npm - @vellumai/assistant - Versions diffs - 0.7.1 → 0.7.2 - Mend

@vellumai/assistant 0.7.1 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (535) hide show

package/ARCHITECTURE.md +32 -49
package/Dockerfile +1 -0
package/README.md +1 -2
package/__tests__/permissions/gateway-threshold-reader.test.ts +9 -3
package/bun.lock +26 -26
package/docs/architecture/security.md +20 -0
package/docs/plugins.md +7 -9
package/knip.json +1 -0
package/node_modules/@vellumai/gateway-client/src/index.ts +1 -0
package/node_modules/@vellumai/gateway-client/src/ipc-client.ts +39 -1
package/node_modules/@vellumai/gateway-client/src/types.ts +11 -0
package/node_modules/@vellumai/service-contracts/package.json +2 -0
package/node_modules/@vellumai/service-contracts/src/__tests__/contracts.test.ts +4 -0
package/node_modules/@vellumai/service-contracts/src/__tests__/ingress.test.ts +107 -0
package/node_modules/@vellumai/service-contracts/src/index.ts +5 -1
package/node_modules/@vellumai/service-contracts/src/ingress.ts +24 -0
package/node_modules/@vellumai/service-contracts/src/twilio-ingress.ts +84 -0
package/node_modules/@vellumai/skill-host-contracts/src/assistant-event.ts +9 -0
package/node_modules/@vellumai/twilio-client/bun.lock +24 -0
package/node_modules/@vellumai/twilio-client/package.json +18 -0
package/node_modules/@vellumai/twilio-client/src/__tests__/twilio-client.test.ts +128 -0
package/node_modules/@vellumai/twilio-client/src/index.ts +179 -0
package/node_modules/@vellumai/twilio-client/tsconfig.json +20 -0
package/openapi.yaml +565 -12
package/package.json +6 -3
package/src/__tests__/app-builder-tool-scripts.test.ts +3 -3
package/src/__tests__/app-bundler.test.ts +170 -1
package/src/__tests__/app-control-flow.test.ts +374 -0
package/src/__tests__/app-control-no-global-cgevent.test.ts +98 -0
package/src/__tests__/app-control-tool-schemas.test.ts +621 -0
package/src/__tests__/app-executors.test.ts +30 -43
package/src/__tests__/approval-routes-http.test.ts +23 -6
package/src/__tests__/assistant-event-hub-machine-name.test.ts +146 -0
package/src/__tests__/assistant-event-hub-targeted.test.ts +257 -0
package/src/__tests__/assistant-event-hub.test.ts +109 -2
package/src/__tests__/assistant-event.test.ts +10 -0
package/src/__tests__/assistant-events-sse-hardening.test.ts +7 -2
package/src/__tests__/assistant-feature-flags-integration.test.ts +11 -7
package/src/__tests__/background-shell-host-bash.test.ts +14 -15
package/src/__tests__/bootstrap-turn-cleanup.test.ts +44 -0
package/src/__tests__/btw-routes.test.ts +13 -4
package/src/__tests__/call-controller.test.ts +49 -1
package/src/__tests__/call-domain.test.ts +0 -2
package/src/__tests__/call-routes-http.test.ts +0 -2
package/src/__tests__/channel-readiness-service.test.ts +59 -1
package/src/__tests__/checker.test.ts +3 -4
package/src/__tests__/config-loader-backfill.test.ts +90 -155
package/src/__tests__/config-loader-platform-defaults.test.ts +196 -0
package/src/__tests__/config-schema-cmd.test.ts +0 -1
package/src/__tests__/config-set-platform-guard.test.ts +48 -4
package/src/__tests__/config-watcher-cleanup-throttle.test.ts +2 -2
package/src/__tests__/config-watcher.test.ts +2 -2
package/src/__tests__/conversation-app-control-instantiation.test.ts +392 -0
package/src/__tests__/conversation-app-control-lifecycle.test.ts +237 -0
package/src/__tests__/conversation-init.benchmark.test.ts +0 -2
package/src/__tests__/conversation-lifecycle.test.ts +36 -0
package/src/__tests__/conversation-process-app-control-preactivation.test.ts +283 -0
package/src/__tests__/conversation-routes-disk-view.test.ts +6 -0
package/src/__tests__/conversation-routes-guardian-reply.test.ts +120 -72
package/src/__tests__/conversation-routes-slash-commands.test.ts +1 -0
package/src/__tests__/conversation-slash-commands.test.ts +0 -4
package/src/__tests__/conversation-surfaces-action-delivery.test.ts +202 -0
package/src/__tests__/conversation-surfaces-app-control.test.ts +317 -0
package/src/__tests__/credential-execution-feature-gates.test.ts +5 -12
package/src/__tests__/credential-execution-managed-contract.test.ts +3 -131
package/src/__tests__/credentials-cli.test.ts +5 -12
package/src/__tests__/cu-unified-flow.test.ts +185 -23
package/src/__tests__/daemon-credential-client.test.ts +101 -19
package/src/__tests__/db-schedule-syntax-migration.test.ts +2 -0
package/src/__tests__/dynamic-skill-workflow-prompt.test.ts +0 -1
package/src/__tests__/gateway-only-enforcement.test.ts +0 -1
package/src/__tests__/guardian-verification-voice-binding.test.ts +0 -2
package/src/__tests__/handlers-skills-memory-v2-reseed.test.ts +0 -2
package/src/__tests__/handlers-user-message-approval-consumption.test.ts +0 -1
package/src/__tests__/heartbeat-service.test.ts +718 -1
package/src/__tests__/helpers/call-route-handler.ts +7 -1
package/src/__tests__/host-app-control-proxy.test.ts +602 -0
package/src/__tests__/host-app-control-routes.test.ts +263 -0
package/src/__tests__/host-bash-proxy.test.ts +246 -47
package/src/__tests__/host-bash-routes.test.ts +294 -0
package/src/__tests__/host-browser-proxy.test.ts +24 -22
package/src/__tests__/host-browser-routes.test.ts +39 -13
package/src/__tests__/host-cu-proxy.test.ts +41 -52
package/src/__tests__/host-cu-routes-targeted.test.ts +300 -0
package/src/__tests__/host-file-edit-tool.test.ts +47 -1
package/src/__tests__/host-file-proxy-targeted.test.ts +339 -0
package/src/__tests__/host-file-proxy.test.ts +37 -43
package/src/__tests__/host-file-read-tool.test.ts +17 -0
package/src/__tests__/host-file-routes-targeted.test.ts +262 -0
package/src/__tests__/host-file-write-tool.test.ts +42 -1
package/src/__tests__/host-proxy-base.test.ts +312 -0
package/src/__tests__/host-shell-tool.test.ts +22 -4
package/src/__tests__/host-transfer-proxy-targeted.test.ts +583 -0
package/src/__tests__/host-transfer-proxy.test.ts +121 -22
package/src/__tests__/host-transfer-routes-targeted.test.ts +447 -0
package/src/__tests__/http-user-message-parity.test.ts +1 -0
package/src/__tests__/identity-intro-cache.test.ts +29 -0
package/src/__tests__/identity-routes.test.ts +103 -1
package/src/__tests__/init-feature-flag-overrides.test.ts +26 -3
package/src/__tests__/inline-command-runner.test.ts +0 -1
package/src/__tests__/inline-skill-load-permissions.test.ts +5 -11
package/src/__tests__/integration-status.test.ts +85 -5
package/src/__tests__/intent-routing.test.ts +0 -1
package/src/__tests__/jobs-store-qdrant-breaker.test.ts +95 -5
package/src/__tests__/lifecycle-memory-v2-seed.test.ts +17 -0
package/src/__tests__/managed-skill-lifecycle.test.ts +0 -1
package/src/__tests__/mcp-auth-routes.test.ts +197 -0
package/src/__tests__/mcp-cli.test.ts +338 -2
package/src/__tests__/memory-jobs-worker-lanes.test.ts +188 -0
package/src/__tests__/migration-import-commit-http.test.ts +108 -2
package/src/__tests__/mock-gateway-ipc.ts +1 -0
package/src/__tests__/oauth-cli.test.ts +0 -2
package/src/__tests__/oauth2-gateway-transport.test.ts +0 -1
package/src/__tests__/persistence-secret-redaction.test.ts +299 -0
package/src/__tests__/platform-bash-auto-approve.test.ts +5 -9
package/src/__tests__/prechat-onboarding-contract.test.ts +3 -1
package/src/__tests__/process-message-background-slack.test.ts +2 -0
package/src/__tests__/provider-commit-message-generator.test.ts +0 -1
package/src/__tests__/public-ingress-urls.test.ts +97 -0
package/src/__tests__/require-fresh-approval.test.ts +0 -1
package/src/__tests__/retry-backoff.test.ts +87 -0
package/src/__tests__/runtime-events-sse.test.ts +10 -6
package/src/__tests__/sanitize-config-for-transfer.test.ts +24 -2
package/src/__tests__/schedule-retry.test.ts +715 -0
package/src/__tests__/script-proxy-mitm-handler.test.ts +1 -1
package/src/__tests__/secret-ingress-http.test.ts +1 -0
package/src/__tests__/send-endpoint-busy.test.ts +3 -0
package/src/__tests__/shell-tool-proxy-mode.test.ts +0 -1
package/src/__tests__/skill-feature-flags.test.ts +43 -41
package/src/__tests__/skill-load-feature-flag.test.ts +13 -14
package/src/__tests__/skill-load-inline-command.test.ts +0 -51
package/src/__tests__/skill-load-inline-includes.test.ts +0 -43
package/src/__tests__/skill-projection.benchmark.test.ts +0 -1
package/src/__tests__/skill-script-runner-sandbox.test.ts +0 -1
package/src/__tests__/slack-channel-config.test.ts +9 -14
package/src/__tests__/system-prompt-ask-mode.test.ts +0 -1
package/src/__tests__/system-prompt.test.ts +0 -1
package/src/__tests__/telegram-config.test.ts +0 -1
package/src/__tests__/test-preload.ts +8 -0
package/src/__tests__/tool-approval-handler.test.ts +3 -4
package/src/__tests__/tool-audit-listener.test.ts +48 -0
package/src/__tests__/tool-execute-pipeline.test.ts +0 -1
package/src/__tests__/tool-execution-abort-cleanup.test.ts +0 -1
package/src/__tests__/tool-executor-lifecycle-events.test.ts +0 -1
package/src/__tests__/tool-executor.test.ts +0 -1
package/src/__tests__/twilio-config.test.ts +3 -16
package/src/__tests__/twilio-routes.test.ts +3 -5
package/src/__tests__/twilio-validation.test.ts +93 -0
package/src/__tests__/vellum-self-knowledge-inline-command.test.ts +1 -4
package/src/__tests__/verification-control-plane-policy.test.ts +2 -4
package/src/__tests__/voice-ingress-preflight.test.ts +19 -0
package/src/__tests__/workspace-migration-006-services-config.test.ts +3 -2
package/src/__tests__/workspace-migration-backfill-installation-id.test.ts +1 -5
package/src/__tests__/workspace-migration-down-functions.test.ts +8 -8
package/src/__tests__/workspace-migration-unify-llm-callsite-configs.test.ts +10 -6
package/src/backup/__tests__/paths.test.ts +0 -22
package/src/backup/__tests__/restore.test.ts +51 -151
package/src/backup/paths.ts +2 -18
package/src/backup/restore.ts +107 -231
package/src/bundler/app-bundler.ts +51 -3
package/src/calls/relay-server.ts +4 -44
package/src/calls/twilio-config.ts +2 -17
package/src/calls/twilio-rest.ts +33 -105
package/src/calls/twilio-routes.ts +11 -12
package/src/channels/types.ts +8 -7
package/src/cli/commands/__tests__/backup.test.ts +6 -277
package/src/cli/commands/__tests__/gateway.test.ts +288 -0
package/src/cli/commands/__tests__/memory-v2.test.ts +4 -0
package/src/cli/commands/__tests__/webhooks.test.ts +0 -1
package/src/cli/commands/backup.ts +6 -331
package/src/cli/commands/clients.ts +36 -37
package/src/cli/commands/contacts.ts +73 -0
package/src/cli/commands/conversations.ts +2 -5
package/src/cli/commands/credentials.ts +15 -7
package/src/cli/commands/domain.ts +66 -15
package/src/cli/commands/gateway.ts +183 -0
package/src/cli/commands/keys.ts +9 -6
package/src/cli/commands/mcp.ts +116 -156
package/src/cli/commands/memory-v2.ts +296 -1
package/src/cli/commands/platform/__tests__/callback-routes-list.test.ts +0 -1
package/src/cli/commands/platform/__tests__/connect.test.ts +0 -2
package/src/cli/commands/platform/__tests__/disconnect.test.ts +0 -2
package/src/cli/commands/platform/__tests__/status.test.ts +13 -15
package/src/cli/commands/platform/disconnect.ts +5 -4
package/src/cli/commands/platform/index.ts +0 -18
package/src/cli/lib/daemon-credential-client.ts +110 -28
package/src/cli/program.ts +2 -0
package/src/config/assistant-feature-flags.ts +67 -10
package/src/config/bundled-skills/acp/SKILL.md +6 -0
package/src/config/bundled-skills/acp/TOOLS.json +1 -22
package/src/config/bundled-skills/app-builder/SKILL.md +14 -109
package/src/config/bundled-skills/app-builder/TOOLS.json +1 -28
package/src/config/bundled-skills/app-builder/tools/app-create.ts +1 -10
package/src/config/bundled-skills/app-control/SKILL.md +75 -0
package/src/config/bundled-skills/app-control/TOOLS.json +299 -0
package/src/config/bundled-skills/app-control/tools/app-control-click.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-combo.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-drag.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-observe.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-press.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-sequence.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-start.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-stop.ts +12 -0
package/src/config/bundled-skills/app-control/tools/app-control-type.ts +12 -0
package/src/config/bundled-skills/computer-use/SKILL.md +6 -0
package/src/config/bundled-skills/computer-use/TOOLS.json +67 -43
package/src/config/bundled-skills/contacts/TOOLS.json +0 -16
package/src/config/bundled-skills/document/TOOLS.json +0 -8
package/src/config/bundled-skills/followups/TOOLS.json +0 -12
package/src/config/bundled-skills/image-studio/SKILL.md +4 -0
package/src/config/bundled-skills/image-studio/TOOLS.json +0 -4
package/src/config/bundled-skills/media-processing/TOOLS.json +0 -24
package/src/config/bundled-skills/messaging/TOOLS.json +0 -40
package/src/config/bundled-skills/phone-calls/TOOLS.json +0 -12
package/src/config/bundled-skills/phone-calls/references/TROUBLESHOOTING.md +19 -4
package/src/config/bundled-skills/playbooks/TOOLS.json +0 -16
package/src/config/bundled-skills/schedule/TOOLS.json +14 -14
package/src/config/bundled-skills/sequences/TOOLS.json +0 -36
package/src/config/bundled-skills/settings/SKILL.md +4 -0
package/src/config/bundled-skills/settings/TOOLS.json +0 -12
package/src/config/bundled-skills/skill-management/SKILL.md +6 -0
package/src/config/bundled-skills/skill-management/TOOLS.json +0 -8
package/src/config/bundled-skills/subagent/SKILL.md +6 -2
package/src/config/bundled-skills/subagent/TOOLS.json +0 -20
package/src/config/bundled-skills/transcribe/SKILL.md +4 -0
package/src/config/bundled-skills/transcribe/TOOLS.json +0 -4
package/src/config/bundled-tool-registry.ts +21 -0
package/src/config/env-registry.ts +0 -2
package/src/config/env.ts +19 -12
package/src/config/feature-flag-registry.json +21 -133
package/src/config/loader.ts +73 -99
package/src/config/sanitize-for-transfer.ts +2 -0
package/src/config/schemas/__tests__/memory-lifecycle.test.ts +80 -0
package/src/config/schemas/__tests__/memory-v2.test.ts +7 -4
package/src/config/schemas/calls.ts +0 -9
package/src/config/schemas/heartbeat.ts +63 -0
package/src/config/schemas/ingress.ts +10 -6
package/src/config/schemas/llm.ts +5 -10
package/src/config/schemas/memory-lifecycle.ts +77 -24
package/src/config/schemas/memory-v2.ts +48 -4
package/src/config/schemas/platform.ts +6 -0
package/src/config/schemas/services.ts +1 -15
package/src/config/schemas/skills.ts +0 -6
package/src/config/seed-inference-profiles.ts +1 -1
package/src/contacts/contact-store.ts +0 -30
package/src/contacts/contacts-write.ts +0 -27
package/src/context/window-manager.ts +1 -2
package/src/credential-execution/feature-gates.ts +10 -10
package/src/credential-execution/process-manager.ts +12 -41
package/src/daemon/__tests__/conversation-tool-setup.test.ts +126 -5
package/src/daemon/bootstrap-turn-cleanup.ts +45 -0
package/src/daemon/config-watcher.ts +4 -3
package/src/daemon/conversation-agent-loop-handlers.ts +21 -3
package/src/daemon/conversation-agent-loop.ts +32 -28
package/src/daemon/conversation-lifecycle.ts +8 -1
package/src/daemon/conversation-process.ts +16 -11
package/src/daemon/conversation-runtime-assembly.ts +2 -2
package/src/daemon/conversation-surfaces.ts +125 -4
package/src/daemon/conversation-tool-setup.ts +16 -55
package/src/daemon/conversation.ts +21 -2
package/src/daemon/doordash-steps.ts +1 -1
package/src/daemon/handlers/shared.ts +4 -1
package/src/daemon/host-app-control-proxy.ts +293 -0
package/src/daemon/host-bash-proxy.ts +84 -74
package/src/daemon/host-browser-proxy.ts +67 -82
package/src/daemon/host-cu-proxy.ts +81 -86
package/src/daemon/host-file-proxy.ts +93 -69
package/src/daemon/host-proxy-base.ts +294 -0
package/src/daemon/host-proxy-preactivation.ts +82 -0
package/src/daemon/host-transfer-proxy.ts +247 -129
package/src/daemon/lifecycle.ts +115 -117
package/src/daemon/message-protocol.ts +3 -8
package/src/daemon/message-types/contacts.ts +23 -1
package/src/daemon/message-types/conversations.ts +11 -8
package/src/daemon/message-types/host-app-control.ts +150 -0
package/src/daemon/message-types/host-bash.ts +4 -0
package/src/daemon/message-types/host-cu.ts +2 -0
package/src/daemon/message-types/host-file.ts +4 -0
package/src/daemon/message-types/host-transfer.ts +3 -0
package/src/daemon/message-types/schedules.ts +8 -3
package/src/daemon/message-types/skills.ts +2 -2
package/src/daemon/process-message.ts +18 -1
package/src/daemon/shutdown-handlers.ts +0 -3
package/src/daemon/tool-setup-types.ts +51 -0
package/src/daemon/tool-side-effects.ts +1 -1
package/src/events/tool-audit-listener.ts +2 -1
package/src/heartbeat/__tests__/heartbeat-feed-event.test.ts +15 -7
package/src/heartbeat/__tests__/heartbeat-run-store.test.ts +216 -0
package/src/heartbeat/heartbeat-run-store.ts +236 -0
package/src/heartbeat/heartbeat-service.ts +280 -49
package/src/home/__tests__/post-connect-feed.test.ts +99 -0
package/src/home/__tests__/relationship-state-writer.test.ts +11 -9
package/src/home/__tests__/suggested-prompts.test.ts +89 -0
package/src/home/post-connect-feed.ts +68 -0
package/src/home/relationship-state-writer.ts +17 -92
package/src/home/suggested-prompts.ts +46 -10
package/src/inbound/public-ingress-urls.ts +32 -34
package/src/ipc/__tests__/route-error-envelope.test.ts +80 -0
package/src/ipc/assistant-server.ts +14 -1
package/src/ipc/cli-client.ts +32 -1
package/src/live-voice/live-voice-metrics.ts +10 -10
package/src/mcp/__tests__/mcp-auth-orchestrator.test.ts +304 -0
package/src/mcp/mcp-auth-orchestrator.ts +213 -0
package/src/mcp/mcp-auth-state.ts +133 -0
package/src/mcp/mcp-oauth-provider.ts +19 -0
package/src/memory/__tests__/jobs-store-job-classes.test.ts +24 -0
package/src/memory/__tests__/qdrant-client-sentinel.test.ts +49 -0
package/src/memory/__tests__/sparse-tokenize.test.ts +66 -0
package/src/memory/anisotropy.test.ts +247 -0
package/src/memory/anisotropy.ts +443 -0
package/src/memory/auto-analysis-constants.ts +17 -0
package/src/memory/auto-analysis-guard.ts +5 -15
package/src/memory/canonical-guardian-store.ts +7 -7
package/src/memory/context-search/__tests__/agent-runner-redaction.test.ts +122 -0
package/src/memory/context-search/agent-protocol.ts +6 -6
package/src/memory/context-search/agent-runner.ts +32 -7
package/src/memory/context-search/sources/memory-v2.ts +17 -5
package/src/memory/conversation-crud.ts +1 -1
package/src/memory/conversation-key-store.ts +2 -15
package/src/memory/db-init.ts +4 -0
package/src/memory/embedding-backend.ts +9 -21
package/src/memory/graph/__tests__/conversation-graph-memory-v2-routing.test.ts +49 -4
package/src/memory/graph/conversation-graph-memory.ts +1 -24
package/src/memory/graph/graph-search.ts +8 -0
package/src/memory/graph/retriever.ts +28 -0
package/src/memory/graph/tools.ts +1 -1
package/src/memory/jobs/__tests__/embed-concept-page.test.ts +8 -2
package/src/memory/jobs/embed-concept-page.ts +28 -2
package/src/memory/jobs/embed-pkb-file.test.ts +2 -2
package/src/memory/jobs-store.ts +66 -22
package/src/memory/jobs-worker.ts +112 -63
package/src/memory/memory-v2-activation-log-store.ts +1 -1
package/src/memory/migrations/237-heartbeat-runs.ts +45 -0
package/src/memory/migrations/238-schedule-retry-policy.ts +20 -0
package/src/memory/migrations/index.ts +5 -0
package/src/memory/migrations/registry.ts +8 -0
package/src/memory/pkb/pkb-search.ts +7 -0
package/src/memory/qdrant-client.ts +50 -20
package/src/memory/schema/infrastructure.ts +15 -0
package/src/memory/search/semantic.ts +7 -0
package/src/memory/sparse-tokenize.ts +49 -0
package/src/memory/v2/__tests__/activation.test.ts +77 -95
package/src/memory/v2/__tests__/injection.test.ts +43 -21
package/src/memory/v2/__tests__/sim.test.ts +166 -6
package/src/memory/v2/__tests__/sparse-bm25.test.ts +292 -0
package/src/memory/v2/__tests__/static-context.test.ts +0 -1
package/src/memory/v2/activation.ts +69 -88
package/src/memory/v2/consolidation-job.ts +3 -5
package/src/memory/v2/constants.ts +7 -0
package/src/memory/v2/injection.ts +86 -53
package/src/memory/v2/prompts/consolidation.ts +312 -91
package/src/memory/v2/qdrant.ts +99 -1
package/src/memory/v2/sim.ts +126 -16
package/src/memory/v2/skill-qdrant.ts +12 -3
package/src/memory/v2/skill-store.ts +16 -1
package/src/memory/v2/sparse-bm25.ts +245 -0
package/src/memory/v2/static-context.ts +6 -5
package/src/messaging/providers/gmail/types.ts +0 -49
package/src/messaging/providers/slack/adapter.ts +1 -31
package/src/messaging/providers/slack/types.ts +0 -32
package/src/notifications/README.md +10 -10
package/src/notifications/broadcaster.ts +1 -1
package/src/notifications/guardian-question-mode.ts +5 -5
package/src/oauth/connect-orchestrator.ts +4 -0
package/src/oauth/credential-token-resolver.ts +1 -3
package/src/oauth/manual-token-connection.ts +0 -4
package/src/outbound-proxy/index.ts +1 -37
package/src/outbound-proxy/logging.ts +1 -1
package/src/outbound-proxy/policy.ts +6 -5
package/src/outbound-proxy/router.ts +2 -1
package/src/permissions/approval-policy.test.ts +6 -275
package/src/permissions/approval-policy.ts +0 -51
package/src/permissions/checker.test.ts +0 -1
package/src/permissions/checker.ts +3 -17
package/src/permissions/gateway-threshold-reader.ts +2 -0
package/src/permissions/prompter.ts +34 -1
package/src/permissions/secret-prompter.ts +6 -2
package/src/prompts/bootstrap-cleanup.ts +27 -0
package/src/prompts/system-prompt.ts +3 -18
package/src/prompts/templates/SOUL.md +13 -1
package/src/providers/speech-to-text/provider-catalog.ts +7 -8
package/src/runtime/assistant-event-hub.ts +118 -96
package/src/runtime/assistant-event.ts +1 -0
package/src/runtime/auth/__tests__/middleware.test.ts +11 -56
package/src/runtime/auth/middleware.ts +0 -96
package/src/runtime/auth/route-policy.ts +19 -0
package/src/runtime/btw-sidechain.ts +2 -3
package/src/runtime/channel-invite-transport.ts +2 -48
package/src/runtime/channel-invite-transports/email.ts +1 -1
package/src/runtime/channel-invite-transports/slack.ts +1 -1
package/src/runtime/channel-invite-transports/telegram.ts +1 -1
package/src/runtime/channel-invite-transports/voice.ts +1 -1
package/src/runtime/channel-invite-transports/whatsapp.ts +1 -1
package/src/runtime/channel-invite-types.ts +54 -0
package/src/runtime/channel-readiness-service.ts +32 -13
package/src/runtime/http-server.ts +3 -329
package/src/runtime/http-types.ts +0 -5
package/src/runtime/migrations/__tests__/vbundle-import-parity.test.ts +413 -0
package/src/runtime/migrations/__tests__/vbundle-import-policy.test.ts +260 -0
package/src/runtime/migrations/__tests__/vbundle-import-version-compat.test.ts +189 -0
package/src/runtime/migrations/__tests__/vbundle-streaming-importer.test.ts +153 -1
package/src/runtime/migrations/__tests__/vbundle-symlink-importer.test.ts +451 -0
package/src/runtime/migrations/__tests__/vbundle-symlink-streaming-importer.test.ts +0 -0
package/src/runtime/migrations/__tests__/vbundle-symlink-streaming.test.ts +515 -0
package/src/runtime/migrations/__tests__/vbundle-symlink-tar.test.ts +437 -0
package/src/runtime/migrations/__tests__/vbundle-symlink-walker.test.ts +319 -0
package/src/runtime/migrations/__tests__/vbundle-validator-v1-schema.test.ts +51 -1
package/src/runtime/migrations/migration-transport.ts +7 -7
package/src/runtime/migrations/vbundle-builder.ts +327 -60
package/src/runtime/migrations/vbundle-import-analyzer.ts +4 -4
package/src/runtime/migrations/vbundle-import-policy.ts +172 -0
package/src/runtime/migrations/vbundle-importer.ts +245 -68
package/src/runtime/migrations/vbundle-streaming-importer.ts +326 -35
package/src/runtime/migrations/vbundle-streaming-validator.ts +157 -4
package/src/runtime/migrations/vbundle-tar-stream.ts +15 -6
package/src/runtime/migrations/vbundle-validator.ts +114 -0
package/src/runtime/pending-interactions.ts +35 -9
package/src/runtime/routes/__tests__/backup-routes.test.ts +22 -150
package/src/runtime/routes/__tests__/conversation-query-routes.test.ts +98 -0
package/src/runtime/routes/__tests__/gateway-log-routes.test.ts +242 -0
package/src/runtime/routes/__tests__/heartbeat-routes.test.ts +112 -0
package/src/runtime/routes/approval-interception-types.ts +13 -0
package/src/runtime/routes/approval-strategies/guardian-text-engine-strategy.ts +1 -1
package/src/runtime/routes/backup-routes.ts +15 -38
package/src/runtime/routes/btw-routes.ts +14 -37
package/src/runtime/routes/client-routes.ts +1 -0
package/src/runtime/routes/contact-prompt-routes.ts +183 -0
package/src/runtime/routes/conversation-query-routes.ts +36 -1
package/src/runtime/routes/conversation-routes.ts +30 -13
package/src/runtime/routes/document-pdf-renderer.ts +165 -0
package/src/runtime/routes/documents-routes.ts +30 -0
package/src/runtime/routes/errors.ts +19 -4
package/src/runtime/routes/events-routes.ts +12 -6
package/src/runtime/routes/gateway-log-routes.ts +79 -0
package/src/runtime/routes/guardian-approval-interception.ts +2 -8
package/src/runtime/routes/heartbeat-routes.ts +103 -38
package/src/runtime/routes/host-app-control-routes.ts +134 -0
package/src/runtime/routes/host-bash-routes.ts +36 -6
package/src/runtime/routes/host-browser-routes.ts +108 -13
package/src/runtime/routes/host-cu-routes.ts +44 -14
package/src/runtime/routes/host-file-routes.ts +33 -10
package/src/runtime/routes/host-transfer-routes.ts +64 -24
package/src/runtime/routes/http-adapter.ts +1 -0
package/src/runtime/routes/identity-intro-cache.ts +30 -0
package/src/runtime/routes/identity-routes.ts +15 -43
package/src/runtime/routes/inbound-message-handler.ts +1 -9
package/src/runtime/routes/inbound-stages/acl-enforcement.ts +0 -7
package/src/runtime/routes/inbound-stages/edit-intercept.ts +0 -8
package/src/runtime/routes/inbound-stages/transcribe-audio.test.ts +0 -20
package/src/runtime/routes/inbound-stages/transcribe-audio.ts +5 -13
package/src/runtime/routes/index.ts +8 -0
package/src/runtime/routes/mcp-auth-routes.ts +132 -0
package/src/runtime/routes/memory-item-routes.ts +10 -12
package/src/runtime/routes/memory-v2-routes.ts +441 -1
package/src/runtime/routes/migration-routes.ts +96 -0
package/src/runtime/routes/schedule-routes.ts +7 -0
package/src/runtime/verification-templates.ts +4 -7
package/src/schedule/integration-status.ts +66 -2
package/src/schedule/recurrence-engine.ts +4 -1
package/src/schedule/retry-backoff.ts +18 -0
package/src/schedule/retry-policy.ts +82 -0
package/src/schedule/schedule-recovery.ts +64 -0
package/src/schedule/schedule-store.ts +106 -2
package/src/schedule/scheduler-types.ts +25 -0
package/src/schedule/scheduler.ts +63 -38
package/src/security/oauth-callback-registry.ts +8 -0
package/src/sequence/analytics.ts +5 -5
package/src/sequence/engine.ts +1 -1
package/src/skills/catalog-files.ts +2 -8
package/src/skills/include-graph.ts +5 -5
package/src/skills/remote-skill-policy.ts +5 -5
package/src/skills/skill-file-provider.ts +1 -1
package/src/skills/skill-file-types.ts +13 -0
package/src/skills/skillssh-audit-types.ts +28 -0
package/src/skills/skillssh-registry.ts +8 -21
package/src/telemetry/types.ts +2 -0
package/src/telemetry/usage-telemetry-reporter.test.ts +21 -0
package/src/telemetry/usage-telemetry-reporter.ts +1 -0
package/src/tools/app-control/skill-proxy-bridge.ts +28 -0
package/src/tools/apps/executors.ts +56 -69
package/src/tools/browser/__tests__/browser-status.test.ts +21 -18
package/src/tools/browser/browser-execution.ts +2 -2
package/src/tools/browser/cdp-client/__tests__/factory.test.ts +55 -4
package/src/tools/browser/cdp-client/cdp-inspect/__tests__/ws-transport.test.ts +12 -6
package/src/tools/browser/cdp-client/factory.ts +23 -24
package/src/tools/browser/cdp-client/index.ts +1 -14
package/src/tools/computer-use/definitions.ts +42 -20
package/src/tools/executor.ts +2 -0
package/src/tools/host-filesystem/edit.ts +26 -0
package/src/tools/host-filesystem/read.ts +26 -0
package/src/tools/host-filesystem/transfer.ts +31 -1
package/src/tools/host-filesystem/write.ts +26 -0
package/src/tools/host-terminal/host-shell.ts +58 -0
package/src/tools/schedule/create.ts +6 -0
package/src/tools/schedule/list.ts +2 -0
package/src/tools/schedule/update.ts +10 -0
package/src/tools/shared/filesystem/file-ops-service.ts +2 -0
package/src/tools/shared/filesystem/path-policy.ts +25 -1
package/src/tools/skills/load.ts +0 -32
package/src/tools/tool-approval-handler.ts +1 -5
package/src/tools/types.ts +4 -0
package/src/usage/pricing.ts +1 -1
package/src/workspace/hatched-date.ts +86 -0
package/src/workspace/migrations/003-seed-device-id.ts +1 -1
package/src/workspace/migrations/006-services-config.ts +8 -5
package/src/workspace/migrations/016-extract-feature-flags-to-protected.ts +3 -9
package/src/workspace/migrations/021-move-signals-to-workspace.ts +4 -10
package/src/workspace/migrations/022-move-hooks-to-workspace.ts +4 -10
package/src/workspace/migrations/023-move-config-files-to-workspace.ts +4 -11
package/src/workspace/migrations/024-move-runtime-files-to-workspace.ts +3 -10
package/src/workspace/migrations/040-seed-latency-callsite-defaults.ts +3 -2
package/src/workspace/migrations/050-seed-main-agent-opus-callsite.ts +2 -1
package/src/workspace/migrations/059-move-pid-to-workspace.ts +3 -8
package/src/workspace/migrations/061-move-backup-key-to-workspace.ts +3 -8
package/src/workspace/migrations/AGENTS.md +1 -1
package/src/workspace/migrations/migrate-to-workspace-volume.ts +4 -10
package/src/workspace/migrations/utils.ts +21 -0
package/src/__tests__/host-browser-e2e-cloud.test.ts +0 -443
package/src/__tests__/host-browser-e2e-self-hosted-capability.test.ts +0 -226
package/src/__tests__/host-browser-ws-events-e2e.test.ts +0 -427
package/src/__tests__/twilio-rest.test.ts +0 -34
package/src/backup/__tests__/backup-key.test.ts +0 -152
package/src/backup/__tests__/backup-worker.test.ts +0 -782
package/src/backup/__tests__/offsite-writer.test.ts +0 -641
package/src/backup/__tests__/stream-crypt.test.ts +0 -228
package/src/backup/backup-key.ts +0 -137
package/src/backup/backup-worker.ts +0 -472
package/src/backup/offsite-writer.ts +0 -222
package/src/backup/stream-crypt.ts +0 -263
package/src/daemon/message-types/pairing.ts +0 -58
package/src/outbound-proxy/config.ts +0 -20
package/src/outbound-proxy/health.ts +0 -18
package/src/outbound-proxy/types.ts +0 -150
package/src/runtime/capability-tokens.ts +0 -190
package/src/signals/mcp-reload.ts +0 -18

package/src/__tests__/host-transfer-proxy.test.ts CHANGED Viewed

@@ -5,7 +5,6 @@ import { join } from "node:path";
 import { afterAll, afterEach, describe, expect, mock, test } from "bun:test";
 const sentMessages: unknown[] = [];
-const resolvedInteractionIds: string[] = [];
 let mockHasClient = false;
 mock.module("../runtime/assistant-event-hub.js", () => ({
@@ -13,20 +12,14 @@ mock.module("../runtime/assistant-event-hub.js", () => ({
   assistantEventHub: {
     getMostRecentClientByCapability: (cap: string) =>
       cap === "host_file" && mockHasClient ? { id: "mock-client" } : null,
+    listClientsByCapability: (_cap: string) =>
+      mockHasClient ? [{ clientId: "mock-client", capabilities: ["host_file"] }] : [],
+    getClientById: (_id: string) => null,
   },
 }));
-mock.module("../runtime/pending-interactions.js", () => ({
-  resolve: (requestId: string) => {
-    resolvedInteractionIds.push(requestId);
-    return undefined;
-  },
-  get: () => undefined,
-  getByKind: () => [],
-  getByConversation: () => [],
-  removeByConversation: () => {},
-}));
+// Use the REAL pending-interactions module — the proxy self-registers here.
+const pendingInteractions = await import("../runtime/pending-interactions.js");
 const { HostTransferProxy } = await import("../daemon/host-transfer-proxy.js");
 /**
@@ -56,14 +49,15 @@ describe("HostTransferProxy", () => {
   function setup() {
     sentMessages.length = 0;
-    resolvedInteractionIds.length = 0;
     mockHasClient = false;
+    pendingInteractions.clear();
     proxy = new (HostTransferProxy as any)();
   }
   afterEach(async () => {
     proxy?.dispose();
     HostTransferProxy.reset();
+    pendingInteractions.clear();
     if (tempDir) {
       await rm(tempDir, { recursive: true, force: true }).catch(() => {});
     }
@@ -347,6 +341,110 @@ describe("HostTransferProxy", () => {
     });
   });
+  describe("takeJustConsumedTransferMetadata", () => {
+    test("returns size+sha256 immediately after getTransferContent", async () => {
+      setup();
+      tempDir = await mkdtemp(join(tmpdir(), "htp-test-"));
+      const srcPath = join(tempDir, "source.txt");
+      const fileContent = "header metadata test";
+      await globalThis.Bun.write(srcPath, fileContent);
+      const resultPromise = proxy.requestToHost({
+        sourcePath: srcPath,
+        destPath: "/host/dest.txt",
+        overwrite: true,
+        conversationId: "conv-meta-1",
+      });
+      await waitForMessages(sentMessages, 1);
+      const sent = sentMessages[0] as Record<string, unknown>;
+      const transferId = sent.transferId as string;
+      const expectedSize = Buffer.from(fileContent).length;
+      const expectedSha = createHash("sha256")
+        .update(Buffer.from(fileContent))
+        .digest("hex");
+      // Handler consumes content; metadata should now be available for the
+      // GET-content route's responseHeaders resolver.
+      const content = proxy.getTransferContent(transferId);
+      expect(content).not.toBeNull();
+      const meta = proxy.takeJustConsumedTransferMetadata(transferId);
+      expect(meta).toEqual({ sizeBytes: expectedSize, sha256: expectedSha });
+      // Resolve the transfer to avoid hanging
+      const requestId = sent.requestId as string;
+      proxy.resolveTransferResult(requestId, {
+        isError: false,
+        bytesWritten: expectedSize,
+      });
+      await resultPromise;
+    });
+    test("single-use: second take returns null", async () => {
+      setup();
+      tempDir = await mkdtemp(join(tmpdir(), "htp-test-"));
+      const srcPath = join(tempDir, "source.txt");
+      await globalThis.Bun.write(srcPath, "x");
+      const resultPromise = proxy.requestToHost({
+        sourcePath: srcPath,
+        destPath: "/host/dest.txt",
+        overwrite: true,
+        conversationId: "conv-meta-2",
+      });
+      await waitForMessages(sentMessages, 1);
+      const sent = sentMessages[0] as Record<string, unknown>;
+      const transferId = sent.transferId as string;
+      proxy.getTransferContent(transferId);
+      expect(proxy.takeJustConsumedTransferMetadata(transferId)).not.toBeNull();
+      expect(proxy.takeJustConsumedTransferMetadata(transferId)).toBeNull();
+      const requestId = sent.requestId as string;
+      proxy.resolveTransferResult(requestId, { isError: false });
+      await resultPromise;
+    });
+    test("returns null when getTransferContent was never called", () => {
+      setup();
+      expect(
+        proxy.takeJustConsumedTransferMetadata("never-consumed-id"),
+      ).toBeNull();
+    });
+    test("returns null for unknown transfer ID even after a different transfer was consumed", async () => {
+      setup();
+      tempDir = await mkdtemp(join(tmpdir(), "htp-test-"));
+      const srcPath = join(tempDir, "source.txt");
+      await globalThis.Bun.write(srcPath, "x");
+      const resultPromise = proxy.requestToHost({
+        sourcePath: srcPath,
+        destPath: "/host/dest.txt",
+        overwrite: true,
+        conversationId: "conv-meta-3",
+      });
+      await waitForMessages(sentMessages, 1);
+      const sent = sentMessages[0] as Record<string, unknown>;
+      const transferId = sent.transferId as string;
+      proxy.getTransferContent(transferId);
+      // Different transferId should still return null
+      expect(
+        proxy.takeJustConsumedTransferMetadata("other-id"),
+      ).toBeNull();
+      const requestId = sent.requestId as string;
+      proxy.resolveTransferResult(requestId, { isError: false });
+      await resultPromise;
+    });
+  });
   describe("timeout behavior", () => {
     /** Use a very short real timeout instead of fake timers to avoid deadlocks in Bun. */
     const SHORT_TIMEOUT_MS = 150;
@@ -642,8 +740,8 @@ describe("HostTransferProxy", () => {
     });
   });
-  describe("pendingInteractions.resolve callback", () => {
-    test("fires on abort", async () => {
+  describe("pendingInteractions cleanup", () => {
+    test("cleans up on abort", async () => {
       setup();
       const controller = new AbortController();
@@ -658,14 +756,15 @@ describe("HostTransferProxy", () => {
       const sent = sentMessages[0] as Record<string, unknown>;
       const requestId = sent.requestId as string;
+      expect(pendingInteractions.get(requestId)).toBeDefined();
       controller.abort();
       await resultPromise;
-      expect(resolvedInteractionIds).toContain(requestId);
+      expect(pendingInteractions.get(requestId)).toBeUndefined();
     });
-    test("fires for each pending request on dispose", () => {
+    test("cleans up for each pending request on dispose", () => {
       setup();
       const p1 = proxy.requestToSandbox({
@@ -688,12 +787,11 @@ describe("HostTransferProxy", () => {
       proxy.dispose();
-      expect(resolvedInteractionIds).toHaveLength(2);
-      expect(resolvedInteractionIds).toContain(ids[0]);
-      expect(resolvedInteractionIds).toContain(ids[1]);
+      expect(pendingInteractions.get(ids[0])).toBeUndefined();
+      expect(pendingInteractions.get(ids[1])).toBeUndefined();
     });
-    test("does not fire on normal resolveTransferResult", async () => {
+    test("cleans up on normal resolveTransferResult", async () => {
       setup();
       tempDir = await mkdtemp(join(tmpdir(), "htp-test-"));
       const srcPath = join(tempDir, "source.txt");
@@ -710,6 +808,7 @@ describe("HostTransferProxy", () => {
       const sent = sentMessages[0] as Record<string, unknown>;
       const requestId = sent.requestId as string;
+      expect(pendingInteractions.get(requestId)).toBeDefined();
       proxy.resolveTransferResult(requestId, {
         isError: false,
@@ -717,7 +816,7 @@ describe("HostTransferProxy", () => {
       });
       await resultPromise;
-      expect(resolvedInteractionIds).toEqual([]);
+      expect(pendingInteractions.get(requestId)).toBeUndefined();
     });
   });
 });

package/src/__tests__/host-transfer-routes-targeted.test.ts ADDED Viewed

@@ -0,0 +1,447 @@
+/**
+ * Tests for the host-transfer route 403 guard introduced in Phase 3.
+ *
+ * Covers GET /transfers/:transferId/content, PUT /transfers/:transferId/content,
+ * and POST /host-transfer-result ownership checks.
+ *
+ *  1. Targeted + correct x-vellum-client-id header → success
+ *  2. Targeted + missing header → 400 BadRequestError
+ *  3. Targeted + wrong header → 403 ForbiddenError, operation NOT performed
+ *  4. Untargeted (no targetClientId, no header) → success (regression)
+ */
+import { afterAll, beforeEach, describe, expect, mock, test } from "bun:test";
+// ── Module mocks ────────────────────────────────────────────────────────────
+mock.module("../config/env.js", () => ({
+  isHttpAuthDisabled: () => true,
+  hasUngatedHttpAuthDisabled: () => false,
+}));
+import type { PendingInteraction } from "../runtime/pending-interactions.js";
+const pendingStore = new Map<string, PendingInteraction>();
+mock.module("../runtime/pending-interactions.js", () => ({
+  get: (requestId: string) => pendingStore.get(requestId),
+  resolve: (requestId: string) => {
+    const entry = pendingStore.get(requestId);
+    if (entry) pendingStore.delete(requestId);
+    return entry;
+  },
+}));
+// Per-test controls for the proxy stub
+let stubTargetClientId: string | null = null;
+const getTransferContentCalls: string[] = [];
+const receiveTransferContentCalls: string[] = [];
+const resolveTransferResultCalls: string[] = [];
+mock.module("../daemon/host-transfer-proxy.js", () => ({
+  HostTransferProxy: {
+    get instance() {
+      return {
+        getRequestIdForTransfer(_transferId: string) {
+          return "req-1";
+        },
+        getTargetClientIdForTransfer(_transferId: string) {
+          return stubTargetClientId;
+        },
+        getTransferContent(transferId: string) {
+          getTransferContentCalls.push(transferId);
+          return { buffer: Buffer.from("data"), sizeBytes: 4, sha256: "abc123" };
+        },
+        async receiveTransferContent(transferId: string, _data: Buffer, _sha256: string) {
+          receiveTransferContentCalls.push(transferId);
+          return { accepted: true };
+        },
+        resolveTransferResult(requestId: string, _result: unknown) {
+          resolveTransferResultCalls.push(requestId);
+        },
+      };
+    },
+  },
+}));
+// ── Real imports (after mocks) ──────────────────────────────────────────────
+import {
+  BadRequestError,
+  ForbiddenError,
+} from "../runtime/routes/errors.js";
+import { ROUTES } from "../runtime/routes/host-transfer-routes.js";
+afterAll(() => {
+  mock.restore();
+});
+const handleTransferContentGet = ROUTES.find(
+  (r) => r.endpoint === "transfers/:transferId/content" && r.method === "GET",
+)!.handler;
+const handleTransferContentPut = ROUTES.find(
+  (r) => r.endpoint === "transfers/:transferId/content" && r.method === "PUT",
+)!.handler;
+const handleTransferResult = ROUTES.find(
+  (r) => r.endpoint === "host-transfer-result",
+)!.handler;
+// ── Helpers ─────────────────────────────────────────────────────────────────
+const TEST_TRANSFER_ID = "transfer-abc";
+const TEST_REQUEST_ID = "req-1";
+function registerPending(overrides: Partial<PendingInteraction> = {}): void {
+  pendingStore.set(TEST_REQUEST_ID, {
+    conversationId: "conv-1",
+    kind: "host_transfer",
+    ...overrides,
+  });
+}
+// ── Tests ────────────────────────────────────────────────────────────────────
+describe("handleTransferContentGet — Phase 3 targetClientId guard", () => {
+  beforeEach(() => {
+    pendingStore.clear();
+    stubTargetClientId = null;
+    getTransferContentCalls.length = 0;
+  });
+  // ── 1. Targeted + correct header → success ────────────────────────────────
+  describe("targeted + correct x-vellum-client-id header", () => {
+    test("returns Uint8Array and calls getTransferContent", async () => {
+      stubTargetClientId = "client-A";
+      const result = await handleTransferContentGet({
+        pathParams: { transferId: TEST_TRANSFER_ID },
+        headers: { "x-vellum-client-id": "client-A" },
+      });
+      expect(result).toBeInstanceOf(Uint8Array);
+      expect(getTransferContentCalls).toContain(TEST_TRANSFER_ID);
+    });
+    test("trims whitespace from header before comparing", async () => {
+      stubTargetClientId = "client-A";
+      const result = await handleTransferContentGet({
+        pathParams: { transferId: TEST_TRANSFER_ID },
+        headers: { "x-vellum-client-id": "  client-A  " },
+      });
+      expect(result).toBeInstanceOf(Uint8Array);
+    });
+  });
+  // ── 2. Targeted + missing header → 400 ───────────────────────────────────
+  describe("targeted + missing x-vellum-client-id header", () => {
+    test("throws BadRequestError when header is absent", () => {
+      stubTargetClientId = "client-A";
+      expect(() =>
+        handleTransferContentGet({
+          pathParams: { transferId: TEST_TRANSFER_ID },
+        }),
+      ).toThrow(BadRequestError);
+    });
+    test("getTransferContent NOT called on 400", () => {
+      stubTargetClientId = "client-A";
+      try {
+        handleTransferContentGet({
+          pathParams: { transferId: TEST_TRANSFER_ID },
+        });
+      } catch {
+        // expected
+      }
+      expect(getTransferContentCalls).toHaveLength(0);
+    });
+  });
+  // ── 3. Targeted + wrong header → 403 ─────────────────────────────────────
+  describe("targeted + wrong x-vellum-client-id header", () => {
+    test("throws ForbiddenError when client ID does not match", () => {
+      stubTargetClientId = "client-A";
+      expect(() =>
+        handleTransferContentGet({
+          pathParams: { transferId: TEST_TRANSFER_ID },
+          headers: { "x-vellum-client-id": "client-B" },
+        }),
+      ).toThrow(ForbiddenError);
+    });
+    test("getTransferContent NOT called on 403", () => {
+      stubTargetClientId = "client-A";
+      try {
+        handleTransferContentGet({
+          pathParams: { transferId: TEST_TRANSFER_ID },
+          headers: { "x-vellum-client-id": "client-B" },
+        });
+      } catch {
+        // expected
+      }
+      expect(getTransferContentCalls).toHaveLength(0);
+    });
+  });
+  // ── 4. Untargeted — regression ────────────────────────────────────────────
+  describe("untargeted request (no targetClientId)", () => {
+    test("returns Uint8Array without a header", async () => {
+      stubTargetClientId = null;
+      const result = await handleTransferContentGet({
+        pathParams: { transferId: TEST_TRANSFER_ID },
+      });
+      expect(result).toBeInstanceOf(Uint8Array);
+      expect(getTransferContentCalls).toContain(TEST_TRANSFER_ID);
+    });
+  });
+});
+describe("handleTransferContentPut — Phase 3 targetClientId guard", () => {
+  beforeEach(() => {
+    pendingStore.clear();
+    stubTargetClientId = null;
+    receiveTransferContentCalls.length = 0;
+  });
+  // ── 1. Targeted + correct header → success ────────────────────────────────
+  describe("targeted + correct x-vellum-client-id header", () => {
+    test("returns { accepted: true } and calls receiveTransferContent", async () => {
+      stubTargetClientId = "client-A";
+      const result = await handleTransferContentPut({
+        pathParams: { transferId: TEST_TRANSFER_ID },
+        headers: { "x-vellum-client-id": "client-A", "x-transfer-sha256": "abc" },
+        rawBody: new Uint8Array(Buffer.from("data")),
+      });
+      expect(result).toEqual({ accepted: true });
+      expect(receiveTransferContentCalls).toContain(TEST_TRANSFER_ID);
+    });
+    test("trims whitespace from header before comparing", async () => {
+      stubTargetClientId = "client-A";
+      const result = await handleTransferContentPut({
+        pathParams: { transferId: TEST_TRANSFER_ID },
+        headers: { "x-vellum-client-id": "  client-A  ", "x-transfer-sha256": "abc" },
+        rawBody: new Uint8Array(Buffer.from("data")),
+      });
+      expect(result).toEqual({ accepted: true });
+    });
+  });
+  // ── 2. Targeted + missing header → 400 ───────────────────────────────────
+  describe("targeted + missing x-vellum-client-id header", () => {
+    test("throws BadRequestError when header is absent", async () => {
+      stubTargetClientId = "client-A";
+      await expect(
+        handleTransferContentPut({
+          pathParams: { transferId: TEST_TRANSFER_ID },
+          headers: { "x-transfer-sha256": "abc" },
+          rawBody: new Uint8Array(Buffer.from("data")),
+        }),
+      ).rejects.toBeInstanceOf(BadRequestError);
+    });
+    test("receiveTransferContent NOT called on 400", async () => {
+      stubTargetClientId = "client-A";
+      try {
+        await handleTransferContentPut({
+          pathParams: { transferId: TEST_TRANSFER_ID },
+          headers: { "x-transfer-sha256": "abc" },
+          rawBody: new Uint8Array(Buffer.from("data")),
+        });
+      } catch {
+        // expected
+      }
+      expect(receiveTransferContentCalls).toHaveLength(0);
+    });
+  });
+  // ── 3. Targeted + wrong header → 403 ─────────────────────────────────────
+  describe("targeted + wrong x-vellum-client-id header", () => {
+    test("throws ForbiddenError when client ID does not match", async () => {
+      stubTargetClientId = "client-A";
+      await expect(
+        handleTransferContentPut({
+          pathParams: { transferId: TEST_TRANSFER_ID },
+          headers: { "x-vellum-client-id": "client-B", "x-transfer-sha256": "abc" },
+          rawBody: new Uint8Array(Buffer.from("data")),
+        }),
+      ).rejects.toBeInstanceOf(ForbiddenError);
+    });
+    test("receiveTransferContent NOT called on 403", async () => {
+      stubTargetClientId = "client-A";
+      try {
+        await handleTransferContentPut({
+          pathParams: { transferId: TEST_TRANSFER_ID },
+          headers: { "x-vellum-client-id": "client-B", "x-transfer-sha256": "abc" },
+          rawBody: new Uint8Array(Buffer.from("data")),
+        });
+      } catch {
+        // expected
+      }
+      expect(receiveTransferContentCalls).toHaveLength(0);
+    });
+  });
+  // ── 4. Untargeted — regression ────────────────────────────────────────────
+  describe("untargeted request (no targetClientId)", () => {
+    test("returns { accepted: true } without a header", async () => {
+      stubTargetClientId = null;
+      const result = await handleTransferContentPut({
+        pathParams: { transferId: TEST_TRANSFER_ID },
+        headers: { "x-transfer-sha256": "abc" },
+        rawBody: new Uint8Array(Buffer.from("data")),
+      });
+      expect(result).toEqual({ accepted: true });
+      expect(receiveTransferContentCalls).toContain(TEST_TRANSFER_ID);
+    });
+  });
+});
+describe("handleTransferResult — Phase 3 targetClientId guard", () => {
+  beforeEach(() => {
+    pendingStore.clear();
+    stubTargetClientId = null;
+    resolveTransferResultCalls.length = 0;
+  });
+  function registerHostTransferPending(targetClientId?: string): void {
+    registerPending({ targetClientId });
+  }
+  function resultBody(): Record<string, unknown> {
+    return { requestId: TEST_REQUEST_ID };
+  }
+  // ── 1. Targeted + correct header → success ────────────────────────────────
+  describe("targeted + correct x-vellum-client-id header", () => {
+    test("returns { accepted: true } and calls resolveTransferResult", async () => {
+      registerHostTransferPending("client-A");
+      const result = await handleTransferResult({
+        body: resultBody(),
+        headers: { "x-vellum-client-id": "client-A" },
+      });
+      expect(result).toEqual({ accepted: true });
+      expect(resolveTransferResultCalls).toContain(TEST_REQUEST_ID);
+    });
+    test("trims whitespace from header before comparing", async () => {
+      registerHostTransferPending("client-A");
+      const result = await handleTransferResult({
+        body: resultBody(),
+        headers: { "x-vellum-client-id": "  client-A  " },
+      });
+      expect(result).toEqual({ accepted: true });
+    });
+  });
+  // ── 2. Targeted + missing header → 400 ───────────────────────────────────
+  describe("targeted + missing x-vellum-client-id header", () => {
+    test("throws BadRequestError when header is absent", () => {
+      registerHostTransferPending("client-A");
+      expect(() =>
+        handleTransferResult({ body: resultBody() }),
+      ).toThrow(BadRequestError);
+    });
+    test("resolveTransferResult NOT called on 400", () => {
+      registerHostTransferPending("client-A");
+      try {
+        handleTransferResult({ body: resultBody() });
+      } catch {
+        // expected
+      }
+      expect(resolveTransferResultCalls).toHaveLength(0);
+    });
+    test("pending interaction still present after 400", () => {
+      registerHostTransferPending("client-A");
+      try {
+        handleTransferResult({ body: resultBody() });
+      } catch {
+        // expected
+      }
+      expect(pendingStore.has(TEST_REQUEST_ID)).toBe(true);
+    });
+  });
+  // ── 3. Targeted + wrong header → 403 ─────────────────────────────────────
+  describe("targeted + wrong x-vellum-client-id header", () => {
+    test("throws ForbiddenError when client ID does not match", () => {
+      registerHostTransferPending("client-A");
+      expect(() =>
+        handleTransferResult({
+          body: resultBody(),
+          headers: { "x-vellum-client-id": "client-B" },
+        }),
+      ).toThrow(ForbiddenError);
+    });
+    test("resolveTransferResult NOT called on 403", () => {
+      registerHostTransferPending("client-A");
+      try {
+        handleTransferResult({
+          body: resultBody(),
+          headers: { "x-vellum-client-id": "client-B" },
+        });
+      } catch {
+        // expected
+      }
+      expect(resolveTransferResultCalls).toHaveLength(0);
+    });
+    test("pending interaction still present after 403", () => {
+      registerHostTransferPending("client-A");
+      try {
+        handleTransferResult({
+          body: resultBody(),
+          headers: { "x-vellum-client-id": "client-B" },
+        });
+      } catch {
+        // expected
+      }
+      expect(pendingStore.has(TEST_REQUEST_ID)).toBe(true);
+    });
+  });
+  // ── 4. Untargeted — regression ────────────────────────────────────────────
+  describe("untargeted request (no targetClientId)", () => {
+    test("accepts when no header is provided", async () => {
+      registerHostTransferPending();
+      const result = await handleTransferResult({
+        body: resultBody(),
+      });
+      expect(result).toEqual({ accepted: true });
+      expect(resolveTransferResultCalls).toContain(TEST_REQUEST_ID);
+    });
+    test("accepts when header is present (header ignored for untargeted)", async () => {
+      registerHostTransferPending();
+      const result = await handleTransferResult({
+        body: resultBody(),
+        headers: { "x-vellum-client-id": "client-whatever" },
+      });
+      expect(result).toEqual({ accepted: true });
+    });
+  });
+});

package/src/__tests__/http-user-message-parity.test.ts CHANGED Viewed

@@ -206,6 +206,7 @@ function makeConversation(overrides: Record<string, unknown> = {}) {
     updateClient: () => {},
     setHostBrowserProxy: () => {},
     setHostCuProxy: () => {},
+    setHostAppControlProxy: () => {},
     addPreactivatedSkillId: () => {},
     emitConfirmationStateChanged: () => {},
     emitActivityState: () => {},