@vellumai/assistant 0.7.1 → 0.7.2

package/src/__tests__/host-cu-proxy.test.ts

@@ -1,7 +1,6 @@
 import { afterEach, describe, expect, jest, mock, test } from "bun:test";
 
 const sentMessages: unknown[] = [];
-const resolvedInteractionIds: string[] = [];
 let mockHasClient = false;
 
 mock.module("../runtime/assistant-event-hub.js", () => ({
@@ -12,17 +11,8 @@ mock.module("../runtime/assistant-event-hub.js", () => ({
   },
 }));
 
-mock.module("../runtime/pending-interactions.js", () => ({
-  resolve: (requestId: string) => {
-    resolvedInteractionIds.push(requestId);
-    return undefined;
-  },
-  get: () => undefined,
-  getByKind: () => [],
-  getByConversation: () => [],
-  removeByConversation: () => {},
-}));
-
+// Use the REAL pending-interactions module — the proxy self-registers here.
+const pendingInteractions = await import("../runtime/pending-interactions.js");
 const { HostCuProxy } = await import("../daemon/host-cu-proxy.js");
 
 describe("HostCuProxy", () => {
@@ -30,13 +20,14 @@ describe("HostCuProxy", () => {
 
   function setup(maxSteps?: number) {
     sentMessages.length = 0;
-    resolvedInteractionIds.length = 0;
     mockHasClient = false;
+    pendingInteractions.clear();
     proxy = new HostCuProxy(maxSteps);
   }
 
   afterEach(() => {
     proxy?.dispose();
+    pendingInteractions.clear();
   });
 
   // -------------------------------------------------------------------------
@@ -66,9 +57,9 @@ describe("HostCuProxy", () => {
       expect(typeof sent.requestId).toBe("string");
 
       const requestId = sent.requestId as string;
-      expect(proxy.hasPendingRequest(requestId)).toBe(true);
+      expect(pendingInteractions.get(requestId)).toBeDefined();
 
-      proxy.resolve(requestId, {
+      proxy.processObservation(requestId, {
         axTree: "Button [1]\nLabel [2]",
         executionResult: "Clicked element 42",
       });
@@ -78,7 +69,7 @@ describe("HostCuProxy", () => {
       expect(result.content).toContain("<ax-tree>");
       expect(result.content).toContain("CURRENT SCREEN STATE:");
       expect(result.isError).toBe(false);
-      expect(proxy.hasPendingRequest(requestId)).toBe(false);
+      expect(pendingInteractions.get(requestId)).toBeUndefined();
     });
 
     test("formats error observation correctly", async () => {
@@ -94,7 +85,7 @@ describe("HostCuProxy", () => {
       const sent = sentMessages[0] as Record<string, unknown>;
       const requestId = sent.requestId as string;
 
-      proxy.resolve(requestId, {
+      proxy.processObservation(requestId, {
         executionError: "Element not found",
         axTree: "Window [1]",
       });
@@ -118,7 +109,7 @@ describe("HostCuProxy", () => {
       const sent = sentMessages[0] as Record<string, unknown>;
       const requestId = sent.requestId as string;
 
-      proxy.resolve(requestId, {
+      proxy.processObservation(requestId, {
         axTree: "Button [1]",
         screenshot: "base64data",
         screenshotWidthPx: 1920,
@@ -142,7 +133,7 @@ describe("HostCuProxy", () => {
     test("resolves with unknown requestId is silently ignored", () => {
       setup();
       // Should not throw
-      proxy.resolve("unknown-id", { axTree: "something" });
+      proxy.processObservation("unknown-id", { axTree: "something" });
     });
   });
 
@@ -165,10 +156,10 @@ describe("HostCuProxy", () => {
 
       const sent = sentMessages[0] as Record<string, unknown>;
       const requestId = sent.requestId as string;
-      expect(proxy.hasPendingRequest(requestId)).toBe(true);
+      expect(pendingInteractions.get(requestId)).toBeDefined();
 
       // Resolve to avoid test hanging
-      proxy.resolve(requestId, { axTree: "resolved" });
+      proxy.processObservation(requestId, { axTree: "resolved" });
       await resultPromise;
     });
   });
@@ -193,14 +184,14 @@ describe("HostCuProxy", () => {
 
       const sent = sentMessages[0] as Record<string, unknown>;
       const requestId = sent.requestId as string;
-      expect(proxy.hasPendingRequest(requestId)).toBe(true);
+      expect(pendingInteractions.get(requestId)).toBeDefined();
 
       controller.abort();
 
       const result = await resultPromise;
       expect(result.content).toContain("Aborted");
       expect(result.isError).toBe(true);
-      expect(proxy.hasPendingRequest(requestId)).toBe(false);
+      expect(pendingInteractions.get(requestId)).toBeUndefined();
     });
 
     test("sends host_cu_cancel to client on abort", async () => {
@@ -296,7 +287,7 @@ describe("HostCuProxy", () => {
       expect(sentMessages).toHaveLength(1); // Message was sent
 
       const sent = sentMessages[0] as Record<string, unknown>;
-      proxy.resolve(sent.requestId as string, { axTree: "screen" });
+      proxy.processObservation(sent.requestId as string, { axTree: "screen" });
 
       const result = await resultPromise;
       expect(result.isError).toBe(false);
@@ -370,7 +361,7 @@ describe("HostCuProxy", () => {
       );
       proxy.recordAction("computer_use_click", { element_id: 1 });
       const sent1 = sentMessages[0] as Record<string, unknown>;
-      proxy.resolve(sent1.requestId as string, {
+      proxy.processObservation(sent1.requestId as string, {
         axTree: "Button [1]",
       });
       await p1;
@@ -384,7 +375,7 @@ describe("HostCuProxy", () => {
       );
       proxy.recordAction("computer_use_click", { element_id: 1 });
       const sent2 = sentMessages[1] as Record<string, unknown>;
-      proxy.resolve(sent2.requestId as string, {
+      proxy.processObservation(sent2.requestId as string, {
         axTree: "Button [1]",
         // No axDiff — screen unchanged
       });
@@ -402,7 +393,7 @@ describe("HostCuProxy", () => {
       );
       proxy.recordAction("computer_use_click", { element_id: 1 });
       const sent3 = sentMessages[2] as Record<string, unknown>;
-      proxy.resolve(sent3.requestId as string, {
+      proxy.processObservation(sent3.requestId as string, {
         axTree: "Button [1]",
       });
       const result3 = await p3;
@@ -424,7 +415,7 @@ describe("HostCuProxy", () => {
         1,
       );
       const sent1 = sentMessages[0] as Record<string, unknown>;
-      proxy.resolve(sent1.requestId as string, {
+      proxy.processObservation(sent1.requestId as string, {
         axTree: "Button [1]",
         // No axDiff on first observation — this is normal, not unchanged
       });
@@ -444,7 +435,7 @@ describe("HostCuProxy", () => {
       );
       proxy.recordAction("computer_use_click", { element_id: 1 });
       const sent1 = sentMessages[0] as Record<string, unknown>;
-      proxy.resolve(sent1.requestId as string, {
+      proxy.processObservation(sent1.requestId as string, {
         axTree: "Button [1]",
       });
       await p1;
@@ -458,7 +449,7 @@ describe("HostCuProxy", () => {
       );
       proxy.recordAction("computer_use_wait", { duration_ms: 2000 });
       const sent2 = sentMessages[1] as Record<string, unknown>;
-      proxy.resolve(sent2.requestId as string, {
+      proxy.processObservation(sent2.requestId as string, {
         axTree: "Button [1]",
         // No axDiff — screen unchanged, but that's expected after wait
       });
@@ -478,7 +469,7 @@ describe("HostCuProxy", () => {
       );
       proxy.recordAction("computer_use_click", { element_id: 1 });
       const sent1 = sentMessages[0] as Record<string, unknown>;
-      proxy.resolve(sent1.requestId as string, {
+      proxy.processObservation(sent1.requestId as string, {
         axTree: "Button [1]",
       });
       await p1;
@@ -492,7 +483,7 @@ describe("HostCuProxy", () => {
       );
       proxy.recordAction("computer_use_click", { element_id: 1 });
       const sent2 = sentMessages[1] as Record<string, unknown>;
-      proxy.resolve(sent2.requestId as string, {
+      proxy.processObservation(sent2.requestId as string, {
         axTree: "Button [1]",
       });
       await p2;
@@ -507,7 +498,7 @@ describe("HostCuProxy", () => {
       );
       proxy.recordAction("computer_use_click", { element_id: 2 });
       const sent3 = sentMessages[2] as Record<string, unknown>;
-      proxy.resolve(sent3.requestId as string, {
+      proxy.processObservation(sent3.requestId as string, {
         axTree: "TextField [1]",
         axDiff: "+ TextField [1]\n- Button [1]",
       });
@@ -719,11 +710,11 @@ describe("HostCuProxy", () => {
 
       const sent = sentMessages[0] as Record<string, unknown>;
       const requestId = sent.requestId as string;
-      expect(proxy.hasPendingRequest(requestId)).toBe(true);
+      expect(pendingInteractions.get(requestId)).toBeDefined();
 
       proxy.dispose();
 
-      expect(proxy.hasPendingRequest(requestId)).toBe(false);
+      expect(pendingInteractions.get(requestId)).toBeUndefined();
       await expect(resultPromise).rejects.toThrow("Host CU proxy disposed");
     });
 
@@ -786,9 +777,9 @@ describe("HostCuProxy", () => {
       expect(result.content).toContain("Aborted");
 
       // Late resolve should be silently ignored (no throw, no double-resolve)
-      proxy.resolve(requestId, { axTree: "late response" });
+      proxy.processObservation(requestId, { axTree: "late response" });
 
-      expect(proxy.hasPendingRequest(requestId)).toBe(false);
+      expect(pendingInteractions.get(requestId)).toBeUndefined();
     });
   });
 
@@ -811,17 +802,11 @@ describe("HostCuProxy", () => {
       const s = source as any;
       const origAdd = source.addEventListener.bind(source);
       const origRemove = source.removeEventListener.bind(source);
-      s.addEventListener = (
-        type: string,
-        ...rest: any[]
-      ) => {
+      s.addEventListener = (type: string, ...rest: any[]) => {
         addCalls.push(type);
         return (origAdd as any)(type, ...rest);
       };
-      s.removeEventListener = (
-        type: string,
-        ...rest: any[]
-      ) => {
+      s.removeEventListener = (type: string, ...rest: any[]) => {
         removeCalls.push(type);
         return (origRemove as any)(type, ...rest);
       };
@@ -847,7 +832,7 @@ describe("HostCuProxy", () => {
 
       const requestId = (sentMessages[0] as Record<string, unknown>)
         .requestId as string;
-      proxy.resolve(requestId, { axTree: "Button [1]" });
+      proxy.processObservation(requestId, { axTree: "Button [1]" });
       await resultPromise;
 
       // Listener is detached after normal completion.
@@ -881,7 +866,7 @@ describe("HostCuProxy", () => {
 
         const requestId = (sentMessages[0] as Record<string, unknown>)
           .requestId as string;
-        expect(proxy.hasPendingRequest(requestId)).toBe(true);
+        expect(pendingInteractions.get(requestId)).toBeDefined();
 
         // Advance past the 60s internal timeout.
         jest.advanceTimersByTime(61 * 1000);
@@ -889,7 +874,7 @@ describe("HostCuProxy", () => {
         const result = await resultPromise;
         expect(result.isError).toBe(true);
         expect(result.content).toContain("Host CU proxy timed out");
-        expect(proxy.hasPendingRequest(requestId)).toBe(false);
+        expect(pendingInteractions.get(requestId)).toBeUndefined();
 
         // Listener is detached after the timer fires.
         expect(spy.removeCalls).toEqual(["abort"]);
@@ -927,7 +912,7 @@ describe("HostCuProxy", () => {
       controller.abort();
 
       await resultPromise;
-      expect(resolvedInteractionIds).toContain(requestId);
+      expect(pendingInteractions.get(requestId)).toBeUndefined();
     });
 
     test("fires on dispose", async () => {
@@ -948,7 +933,7 @@ describe("HostCuProxy", () => {
       // dispose rejects pending requests — catch to avoid unhandled rejection
       await resultPromise.catch(() => {});
 
-      expect(resolvedInteractionIds).toContain(requestId);
+      expect(pendingInteractions.get(requestId)).toBeUndefined();
     });
 
     test("does not fire on normal client-initiated resolve", async () => {
@@ -964,10 +949,10 @@ describe("HostCuProxy", () => {
       const sent = sentMessages[0] as Record<string, unknown>;
       const requestId = sent.requestId as string;
 
-      proxy.resolve(requestId, { axTree: "Button [1]" });
+      proxy.processObservation(requestId, { axTree: "Button [1]" });
 
       await resultPromise;
-      expect(resolvedInteractionIds).toEqual([]);
+      expect(pendingInteractions.get(requestId)).toBeUndefined();
     });
   });
 
@@ -988,4 +973,8 @@ describe("HostCuProxy", () => {
       expect(proxy.isAvailable()).toBe(true);
     });
   });
+
+  // targetClientId validation lives at the surfaceProxyResolver layer (so an
+  // invalid ID does not burn a step or pollute action history before being
+  // rejected). See cu-unified-flow.test.ts for those tests.
 });

package/src/__tests__/host-cu-routes-targeted.test.ts

@@ -0,0 +1,300 @@
+/**
+ * Tests for the host-cu-result route 403 guard introduced in Phase 2.
+ *
+ * Covers:
+ *  1. Targeted + correct x-vellum-client-id header → 200 accepted
+ *  2. Targeted + missing header → 400 BadRequestError
+ *  3. Targeted + wrong header → 403 ForbiddenError, interaction NOT consumed
+ *  4. Untargeted (no targetClientId, no header) → 200 accepted (regression)
+ *
+ * Resolution goes through conversation.hostCuProxy?.resolve(...). The
+ * conversation store is mocked to return a controlled conversation object.
+ *
+ * Note: host-cu-routes.ts has a deep import chain (conversation-store →
+ * conversation.ts → ces-client → service-contracts) that requires mocking
+ * before the module loads. We use dynamic imports to ensure all mocks are
+ * registered before the route module is evaluated.
+ */
+import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
+
+// ── Module mocks ─────────────────────────────────────────────────────────────
+// Must be registered before the host-cu-routes module is loaded.
+
+mock.module("../config/env.js", () => ({
+  isHttpAuthDisabled: () => true,
+  hasUngatedHttpAuthDisabled: () => false,
+  getPlatformBaseUrl: () => "https://platform.example.com",
+  getGatewayInternalBaseUrl: () => "http://localhost:8080",
+  getIngressPublicBaseUrl: () => undefined,
+  setIngressPublicBaseUrl: () => {},
+  getRuntimeHttpPort: () => 3000,
+  getRuntimeHttpHost: () => "0.0.0.0",
+  getSentryDsn: () => "",
+  getQdrantUrlEnv: () => undefined,
+  getQdrantHttpPortEnv: () => undefined,
+  getQdrantReadyzTimeoutMs: () => undefined,
+  getOllamaBaseUrlEnv: () => undefined,
+  setPlatformBaseUrl: () => {},
+  getAssistantDomain: () => "example.com",
+  setPlatformAssistantId: () => {},
+  getPlatformAssistantId: () => "test-assistant-id",
+  setPlatformOrganizationId: () => {},
+  getPlatformOrganizationId: () => "test-org-id",
+  setPlatformUserId: () => {},
+  getPlatformUserId: () => "test-user-id",
+  getPlatformInternalApiKey: () => "test-api-key",
+  validateEnv: () => {},
+}));
+
+import type { PendingInteraction } from "../runtime/pending-interactions.js";
+
+const pendingStore = new Map<string, PendingInteraction>();
+const resolvedIds: string[] = [];
+
+mock.module("../runtime/pending-interactions.js", () => ({
+  get: (requestId: string) => pendingStore.get(requestId),
+  resolve: (requestId: string) => {
+    const entry = pendingStore.get(requestId);
+    if (entry) {
+      pendingStore.delete(requestId);
+      resolvedIds.push(requestId);
+    }
+    return entry;
+  },
+}));
+
+interface CuResolveCall {
+  requestId: string;
+  payload: Record<string, unknown>;
+}
+
+const cuResolveSpy: CuResolveCall[] = [];
+
+// Controlled conversation map: conversationId → conversation object
+const conversationStore = new Map<string, { hostCuProxy?: { processObservation: (...args: unknown[]) => void } }>();
+
+mock.module("../daemon/conversation-store.js", () => ({
+  findConversation: (conversationId: string) => conversationStore.get(conversationId),
+}));
+
+// ── Real imports (after mocks) ──────────────────────────────────────────────
+// Use dynamic import to ensure the mocks above are applied before loading.
+
+import {
+  BadRequestError,
+  ForbiddenError,
+} from "../runtime/routes/errors.js";
+
+const { ROUTES } = await import("../runtime/routes/host-cu-routes.js");
+
+afterAll(() => {
+  mock.restore();
+});
+
+const handleHostCuResult = ROUTES.find(
+  (r: { endpoint: string }) => r.endpoint === "host-cu-result",
+)!.handler;
+
+// ── Helpers ──────────────────────────────────────────────────────────────────
+
+function registerPending(
+  requestId: string,
+  overrides: Partial<PendingInteraction> = {},
+): void {
+  const entry: PendingInteraction = {
+    conversationId: "conv-cu-1",
+    kind: "host_cu",
+    ...overrides,
+  };
+  pendingStore.set(requestId, entry);
+}
+
+function registerConversation(conversationId = "conv-cu-1"): void {
+  conversationStore.set(conversationId, {
+    hostCuProxy: {
+      processObservation(requestId: unknown, payload: unknown) {
+        // Simulate what the real processObservation does: consume the pending interaction
+        pendingStore.delete(requestId as string);
+        resolvedIds.push(requestId as string);
+        cuResolveSpy.push({
+          requestId: requestId as string,
+          payload: payload as Record<string, unknown>,
+        });
+      },
+    },
+  });
+}
+
+function cuBody(requestId: string): Record<string, unknown> {
+  return {
+    requestId,
+    axTree: "Button [1]",
+    executionResult: "Clicked",
+  };
+}
+
+// ── Tests ─────────────────────────────────────────────────────────────────────
+
+describe("handleHostCuResult — Phase 2 targetClientId guard", () => {
+  beforeEach(() => {
+    pendingStore.clear();
+    conversationStore.clear();
+    resolvedIds.length = 0;
+    cuResolveSpy.length = 0;
+    // Default: register a conversation with a hostCuProxy
+    registerConversation("conv-cu-1");
+  });
+
+  // ── 1. Targeted + correct header → 200 ────────────────────────────────────
+
+  describe("targeted + correct x-vellum-client-id header", () => {
+    test("returns { accepted: true } and resolves the interaction", async () => {
+      const requestId = "req-cu-targeted-match";
+      registerPending(requestId, { targetClientId: "client-A" });
+
+      const result = await handleHostCuResult({
+        body: cuBody(requestId),
+        headers: { "x-vellum-client-id": "client-A" },
+      });
+
+      expect(result).toEqual({ accepted: true });
+      expect(cuResolveSpy).toHaveLength(1);
+      expect(cuResolveSpy[0].requestId).toBe(requestId);
+      expect(resolvedIds).toContain(requestId);
+    });
+
+    test("trims whitespace from header before comparing", async () => {
+      const requestId = "req-cu-targeted-trim";
+      registerPending(requestId, { targetClientId: "client-A" });
+
+      const result = await handleHostCuResult({
+        body: cuBody(requestId),
+        headers: { "x-vellum-client-id": "  client-A  " },
+      });
+
+      expect(result).toEqual({ accepted: true });
+    });
+  });
+
+  // ── 2. Targeted + missing header → 400 ────────────────────────────────────
+
+  describe("targeted + missing x-vellum-client-id header", () => {
+    test("throws BadRequestError (400) when header is absent", () => {
+      const requestId = "req-cu-targeted-no-header";
+      registerPending(requestId, { targetClientId: "client-A" });
+
+      expect(() =>
+        handleHostCuResult({ body: cuBody(requestId) }),
+      ).toThrow(BadRequestError);
+    });
+
+    test("throws BadRequestError (400) when header is empty string", () => {
+      const requestId = "req-cu-targeted-empty-header";
+      registerPending(requestId, { targetClientId: "client-A" });
+
+      expect(() =>
+        handleHostCuResult({
+          body: cuBody(requestId),
+          headers: { "x-vellum-client-id": "   " },
+        }),
+      ).toThrow(BadRequestError);
+    });
+
+    test("interaction is NOT resolved on 400 (still pending)", () => {
+      const requestId = "req-cu-targeted-no-header-stays";
+      registerPending(requestId, { targetClientId: "client-A" });
+
+      try {
+        handleHostCuResult({ body: cuBody(requestId) });
+      } catch {
+        // expected
+      }
+
+      expect(resolvedIds).not.toContain(requestId);
+      expect(pendingStore.has(requestId)).toBe(true);
+    });
+  });
+
+  // ── 3. Targeted + wrong header → 403 ──────────────────────────────────────
+
+  describe("targeted + wrong x-vellum-client-id header", () => {
+    test("throws ForbiddenError (403) when client ID does not match", () => {
+      const requestId = "req-cu-targeted-mismatch";
+      registerPending(requestId, { targetClientId: "client-A" });
+
+      expect(() =>
+        handleHostCuResult({
+          body: cuBody(requestId),
+          headers: { "x-vellum-client-id": "client-B" },
+        }),
+      ).toThrow(ForbiddenError);
+    });
+
+    test("ForbiddenError message names both submitting and expected client", () => {
+      const requestId = "req-cu-targeted-mismatch-msg";
+      registerPending(requestId, { targetClientId: "client-A" });
+
+      let caught: unknown;
+      try {
+        handleHostCuResult({
+          body: cuBody(requestId),
+          headers: { "x-vellum-client-id": "client-B" },
+        });
+      } catch (e) {
+        caught = e;
+      }
+
+      expect(caught).toBeInstanceOf(ForbiddenError);
+      const msg = (caught as ForbiddenError).message;
+      expect(msg).toContain("client-B");
+      expect(msg).toContain("client-A");
+    });
+
+    test("interaction is NOT consumed on 403 (pendingInteractions.get still returns it)", () => {
+      const requestId = "req-cu-targeted-mismatch-stays";
+      registerPending(requestId, { targetClientId: "client-A" });
+
+      try {
+        handleHostCuResult({
+          body: cuBody(requestId),
+          headers: { "x-vellum-client-id": "client-B" },
+        });
+      } catch {
+        // expected
+      }
+
+      expect(resolvedIds).not.toContain(requestId);
+      expect(pendingStore.has(requestId)).toBe(true);
+    });
+  });
+
+  // ── 4. Untargeted — regression ────────────────────────────────────────────
+
+  describe("untargeted request (no targetClientId)", () => {
+    test("accepts when no header is provided", async () => {
+      const requestId = "req-cu-untargeted-no-header";
+      registerPending(requestId);
+
+      const result = await handleHostCuResult({
+        body: cuBody(requestId),
+      });
+
+      expect(result).toEqual({ accepted: true });
+      expect(cuResolveSpy).toHaveLength(1);
+      expect(resolvedIds).toContain(requestId);
+    });
+
+    test("accepts when header is present (header ignored for untargeted)", async () => {
+      const requestId = "req-cu-untargeted-with-header";
+      registerPending(requestId);
+
+      const result = await handleHostCuResult({
+        body: cuBody(requestId),
+        headers: { "x-vellum-client-id": "client-whatever" },
+      });
+
+      expect(result).toEqual({ accepted: true });
+      expect(cuResolveSpy).toHaveLength(1);
+    });
+  });
+});

package/src/__tests__/host-file-edit-tool.test.ts

@@ -1,7 +1,29 @@
 import { mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
-import { afterEach, describe, expect, test } from "bun:test";
+import { afterEach, describe, expect, mock, test } from "bun:test";
+
+import type { HostFileInput } from "../daemon/host-file-proxy.js";
+import type { ToolExecutionResult } from "../tools/types.js";
+
+// Mock HostFileProxy singleton so proxy delegation tests can control it.
+let mockFileProxyAvailable = false;
+let mockFileProxyRequestFn: (
+  input: HostFileInput,
+  conversationId: string,
+  signal?: AbortSignal,
+) => Promise<ToolExecutionResult> = () => Promise.resolve({ content: "", isError: false });
+
+mock.module("../daemon/host-file-proxy.js", () => ({
+  HostFileProxy: {
+    get instance() {
+      return {
+        isAvailable: () => mockFileProxyAvailable,
+        request: mockFileProxyRequestFn,
+      };
+    },
+  },
+}));
 
 import { hostFileEditTool } from "../tools/host-filesystem/edit.js";
 import type { ToolContext } from "../tools/types.js";
@@ -20,6 +42,8 @@ afterEach(() => {
   for (const dir of testDirs.splice(0)) {
     rmSync(dir, { recursive: true, force: true });
   }
+  mockFileProxyAvailable = false;
+  mockFileProxyRequestFn = () => Promise.resolve({ content: "", isError: false });
 });
 
 describe("host_file_edit tool", () => {
@@ -268,4 +292,26 @@ describe("host_file_edit tool", () => {
         result.content.includes("Successfully edited"),
     ).toBe(true);
   });
+
+  test("passes target_client_id to HostFileProxy.instance.request", async () => {
+    const capturedInputs: HostFileInput[] = [];
+    mockFileProxyAvailable = true;
+    mockFileProxyRequestFn = async (input) => {
+      capturedInputs.push(input);
+      return { content: "proxied edit", isError: false };
+    };
+
+    await hostFileEditTool.execute(
+      {
+        path: "/host/file.txt",
+        old_string: "old",
+        new_string: "new",
+        target_client_id: "client-x",
+      },
+      makeContext(),
+    );
+
+    expect(capturedInputs).toHaveLength(1);
+    expect(capturedInputs[0].targetClientId).toBe("client-x");
+  });
 });