vellum 0.2.13 → 0.2.14

package/src/__tests__/elevenlabs-client.test.ts

@@ -189,6 +189,68 @@ describe('ElevenLabsClient', () => {
       }
     });
 
+    test('valid TwiML with XML declaration passes validation', async () => {
+      const twiml = '<?xml version="1.0"?><Response><Connect><Stream url="wss://el.io/stream"/></Connect></Response>';
+
+      globalThis.fetch = mock(async () =>
+        new Response(twiml, { status: 200 }),
+      ) as unknown as typeof globalThis.fetch;
+
+      const client = new ElevenLabsClient(DEFAULT_OPTIONS);
+      const result = await client.registerCall(DEFAULT_REQUEST);
+
+      expect(result.twiml).toBe(twiml);
+    });
+
+    test('valid TwiML with Response tag but no XML declaration passes validation', async () => {
+      const twiml = '<Response><Connect><Stream url="wss://el.io/stream"/></Connect></Response>';
+
+      globalThis.fetch = mock(async () =>
+        new Response(twiml, { status: 200 }),
+      ) as unknown as typeof globalThis.fetch;
+
+      const client = new ElevenLabsClient(DEFAULT_OPTIONS);
+      const result = await client.registerCall(DEFAULT_REQUEST);
+
+      expect(result.twiml).toBe(twiml);
+    });
+
+    test('non-XML response throws ELEVENLABS_INVALID_RESPONSE', async () => {
+      globalThis.fetch = mock(async () =>
+        new Response('{"error": "invalid"}', { status: 200 }),
+      ) as unknown as typeof globalThis.fetch;
+
+      const client = new ElevenLabsClient(DEFAULT_OPTIONS);
+
+      try {
+        await client.registerCall(DEFAULT_REQUEST);
+        expect(true).toBe(false); // Should not reach here
+      } catch (err) {
+        expect(err).toBeInstanceOf(ElevenLabsError);
+        const elErr = err as ElevenLabsError;
+        expect(elErr.code).toBe('ELEVENLABS_INVALID_RESPONSE');
+        expect(elErr.message).toContain('not valid TwiML/XML');
+      }
+    });
+
+    test('plain text response throws ELEVENLABS_INVALID_RESPONSE', async () => {
+      globalThis.fetch = mock(async () =>
+        new Response('some random text', { status: 200 }),
+      ) as unknown as typeof globalThis.fetch;
+
+      const client = new ElevenLabsClient(DEFAULT_OPTIONS);
+
+      try {
+        await client.registerCall(DEFAULT_REQUEST);
+        expect(true).toBe(false); // Should not reach here
+      } catch (err) {
+        expect(err).toBeInstanceOf(ElevenLabsError);
+        const elErr = err as ElevenLabsError;
+        expect(elErr.code).toBe('ELEVENLABS_INVALID_RESPONSE');
+        expect(elErr.message).toContain('not valid TwiML/XML');
+      }
+    });
+
     test('API key is not included in logged data', async () => {
       // The ElevenLabsClient logs agent_id and direction, but should never log the API key.
       // We verify this by checking the request structure, not the log output.

package/src/__tests__/ephemeral-permissions.test.ts

@@ -1,4 +1,4 @@
-import { describe, test, expect, beforeAll, beforeEach, mock } from 'bun:test';
+import { describe, test, expect, beforeAll, beforeEach, afterEach, mock } from 'bun:test';
 import { mkdtempSync, mkdirSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
@@ -28,7 +28,7 @@ mock.module('../util/logger.js', () => ({
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 const testConfig: Record<string, any> = {
-  permissions: { mode: 'legacy' as 'legacy' | 'strict' },
+  permissions: { mode: 'legacy' as 'legacy' | 'strict' | 'workspace' },
   skills: { load: { extraDirs: [] as string[] } },
   sandbox: { enabled: false },
 };
@@ -73,15 +73,14 @@ describe('ephemeral-permissions', () => {
       expect(fileReadRule.id).toBe('ephemeral:run-123:file_read');
       expect(fileReadRule.tool).toBe('file_read');
       expect(fileReadRule.pattern).toBe('**');
-      expect(fileReadRule.scope).toBe('/home/user/project');
+      expect(fileReadRule.scope).toBe('everywhere');
       expect(fileReadRule.decision).toBe('allow');
-      expect(fileReadRule.priority).toBe(50);
-      expect(fileReadRule.principalKind).toBe('task');
-      expect(fileReadRule.principalId).toBe('run-123');
+      expect(fileReadRule.priority).toBe(75);
       expect(fileReadRule.createdAt).toBeGreaterThan(0);
 
-      // Verify allowHighRisk is NOT set
-      expect(fileReadRule.allowHighRisk).toBeUndefined();
+      // allowHighRisk is set because task runs execute asynchronously
+      // without interactive confirmation — pre-approved via preflight
+      expect(fileReadRule.allowHighRisk).toBe(true);
 
       // Check other rules have correct tool names
       expect(rules[1].tool).toBe('bash');
@@ -155,12 +154,9 @@ describe('ephemeral-permissions', () => {
         decision: 'allow',
         priority: 50,
         createdAt: Date.now(),
-        principalKind: 'task',
-        principalId: 'run-1',
       }];
 
       const ctx: PolicyContext = {
-        principal: { kind: 'task', id: 'run-1' },
         ephemeralRules,
       };
 
@@ -188,12 +184,9 @@ describe('ephemeral-permissions', () => {
         decision: 'allow',
         priority: 50,
         createdAt: Date.now(),
-        principalKind: 'task',
-        principalId: 'run-1',
       }];
 
       const ctx: PolicyContext = {
-        principal: { kind: 'task', id: 'run-1' },
         ephemeralRules,
       };
 
@@ -218,12 +211,9 @@ describe('ephemeral-permissions', () => {
         decision: 'allow',
         priority: 50,
         createdAt: Date.now(),
-        principalKind: 'task',
-        principalId: 'run-1',
       }];
 
       const ctx: PolicyContext = {
-        principal: { kind: 'task', id: 'run-1' },
         ephemeralRules,
       };
 
@@ -258,12 +248,9 @@ describe('ephemeral-permissions', () => {
         decision: 'allow',
         priority: 50,
         createdAt: Date.now(),
-        principalKind: 'task',
-        principalId: 'run-1',
       }];
 
       const ctx: PolicyContext = {
-        principal: { kind: 'task', id: 'run-1' },
         ephemeralRules,
       };
 
@@ -288,13 +275,10 @@ describe('ephemeral-permissions', () => {
         decision: 'allow',
         priority: 50,
         createdAt: Date.now(),
-        principalKind: 'task',
-        principalId: 'run-1',
         // Note: allowHighRisk is NOT set
       }];
 
       const ctx: PolicyContext = {
-        principal: { kind: 'task', id: 'run-1' },
         ephemeralRules,
       };
 
@@ -309,4 +293,70 @@ describe('ephemeral-permissions', () => {
       expect(result.decision).toBe('prompt');
     });
   });
+
+  describe('workspace mode interactions', () => {
+    beforeEach(() => {
+      clearCache();
+      testConfig.permissions.mode = 'workspace';
+    });
+
+    afterEach(() => {
+      testConfig.permissions.mode = 'legacy';
+    });
+
+    test('workspace mode auto-allows workspace-scoped file_write (medium risk)', async () => {
+      const filePath = join(testDir, 'workspace-test-file.txt');
+      const result = await check('file_write', { path: filePath }, testDir);
+      expect(result.decision).toBe('allow');
+      expect(result.reason).toContain('Workspace mode');
+    });
+
+    test('workspace mode still prompts for file_write outside workspace', async () => {
+      const result = await check('file_write', { path: '/etc/config' }, testDir);
+      expect(result.decision).toBe('prompt');
+    });
+
+    test('explicit deny rule overrides workspace mode auto-allow', async () => {
+      addRule('file_write', '**', testDir, 'deny', 100);
+      const filePath = join(testDir, 'should-be-denied.txt');
+      const result = await check('file_write', { path: filePath }, testDir);
+      expect(result.decision).toBe('deny');
+    });
+
+    test('proxied bash still prompts in workspace mode', async () => {
+      const result = await check(
+        'bash',
+        { command: 'echo hello', network_mode: 'proxied' },
+        testDir,
+      );
+      expect(result.decision).toBe('prompt');
+      expect(result.reason).toContain('Proxied');
+    });
+
+    test('ephemeral task rules + workspace mode: deny rule wins', async () => {
+      // Add a persistent deny rule for file_write in the workspace
+      addRule('file_write', '**', testDir, 'deny', 100);
+
+      // Create ephemeral allow rules (lower priority than deny)
+      const ephemeralRules: TrustRule[] = [{
+        id: 'ephemeral:run-ws:file_write',
+        tool: 'file_write',
+        pattern: '**',
+        scope: testDir,
+        decision: 'allow',
+        priority: 50,
+        createdAt: Date.now(),
+      }];
+
+      const ctx: PolicyContext = {
+        ephemeralRules,
+      };
+
+      const filePath = join(testDir, 'task-file.txt');
+      const result = await check('file_write', { path: filePath }, testDir, ctx);
+      // The persistent deny rule (priority 100) should override
+      // both the ephemeral allow (priority 50) and workspace mode auto-allow
+      expect(result.decision).toBe('deny');
+    });
+  });
 });