vellum 0.2.1 → 0.2.2

package/src/tools/network/script-proxy/__tests__/policy.test.ts

@@ -0,0 +1,234 @@
+import { describe, test, expect } from 'bun:test';
+import { evaluateRequest, evaluateRequestWithApproval } from '../policy.js';
+import type { CredentialInjectionTemplate } from '../../../credentials/policy-types.js';
+
+function makeTemplate(overrides: Partial<CredentialInjectionTemplate> = {}): CredentialInjectionTemplate {
+  return {
+    hostPattern: '*.example.com',
+    injectionType: 'header',
+    headerName: 'Authorization',
+    valuePrefix: 'Bearer ',
+    ...overrides,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// evaluateRequest
+// ---------------------------------------------------------------------------
+
+describe('evaluateRequest', () => {
+  test('returns unauthenticated when no credential IDs', () => {
+    const result = evaluateRequest('api.example.com', '/', [], new Map());
+    expect(result.kind).toBe('unauthenticated');
+  });
+
+  test('returns missing when credential has no templates', () => {
+    const result = evaluateRequest('api.example.com', '/', ['cred-1'], new Map());
+    expect(result.kind).toBe('missing');
+  });
+
+  test('returns missing when no template matches the host', () => {
+    const templates = new Map<string, CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [makeTemplate({ hostPattern: '*.other.com' })]);
+    const result = evaluateRequest('api.example.com', '/', ['cred-1'], templates);
+    expect(result.kind).toBe('missing');
+  });
+
+  test('returns matched for exact host match', () => {
+    const tpl = makeTemplate({ hostPattern: 'api.example.com' });
+    const templates = new Map<string, CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [tpl]);
+    const result = evaluateRequest('api.example.com', '/', ['cred-1'], templates);
+    expect(result.kind).toBe('matched');
+    if (result.kind === 'matched') {
+      expect(result.credentialId).toBe('cred-1');
+      expect(result.template).toBe(tpl);
+    }
+  });
+
+  test('returns matched for wildcard host match', () => {
+    const tpl = makeTemplate({ hostPattern: '*.example.com' });
+    const templates = new Map<string, CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [tpl]);
+    const result = evaluateRequest('api.example.com', '/', ['cred-1'], templates);
+    expect(result.kind).toBe('matched');
+    if (result.kind === 'matched') {
+      expect(result.credentialId).toBe('cred-1');
+    }
+  });
+
+  test('prefers exact match over wildcard for same credential', () => {
+    const wildcard = makeTemplate({ hostPattern: '*.example.com', headerName: 'X-Wildcard' });
+    const exact = makeTemplate({ hostPattern: 'api.example.com', headerName: 'X-Exact' });
+    const templates = new Map<string, CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [wildcard, exact]);
+    const result = evaluateRequest('api.example.com', '/', ['cred-1'], templates);
+    expect(result.kind).toBe('matched');
+    if (result.kind === 'matched') {
+      expect(result.template.headerName).toBe('X-Exact');
+    }
+  });
+
+  test('returns ambiguous for same-specificity tie within one credential', () => {
+    const tpl1 = makeTemplate({ hostPattern: '*.example.com', headerName: 'X-One' });
+    const tpl2 = makeTemplate({ hostPattern: '*.example.com', headerName: 'X-Two' });
+    const templates = new Map<string, CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [tpl1, tpl2]);
+    const result = evaluateRequest('api.example.com', '/', ['cred-1'], templates);
+    expect(result.kind).toBe('ambiguous');
+    if (result.kind === 'ambiguous') {
+      expect(result.candidates).toHaveLength(2);
+    }
+  });
+
+  test('returns ambiguous for cross-credential match', () => {
+    const tpl1 = makeTemplate({ hostPattern: '*.example.com' });
+    const tpl2 = makeTemplate({ hostPattern: '*.example.com' });
+    const templates = new Map<string, CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [tpl1]);
+    templates.set('cred-2', [tpl2]);
+    const result = evaluateRequest('api.example.com', '/', ['cred-1', 'cred-2'], templates);
+    expect(result.kind).toBe('ambiguous');
+    if (result.kind === 'ambiguous') {
+      expect(result.candidates).toHaveLength(2);
+    }
+  });
+
+  test('skips query-type injection templates', () => {
+    const tpl = makeTemplate({
+      hostPattern: '*.example.com',
+      injectionType: 'query',
+      queryParamName: 'api_key',
+      headerName: undefined,
+    });
+    const templates = new Map<string, CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [tpl]);
+    const result = evaluateRequest('api.example.com', '/', ['cred-1'], templates);
+    expect(result.kind).toBe('missing');
+  });
+
+  test('wildcard with includeApexForWildcard matches bare domain', () => {
+    const tpl = makeTemplate({ hostPattern: '*.example.com' });
+    const templates = new Map<string, CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [tpl]);
+    const result = evaluateRequest('example.com', '/', ['cred-1'], templates);
+    expect(result.kind).toBe('matched');
+  });
+});
+
+// ---------------------------------------------------------------------------
+// evaluateRequestWithApproval
+// ---------------------------------------------------------------------------
+
+describe('evaluateRequestWithApproval', () => {
+  test('passes through matched decisions', () => {
+    const tpl = makeTemplate({ hostPattern: 'api.example.com' });
+    const sessionTemplates = new Map<string, CredentialInjectionTemplate[]>();
+    sessionTemplates.set('cred-1', [tpl]);
+    const result = evaluateRequestWithApproval(
+      'api.example.com', null, '/',
+      ['cred-1'], sessionTemplates, [],
+    );
+    expect(result.kind).toBe('matched');
+  });
+
+  test('passes through ambiguous decisions', () => {
+    const tpl1 = makeTemplate({ hostPattern: '*.example.com', headerName: 'X-One' });
+    const tpl2 = makeTemplate({ hostPattern: '*.example.com', headerName: 'X-Two' });
+    const sessionTemplates = new Map<string, CredentialInjectionTemplate[]>();
+    sessionTemplates.set('cred-1', [tpl1, tpl2]);
+    const result = evaluateRequestWithApproval(
+      'api.example.com', null, '/',
+      ['cred-1'], sessionTemplates, [],
+    );
+    expect(result.kind).toBe('ambiguous');
+  });
+
+  test('returns ask_missing_credential when known templates match', () => {
+    const sessionTemplates = new Map<string, CredentialInjectionTemplate[]>();
+    const allKnown = [makeTemplate({ hostPattern: '*.example.com' })];
+    const result = evaluateRequestWithApproval(
+      'api.example.com', 443, '/api',
+      ['cred-1'], sessionTemplates, allKnown,
+    );
+    expect(result.kind).toBe('ask_missing_credential');
+    if (result.kind === 'ask_missing_credential') {
+      expect(result.target.hostname).toBe('api.example.com');
+      expect(result.target.port).toBe(443);
+      expect(result.target.path).toBe('/api');
+      expect(result.matchingPatterns).toContain('*.example.com');
+    }
+  });
+
+  test('deduplicates matching patterns', () => {
+    const sessionTemplates = new Map<string, CredentialInjectionTemplate[]>();
+    const allKnown = [
+      makeTemplate({ hostPattern: '*.example.com', headerName: 'X-One' }),
+      makeTemplate({ hostPattern: '*.example.com', headerName: 'X-Two' }),
+    ];
+    const result = evaluateRequestWithApproval(
+      'api.example.com', null, '/',
+      ['cred-1'], sessionTemplates, allKnown,
+    );
+    expect(result.kind).toBe('ask_missing_credential');
+    if (result.kind === 'ask_missing_credential') {
+      expect(result.matchingPatterns).toEqual(['*.example.com']);
+    }
+  });
+
+  test('returns ask_unauthenticated when no known templates match and no credentials', () => {
+    const sessionTemplates = new Map<string, CredentialInjectionTemplate[]>();
+    const result = evaluateRequestWithApproval(
+      'unknown.example.com', null, '/',
+      [], sessionTemplates, [],
+    );
+    expect(result.kind).toBe('ask_unauthenticated');
+    if (result.kind === 'ask_unauthenticated') {
+      expect(result.target.hostname).toBe('unknown.example.com');
+      expect(result.target.scheme).toBe('https');
+    }
+  });
+
+  test('returns ask_unauthenticated for unknown host even with known templates for other hosts', () => {
+    const sessionTemplates = new Map<string, CredentialInjectionTemplate[]>();
+    const allKnown = [makeTemplate({ hostPattern: '*.other.com' })];
+    const result = evaluateRequestWithApproval(
+      'unknown.example.com', null, '/',
+      [], sessionTemplates, allKnown,
+    );
+    expect(result.kind).toBe('ask_unauthenticated');
+  });
+
+  test('skips query templates when scanning allKnownTemplates', () => {
+    const sessionTemplates = new Map<string, CredentialInjectionTemplate[]>();
+    const allKnown = [makeTemplate({
+      hostPattern: '*.example.com',
+      injectionType: 'query',
+      queryParamName: 'key',
+      headerName: undefined,
+    })];
+    const result = evaluateRequestWithApproval(
+      'api.example.com', null, '/',
+      ['cred-1'], sessionTemplates, allKnown,
+    );
+    // Query templates are skipped, so no pattern matches → ask_unauthenticated
+    // But credentialIds is non-empty so base is 'missing' → then no known header templates → ask_unauthenticated
+    // Actually: credentialIds=['cred-1'] but sessionTemplates is empty → base='missing'
+    // allKnown only has query type → no header matches → falls through to ask_unauthenticated
+    // Wait: base is 'missing' (not unauthenticated), and uniquePatterns.length===0
+    // For 'missing' with no matching patterns, the function returns ask_unauthenticated
+    expect(result.kind).toBe('ask_unauthenticated');
+  });
+
+  test('uses provided scheme parameter', () => {
+    const sessionTemplates = new Map<string, CredentialInjectionTemplate[]>();
+    const result = evaluateRequestWithApproval(
+      'unknown.example.com', 80, '/',
+      [], sessionTemplates, [], 'http',
+    );
+    expect(result.kind).toBe('ask_unauthenticated');
+    if (result.kind === 'ask_unauthenticated') {
+      expect(result.target.scheme).toBe('http');
+    }
+  });
+});

package/src/tools/network/script-proxy/__tests__/router.test.ts

@@ -0,0 +1,76 @@
+import { describe, test, expect } from 'bun:test';
+import { routeConnection } from '../router.js';
+import type { CredentialInjectionTemplate } from '../../../credentials/policy-types.js';
+
+function makeTemplate(overrides: Partial<CredentialInjectionTemplate> = {}): CredentialInjectionTemplate {
+  return {
+    hostPattern: '*.example.com',
+    injectionType: 'header',
+    headerName: 'Authorization',
+    valuePrefix: 'Bearer ',
+    ...overrides,
+  };
+}
+
+describe('routeConnection', () => {
+  test('tunnels when no credentials', () => {
+    const result = routeConnection('api.example.com', 443, [], new Map());
+    expect(result.action).toBe('tunnel');
+    expect(result.reason).toBe('tunnel:no_credentials');
+  });
+
+  test('tunnels when credentials exist but no template matches', () => {
+    const templates = new Map<string, readonly CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [makeTemplate({ hostPattern: '*.other.com' })]);
+    const result = routeConnection('api.example.com', 443, ['cred-1'], templates);
+    expect(result.action).toBe('tunnel');
+    expect(result.reason).toBe('tunnel:no_rewrite');
+  });
+
+  test('tunnels when credential has no templates in map', () => {
+    const templates = new Map<string, readonly CredentialInjectionTemplate[]>();
+    const result = routeConnection('api.example.com', 443, ['cred-1'], templates);
+    expect(result.action).toBe('tunnel');
+    expect(result.reason).toBe('tunnel:no_rewrite');
+  });
+
+  test('MITMs when wildcard template matches', () => {
+    const templates = new Map<string, readonly CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [makeTemplate({ hostPattern: '*.example.com' })]);
+    const result = routeConnection('api.example.com', 443, ['cred-1'], templates);
+    expect(result.action).toBe('mitm');
+    expect(result.reason).toBe('mitm:credential_injection');
+  });
+
+  test('MITMs when exact template matches', () => {
+    const templates = new Map<string, readonly CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [makeTemplate({ hostPattern: 'api.example.com' })]);
+    const result = routeConnection('api.example.com', 443, ['cred-1'], templates);
+    expect(result.action).toBe('mitm');
+    expect(result.reason).toBe('mitm:credential_injection');
+  });
+
+  test('MITMs when any credential matches (first wins)', () => {
+    const templates = new Map<string, readonly CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [makeTemplate({ hostPattern: '*.other.com' })]);
+    templates.set('cred-2', [makeTemplate({ hostPattern: '*.example.com' })]);
+    const result = routeConnection('api.example.com', 443, ['cred-1', 'cred-2'], templates);
+    expect(result.action).toBe('mitm');
+    expect(result.reason).toBe('mitm:credential_injection');
+  });
+
+  test('wildcard matches bare apex domain with includeApexForWildcard', () => {
+    const templates = new Map<string, readonly CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [makeTemplate({ hostPattern: '*.example.com' })]);
+    const result = routeConnection('example.com', 443, ['cred-1'], templates);
+    expect(result.action).toBe('mitm');
+    expect(result.reason).toBe('mitm:credential_injection');
+  });
+
+  test('case-insensitive matching', () => {
+    const templates = new Map<string, readonly CredentialInjectionTemplate[]>();
+    templates.set('cred-1', [makeTemplate({ hostPattern: '*.EXAMPLE.COM' })]);
+    const result = routeConnection('API.example.com', 443, ['cred-1'], templates);
+    expect(result.action).toBe('mitm');
+  });
+});

package/src/tools/network/web-fetch.ts

@@ -298,12 +298,21 @@ function extractFirstMatch(text: string, regex: RegExp, captureGroup = 1): strin
 }
 
 function extractHtmlMetadata(html: string): { title?: string; description?: string } {
-  const title = extractFirstMatch(html, /<title[^>]*>([\s\S]*?)<\/title>/i);
+  // Only search the <head> section (or first 50KB) to avoid catastrophic
+  // regex backtracking on large HTML documents.
+  // Strip <script> blocks first so that a literal "</head>" inside a script
+  // doesn't cause a false match that truncates the search region prematurely.
+  const candidate = html.slice(0, 200_000);
+  const stripped = candidate.replace(/<script[\s>][\s\S]*?<\/script>/gi, '');
+  const headEnd = stripped.search(/<\/head[\s>]/i);
+  const searchRegion = headEnd > 0 ? stripped.slice(0, headEnd + 10) : stripped.slice(0, 50_000);
+
+  const title = extractFirstMatch(searchRegion, /<title[^>]*>([\s\S]*?)<\/title>/i);
   const description =
-    extractFirstMatch(html, /<meta\s+[^>]*name=(['"])description\1[^>]*content=(['"])([\s\S]*?)\2[^>]*>/i, 3)
-    ?? extractFirstMatch(html, /<meta\s+[^>]*content=(['"])([\s\S]*?)\1[^>]*name=(['"])description\3[^>]*>/i, 2)
-    ?? extractFirstMatch(html, /<meta\s+[^>]*property=(['"])og:description\1[^>]*content=(['"])([\s\S]*?)\2[^>]*>/i, 3)
-    ?? extractFirstMatch(html, /<meta\s+[^>]*content=(['"])([\s\S]*?)\1[^>]*property=(['"])og:description\3[^>]*>/i, 2);
+    extractFirstMatch(searchRegion, /<meta\s+[^>]*name=(['"])description\1[^>]*content=(['"])([\s\S]*?)\2[^>]*>/i, 3)
+    ?? extractFirstMatch(searchRegion, /<meta\s+[^>]*content=(['"])([\s\S]*?)\1[^>]*name=(['"])description\3[^>]*>/i, 2)
+    ?? extractFirstMatch(searchRegion, /<meta\s+[^>]*property=(['"])og:description\1[^>]*content=(['"])([\s\S]*?)\2[^>]*>/i, 3)
+    ?? extractFirstMatch(searchRegion, /<meta\s+[^>]*content=(['"])([\s\S]*?)\1[^>]*property=(['"])og:description\3[^>]*>/i, 2);
 
   return { title, description };
 }
@@ -437,7 +446,10 @@ export async function executeWebFetch(
   const safeRequestedUrl = sanitizeUrlForOutput(parsedUrl);
 
   const controller = new AbortController();
-  const timeoutHandle = setTimeout(() => controller.abort(), timeoutSeconds * 1000);
+  const timeoutHandle = setTimeout(() => {
+    log.warn({ url: safeRequestedUrl, timeoutSeconds }, 'Web fetch timeout fired, aborting');
+    controller.abort();
+  }, timeoutSeconds * 1000);
 
   try {
     log.debug({ url: safeRequestedUrl, timeoutSeconds, maxChars, startIndex, rawMode }, 'Fetching webpage');

package/src/tools/playbooks/index.ts

@@ -1,5 +1,4 @@
-// Barrel export — importing this module triggers registration of all playbook tools.
-import './playbook-create.js';
-import './playbook-list.js';
-import './playbook-update.js';
-import './playbook-delete.js';
+export { executePlaybookCreate } from './playbook-create.js';
+export { executePlaybookList } from './playbook-list.js';
+export { executePlaybookUpdate } from './playbook-update.js';
+export { executePlaybookDelete } from './playbook-delete.js';

package/src/tools/playbooks/playbook-create.ts

@@ -1,17 +1,16 @@
 import { and, eq } from 'drizzle-orm';
 import { v4 as uuid } from 'uuid';
-import { RiskLevel } from '../../permissions/types.js';
 import type { ToolContext, ToolExecutionResult } from '../types.js';
-import { registerTool } from '../registry.js';
 import { getDb } from '../../memory/db.js';
 import { computeMemoryFingerprint } from '../../memory/fingerprint.js';
 import { memoryItems } from '../../memory/schema.js';
 import { enqueueMemoryJob } from '../../memory/jobs-store.js';
 import type { Playbook, PlaybookAutonomyLevel } from '../../playbooks/types.js';
+import { truncate } from '../../util/truncate.js';
 
 const VALID_AUTONOMY_LEVELS = new Set<string>(['auto', 'draft', 'notify']);
 
-async function execute(input: Record<string, unknown>, context: ToolContext): Promise<ToolExecutionResult> {
+export async function executePlaybookCreate(input: Record<string, unknown>, context: ToolContext): Promise<ToolExecutionResult> {
   const trigger = input.trigger as string;
   const action = input.action as string;
 
@@ -32,7 +31,7 @@ async function execute(input: Record<string, unknown>, context: ToolContext): Pr
 
   const playbook: Playbook = { trigger, channel, category, action, autonomyLevel, priority };
   const statement = JSON.stringify(playbook);
-  const subject = `Playbook: ${trigger}`.slice(0, 80);
+  const subject = truncate(`Playbook: ${trigger}`, 80, '');
   const scopeId = context.memoryScopeId ?? 'default';
 
   const fingerprint = computeMemoryFingerprint(scopeId, 'playbook', subject, statement);
@@ -95,46 +94,3 @@ async function execute(input: Record<string, unknown>, context: ToolContext): Pr
     return { content: `Error creating playbook: ${msg}`, isError: true };
   }
 }
-
-registerTool({
-  name: 'playbook_create',
-  description: 'Create an action playbook — a trigger→action rule that tells the assistant how to handle incoming messages matching a pattern',
-  category: 'playbook',
-  defaultRiskLevel: RiskLevel.Low,
-  getDefinition: () => ({
-    name: 'playbook_create',
-    description: 'Create an action playbook — a trigger→action rule that tells the assistant how to handle incoming messages matching a pattern',
-    input_schema: {
-      type: 'object',
-      properties: {
-        trigger: {
-          type: 'string',
-          description: 'Pattern or description that triggers this playbook (e.g. "meeting request", "from:ceo@*", "newsletter")',
-        },
-        action: {
-          type: 'string',
-          description: 'What to do when the trigger matches — natural language action description (e.g. "check calendar, propose 3 times")',
-        },
-        channel: {
-          type: 'string',
-          description: 'Channel this rule applies to (e.g. "email", "slack"), or "*" for all channels. Defaults to "*".',
-        },
-        category: {
-          type: 'string',
-          description: 'Free-form category for grouping (e.g. "scheduling", "triage"). Defaults to "general".',
-        },
-        autonomy_level: {
-          type: 'string',
-          enum: ['auto', 'draft', 'notify'],
-          description: 'How much autonomy: "auto" = execute automatically, "draft" = draft for review, "notify" = notify only. Defaults to "draft".',
-        },
-        priority: {
-          type: 'number',
-          description: 'Relative priority — higher numbers take precedence. Defaults to 0.',
-        },
-      },
-      required: ['trigger', 'action'],
-    },
-  }),
-  execute,
-});

package/src/tools/playbooks/playbook-delete.ts

@@ -1,12 +1,10 @@
 import { and, eq } from 'drizzle-orm';
-import { RiskLevel } from '../../permissions/types.js';
 import type { ToolContext, ToolExecutionResult } from '../types.js';
-import { registerTool } from '../registry.js';
 import { getDb } from '../../memory/db.js';
 import { memoryItems } from '../../memory/schema.js';
 import { parsePlaybookStatement } from '../../playbooks/types.js';
 
-async function execute(input: Record<string, unknown>, context: ToolContext): Promise<ToolExecutionResult> {
+export async function executePlaybookDelete(input: Record<string, unknown>, context: ToolContext): Promise<ToolExecutionResult> {
   const playbookId = input.playbook_id as string;
   if (!playbookId || typeof playbookId !== 'string') {
     return { content: 'Error: playbook_id is required and must be a string', isError: true };
@@ -52,25 +50,3 @@ async function execute(input: Record<string, unknown>, context: ToolContext): Pr
     return { content: `Error deleting playbook: ${msg}`, isError: true };
   }
 }
-
-registerTool({
-  name: 'playbook_delete',
-  description: 'Delete an action playbook rule',
-  category: 'playbook',
-  defaultRiskLevel: RiskLevel.Low,
-  getDefinition: () => ({
-    name: 'playbook_delete',
-    description: 'Delete an action playbook rule',
-    input_schema: {
-      type: 'object',
-      properties: {
-        playbook_id: {
-          type: 'string',
-          description: 'ID of the playbook to delete (from playbook_list results)',
-        },
-      },
-      required: ['playbook_id'],
-    },
-  }),
-  execute,
-});

package/src/tools/playbooks/playbook-list.ts

@@ -1,12 +1,10 @@
 import { and, desc, eq, isNull } from 'drizzle-orm';
-import { RiskLevel } from '../../permissions/types.js';
 import type { ToolContext, ToolExecutionResult } from '../types.js';
-import { registerTool } from '../registry.js';
 import { getDb } from '../../memory/db.js';
 import { memoryItems } from '../../memory/schema.js';
 import { parsePlaybookStatement } from '../../playbooks/types.js';
 
-async function execute(input: Record<string, unknown>, context: ToolContext): Promise<ToolExecutionResult> {
+export async function executePlaybookList(input: Record<string, unknown>, context: ToolContext): Promise<ToolExecutionResult> {
   const scopeId = context.memoryScopeId ?? 'default';
   const channelFilter = typeof input.channel === 'string' ? input.channel : null;
   const categoryFilter = typeof input.category === 'string' ? input.category : null;
@@ -74,28 +72,3 @@ async function execute(input: Record<string, unknown>, context: ToolContext): Pr
     return { content: `Error listing playbooks: ${msg}`, isError: true };
   }
 }
-
-registerTool({
-  name: 'playbook_list',
-  description: 'List action playbooks, optionally filtered by channel or category',
-  category: 'playbook',
-  defaultRiskLevel: RiskLevel.Low,
-  getDefinition: () => ({
-    name: 'playbook_list',
-    description: 'List action playbooks, optionally filtered by channel or category',
-    input_schema: {
-      type: 'object',
-      properties: {
-        channel: {
-          type: 'string',
-          description: 'Filter by channel (e.g. "email", "slack"). Omit to show all.',
-        },
-        category: {
-          type: 'string',
-          description: 'Filter by category (e.g. "scheduling", "triage"). Omit to show all.',
-        },
-      },
-    },
-  }),
-  execute,
-});

package/src/tools/playbooks/playbook-update.ts

@@ -1,17 +1,16 @@
 import { and, eq } from 'drizzle-orm';
-import { RiskLevel } from '../../permissions/types.js';
 import type { ToolContext, ToolExecutionResult } from '../types.js';
-import { registerTool } from '../registry.js';
 import { getDb } from '../../memory/db.js';
 import { computeMemoryFingerprint } from '../../memory/fingerprint.js';
 import { memoryItems } from '../../memory/schema.js';
 import { enqueueMemoryJob } from '../../memory/jobs-store.js';
 import { parsePlaybookStatement } from '../../playbooks/types.js';
 import type { Playbook, PlaybookAutonomyLevel } from '../../playbooks/types.js';
+import { truncate } from '../../util/truncate.js';
 
 const VALID_AUTONOMY_LEVELS = new Set<string>(['auto', 'draft', 'notify']);
 
-async function execute(input: Record<string, unknown>, context: ToolContext): Promise<ToolExecutionResult> {
+export async function executePlaybookUpdate(input: Record<string, unknown>, context: ToolContext): Promise<ToolExecutionResult> {
   const playbookId = input.playbook_id as string;
   if (!playbookId || typeof playbookId !== 'string') {
     return { content: 'Error: playbook_id is required and must be a string', isError: true };
@@ -55,7 +54,7 @@ async function execute(input: Record<string, unknown>, context: ToolContext): Pr
     };
 
     const statement = JSON.stringify(updated);
-    const subject = `Playbook: ${updated.trigger}`.slice(0, 80);
+    const subject = truncate(`Playbook: ${updated.trigger}`, 80, '');
     const now = Date.now();
 
     const fingerprint = computeMemoryFingerprint(scopeId, 'playbook', subject, statement);
@@ -110,50 +109,3 @@ async function execute(input: Record<string, unknown>, context: ToolContext): Pr
     return { content: `Error updating playbook: ${msg}`, isError: true };
   }
 }
-
-registerTool({
-  name: 'playbook_update',
-  description: 'Update an existing action playbook rule',
-  category: 'playbook',
-  defaultRiskLevel: RiskLevel.Low,
-  getDefinition: () => ({
-    name: 'playbook_update',
-    description: 'Update an existing action playbook rule',
-    input_schema: {
-      type: 'object',
-      properties: {
-        playbook_id: {
-          type: 'string',
-          description: 'ID of the playbook to update (from playbook_list results)',
-        },
-        trigger: {
-          type: 'string',
-          description: 'Updated trigger pattern',
-        },
-        action: {
-          type: 'string',
-          description: 'Updated action description',
-        },
-        channel: {
-          type: 'string',
-          description: 'Updated channel ("*" for all)',
-        },
-        category: {
-          type: 'string',
-          description: 'Updated category',
-        },
-        autonomy_level: {
-          type: 'string',
-          enum: ['auto', 'draft', 'notify'],
-          description: 'Updated autonomy level',
-        },
-        priority: {
-          type: 'number',
-          description: 'Updated priority',
-        },
-      },
-      required: ['playbook_id'],
-    },
-  }),
-  execute,
-});