+    const extState: MockBackendState = {
+      available: true,
+      disposed: false,
+      sendImpl: async () => ({ result: { from: "extension" } }),
+    };
+    const localState: MockBackendState = {
+      available: true,
+      disposed: false,
+      sendImpl: async () => ({ result: { from: "local" } }),
+    };
+    const ext = createMockExtensionBackend(extState);
+    const local = createMockLocalBackend(localState);
+    const manager = new BrowserSessionManager({ backends: [ext, local] });
+
+    // createSession picks the first available backend (extension), but we
+    // can also force the local one by passing a backendKind via direct
+    // session construction. To keep this test self-contained we verify the
+    // default path and then mark the extension unavailable to force the
+    // local backend for a new session.
+    const extSession = manager.createSession();
+    expect(extSession.backendKind).toBe("extension");
+    const extResult = await manager.send(extSession.id, {
+      method: "Browser.getVersion",
+    });
+    expect(extResult).toEqual({ result: { from: "extension" } });
+    expect(extState.lastCommand).toEqual({ method: "Browser.getVersion" });
+    expect(localState.lastCommand).toBeUndefined();
+
+    extState.available = false;
+    const localSession = manager.createSession();
+    expect(localSession.backendKind).toBe("local");
+    const localResult = await manager.send(localSession.id, {
+      method: "Runtime.evaluate",
+    });
+    expect(localResult).toEqual({ result: { from: "local" } });
+    expect(localState.lastCommand).toEqual({ method: "Runtime.evaluate" });
+  });
+
+  test("disposeAll disposes every registered backend", () => {
+    const extState: MockBackendState = { available: true, disposed: false };
+    const localState: MockBackendState = { available: true, disposed: false };
+    const manager = new BrowserSessionManager({
+      backends: [
+        createMockExtensionBackend(extState),
+        createMockLocalBackend(localState),
+      ],
+    });
+    manager.createSession();
+    manager.disposeAll();
+    expect(extState.disposed).toBe(true);
+    expect(localState.disposed).toBe(true);
+  });
+});

package/src/browser-session/backends/cdp-inspect.ts

@@ -0,0 +1,30 @@
+import type { BrowserBackend, CdpCommand, CdpResult } from "../types.js";
+
+/**
+ * cdp-inspect backend for BrowserSessionManager. Wraps a
+ * caller-provided `sendCdp` transport that talks to an already-running
+ * Chrome via DevTools JSON discovery + a raw WebSocket transport
+ * (see `assistant/src/tools/browser/cdp-client/cdp-inspect-client.ts`).
+ *
+ * The factory in
+ * `assistant/src/tools/browser/cdp-client/factory.ts` constructs
+ * one per tool invocation, paralleling the existing extension
+ * and local backend wiring.
+ */
+export interface CdpInspectBackendDeps {
+  /** Sends a CDP command to the user's Chrome via cdp-inspect and returns the CDP result. */
+  sendCdp(command: CdpCommand, signal?: AbortSignal): Promise<CdpResult>;
+  isAvailable(): boolean;
+  dispose(): void;
+}
+
+export function createCdpInspectBackend(
+  deps: CdpInspectBackendDeps,
+): BrowserBackend {
+  return {
+    kind: "cdp-inspect",
+    isAvailable: deps.isAvailable,
+    send: deps.sendCdp,
+    dispose: deps.dispose,
+  };
+}

package/src/browser-session/backends/extension.ts

@@ -0,0 +1,26 @@
+import type { BrowserBackend, CdpCommand, CdpResult } from "../types.js";
+
+/**
+ * Extension backend for BrowserSessionManager. Wraps a caller-provided
+ * `sendCdp` transport that routes CDP commands through the daemon's
+ * HostBrowserProxy to an attached chrome extension. The factory in
+ * `assistant/src/tools/browser/cdp-client/factory.ts` constructs one
+ * per tool invocation using the conversation's `hostBrowserProxy`.
+ */
+export interface ExtensionBackendDeps {
+  /** Sends a CDP command to an attached chrome extension and returns the CDP result. */
+  sendCdp(command: CdpCommand, signal?: AbortSignal): Promise<CdpResult>;
+  isAvailable(): boolean;
+  dispose(): void;
+}
+
+export function createExtensionBackend(
+  deps: ExtensionBackendDeps,
+): BrowserBackend {
+  return {
+    kind: "extension",
+    isAvailable: deps.isAvailable,
+    send: deps.sendCdp,
+    dispose: deps.dispose,
+  };
+}

package/src/browser-session/backends/local.ts

@@ -0,0 +1,24 @@
+import type { BrowserBackend, CdpCommand, CdpResult } from "../types.js";
+
+/**
+ * Local backend for BrowserSessionManager. Wraps a caller-provided
+ * `sendCdp` transport that drives a Playwright CDPSession against the
+ * sacrificial-profile Chromium managed by `browserManager`. The factory
+ * in `assistant/src/tools/browser/cdp-client/factory.ts` constructs one
+ * per tool invocation using the per-conversation LocalCdpClient.
+ */
+export interface LocalBackendDeps {
+  /** Sends a CDP command to a Playwright CDPSession and returns the CDP result. */
+  sendCdp(command: CdpCommand, signal?: AbortSignal): Promise<CdpResult>;
+  isAvailable(): boolean;
+  dispose(): void;
+}
+
+export function createLocalBackend(deps: LocalBackendDeps): BrowserBackend {
+  return {
+    kind: "local",
+    isAvailable: deps.isAvailable,
+    send: deps.sendCdp,
+    dispose: deps.dispose,
+  };
+}