vellum 0.2.0 → 0.2.1

package/src/__tests__/workspace-git-service.test.ts

@@ -7,6 +7,9 @@ import {
   WorkspaceGitService,
   getWorkspaceGitService,
   _resetGitServiceRegistry,
+  _resetBreaker,
+  _getConsecutiveFailures,
+  isDeadlineExpired,
 } from '../workspace/git-service.js';
 
 describe('WorkspaceGitService', () => {
@@ -747,4 +750,218 @@ describe('WorkspaceGitService', () => {
       expect(status.untracked).toContain('README.md');
     });
   });
+
+  describe('deadline-aware commitIfDirty', () => {
+    test('deadline expired before lock acquisition skips commit quickly', async () => {
+      const service = new WorkspaceGitService(testDir);
+      await service.ensureInitialized();
+
+      // Create a file so the workspace is dirty
+      writeFileSync(join(testDir, 'test.txt'), 'content');
+
+      // Use a deadline that has already passed
+      const pastDeadline = Date.now() - 1000;
+      const result = await service.commitIfDirty(
+        () => ({ message: 'should not commit' }),
+        { deadlineMs: pastDeadline },
+      );
+
+      expect(result.committed).toBe(false);
+
+      // File should still be uncommitted
+      const status = await service.getStatus();
+      expect(status.clean).toBe(false);
+      expect(status.untracked).toContain('test.txt');
+    });
+
+    test('deadline far in the future allows commit to proceed', async () => {
+      const service = new WorkspaceGitService(testDir);
+      await service.ensureInitialized();
+
+      writeFileSync(join(testDir, 'test.txt'), 'content');
+
+      // Use a deadline far in the future
+      const futureDeadline = Date.now() + 60_000;
+      const result = await service.commitIfDirty(
+        () => ({ message: 'deadline commit' }),
+        { deadlineMs: futureDeadline },
+      );
+
+      expect(result.committed).toBe(true);
+
+      // Verify the commit was actually created
+      const log = execFileSync('git', ['log', '--oneline', '-n', '1'], {
+        cwd: testDir,
+        encoding: 'utf-8',
+      });
+      expect(log).toContain('deadline commit');
+    });
+
+    test('no deadline option allows commit as normal', async () => {
+      const service = new WorkspaceGitService(testDir);
+      await service.ensureInitialized();
+
+      writeFileSync(join(testDir, 'test.txt'), 'content');
+
+      // No deadline option at all
+      const result = await service.commitIfDirty(
+        () => ({ message: 'no deadline commit' }),
+      );
+
+      expect(result.committed).toBe(true);
+    });
+  });
+
+  describe('breaker re-check under lock', () => {
+    test('queued call that acquires lock after breaker opens skips commit', async () => {
+      const service = new WorkspaceGitService(testDir);
+      await service.ensureInitialized();
+
+      writeFileSync(join(testDir, 'test.txt'), 'content');
+
+      // Simulate a breaker that opened between the pre-lock check and lock acquisition.
+      // We do this by:
+      // 1. Starting a commitIfDirty call (which passes the pre-lock breaker check)
+      // 2. Forcing the breaker open while the call is in progress
+
+      // First, force the breaker open by setting internal state directly.
+      // Since commitIfDirty re-checks the breaker after acquiring the lock,
+      // a call that passes the pre-lock check but finds the breaker open
+      // after acquiring the lock should bail out.
+      const internal = service as unknown as {
+        consecutiveFailures: number;
+        nextAllowedAttemptMs: number;
+      };
+      internal.consecutiveFailures = 5;
+      internal.nextAllowedAttemptMs = Date.now() + 60_000; // far in the future
+
+      // With breaker open, commitIfDirty should skip (pre-lock check)
+      const result = await service.commitIfDirty(
+        () => ({ message: 'should not commit' }),
+      );
+      expect(result.committed).toBe(false);
+
+      // Reset breaker
+      _resetBreaker(service);
+
+      // Now the commit should proceed normally
+      const result2 = await service.commitIfDirty(
+        () => ({ message: 'after breaker reset' }),
+      );
+      expect(result2.committed).toBe(true);
+    });
+
+    test('breaker early return inside lock does not reset breaker via recordSuccess', async () => {
+      const service = new WorkspaceGitService(testDir);
+      await service.ensureInitialized();
+
+      writeFileSync(join(testDir, 'test.txt'), 'content');
+
+      // Force breaker open with known failure count
+      const internal = service as unknown as {
+        consecutiveFailures: number;
+        nextAllowedAttemptMs: number;
+      };
+      internal.consecutiveFailures = 5;
+      internal.nextAllowedAttemptMs = Date.now() + 60_000;
+
+      // Pre-lock check catches the open breaker and returns early.
+      // Verify that consecutiveFailures is NOT reset to 0.
+      const result = await service.commitIfDirty(
+        () => ({ message: 'should not commit' }),
+      );
+      expect(result.committed).toBe(false);
+      expect(_getConsecutiveFailures(service)).toBe(5);
+    });
+
+    test('deadline early return inside lock does not reset breaker via recordSuccess', async () => {
+      const service = new WorkspaceGitService(testDir);
+      await service.ensureInitialized();
+
+      writeFileSync(join(testDir, 'test.txt'), 'content');
+
+      // Set up prior failures (breaker closed but failures recorded)
+      const internal = service as unknown as {
+        consecutiveFailures: number;
+        nextAllowedAttemptMs: number;
+      };
+      internal.consecutiveFailures = 3;
+      // Set nextAllowedAttemptMs in the past so the breaker check passes
+      // but consecutiveFailures is non-zero
+      internal.nextAllowedAttemptMs = Date.now() - 1000;
+
+      // Use a deadline that has already passed — this triggers the pre-lock
+      // deadline fast-path. consecutiveFailures should NOT be reset.
+      const result = await service.commitIfDirty(
+        () => ({ message: 'should not commit' }),
+        { deadlineMs: Date.now() - 1000 },
+      );
+      expect(result.committed).toBe(false);
+      expect(_getConsecutiveFailures(service)).toBe(3);
+    });
+
+    test('successful git operation after failures resets breaker', async () => {
+      const service = new WorkspaceGitService(testDir);
+      await service.ensureInitialized();
+
+      writeFileSync(join(testDir, 'test.txt'), 'content');
+
+      // Set up prior failures with breaker closed (backoff expired)
+      const internal = service as unknown as {
+        consecutiveFailures: number;
+        nextAllowedAttemptMs: number;
+      };
+      internal.consecutiveFailures = 3;
+      internal.nextAllowedAttemptMs = Date.now() - 1000;
+
+      // Commit should succeed and reset the breaker
+      const result = await service.commitIfDirty(
+        () => ({ message: 'recovery commit' }),
+      );
+      expect(result.committed).toBe(true);
+      expect(_getConsecutiveFailures(service)).toBe(0);
+    });
+
+    test('bypassBreaker ignores breaker state', async () => {
+      const service = new WorkspaceGitService(testDir);
+      await service.ensureInitialized();
+
+      writeFileSync(join(testDir, 'test.txt'), 'content');
+
+      // Force breaker open
+      const internal = service as unknown as {
+        consecutiveFailures: number;
+        nextAllowedAttemptMs: number;
+      };
+      internal.consecutiveFailures = 5;
+      internal.nextAllowedAttemptMs = Date.now() + 60_000;
+
+      // With bypassBreaker, commit should succeed despite open breaker
+      const result = await service.commitIfDirty(
+        () => ({ message: 'bypass breaker commit' }),
+        { bypassBreaker: true },
+      );
+      expect(result.committed).toBe(true);
+    });
+  });
+
+  describe('isDeadlineExpired helper', () => {
+    test('returns false when deadlineMs is undefined', () => {
+      expect(isDeadlineExpired(undefined)).toBe(false);
+    });
+
+    test('returns false when deadline is in the future', () => {
+      expect(isDeadlineExpired(Date.now() + 60_000)).toBe(false);
+    });
+
+    test('returns true when deadline is in the past', () => {
+      expect(isDeadlineExpired(Date.now() - 1000)).toBe(true);
+    });
+
+    test('returns true when deadline equals current time', () => {
+      const now = Date.now();
+      // Use a deadline slightly in the past to avoid timing flakes
+      expect(isDeadlineExpired(now - 1)).toBe(true);
+    });
+  });
 });

package/src/__tests__/workspace-heartbeat-service.test.ts

@@ -11,6 +11,7 @@ import {
   HeartbeatService,
   _resetHeartbeatState,
 } from '../workspace/heartbeat-service.js';
+import type { CommitMessageProvider, CommitContext, CommitMessageResult } from '../workspace/commit-message-provider.js';
 
 describe('HeartbeatService', () => {
   let testDir: string;
@@ -344,4 +345,132 @@ describe('HeartbeatService', () => {
       await heartbeat.stop(); // Idempotent
     });
   });
+
+  describe('custom commit message provider', () => {
+    test('heartbeat commit uses custom provider message', async () => {
+      writeFileSync(join(testDir, 'file.txt'), 'content');
+
+      const customProvider: CommitMessageProvider = {
+        buildImmediateMessage(ctx: CommitContext): CommitMessageResult {
+          return {
+            message: `CUSTOM-HEARTBEAT: ${ctx.changedFiles.length} files via ${ctx.trigger}`,
+            metadata: { customProvider: true, trigger: ctx.trigger },
+          };
+        },
+      };
+
+      let currentTime = 1000000;
+      const heartbeat = new HeartbeatService({
+        ageThresholdMs: 5 * 60 * 1000,
+        fileThreshold: 100,
+        getServices: () => services,
+        now: () => currentTime,
+        commitMessageProvider: customProvider,
+      });
+
+      // First check registers dirty state
+      await heartbeat.check();
+      // Advance time past threshold
+      currentTime += 6 * 60 * 1000;
+      // Second check commits
+      const result = await heartbeat.check();
+      expect(result.committed).toBe(1);
+
+      const commitMsg = execFileSync('git', ['log', '-1', '--pretty=%B'], {
+        cwd: testDir,
+        encoding: 'utf-8',
+      });
+      expect(commitMsg).toContain('CUSTOM-HEARTBEAT:');
+      expect(commitMsg).toContain('via heartbeat');
+      expect(commitMsg).toContain('customProvider: true');
+    });
+
+    test('shutdown commit uses custom provider message', async () => {
+      writeFileSync(join(testDir, 'unsaved.txt'), 'uncommitted content');
+
+      const customProvider: CommitMessageProvider = {
+        buildImmediateMessage(ctx: CommitContext): CommitMessageResult {
+          return {
+            message: `CUSTOM-SHUTDOWN: saving ${ctx.changedFiles.length} files`,
+            metadata: { shutdownProvider: true },
+          };
+        },
+      };
+
+      const heartbeat = new HeartbeatService({
+        getServices: () => services,
+        commitMessageProvider: customProvider,
+      });
+
+      const result = await heartbeat.commitAllPending();
+      expect(result.committed).toBe(1);
+
+      const commitMsg = execFileSync('git', ['log', '-1', '--pretty=%B'], {
+        cwd: testDir,
+        encoding: 'utf-8',
+      });
+      expect(commitMsg).toContain('CUSTOM-SHUTDOWN: saving');
+      expect(commitMsg).toContain('shutdownProvider: true');
+    });
+
+    test('custom provider receives correct context fields for heartbeat trigger', async () => {
+      writeFileSync(join(testDir, 'a.txt'), 'a');
+      writeFileSync(join(testDir, 'b.txt'), 'b');
+
+      let capturedCtx: CommitContext | null = null;
+      const customProvider: CommitMessageProvider = {
+        buildImmediateMessage(ctx: CommitContext): CommitMessageResult {
+          capturedCtx = ctx;
+          return { message: 'capture-context' };
+        },
+      };
+
+      let currentTime = 1000000;
+      const heartbeat = new HeartbeatService({
+        ageThresholdMs: 5 * 60 * 1000,
+        fileThreshold: 100,
+        getServices: () => services,
+        now: () => currentTime,
+        commitMessageProvider: customProvider,
+      });
+
+      // Register dirty state
+      await heartbeat.check();
+      // Advance past threshold
+      currentTime += 6 * 60 * 1000;
+      await heartbeat.check();
+
+      expect(capturedCtx).not.toBeNull();
+      expect(capturedCtx!.trigger).toBe('heartbeat');
+      expect(capturedCtx!.workspaceDir).toBe(testDir);
+      expect(capturedCtx!.changedFiles).toContain('a.txt');
+      expect(capturedCtx!.changedFiles).toContain('b.txt');
+      expect(capturedCtx!.timestampMs).toBe(currentTime);
+      expect(capturedCtx!.reason).toBeDefined();
+    });
+
+    test('custom provider receives correct context fields for shutdown trigger', async () => {
+      writeFileSync(join(testDir, 'shutdown-file.txt'), 'data');
+
+      let capturedCtx: CommitContext | null = null;
+      const customProvider: CommitMessageProvider = {
+        buildImmediateMessage(ctx: CommitContext): CommitMessageResult {
+          capturedCtx = ctx;
+          return { message: 'capture-shutdown-context' };
+        },
+      };
+
+      const heartbeat = new HeartbeatService({
+        getServices: () => services,
+        commitMessageProvider: customProvider,
+      });
+
+      await heartbeat.commitAllPending();
+
+      expect(capturedCtx).not.toBeNull();
+      expect(capturedCtx!.trigger).toBe('shutdown');
+      expect(capturedCtx!.workspaceDir).toBe(testDir);
+      expect(capturedCtx!.changedFiles).toContain('shutdown-file.txt');
+    });
+  });
 });

package/src/bundler/app-bundler.ts

@@ -35,15 +35,25 @@ interface FetchedAsset {
 
 /**
  * Extract all remote (http/https) URLs from HTML content.
- * Looks in src=, href=, and CSS url() references.
+ * Looks in src=, href= on asset elements (not <a> tags), and CSS url() references.
  */
 export function extractRemoteUrls(html: string): string[] {
   const urls = new Set<string>();
 
-  // Match src="..." and href="..." attributes (double or single quotes, or unquoted)
-  const attrRe = /\b(?:src|href)\s*=\s*(?:"([^"]*?)"|'([^']*?)'|([^\s>]+))/gi;
+  // Match src="..." attributes on any element
+  const srcRe = /\bsrc\s*=\s*(?:"([^"]*?)"|'([^']*?)'|([^\s>]+))/gi;
   let m: RegExpExecArray | null;
-  while ((m = attrRe.exec(html)) !== null) {
+  while ((m = srcRe.exec(html)) !== null) {
+    const url = m[1] ?? m[2] ?? m[3];
+    if (url && /^https?:\/\//i.test(url)) {
+      urls.add(url);
+    }
+  }
+
+  // Match href="..." only on <link> elements (stylesheets, icons, preloads), not <a> tags.
+  // Captures <link ...href="..."> where href appears anywhere within the tag.
+  const linkRe = /<link\b[^>]*?\bhref\s*=\s*(?:"([^"]*?)"|'([^']*?)'|([^\s>]+))[^>]*?\/?>/gi;
+  while ((m = linkRe.exec(html)) !== null) {
     const url = m[1] ?? m[2] ?? m[3];
     if (url && /^https?:\/\//i.test(url)) {
       urls.add(url);
@@ -104,13 +114,17 @@ export async function materializeAssets(
       try {
         const controller = new AbortController();
         const timeout = setTimeout(() => controller.abort(), ASSET_FETCH_TIMEOUT_MS);
-        const resp = await fetch(url, { signal: controller.signal });
-        clearTimeout(timeout);
-        if (!resp.ok) {
-          bundlerLog.warn({ url, status: resp.status }, 'Failed to fetch asset, keeping original URL');
-          return;
+        let buf: Buffer;
+        try {
+          const resp = await fetch(url, { signal: controller.signal });
+          if (!resp.ok) {
+            bundlerLog.warn({ url, status: resp.status }, 'Failed to fetch asset, keeping original URL');
+            return;
+          }
+          buf = Buffer.from(await resp.arrayBuffer());
+        } finally {
+          clearTimeout(timeout);
         }
-        const buf = Buffer.from(await resp.arrayBuffer());
         const filename = assetFilename(url);
         const archivePath = `assets/${filename}`;
         assets.push({ archivePath, data: buf });
@@ -121,9 +135,12 @@ export async function materializeAssets(
     }),
   );
 
-  // Rewrite URLs in HTML — replace each occurrence of the original URL with the local path
+  // Rewrite URLs in HTML — replace each occurrence of the original URL with the local path.
+  // Sort by length descending so longer URLs are replaced first, preventing prefix collisions
+  // (e.g. "https://cdn/x" replacing part of "https://cdn/x/y.png").
+  const sortedEntries = [...urlMap.entries()].sort((a, b) => b[0].length - a[0].length);
   let rewrittenHtml = html;
-  for (const [originalUrl, localPath] of urlMap) {
+  for (const [originalUrl, localPath] of sortedEntries) {
     // Escape regex special chars in the URL
     const escaped = originalUrl.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
     rewrittenHtml = rewrittenHtml.replace(new RegExp(escaped, 'g'), localPath);

package/src/calls/call-constants.ts

@@ -0,0 +1,10 @@
+// Emergency/high-risk numbers that should never be called
+export const DENIED_NUMBERS = new Set([
+  '911', '112', '999', '000', '110', '119',  // Emergency
+  '+1911', '+1112',
+]);
+
+// Call limits
+export const MAX_CALL_DURATION_MS = 12 * 60 * 1000; // 12 minutes
+export const USER_CONSULTATION_TIMEOUT_MS = 90 * 1000; // 90 seconds
+export const SILENCE_TIMEOUT_MS = 30 * 1000; // 30 seconds