npm - @vellumai/assistant - Versions diffs - 0.6.2 → 0.6.3 - Mend

@vellumai/assistant 0.6.2 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (396) hide show

package/bun.lock +40 -40
package/bunfig.toml +3 -0
package/docs/architecture/memory.md +1 -1
package/node_modules/@vellumai/ces-contracts/src/rpc.ts +42 -0
package/openapi.yaml +184 -69
package/package.json +41 -41
package/scripts/generate-openapi.ts +1 -2
package/src/__tests__/acp-session.test.ts +43 -0
package/src/__tests__/app-builder-tool-scripts.test.ts +1 -0
package/src/__tests__/app-executors.test.ts +1 -0
package/src/__tests__/app-source-watcher.test.ts +37 -11
package/src/__tests__/approval-routes-http.test.ts +178 -1
package/src/__tests__/browser-fill-credential.test.ts +229 -94
package/src/__tests__/browser-manager.test.ts +40 -27
package/src/__tests__/catalog-files.test.ts +862 -0
package/src/__tests__/channel-approvals.test.ts +53 -0
package/src/__tests__/config-managed-gemini-defaults.test.ts +326 -0
package/src/__tests__/config-schema-cmd.test.ts +2 -2
package/src/__tests__/config-schema.test.ts +125 -48
package/src/__tests__/confirmation-request-guardian-bridge.test.ts +23 -0
package/src/__tests__/context-overflow-approval.test.ts +16 -1
package/src/__tests__/conversation-agent-loop-overflow.test.ts +1 -1
package/src/__tests__/conversation-agent-loop.test.ts +1 -1
package/src/__tests__/conversation-analysis-routes.test.ts +2 -2
package/src/__tests__/conversation-attachments.test.ts +80 -4
package/src/__tests__/conversation-confirmation-signals.test.ts +155 -0
package/src/__tests__/conversation-fork-crud.test.ts +17 -0
package/src/__tests__/conversation-history-web-search.test.ts +1 -0
package/src/__tests__/conversation-host-access-routes.test.ts +229 -0
package/src/__tests__/conversation-inject-context.test.ts +103 -0
package/src/__tests__/conversation-queue.test.ts +45 -2
package/src/__tests__/conversation-routes-disk-view.test.ts +5 -0
package/src/__tests__/conversation-routes-guardian-reply.test.ts +16 -0
package/src/__tests__/conversation-routes-slash-commands.test.ts +1 -0
package/src/__tests__/conversation-runtime-assembly.test.ts +269 -46
package/src/__tests__/conversation-starter-routes.test.ts +126 -0
package/src/__tests__/conversation-starters-cadence.test.ts +161 -0
package/src/__tests__/conversation-store.test.ts +195 -0
package/src/__tests__/conversation-workspace-cache-state.test.ts +193 -0
package/src/__tests__/credential-execution-approval-bridge.test.ts +32 -1
package/src/__tests__/credential-security-invariants.test.ts +1 -0
package/src/__tests__/credential-vault-unit.test.ts +4 -4
package/src/__tests__/credential-vault.test.ts +152 -13
package/src/__tests__/credentials-cli.test.ts +2 -2
package/src/__tests__/date-context.test.ts +4 -4
package/src/__tests__/embedding-managed-proxy-selection.test.ts +256 -0
package/src/__tests__/extension-id-sync-guard.test.ts +155 -0
package/src/__tests__/fixtures/mock-chrome-extension.ts +375 -0
package/src/__tests__/gateway-only-guard.test.ts +3 -0
package/src/__tests__/gemini-provider.test.ts +2 -2
package/src/__tests__/guardian-routing-invariants.test.ts +70 -2
package/src/__tests__/headless-browser-interactions.test.ts +707 -371
package/src/__tests__/headless-browser-navigate.test.ts +389 -47
package/src/__tests__/headless-browser-read-tools.test.ts +266 -103
package/src/__tests__/headless-browser-snapshot.test.ts +240 -77
package/src/__tests__/host-bash-proxy.test.ts +150 -1
package/src/__tests__/host-browser-e2e-cloud.test.ts +462 -0
package/src/__tests__/host-browser-e2e-self-hosted-capability.test.ts +286 -0
package/src/__tests__/host-browser-e2e-self-hosted.test.ts +374 -0
package/src/__tests__/host-browser-event-routes.test.ts +350 -0
package/src/__tests__/host-browser-proxy.test.ts +444 -0
package/src/__tests__/host-browser-routes.test.ts +198 -0
package/src/__tests__/host-browser-ws-events-e2e.test.ts +320 -0
package/src/__tests__/host-cu-proxy.test.ts +171 -1
package/src/__tests__/host-file-proxy.test.ts +185 -1
package/src/__tests__/host-file-read-tool.test.ts +52 -0
package/src/__tests__/host-proxy-interface.test.ts +165 -0
package/src/__tests__/host-shell-tool.test.ts +1 -11
package/src/__tests__/http-user-message-parity.test.ts +1 -0
package/src/__tests__/integration-status.test.ts +6 -7
package/src/__tests__/list-messages-tool-merge.test.ts +37 -12
package/src/__tests__/mcp-client-auth.test.ts +40 -4
package/src/__tests__/mcp-health-check.test.ts +10 -3
package/src/__tests__/migration-cross-version-compatibility.test.ts +3 -1
package/src/__tests__/migration-export-http.test.ts +61 -2
package/src/__tests__/migration-export-streaming.test.ts +66 -0
package/src/__tests__/migration-import-commit-http.test.ts +101 -1
package/src/__tests__/native-host-marker-sync-guard.test.ts +157 -0
package/src/__tests__/oauth-apps-routes.test.ts +17 -12
package/src/__tests__/oauth-cli.test.ts +707 -60
package/src/__tests__/oauth-connect-orchestrator.test.ts +116 -24
package/src/__tests__/oauth-provider-seed-logos.test.ts +23 -0
package/src/__tests__/oauth-provider-serializer.test.ts +146 -10
package/src/__tests__/oauth-provider-visibility.test.ts +19 -21
package/src/__tests__/oauth-providers-routes.test.ts +50 -14
package/src/__tests__/oauth-store.test.ts +1386 -182
package/src/__tests__/oauth2-gateway-transport.test.ts +211 -20
package/src/__tests__/onboarding-template-contract.test.ts +75 -57
package/src/__tests__/openai-provider.test.ts +2 -2
package/src/__tests__/outlook-categories.test.ts +1 -1
package/src/__tests__/outlook-client-automation.test.ts +1 -1
package/src/__tests__/outlook-compose-tools.test.ts +1 -1
package/src/__tests__/outlook-email-watcher.test.ts +1 -1
package/src/__tests__/outlook-follow-up.test.ts +1 -1
package/src/__tests__/outlook-messaging-provider.test.ts +2 -2
package/src/__tests__/outlook-trash.test.ts +1 -1
package/src/__tests__/outlook-unsubscribe.test.ts +1 -1
package/src/__tests__/permission-checker-host-gate.test.ts +74 -14
package/src/__tests__/permission-mode.test.ts +28 -56
package/src/__tests__/platform-callback-registration.test.ts +19 -0
package/src/__tests__/post-turn-tool-result-truncation.test.ts +296 -0
package/src/__tests__/proxy-approval-callback.test.ts +18 -0
package/src/__tests__/require-fresh-approval.test.ts +40 -1
package/src/__tests__/sanitize-config-for-transfer.test.ts +132 -0
package/src/__tests__/schedule-routes.test.ts +162 -0
package/src/__tests__/secret-detection-handler.test.ts +84 -0
package/src/__tests__/secret-ingress-http.test.ts +1 -0
package/src/__tests__/send-endpoint-busy.test.ts +3 -0
package/src/__tests__/set-permission-mode.test.ts +13 -250
package/src/__tests__/skills-file-content-endpoint.test.ts +670 -0
package/src/__tests__/skills-files-catalog-fallback.test.ts +450 -0
package/src/__tests__/slack-channel-config.test.ts +12 -15
package/src/__tests__/subagent-detail.test.ts +44 -2
package/src/__tests__/subagent-disposal.test.ts +1 -0
package/src/__tests__/subagent-fork-notifications.test.ts +291 -0
package/src/__tests__/subagent-fork-spawn.test.ts +384 -0
package/src/__tests__/subagent-manager-notify.test.ts +1 -0
package/src/__tests__/subagent-notify-parent.test.ts +1 -0
package/src/__tests__/subagent-spawn-tool-fork.test.ts +411 -0
package/src/__tests__/subagent-tools.test.ts +1 -0
package/src/__tests__/subagent-types.test.ts +1 -0
package/src/__tests__/system-prompt-ask-mode.test.ts +27 -71
package/src/__tests__/system-prompt.test.ts +72 -1
package/src/__tests__/task-scheduler.test.ts +32 -6
package/src/__tests__/telegram-config.test.ts +10 -13
package/src/__tests__/terminal-tools.test.ts +9 -0
package/src/__tests__/tool-approval-handler.test.ts +73 -0
package/src/__tests__/tool-side-effects-slack-dm.test.ts +22 -0
package/src/__tests__/top-level-renderer.test.ts +73 -1
package/src/__tests__/transport-hints-queue.test.ts +14 -29
package/src/__tests__/trusted-contact-inline-approval-integration.test.ts +109 -0
package/src/__tests__/v2-consent-policy.test.ts +103 -0
package/src/acp/client-handler.ts +30 -4
package/src/agent/loop.ts +12 -6
package/src/approvals/guardian-request-resolvers.ts +21 -15
package/src/browser-session/__tests__/manager.test.ts +297 -0
package/src/browser-session/backends/cdp-inspect.ts +30 -0
package/src/browser-session/backends/extension.ts +26 -0
package/src/browser-session/backends/local.ts +24 -0
package/src/browser-session/events.ts +164 -0
package/src/browser-session/index.ts +27 -0
package/src/browser-session/manager.ts +159 -0
package/src/browser-session/types.ts +28 -0
package/src/channels/__tests__/types.test.ts +134 -0
package/src/channels/types.ts +53 -3
package/src/cli/commands/browser-relay.ts +339 -409
package/src/cli/commands/credentials.ts +3 -3
package/src/cli/commands/email.ts +18 -13
package/src/cli/commands/mcp.ts +16 -4
package/src/cli/commands/oauth/__tests__/connect.test.ts +44 -44
package/src/cli/commands/oauth/__tests__/disconnect.test.ts +21 -21
package/src/cli/commands/oauth/__tests__/mode.test.ts +17 -17
package/src/cli/commands/oauth/__tests__/ping.test.ts +16 -16
package/src/cli/commands/oauth/__tests__/providers-delete.test.ts +31 -33
package/src/cli/commands/oauth/__tests__/providers-register.test.ts +329 -0
package/src/cli/commands/oauth/__tests__/providers-update.test.ts +116 -12
package/src/cli/commands/oauth/__tests__/status.test.ts +10 -10
package/src/cli/commands/oauth/__tests__/token.test.ts +7 -7
package/src/cli/commands/oauth/apps.ts +7 -4
package/src/cli/commands/oauth/connect.ts +6 -3
package/src/cli/commands/oauth/disconnect.ts +1 -1
package/src/cli/commands/oauth/providers.ts +200 -36
package/src/cli/commands/oauth/shared.ts +5 -5
package/src/cli/commands/platform/__tests__/callback-routes-list.test.ts +259 -0
package/src/cli/commands/platform/index.ts +107 -10
package/src/cli/commands/usage.ts +10 -9
package/src/cli/lib/daemon-credential-client.ts +4 -0
package/src/cli/program.ts +1 -1
package/src/config/bundled-skills/app-builder/SKILL.md +26 -249
package/src/config/bundled-skills/app-builder/references/CUSTOM_ROUTES.md +105 -0
package/src/config/bundled-skills/app-builder/references/INTERACTION_HOOKS.md +56 -0
package/src/config/bundled-skills/app-builder/references/WIDGETS.md +125 -0
package/src/config/bundled-skills/contacts/SKILL.md +3 -0
package/src/config/bundled-skills/document/SKILL.md +4 -0
package/src/config/bundled-skills/gmail/SKILL.md +1 -1
package/src/config/bundled-skills/outlook/SKILL.md +7 -0
package/src/config/bundled-skills/subagent/SKILL.md +21 -0
package/src/config/bundled-skills/subagent/TOOLS.json +8 -4
package/src/config/bundled-skills/tasks/SKILL.md +5 -0
package/src/config/env-registry.ts +14 -0
package/src/config/env.ts +21 -0
package/src/config/feature-flag-registry.json +44 -5
package/src/config/loader.ts +56 -1
package/src/config/sanitize-for-transfer.ts +47 -0
package/src/config/schema.ts +46 -5
package/src/config/schemas/host-browser.ts +66 -0
package/src/config/schemas/memory-lifecycle.ts +1 -1
package/src/config/schemas/memory-retrieval.ts +103 -0
package/src/config/schemas/security.ts +0 -6
package/src/config/schemas/services.ts +8 -0
package/src/config/types.ts +0 -1
package/src/context/post-turn-tool-result-truncation.ts +176 -0
package/src/context/window-manager.ts +19 -1
package/src/credential-execution/approval-bridge.ts +49 -15
package/src/daemon/__tests__/conversation-tool-setup.test.ts +186 -0
package/src/daemon/app-source-watcher.ts +35 -0
package/src/daemon/context-overflow-approval.ts +5 -0
package/src/daemon/conversation-agent-loop-handlers.ts +17 -2
package/src/daemon/conversation-agent-loop.ts +58 -24
package/src/daemon/conversation-attachments.ts +40 -0
package/src/daemon/conversation-process.ts +48 -1
package/src/daemon/conversation-runtime-assembly.ts +118 -36
package/src/daemon/conversation-surfaces.ts +37 -36
package/src/daemon/conversation-tool-setup.ts +74 -8
package/src/daemon/conversation-workspace.ts +12 -0
package/src/daemon/conversation.ts +226 -8
package/src/daemon/date-context.ts +10 -10
package/src/daemon/first-greeting.ts +3 -2
package/src/daemon/handlers/conversations.ts +9 -140
package/src/daemon/handlers/shared.ts +58 -0
package/src/daemon/handlers/skills.ts +232 -37
package/src/daemon/host-bash-proxy.ts +48 -13
package/src/daemon/host-browser-proxy.ts +191 -0
package/src/daemon/host-cu-proxy.ts +36 -11
package/src/daemon/host-file-proxy.ts +57 -9
package/src/daemon/lifecycle.ts +65 -11
package/src/daemon/message-protocol.ts +7 -0
package/src/daemon/message-types/conversations.ts +55 -13
package/src/daemon/message-types/host-browser.ts +100 -0
package/src/daemon/message-types/messages.ts +5 -5
package/src/daemon/message-types/skills.ts +10 -0
package/src/daemon/message-types/subagents.ts +2 -0
package/src/daemon/server.ts +92 -12
package/src/daemon/tool-side-effects.ts +6 -0
package/src/daemon/transport-hints.ts +5 -24
package/src/inbound/platform-callback-registration.ts +18 -17
package/src/mcp/client.ts +59 -24
package/src/memory/app-store.ts +31 -1
package/src/memory/conversation-crud.ts +23 -0
package/src/memory/conversation-starters-cadence.ts +76 -0
package/src/memory/conversation-title-service.ts +5 -2
package/src/memory/db-init.ts +12 -0
package/src/memory/embedding-backend.test.ts +75 -0
package/src/memory/embedding-backend.ts +131 -5
package/src/memory/embedding-gemini.test.ts +54 -0
package/src/memory/embedding-gemini.ts +20 -9
package/src/memory/embedding-local.ts +176 -17
package/src/memory/graph/consolidation.ts +10 -23
package/src/memory/graph/extraction-job.ts +15 -0
package/src/memory/graph/retriever.ts +40 -22
package/src/memory/graph/store.test.ts +7 -3
package/src/memory/graph/store.ts +47 -12
package/src/memory/llm-usage-store.ts +45 -4
package/src/memory/migrations/213-oauth-providers-scope-separator.ts +13 -0
package/src/memory/migrations/214-oauth-providers-refresh-url.ts +11 -0
package/src/memory/migrations/215-oauth-providers-revoke.ts +14 -0
package/src/memory/migrations/216-oauth-providers-token-auth-method.ts +30 -0
package/src/memory/migrations/217-conversation-host-access.ts +40 -0
package/src/memory/migrations/218-oauth-providers-logo-url.ts +11 -0
package/src/memory/migrations/index.ts +6 -0
package/src/memory/migrations/registry.ts +8 -0
package/src/memory/schema/conversations.ts +1 -0
package/src/memory/schema/oauth.ts +18 -13
package/src/oauth/AGENTS.md +76 -0
package/src/oauth/__tests__/identity-verifier.test.ts +24 -19
package/src/oauth/__tests__/seed-providers-managed.test.ts +32 -0
package/src/oauth/byo-connection.test.ts +8 -8
package/src/oauth/byo-connection.ts +7 -7
package/src/oauth/connect-orchestrator.ts +23 -21
package/src/oauth/connect-types.ts +3 -3
package/src/oauth/connection-resolver.test.ts +17 -4
package/src/oauth/connection-resolver.ts +16 -16
package/src/oauth/connection.ts +1 -1
package/src/oauth/manual-token-connection.ts +13 -13
package/src/oauth/oauth-store.ts +214 -100
package/src/oauth/platform-connection.test.ts +3 -3
package/src/oauth/platform-connection.ts +4 -4
package/src/oauth/provider-serializer.ts +31 -5
package/src/oauth/revoke.ts +76 -0
package/src/oauth/seed-providers.ts +126 -87
package/src/oauth/token-persistence.ts +1 -1
package/src/permissions/permission-mode.ts +4 -11
package/src/permissions/prompter.ts +13 -1
package/src/permissions/v2-consent-policy.ts +87 -0
package/src/prompts/system-prompt.ts +18 -21
package/src/prompts/templates/BOOTSTRAP-REFERENCE.md +3 -65
package/src/prompts/templates/BOOTSTRAP.md +59 -105
package/src/providers/anthropic/client.ts +1 -0
package/src/providers/types.ts +1 -1
package/src/runtime/AGENTS.md +23 -0
package/src/runtime/__tests__/browser-extension-pair-routes.test.ts +715 -0
package/src/runtime/__tests__/capability-tokens.test.ts +258 -0
package/src/runtime/__tests__/chrome-extension-registry.test.ts +518 -0
package/src/runtime/assistant-event-hub.ts +2 -2
package/src/runtime/auth/__tests__/guard-tests.test.ts +1 -0
package/src/runtime/auth/__tests__/middleware.test.ts +116 -1
package/src/runtime/auth/__tests__/route-policy.test.ts +8 -0
package/src/runtime/auth/middleware.ts +98 -0
package/src/runtime/auth/route-policy.ts +6 -7
package/src/runtime/capability-tokens.ts +414 -0
package/src/runtime/channel-approvals.ts +18 -5
package/src/runtime/chrome-extension-registry.ts +332 -0
package/src/runtime/confirmation-request-guardian-bridge.ts +6 -0
package/src/runtime/guardian-decision-types.ts +7 -0
package/src/runtime/http-server.ts +425 -70
package/src/runtime/migrations/__tests__/rebind-secrets-credentials.test.ts +172 -0
package/src/runtime/migrations/__tests__/vbundle-builder-credentials.test.ts +276 -0
package/src/runtime/migrations/__tests__/vbundle-import-credentials.test.ts +162 -0
package/src/runtime/migrations/migration-transport.ts +6 -0
package/src/runtime/migrations/migration-wizard.ts +22 -2
package/src/runtime/migrations/rebind-secrets-screen.ts +76 -15
package/src/runtime/migrations/vbundle-builder.ts +145 -38
package/src/runtime/migrations/vbundle-import-analyzer.ts +19 -0
package/src/runtime/migrations/vbundle-importer.ts +55 -5
package/src/runtime/pending-interactions.ts +29 -13
package/src/runtime/routes/approval-routes.ts +90 -16
package/src/runtime/routes/browser-cdp-routes.ts +229 -0
package/src/runtime/routes/browser-extension-pair-routes.ts +497 -0
package/src/runtime/routes/conversation-analysis-routes.ts +2 -1
package/src/runtime/routes/conversation-management-routes.ts +108 -0
package/src/runtime/routes/conversation-routes.ts +301 -27
package/src/runtime/routes/conversation-starter-routes.ts +78 -16
package/src/runtime/routes/guardian-action-routes.ts +24 -13
package/src/runtime/routes/host-browser-routes.ts +279 -0
package/src/runtime/routes/host-file-routes.ts +9 -1
package/src/runtime/routes/identity-routes.ts +259 -16
package/src/runtime/routes/log-export-routes.ts +42 -22
package/src/runtime/routes/memory-item-routes.ts +1 -7
package/src/runtime/routes/migration-routes.ts +87 -2
package/src/runtime/routes/oauth-apps.ts +15 -17
package/src/runtime/routes/oauth-providers.ts +4 -0
package/src/runtime/routes/schedule-routes.ts +24 -11
package/src/runtime/routes/settings-routes.ts +9 -97
package/src/runtime/routes/skills-routes.ts +52 -2
package/src/runtime/routes/subagents-routes.ts +14 -10
package/src/runtime/routes/usage-routes.ts +8 -7
package/src/runtime/routes/workspace-routes.test.ts +22 -0
package/src/runtime/routes/workspace-routes.ts +8 -1
package/src/runtime/routes/workspace-utils.ts +2 -0
package/src/schedule/scheduler.ts +7 -5
package/src/security/ces-credential-client.ts +20 -0
package/src/security/ces-rpc-credential-backend.ts +17 -0
package/src/security/credential-backend.ts +5 -0
package/src/security/oauth2.ts +42 -25
package/src/security/secure-keys.ts +118 -25
package/src/security/token-manager.ts +23 -10
package/src/skills/catalog-files.ts +492 -0
package/src/subagent/manager.ts +131 -26
package/src/subagent/types.ts +19 -0
package/src/tools/apps/executors.ts +11 -2
package/src/tools/browser/__tests__/auth-detector.test.ts +202 -108
package/src/tools/browser/auth-detector.ts +43 -12
package/src/tools/browser/browser-execution.ts +645 -340
package/src/tools/browser/browser-manager.ts +36 -12
package/src/tools/browser/cdp-client/__tests__/accessibility-snapshot.test.ts +318 -0
package/src/tools/browser/cdp-client/__tests__/cdp-dom-helpers.test.ts +1175 -0
package/src/tools/browser/cdp-client/__tests__/cdp-inspect-client.test.ts +870 -0
package/src/tools/browser/cdp-client/__tests__/extension-cdp-client.test.ts +330 -0
package/src/tools/browser/cdp-client/__tests__/factory.test.ts +377 -0
package/src/tools/browser/cdp-client/__tests__/fixtures/ax-tree-nested-frames.json +64 -0
package/src/tools/browser/cdp-client/__tests__/fixtures/ax-tree-simple.json +69 -0
package/src/tools/browser/cdp-client/__tests__/local-cdp-client.test.ts +310 -0
package/src/tools/browser/cdp-client/__tests__/types.test.ts +96 -0
package/src/tools/browser/cdp-client/accessibility-snapshot.ts +387 -0
package/src/tools/browser/cdp-client/cdp-dom-helpers.ts +695 -0
package/src/tools/browser/cdp-client/cdp-inspect/__tests__/discovery.test.ts +743 -0
package/src/tools/browser/cdp-client/cdp-inspect/__tests__/ws-transport.test.ts +580 -0
package/src/tools/browser/cdp-client/cdp-inspect/discovery.ts +578 -0
package/src/tools/browser/cdp-client/cdp-inspect/ws-transport.ts +579 -0
package/src/tools/browser/cdp-client/cdp-inspect-client.ts +635 -0
package/src/tools/browser/cdp-client/errors.ts +34 -0
package/src/tools/browser/cdp-client/extension-cdp-client.ts +125 -0
package/src/tools/browser/cdp-client/factory.ts +204 -0
package/src/tools/browser/cdp-client/index.ts +14 -0
package/src/tools/browser/cdp-client/local-cdp-client.ts +187 -0
package/src/tools/browser/cdp-client/types.ts +52 -0
package/src/tools/filesystem/edit.ts +1 -1
package/src/tools/filesystem/list.ts +1 -1
package/src/tools/filesystem/read.ts +1 -1
package/src/tools/filesystem/write.ts +2 -1
package/src/tools/host-filesystem/edit.ts +1 -1
package/src/tools/host-filesystem/read.ts +12 -15
package/src/tools/host-filesystem/write.ts +1 -1
package/src/tools/host-terminal/host-shell.ts +21 -16
package/src/tools/permission-checker.ts +77 -82
package/src/tools/registry.ts +0 -2
package/src/tools/secret-detection-handler.ts +34 -0
package/src/tools/shared/filesystem/image-read.ts +61 -40
package/src/tools/subagent/spawn.ts +47 -3
package/src/tools/subagent/status.ts +2 -0
package/src/tools/system/register.ts +2 -16
package/src/tools/terminal/safe-env.ts +7 -0
package/src/tools/terminal/shell.ts +21 -16
package/src/tools/tool-approval-handler.ts +48 -2
package/src/tools/types.ts +2 -0
package/src/util/platform.ts +14 -19
package/src/workspace/top-level-renderer.ts +19 -1
package/src/__tests__/chrome-cdp.test.ts +0 -419
package/src/__tests__/permission-mode-sse.test.ts +0 -418
package/src/__tests__/permission-mode-store.test.ts +0 -277
package/src/browser-extension-relay/protocol.ts +0 -63
package/src/browser-extension-relay/server.ts +0 -203
package/src/config/schemas/sandbox.ts +0 -14
package/src/permissions/permission-mode-store.ts +0 -180
package/src/tools/browser/chrome-cdp.ts +0 -239
package/src/tools/system/set-permission-mode.ts +0 -103

package/src/runtime/__tests__/chrome-extension-registry.test.ts ADDED Viewed

@@ -0,0 +1,518 @@
+import { beforeEach, describe, expect, test } from "bun:test";
+import type { ServerMessage } from "../../daemon/message-protocol.js";
+import {
+  __resetChromeExtensionRegistryForTests,
+  type ChromeExtensionConnection,
+  ChromeExtensionRegistry,
+  getChromeExtensionRegistry,
+} from "../chrome-extension-registry.js";
+// Minimal structural stand-in for Bun's ServerWebSocket. Only the methods
+// the registry touches (`send`, `close`) are modeled; the rest of the Bun
+// ServerWebSocket API is out of scope for these unit tests.
+interface FakeWs {
+  send: (data: string) => number;
+  close: (code?: number, reason?: string) => void;
+  sent: string[];
+  closed: { code?: number; reason?: string }[];
+  sendShouldThrow?: boolean;
+}
+function makeFakeWs(): FakeWs {
+  const sent: string[] = [];
+  const closed: { code?: number; reason?: string }[] = [];
+  const ws: FakeWs = {
+    sent,
+    closed,
+    send(data: string) {
+      if (ws.sendShouldThrow) {
+        throw new Error("simulated ws.send failure");
+      }
+      sent.push(data);
+      return data.length;
+    },
+    close(code?: number, reason?: string) {
+      closed.push({ code, reason });
+    },
+  };
+  return ws;
+}
+function makeConnection(
+  guardianId: string,
+  id?: string,
+  clientInstanceId?: string,
+): { conn: ChromeExtensionConnection; fakeWs: FakeWs } {
+  const fakeWs = makeFakeWs();
+  const now = Date.now();
+  const conn: ChromeExtensionConnection = {
+    id: id ?? crypto.randomUUID(),
+    guardianId,
+    clientInstanceId,
+    ws: fakeWs as unknown as ChromeExtensionConnection["ws"],
+    connectedAt: now,
+    lastActiveAt: now,
+  };
+  return { conn, fakeWs };
+}
+describe("ChromeExtensionRegistry", () => {
+  beforeEach(() => {
+    __resetChromeExtensionRegistryForTests();
+  });
+  test("register stores the connection under the guardianId", () => {
+    const registry = new ChromeExtensionRegistry();
+    const { conn } = makeConnection("guardian-alpha");
+    registry.register(conn);
+    expect(registry.get("guardian-alpha")).toBe(conn);
+  });
+  test("unregister removes the connection", () => {
+    const registry = new ChromeExtensionRegistry();
+    const { conn } = makeConnection("guardian-alpha");
+    registry.register(conn);
+    registry.unregister(conn.id);
+    expect(registry.get("guardian-alpha")).toBeUndefined();
+  });
+  test("unregister is a no-op when the connectionId is unknown", () => {
+    const registry = new ChromeExtensionRegistry();
+    // Should not throw even though nothing is registered.
+    expect(() => registry.unregister("unknown-connection")).not.toThrow();
+  });
+  test("registering a second connection for the same guardianId + instance closes the prior one", () => {
+    const registry = new ChromeExtensionRegistry();
+    const { conn: conn1, fakeWs: fakeWs1 } = makeConnection(
+      "guardian-alpha",
+      "conn-1",
+      "install-A",
+    );
+    const { conn: conn2 } = makeConnection(
+      "guardian-alpha",
+      "conn-2",
+      "install-A",
+    );
+    registry.register(conn1);
+    registry.register(conn2);
+    // Prior connection (same instance) should have been closed with code 1000.
+    expect(fakeWs1.closed).toHaveLength(1);
+    expect(fakeWs1.closed[0].code).toBe(1000);
+    // Registry should hold the new connection for that instance.
+    expect(registry.getInstance("guardian-alpha", "install-A")).toBe(conn2);
+  });
+  test("registering the same connection id twice is idempotent and does not close itself", () => {
+    const registry = new ChromeExtensionRegistry();
+    const { conn, fakeWs } = makeConnection("guardian-alpha", "conn-1");
+    registry.register(conn);
+    registry.register(conn);
+    expect(fakeWs.closed).toHaveLength(0);
+    expect(registry.get("guardian-alpha")).toBe(conn);
+  });
+  test("send returns false when no connection exists for the guardian", () => {
+    const registry = new ChromeExtensionRegistry();
+    const msg: ServerMessage = {
+      type: "host_browser_cancel",
+      requestId: "req-1",
+    } as ServerMessage;
+    expect(registry.send("missing-guardian", msg)).toBe(false);
+  });
+  test("send returns true and forwards the JSON-serialized message when a connection exists", () => {
+    const registry = new ChromeExtensionRegistry();
+    const { conn, fakeWs } = makeConnection("guardian-alpha");
+    registry.register(conn);
+    const msg: ServerMessage = {
+      type: "host_browser_cancel",
+      requestId: "req-1",
+    } as ServerMessage;
+    const ok = registry.send("guardian-alpha", msg);
+    expect(ok).toBe(true);
+    expect(fakeWs.sent).toHaveLength(1);
+    const parsed = JSON.parse(fakeWs.sent[0]);
+    expect(parsed.type).toBe("host_browser_cancel");
+    expect(parsed.requestId).toBe("req-1");
+  });
+  test("send returns false when ws.send throws (best-effort delivery)", () => {
+    const registry = new ChromeExtensionRegistry();
+    const { conn, fakeWs } = makeConnection("guardian-alpha");
+    fakeWs.sendShouldThrow = true;
+    registry.register(conn);
+    const msg: ServerMessage = {
+      type: "host_browser_cancel",
+      requestId: "req-1",
+    } as ServerMessage;
+    expect(registry.send("guardian-alpha", msg)).toBe(false);
+  });
+  test("getChromeExtensionRegistry returns a module-level singleton", () => {
+    const first = getChromeExtensionRegistry();
+    const second = getChromeExtensionRegistry();
+    expect(first).toBe(second);
+  });
+  test("unregister after supersession does not remove the new connection", () => {
+    // When a new connection supersedes an older one, the close handler for
+    // the older socket will fire later and call unregister with the OLD id.
+    // That must not clobber the newer registration.
+    const registry = new ChromeExtensionRegistry();
+    const { conn: old } = makeConnection(
+      "guardian-alpha",
+      "old-id",
+      "install-A",
+    );
+    const { conn: fresh } = makeConnection(
+      "guardian-alpha",
+      "fresh-id",
+      "install-A",
+    );
+    registry.register(old);
+    registry.register(fresh);
+    registry.unregister("old-id");
+    expect(registry.getInstance("guardian-alpha", "install-A")).toBe(fresh);
+  });
+  // ── Multi-instance routing ──────────────────────────────────────────
+  //
+  // A single guardian may have multiple parallel extension installs
+  // connected at once (two Chrome profiles, two desktops sharing a sync
+  // identity). The registry keys inner entries by (guardianId,
+  // clientInstanceId) so sibling installs don't evict each other on
+  // register/unregister, and the default `send()` path routes to
+  // whichever instance has the most recent activity.
+  describe("multi-instance routing", () => {
+    test("two concurrent instances under the same guardian coexist", () => {
+      const registry = new ChromeExtensionRegistry();
+      const { conn: connA } = makeConnection(
+        "guardian-alpha",
+        "conn-A",
+        "install-A",
+      );
+      const { conn: connB } = makeConnection(
+        "guardian-alpha",
+        "conn-B",
+        "install-B",
+      );
+      registry.register(connA);
+      registry.register(connB);
+      // Both instances remain registered — neither should have been
+      // closed by the other's registration.
+      expect(registry.getInstance("guardian-alpha", "install-A")).toBe(connA);
+      expect(registry.getInstance("guardian-alpha", "install-B")).toBe(connB);
+      expect(registry.listInstances("guardian-alpha")).toHaveLength(2);
+    });
+    test("registering a new instance does not close sibling instances", () => {
+      const registry = new ChromeExtensionRegistry();
+      const { conn: connA, fakeWs: fakeWsA } = makeConnection(
+        "guardian-alpha",
+        "conn-A",
+        "install-A",
+      );
+      const { conn: connB, fakeWs: fakeWsB } = makeConnection(
+        "guardian-alpha",
+        "conn-B",
+        "install-B",
+      );
+      registry.register(connA);
+      registry.register(connB);
+      // Neither socket should have been closed by the sibling's
+      // registration.
+      expect(fakeWsA.closed).toHaveLength(0);
+      expect(fakeWsB.closed).toHaveLength(0);
+    });
+    test("unregister of one instance leaves the sibling in place", () => {
+      const registry = new ChromeExtensionRegistry();
+      const { conn: connA } = makeConnection(
+        "guardian-alpha",
+        "conn-A",
+        "install-A",
+      );
+      const { conn: connB } = makeConnection(
+        "guardian-alpha",
+        "conn-B",
+        "install-B",
+      );
+      registry.register(connA);
+      registry.register(connB);
+      registry.unregister("conn-A");
+      expect(
+        registry.getInstance("guardian-alpha", "install-A"),
+      ).toBeUndefined();
+      expect(registry.getInstance("guardian-alpha", "install-B")).toBe(connB);
+      // Guardian bucket should still exist because install-B is active.
+      expect(registry.listInstances("guardian-alpha")).toHaveLength(1);
+    });
+    test("default send routes to the most recently active instance", () => {
+      const registry = new ChromeExtensionRegistry();
+      const { conn: connA, fakeWs: fakeWsA } = makeConnection(
+        "guardian-alpha",
+        "conn-A",
+        "install-A",
+      );
+      const { conn: connB, fakeWs: fakeWsB } = makeConnection(
+        "guardian-alpha",
+        "conn-B",
+        "install-B",
+      );
+      // Use a fake clock so A's register timestamp is strictly less
+      // than B's, ensuring B becomes the "most recently active"
+      // instance regardless of host-clock resolution.
+      const originalNow = Date.now;
+      let fakeNow = originalNow();
+      Date.now = () => fakeNow;
+      try {
+        registry.register(connA);
+        fakeNow += 10;
+        registry.register(connB);
+        const msg: ServerMessage = {
+          type: "host_browser_cancel",
+          requestId: "req-1",
+        } as ServerMessage;
+        expect(registry.send("guardian-alpha", msg)).toBe(true);
+      } finally {
+        Date.now = originalNow;
+      }
+      // Default send should have landed on instance B, not A.
+      expect(fakeWsA.sent).toHaveLength(0);
+      expect(fakeWsB.sent).toHaveLength(1);
+    });
+    test("default send follows activity — later sendToInstance flips the default", () => {
+      const registry = new ChromeExtensionRegistry();
+      const { conn: connA, fakeWs: fakeWsA } = makeConnection(
+        "guardian-alpha",
+        "conn-A",
+        "install-A",
+      );
+      const { conn: connB, fakeWs: fakeWsB } = makeConnection(
+        "guardian-alpha",
+        "conn-B",
+        "install-B",
+      );
+      registry.register(connA);
+      registry.register(connB);
+      // B was registered last so it starts as the default. Force a
+      // send to A via sendToInstance — that bumps A's lastActiveAt and
+      // should make it the new default target.
+      const msg: ServerMessage = {
+        type: "host_browser_cancel",
+        requestId: "req-1",
+      } as ServerMessage;
+      // Nudge the clock forward so A's lastActiveAt strictly exceeds
+      // B's register-time stamp even on hosts where Date.now() has
+      // millisecond resolution.
+      const originalNow = Date.now;
+      let fakeNow = originalNow() + 10;
+      Date.now = () => fakeNow;
+      try {
+        expect(
+          registry.sendToInstance("guardian-alpha", "install-A", msg),
+        ).toBe(true);
+        fakeNow += 10;
+        // Default send should now route to A.
+        expect(registry.send("guardian-alpha", msg)).toBe(true);
+      } finally {
+        Date.now = originalNow;
+      }
+      // A received one explicit send and one default send.
+      expect(fakeWsA.sent).toHaveLength(2);
+      // B only received the initial register (no sends).
+      expect(fakeWsB.sent).toHaveLength(0);
+    });
+    test("sendToInstance returns false for an unknown instance", () => {
+      const registry = new ChromeExtensionRegistry();
+      const { conn } = makeConnection("guardian-alpha", "conn-A", "install-A");
+      registry.register(conn);
+      const msg: ServerMessage = {
+        type: "host_browser_cancel",
+        requestId: "req-1",
+      } as ServerMessage;
+      expect(
+        registry.sendToInstance("guardian-alpha", "install-missing", msg),
+      ).toBe(false);
+      expect(
+        registry.sendToInstance("guardian-missing", "install-A", msg),
+      ).toBe(false);
+    });
+    test("get returns undefined after the last instance unregisters", () => {
+      const registry = new ChromeExtensionRegistry();
+      const { conn } = makeConnection("guardian-alpha", "conn-A", "install-A");
+      registry.register(conn);
+      registry.unregister("conn-A");
+      expect(registry.get("guardian-alpha")).toBeUndefined();
+      expect(registry.listInstances("guardian-alpha")).toHaveLength(0);
+    });
+    test("ties on lastActiveAt are broken by registrationSeq (newest wins)", () => {
+      // Freeze Date.now so both instances stamp the exact same
+      // lastActiveAt. Without the registrationSeq tiebreaker, the
+      // strict `>` comparison in get() would keep whichever entry
+      // Map#values() yields first — i.e. the earlier-inserted one,
+      // which is the opposite of the "most recently registered"
+      // semantics a caller would expect.
+      const registry = new ChromeExtensionRegistry();
+      const { conn: connA, fakeWs: fakeWsA } = makeConnection(
+        "guardian-alpha",
+        "conn-A",
+        "install-A",
+      );
+      const { conn: connB, fakeWs: fakeWsB } = makeConnection(
+        "guardian-alpha",
+        "conn-B",
+        "install-B",
+      );
+      const originalNow = Date.now;
+      const frozenNow = originalNow();
+      Date.now = () => frozenNow;
+      try {
+        registry.register(connA);
+        registry.register(connB);
+        // Both should hold the same lastActiveAt because Date.now is frozen.
+        expect(connA.lastActiveAt).toBe(connB.lastActiveAt);
+        // connB registered second, so its registrationSeq must be higher.
+        expect(connB.registrationSeq).toBeGreaterThan(
+          connA.registrationSeq ?? 0,
+        );
+        const msg: ServerMessage = {
+          type: "host_browser_cancel",
+          requestId: "req-1",
+        } as ServerMessage;
+        expect(registry.send("guardian-alpha", msg)).toBe(true);
+      } finally {
+        Date.now = originalNow;
+      }
+      // Default send should have landed on the newer instance (B),
+      // not the older insertion-order winner (A).
+      expect(fakeWsA.sent).toHaveLength(0);
+      expect(fakeWsB.sent).toHaveLength(1);
+    });
+    test("registrationSeq is monotonically increasing across registrations", () => {
+      // Sanity check on the counter itself — new registrations should
+      // always stamp a strictly greater sequence number than anything
+      // that came before, including re-registrations of the same
+      // instance after a supersede.
+      const registry = new ChromeExtensionRegistry();
+      const { conn: connA } = makeConnection(
+        "guardian-alpha",
+        "conn-A",
+        "install-A",
+      );
+      const { conn: connB } = makeConnection(
+        "guardian-alpha",
+        "conn-B",
+        "install-B",
+      );
+      const { conn: connC } = makeConnection(
+        "guardian-alpha",
+        "conn-C",
+        "install-A",
+      );
+      registry.register(connA);
+      registry.register(connB);
+      registry.register(connC); // supersedes install-A → conn-A closes
+      expect(connA.registrationSeq).toBeDefined();
+      expect(connB.registrationSeq).toBeDefined();
+      expect(connC.registrationSeq).toBeDefined();
+      expect(connB.registrationSeq!).toBeGreaterThan(connA.registrationSeq!);
+      expect(connC.registrationSeq!).toBeGreaterThan(connB.registrationSeq!);
+    });
+    test("same-millisecond supersede leaves the new connection as default", () => {
+      // Re-registering the same install within the same millisecond
+      // window must still promote the new connection to the default
+      // target — the tie-breaker should apply to re-registrations of
+      // the same instance just as it applies to sibling instances.
+      const registry = new ChromeExtensionRegistry();
+      const { conn: old } = makeConnection(
+        "guardian-alpha",
+        "old-id",
+        "install-A",
+      );
+      const { conn: fresh, fakeWs: fakeWsFresh } = makeConnection(
+        "guardian-alpha",
+        "fresh-id",
+        "install-A",
+      );
+      const originalNow = Date.now;
+      const frozenNow = originalNow();
+      Date.now = () => frozenNow;
+      try {
+        registry.register(old);
+        registry.register(fresh);
+        const msg: ServerMessage = {
+          type: "host_browser_cancel",
+          requestId: "req-1",
+        } as ServerMessage;
+        expect(registry.send("guardian-alpha", msg)).toBe(true);
+      } finally {
+        Date.now = originalNow;
+      }
+      // The fresh connection must receive the default send even though
+      // both entries stamped the exact same lastActiveAt.
+      expect(fakeWsFresh.sent).toHaveLength(1);
+    });
+  });
+  // ── Backwards compatibility ─────────────────────────────────────────
+  //
+  // Connections without a clientInstanceId (older extension builds or
+  // dev-bypass paths) synthesize a connection-scoped key so each one
+  // lives in its own slot. This gives sibling instances for the same
+  // guardian independent lifecycles even without explicit client ids.
+  describe("backwards compatibility when clientInstanceId is absent", () => {
+    test("two legacy connections under the same guardian coexist", () => {
+      const registry = new ChromeExtensionRegistry();
+      const { conn: connA } = makeConnection(
+        "guardian-alpha",
+        "conn-A",
+        // clientInstanceId intentionally omitted
+      );
+      const { conn: connB } = makeConnection(
+        "guardian-alpha",
+        "conn-B",
+        // clientInstanceId intentionally omitted
+      );
+      registry.register(connA);
+      registry.register(connB);
+      expect(registry.listInstances("guardian-alpha")).toHaveLength(2);
+    });
+    test("legacy unregister does not clobber a newer legacy sibling", () => {
+      const registry = new ChromeExtensionRegistry();
+      const { conn: oldConn } = makeConnection("guardian-alpha", "old-id");
+      const { conn: freshConn } = makeConnection("guardian-alpha", "fresh-id");
+      registry.register(oldConn);
+      registry.register(freshConn);
+      registry.unregister("old-id");
+      expect(registry.listInstances("guardian-alpha")).toHaveLength(1);
+      // The surviving entry is the newer connection.
+      const remaining = registry.listInstances("guardian-alpha");
+      expect(remaining[0]).toBe(freshConn);
+    });
+    test("legacy and instance-id connections can coexist under the same guardian", () => {
+      const registry = new ChromeExtensionRegistry();
+      const { conn: legacy } = makeConnection("guardian-alpha", "legacy-id");
+      const { conn: modern } = makeConnection(
+        "guardian-alpha",
+        "modern-id",
+        "install-A",
+      );
+      registry.register(legacy);
+      registry.register(modern);
+      expect(registry.listInstances("guardian-alpha")).toHaveLength(2);
+      expect(registry.getInstance("guardian-alpha", "install-A")).toBe(modern);
+    });
+  });
+});

package/src/runtime/assistant-event-hub.ts CHANGED Viewed

@@ -45,7 +45,7 @@ interface SubscriberEntry {
  * events that match their `assistantId` (and optionally `conversationId`).
  *
  * The hub is intentionally simple: synchronous fanout, no buffering, no
- * backpressure. Slow-consumer protection lives in the SSE route (PR 7).
+ * backpressure. Slow-consumer protection lives in the SSE route.
  */
 export class AssistantEventHub {
   private readonly subscribers = new Set<SubscriberEntry>();
@@ -194,6 +194,6 @@ export class AssistantEventHub {
 /**
  * Singleton hub shared across the entire runtime process.
  *
- * Import and use this in daemon send paths (PR 3) and the SSE route (PR 5).
+ * Import and use this in daemon send paths and the SSE route.
  */
 export const assistantEventHub = new AssistantEventHub({ maxSubscribers: 100 });

package/src/runtime/auth/__tests__/guard-tests.test.ts CHANGED Viewed

@@ -63,6 +63,7 @@ describe("route policy coverage", () => {
     // excluded because they are handled before JWT auth and are not composed
     // into buildRouteTable().
     const PRE_AUTH_ROUTE_MODULES = new Set([
+      "browser-extension-pair-routes.ts",
       "guardian-bootstrap-routes.ts",
       "guardian-refresh-routes.ts",
     ]);

package/src/runtime/auth/__tests__/middleware.test.ts CHANGED Viewed

@@ -34,7 +34,15 @@ mock.module("../../../config/env.js", () => ({
 }));
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "../../assistant-scope.js";
-import { authenticateRequest } from "../middleware.js";
+import {
+  mintHostBrowserCapability,
+  resetCapabilityTokenSecretForTests,
+  setCapabilityTokenSecretForTests,
+} from "../../capability-tokens.js";
+import {
+  authenticateHostBrowserResultRequest,
+  authenticateRequest,
+} from "../middleware.js";
 import { initAuthSigningKey, mintToken } from "../token-service.js";
 import type { ScopeProfile, TokenAudience } from "../types.js";
@@ -262,3 +270,110 @@ describe("authenticateRequest", () => {
     }
   });
 });
+// ---------------------------------------------------------------------------
+// authenticateHostBrowserResultRequest — capability-token-aware auth for the
+// /v1/host-browser-result POST route. Verifies that both the capability-token
+// and JWT paths are accepted, and that a garbage bearer falls through to the
+// JWT path and emits a 401 like any other invalid token.
+// ---------------------------------------------------------------------------
+describe("authenticateHostBrowserResultRequest", () => {
+  const CAPABILITY_SECRET = Buffer.alloc(32, 7);
+  beforeEach(() => {
+    // Pin the capability-token HMAC secret so mint/verify agree across
+    // the test run. The module-level secret cache is reset between
+    // tests so dev-bypass flipping doesn't leak stale state.
+    setCapabilityTokenSecretForTests(CAPABILITY_SECRET);
+  });
+  afterAll(() => {
+    resetCapabilityTokenSecretForTests();
+  });
+  test("accepts a valid capability token and synthesizes an actor AuthContext", () => {
+    const { token } = mintHostBrowserCapability("guardian-cap-happy");
+    const req = new Request("http://localhost/v1/host-browser-result", {
+      method: "POST",
+      headers: { Authorization: `Bearer ${token}` },
+    });
+    const result = authenticateHostBrowserResultRequest(req);
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.context.principalType).toBe("actor");
+      expect(result.context.assistantId).toBe(DAEMON_INTERNAL_ASSISTANT_ID);
+      expect(result.context.actorPrincipalId).toBe("guardian-cap-happy");
+      expect(result.context.scopeProfile).toBe("actor_client_v1");
+      // The synthetic context must carry the scopes the route policy
+      // requires — otherwise the router would 403 the POST even though
+      // auth succeeded.
+      expect(result.context.scopes.has("approval.write")).toBe(true);
+    }
+  });
+  test("accepts a valid daemon-audience JWT (regression for the legacy path)", () => {
+    const token = mintValidToken({ sub: "actor:self:jwt-principal" });
+    const req = new Request("http://localhost/v1/host-browser-result", {
+      method: "POST",
+      headers: { Authorization: `Bearer ${token}` },
+    });
+    const result = authenticateHostBrowserResultRequest(req);
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.context.principalType).toBe("actor");
+      expect(result.context.actorPrincipalId).toBe("jwt-principal");
+      expect(result.context.scopes.has("approval.write")).toBe(true);
+    }
+  });
+  test("returns 401 when the Authorization header is missing entirely", () => {
+    const req = new Request("http://localhost/v1/host-browser-result", {
+      method: "POST",
+    });
+    const result = authenticateHostBrowserResultRequest(req);
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.response.status).toBe(401);
+    }
+  });
+  test("malformed bearer falls through to JWT path and 401s", () => {
+    // A bearer that is neither a valid capability token (bad HMAC) nor a
+    // parseable JWT must fail the JWT path and return 401. This is the
+    // primary regression guard against someone accidentally making the
+    // capability-token branch "allow-anything" by swallowing
+    // verification failures.
+    const req = new Request("http://localhost/v1/host-browser-result", {
+      method: "POST",
+      headers: { Authorization: "Bearer not-a-token.xxxxxxxxxxxxx" },
+    });
+    const result = authenticateHostBrowserResultRequest(req);
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.response.status).toBe(401);
+    }
+  });
+  test("dev bypass returns synthetic AuthContext without Authorization header", () => {
+    authDisabled = true;
+    const req = new Request("http://localhost/v1/host-browser-result", {
+      method: "POST",
+    });
+    const result = authenticateHostBrowserResultRequest(req);
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      // Same synthetic context shape as authenticateRequest's dev
+      // bypass — the tests share the same invariant because a single
+      // helper builds both.
+      expect(result.context.principalType).toBe("actor");
+      expect(result.context.actorPrincipalId).toBe("dev-bypass");
+    }
+  });
+});

package/src/runtime/auth/__tests__/route-policy.test.ts CHANGED Viewed

@@ -168,6 +168,14 @@ describe("enforcePolicy", () => {
     expect(policy!.requiredScopes).toContain("approval.write");
   });
+  test("conversation host-access write requires approval.write scope", () => {
+    authDisabled = false;
+    const policy = getPolicy("conversations/host-access");
+    expect(policy).toBeDefined();
+    expect(policy!.requiredScopes).toContain("approval.write");
+    expect(policy!.requiredScopes).not.toContain("chat.write");
+  });
   test("events endpoint requires chat.read scope", () => {
     authDisabled = false;
     const policy = getPolicy("events");