@vellumai/assistant 0.7.0 → 0.7.1

package/src/runtime/assistant-event.ts

@@ -23,13 +23,8 @@ export type AssistantEvent = BaseAssistantEvent<ServerMessage>;
 
 /** Daemon-side wrapper preserving the original `ServerMessage`-typed signature. */
 export function buildAssistantEvent(
-  assistantId: string,
   message: ServerMessage,
   conversationId?: string,
 ): AssistantEvent {
-  return baseBuildAssistantEvent<ServerMessage>(
-    assistantId,
-    message,
-    conversationId,
-  );
+  return baseBuildAssistantEvent<ServerMessage>(message, conversationId);
 }

package/src/runtime/auth/context.ts

@@ -61,12 +61,3 @@ export function buildAuthContext(claims: TokenClaims): BuildAuthContextResult {
 
   return { ok: true, context };
 }
-
-/**
- * True when the request was authenticated as the gateway service.
- * Used at endpoints that gate platform-only or trust-mediated behavior
- * on the caller being the gateway rather than an end-user actor.
- */
-export function isServiceGatewayPrincipal(authContext: AuthContext): boolean {
-  return authContext.principalType === "svc_gateway";
-}

package/src/runtime/auth/middleware.ts

@@ -17,7 +17,7 @@
  * Replaces both the legacy bearer shared-secret check and the
  * actor-token HMAC middleware with a single JWT verification path.
  *
- * In dev mode (DISABLE_HTTP_AUTH + VELLUM_UNSAFE_AUTH_BYPASS), JWT
+ * When DISABLE_HTTP_AUTH is set (platform-managed deployments), JWT
  * verification is skipped and a synthetic AuthContext is constructed
  * so downstream code always has a typed context to consume.
  */

package/src/runtime/auth/route-policy.ts

@@ -221,10 +221,6 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
     endpoint: "integrations/slack/channel/config:DELETE",
     scopes: ["settings.write"],
   },
-  {
-    endpoint: "integrations/slack/channel/oauth-install:POST",
-    scopes: ["settings.write"],
-  },
   { endpoint: "channel-verification-sessions", scopes: ["settings.write"] },
   {
     endpoint: "channel-verification-sessions:DELETE",
@@ -317,12 +313,14 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "usage/totals", scopes: ["settings.read"] },
   { endpoint: "usage/daily", scopes: ["settings.read"] },
   { endpoint: "usage/breakdown", scopes: ["settings.read"] },
+  { endpoint: "usage/series", scopes: ["settings.read"] },
 
   // Lifecycle telemetry
   { endpoint: "telemetry/lifecycle", scopes: ["settings.write"] },
 
   // Debug / introspection
   { endpoint: "clients", scopes: ["settings.read"] },
+  { endpoint: "clients/disconnect", scopes: ["settings.write"] },
   { endpoint: "debug", scopes: ["settings.read"] },
 
   // Workspace file browsing
@@ -376,6 +374,9 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "config:GET", scopes: ["settings.read"] },
   { endpoint: "config:PATCH", scopes: ["settings.write"] },
 
+  // LLM call site catalog
+  { endpoint: "config/llm/call-sites:GET", scopes: ["settings.read"] },
+
   // Conversation management
   { endpoint: "conversations:DELETE", scopes: ["chat.write"] },
   { endpoint: "conversations/wipe", scopes: ["chat.write"] },
@@ -423,11 +424,8 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "memory/v2/validate:POST", scopes: ["settings.read"] },
   { endpoint: "memory/v2/reembed-skills:POST", scopes: ["settings.write"] },
 
-  // Trust rule CRUD management
+  // Trust rule listing
   { endpoint: "trust-rules/manage:GET", scopes: ["settings.read"] },
-  { endpoint: "trust-rules/manage:POST", scopes: ["settings.write"] },
-  { endpoint: "trust-rules/manage:DELETE", scopes: ["settings.write"] },
-  { endpoint: "trust-rules/manage:PATCH", scopes: ["settings.write"] },
 
   // Computer use
   { endpoint: "computer-use/sessions", scopes: ["chat.write"] },
@@ -488,6 +486,10 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "filing", scopes: ["settings.read"] },
   { endpoint: "filing:POST", scopes: ["settings.write"] },
 
+  // Consolidation (memory v2 counterpart to Filing)
+  { endpoint: "consolidation", scopes: ["settings.read"] },
+  { endpoint: "consolidation:POST", scopes: ["settings.write"] },
+
   // Heartbeat (config, runs, checklist — all share the "heartbeat" policyKey)
   { endpoint: "heartbeat:GET", scopes: ["settings.read"] },
   { endpoint: "heartbeat", scopes: ["settings.write"] },
@@ -699,7 +701,7 @@ registerPolicy("conversations/wipe", {
 
 registerPolicy("trust-rules/suggest", {
   requiredScopes: ["settings.write"],
-  allowedPrincipalTypes: ["local"],
+  allowedPrincipalTypes: ["actor", "svc_gateway", "svc_daemon", "local"],
 });
 
 // Notification pipeline: local-only (CLI / IPC callers)

package/src/runtime/auth/token-service.ts

@@ -215,17 +215,6 @@ export function initAuthSigningKey(key: Buffer): void {
   _authSigningKey = key;
 }
 
-/**
- * Check whether the auth signing key has been initialized.
- *
- * Useful for out-of-process contexts (CLI) that may run without
- * daemon startup, where callers need to decide whether they can
- * mint JWTs or must fall back to the legacy shared-secret token.
- */
-export function isSigningKeyInitialized(): boolean {
-  return _authSigningKey !== undefined;
-}
-
 /**
  * Reset the signing key to undefined. **Test-only** — used to simulate a
  * fresh CLI subprocess where initAuthSigningKey() was never called.

package/src/runtime/channel-approvals.ts

@@ -9,6 +9,7 @@
  *   3. Consume user decisions and apply them to the underlying session
  */
 
+import { findConversation } from "../daemon/conversation-store.js";
 import type { UserDecision } from "../permissions/types.js";
 import { composeApprovalMessage } from "./approval-message-composer.js";
 import type {
@@ -165,13 +166,16 @@ export function handleChannelDecision(
 
   // Map channel-level action to the permission system's UserDecision type.
   const userDecision = mapApprovalActionToUserDecision(decision.action);
+  const conversation = findConversation(resolved.conversationId);
+  if (!conversation) return { applied: false };
+
   if (decisionContext === undefined) {
-    resolved.conversation!.handleConfirmationResponse(
+    conversation.handleConfirmationResponse(
       info.requestId,
       userDecision,
     );
   } else {
-    resolved.conversation!.handleConfirmationResponse(
+    conversation.handleConfirmationResponse(
       info.requestId,
       userDecision,
       undefined,

package/src/runtime/channel-verification-service.ts

@@ -153,9 +153,8 @@ export function createInboundVerificationSession(
  * validates the secret against pending challenges, verifies identity
  * binding, and consumes the challenge. It returns the verification type
  * (guardian or trusted_contact) but does NOT create bindings or apply
- * role-specific side effects — those are handled by callers:
- * verification-intercept.ts (channel verification) and
- * relay-server.ts (voice verification).
+ * role-specific side effects — those are handled by the gateway's
+ * text-verification.ts and voice verification intercepts.
  *
  * On failure the invalid-attempt counter is incremented; after
  * exceeding the threshold the actor is locked out for a cooldown
@@ -308,8 +307,7 @@ export function validateAndConsumeVerification(
   resetRateLimit(channel, actorExternalUserId, actorChatId);
 
   // Return the verification type — role-specific side effects are
-  // handled by callers: verification-intercept (channel) and
-  // relay-server (voice).
+  // handled by the gateway's verification intercepts.
   return {
     success: true,
     verificationType:

package/src/runtime/http-errors.ts

@@ -73,37 +73,3 @@ export function httpError(
   };
   return Response.json(body, { status });
 }
-
-/**
- * Derive the appropriate `HttpErrorCode` from an HTTP status code.
- * Useful when domain functions return a numeric status and a generic error
- * message — this maps the status to a semantically correct error code.
- */
-export function httpErrorCodeFromStatus(status: number): HttpErrorCode {
-  switch (status) {
-    case 400:
-      return "BAD_REQUEST";
-    case 401:
-      return "UNAUTHORIZED";
-    case 403:
-      return "FORBIDDEN";
-    case 404:
-      return "NOT_FOUND";
-    case 409:
-      return "CONFLICT";
-    case 410:
-      return "GONE";
-    case 422:
-      return "UNPROCESSABLE_ENTITY";
-    case 424:
-      return "FAILED_DEPENDENCY";
-    case 429:
-      return "RATE_LIMITED";
-    case 501:
-      return "NOT_IMPLEMENTED";
-    case 503:
-      return "SERVICE_UNAVAILABLE";
-    default:
-      return "INTERNAL_ERROR";
-  }
-}

package/src/runtime/http-router.ts

@@ -16,6 +16,8 @@ import { enforcePolicy, getPolicy } from "./auth/route-policy.js";
 import type { AuthContext } from "./auth/types.js";
 import { httpError } from "./http-errors.js";
 import { withErrorHandling } from "./middleware/error-handler.js";
+import { routeDefinitionsToHTTPRoutes } from "./routes/http-adapter.js";
+import { ROUTES } from "./routes/index.js";
 import type { RoutePathParam } from "./routes/types.js";
 
 // ---------------------------------------------------------------------------
@@ -147,8 +149,8 @@ interface CompiledRoute {
 export class HttpRouter {
   private compiledRoutes: CompiledRoute[] = [];
 
-  constructor(routes: HTTPRouteDefinition[]) {
-    for (const def of routes) {
+  constructor() {
+    for (const def of routeDefinitionsToHTTPRoutes(ROUTES)) {
       this.compiledRoutes.push(compileRoute(def));
     }
   }
@@ -219,7 +221,8 @@ export class HttpRouter {
 // Path-param type → regex fragment
 // ---------------------------------------------------------------------------
 
-const UUID_PATTERN = "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}";
+const UUID_PATTERN =
+  "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}";
 
 /** Map of param type → regex capture group (without the surrounding parens). */
 const PARAM_TYPE_PATTERNS: Record<string, string> = {

package/src/runtime/http-server.ts

@@ -5,7 +5,6 @@
  * configured port (default: 7821).
  */
 
-
 import type { ServerWebSocket } from "bun";
 
 import {
@@ -26,10 +25,8 @@ import {
   handleStatusCallback,
   handleVoiceWebhook,
 } from "../calls/twilio-routes.js";
-import {
-  hasUngatedHttpAuthDisabled,
-  isHttpAuthDisabled,
-} from "../config/env.js";
+import { isHttpAuthDisabled } from "../config/env.js";
+import { getIsPlatform } from "../config/env-registry.js";
 import { getConfig } from "../config/loader.js";
 import { processMessage } from "../daemon/process-message.js";
 import { createLiveVoiceSession } from "../live-voice/live-voice-session.js";
@@ -57,9 +54,7 @@ import { parseSub } from "./auth/subject.js";
 import { verifyToken } from "./auth/token-service.js";
 import { verifyHostBrowserCapability } from "./capability-tokens.js";
 import { sweepFailedEvents } from "./channel-retry-sweep.js";
-import { getChromeExtensionRegistry } from "./chrome-extension-registry.js";
 import { httpError, type HttpErrorCode } from "./http-errors.js";
-import type { HTTPRouteDefinition } from "./http-router.js";
 import { HttpRouter } from "./http-router.js";
 // Middleware
 import {
@@ -101,9 +96,7 @@ import {
   resolveHostBrowserResultByRequestId,
   resolveHostBrowserSessionInvalidated,
 } from "./routes/host-browser-routes.js";
-import { routeDefinitionsToHTTPRoutes } from "./routes/http-adapter.js";
 import { handleHealth, handleReadyz } from "./routes/identity-routes.js";
-import { ROUTES } from "./routes/index.js";
 import { matchSkillRoute } from "./skill-route-registry.js";
 
 // Re-export for consumers
@@ -140,9 +133,8 @@ const MAX_REQUEST_BODY_BYTES = 512 * 1024 * 1024;
 /**
  * WebSocket data attached to `/v1/browser-relay` connections. The route
  * is used exclusively by the chrome-extension CDP proxy — outbound
- * `host_browser_request` frames are pushed through the
- * {@link ChromeExtensionRegistry}, and inbound `host_browser_result`
- * frames are dispatched through
+ * `host_browser_request` frames are pushed through the assistant event
+ * hub, and inbound `host_browser_result` frames are dispatched through
  * `resolveHostBrowserResultByRequestId`. The extension may also submit
  * results via `POST /v1/host-browser-result` (both transports resolve
  * through the same core function).
@@ -152,21 +144,16 @@ interface BrowserRelayWebSocketData {
   connectionId: string;
   /**
    * Guardian identity derived from the JWT claims at WebSocket upgrade
-   * time. Used by the ChromeExtensionRegistry to route
-   * host_browser_request frames to the correct extension. Undefined when
-   * HTTP auth is disabled (dev bypass) or when the token's sub cannot be
-   * parsed into an actor principal.
+   * time. Undefined when HTTP auth is disabled (dev bypass) or when the
+   * token's sub cannot be parsed into an actor principal.
    */
   guardianId?: string;
   /**
    * Stable per-extension-install identifier supplied by the client on
    * the WebSocket handshake (via the `clientInstanceId` query param or
-   * the `x-client-instance-id` header). Plumbed into the
-   * ChromeExtensionRegistry so multiple parallel installs for the same
-   * guardian (e.g. two Chrome profiles, two desktops) don't evict each
-   * other on register/unregister. Undefined on older extension builds
-   * — the registry synthesizes a connection-scoped fallback key in
-   * that case for backwards-compatible single-instance semantics.
+   * the `x-client-instance-id` header). Allows multiple parallel installs
+   * for the same guardian (e.g. two Chrome profiles, two desktops) to
+   * coexist. Undefined on older extension builds.
    */
   clientInstanceId?: string;
 }
@@ -243,7 +230,7 @@ export class RuntimeHttpServer {
     this.liveVoiceSessionManager = new LiveVoiceSessionManager({
       createSession: (context) => createLiveVoiceSession(context),
     });
-    this.router = new HttpRouter(this.buildRouteTable());
+    this.router = new HttpRouter();
   }
 
   /** The port the server is actually listening on (resolved after start). */
@@ -267,23 +254,6 @@ export class RuntimeHttpServer {
       websocket: {
         open: (ws) => {
           const data = ws.data as AllWebSocketData;
-          if ("wsType" in data && data.wsType === "browser-relay") {
-            // When the JWT sub resolved to a guardian principal at upgrade
-            // time, register this connection with the chrome-extension
-            // registry so host_browser_request frames can be routed to it.
-            if (data.guardianId) {
-              const now = Date.now();
-              getChromeExtensionRegistry().register({
-                id: data.connectionId,
-                guardianId: data.guardianId,
-                clientInstanceId: data.clientInstanceId,
-                ws,
-                connectedAt: now,
-                lastActiveAt: now,
-              });
-            }
-            return;
-          }
           if ("wsType" in data && data.wsType === "media-stream") {
             const msData = data as MediaStreamWebSocketData;
             log.info(
@@ -499,11 +469,7 @@ export class RuntimeHttpServer {
                 return;
               }
               case "keepalive": {
-                // Extension keepalive frames refresh the connection's
-                // activity timestamp without producing log noise or
-                // altering routing semantics. Unknown extra keys on
-                // the frame are silently ignored (lenient validation).
-                getChromeExtensionRegistry().touch(data.connectionId);
+                // Extension keepalive — acknowledged, no action needed.
                 return;
               }
               default: {
@@ -564,15 +530,6 @@ export class RuntimeHttpServer {
         },
         close: (ws, code, reason) => {
           const data = ws.data as AllWebSocketData;
-          if ("wsType" in data && data.wsType === "browser-relay") {
-            // Always attempt to unregister — the registry uses connectionId
-            // as the key and no-ops if the entry is absent (e.g. when the
-            // connection was never registered because guardianId was
-            // undefined, or when it was superseded by a newer registration
-            // for the same guardian).
-            getChromeExtensionRegistry().unregister(data.connectionId);
-            return;
-          }
           if ("wsType" in data && data.wsType === "media-stream") {
             const msData = data as MediaStreamWebSocketData;
             log.info(
@@ -661,14 +618,16 @@ export class RuntimeHttpServer {
       );
     }
 
-    if (hasUngatedHttpAuthDisabled()) {
-      log.warn(
-        "DISABLE_HTTP_AUTH is set but VELLUM_UNSAFE_AUTH_BYPASS=1 is not — auth bypass is IGNORED and HTTP authentication remains enabled. Set VELLUM_UNSAFE_AUTH_BYPASS=1 to confirm the bypass.",
-      );
-    } else if (isHttpAuthDisabled()) {
-      log.warn(
-        "DISABLE_HTTP_AUTH is set — HTTP API authentication is DISABLED. All API endpoints are accessible without a bearer token. Do not use in production.",
-      );
+    if (isHttpAuthDisabled()) {
+      if (getIsPlatform()) {
+        log.info(
+          "DISABLE_HTTP_AUTH is set — HTTP auth disabled (expected: platform handles auth)",
+        );
+      } else {
+        log.warn(
+          "DISABLE_HTTP_AUTH is set — HTTP API authentication is DISABLED. All API endpoints are accessible without a bearer token.",
+        );
+      }
     }
 
     log.info(
@@ -1058,9 +1017,7 @@ export class RuntimeHttpServer {
             guardianId = fallbackGuardianId;
           } else {
             // Fail closed: a service-token relay upgrade without a
-            // guardian context cannot be routed safely. Allowing the
-            // upgrade to proceed creates an unscoped socket that never
-            // registers in the ChromeExtensionRegistry.
+            // guardian context cannot be routed safely.
             log.warn(
               {
                 principalType: subResult.ok
@@ -1446,21 +1403,4 @@ export class RuntimeHttpServer {
 
     return null;
   }
-
-  // ---------------------------------------------------------------------------
-  // Declarative route table
-  // ---------------------------------------------------------------------------
-
-  /**
-   * Build the full set of route definitions. Routes are matched in order,
-   * so more specific patterns (e.g. `calls/:id/cancel`) must precede
-   * more general ones (e.g. `calls/:id`).
-   *
-   * Each domain's routes are defined in their own module under
-   * `./routes/` and composed here via spread. The composition order
-   * preserves the original top-to-bottom matching semantics.
-   */
-  private buildRouteTable(): HTTPRouteDefinition[] {
-    return [...routeDefinitionsToHTTPRoutes(ROUTES)];
-  }
 }

package/src/runtime/http-types.ts

@@ -118,6 +118,8 @@ export interface RuntimeMessageConversationOptions {
   isInteractive?: boolean;
   /** Channel command intent metadata (e.g. Telegram /start). */
   commandIntent?: { type: string; payload?: string; languageCode?: string };
+  /** Slack-only non-persisted notice injected into the active model turn. */
+  slackRuntimeContextNotice?: string;
   /** Optional callback to receive real-time agent loop events (text deltas, tool starts, etc.). */
   onEvent?: (msg: ServerMessage) => void;
   /**
@@ -206,6 +208,9 @@ export interface RuntimeMessagePayload {
     riskLevel?: string;
     riskReason?: string;
     autoApproved?: boolean;
+    approvalMode?: string;
+    approvalReason?: string;
+    riskThreshold?: string;
   }>;
   interfaces?: string[];
   surfaces?: Array<{

package/src/runtime/interactive-ui.ts

@@ -46,7 +46,6 @@ export type {
   InteractiveUiRequest,
   InteractiveUiResult,
 } from "./interactive-ui-types.js";
-export { RESERVED_ACTION_IDS } from "./interactive-ui-types.js";
 
 const log = getLogger("interactive-ui");
 

package/src/runtime/middleware/auth.ts

@@ -12,26 +12,6 @@ export function isLoopbackHost(hostname: string): boolean {
   );
 }
 
-/**
- * Stricter loopback-only check: accepts only 127.0.0.0/8, ::1, and their
- * IPv4-mapped IPv6 forms (::ffff:127.x.x.x). Use this instead of
- * isPrivateAddress for endpoints that must be restricted to the local
- * machine in non-containerized deployments.
- */
-export function isLoopbackAddress(addr: string): boolean {
-  const v4Mapped = addr.match(/^::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/i);
-  const normalized = v4Mapped ? v4Mapped[1] : addr;
-
-  if (normalized.includes(".")) {
-    const parts = normalized.split(".").map(Number);
-    if (parts.length !== 4 || parts.some((p) => isNaN(p) || p < 0 || p > 255))
-      return false;
-    return parts[0] === 127;
-  }
-
-  return normalized.toLowerCase() === "::1";
-}
-
 /**
  * @internal Exported for testing.
  *

package/src/runtime/migrations/__tests__/v1-test-helpers.ts

@@ -0,0 +1,112 @@
+/**
+ * Shared test helpers for vbundle v1 manifest fixture builders.
+ *
+ * Most tests don't care about the specific values of the assistant identity,
+ * origin, compatibility, or export-options blocks — they just need the
+ * builder/validator to accept their fixtures. Centralizing the defaults
+ * keeps every test from re-spelling the same six required option fields.
+ */
+
+import { randomUUID } from "node:crypto";
+
+import type {
+  BuildVBundleOptions,
+  VBundleAssistantInfo,
+  VBundleCompatibility,
+  VBundleExportOptions,
+  VBundleOriginInfo,
+} from "../vbundle-builder.js";
+import {
+  computeManifestChecksum,
+  type ManifestFileEntryType,
+  type ManifestType,
+} from "../vbundle-validator.js";
+
+export interface DefaultV1Options {
+  assistant: VBundleAssistantInfo;
+  origin: VBundleOriginInfo;
+  compatibility: VBundleCompatibility;
+  exportOptions: VBundleExportOptions;
+  secretsRedacted: boolean;
+}
+
+/**
+ * Sensible defaults for the six caller-required v1 manifest options.
+ *
+ * `secretsRedacted` defaults to false to match the runtime's typical
+ * "credentials included by design" path; tests that exercise the managed
+ * cross-field refine override `origin.mode` and `secretsRedacted` directly.
+ */
+export function defaultV1Options(): DefaultV1Options {
+  return {
+    assistant: {
+      id: "self",
+      name: "Test",
+      runtime_version: "0.0.0-test",
+    },
+    origin: {
+      mode: "self-hosted-local",
+    },
+    compatibility: {
+      min_runtime_version: "0.0.0-test",
+      max_runtime_version: null,
+    },
+    exportOptions: {
+      include_logs: false,
+      include_browser_state: false,
+      include_memory_vectors: false,
+    },
+    secretsRedacted: false,
+  };
+}
+
+/**
+ * Convenience: spread `defaultV1Options()` into a `BuildVBundleOptions`
+ * with the supplied `files`. Saves repeating the spread at every call site.
+ */
+export function buildVBundleTestOptions(
+  files: BuildVBundleOptions["files"],
+  overrides: Partial<DefaultV1Options> = {},
+): BuildVBundleOptions {
+  return {
+    files,
+    ...defaultV1Options(),
+    ...overrides,
+  };
+}
+
+/**
+ * Build a v1 ManifestType for tests, mirroring buildManifestObject() in
+ * vbundle-builder.ts. Use this in test fixtures that need a synthetic
+ * manifest rather than calling buildVBundle (e.g. cross-version compat
+ * tests that need to mutate fields between emit and validate).
+ *
+ * Pass `overrides` to override any field after the defaults are applied —
+ * useful for negative-path tests that exercise specific schema rejections.
+ * `schema_version` is widened to `number` so negative tests can write 0/2/etc.
+ * The checksum is computed on the merged shape so overrides take effect.
+ */
+export type BuildTestManifestOverrides = Partial<
+  Omit<ManifestType, "schema_version">
+> & { schema_version?: number };
+
+export function buildTestManifest(input: {
+  contents: ManifestFileEntryType[];
+  overrides?: BuildTestManifestOverrides;
+}): ManifestType {
+  const base = defaultV1Options();
+  const merged = {
+    schema_version: 1,
+    bundle_id: randomUUID(),
+    created_at: new Date().toISOString(),
+    assistant: base.assistant,
+    origin: base.origin,
+    compatibility: base.compatibility,
+    contents: input.contents,
+    checksum: "",
+    secrets_redacted: base.secretsRedacted,
+    export_options: base.exportOptions,
+    ...(input.overrides ?? {}),
+  } as ManifestType;
+  return { ...merged, checksum: computeManifestChecksum(merged) };
+}