npm - @vellumai/assistant - Versions diffs - 0.7.2 → 0.7.3 - Mend

@vellumai/assistant 0.7.2 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (347) hide show

package/ARCHITECTURE.md +16 -1
package/docs/architecture/memory.md +5 -2
package/node_modules/@vellumai/gateway-client/src/ipc-client.ts +13 -4
package/node_modules/@vellumai/skill-host-contracts/src/assistant-event.ts +0 -9
package/node_modules/@vellumai/slack-text/src/index.test.ts +18 -35
package/node_modules/@vellumai/slack-text/src/index.ts +2 -48
package/openapi.yaml +449 -22
package/package.json +1 -1
package/src/__tests__/app-control-flow.test.ts +21 -11
package/src/__tests__/assistant-event-hub.test.ts +48 -0
package/src/__tests__/assistant-event.test.ts +0 -10
package/src/__tests__/assistant-events-sse-hardening.test.ts +2 -7
package/src/__tests__/assistant-feature-flags-integration.test.ts +18 -0
package/src/__tests__/auto-analysis-end-to-end.test.ts +62 -1
package/src/__tests__/background-workers-disk-pressure.test.ts +268 -0
package/src/__tests__/call-conversation-messages.test.ts +8 -2
package/src/__tests__/channel-inbound-disk-pressure.test.ts +537 -0
package/src/__tests__/channel-readiness-service.test.ts +4 -2
package/src/__tests__/config-loader-backfill.test.ts +379 -0
package/src/__tests__/config-schema.test.ts +1 -0
package/src/__tests__/config-watcher-cleanup-throttle.test.ts +18 -9
package/src/__tests__/config-watcher.test.ts +140 -69
package/src/__tests__/context-search-agent-runner.test.ts +61 -3
package/src/__tests__/context-search-conversations-source.test.ts +0 -24
package/src/__tests__/context-search-fanout.test.ts +0 -1
package/src/__tests__/context-search-memory-source.test.ts +3 -7
package/src/__tests__/context-search-memory-v2-source.test.ts +0 -2
package/src/__tests__/context-search-pkb-source.test.ts +0 -1
package/src/__tests__/context-search-workspace-source.test.ts +0 -1
package/src/__tests__/conversation-abort-tool-results.test.ts +6 -0
package/src/__tests__/conversation-agent-loop-disk-pressure.test.ts +223 -0
package/src/__tests__/conversation-agent-loop.test.ts +454 -5
package/src/__tests__/conversation-error.test.ts +150 -3
package/src/__tests__/conversation-process-callsite.test.ts +43 -0
package/src/__tests__/conversation-provider-retry-repair.test.ts +6 -0
package/src/__tests__/conversation-runtime-assembly.test.ts +65 -0
package/src/__tests__/conversation-slash-unknown.test.ts +6 -0
package/src/__tests__/conversation-speed-override.test.ts +0 -3
package/src/__tests__/conversation-store.test.ts +0 -18
package/src/__tests__/conversation-surfaces-app-control.test.ts +15 -4
package/src/__tests__/conversation-surfaces-data-persist.test.ts +404 -0
package/src/__tests__/conversation-tool-setup-app-refresh.test.ts +2 -5
package/src/__tests__/conversation-workspace-injection.test.ts +6 -0
package/src/__tests__/conversation-workspace-tool-tracking.test.ts +6 -0
package/src/__tests__/credentials-cli.test.ts +7 -0
package/src/__tests__/cu-unified-flow.test.ts +176 -10
package/src/__tests__/date-context.test.ts +164 -2
package/src/__tests__/disk-pressure-guard.test.ts +262 -0
package/src/__tests__/disk-pressure-lifecycle.test.ts +168 -0
package/src/__tests__/disk-pressure-policy.test.ts +241 -0
package/src/__tests__/disk-pressure-routes.test.ts +379 -0
package/src/__tests__/disk-pressure-tools.test.ts +277 -0
package/src/__tests__/disk-usage.test.ts +150 -0
package/src/__tests__/events-client-registration.test.ts +52 -0
package/src/__tests__/events-dev-bypass-actor.test.ts +162 -0
package/src/__tests__/file-write-tool.test.ts +4 -10
package/src/__tests__/filing-service.test.ts +3 -4
package/src/__tests__/heartbeat-disk-pressure.test.ts +183 -0
package/src/__tests__/heartbeat-service.test.ts +260 -11
package/src/__tests__/host-app-control-proxy.test.ts +195 -25
package/src/__tests__/host-bash-proxy.test.ts +227 -34
package/src/__tests__/host-bash-routes.test.ts +178 -13
package/src/__tests__/host-cu-proxy.test.ts +210 -3
package/src/__tests__/host-cu-routes-targeted.test.ts +141 -12
package/src/__tests__/host-file-proxy-targeted.test.ts +48 -9
package/src/__tests__/host-file-proxy.test.ts +268 -6
package/src/__tests__/host-file-routes-targeted.test.ts +175 -17
package/src/__tests__/host-transfer-proxy-targeted.test.ts +408 -59
package/src/__tests__/host-transfer-routes-targeted.test.ts +232 -17
package/src/__tests__/http-user-message-parity.test.ts +107 -1
package/src/__tests__/injector-chain.test.ts +18 -6
package/src/__tests__/injector-disk-pressure.test.ts +224 -0
package/src/__tests__/managed-profile-guard.test.ts +18 -0
package/src/__tests__/mcp-abort-signal.test.ts +130 -0
package/src/__tests__/memory-admin-recall.test.ts +3 -11
package/src/__tests__/memory-retrieval-pipeline.test.ts +22 -1
package/src/__tests__/normalize-onboarding.test.ts +180 -0
package/src/__tests__/oauth-connect-routes.test.ts +316 -0
package/src/__tests__/oauth-provider-seed-logos.test.ts +24 -2
package/src/__tests__/onboarding-persona-write.test.ts +308 -0
package/src/__tests__/openai-provider.test.ts +45 -8
package/src/__tests__/persist-onboarding-artifacts.test.ts +44 -64
package/src/__tests__/platform-callback-registration.test.ts +21 -4
package/src/__tests__/platform.test.ts +2 -1
package/src/__tests__/playbook-execution.test.ts +0 -43
package/src/__tests__/plugin-tool-contribution.test.ts +47 -0
package/src/__tests__/prechat-onboarding-contract.test.ts +214 -27
package/src/__tests__/provider-tool-name.test.ts +23 -0
package/src/__tests__/relay-server.test.ts +15 -4
package/src/__tests__/runtime-events-sse.test.ts +4 -8
package/src/__tests__/scheduler-disk-pressure.test.ts +148 -0
package/src/__tests__/secret-ingress-http.test.ts +0 -1
package/src/__tests__/suggestion-routes.test.ts +46 -0
package/src/__tests__/twilio-validation.test.ts +2 -2
package/src/__tests__/workspace-migration-065-bump-stale-heartbeat-interval.test.ts +122 -0
package/src/__tests__/workspace-migration-066-seed-heartbeat-callsite-cost-default.test.ts +285 -0
package/src/__tests__/workspace-migration-068-release-notes-local-timezone.test.ts +90 -0
package/src/__tests__/workspace-migration-safe-storage-limits-release.test.ts +90 -0
package/src/approvals/guardian-decision-primitive.ts +13 -0
package/src/approvals/guardian-request-resolvers.ts +16 -17
package/src/backup/snapshot-lock.ts +2 -27
package/src/bundler/compiler-tools.ts +3 -2
package/src/calls/call-conversation-messages.ts +46 -10
package/src/cli/commands/__tests__/webhooks.test.ts +0 -4
package/src/cli/commands/bash.ts +35 -108
package/src/cli/commands/contacts.ts +64 -25
package/src/cli/commands/credentials.ts +56 -0
package/src/cli/commands/memory-v2.ts +7 -6
package/src/cli/commands/oauth/__tests__/connect.test.ts +437 -1
package/src/cli/commands/oauth/connect.ts +127 -1
package/src/cli/commands/platform/__tests__/callback-routes-list.test.ts +0 -3
package/src/cli/commands/platform/__tests__/connect.test.ts +7 -1
package/src/cli/commands/platform/__tests__/disconnect.test.ts +7 -1
package/src/cli/commands/platform/__tests__/status.test.ts +103 -6
package/src/cli/commands/platform/index.ts +16 -7
package/src/cli/commands/status.ts +57 -0
package/src/cli/program.ts +4 -2
package/src/config/assistant-feature-flags.ts +13 -3
package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts +4 -3
package/src/config/bundled-skills/phone-calls/references/TROUBLESHOOTING.md +13 -7
package/src/config/bundled-skills/playbooks/tools/playbook-create.ts +2 -2
package/src/config/bundled-skills/playbooks/tools/playbook-delete.ts +2 -2
package/src/config/bundled-skills/playbooks/tools/playbook-list.ts +2 -2
package/src/config/bundled-skills/playbooks/tools/playbook-update.ts +2 -2
package/src/config/env.ts +0 -8
package/src/config/feature-flag-registry.json +27 -3
package/src/config/loader.ts +127 -8
package/src/config/schemas/__tests__/memory-v2.test.ts +10 -5
package/src/config/schemas/call-site-catalog.ts +14 -0
package/src/config/schemas/channels.ts +0 -5
package/src/config/schemas/heartbeat.ts +1 -1
package/src/config/schemas/llm.ts +2 -0
package/src/config/schemas/memory-lifecycle.ts +13 -0
package/src/config/schemas/memory-v2.ts +75 -11
package/src/config/schemas/platform.ts +43 -3
package/src/config/schemas/services.ts +28 -0
package/src/config/seed-inference-profiles.ts +230 -33
package/src/contacts/contact-store.ts +0 -25
package/src/daemon/__tests__/conversation-tool-setup.test.ts +86 -25
package/src/daemon/assistant-attachments.ts +4 -4
package/src/daemon/config-watcher.ts +85 -57
package/src/daemon/conversation-agent-loop-handlers.ts +6 -0
package/src/daemon/conversation-agent-loop.ts +170 -33
package/src/daemon/conversation-error.ts +87 -15
package/src/daemon/conversation-lifecycle.ts +1 -3
package/src/daemon/conversation-process.ts +8 -0
package/src/daemon/conversation-runtime-assembly.ts +26 -0
package/src/daemon/conversation-store.ts +2 -2
package/src/daemon/conversation-surfaces.ts +195 -15
package/src/daemon/conversation-tool-setup.ts +57 -14
package/src/daemon/conversation.ts +17 -22
package/src/daemon/date-context.ts +71 -22
package/src/daemon/disk-pressure-background-gate.ts +73 -0
package/src/daemon/disk-pressure-guard.ts +343 -0
package/src/daemon/disk-pressure-policy.ts +163 -0
package/src/daemon/handlers/shared.ts +0 -1
package/src/daemon/handlers/skills.ts +3 -4
package/src/daemon/host-app-control-proxy.ts +137 -41
package/src/daemon/host-bash-proxy.ts +46 -21
package/src/daemon/host-cu-proxy.ts +49 -3
package/src/daemon/host-file-proxy.ts +43 -7
package/src/daemon/host-transfer-proxy.ts +95 -4
package/src/daemon/lifecycle.ts +79 -28
package/src/daemon/meet-host-supervisor.ts +4 -4
package/src/daemon/meet-manifest-loader.ts +0 -1
package/src/daemon/memory-v2-startup.ts +14 -4
package/src/daemon/message-protocol.ts +3 -0
package/src/daemon/message-types/conversations.ts +4 -0
package/src/daemon/message-types/disk-pressure.ts +9 -0
package/src/daemon/message-types/messages.ts +3 -0
package/src/daemon/profiler-run-store.ts +5 -5
package/src/daemon/tool-setup-types.ts +2 -2
package/src/documents/document-store.ts +85 -0
package/src/filing/filing-service.ts +30 -5
package/src/heartbeat/__tests__/heartbeat-feed-event.test.ts +9 -16
package/src/heartbeat/__tests__/heartbeat-run-store.test.ts +36 -0
package/src/heartbeat/heartbeat-run-store.ts +13 -0
package/src/heartbeat/heartbeat-service.ts +205 -31
package/src/home/feed-scheduler.ts +18 -0
package/src/inbound/platform-callback-registration.ts +8 -15
package/src/ipc/__tests__/clients-list-ipc.test.ts +169 -0
package/src/ipc/assistant-server.ts +56 -2
package/src/ipc/gateway-client.ts +37 -3
package/src/live-voice/live-voice-archive.ts +4 -4
package/src/live-voice/protocol.ts +5 -7
package/src/media/image-service.ts +1 -7
package/src/memory/__tests__/fixtures/memory-v2-activation-fixtures.ts +21 -13
package/src/memory/__tests__/jobs-worker-v2-schedule.test.ts +52 -22
package/src/memory/__tests__/memory-v2-activation-log-store.test.ts +0 -6
package/src/memory/__tests__/memory-v2-concept-frequency.test.ts +272 -0
package/src/memory/admin.ts +5 -9
package/src/memory/context-search/agent-runner.ts +19 -2
package/src/memory/context-search/sources/conversations.ts +2 -11
package/src/memory/context-search/sources/memory-v2.ts +5 -4
package/src/memory/context-search/sources/memory.ts +0 -1
package/src/memory/context-search/types.ts +0 -1
package/src/memory/conversation-crud.ts +4 -12
package/src/memory/db-init.ts +2 -0
package/src/memory/embedding-runtime-manager.ts +119 -5
package/src/memory/graph/__tests__/conversation-graph-memory-v2-routing.test.ts +32 -21
package/src/memory/graph/conversation-graph-memory.ts +42 -54
package/src/memory/graph/extraction.ts +1 -3
package/src/memory/graph/graph-search.test.ts +10 -67
package/src/memory/graph/graph-search.ts +1 -20
package/src/memory/graph/retriever.test.ts +6 -0
package/src/memory/graph/retriever.ts +6 -10
package/src/memory/indexer.ts +54 -45
package/src/memory/job-handlers/backfill.ts +2 -11
package/src/memory/job-handlers/cleanup.ts +43 -0
package/src/memory/job-handlers/embedding.ts +6 -8
package/src/memory/job-handlers/summarization.ts +2 -7
package/src/memory/jobs-store.ts +48 -0
package/src/memory/jobs-worker.ts +81 -43
package/src/memory/memory-v2-activation-log-store.ts +32 -14
package/src/memory/memory-v2-concept-frequency.ts +169 -0
package/src/memory/migrations/239-trace-events-created-at-index.ts +18 -0
package/src/memory/migrations/index.ts +1 -0
package/src/memory/pkb/pkb-search.test.ts +6 -0
package/src/memory/qdrant-client.ts +0 -13
package/src/memory/rerank-local.ts +374 -0
package/src/memory/search/semantic.ts +6 -67
package/src/memory/trace-event-store.ts +1 -17
package/src/memory/v2/__tests__/activation.test.ts +311 -250
package/src/memory/v2/__tests__/consolidation-job.test.ts +40 -8
package/src/memory/v2/__tests__/injection.test.ts +157 -167
package/src/memory/v2/__tests__/prompts-consolidation.test.ts +61 -2
package/src/memory/v2/__tests__/qdrant.test.ts +16 -0
package/src/memory/v2/__tests__/reranker.test.ts +338 -0
package/src/memory/v2/__tests__/sim.test.ts +5 -199
package/src/memory/v2/__tests__/skill-store.test.ts +71 -65
package/src/memory/v2/__tests__/static-context.test.ts +76 -1
package/src/memory/v2/activation.ts +149 -156
package/src/memory/v2/consolidation-job.ts +62 -12
package/src/memory/v2/injection.ts +47 -60
package/src/memory/v2/prompts/consolidation.ts +36 -1
package/src/memory/v2/qdrant.ts +99 -0
package/src/memory/v2/reranker.ts +177 -0
package/src/memory/v2/sim.ts +10 -84
package/src/memory/v2/skill-content.ts +4 -3
package/src/memory/v2/skill-store.ts +82 -59
package/src/memory/v2/static-context.ts +22 -0
package/src/memory/v2/types.ts +10 -10
package/src/notifications/copy-composer.ts +13 -0
package/src/notifications/signal.ts +4 -0
package/src/oauth/AGENTS.md +3 -1
package/src/oauth/__tests__/oauth-connect-state.test.ts +137 -0
package/src/oauth/connect-orchestrator.ts +2 -0
package/src/oauth/connection-resolver.test.ts +66 -1
package/src/oauth/connection-resolver.ts +55 -1
package/src/oauth/oauth-connect-state.ts +77 -0
package/src/oauth/seed-providers.ts +58 -1
package/src/plugins/defaults/injectors.ts +35 -2
package/src/plugins/defaults/memory-retrieval.ts +5 -6
package/src/plugins/types.ts +7 -0
package/src/proactive-artifact/aux-message-injector.ts +74 -0
package/src/proactive-artifact/decision.test.ts +226 -0
package/src/proactive-artifact/decision.ts +165 -0
package/src/proactive-artifact/index.ts +7 -0
package/src/proactive-artifact/job.test.ts +867 -0
package/src/proactive-artifact/job.ts +352 -0
package/src/proactive-artifact/message-copy.ts +41 -0
package/src/proactive-artifact/trigger-state.test.ts +277 -0
package/src/proactive-artifact/trigger-state.ts +119 -0
package/src/prompts/normalize-onboarding.ts +80 -0
package/src/prompts/persona-resolver.ts +101 -9
package/src/prompts/system-prompt.ts +21 -7
package/src/prompts/templates/BOOTSTRAP.md +13 -5
package/src/providers/__tests__/retry-callsite.test.ts +222 -1
package/src/providers/model-intents.ts +7 -0
package/src/providers/openrouter/client.ts +8 -0
package/src/providers/retry.ts +50 -0
package/src/providers/types.ts +1 -0
package/src/runtime/__tests__/agent-wake.test.ts +456 -3
package/src/runtime/agent-wake.ts +238 -100
package/src/runtime/assistant-event-hub.ts +36 -6
package/src/runtime/assistant-event.ts +0 -1
package/src/runtime/auth/__tests__/route-policy.test.ts +64 -0
package/src/runtime/auth/route-policy.ts +14 -1
package/src/runtime/auth/same-actor.ts +216 -0
package/src/runtime/channel-retry-sweep.ts +65 -1
package/src/runtime/guardian-reply-router.ts +10 -0
package/src/runtime/local-actor-identity.ts +52 -11
package/src/runtime/pending-interactions.ts +8 -0
package/src/runtime/routes/__tests__/client-routes.test.ts +155 -0
package/src/runtime/routes/__tests__/conversation-query-routes.test.ts +0 -5
package/src/runtime/routes/__tests__/heartbeat-routes.test.ts +1 -1
package/src/runtime/routes/client-routes.ts +20 -2
package/src/runtime/routes/contact-routes.ts +0 -25
package/src/runtime/routes/conversation-routes.ts +35 -26
package/src/runtime/routes/debug-bash-routes.ts +163 -0
package/src/runtime/routes/disk-pressure-routes.ts +121 -0
package/src/runtime/routes/document-pdf-renderer.ts +6 -2
package/src/runtime/routes/documents-routes.ts +2 -75
package/src/runtime/routes/events-routes.ts +41 -9
package/src/runtime/routes/host-bash-routes.ts +23 -3
package/src/runtime/routes/host-cu-routes.ts +33 -6
package/src/runtime/routes/host-file-routes.ts +32 -6
package/src/runtime/routes/host-transfer-routes.ts +79 -16
package/src/runtime/routes/identity-routes.ts +7 -138
package/src/runtime/routes/inbound-message-handler.ts +77 -12
package/src/runtime/routes/inbound-stages/guardian-reply-intercept.ts +3 -0
package/src/runtime/routes/index.ts +6 -0
package/src/runtime/routes/memory-item-routes.test.ts +41 -15
package/src/runtime/routes/memory-v2-routes.ts +33 -0
package/src/runtime/routes/oauth-connect-routes.ts +153 -0
package/src/runtime/verification-outbound-actions.ts +4 -4
package/src/schedule/run-script.ts +37 -5
package/src/schedule/scheduler.ts +20 -1
package/src/security/encrypted-store.ts +2 -0
package/src/security/secure-keys.ts +55 -0
package/src/skills/remote-skill-policy.ts +4 -10
package/src/subagent/index.ts +1 -7
package/src/subagent/manager.ts +1 -15
package/src/tasks/task-runner.ts +0 -1
package/src/tasks/task-store.ts +0 -3
package/src/tools/background-tool-registry.ts +17 -3
package/src/tools/host-filesystem/edit.test.ts +151 -0
package/src/tools/host-filesystem/edit.ts +43 -1
package/src/tools/host-filesystem/read.test.ts +129 -0
package/src/tools/host-filesystem/read.ts +43 -1
package/src/tools/host-filesystem/transfer.test.ts +127 -2
package/src/tools/host-filesystem/transfer.ts +56 -11
package/src/tools/host-filesystem/write.test.ts +134 -0
package/src/tools/host-filesystem/write.ts +43 -1
package/src/tools/host-terminal/host-shell.ts +13 -6
package/src/tools/mcp/mcp-tool-factory.ts +2 -1
package/src/tools/memory/register.test.ts +12 -9
package/src/tools/memory/register.ts +1 -2
package/src/tools/provider-tool-name.ts +28 -0
package/src/tools/registry.ts +30 -9
package/src/tools/terminal/shell.ts +9 -1
package/src/tools/tool-approval-handler.ts +31 -6
package/src/tools/types.ts +24 -2
package/src/tts/provider-catalog.ts +3 -5
package/src/util/disk-usage.ts +138 -0
package/src/util/platform.ts +21 -11
package/src/util/process-liveness.ts +26 -0
package/src/workspace/heartbeat-service.ts +19 -0
package/src/workspace/migrations/065-bump-stale-heartbeat-interval.ts +60 -0
package/src/workspace/migrations/066-seed-heartbeat-callsite-cost-default.ts +146 -0
package/src/workspace/migrations/067-release-notes-safe-storage-limits.ts +72 -0
package/src/workspace/migrations/068-release-notes-local-timezone.ts +65 -0
package/src/workspace/migrations/registry.ts +8 -0
package/src/__tests__/conversation-tool-setup-memory-scope.test.ts +0 -167
package/src/memory/v2/__tests__/skill-qdrant.test.ts +0 -657
package/src/memory/v2/skill-qdrant.ts +0 -404
package/src/signals/bash.ts +0 -198

package/src/__tests__/cu-unified-flow.test.ts CHANGED Viewed

@@ -9,8 +9,20 @@ import { afterEach, describe, expect, mock, test } from "bun:test";
 const sentMessages: unknown[] = [];
 let mockHasClient = true; // Default to true for CU unified flow tests
-let mockCuClients: Array<{ clientId: string; capabilities: string[] }> = [
-  { clientId: "mock-client-1", capabilities: ["host_cu"] },
+// Default principal id used for both ctx.trustContext and clients in the
+// existing single-user tests. Tests that exercise cross-user behaviour
+// override this on individual clients and on the SurfaceConversationContext.
+const DEFAULT_PRINCIPAL = "user-1";
+let mockCuClients: Array<{
+  clientId: string;
+  capabilities: string[];
+  actorPrincipalId?: string;
+}> = [
+  {
+    clientId: "mock-client-1",
+    capabilities: ["host_cu"],
+    actorPrincipalId: DEFAULT_PRINCIPAL,
+  },
 ];
 mock.module("../runtime/assistant-event-hub.js", () => ({
@@ -22,6 +34,8 @@ mock.module("../runtime/assistant-event-hub.js", () => ({
       cap === "host_cu" ? mockCuClients : [],
     getClientById: (id: string) =>
       mockCuClients.find((c) => c.clientId === id) ?? null,
+    getActorPrincipalIdForClient: (id: string) =>
+      mockCuClients.find((c) => c.clientId === id)?.actorPrincipalId,
   },
 }));
@@ -38,12 +52,25 @@ type SurfaceConversationContext =
 /**
  * Build a minimal SurfaceConversationContext with optional hostCuProxy.
  * Only the fields required by the CU routing path are populated.
+ *
+ * `trustContext` defaults to a guardian context owned by `DEFAULT_PRINCIPAL`.
+ * Pass `null` to omit the field entirely (used to verify same-user
+ * enforcement when the conversation has no source actor principal).
  */
 function buildMockContext(
   hostCuProxy?: InstanceType<typeof HostCuProxy>,
+  trustGuardianPrincipalId: string | null = DEFAULT_PRINCIPAL,
 ): SurfaceConversationContext {
   return {
     conversationId: "test-session",
+    trustContext:
+      trustGuardianPrincipalId != null
+        ? {
+            sourceChannel: "vellum",
+            trustClass: "guardian",
+            guardianPrincipalId: trustGuardianPrincipalId,
+          }
+        : undefined,
     traceEmitter: { emit: () => {} },
     sendToClient: () => {},
     pendingSurfaceActions: new Map(),
@@ -72,7 +99,13 @@ describe("surfaceProxyResolver — CU tool routing", () => {
   function setupProxy(maxSteps?: number): SurfaceConversationContext {
     sentMessages.length = 0;
     mockHasClient = true;
-    mockCuClients = [{ clientId: "mock-client-1", capabilities: ["host_cu"] }];
+    mockCuClients = [
+      {
+        clientId: "mock-client-1",
+        capabilities: ["host_cu"],
+        actorPrincipalId: DEFAULT_PRINCIPAL,
+      },
+    ];
     proxy = new HostCuProxy(maxSteps);
     return buildMockContext(proxy);
   }
@@ -375,11 +408,19 @@ describe("surfaceProxyResolver — CU tool routing", () => {
   // -------------------------------------------------------------------------
   describe("multi-client ambiguity guard", () => {
-    test("returns error when multiple CU clients connected and no target_client_id given", async () => {
+    test("returns error when multiple same-user CU clients connected and no target_client_id given", async () => {
       const ctx = setupProxy();
       mockCuClients = [
-        { clientId: "client-a", capabilities: ["host_cu"] },
-        { clientId: "client-b", capabilities: ["host_cu"] },
+        {
+          clientId: "client-a",
+          capabilities: ["host_cu"],
+          actorPrincipalId: DEFAULT_PRINCIPAL,
+        },
+        {
+          clientId: "client-b",
+          capabilities: ["host_cu"],
+          actorPrincipalId: DEFAULT_PRINCIPAL,
+        },
       ];
       const result = await surfaceProxyResolver(ctx, "computer_use_click", {
@@ -397,8 +438,16 @@ describe("surfaceProxyResolver — CU tool routing", () => {
     test("proceeds when multiple clients connected and target_client_id is given", async () => {
       const ctx = setupProxy();
       mockCuClients = [
-        { clientId: "client-a", capabilities: ["host_cu"] },
-        { clientId: "client-b", capabilities: ["host_cu"] },
+        {
+          clientId: "client-a",
+          capabilities: ["host_cu"],
+          actorPrincipalId: DEFAULT_PRINCIPAL,
+        },
+        {
+          clientId: "client-b",
+          capabilities: ["host_cu"],
+          actorPrincipalId: DEFAULT_PRINCIPAL,
+        },
       ];
       const resultPromise = surfaceProxyResolver(ctx, "computer_use_click", {
@@ -508,8 +557,18 @@ describe("surfaceProxyResolver — CU tool routing", () => {
     test("dispatches and records action when targetClientId is valid", async () => {
       const ctx = setupProxy();
       mockCuClients = [
-        { clientId: "cu-client", capabilities: ["host_cu"] },
-        { clientId: "client-b", capabilities: ["host_cu"] }, // would otherwise trip ambiguity guard
+        {
+          clientId: "cu-client",
+          capabilities: ["host_cu"],
+          actorPrincipalId: DEFAULT_PRINCIPAL,
+        },
+        // Second client present to ensure target_client_id resolves
+        // unambiguously and would otherwise trip the ambiguity guard.
+        {
+          clientId: "client-b",
+          capabilities: ["host_cu"],
+          actorPrincipalId: DEFAULT_PRINCIPAL,
+        },
       ];
       const resultPromise = surfaceProxyResolver(ctx, "computer_use_click", {
@@ -532,6 +591,113 @@ describe("surfaceProxyResolver — CU tool routing", () => {
     });
   });
+  // -------------------------------------------------------------------------
+  // Same-user enforcement (dispatch layer)
+  //
+  // The proxy enforces this internally as well — these tests verify the
+  // dispatch performs the same-user rejection before the proxy is invoked
+  // (so no step is burned and no action history mutated), and uses the
+  // canonical rejection message.
+  // -------------------------------------------------------------------------
+  describe("same-user enforcement", () => {
+    test("rejects targeted CU dispatch from a different actor principal", async () => {
+      sentMessages.length = 0;
+      mockHasClient = true;
+      mockCuClients = [
+        {
+          clientId: "cu-client",
+          capabilities: ["host_cu"],
+          actorPrincipalId: "user-other",
+        },
+      ];
+      proxy = new HostCuProxy();
+      const ctx = buildMockContext(proxy, DEFAULT_PRINCIPAL);
+      const result = await surfaceProxyResolver(ctx, "computer_use_click", {
+        element_id: 1,
+        reasoning: "click",
+        target_client_id: "cu-client",
+      });
+      expect(result.isError).toBe(true);
+      expect(result.content).toContain(
+        "Submitting actor does not match the target client's actor",
+      );
+      // No state mutation, no dispatch.
+      expect(proxy.stepCount).toBe(0);
+      expect(proxy.actionHistory).toHaveLength(0);
+      expect(sentMessages).toHaveLength(0);
+    });
+    test("rejects when the conversation has no source actor principal", async () => {
+      sentMessages.length = 0;
+      mockHasClient = true;
+      mockCuClients = [
+        {
+          clientId: "cu-client",
+          capabilities: ["host_cu"],
+          actorPrincipalId: DEFAULT_PRINCIPAL,
+        },
+      ];
+      proxy = new HostCuProxy();
+      const ctx = buildMockContext(proxy, null);
+      const result = await surfaceProxyResolver(ctx, "computer_use_click", {
+        element_id: 1,
+        reasoning: "click",
+        target_client_id: "cu-client",
+      });
+      expect(result.isError).toBe(true);
+      expect(result.content).toContain(
+        "Submitting actor does not match the target client's actor",
+      );
+      expect(sentMessages).toHaveLength(0);
+    });
+    test("auto-resolves to the unique same-user CU client when cross-user clients are present", async () => {
+      // Regression: previously the dispatch counted only same-user clients
+      // for the multi-client guard, so 1 same-user + 1 cross-user passed the
+      // guard with no targetClientId — and the proxy then broadcast to ALL
+      // host_cu subscribers, including the cross-user one.
+      sentMessages.length = 0;
+      mockHasClient = true;
+      mockCuClients = [
+        {
+          clientId: "cu-mine",
+          capabilities: ["host_cu"],
+          actorPrincipalId: DEFAULT_PRINCIPAL,
+        },
+        {
+          clientId: "cu-other",
+          capabilities: ["host_cu"],
+          actorPrincipalId: "user-other",
+        },
+      ];
+      proxy = new HostCuProxy();
+      const ctx = buildMockContext(proxy, DEFAULT_PRINCIPAL);
+      const resultPromise = surfaceProxyResolver(ctx, "computer_use_click", {
+        element_id: 1,
+        reasoning: "click",
+        // Intentionally no target_client_id — exercises auto-resolve.
+      });
+      // Broadcast happens, but with the same-user clientId set so only
+      // that client receives it.
+      expect(sentMessages).toHaveLength(1);
+      const sent = sentMessages[0] as Record<string, unknown>;
+      expect(sent.targetClientId).toBe("cu-mine");
+      // Manually resolve to clean up the pending promise.
+      proxy.processObservation(sent.requestId as string, {
+        executionResult: "ok",
+      });
+      await resultPromise;
+    });
+  });
   describe("step limit enforcement through resolver", () => {
     test("rejects action tools when step limit exceeded", async () => {
       const ctx = setupProxy(2); // maxSteps = 2

package/src/__tests__/date-context.test.ts CHANGED Viewed

@@ -1,8 +1,11 @@
 import { describe, expect, test } from "bun:test";
+import { UiConfigSchema } from "../config/schemas/platform.js";
 import {
+  canonicalizeTimeZone,
   extractUserTimeZoneFromRecall,
   formatTurnTimestamp,
+  resolveTurnTimezoneContext,
 } from "../daemon/date-context.js";
 // ---------------------------------------------------------------------------
@@ -85,6 +88,156 @@ describe("extractUserTimeZoneFromRecall", () => {
   });
 });
+// ---------------------------------------------------------------------------
+// UiConfigSchema timezone fields
+// ---------------------------------------------------------------------------
+describe("UiConfigSchema timezone fields", () => {
+  test("accepts canonicalizable IANA timezone identifiers", () => {
+    const result = UiConfigSchema.parse({
+      userTimezone: "america/new_york",
+      detectedTimezone: "america/los_angeles",
+    });
+    expect(result.userTimezone).toBe("America/New_York");
+    expect(result.detectedTimezone).toBe("America/Los_Angeles");
+    expect(UiConfigSchema.parse({ userTimezone: "UTC" }).userTimezone).toBe(
+      "UTC",
+    );
+  });
+  test("accepts empty-string clearing sentinels", () => {
+    const result = UiConfigSchema.parse({
+      userTimezone: "",
+      detectedTimezone: "",
+    });
+    expect(result.userTimezone).toBe("");
+    expect(result.detectedTimezone).toBe("");
+  });
+  test("rejects invalid non-empty userTimezone and detectedTimezone values", () => {
+    expect(() =>
+      UiConfigSchema.parse({ userTimezone: "not-a-timezone" }),
+    ).toThrow("ui.userTimezone must be a valid IANA timezone identifier");
+    expect(() =>
+      UiConfigSchema.parse({ detectedTimezone: "Mars/Olympus_Mons" }),
+    ).toThrow("ui.detectedTimezone must be a valid IANA timezone identifier");
+    expect(() => UiConfigSchema.parse({ userTimezone: "+05:30" })).toThrow(
+      "ui.userTimezone must be a valid IANA timezone identifier",
+    );
+  });
+  test("rejects ambiguous abbreviations and offset strings", () => {
+    for (const value of ["EST", "PST", "UTC+5:30", "GMT-0800", "+05:30"]) {
+      expect(() => UiConfigSchema.parse({ userTimezone: value })).toThrow(
+        "ui.userTimezone must be a valid IANA timezone identifier",
+      );
+      expect(() => UiConfigSchema.parse({ detectedTimezone: value })).toThrow(
+        "ui.detectedTimezone must be a valid IANA timezone identifier",
+      );
+    }
+  });
+});
+// ---------------------------------------------------------------------------
+// canonicalizeTimeZone
+// ---------------------------------------------------------------------------
+describe("canonicalizeTimeZone", () => {
+  test("returns canonical timezone identifiers and ignores empty values", () => {
+    expect(canonicalizeTimeZone("america/new_york")).toBe("America/New_York");
+    expect(canonicalizeTimeZone("")).toBeNull();
+    expect(canonicalizeTimeZone(null)).toBeNull();
+    expect(canonicalizeTimeZone("not-a-timezone")).toBeNull();
+  });
+});
+// ---------------------------------------------------------------------------
+// resolveTurnTimezoneContext
+// ---------------------------------------------------------------------------
+describe("resolveTurnTimezoneContext", () => {
+  test("prefers configured user timezone over automatic sources", () => {
+    const context = resolveTurnTimezoneContext({
+      configuredUserTimeZone: "America/New_York",
+      clientTimezone: "America/Chicago",
+      detectedTimezone: "Asia/Tokyo",
+      hostTimeZone: "Europe/London",
+    });
+    expect(context.effectiveTimezone).toBe("America/New_York");
+    expect(context.source).toBe("configuredUserTimezone");
+  });
+  test("prefers client timezone over detected and host timezones", () => {
+    const context = resolveTurnTimezoneContext({
+      clientTimezone: "America/Chicago",
+      detectedTimezone: "Asia/Tokyo",
+      hostTimeZone: "Europe/London",
+    });
+    expect(context.effectiveTimezone).toBe("America/Chicago");
+    expect(context.source).toBe("clientTimezone");
+  });
+  test("prefers detected timezone over host timezone", () => {
+    const context = resolveTurnTimezoneContext({
+      detectedTimezone: "Asia/Tokyo",
+      hostTimeZone: "Europe/London",
+    });
+    expect(context.effectiveTimezone).toBe("Asia/Tokyo");
+    expect(context.source).toBe("detectedTimezone");
+  });
+  test("uses host timezone before UTC fallback", () => {
+    const context = resolveTurnTimezoneContext({
+      hostTimeZone: "Europe/London",
+    });
+    expect(context.effectiveTimezone).toBe("Europe/London");
+    expect(context.source).toBe("hostTimezone");
+  });
+  test("falls back to UTC when no timezone resolves", () => {
+    const context = resolveTurnTimezoneContext({
+      configuredUserTimeZone: "not-a-timezone",
+      clientTimezone: "also-invalid",
+      detectedTimezone: "",
+      hostTimeZone: "still-invalid",
+    });
+    expect(context.effectiveTimezone).toBe("UTC");
+    expect(context.source).toBe("utcFallback");
+  });
+  test("ignores empty strings during runtime resolution", () => {
+    const context = resolveTurnTimezoneContext({
+      configuredUserTimeZone: "",
+      clientTimezone: "",
+      detectedTimezone: "",
+      hostTimeZone: "UTC",
+    });
+    expect(context.configuredUserTimezone).toBeNull();
+    expect(context.clientTimezone).toBeNull();
+    expect(context.detectedTimezone).toBeNull();
+    expect(context.effectiveTimezone).toBe("UTC");
+    expect(context.source).toBe("hostTimezone");
+  });
+  test("does not use recalled profile timezone in normal turn precedence", () => {
+    const context = resolveTurnTimezoneContext({
+      userTimeZone: "Asia/Tokyo",
+      hostTimeZone: "UTC",
+    });
+    expect(context.effectiveTimezone).toBe("UTC");
+    expect(context.source).toBe("hostTimezone");
+  });
+});
 // ---------------------------------------------------------------------------
 // formatTurnTimestamp
 // ---------------------------------------------------------------------------
@@ -127,11 +280,20 @@ describe("formatTurnTimestamp", () => {
     expect(result).toBe("2026-04-02 (Thursday) 06:52:33 +00:00 (UTC)");
   });
-  test("handles user timezone override", () => {
+  test("handles configured user timezone override", () => {
     const result = formatTurnTimestamp({
       nowMs: THU_APR_02_0652,
       hostTimeZone: "UTC",
-      userTimeZone: "Asia/Tokyo",
+      configuredUserTimeZone: "Asia/Tokyo",
+    });
+    expect(result).toBe("2026-04-02 (Thursday) 15:52:33 +09:00 (Asia/Tokyo)");
+  });
+  test("uses client timezone when no configured override exists", () => {
+    const result = formatTurnTimestamp({
+      nowMs: THU_APR_02_0652,
+      hostTimeZone: "UTC",
+      clientTimezone: "Asia/Tokyo",
     });
     expect(result).toBe("2026-04-02 (Thursday) 15:52:33 +09:00 (Asia/Tokyo)");
   });

package/src/__tests__/disk-pressure-guard.test.ts ADDED Viewed

@@ -0,0 +1,262 @@
+import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
+import type { DiskPressureTransitionResult } from "../daemon/disk-pressure-guard.js";
+import type { DiskUsageInfo } from "../util/disk-usage.js";
+let diskSample: DiskUsageInfo | null = null;
+let diskSampleError: unknown = null;
+let diskSampleCalls = 0;
+mock.module("../config/loader.js", () => ({
+  getConfig: () => ({}),
+}));
+mock.module("../util/disk-usage.js", () => ({
+  getDiskUsageInfo: () => {
+    diskSampleCalls += 1;
+    if (diskSampleError) throw diskSampleError;
+    return diskSample;
+  },
+}));
+mock.module("../runtime/assistant-event.js", () => ({
+  buildAssistantEvent: (message: unknown, conversationId?: string) => ({
+    id: "event-test",
+    type: "message",
+    timestamp: new Date().toISOString(),
+    conversationId,
+    message,
+  }),
+}));
+mock.module("../runtime/assistant-event-hub.js", () => ({
+  AssistantEventHub: class {},
+  broadcastMessage: () => {},
+  capabilityForMessageType: () => undefined,
+  assistantEventHub: {
+    publish: async () => {},
+  },
+}));
+const { _setOverridesForTesting } =
+  await import("../config/assistant-feature-flags.js");
+const {
+  DISK_PRESSURE_OVERRIDE_CONFIRMATION,
+  DISK_PRESSURE_THRESHOLD_PERCENT,
+  __getDiskPressureGuardTimerForTests,
+  __resetDiskPressureGuardForTests,
+  acknowledgeDiskPressureLock,
+  evaluateDiskPressureNow,
+  getDiskPressureStatus,
+  overrideDiskPressureLock,
+  startDiskPressureGuard,
+  stopDiskPressureGuard,
+} = await import("../daemon/disk-pressure-guard.js");
+function setFeatureFlag(enabled: boolean): void {
+  _setOverridesForTesting({ "safe-storage-limits": enabled });
+}
+function setDiskUsage(usedMb: number, totalMb = 100): void {
+  diskSample = {
+    path: "/workspace",
+    totalMb,
+    usedMb,
+    freeMb: Math.max(0, totalMb - usedMb),
+  };
+  diskSampleError = null;
+}
+function expectRejected(
+  result: DiskPressureTransitionResult,
+  reason: Exclude<DiskPressureTransitionResult, { ok: true }>["reason"],
+): asserts result is Exclude<DiskPressureTransitionResult, { ok: true }> {
+  expect(result.ok).toBe(false);
+  if (result.ok) {
+    throw new Error("Expected disk pressure transition to be rejected");
+  }
+  expect(result.reason).toBe(reason);
+}
+beforeEach(() => {
+  __resetDiskPressureGuardForTests();
+  setFeatureFlag(true);
+  setDiskUsage(10);
+  diskSampleCalls = 0;
+});
+afterEach(() => {
+  __resetDiskPressureGuardForTests();
+  _setOverridesForTesting({});
+  diskSample = null;
+  diskSampleError = null;
+  diskSampleCalls = 0;
+});
+describe("disk pressure guard", () => {
+  test("returns a stable disabled status without sampling when the flag is disabled", () => {
+    setDiskUsage(99);
+    setFeatureFlag(false);
+    const status = evaluateDiskPressureNow();
+    expect(status.enabled).toBe(false);
+    expect(status.state).toBe("disabled");
+    expect(status.locked).toBe(false);
+    expect(status.effectivelyLocked).toBe(false);
+    expect(status.usagePercent).toBeNull();
+    expect(diskSampleCalls).toBe(0);
+    expect(getDiskPressureStatus()).toEqual(status);
+  });
+  test("locks when sampled usage reaches the threshold", () => {
+    setDiskUsage(DISK_PRESSURE_THRESHOLD_PERCENT);
+    const status = evaluateDiskPressureNow();
+    expect(status.enabled).toBe(true);
+    expect(status.state).toBe("critical");
+    expect(status.locked).toBe(true);
+    expect(status.acknowledged).toBe(false);
+    expect(status.overrideActive).toBe(false);
+    expect(status.effectivelyLocked).toBe(true);
+    expect(status.lockId).toBeTruthy();
+    expect(status.usagePercent).toBe(DISK_PRESSURE_THRESHOLD_PERCENT);
+    expect(status.thresholdPercent).toBe(DISK_PRESSURE_THRESHOLD_PERCENT);
+    expect(status.path).toBe("/workspace");
+    expect(status.lastCheckedAt).toBeTruthy();
+    expect(status.blockedCapabilities.length).toBeGreaterThan(0);
+  });
+  test("acknowledges an active lock without overriding it", () => {
+    setDiskUsage(99);
+    evaluateDiskPressureNow();
+    const result = acknowledgeDiskPressureLock();
+    expect(result.ok).toBe(true);
+    expect(result.status.acknowledged).toBe(true);
+    expect(result.status.overrideActive).toBe(false);
+    expect(result.status.effectivelyLocked).toBe(true);
+  });
+  test("unlocks and clears acknowledgement and override when usage falls below threshold", () => {
+    setDiskUsage(99);
+    evaluateDiskPressureNow();
+    acknowledgeDiskPressureLock();
+    overrideDiskPressureLock(DISK_PRESSURE_OVERRIDE_CONFIRMATION);
+    setDiskUsage(20);
+    const status = evaluateDiskPressureNow();
+    expect(status.state).toBe("ok");
+    expect(status.locked).toBe(false);
+    expect(status.acknowledged).toBe(false);
+    expect(status.overrideActive).toBe(false);
+    expect(status.effectivelyLocked).toBe(false);
+    expect(status.lockId).toBeNull();
+    expect(status.blockedCapabilities).toEqual([]);
+  });
+  test("overrides an active lock only with the exact confirmation after trimming whitespace", () => {
+    setDiskUsage(99);
+    evaluateDiskPressureNow();
+    const invalid = overrideDiskPressureLock("I accept the risks");
+    expectRejected(invalid, "invalid_confirmation");
+    expect(invalid.status.effectivelyLocked).toBe(true);
+    const valid = overrideDiskPressureLock(
+      `  ${DISK_PRESSURE_OVERRIDE_CONFIRMATION}  `,
+    );
+    expect(valid.ok).toBe(true);
+    expect(valid.status.locked).toBe(true);
+    expect(valid.status.overrideActive).toBe(true);
+    expect(valid.status.effectivelyLocked).toBe(false);
+  });
+  test("rejects acknowledgement when no lock is active", () => {
+    setDiskUsage(10);
+    evaluateDiskPressureNow();
+    const result = acknowledgeDiskPressureLock();
+    expectRejected(result, "not_locked");
+    expect(result.status.locked).toBe(false);
+  });
+  test("rejects override when no lock is active", () => {
+    setDiskUsage(10);
+    evaluateDiskPressureNow();
+    const result = overrideDiskPressureLock(
+      DISK_PRESSURE_OVERRIDE_CONFIRMATION,
+    );
+    expectRejected(result, "not_locked");
+    expect(result.status.locked).toBe(false);
+  });
+  test("rejects repeated override while preserving the existing override", () => {
+    setDiskUsage(99);
+    evaluateDiskPressureNow();
+    const first = overrideDiskPressureLock(DISK_PRESSURE_OVERRIDE_CONFIRMATION);
+    expect(first.ok).toBe(true);
+    const second = overrideDiskPressureLock(
+      DISK_PRESSURE_OVERRIDE_CONFIRMATION,
+    );
+    expectRejected(second, "already_overridden");
+    expect(second.status.overrideActive).toBe(true);
+    expect(second.status.effectivelyLocked).toBe(false);
+  });
+  test("sample failures degrade open and do not preserve a prior lock", () => {
+    setDiskUsage(99);
+    evaluateDiskPressureNow();
+    expect(getDiskPressureStatus().locked).toBe(true);
+    diskSampleError = new Error("sample failed");
+    const status = evaluateDiskPressureNow();
+    expect(status.enabled).toBe(true);
+    expect(status.state).toBe("unknown");
+    expect(status.locked).toBe(false);
+    expect(status.effectivelyLocked).toBe(false);
+    expect(status.error).toBe("sample failed");
+    expect(status.lastCheckedAt).toBeTruthy();
+  });
+  test("timer start and stop are idempotent", () => {
+    expect(__getDiskPressureGuardTimerForTests()).toBeNull();
+    startDiskPressureGuard();
+    const firstTimer = __getDiskPressureGuardTimerForTests();
+    expect(firstTimer).toBeTruthy();
+    startDiskPressureGuard();
+    expect(__getDiskPressureGuardTimerForTests()).toBe(firstTimer);
+    stopDiskPressureGuard();
+    expect(__getDiskPressureGuardTimerForTests()).toBeNull();
+    stopDiskPressureGuard();
+    expect(__getDiskPressureGuardTimerForTests()).toBeNull();
+  });
+  test("disabling the flag clears an active timer and lock", () => {
+    setDiskUsage(99);
+    evaluateDiskPressureNow();
+    startDiskPressureGuard();
+    expect(__getDiskPressureGuardTimerForTests()).toBeTruthy();
+    setFeatureFlag(false);
+    const status = evaluateDiskPressureNow();
+    expect(status.enabled).toBe(false);
+    expect(status.locked).toBe(false);
+    expect(__getDiskPressureGuardTimerForTests()).toBeNull();
+  });
+});