@vellumai/assistant 0.7.1 → 0.7.2

package/src/runtime/migrations/vbundle-tar-stream.ts

@@ -25,7 +25,9 @@ import { extract as tarExtract } from "tar-stream";
 export interface StreamedTarHeader {
   name: string;
   size: number;
-  type: "file" | "directory" | "pax-header" | "other";
+  type: "file" | "directory" | "pax-header" | "symlink" | "other";
+  /** Populated only when `type === "symlink"`; the symlink's target string from the tar header. */
+  linkname?: string;
 }
 
 export interface StreamedTarEntry {
@@ -57,6 +59,8 @@ function normalizeHeaderType(
       return "directory";
     case "pax-header":
       return "pax-header";
+    case "symlink":
+      return "symlink";
     default:
       return "other";
   }
@@ -125,12 +129,17 @@ export async function* parseVBundleStream(
     // Avoid unhandled "error" on body streams destroyed mid-flight; the
     // extractor itself propagates the real error to its "error" listener.
     body.on("error", () => {});
+    const normalizedType = normalizeHeaderType(header.type);
+    const surfaced: StreamedTarHeader = {
+      name: header.name,
+      size: header.size,
+      type: normalizedType,
+    };
+    if (normalizedType === "symlink" && header.linkname) {
+      surfaced.linkname = header.linkname;
+    }
     pushEntry({
-      header: {
-        name: header.name,
-        size: header.size,
-        type: normalizeHeaderType(header.type),
-      },
+      header: surfaced,
       body,
       next,
     });

package/src/runtime/migrations/vbundle-validator.ts

@@ -14,6 +14,7 @@
  */
 
 import { createHash, randomUUID } from "node:crypto";
+import { posix } from "node:path";
 import { gunzipSync } from "node:zlib";
 
 import { z } from "zod";
@@ -26,6 +27,7 @@ const ManifestFileEntry = z.object({
   path: z.string().min(1),
   sha256: z.string().regex(/^[0-9a-f]{64}$/),
   size_bytes: z.number().int().nonnegative(),
+  link_target: z.string().min(1).optional(),
 });
 
 const AssistantInfo = z.object({
@@ -201,6 +203,9 @@ export interface VBundleTarEntry {
   name: string;
   data: Uint8Array;
   size: number;
+  /** Set when the tar entry is typeflag-2 (symlink); carries the link target
+   *  decoded from the ustar linkname field. */
+  linkname?: string;
 }
 
 export interface VBundleValidationResult {
@@ -220,6 +225,9 @@ interface TarEntry {
   name: string;
   data: Uint8Array;
   size: number;
+  /** Set when the tar entry is typeflag-2 (symlink); carries the link target
+   *  decoded from the ustar linkname field. */
+  linkname?: string;
 }
 
 /**
@@ -282,6 +290,25 @@ function parseTar(buffer: Uint8Array): TarEntry[] {
       continue;
     }
 
+    // Symlink (type '2') — empty body regardless of declared size; the link
+    // target lives in the ustar linkname field (157..256). We preserve the
+    // tar-declared `size` here (rather than forcing it to 0) so the
+    // downstream `archiveEntry.size !== 0` check can surface
+    // `FILE_SIZE_MISMATCH` on malformed symlink headers. The body itself is
+    // always an empty buffer — symlinks have no data body even if the
+    // header lies about it.
+    if (typeFlag === "2") {
+      const linkname = decodeNullTerminated(header, 157, 100);
+      entries.push({
+        name: normalizePath(name),
+        data: new Uint8Array(0),
+        size,
+        linkname,
+      });
+      offset = dataStart + dataBlocks * BLOCK_SIZE;
+      continue;
+    }
+
     // Regular file or hard link
     if (typeFlag === "0" || typeFlag === "\0" || typeFlag === "") {
       entries.push({ name: normalizePath(name), data, size });
@@ -509,6 +536,93 @@ export function validateVBundle(data: Uint8Array): VBundleValidationResult {
       continue;
     }
 
+    if (fileEntry.link_target !== undefined) {
+      // Symlink branch: typeflag agreement, linkname agreement, sha over the
+      // link target string, size==0 on both sides, and path-traversal rejection.
+      if (archiveEntry.linkname === undefined) {
+        errors.push({
+          code: "SYMLINK_TYPEFLAG_MISMATCH",
+          message: `Manifest declares symlink for ${fileEntry.path} but tar entry is not typeflag-2`,
+          path: fileEntry.path,
+        });
+        continue;
+      }
+
+      if (archiveEntry.linkname !== fileEntry.link_target) {
+        errors.push({
+          code: "LINK_TARGET_MISMATCH",
+          message: `Symlink linkname mismatch for ${fileEntry.path}: manifest declares "${fileEntry.link_target}", tar carries "${archiveEntry.linkname}"`,
+          path: fileEntry.path,
+        });
+        continue;
+      }
+
+      if (archiveEntry.size !== 0) {
+        errors.push({
+          code: "FILE_SIZE_MISMATCH",
+          message: `Size mismatch for ${fileEntry.path}: manifest declares ${fileEntry.size_bytes} bytes, archive has ${archiveEntry.size} bytes`,
+          path: fileEntry.path,
+        });
+      }
+
+      if (fileEntry.size_bytes !== 0) {
+        errors.push({
+          code: "FILE_SIZE_MISMATCH",
+          message: `Size mismatch for ${fileEntry.path}: manifest declares ${fileEntry.size_bytes} bytes, archive has ${archiveEntry.size} bytes`,
+          path: fileEntry.path,
+        });
+      }
+
+      const expected = sha256Hex(fileEntry.link_target);
+      if (expected !== fileEntry.sha256) {
+        errors.push({
+          code: "FILE_CHECKSUM_MISMATCH",
+          message: `Checksum mismatch for ${fileEntry.path}: expected ${fileEntry.sha256}, computed ${expected}`,
+          path: fileEntry.path,
+        });
+      }
+
+      // Absolute POSIX targets are unconstrained by the bundle root — reject
+      // them up front. The `posix.normalize` guard below only catches
+      // `..`-based escapes; an absolute path like `/etc/passwd` survives
+      // normalization unchanged and would otherwise pass.
+      if (fileEntry.link_target.startsWith("/")) {
+        errors.push({
+          code: "SYMLINK_TARGET_ESCAPES_ARCHIVE",
+          message: `Symlink target is absolute, which escapes the archive root for ${fileEntry.path}: target=${fileEntry.link_target}`,
+          path: fileEntry.path,
+        });
+      } else {
+        const normalized = posix.normalize(
+          posix.join(posix.dirname(fileEntry.path), fileEntry.link_target),
+        );
+        // Defense-in-depth: also reject if the joined+normalized path is
+        // absolute, in case `dirname` ever resolves to an absolute root.
+        if (
+          normalized.startsWith("../") ||
+          normalized === ".." ||
+          normalized.startsWith("/")
+        ) {
+          errors.push({
+            code: "SYMLINK_TARGET_ESCAPES_ARCHIVE",
+            message: `Symlink target escapes archive root for ${fileEntry.path}: target=${fileEntry.link_target}, normalized=${normalized}`,
+            path: fileEntry.path,
+          });
+        }
+      }
+      continue;
+    }
+
+    if (archiveEntry.linkname !== undefined) {
+      // Tar carries a typeflag-2 entry but manifest declares a regular file.
+      errors.push({
+        code: "SYMLINK_NOT_DECLARED",
+        message: `Tar entry ${fileEntry.path} is typeflag-2 but manifest does not declare link_target`,
+        path: fileEntry.path,
+      });
+      continue;
+    }
+
     // Verify size
     if (archiveEntry.size !== fileEntry.size_bytes) {
       errors.push({

package/src/runtime/pending-interactions.ts

@@ -3,10 +3,14 @@
  * confirmation, secret, host_bash, host_file, host_cu, host_browser, and
  * host_transfer interactions.
  *
- * When the agent loop emits a confirmation_request, secret_request,
- * host_bash_request, host_file_request, host_cu_request,
- * host_browser_request, or host_transfer_request, the onEvent callback
- * registers the interaction here.
+ * For confirmation_request and secret_request, the onEvent callback in
+ * assistant-event-hub registers the interaction here.
+ *
+ * For host proxy interactions (host_bash, host_file, host_cu, host_browser,
+ * host_transfer), the proxy itself registers with full RPC lifecycle state
+ * (resolve/reject callbacks, timer, abort detach). This eliminates the
+ * per-proxy `private pending` maps — all pending state lives here.
+ *
  * Standalone HTTP endpoints (/v1/confirm, /v1/secret, /v1/trust-rules,
  * /v1/host-bash-result, /v1/host-file-result, /v1/host-cu-result,
  * /v1/host-browser-result) look up the conversation from this tracker to
@@ -14,6 +18,7 @@
  */
 
 import type { UserDecision } from "../permissions/types.js";
+import type { ToolExecutionResult } from "../tools/types.js";
 
 export interface ConfirmationDetails {
   toolName: string;
@@ -46,11 +51,27 @@ export interface PendingInteraction {
     | "host_file"
     | "host_cu"
     | "host_browser"
+    | "host_app_control"
     | "host_transfer"
     | "acp_confirmation";
   confirmationDetails?: ConfirmationDetails;
   /** For ACP permissions: resolves directly without a Conversation object. */
   directResolve?: (decision: UserDecision) => void;
+  /** When set, the host_bash request should be routed to this specific client. */
+  targetClientId?: string;
+
+  // -- RPC lifecycle (populated by host proxies) --
+
+  /** Resolve the caller's Promise with a tool execution result. */
+  rpcResolve?: (result: ToolExecutionResult) => void;
+  /** Reject the caller's Promise with an error. */
+  rpcReject?: (err: Error) => void;
+  /** Proxy-side timeout timer. Cleared on resolve/abort/dispose. */
+  timer?: ReturnType<typeof setTimeout>;
+  /** Detach the abort listener from the caller's signal. No-op when no signal was passed. */
+  detachAbort?: () => void;
+  /** Proxy-specific metadata (e.g. timeoutSec for bash, operation/path for file). */
+  metadata?: Record<string, unknown>;
 }
 
 const pending = new Map<string, PendingInteraction>();
@@ -64,12 +85,15 @@ export function register(
 
 /**
  * Remove and return the pending interaction for the given requestId.
+ * Auto-clears the proxy timer and detaches the abort listener if present.
  * Returns undefined if no interaction is registered.
  */
 export function resolve(requestId: string): PendingInteraction | undefined {
   const interaction = pending.get(requestId);
   if (interaction) {
     pending.delete(requestId);
+    if (interaction.timer != null) clearTimeout(interaction.timer);
+    interaction.detachAbort?.();
   }
   return interaction;
 }
@@ -102,11 +126,12 @@ export function getByConversation(
  * Remove pending confirmation and secret interactions for a given conversation.
  * Used when auto-denying all pending interactions (e.g. new user message).
  *
- * host_bash, host_file, host_cu, host_browser, and host_transfer interactions
- * are intentionally skipped — they represent in-flight tool executions proxied
- * to the client, not confirmations to auto-deny. Removing them would orphan
- * the request: the client would POST to /v1/host-bash-result,
- * /v1/host-file-result, /v1/host-cu-result, /v1/host-browser-result, or
+ * host_bash, host_file, host_cu, host_browser, host_app_control, and
+ * host_transfer interactions are intentionally skipped — they represent
+ * in-flight tool executions proxied to the client, not confirmations to
+ * auto-deny. Removing them would orphan the request: the client would POST to
+ * /v1/host-bash-result, /v1/host-file-result, /v1/host-cu-result,
+ * /v1/host-browser-result, /v1/host-app-control-result, or
  * /v1/host-transfer-result after completing the operation, get a 404, and the
  * proxy timer would fire with a spurious timeout error.
  */
@@ -118,6 +143,7 @@ export function removeByConversation(conversationId: string): void {
       interaction.kind !== "host_file" &&
       interaction.kind !== "host_cu" &&
       interaction.kind !== "host_browser" &&
+      interaction.kind !== "host_app_control" &&
       interaction.kind !== "host_transfer" &&
       interaction.kind !== "acp_confirmation"
     ) {

package/src/runtime/routes/__tests__/backup-routes.test.ts

@@ -22,7 +22,6 @@ import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 
-import type { BackupRunResult } from "../../../backup/backup-worker.js";
 import type { RestoreResult, VerifyResult } from "../../../backup/restore.js";
 import type { BackupConfig } from "../../../config/schema.js";
 import { BackupConfigSchema } from "../../../config/schema.js";
@@ -114,23 +113,6 @@ mock.module("../../../backup/backup-key.js", () => ({
   ensureBackupKey: async (_path: string) => mockBackupKey ?? Buffer.alloc(32),
 }));
 
-// -- Backup worker mock ----------------------------------------------------
-
-let mockCreateSnapshotResult: BackupRunResult | null = null;
-let mockCreateSnapshotError: Error | null = null;
-let mockCreateSnapshotCalls = 0;
-
-mock.module("../../../backup/backup-worker.js", () => ({
-  createSnapshotNow: async (_config: BackupConfig, _now: Date) => {
-    mockCreateSnapshotCalls += 1;
-    if (mockCreateSnapshotError) throw mockCreateSnapshotError;
-    if (mockCreateSnapshotResult == null) {
-      throw new Error("Test forgot to set mockCreateSnapshotResult");
-    }
-    return mockCreateSnapshotResult;
-  },
-}));
-
 // -- Restore module mock ---------------------------------------------------
 
 interface RestoreCall {
@@ -179,21 +161,20 @@ mock.module("../../../backup/restore.js", () => ({
   restoreFromSnapshot: async (
     path: string,
     opts: {
-      key?: Buffer;
       workspaceDir?: string;
     },
   ) => {
     recoveryCallOrder.push("restoreFromSnapshot");
     lastRestoreArgs = {
       path,
-      hasKey: opts.key != null,
+      hasKey: false,
       workspaceDir: opts.workspaceDir,
     };
     if (mockRestoreError) throw mockRestoreError;
     return mockRestoreResult;
   },
-  verifySnapshot: async (path: string, opts: { key?: Buffer }) => {
-    lastVerifyArgs = { path, hasKey: opts.key != null };
+  verifySnapshot: async (path: string) => {
+    lastVerifyArgs = { path, hasKey: false };
     return mockVerifyResult;
   },
 }));
@@ -248,9 +229,6 @@ beforeEach(() => {
   }
   mockBackupKey = Buffer.alloc(32, 0xaa);
   mockReadBackupKeyCalls = 0;
-  mockCreateSnapshotResult = null;
-  mockCreateSnapshotError = null;
-  mockCreateSnapshotCalls = 0;
   lastRestoreArgs = null;
   lastVerifyArgs = null;
   mockRestoreError = null;
@@ -431,105 +409,19 @@ describe("handleBackupList", () => {
   });
 });
 
+// ---------------------------------------------------------------------------
 // ---------------------------------------------------------------------------
 // handleBackupCreate
 // ---------------------------------------------------------------------------
 
 describe("handleBackupCreate", () => {
-  const fakeRunResult: BackupRunResult = {
-    local: {
-      path: "/tmp/fake/backup-20260411-100000.vbundle",
-      filename: "backup-20260411-100000.vbundle",
-      createdAt: new Date("2026-04-11T10:00:00Z"),
-      sizeBytes: 100,
-      encrypted: false,
-    },
-    offsite: [],
-    durationMs: 42,
-  };
-
-  test("manual create bypasses enabled flag and succeeds with disabled config", async () => {
-    mockBackupConfig = makeConfig({
-      enabled: false,
-      localDirectory: LOCAL_DIR,
-      offsite: { enabled: false, destinations: null },
-    });
-    mockCreateSnapshotResult = fakeRunResult;
-
-    const result = await handleBackupCreate();
-    expect(result.durationMs).toBe(42);
-    expect(result.offsite).toEqual([]);
-    expect(mockCreateSnapshotCalls).toBe(1);
-  });
-
-  test("plaintext-only destinations do not create backup.key file", async () => {
-    const plaintextDir = join(ROOT, "offsite-plain");
-    mkdirSync(plaintextDir, { recursive: true });
-    mockBackupConfig = makeConfig({
-      enabled: true,
-      localDirectory: LOCAL_DIR,
-      offsite: {
-        enabled: true,
-        destinations: [{ path: plaintextDir, encrypt: false }],
-      },
-    });
-    mockCreateSnapshotResult = fakeRunResult;
-    mockReadBackupKeyCalls = 0;
-
-    await handleBackupCreate();
-    expect(mockReadBackupKeyCalls).toBe(0);
-    const keyFileExists = await import("node:fs").then((m) =>
-      m.existsSync(join(ROOT, "workspace", ".backup.key")),
-    );
-    expect(keyFileExists).toBe(false);
-  });
-
-  test("concurrent call throws ConflictError when mock raises 'snapshot in progress'", async () => {
-    mockBackupConfig = makeConfig({ localDirectory: LOCAL_DIR });
-    mockCreateSnapshotError = new Error("snapshot in progress");
-
-    try {
-      await handleBackupCreate();
-      expect.unreachable("should have thrown");
-    } catch (err) {
-      expect(err).toBeInstanceOf(RouteError);
-      expect((err as RouteError).statusCode).toBe(409);
-      expect((err as RouteError).code).toBe("CONFLICT");
-    }
-  });
-
-  test("cross-process conflict ('locked by pid N') is still mapped to 409", async () => {
-    mockBackupConfig = makeConfig({ localDirectory: LOCAL_DIR });
-    mockCreateSnapshotError = new Error(
-      "snapshot in progress (locked by pid 12345)",
+  test("always throws BadRequestError redirecting to gateway", async () => {
+    await expect(handleBackupCreate()).rejects.toThrow(
+      "Backup snapshot creation has moved to the gateway",
     );
-
-    try {
-      await handleBackupCreate();
-      expect.unreachable("should have thrown");
-    } catch (err) {
-      expect(err).toBeInstanceOf(RouteError);
-      expect((err as RouteError).statusCode).toBe(409);
-      expect((err as RouteError).code).toBe("CONFLICT");
-    }
-  });
-
-  test("other errors are surfaced as 500", async () => {
-    mockCreateSnapshotError = new Error("disk full");
-
-    try {
-      await handleBackupCreate();
-      expect.unreachable("should have thrown");
-    } catch (err) {
-      expect(err).toBeInstanceOf(RouteError);
-      expect((err as RouteError).statusCode).toBe(500);
-      expect((err as RouteError).code).toBe("INTERNAL_ERROR");
-      expect((err as RouteError).message).toBe("disk full");
-    }
   });
 });
 
-// ---------------------------------------------------------------------------
 // handleBackupRestore
 // ---------------------------------------------------------------------------
 
@@ -613,29 +505,7 @@ describe("handleBackupRestore", () => {
     expect(lastRestoreArgs!.path).toBe(expectedRealpath);
   });
 
-  test("encrypted .vbundle.enc inside local dir loads key and restores", async () => {
-    const snapshotPath = writeBackupFile(
-      LOCAL_DIR,
-      "backup-20260411-100000.vbundle.enc",
-    );
-    mockBackupConfig = makeConfig({
-      localDirectory: LOCAL_DIR,
-      offsite: { enabled: true, destinations: [] },
-    });
-    mockBackupKey = Buffer.alloc(32, 0xbb);
-    mockReadBackupKeyCalls = 0;
-
-    await handleBackupRestore({
-      body: { path: snapshotPath },
-      pathParams: {},
-      queryParams: {},
-    });
-    expect(mockReadBackupKeyCalls).toBe(1);
-    expect(lastRestoreArgs).not.toBeNull();
-    expect(lastRestoreArgs!.hasKey).toBe(true);
-  });
-
-  test("encrypted bundle with missing backup.key throws BadRequestError", async () => {
+  test("encrypted .vbundle.enc is rejected with gateway redirect error", async () => {
     const snapshotPath = writeBackupFile(
       LOCAL_DIR,
       "backup-20260411-100000.vbundle.enc",
@@ -644,7 +514,6 @@ describe("handleBackupRestore", () => {
       localDirectory: LOCAL_DIR,
       offsite: { enabled: true, destinations: [] },
     });
-    mockBackupKey = null;
 
     try {
       await handleBackupRestore({
@@ -656,7 +525,7 @@ describe("handleBackupRestore", () => {
     } catch (err) {
       expect(err).toBeInstanceOf(RouteError);
       expect((err as RouteError).statusCode).toBe(400);
-      expect((err as RouteError).message).toMatch(/backup.key is missing/);
+      expect((err as RouteError).message).toMatch(/gateway/i);
     }
     expect(lastRestoreArgs).toBeNull();
   });
@@ -794,7 +663,7 @@ describe("handleBackupVerify", () => {
     expect(result.valid).toBe(true);
   });
 
-  test("encrypted bundle with key loads key and forwards to verifySnapshot", async () => {
+  test("encrypted bundle is rejected with gateway redirect error", async () => {
     const snapshotPath = writeBackupFile(
       LOCAL_DIR,
       "backup-20260411-100000.vbundle.enc",
@@ -803,16 +672,19 @@ describe("handleBackupVerify", () => {
       localDirectory: LOCAL_DIR,
       offsite: { enabled: true, destinations: [] },
     });
-    mockBackupKey = Buffer.alloc(32, 0xcc);
-    mockReadBackupKeyCalls = 0;
 
-    await handleBackupVerify({
-      body: { path: snapshotPath },
-      pathParams: {},
-      queryParams: {},
-    });
-    expect(mockReadBackupKeyCalls).toBe(1);
-    expect(lastVerifyArgs!.hasKey).toBe(true);
+    try {
+      await handleBackupVerify({
+        body: { path: snapshotPath },
+        pathParams: {},
+        queryParams: {},
+      });
+      expect.unreachable("should have thrown");
+    } catch (err) {
+      expect(err).toBeInstanceOf(RouteError);
+      expect((err as RouteError).statusCode).toBe(400);
+      expect((err as RouteError).message).toMatch(/gateway/i);
+    }
   });
 
   test("path outside allowed directories throws BadRequestError", async () => {

package/src/runtime/routes/__tests__/conversation-query-routes.test.ts

@@ -29,6 +29,7 @@ mock.module("../../../config/loader.js", () => ({
   },
 }));
 
+import type { ConversationCreateType } from "../../../memory/conversation-crud.js";
 import { getDb } from "../../../memory/db-connection.js";
 import { initializeDb } from "../../../memory/db-init.js";
 import {
@@ -39,8 +40,10 @@ import {
   recordMemoryV2ActivationLog,
 } from "../../../memory/memory-v2-activation-log-store.js";
 import {
+  conversations,
   llmRequestLogs,
   memoryV2ActivationLogs,
+  messages,
 } from "../../../memory/schema.js";
 import { ROUTES } from "../conversation-query-routes.js";
 
@@ -68,6 +71,40 @@ function clearTables(): void {
   const db = getDb();
   db.delete(llmRequestLogs).run();
   db.delete(memoryV2ActivationLogs).run();
+  db.delete(messages).run();
+  db.delete(conversations).run();
+}
+
+function seedConversationAndMessage(args: {
+  conversationId: string;
+  messageId: string;
+  source: string;
+  conversationType: ConversationCreateType;
+}): void {
+  const now = Date.now();
+  getDb()
+    .insert(conversations)
+    .values({
+      id: args.conversationId,
+      title: null,
+      createdAt: now,
+      updatedAt: now,
+      source: args.source,
+      conversationType: args.conversationType,
+      memoryScopeId: "default",
+    })
+    .run();
+  getDb()
+    .insert(messages)
+    .values({
+      id: args.messageId,
+      conversationId: args.conversationId,
+      role: "assistant",
+      content: "",
+      createdAt: now,
+      metadata: null,
+    })
+    .run();
 }
 
 function seedRequestLog(messageId: string, id: string): void {
@@ -143,6 +180,67 @@ describe("GET /v1/messages/:id/llm-context — memoryV2Activation", () => {
   });
 });
 
+describe("GET /v1/messages/:id/llm-context — conversationKind", () => {
+  beforeEach(() => {
+    clearTables();
+  });
+
+  test("returns 'background_memory_consolidation' for memory_v2_consolidation source", async () => {
+    seedConversationAndMessage({
+      conversationId: "conv-mem-consol",
+      messageId: "msg-mem-consol",
+      source: "memory_v2_consolidation",
+      conversationType: "background",
+    });
+
+    const body = (await dispatchLlmContext("msg-mem-consol")) as {
+      conversationKind: string;
+      logs: unknown[];
+    };
+
+    expect(body.conversationKind).toBe("background_memory_consolidation");
+    expect(body.logs).toEqual([]);
+  });
+
+  test("returns 'background' for non-consolidation background conversations", async () => {
+    seedConversationAndMessage({
+      conversationId: "conv-bg",
+      messageId: "msg-bg",
+      source: "memory_consolidation",
+      conversationType: "background",
+    });
+
+    const body = (await dispatchLlmContext("msg-bg")) as {
+      conversationKind: string;
+    };
+
+    expect(body.conversationKind).toBe("background");
+  });
+
+  test("returns 'user' for standard conversations", async () => {
+    seedConversationAndMessage({
+      conversationId: "conv-user",
+      messageId: "msg-user",
+      source: "user",
+      conversationType: "standard",
+    });
+
+    const body = (await dispatchLlmContext("msg-user")) as {
+      conversationKind: string;
+    };
+
+    expect(body.conversationKind).toBe("user");
+  });
+
+  test("falls back to 'user' when the message can't be resolved", async () => {
+    const body = (await dispatchLlmContext("msg-missing")) as {
+      conversationKind: string;
+    };
+
+    expect(body.conversationKind).toBe("user");
+  });
+});
+
 describe("PUT /v1/config/llm/profiles/:name", () => {
   beforeEach(() => {
     savedRawConfig = null;