@vellumai/assistant 0.7.0 → 0.7.1

package/src/__tests__/checker.test.ts

@@ -1,11 +1,7 @@
 // Smoke command (run all security test files together):
 // bun test src/__tests__/checker.test.ts src/__tests__/conversation-skill-tools.test.ts src/__tests__/skill-script-runner-host.test.ts
 
-import {
-  mkdirSync,
-  rmSync,
-  writeFileSync,
-} from "node:fs";
+import { mkdirSync, rmSync, writeFileSync } from "node:fs";
 import { homedir } from "node:os";
 import { join } from "node:path";
 import {
@@ -20,7 +16,6 @@ import {
   test,
 } from "bun:test";
 
-
 const checkerTestDir = process.env.VELLUM_WORKSPACE_DIR!;
 
 // Point the file-based trust backend at the test temp dir.
@@ -376,7 +371,6 @@ describe("Permission Checker", () => {
       );
       expect(result.decision).toBe("prompt");
     });
-
   });
 
   // ── skill-origin tool default-ask policy ─────────────────────
@@ -421,7 +415,6 @@ describe("Permission Checker", () => {
       expect(result.decision).toBe("allow");
       expect(result.reason).toContain("Low risk");
     });
-
   });
 
   // ── workspace files are auto-allowed (low risk) ──────────────
@@ -489,7 +482,6 @@ describe("Permission Checker", () => {
       const result = await check("file_write", { path: guardianPath }, "/tmp");
       expect(result.decision).toBe("allow");
     });
-
   });
 
   // ── generateAllowlistOptions ───────────────────────────────────
@@ -905,7 +897,6 @@ describe("Permission Checker", () => {
       const result = await check("file_write", { path: hookPath }, "/tmp");
       expect(result.decision).toBe("prompt");
     });
-
   });
 
   describe("PolicyContext type (PR 3)", () => {
@@ -977,7 +968,6 @@ describe("Permission Checker", () => {
       expect(result.decision).toBe("prompt");
       expect(result.reason).toContain("above auto-approve threshold");
     });
-
   });
 
   // ── sandbox auto-approve ──
@@ -1226,7 +1216,6 @@ describe("Permission Checker", () => {
       expect(result.decision).toBe("prompt");
       expect(result.reason).toContain("above auto-approve threshold");
     });
-
   });
 
   // ── skill mutation approval regression tests (PR 30) ──────────
@@ -1243,7 +1232,7 @@ describe("Permission Checker", () => {
     describe("strict mode: skill source writes prompt with high risk", () => {
       test("strict mode: file_write to skill source prompts (no implicit allow)", async () => {
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         ensureSkillsDir();
         const skillPath = join(
           checkerTestDir,
@@ -1259,7 +1248,7 @@ describe("Permission Checker", () => {
       test("strict mode: file_edit of skill source prompts (no implicit allow)", async () => {
         mockRisk("high");
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         ensureSkillsDir();
         const skillPath = join(
           checkerTestDir,
@@ -1273,7 +1262,7 @@ describe("Permission Checker", () => {
 
       test("strict mode: file_write to non-skill path prompts as Strict mode", async () => {
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         const normalPath = "/tmp/some-file.txt";
         const result = await check("file_write", { path: normalPath }, "/tmp");
         expect(result.decision).toBe("prompt");
@@ -1296,7 +1285,7 @@ describe("Permission Checker", () => {
 
       test("strict mode: host_file_write to skill source prompts (high risk overrides host ask)", async () => {
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         ensureSkillsDir();
         const skillPath = join(
           checkerTestDir,
@@ -1314,7 +1303,7 @@ describe("Permission Checker", () => {
 
       test("strict mode: host_file_edit of skill source prompts", async () => {
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         ensureSkillsDir();
         const skillPath = join(
           checkerTestDir,
@@ -1398,7 +1387,6 @@ describe("Permission Checker", () => {
       expect(options).toHaveLength(1);
       expect(options[0].pattern).toBe("skill_load:*");
     });
-
   });
 
   // ── strict mode: skill_load behavior ──
@@ -1416,7 +1404,6 @@ describe("Permission Checker", () => {
       const result = await check("skill_load", { skill: "any-skill" }, "/tmp");
       expect(result.decision).toBe("allow");
     });
-
   });
 
   // ══════════════════════════════════════════════════════════════════
@@ -1433,7 +1420,7 @@ describe("Permission Checker", () => {
     describe("Invariant 1: strict mode requires explicit matching rule for every tool", () => {
       test("bash prompts in strict mode (no default allow rule outside container)", async () => {
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         const result = await check("bash", { command: "echo hello" }, "/tmp");
         expect(result.decision).toBe("prompt");
         expect(result.reason).toContain("above auto-approve threshold");
@@ -1441,7 +1428,7 @@ describe("Permission Checker", () => {
 
       test("low-risk host_bash prompts in strict mode (no matching rule)", async () => {
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         const result = await check(
           "host_bash",
           { command: "echo hello" },
@@ -1453,7 +1440,7 @@ describe("Permission Checker", () => {
 
       test("low-risk file_read with no rule prompts in strict mode", async () => {
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         const result = await check(
           "file_read",
           { path: "/tmp/test.txt" },
@@ -1465,7 +1452,7 @@ describe("Permission Checker", () => {
 
       test("low-risk skill_load prompts in strict mode without an explicit rule", async () => {
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         const result = await check(
           "skill_load",
           { skill: "any-skill" },
@@ -1477,7 +1464,7 @@ describe("Permission Checker", () => {
 
       test("low-risk file_write with no rule prompts in strict mode", async () => {
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         const result = await check(
           "file_write",
           { path: "/tmp/file.txt" },
@@ -1490,7 +1477,7 @@ describe("Permission Checker", () => {
       test("high-risk bash prompts in strict mode (no default allow rule outside container)", async () => {
         mockRisk("high");
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         const result = await check(
           "bash",
           { command: "sudo apt update" },
@@ -1501,7 +1488,7 @@ describe("Permission Checker", () => {
 
       test("high-risk host_bash command with no user rule prompts in strict mode", async () => {
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         const result = await check(
           "host_bash",
           { command: "sudo apt update" },
@@ -1512,19 +1499,18 @@ describe("Permission Checker", () => {
 
       test("skill-origin tool with no rule prompts in strict mode", async () => {
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         const result = await check("skill_test_tool", {}, "/tmp");
         expect(result.decision).toBe("prompt");
       });
 
       test("bundled skill-origin tool with no rule prompts in strict mode", async () => {
         mockIpcResponse("get_global_thresholds", STRICT_GATEWAY_THRESHOLDS);
-      _clearGlobalCacheForTesting();
+        _clearGlobalCacheForTesting();
         const result = await check("skill_bundled_test_tool", {}, "/tmp");
         expect(result.decision).toBe("prompt");
         expect(result.reason).toContain("above auto-approve threshold");
       });
-
     });
 
     // ── Invariant 4: Host execution approvals — high risk prompts ──
@@ -1532,7 +1518,11 @@ describe("Permission Checker", () => {
     describe("Invariant 4: high-risk host execution always prompts", () => {
       test("host_bash high risk prompts", async () => {
         mockRisk("high");
-        const result = await check("host_bash", { command: "sudo rm -rf /" }, "/tmp");
+        const result = await check(
+          "host_bash",
+          { command: "sudo rm -rf /" },
+          "/tmp",
+        );
         expect(result.decision).toBe("prompt");
       });
 
@@ -1555,7 +1545,6 @@ describe("Permission Checker", () => {
         );
         expect(result.decision).toBe("prompt");
       });
-
     });
   });
 });
@@ -1607,7 +1596,6 @@ describe("bash network_mode=proxied — risk capped at medium", () => {
     );
     expect(result.decision).toBe("allow");
   });
-
 });
 
 describe("workspace mode — auto-allow workspace-scoped operations", () => {
@@ -1755,7 +1743,6 @@ describe("workspace mode — auto-allow workspace-scoped operations", () => {
     expect(result.decision).toBe("prompt");
     expect(result.reason).toContain("risk");
   });
-
 });
 
 describe("integration regressions (PR 11)", () => {
@@ -1814,5 +1801,4 @@ describe("integration regressions (PR 11)", () => {
       nonHostScopes.map((s) => s.scope),
     );
   });
-
 });

package/src/__tests__/compact-event-conversation-id-guard.test.ts

@@ -0,0 +1,50 @@
+/**
+ * Guard test: every `assistant_text_delta` emission in the `/compact` and
+ * other slash-command completion paths must carry `conversationId` on the
+ * message body.
+ *
+ * Without this, a long-running compaction can finish after the user has
+ * switched conversations, and the macOS client's `belongsToConversation(nil)`
+ * check (which accepts nil ids as system events) renders the completion text
+ * into whichever VM is currently active — leaking the message into the
+ * wrong conversation.
+ */
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+import { describe, expect, test } from "bun:test";
+
+const SCANNED_FILES = [
+  "runtime/routes/conversation-routes.ts",
+  "daemon/conversation-process.ts",
+];
+
+describe("compact slash-command emits conversationId on assistant_text_delta", () => {
+  for (const relativePath of SCANNED_FILES) {
+    test(`${relativePath} tags every assistant_text_delta with conversationId`, () => {
+      const fullPath = join(__dirname, "..", relativePath);
+      const source = readFileSync(fullPath, "utf-8");
+
+      // Find every `type: "assistant_text_delta"` literal and inspect the
+      // surrounding object literal for a `conversationId` key. Looking at a
+      // ~200-char window forward covers multi-line object literals while
+      // staying tight enough to avoid matching unrelated nearby code.
+      const TYPE_LITERAL = /type:\s*"assistant_text_delta"/g;
+      const offsets: number[] = [];
+      let match: RegExpExecArray | null;
+      while ((match = TYPE_LITERAL.exec(source)) !== null) {
+        offsets.push(match.index);
+      }
+      expect(offsets.length).toBeGreaterThan(0);
+
+      const violations: string[] = [];
+      for (const offset of offsets) {
+        const window = source.slice(offset, offset + 200);
+        if (!/conversationId/.test(window)) {
+          const lineNumber = source.slice(0, offset).split("\n").length;
+          violations.push(`${relativePath}:${lineNumber}`);
+        }
+      }
+      expect(violations).toEqual([]);
+    });
+  }
+});

package/src/__tests__/compaction-events.test.ts

@@ -87,6 +87,8 @@ mock.module("../config/loader.js", () => ({
       pricingOverrides: [],
     },
     rateLimit: { maxRequestsPerMinute: 0 },
+    memory: { v2: { enabled: false } },
+    conversations: { skipAutoRetitling: false },
     timeouts: { permissionTimeoutSec: 1 },
     skills: { entries: {}, allowBundled: true },
     permissions: { mode: "workspace" },

package/src/__tests__/config-schema.test.ts

@@ -57,10 +57,12 @@ import { invalidateConfigCache, loadConfig } from "../config/loader.js";
 import {
   AssistantConfigSchema,
   DEFAULT_ELEVENLABS_VOICE_ID,
-  SttServiceSchema,
-  TtsServiceSchema,
-  VALID_TTS_SERVICE_PROVIDERS,
 } from "../config/schema.js";
+import { SttServiceSchema } from "../config/schemas/stt.js";
+import {
+  TtsServiceSchema,
+  VALID_TTS_PROVIDERS as VALID_TTS_SERVICE_PROVIDERS,
+} from "../config/schemas/tts.js";
 import type { AssistantConfig } from "../config/types.js";
 import { _setStorePath } from "../security/encrypted-store.js";
 import { listCatalogProviderIds } from "../tts/provider-catalog.js";
@@ -126,9 +128,7 @@ describe("AssistantConfigSchema", () => {
     });
     expect(result.secretDetection).toEqual({
       enabled: true,
-      action: "redact",
       blockIngress: true,
-      entropyThreshold: 4.0,
       allowOneTimeSend: false,
     });
     expect(result.auditLog).toEqual({ retentionDays: 0 });
@@ -151,9 +151,7 @@ describe("AssistantConfigSchema", () => {
       rateLimit: { maxRequestsPerMinute: 10 },
       secretDetection: {
         enabled: false,
-        action: "block" as const,
         blockIngress: false,
-        entropyThreshold: 5.5,
       },
       auditLog: { retentionDays: 30 },
     };
@@ -162,7 +160,7 @@ describe("AssistantConfigSchema", () => {
     expect(result.llm.default.model).toBe("gpt-4");
     expect(result.llm.default.maxTokens).toBe(4096);
     expect(result.llm.default.thinking.enabled).toBe(true);
-    expect(result.secretDetection.action).toBe("block");
+    expect(result.secretDetection.enabled).toBe(false);
   });
 
   test("applies llm defaults when llm key is omitted", () => {
@@ -577,24 +575,6 @@ describe("AssistantConfigSchema", () => {
     }
   });
 
-  test("rejects invalid secretDetection.action", () => {
-    const result = AssistantConfigSchema.safeParse({
-      secretDetection: { action: "explode" },
-    });
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      const msgs = result.error.issues.map((i) => i.message);
-      expect(msgs.some((m) => m.includes("secretDetection.action"))).toBe(true);
-    }
-  });
-
-  test("rejects negative secretDetection.entropyThreshold", () => {
-    const result = AssistantConfigSchema.safeParse({
-      secretDetection: { entropyThreshold: -1 },
-    });
-    expect(result.success).toBe(false);
-  });
-
   test("rejects negative rateLimit values", () => {
     const result = AssistantConfigSchema.safeParse({
       rateLimit: { maxRequestsPerMinute: -1 },
@@ -641,19 +621,9 @@ describe("AssistantConfigSchema", () => {
     }
   });
 
-  test("accepts all valid secretDetection.action values", () => {
-    for (const action of ["redact", "warn", "block"] as const) {
-      const result = AssistantConfigSchema.safeParse({
-        secretDetection: { action },
-      });
-      expect(result.success).toBe(true);
-    }
-  });
-
   test("provides helpful error messages", () => {
     const result = AssistantConfigSchema.safeParse({
       llm: { default: { maxTokens: -1 } },
-      secretDetection: { action: "explode" },
     });
     expect(result.success).toBe(false);
     if (!result.success) {
@@ -665,12 +635,6 @@ describe("AssistantConfigSchema", () => {
           (m) => m.includes("positive") || /expected number to be >0/i.test(m),
         ),
       ).toBe(true);
-      expect(
-        messages.some(
-          (m) =>
-            m.includes("redact") && m.includes("warn") && m.includes("block"),
-        ),
-      ).toBe(true);
     }
   });
 
@@ -2179,12 +2143,6 @@ describe("loadConfig with schema validation", () => {
     expect(config.timeouts.permissionTimeoutSec).toBe(300);
   });
 
-  test("falls back for invalid secretDetection.action", () => {
-    writeConfig({ secretDetection: { action: "explode" } });
-    const config = loadConfig();
-    expect(config.secretDetection.action).toBe("redact");
-  });
-
   test("falls back for invalid contextWindow relationship", () => {
     writeConfig({
       llm: {

package/src/__tests__/config-watcher.test.ts

@@ -73,6 +73,7 @@ mock.module("../config/loader.js", () => ({
   getConfig: () => ({
     ui: {},
   }),
+  loadConfig: () => ({ ui: {} }),
   invalidateConfigCache: () => {},
 }));
 
@@ -85,6 +86,9 @@ mock.module("../permissions/trust-store.js", () => ({
 }));
 
 mock.module("../providers/registry.js", () => ({
+  getProvider: () => undefined,
+  listProviders: () => [],
+  getProviderRoutingSource: () => undefined,
   initializeProviders: () => {},
 }));
 
@@ -96,6 +100,14 @@ mock.module("../signals/conversation-undo.js", () => ({
   handleConversationUndoSignal: () => {},
 }));
 
+mock.module("../signals/user-message.js", () => ({
+  handleUserMessageSignal: async () => {},
+}));
+
+mock.module("../signals/cancel.js", () => ({
+  handleCancelSignal: () => {},
+}));
+
 // Import after mocks are set up
 const { ConfigWatcher } = await import("../daemon/config-watcher.js");
 

package/src/__tests__/connection-policy.test.ts

@@ -1,57 +1,6 @@
 import { describe, expect, test } from "bun:test";
 
-import {
-  hasNoAuthOverride,
-  shouldAutoStartDaemon,
-} from "../daemon/connection-policy.js";
-
-describe("hasNoAuthOverride", () => {
-  test("returns false when VELLUM_DAEMON_NOAUTH is not set", () => {
-    expect(hasNoAuthOverride({})).toBe(false);
-  });
-
-  test("returns false when VELLUM_DAEMON_NOAUTH is empty", () => {
-    expect(hasNoAuthOverride({ VELLUM_DAEMON_NOAUTH: "" })).toBe(false);
-  });
-
-  test("returns false when VELLUM_DAEMON_NOAUTH is whitespace", () => {
-    expect(hasNoAuthOverride({ VELLUM_DAEMON_NOAUTH: "   " })).toBe(false);
-  });
-
-  test("returns false when VELLUM_DAEMON_NOAUTH is 0", () => {
-    expect(hasNoAuthOverride({ VELLUM_DAEMON_NOAUTH: "0" })).toBe(false);
-  });
-
-  test("returns false when VELLUM_DAEMON_NOAUTH is false", () => {
-    expect(hasNoAuthOverride({ VELLUM_DAEMON_NOAUTH: "false" })).toBe(false);
-  });
-
-  test("returns true when VELLUM_DAEMON_NOAUTH is 1 with safety gate", () => {
-    expect(
-      hasNoAuthOverride({
-        VELLUM_DAEMON_NOAUTH: "1",
-        VELLUM_UNSAFE_AUTH_BYPASS: "1",
-      }),
-    ).toBe(true);
-  });
-
-  test("returns false when VELLUM_DAEMON_NOAUTH is 1 without safety gate", () => {
-    expect(hasNoAuthOverride({ VELLUM_DAEMON_NOAUTH: "1" })).toBe(false);
-  });
-
-  test("returns true when VELLUM_DAEMON_NOAUTH is true with safety gate", () => {
-    expect(
-      hasNoAuthOverride({
-        VELLUM_DAEMON_NOAUTH: "true",
-        VELLUM_UNSAFE_AUTH_BYPASS: "1",
-      }),
-    ).toBe(true);
-  });
-
-  test("returns false when VELLUM_DAEMON_NOAUTH is true without safety gate", () => {
-    expect(hasNoAuthOverride({ VELLUM_DAEMON_NOAUTH: "true" })).toBe(false);
-  });
-});
+import { shouldAutoStartDaemon } from "../daemon/connection-policy.js";
 
 describe("shouldAutoStartDaemon", () => {
   test("returns true by default (no env vars set)", () => {

package/src/__tests__/contacts-write.test.ts

@@ -8,7 +8,7 @@
  * writes land under that temp dir and are cleaned up automatically.
  */
 
-import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { existsSync } from "node:fs";
 import { join } from "node:path";
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
@@ -19,10 +19,7 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-import {
-  createGuardianBinding,
-  upsertContactChannel,
-} from "../contacts/contacts-write.js";
+import { upsertContactChannel } from "../contacts/contacts-write.js";
 import { getSqlite } from "../memory/db-connection.js";
 import { initializeDb } from "../memory/db-init.js";
 initializeDb();
@@ -47,65 +44,6 @@ function userFilePath(slug: string): string {
   return join(workspaceDir(), "users", slug);
 }
 
-describe("createGuardianBinding seeds users/<slug>.md", () => {
-  beforeEach(() => {
-    resetContactTables();
-  });
-
-  test("writes the persona template scaffold on first creation", () => {
-    createGuardianBinding({
-      channel: "telegram",
-      guardianExternalUserId: "Chris",
-      guardianDeliveryChatId: "chat-chris",
-      guardianPrincipalId: "principal-chris",
-      verifiedVia: "challenge",
-    });
-
-    const expectedPath = userFilePath("chris.md");
-    expect(existsSync(expectedPath)).toBe(true);
-
-    const content = readFileSync(expectedPath, "utf-8");
-    expect(content).toContain("# User Profile");
-    expect(content).toContain("Preferred name/reference:");
-    expect(content).toContain("Daily tools:");
-    // Template comment-line prefix survives verbatim.
-    expect(content.startsWith("_ Lines starting with _ are comments")).toBe(
-      true,
-    );
-  });
-
-  test("does not clobber a pre-existing customized users/<slug>.md", () => {
-    // First creation seeds the scaffold.
-    createGuardianBinding({
-      channel: "telegram",
-      guardianExternalUserId: "Alice",
-      guardianDeliveryChatId: "chat-alice",
-      guardianPrincipalId: "principal-alice",
-      verifiedVia: "challenge",
-    });
-
-    const expectedPath = userFilePath("alice.md");
-    expect(existsSync(expectedPath)).toBe(true);
-
-    // User customizes the file manually.
-    const customContent = "# Alice's Profile\n\n- Loves kayaking\n";
-    writeFileSync(expectedPath, customContent, "utf-8");
-
-    // Re-running createGuardianBinding (idempotent re-verification) must
-    // not overwrite the user's edits.
-    createGuardianBinding({
-      channel: "telegram",
-      guardianExternalUserId: "Alice",
-      guardianDeliveryChatId: "chat-alice",
-      guardianPrincipalId: "principal-alice",
-      verifiedVia: "challenge",
-    });
-
-    const afterContent = readFileSync(expectedPath, "utf-8");
-    expect(afterContent).toBe(customContent);
-  });
-});
-
 // Invariant: `upsertContactChannel` must not seed `users/<slug>.md`. Seeding
 // there fires the users/ directory watcher on every inbound message
 // from a new contact and evicts live conversations. Seeding is

package/src/__tests__/context-image-dimensions.test.ts

@@ -321,7 +321,7 @@ describe("parseImageDimensions", () => {
       const pngPath = join(
         import.meta.dir,
         "../../..",
-        "clients/chrome-extension/icons/icon16.png",
+        "clients/chrome-extension/icons/production/icon16.png",
       );
       const pngData = readFileSync(pngPath);
       const base64 = pngData.toString("base64");