@vellumai/assistant 0.7.2 → 0.8.0

package/src/__tests__/server-history-render.test.ts

@@ -154,6 +154,88 @@ describe("renderHistoryContent", () => {
     ]);
   });
 
+  // ── Persisted risk-option ladders (Phase B of conflation track) ─────────────
+
+  test("hydrates persisted _risk*Options annotations onto tool calls", () => {
+    // Mirrors what `annotatePersistedAssistantMessage` writes to the DB so the
+    // rule editor's chip ladder survives chat-history reload. Without these,
+    // hydrated chips fall back to the synthesized `*` allowlist (see web's
+    // `synthesizeFallbackOption` in RuleEditorModal.tsx).
+    const scopeOptions = [
+      { pattern: "exact", label: "exact: rm -rf /tmp" },
+      { pattern: "by-program", label: "All rm" },
+    ];
+    const allowlistOptions = [
+      { label: "exact", description: "exact match", pattern: "rm -rf /tmp" },
+      { label: "All rm", description: "All rm commands", pattern: "rm *" },
+    ];
+    const directoryScopeOptions = [
+      { scope: "/Users/me/code", label: "in code/" },
+      { scope: "everywhere", label: "Everywhere" },
+    ];
+
+    const output = renderHistoryContent([
+      {
+        type: "tool_use",
+        id: "tu_1",
+        name: "bash",
+        input: { command: "rm -rf /tmp" },
+        _riskLevel: "high",
+        _matchedTrustRuleId: "rule_42",
+        _riskScopeOptions: scopeOptions,
+        _riskAllowlistOptions: allowlistOptions,
+        _riskDirectoryScopeOptions: directoryScopeOptions,
+      },
+    ]);
+
+    const [entry] = output.toolCalls;
+    expect(entry.riskLevel).toBe("high");
+    expect(entry.matchedTrustRuleId).toBe("rule_42");
+    expect(entry.riskScopeOptions).toEqual(scopeOptions);
+    expect(entry.riskAllowlistOptions).toEqual(allowlistOptions);
+    expect(entry.riskDirectoryScopeOptions).toEqual(directoryScopeOptions);
+  });
+
+  test("ignores non-array _risk*Options annotations", () => {
+    // Defensive: a malformed persisted block should not throw or coerce.
+    const output = renderHistoryContent([
+      {
+        type: "tool_use",
+        id: "tu_1",
+        name: "bash",
+        input: { command: "ls" },
+        _riskLevel: "low",
+        _riskScopeOptions: "not an array",
+        _riskAllowlistOptions: { not: "an array" },
+        _riskDirectoryScopeOptions: 42,
+      },
+    ]);
+
+    const [entry] = output.toolCalls;
+    expect(entry.riskLevel).toBe("low");
+    expect(entry.riskScopeOptions).toBeUndefined();
+    expect(entry.riskAllowlistOptions).toBeUndefined();
+    expect(entry.riskDirectoryScopeOptions).toBeUndefined();
+  });
+
+  test("omits absent _risk*Options annotations", () => {
+    const output = renderHistoryContent([
+      {
+        type: "tool_use",
+        id: "tu_1",
+        name: "bash",
+        input: { command: "ls" },
+        _riskLevel: "low",
+      },
+    ]);
+
+    const [entry] = output.toolCalls;
+    expect(entry.riskLevel).toBe("low");
+    expect(entry.riskScopeOptions).toBeUndefined();
+    expect(entry.riskAllowlistOptions).toBeUndefined();
+    expect(entry.riskDirectoryScopeOptions).toBeUndefined();
+  });
+
   test("handles mixed text and tool blocks", () => {
     const output = renderHistoryContent([
       { type: "text", text: "Let me look that up." },

package/src/__tests__/skill-include-graph.test.ts

@@ -6,6 +6,7 @@ import {
   getImmediateChildren,
   indexCatalogById,
   traverseIncludes,
+  validateIncludeCycles,
   validateIncludes,
 } from "../skills/include-graph.js";
 
@@ -299,6 +300,36 @@ describe("validateIncludes — cycle detection", () => {
   });
 });
 
+describe("validateIncludeCycles", () => {
+  test("skips missing children while still detecting available cycles", () => {
+    const catalog = [
+      makeSkill("root", ["missing", "a"]),
+      makeSkill("a", ["b"]),
+      makeSkill("b", ["a"]),
+    ];
+    const index = indexCatalogById(catalog);
+
+    const result = validateIncludeCycles("root", index);
+
+    expect(result.ok).toBe(false);
+    if (!result.ok && result.error === "cycle") {
+      expect(result.cyclePath).toEqual(["a", "b", "a"]);
+    }
+  });
+
+  test("returns success when the only invalid edges are missing children", () => {
+    const catalog = [makeSkill("root", ["missing"])];
+    const index = indexCatalogById(catalog);
+
+    const result = validateIncludeCycles("root", index);
+
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.visited).toEqual(["root"]);
+    }
+  });
+});
+
 describe("collectAllMissing", () => {
   test("returns empty set when skill has no includes", () => {
     const catalog = [makeSkill("root")];

package/src/__tests__/skill-load-tool.test.ts

@@ -266,17 +266,19 @@ describe("skill_load tool", () => {
     expect(markers.length).toBe(1);
   });
 
-  test("returns error when skill has missing include", async () => {
+  test("continues when skill has missing include", async () => {
     writeSkillWithIncludes("parent", "Parent", "Has missing child", "Body", [
       "missing-child",
     ]);
     writeFileSync(join(TEST_DIR, "skills", "SKILLS.md"), "- parent\n");
 
     const result = await executeSkillLoad({ skill: "parent" });
-    expect(result.isError).toBe(true);
+    expect(result.isError).toBe(false);
+    expect(result.content).toContain("Skill: Parent");
+    expect(result.content).toContain("Suggested Included Skills (not loaded):");
     expect(result.content).toContain("missing-child");
-    expect(result.content).toContain("not found");
-    expect(result.content).not.toContain("<loaded_skill");
+    expect(result.content).toContain('<loaded_skill id="parent"');
+    expect(result.content).not.toContain('<loaded_skill id="missing-child"');
   });
 
   test("returns error when skill has circular include", async () => {
@@ -317,7 +319,7 @@ describe("skill_load tool", () => {
     expect(result.content).toContain("<loaded_skill");
   });
 
-  test("failed include validation (missing) emits no loaded_skill marker", async () => {
+  test("missing include emits only the parent loaded_skill marker", async () => {
     const skillDir = join(TEST_DIR, "skills", "marker-missing");
     mkdirSync(skillDir, { recursive: true });
     writeFileSync(
@@ -327,9 +329,13 @@ describe("skill_load tool", () => {
     writeFileSync(join(TEST_DIR, "skills", "SKILLS.md"), "- marker-missing\n");
 
     const result = await executeSkillLoad({ skill: "marker-missing" });
-    expect(result.isError).toBe(true);
-    expect(result.content).not.toContain("<loaded_skill");
-    expect(result.content).not.toMatch(/<loaded_skill\s/);
+    expect(result.isError).toBe(false);
+    expect(result.content).toContain("Suggested Included Skills (not loaded):");
+    expect(result.content).toContain("nonexistent");
+    const markers = result.content.match(/<loaded_skill/g) || [];
+    expect(markers.length).toBe(1);
+    expect(result.content).toContain('<loaded_skill id="marker-missing"');
+    expect(result.content).not.toContain('<loaded_skill id="nonexistent"');
   });
 
   test("failed include validation (cycle) emits no loaded_skill marker", async () => {
@@ -365,6 +371,28 @@ describe("skill_load tool", () => {
     expect(result.content).toContain("Skill: No Includes");
   });
 
+  test("bundled app-builder loads when frontend-design is unavailable", async () => {
+    const result = await executeSkillLoad({ skill: "app-builder" });
+
+    expect(result.isError).toBe(false);
+    expect(result.content).toContain("Skill: App Builder");
+    expect(result.content).toContain("Suggested Included Skills (not loaded):");
+    expect(result.content).toContain("frontend-design");
+    expect(result.content).toContain('<loaded_skill id="app-builder"');
+    expect(result.content).not.toContain('<loaded_skill id="frontend-design"');
+  });
+
+  test("bundled phone-calls loads when setup includes are unavailable", async () => {
+    const result = await executeSkillLoad({ skill: "phone-calls" });
+
+    expect(result.isError).toBe(false);
+    expect(result.content).toContain("Skill: Phone Calls");
+    expect(result.content).toContain("Suggested Included Skills (not loaded):");
+    expect(result.content).toContain("twilio-setup");
+    expect(result.content).toContain('<loaded_skill id="phone-calls"');
+    expect(result.content).not.toContain('<loaded_skill id="twilio-setup"');
+  });
+
   test("skill_load output includes immediate child metadata", async () => {
     writeSkill("child-skill", "Child Skill", "A child skill", "Child body");
     const parentDir = join(TEST_DIR, "skills", "parent-with-children");
@@ -883,7 +911,7 @@ describe("skill_load tool", () => {
     expect(mockAutoInstall).toHaveBeenCalledWith("trans-c");
   });
 
-  test("returns error when auto-install of missing include fails", async () => {
+  test("continues when auto-install of missing include fails", async () => {
     writeSkillWithIncludes(
       "fail-parent",
       "Fail Parent",
@@ -902,10 +930,12 @@ describe("skill_load tool", () => {
     });
 
     const result = await executeSkillLoad({ skill: "fail-parent" });
-    expect(result.isError).toBe(true);
+    expect(result.isError).toBe(false);
+    expect(result.content).toContain("Skill: Fail Parent");
+    expect(result.content).toContain("Suggested Included Skills (not loaded):");
     expect(result.content).toContain("dep-x");
-    expect(result.content).toContain("not found");
-    expect(result.content).not.toContain("<loaded_skill");
+    expect(result.content).toContain('<loaded_skill id="fail-parent"');
+    expect(result.content).not.toContain('<loaded_skill id="dep-x"');
   });
 
   test("stops after MAX_INSTALL_ROUNDS", async () => {
@@ -941,10 +971,8 @@ describe("skill_load tool", () => {
     });
 
     const result = await executeSkillLoad({ skill: "loop-root" });
-    // Should terminate with an error (the final dep is still missing)
-    expect(result.isError).toBe(true);
-    expect(result.content).toContain("not found");
-    // Should have terminated — installCount should be bounded by MAX_INSTALL_ROUNDS (5)
+    expect(result.isError).toBe(false);
+    expect(result.content).toContain("Suggested Included Skills (not loaded):");
     expect(installCount).toBeLessThanOrEqual(5);
   });
 });

package/src/__tests__/skills.test.ts

@@ -1,6 +1,7 @@
 import {
   existsSync,
   mkdirSync,
+  readdirSync,
   readFileSync,
   rmSync,
   symlinkSync,
@@ -678,3 +679,41 @@ describe("bundled computer-use skill", () => {
     ]);
   });
 });
+
+describe("skill source ownership", () => {
+  const BUNDLED_SKILLS_DIR = join(
+    import.meta.dir,
+    "..",
+    "config",
+    "bundled-skills",
+  );
+  const FIRST_PARTY_SKILLS_DIR = join(
+    import.meta.dir,
+    "..",
+    "..",
+    "..",
+    "skills",
+  );
+
+  function collectSourceSkillIds(rootDir: string): string[] {
+    return readdirSync(rootDir, { withFileTypes: true })
+      .filter(
+        (entry) =>
+          entry.isDirectory() &&
+          existsSync(join(rootDir, entry.name, "SKILL.md")),
+      )
+      .map((entry) => entry.name)
+      .sort((a, b) => a.localeCompare(b));
+  }
+
+  test("bundled skills are not duplicated in the first-party source catalog", () => {
+    const firstPartyIds = new Set(
+      collectSourceSkillIds(FIRST_PARTY_SKILLS_DIR),
+    );
+    const duplicates = collectSourceSkillIds(BUNDLED_SKILLS_DIR).filter((id) =>
+      firstPartyIds.has(id),
+    );
+
+    expect(duplicates).toEqual([]);
+  });
+});

package/src/__tests__/suggestion-routes.test.ts

@@ -561,6 +561,52 @@ describe("GET /v1/suggestion", () => {
     expect(options?.config?.callSite).toBe("conversationStarters");
   });
 
+  test("disables thinking and zeros effort to avoid Anthropic temp/thinking 400", async () => {
+    // Regression guard: this call hardcodes `temperature: 0.7` for response
+    // variety. Anthropic 400s on `temperature` ≠ 1 whenever thinking is
+    // enabled or in adaptive mode, so any user profile that resolves
+    // thinking-enabled (Opus 4.x at `effort: high|xhigh`, etc.) would fail
+    // unless we explicitly opt out of thinking on this call site.
+    //
+    // Pinning `thinking: { type: "disabled" }` and `effort: "none"` ensures
+    // the call works on every profile shape. A 60-token reply chip doesn't
+    // benefit from extended thinking anyway.
+    const provider = makeMockProvider("Quick reply");
+    mockGetConfiguredProvider.mockImplementation(async () => provider);
+    mockGetConversationByKey.mockImplementation(() => ({
+      conversationId: "conv-test",
+    }));
+    mockGetMessages.mockImplementation(() => [
+      {
+        id: "msg-asst-thinking",
+        conversationId: "conv-test",
+        role: "assistant",
+        content: JSON.stringify([{ type: "text", text: "Hello!" }]),
+        createdAt: Date.now(),
+        metadata: null,
+      },
+    ]);
+
+    const args = makeArgs({ conversationKey: "test-key" });
+    const deps = makeDeps();
+    await handleGetSuggestion(args, deps);
+
+    expect(provider.sendMessage).toHaveBeenCalledTimes(1);
+    const callArgs = provider.sendMessage.mock.calls[0] as unknown[];
+    const options = callArgs[3] as
+      | {
+          config?: {
+            temperature?: number;
+            thinking?: { type?: string };
+            effort?: string;
+          };
+        }
+      | undefined;
+    expect(options?.config?.temperature).toBe(0.7);
+    expect(options?.config?.thinking).toEqual({ type: "disabled" });
+    expect(options?.config?.effort).toBe("none");
+  });
+
   test("does not send an assistant-role prefill message", async () => {
     // Regression guard: Anthropic rejects assistant-message prefill
     // whenever the request triggers extended thinking (e.g. Opus 4.x at

package/src/__tests__/tool-execution-pipeline.benchmark.test.ts

@@ -30,16 +30,6 @@ mock.module("../util/logger.js", () => ({
     }),
 }));
 
-// Allow toggling between no-rule and matched-rule paths
-let mockRuleResponse: import("../permissions/types.js").TrustRule | null = null;
-
-mock.module("../permissions/trust-store.js", () => ({
-  addRule: () => {},
-  findHighestPriorityRule: () => mockRuleResponse,
-  onRulesChanged: () => {},
-  clearCache: () => {},
-}));
-
 mock.module("../config/loader.js", () => ({
   getConfig: () => ({
     ui: {},
@@ -302,38 +292,6 @@ describe("Tool execution pipeline benchmark", () => {
     expect(results[0].decision).toBe("allow");
   });
 
-  test("check: matched allow-rule path for medium-risk tool", async () => {
-    // Exercise the code path where findHighestPriorityRule returns a matching
-    // allow rule, rather than always falling through to the no-rule default.
-    mockRuleResponse = {
-      id: "bench:allow-file_write",
-      tool: "file_write",
-      pattern: "**",
-      scope: "/tmp",
-      decision: "allow",
-      priority: 90,
-      createdAt: Date.now(),
-    };
-
-    try {
-      const { timings, results } = await benchmarkAsync(
-        () => check("file_write", { path: "/tmp/out.txt" }, "/tmp"),
-        ITERATIONS,
-      );
-
-      const p50 = percentile(timings, 50);
-      const p95 = percentile(timings, 95);
-
-      expect(p50).toBeLessThan(10);
-      expect(p95).toBeLessThan(20);
-      // Medium-risk with a matching allow rule should auto-allow
-      expect(results[0].decision).toBe("allow");
-      expect(results[0].matchedRule?.id).toBe("bench:allow-file_write");
-    } finally {
-      mockRuleResponse = null;
-    }
-  });
-
   test("check: permission cost is stable across different input paths", async () => {
     // Verify that the permission check cost doesn't vary with input path length/complexity.
     // Actual tool-execution-time independence is tested in the ToolExecutor section below.

package/src/__tests__/tool-executor.test.ts

@@ -73,6 +73,11 @@ let cachedAssessmentOverride:
       riskLevel: string;
       reason: string;
       scopeOptions: Array<{ pattern: string; label: string }>;
+      allowlistOptions?: Array<{
+        label: string;
+        description: string;
+        pattern: string;
+      }>;
       directoryScopeOptions?: Array<{ scope: string; label: string }>;
       matchType: string;
     }
@@ -202,6 +207,32 @@ describe("ToolExecutor allowedToolNames gating", () => {
     expect(result.content).toBe("ok");
   });
 
+  test("canonicalizes app-builder create_app alias before active-tool gating", async () => {
+    const executor = new ToolExecutor(makePrompter());
+    const allowed = new Set(["app_create"]);
+    const result = await executor.execute(
+      "create_app",
+      { name: "Calculator" },
+      makeContext({ allowedToolNames: allowed }),
+    );
+
+    expect(result.isError).toBe(false);
+    expect(result.content).toBe("ok");
+  });
+
+  test("preserves exact active create_app tool before applying compatibility aliases", async () => {
+    const executor = new ToolExecutor(makePrompter());
+    const allowed = new Set(["create_app", "app_create"]);
+    const result = await executor.execute(
+      "create_app",
+      { name: "Custom App" },
+      makeContext({ allowedToolNames: allowed }),
+    );
+
+    expect(result.isError).toBe(false);
+    expect(lastCheckArgs?.toolName).toBe("create_app");
+  });
+
   test("blocks execution when tool is NOT in the allowed set", async () => {
     const executor = new ToolExecutor(makePrompter());
     const allowed = new Set(["file_read", "bash"]);
@@ -1123,4 +1154,128 @@ describe("ToolExecutionResult includes risk metadata from classifier assessment"
       { scope: "/tmp", label: "Anywhere in tmp/" },
     ]);
   });
+
+  test("auto-approved tool result includes riskAllowlistOptions when classifier emits them (Minimatch-glob shape for save path)", async () => {
+    cachedAssessmentOverride = {
+      riskLevel: "medium",
+      reason: "Reads workspace files",
+      // Display ladder (regex shape — not for save).
+      scopeOptions: [
+        { pattern: "^echo\\b.*hello$", label: "echo hello" },
+        { pattern: "^echo\\b", label: "echo *" },
+      ],
+      // Save ladder (Minimatch-glob shape — what gateway matches against).
+      allowlistOptions: [
+        {
+          label: "echo hello",
+          description: "This exact command",
+          pattern: "echo hello",
+        },
+        {
+          label: "echo *",
+          description: "Any echo command",
+          pattern: "action:echo",
+        },
+      ],
+      matchType: "registry",
+    };
+
+    const executor = new ToolExecutor(makePrompter());
+    const result = await executor.execute(
+      "file_read",
+      { path: "README.md" },
+      makeContext({ requireFreshApproval: true }),
+    );
+
+    expect(result.isError).toBe(false);
+    // Both shapes flow through independently — same labels, different patterns.
+    expect(result.riskScopeOptions).toEqual([
+      { pattern: "^echo\\b.*hello$", label: "echo hello" },
+      { pattern: "^echo\\b", label: "echo *" },
+    ]);
+    expect(result.riskAllowlistOptions).toEqual([
+      {
+        label: "echo hello",
+        description: "This exact command",
+        pattern: "echo hello",
+      },
+      {
+        label: "echo *",
+        description: "Any echo command",
+        pattern: "action:echo",
+      },
+    ]);
+  });
+
+  test("riskAllowlistOptions is undefined when classifier did not produce allowlist (e.g. web-risk classifier)", async () => {
+    cachedAssessmentOverride = {
+      riskLevel: "low",
+      reason: "GET request to public URL",
+      scopeOptions: [{ pattern: "https://example.com/.*", label: "example.com" }],
+      // allowlistOptions intentionally omitted — some classifiers don't emit them.
+      matchType: "registry",
+    };
+
+    const executor = new ToolExecutor(makePrompter());
+    const result = await executor.execute(
+      "file_read",
+      { path: "README.md" },
+      makeContext({ requireFreshApproval: true }),
+    );
+
+    expect(result.isError).toBe(false);
+    // Display ladder still flows; save ladder is absent so the client must
+    // fall back to a synthesized option (or omit save).
+    expect(result.riskScopeOptions).toEqual([
+      { pattern: "https://example.com/.*", label: "example.com" },
+    ]);
+    expect(result.riskAllowlistOptions).toBeUndefined();
+  });
+
+  test("riskAllowlistOptions is undefined when no classifier ran (MCP tools)", async () => {
+    // cachedAssessmentOverride is undefined — no classifier ran.
+    const executor = new ToolExecutor(makePrompter());
+    const result = await executor.execute(
+      "file_read",
+      { path: "README.md" },
+      makeContext(),
+    );
+
+    expect(result.isError).toBe(false);
+    expect(result.riskScopeOptions).toBeUndefined();
+    expect(result.riskAllowlistOptions).toBeUndefined();
+  });
+
+  test("denied tool result still carries riskAllowlistOptions for the rule editor save path", async () => {
+    checkResultOverride = { decision: "deny", reason: "Blocked by deny rule" };
+    cachedAssessmentOverride = {
+      riskLevel: "high",
+      reason: "Recursive force delete",
+      scopeOptions: [{ pattern: "^rm\\s+-rf", label: "rm -rf *" }],
+      allowlistOptions: [
+        {
+          label: "rm -rf *",
+          description: "Any rm -rf command",
+          pattern: "action:rm",
+        },
+      ],
+      matchType: "registry",
+    };
+
+    const executor = new ToolExecutor(makePrompter());
+    const result = await executor.execute(
+      "file_read",
+      { path: "anything" },
+      makeContext({ requireFreshApproval: true }),
+    );
+
+    expect(result.isError).toBe(true);
+    expect(result.riskAllowlistOptions).toEqual([
+      {
+        label: "rm -rf *",
+        description: "Any rm -rf command",
+        pattern: "action:rm",
+      },
+    ]);
+  });
 });

package/src/__tests__/twilio-validation.test.ts

@@ -49,7 +49,7 @@ describe("Twilio validation middleware", () => {
     };
   });
 
-  test("validates signatures against Twilio-specific public ingress first", async () => {
+  test("validates signatures against configured public ingress", async () => {
     mockConfig = {
       ingress: {
         publicBaseUrl: "  https://twilio.example.com///  ",
@@ -77,7 +77,7 @@ describe("Twilio validation middleware", () => {
     ]);
   });
 
-  test("falls back to generic public ingress when Twilio-specific ingress is empty", async () => {
+  test("uses configured public ingress for status callbacks", async () => {
     const req = new Request("http://127.0.0.1:7821/v1/calls/twilio/status", {
       method: "POST",
       headers: { "x-twilio-signature": "valid" },

package/src/__tests__/voice-session-bridge.test.ts

@@ -652,6 +652,9 @@ describe("voice-session-bridge", () => {
     expect(prompt).toContain(
       "If your assistant name is not known, skip the name and just identify yourself as the guardian's assistant.",
     );
+    expect(prompt).toContain(
+      "Never use a UUID-shaped internal assistant ID as your spoken name.",
+    );
     expect(prompt).toContain(
       'Do NOT say "I\'m calling" or "I\'m calling on behalf of".',
     );