@vellumai/assistant 0.9.0 → 0.10.0-staging.2

package/src/workspace/migrations/108-drop-balanced-economy-profile.ts

@@ -0,0 +1,129 @@
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import type { WorkspaceMigration } from "./types.js";
+
+// Reclaim the managed `balanced-economy` inference profile. Its
+// MiniMax-M3-on-Fireworks config lives on `balanced`, whose content the seeder
+// reconciles from the templates on every boot; the seeder never deletes a
+// profile, so this migration deletes the managed `balanced-economy` object and
+// repoints every reference to it — its `profileOrder` entry, the `activeProfile`
+// and `advisorProfile` selections, call-site `profile` overrides, and mix-profile
+// arms — onto `balanced`, which resolves to the same MiniMax M3 route. A
+// `balanced-economy` profile that the user owns (`source !== "managed"`) is left
+// fully intact, references included.
+
+const ECONOMY = "balanced-economy";
+const REPLACEMENT = "balanced";
+
+export const dropBalancedEconomyProfileMigration: WorkspaceMigration = {
+  id: "108-drop-balanced-economy-profile",
+  description:
+    "Remove the managed Balanced Economy profile and repoint its references to Balanced",
+  run(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) return;
+
+    let config: Record<string, unknown>;
+    try {
+      const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+      config = raw as Record<string, unknown>;
+    } catch {
+      return;
+    }
+
+    const llm = readObject(config.llm);
+    if (llm === null) return;
+
+    const profiles = readObject(llm.profiles);
+    const economy = profiles !== null ? readObject(profiles[ECONOMY]) : null;
+
+    // A user-owned profile that happens to use this name keeps everything,
+    // references included — only the managed profile is reclaimed.
+    if (economy !== null && economy.source !== "managed") return;
+
+    let changed = false;
+
+    if (economy !== null && profiles !== null) {
+      delete profiles[ECONOMY];
+      changed = true;
+    }
+
+    if (Array.isArray(llm.profileOrder)) {
+      const order = llm.profileOrder as unknown[];
+      const pruned = order.filter((name) => name !== ECONOMY);
+      if (pruned.length !== order.length) {
+        llm.profileOrder = pruned;
+        changed = true;
+      }
+    }
+
+    // Repoint call-site overrides — LLMSchema strips a profile name absent from
+    // `llm.profiles` at load, which would drop the equivalent MiniMax route.
+    const callSites = readObject(llm.callSites);
+    if (callSites !== null) {
+      for (const value of Object.values(callSites)) {
+        const site = readObject(value);
+        if (site !== null && site.profile === ECONOMY) {
+          site.profile = REPLACEMENT;
+          changed = true;
+        }
+      }
+    }
+
+    // Repoint mix-profile arms — LLMSchema.superRefine rejects a mix arm whose
+    // referenced profile is absent, failing config validation at load.
+    if (profiles !== null) {
+      for (const value of Object.values(profiles)) {
+        const entry = readObject(value);
+        if (entry === null || !Array.isArray(entry.mix)) continue;
+        for (const arm of entry.mix) {
+          const armObj = readObject(arm);
+          if (armObj !== null && armObj.profile === ECONOMY) {
+            armObj.profile = REPLACEMENT;
+            changed = true;
+          }
+        }
+      }
+    }
+
+    if (llm.activeProfile === ECONOMY) {
+      llm.activeProfile = REPLACEMENT;
+      changed = true;
+
+      // The replaced selection was an enabled profile, so `balanced` must be
+      // usable: a disabled profile is skipped by the resolver and rejected by
+      // validation. Clearing the status sticks because the seeder preserves
+      // whatever status is on disk.
+      const balanced =
+        profiles !== null ? readObject(profiles[REPLACEMENT]) : null;
+      if (balanced !== null && balanced.status === "disabled") {
+        delete balanced.status;
+      }
+    }
+
+    // The advisor selection is the other top-level profile reference
+    // `LLMSchema.superRefine` validates against `llm.profiles`; an unresolvable
+    // value invalidates the config and is stripped at load.
+    if (llm.advisorProfile === ECONOMY) {
+      llm.advisorProfile = REPLACEMENT;
+      changed = true;
+    }
+
+    if (!changed) return;
+
+    config.llm = llm;
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  },
+  down(_workspaceDir: string): void {
+    // Forward-only.
+  },
+};
+
+function readObject(value: unknown): Record<string, unknown> | null {
+  if (value === null || typeof value !== "object" || Array.isArray(value)) {
+    return null;
+  }
+  return value as Record<string, unknown>;
+}

package/src/workspace/migrations/registry.ts

@@ -102,6 +102,10 @@ import { upgradeBalancedEconomyToMinimaxM3Migration } from "./101-upgrade-balanc
 import { preserveHeartbeatEnabledForExistingWorkspacesMigration } from "./102-preserve-heartbeat-enabled-for-existing-workspaces.js";
 import { upgradeQualityProfileToOpus48Migration } from "./103-upgrade-quality-profile-to-opus-4-8.js";
 import { recheckAdaptiveThinkingModelImpliedAnthropicMigration } from "./104-recheck-adaptive-thinking-model-implied-anthropic.js";
+import { enableMemoryV3LiveForNewWorkspacesMigration } from "./105-enable-memory-v3-live-for-new-workspaces.js";
+import { dropCollectUsageDataMigration } from "./106-drop-collect-usage-data.js";
+import { dropSendDiagnosticsMigration } from "./107-drop-send-diagnostics.js";
+import { dropBalancedEconomyProfileMigration } from "./108-drop-balanced-economy-profile.js";
 import { migrateToWorkspaceVolumeMigration } from "./migrate-to-workspace-volume.js";
 import type { WorkspaceMigration } from "./types.js";
 
@@ -215,4 +219,8 @@ export const WORKSPACE_MIGRATIONS: WorkspaceMigration[] = [
   preserveHeartbeatEnabledForExistingWorkspacesMigration,
   upgradeQualityProfileToOpus48Migration,
   recheckAdaptiveThinkingModelImpliedAnthropicMigration,
+  enableMemoryV3LiveForNewWorkspacesMigration,
+  dropCollectUsageDataMigration,
+  dropSendDiagnosticsMigration,
+  dropBalancedEconomyProfileMigration,
 ];

package/src/__tests__/app-control-no-global-cgevent.test.ts

@@ -1,98 +0,0 @@
-/**
- * Static-analysis guard for the AppControl Swift sources.
- *
- * The app-control surface targets a *specific* host process — events must
- * be delivered with `CGEvent.postToPid(_:)` (Swift-bridged) or its C-symbol
- * equivalent `CGEventPostToPid(...)`. The deprecated global form
- * `CGEventPost(...)` posts to the system-wide event tap, which would leak
- * input to whichever app currently has user focus. That defeats the whole
- * point of per-process app control and is a security hazard, so we keep
- * it out of `clients/macos/vellum-assistant/AppControl/` entirely.
- *
- * The guard flags any standalone `CGEventPost(...)` call (i.e. the parens
- * follow the symbol directly, not preceded by `.`). Allowed forms:
- *   - `CGEvent.postToPid(_:)`   (Swift-bridged, modern idiom)
- *   - `CGEventPostToPid(...)`   (C-symbol, process-scoped)
- *   - any line carrying a `// allow: CGEventPost` suppression comment
- *
- * If a real call site ever needs the global form, the suppression comment
- * makes the intent explicit.
- */
-import { readdirSync, readFileSync } from "node:fs";
-import { join } from "node:path";
-import { describe, expect, test } from "bun:test";
-
-const APP_CONTROL_DIR = join(
-  process.cwd(),
-  "..",
-  "clients",
-  "macos",
-  "vellum-assistant",
-  "AppControl",
-);
-
-/** Recursively collect `.swift` files under `dir`. */
-function collectSwiftFiles(dir: string): string[] {
-  const out: string[] = [];
-  for (const entry of readdirSync(dir, { withFileTypes: true })) {
-    const full = join(dir, entry.name);
-    if (entry.isDirectory()) {
-      out.push(...collectSwiftFiles(full));
-    } else if (entry.isFile() && entry.name.endsWith(".swift")) {
-      out.push(full);
-    }
-  }
-  return out;
-}
-
-/**
- * Match a global `CGEventPost(` call: the literal symbol followed
- * immediately by `(`. We use a negative lookbehind to exclude:
- *   - `.CGEventPost(` (member access, not a real Swift form but harmless)
- *   - `CGEventPostToPid(` (process-scoped C symbol — allowed)
- *   - `CGEvent.postToPid(` (Swift-bridged form — does not match anyway,
- *     the symbol there is `postToPid`).
- *
- * The regex is intentionally narrow: `\bCGEventPost\(` matches only
- * `CGEventPost(`. `CGEventPostToPid(` does not match because the substring
- * after `CGEventPost` is `T`, not `(`.
- */
-const GLOBAL_CGEVENT_POST = /\bCGEventPost\(/;
-
-/** Suppression comment that whitelists a single line. */
-const ALLOW_COMMENT = /\/\/\s*allow:\s*CGEventPost/i;
-
-describe("app-control: no global CGEventPost in Swift sources", () => {
-  test("CGEventPost(...) is forbidden in clients/macos/vellum-assistant/AppControl/", () => {
-    const files = collectSwiftFiles(APP_CONTROL_DIR);
-    expect(files.length).toBeGreaterThan(0);
-
-    const violations: string[] = [];
-    for (const file of files) {
-      const content = readFileSync(file, "utf-8");
-      const lines = content.split("\n");
-      for (let i = 0; i < lines.length; i++) {
-        const line = lines[i]!;
-        if (!GLOBAL_CGEVENT_POST.test(line)) continue;
-        if (ALLOW_COMMENT.test(line)) continue;
-        violations.push(`${file}:${i + 1}: ${line.trim()}`);
-      }
-    }
-
-    if (violations.length > 0) {
-      const message = [
-        "Found global CGEventPost(...) calls in AppControl Swift sources.",
-        "App-control input must be process-scoped — use CGEvent.postToPid(_:)",
-        "(Swift-bridged form) or CGEventPostToPid(...) (C-symbol form). The",
-        "global form leaks events to whichever app currently has user focus.",
-        "",
-        "If a specific call site genuinely needs the global form, append a",
-        "`// allow: CGEventPost` comment to that line to suppress this guard.",
-        "",
-        "Violations:",
-        ...violations.map((v) => `  - ${v}`),
-      ].join("\n");
-      expect(violations, message).toEqual([]);
-    }
-  });
-});

package/src/__tests__/credential-security-e2e.test.ts

@@ -1,362 +0,0 @@
-import { beforeEach, describe, expect, mock, test } from "bun:test";
-
-// ---------------------------------------------------------------------------
-// Mocks — declared before importing modules under test
-// ---------------------------------------------------------------------------
-
-const mockConfig = {
-  secretDetection: {
-    enabled: true,
-    allowOneTimeSend: false,
-  },
-  timeouts: { permissionTimeoutSec: 300 },
-};
-
-function setMockNestedValue(
-  obj: Record<string, unknown>,
-  path: string,
-  value: unknown,
-): void {
-  const keys = path.split(".");
-  let current = obj;
-  for (let i = 0; i < keys.length - 1; i++) {
-    const key = keys[i];
-    if (current[key] == null || typeof current[key] !== "object") {
-      current[key] = {};
-    }
-    current = current[key] as Record<string, unknown>;
-  }
-  current[keys[keys.length - 1]] = value;
-}
-
-mock.module("../config/loader.js", () => ({
-  getConfig: () => mockConfig,
-  loadConfig: () => mockConfig,
-  loadRawConfig: () => ({}),
-  saveRawConfig: () => {},
-  setNestedValue: setMockNestedValue,
-  invalidateConfigCache: () => {},
-}));
-
-mock.module("../util/logger.js", () => ({
-  getLogger: () =>
-    new Proxy({} as Record<string, unknown>, {
-      get: () => () => {},
-    }),
-}));
-
-// Track credential store writes
-const storedKeys = new Map<string, string>();
-mock.module("../security/secure-keys.js", () => {
-  const syncSet = (key: string, value: string) => {
-    storedKeys.set(key, value);
-    return true;
-  };
-  const syncDelete = (key: string) => {
-    if (storedKeys.has(key)) {
-      storedKeys.delete(key);
-      return "deleted" as const;
-    }
-    return "not-found" as const;
-  };
-  return {
-    getSecureKeyAsync: async (key: string) => storedKeys.get(key) ?? undefined,
-    getSecureKeyResultAsync: async (account: string) => ({
-      value: storedKeys.get(account),
-      unreachable: false,
-    }),
-    setSecureKeyAsync: async (key: string, value: string) =>
-      syncSet(key, value),
-    deleteSecureKeyAsync: async (key: string) => syncDelete(key),
-    listSecureKeysAsync: async () => ({
-      accounts: [...storedKeys.keys()],
-      unreachable: false,
-    }),
-    getProviderKeyAsync: async () => undefined,
-    getMaskedProviderKey: async () => null,
-  };
-});
-
-// In-memory metadata store that mirrors storedKeys for list/get operations
-const metadataStore = new Map<
-  string,
-  { credentialId: string; service: string; field: string }
->();
-
-mock.module("../tools/credentials/metadata-store.js", () => ({
-  upsertCredentialMetadata: (
-    service: string,
-    field: string,
-    _policy?: Record<string, unknown>,
-  ) => {
-    const key = `${service}:${field}`;
-    metadataStore.set(key, {
-      credentialId: `cred-${service}-${field}`,
-      service,
-      field,
-    });
-  },
-  deleteCredentialMetadata: (service: string, field: string) => {
-    metadataStore.delete(`${service}:${field}`);
-  },
-  getCredentialMetadata: (service: string, field: string) => {
-    return metadataStore.get(`${service}:${field}`) ?? null;
-  },
-  getCredentialMetadataById: (id: string) => {
-    for (const m of metadataStore.values()) {
-      if (m.credentialId === id) return m;
-    }
-    return undefined;
-  },
-  listCredentialMetadata: () => [...metadataStore.values()],
-  assertMetadataWritable: () => {},
-  _setMetadataPath: () => {},
-}));
-
-mock.module("../tools/credentials/policy-validate.js", () => ({
-  validatePolicyInput: () => ({ valid: true, errors: [] }),
-  toPolicyFromInput: (input: Record<string, unknown>) => ({
-    allowedTools: input.allowed_tools ?? [],
-    allowedDomains: input.allowed_domains ?? [],
-    usageDescription: input.usage_description,
-  }),
-}));
-
-// Import modules under test
-const { credentialStoreTool } = await import("../tools/credentials/vault.js");
-const { isToolAllowed } = await import("../tools/credentials/tool-policy.js");
-const { isDomainAllowed } =
-  await import("../tools/credentials/domain-policy.js");
-
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-
-function makeContext(overrides: Record<string, unknown> = {}) {
-  return {
-    workingDir: "/tmp",
-    conversationId: "c1",
-    trustClass: "guardian" as const,
-    ...overrides,
-  };
-}
-
-// ---------------------------------------------------------------------------
-// E2E Scenario 1 — Normal secure store + list
-// ---------------------------------------------------------------------------
-
-describe("E2E: secure store and list lifecycle", () => {
-  beforeEach(() => {
-    storedKeys.clear();
-    metadataStore.clear();
-  });
-
-  test("store persists credential and returns metadata-only confirmation", async () => {
-    const result = await credentialStoreTool.execute(
-      {
-        action: "store",
-        service: "github",
-        field: "token",
-        value: "ghp_abc123",
-      },
-      makeContext(),
-    );
-    expect(result.isError).toBe(false);
-    expect(result.content).toContain("github");
-    // Value must NOT appear in tool output (invariant 1)
-    expect(result.content).not.toContain("ghp_abc123");
-    // Value must be in credential store
-    expect(storedKeys.get("credential/github/token")).toBe("ghp_abc123");
-  });
-
-  test("list returns service/field pairs without secret values", async () => {
-    storedKeys.set("credential/github/token", "secret1");
-    storedKeys.set("credential/aws/access_key", "secret2");
-    metadataStore.set("github:token", {
-      credentialId: "cred-github-token",
-      service: "github",
-      field: "token",
-    });
-    metadataStore.set("aws:access_key", {
-      credentialId: "cred-aws-access_key",
-      service: "aws",
-      field: "access_key",
-    });
-
-    const result = await credentialStoreTool.execute(
-      { action: "list" },
-      makeContext(),
-    );
-    expect(result.isError).toBe(false);
-    expect(result.content).toContain("github");
-    expect(result.content).toContain("token");
-    // Secret values must NOT appear
-    expect(result.content).not.toContain("secret1");
-    expect(result.content).not.toContain("secret2");
-  });
-
-  test("delete removes credential from credential store", async () => {
-    storedKeys.set("credential/github/token", "secret1");
-
-    const result = await credentialStoreTool.execute(
-      { action: "delete", service: "github", field: "token" },
-      makeContext(),
-    );
-    expect(result.isError).toBe(false);
-    expect(storedKeys.has("credential/github/token")).toBe(false);
-  });
-});
-
-// ---------------------------------------------------------------------------
-// E2E Scenario 3 — One-time send override path
-// ---------------------------------------------------------------------------
-
-describe("E2E: one-time send override", () => {
-  beforeEach(() => {
-    storedKeys.clear();
-    metadataStore.clear();
-    mockConfig.secretDetection.allowOneTimeSend = false;
-  });
-
-  test("rejects transient_send when config gate is off", async () => {
-    const ctx = makeContext({
-      requestSecret: async () => ({
-        value: "tmp1",
-        delivery: "transient_send" as const,
-      }),
-    });
-    const result = await credentialStoreTool.execute(
-      { action: "prompt", service: "svc", field: "key", label: "Key" },
-      ctx,
-    );
-    expect(result.isError).toBe(true);
-    expect(result.content).toContain("not enabled");
-    expect(storedKeys.has("credential/svc/key")).toBe(false);
-  });
-
-  test("accepts transient_send when config gate is on", async () => {
-    mockConfig.secretDetection.allowOneTimeSend = true;
-    const ctx = makeContext({
-      requestSecret: async () => ({
-        value: "tmp1",
-        delivery: "transient_send" as const,
-      }),
-    });
-    const result = await credentialStoreTool.execute(
-      { action: "prompt", service: "svc", field: "key", label: "Key" },
-      ctx,
-    );
-    expect(result.isError).toBe(false);
-    expect(result.content).toContain("NOT saved");
-    // Value must NOT be in credential store
-    expect(storedKeys.has("credential/svc/key")).toBe(false);
-    // Value must NOT appear in output
-    expect(result.content).not.toContain("tmp1");
-  });
-
-  test("store delivery always persists regardless of config gate", async () => {
-    mockConfig.secretDetection.allowOneTimeSend = true;
-    const ctx = makeContext({
-      requestSecret: async () => ({
-        value: "perm1",
-        delivery: "store" as const,
-      }),
-    });
-    const result = await credentialStoreTool.execute(
-      { action: "prompt", service: "svc", field: "key", label: "Key" },
-      ctx,
-    );
-    expect(result.isError).toBe(false);
-    expect(storedKeys.has("credential/svc/key")).toBe(true);
-  });
-});
-
-// ---------------------------------------------------------------------------
-// E2E Scenario 4 — Tool policy enforcement
-// ---------------------------------------------------------------------------
-
-describe("E2E: tool policy enforcement", () => {
-  test("allows tool when listed in allowedTools", () => {
-    expect(
-      isToolAllowed("browser_fill_credential", ["browser_fill_credential"]),
-    ).toBe(true);
-  });
-
-  test("denies tool when not listed", () => {
-    expect(isToolAllowed("browser_fill_credential", ["other_tool"])).toBe(
-      false,
-    );
-  });
-
-  test("denies all tools when allowedTools is empty (fail-closed)", () => {
-    expect(isToolAllowed("browser_fill_credential", [])).toBe(false);
-  });
-
-  test("denies when toolName is empty", () => {
-    expect(isToolAllowed("", ["browser_fill_credential"])).toBe(false);
-  });
-});
-
-// ---------------------------------------------------------------------------
-// E2E Scenario 5 — Domain policy enforcement
-// ---------------------------------------------------------------------------
-
-describe("E2E: domain policy enforcement", () => {
-  test("allows exact domain match", () => {
-    expect(isDomainAllowed("github.com", ["github.com"])).toBe(true);
-  });
-
-  test("allows subdomain of registrable domain", () => {
-    expect(isDomainAllowed("login.github.com", ["github.com"])).toBe(true);
-  });
-
-  test("denies mismatched domain", () => {
-    expect(isDomainAllowed("evil.com", ["github.com"])).toBe(false);
-  });
-
-  test("denies when allowedDomains is empty (fail-closed)", () => {
-    expect(isDomainAllowed("github.com", [])).toBe(false);
-  });
-
-  test("denies localhost and IP addresses", () => {
-    expect(isDomainAllowed("localhost", ["localhost"])).toBe(false);
-    expect(isDomainAllowed("127.0.0.1", ["127.0.0.1"])).toBe(false);
-  });
-});
-
-// ---------------------------------------------------------------------------
-// Cross-cutting — output never leaks secrets
-// ---------------------------------------------------------------------------
-
-describe("E2E: cross-cutting secret leak prevention", () => {
-  beforeEach(() => {
-    storedKeys.clear();
-    mockConfig.secretDetection.enabled = true;
-    mockConfig.secretDetection.allowOneTimeSend = false;
-  });
-
-  test("store output never contains the stored value", async () => {
-    const secret = ["sk", "-proj-", "abc123xyz"].join("");
-    const result = await credentialStoreTool.execute(
-      { action: "store", service: "openai", field: "api_key", value: secret },
-      makeContext(),
-    );
-    expect(result.content).not.toContain(secret);
-  });
-
-  test("prompt output never contains the secret value", async () => {
-    mockConfig.secretDetection.allowOneTimeSend = true;
-    const secret = ["tok", "_", "sensitive99"].join("");
-    const ctx = makeContext({
-      requestSecret: async () => ({
-        value: secret,
-        delivery: "transient_send" as const,
-      }),
-    });
-    const result = await credentialStoreTool.execute(
-      { action: "prompt", service: "svc", field: "key", label: "Key" },
-      ctx,
-    );
-    expect(result.content).not.toContain(secret);
-  });
-});