npm - vellum - Versions diffs - 0.2.13 → 0.2.14 - Mend

vellum 0.2.13 → 0.2.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (207) hide show

package/README.md +32 -0
package/bun.lock +2 -2
package/docs/skills.md +4 -4
package/package.json +2 -2
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +213 -3
package/src/__tests__/app-git-history.test.ts +176 -0
package/src/__tests__/app-git-service.test.ts +169 -0
package/src/__tests__/assistant-events-sse-hardening.test.ts +315 -0
package/src/__tests__/browser-skill-baseline-tool-payload.test.ts +8 -8
package/src/__tests__/browser-skill-endstate.test.ts +6 -6
package/src/__tests__/call-bridge.test.ts +105 -13
package/src/__tests__/call-domain.test.ts +163 -0
package/src/__tests__/call-orchestrator.test.ts +113 -0
package/src/__tests__/call-routes-http.test.ts +246 -6
package/src/__tests__/channel-approval-routes.test.ts +438 -0
package/src/__tests__/channel-approval.test.ts +266 -0
package/src/__tests__/channel-approvals.test.ts +393 -0
package/src/__tests__/channel-delivery-store.test.ts +447 -0
package/src/__tests__/checker.test.ts +607 -1048
package/src/__tests__/cli.test.ts +1 -56
package/src/__tests__/config-schema.test.ts +137 -18
package/src/__tests__/conflict-intent-tokenization.test.ts +141 -0
package/src/__tests__/conflict-policy.test.ts +121 -0
package/src/__tests__/conflict-store.test.ts +2 -0
package/src/__tests__/contacts-tools.test.ts +3 -3
package/src/__tests__/contradiction-checker.test.ts +99 -1
package/src/__tests__/credential-security-invariants.test.ts +22 -6
package/src/__tests__/credential-vault-unit.test.ts +780 -0
package/src/__tests__/elevenlabs-client.test.ts +62 -0
package/src/__tests__/ephemeral-permissions.test.ts +73 -23
package/src/__tests__/filesystem-tools.test.ts +579 -0
package/src/__tests__/gateway-only-enforcement.test.ts +114 -4
package/src/__tests__/handlers-add-trust-rule-metadata.test.ts +202 -0
package/src/__tests__/handlers-cu-observation-blob.test.ts +2 -1
package/src/__tests__/handlers-ipc-blob-probe.test.ts +2 -1
package/src/__tests__/handlers-slack-config.test.ts +2 -1
package/src/__tests__/handlers-telegram-config.test.ts +855 -0
package/src/__tests__/handlers-twitter-config.test.ts +141 -1
package/src/__tests__/hooks-runner.test.ts +6 -2
package/src/__tests__/host-file-edit-tool.test.ts +124 -0
package/src/__tests__/host-file-read-tool.test.ts +62 -0
package/src/__tests__/host-file-write-tool.test.ts +59 -0
package/src/__tests__/host-shell-tool.test.ts +251 -0
package/src/__tests__/ingress-reconcile.test.ts +581 -0
package/src/__tests__/ipc-snapshot.test.ts +100 -41
package/src/__tests__/ipc-validate.test.ts +50 -0
package/src/__tests__/key-migration.test.ts +23 -0
package/src/__tests__/memory-regressions.test.ts +99 -0
package/src/__tests__/memory-retrieval.benchmark.test.ts +1 -1
package/src/__tests__/oauth-callback-registry.test.ts +11 -4
package/src/__tests__/playbook-execution.test.ts +502 -0
package/src/__tests__/playbook-tools.test.ts +4 -6
package/src/__tests__/public-ingress-urls.test.ts +34 -0
package/src/__tests__/qdrant-manager.test.ts +267 -0
package/src/__tests__/recurrence-engine-rruleset.test.ts +97 -0
package/src/__tests__/recurrence-engine.test.ts +9 -0
package/src/__tests__/recurrence-types.test.ts +8 -0
package/src/__tests__/registry.test.ts +1 -1
package/src/__tests__/runtime-runs.test.ts +1 -25
package/src/__tests__/schedule-store.test.ts +16 -14
package/src/__tests__/schedule-tools.test.ts +83 -0
package/src/__tests__/scheduler-recurrence.test.ts +111 -10
package/src/__tests__/secret-allowlist.test.ts +18 -17
package/src/__tests__/secret-ingress-handler.test.ts +11 -0
package/src/__tests__/secret-scanner.test.ts +43 -0
package/src/__tests__/session-conflict-gate.test.ts +442 -6
package/src/__tests__/session-init.benchmark.test.ts +3 -0
package/src/__tests__/session-process-bridge.test.ts +242 -0
package/src/__tests__/session-skill-tools.test.ts +1 -1
package/src/__tests__/shell-identity.test.ts +256 -0
package/src/__tests__/skill-projection.benchmark.test.ts +11 -1
package/src/__tests__/subagent-tools.test.ts +637 -54
package/src/__tests__/task-management-tools.test.ts +936 -0
package/src/__tests__/task-runner.test.ts +2 -2
package/src/__tests__/terminal-tools.test.ts +840 -0
package/src/__tests__/tool-executor-shell-integration.test.ts +301 -0
package/src/__tests__/tool-executor.test.ts +85 -151
package/src/__tests__/tool-permission-simulate-handler.test.ts +336 -0
package/src/__tests__/trust-store.test.ts +27 -453
package/src/__tests__/twilio-provider.test.ts +153 -3
package/src/__tests__/twilio-routes-elevenlabs.test.ts +375 -0
package/src/__tests__/twilio-routes-twiml.test.ts +4 -4
package/src/__tests__/twilio-routes.test.ts +17 -262
package/src/__tests__/twitter-auth-handler.test.ts +2 -1
package/src/__tests__/twitter-cli-error-shaping.test.ts +208 -0
package/src/__tests__/twitter-cli-routing.test.ts +252 -0
package/src/__tests__/twitter-oauth-client.test.ts +209 -0
package/src/__tests__/workspace-policy.test.ts +213 -0
package/src/calls/call-bridge.ts +92 -19
package/src/calls/call-domain.ts +157 -5
package/src/calls/call-orchestrator.ts +93 -7
package/src/calls/call-store.ts +6 -0
package/src/calls/elevenlabs-client.ts +8 -0
package/src/calls/elevenlabs-config.ts +7 -5
package/src/calls/twilio-provider.ts +91 -0
package/src/calls/twilio-routes.ts +32 -37
package/src/calls/types.ts +3 -1
package/src/calls/voice-quality.ts +29 -7
package/src/cli/twitter.ts +200 -21
package/src/cli.ts +1 -20
package/src/config/bundled-skills/contacts/tools/contact-merge.ts +52 -4
package/src/config/bundled-skills/contacts/tools/contact-search.ts +55 -4
package/src/config/bundled-skills/contacts/tools/contact-upsert.ts +61 -4
package/src/config/bundled-skills/messaging/SKILL.md +17 -2
package/src/config/bundled-skills/messaging/tools/messaging-reply.ts +4 -1
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +5 -1
package/src/config/bundled-skills/messaging/tools/shared.ts +5 -0
package/src/config/bundled-skills/phone-calls/SKILL.md +142 -34
package/src/config/bundled-skills/playbooks/tools/playbook-create.ts +95 -6
package/src/config/bundled-skills/playbooks/tools/playbook-delete.ts +51 -6
package/src/config/bundled-skills/playbooks/tools/playbook-list.ts +73 -6
package/src/config/bundled-skills/playbooks/tools/playbook-update.ts +110 -6
package/src/config/bundled-skills/public-ingress/SKILL.md +22 -5
package/src/config/bundled-skills/twitter/SKILL.md +103 -17
package/src/config/defaults.ts +10 -4
package/src/config/schema.ts +80 -21
package/src/config/types.ts +1 -0
package/src/config/vellum-skills/telegram-setup/SKILL.md +56 -61
package/src/daemon/assistant-attachments.ts +4 -2
package/src/daemon/handlers/apps.ts +69 -0
package/src/daemon/handlers/config.ts +543 -24
package/src/daemon/handlers/index.ts +1 -0
package/src/daemon/handlers/sessions.ts +22 -6
package/src/daemon/handlers/shared.ts +2 -1
package/src/daemon/handlers/skills.ts +5 -20
package/src/daemon/ipc-contract-inventory.json +28 -0
package/src/daemon/ipc-contract.ts +168 -10
package/src/daemon/ipc-validate.ts +17 -0
package/src/daemon/lifecycle.ts +2 -0
package/src/daemon/server.ts +78 -72
package/src/daemon/session-attachments.ts +1 -1
package/src/daemon/session-conflict-gate.ts +62 -6
package/src/daemon/session-notifiers.ts +1 -1
package/src/daemon/session-process.ts +62 -3
package/src/daemon/session-tool-setup.ts +1 -2
package/src/daemon/tls-certs.ts +189 -0
package/src/daemon/video-thumbnail.ts +5 -3
package/src/hooks/manager.ts +5 -9
package/src/memory/app-git-service.ts +295 -0
package/src/memory/app-store.ts +21 -0
package/src/memory/conflict-intent.ts +47 -4
package/src/memory/conflict-policy.ts +73 -0
package/src/memory/conflict-store.ts +9 -1
package/src/memory/contradiction-checker.ts +28 -0
package/src/memory/conversation-key-store.ts +15 -0
package/src/memory/db.ts +81 -0
package/src/memory/embedding-local.ts +3 -13
package/src/memory/external-conversation-store.ts +234 -0
package/src/memory/job-handlers/conflict.ts +22 -2
package/src/memory/jobs-worker.ts +67 -28
package/src/memory/runs-store.ts +54 -7
package/src/memory/schema.ts +20 -0
package/src/messaging/provider.ts +9 -0
package/src/messaging/providers/telegram-bot/adapter.ts +162 -0
package/src/messaging/providers/telegram-bot/client.ts +104 -0
package/src/messaging/providers/telegram-bot/types.ts +15 -0
package/src/messaging/registry.ts +1 -0
package/src/permissions/checker.ts +48 -44
package/src/permissions/prompter.ts +0 -4
package/src/permissions/shell-identity.ts +227 -0
package/src/permissions/trust-store.ts +76 -53
package/src/permissions/types.ts +0 -19
package/src/permissions/workspace-policy.ts +114 -0
package/src/providers/retry.ts +12 -37
package/src/runtime/assistant-event-hub.ts +41 -4
package/src/runtime/channel-approval-parser.ts +60 -0
package/src/runtime/channel-approval-types.ts +71 -0
package/src/runtime/channel-approvals.ts +145 -0
package/src/runtime/gateway-client.ts +16 -0
package/src/runtime/http-server.ts +29 -9
package/src/runtime/routes/call-routes.ts +52 -2
package/src/runtime/routes/channel-routes.ts +296 -16
package/src/runtime/routes/events-routes.ts +97 -28
package/src/runtime/routes/run-routes.ts +2 -7
package/src/runtime/run-orchestrator.ts +0 -3
package/src/schedule/recurrence-engine.ts +26 -2
package/src/schedule/recurrence-types.ts +1 -1
package/src/schedule/schedule-store.ts +12 -3
package/src/security/secret-scanner.ts +7 -0
package/src/tasks/ephemeral-permissions.ts +0 -2
package/src/tasks/task-scheduler.ts +2 -1
package/src/tools/calls/call-start.ts +8 -0
package/src/tools/execution-target.ts +21 -0
package/src/tools/execution-timeout.ts +49 -0
package/src/tools/executor.ts +6 -135
package/src/tools/network/web-search.ts +9 -32
package/src/tools/policy-context.ts +29 -0
package/src/tools/schedule/update.ts +8 -1
package/src/tools/terminal/parser.ts +16 -18
package/src/tools/types.ts +4 -11
package/src/twitter/oauth-client.ts +102 -0
package/src/twitter/router.ts +101 -0
package/src/util/debounce.ts +88 -0
package/src/util/network-info.ts +47 -0
package/src/util/platform.ts +29 -4
package/src/util/promise-guard.ts +37 -0
package/src/util/retry.ts +98 -0
package/src/util/truncate.ts +1 -1
package/src/workspace/git-service.ts +129 -112
package/src/tools/contacts/contact-merge.ts +0 -55
package/src/tools/contacts/contact-search.ts +0 -58
package/src/tools/contacts/contact-upsert.ts +0 -64
package/src/tools/playbooks/index.ts +0 -4
package/src/tools/playbooks/playbook-create.ts +0 -96
package/src/tools/playbooks/playbook-delete.ts +0 -52
package/src/tools/playbooks/playbook-list.ts +0 -74
package/src/tools/playbooks/playbook-update.ts +0 -111

package/src/__tests__/filesystem-tools.test.ts ADDED Viewed

@@ -0,0 +1,579 @@
+import { afterEach, describe, expect, test } from 'bun:test';
+import {
+  existsSync,
+  mkdirSync,
+  mkdtempSync,
+  readFileSync,
+  realpathSync,
+  rmSync,
+  symlinkSync,
+  writeFileSync,
+} from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+import { FileSystemOps, type PathPolicy } from '../tools/shared/filesystem/file-ops-service.js';
+import { sandboxPolicy } from '../tools/shared/filesystem/path-policy.js';
+import { formatEditDiff, formatWriteSummary } from '../tools/shared/filesystem/format-diff.js';
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+const testDirs: string[] = [];
+function makeTempDir(): string {
+  const dir = realpathSync(mkdtempSync(join(tmpdir(), 'fs-tools-test-')));
+  testDirs.push(dir);
+  return dir;
+}
+afterEach(() => {
+  for (const dir of testDirs.splice(0)) {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+function sandboxPolicyFor(boundary: string): PathPolicy {
+  return (rawPath, options) => sandboxPolicy(rawPath, boundary, options);
+}
+// ===========================================================================
+// FileSystemOps: symlink handling through read/write/edit
+// ===========================================================================
+describe('FileSystemOps symlink handling', () => {
+  test('read blocks symlink pointing outside boundary', () => {
+    const boundary = makeTempDir();
+    const outside = makeTempDir();
+    const outsideFile = join(outside, 'secret.txt');
+    writeFileSync(outsideFile, 'secret data');
+    symlinkSync(outsideFile, join(boundary, 'link.txt'));
+    const ops = new FileSystemOps(sandboxPolicyFor(boundary));
+    const result = ops.readFileSafe({ path: 'link.txt' });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.error.code).toBe('PATH_OUT_OF_BOUNDS');
+  });
+  test('read allows symlink within boundary', () => {
+    const boundary = makeTempDir();
+    const realFile = join(boundary, 'real.txt');
+    writeFileSync(realFile, 'hello');
+    symlinkSync(realFile, join(boundary, 'link.txt'));
+    const ops = new FileSystemOps(sandboxPolicyFor(boundary));
+    const result = ops.readFileSafe({ path: 'link.txt' });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.content).toContain('hello');
+  });
+  test('write blocks creating file under symlinked dir pointing outside', () => {
+    const boundary = makeTempDir();
+    const outside = makeTempDir();
+    symlinkSync(outside, join(boundary, 'link-dir'));
+    const ops = new FileSystemOps(sandboxPolicyFor(boundary));
+    const result = ops.writeFileSafe({ path: 'link-dir/evil.txt', content: 'bad' });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.error.code).toBe('PATH_OUT_OF_BOUNDS');
+    // The file must NOT have been written to the outside directory
+    expect(existsSync(join(outside, 'evil.txt'))).toBe(false);
+  });
+  test('edit blocks symlink pointing outside boundary', () => {
+    const boundary = makeTempDir();
+    const outside = makeTempDir();
+    const outsideFile = join(outside, 'target.txt');
+    writeFileSync(outsideFile, 'original');
+    symlinkSync(outsideFile, join(boundary, 'link.txt'));
+    const ops = new FileSystemOps(sandboxPolicyFor(boundary));
+    const result = ops.editFileSafe({
+      path: 'link.txt',
+      oldString: 'original',
+      newString: 'modified',
+      replaceAll: false,
+    });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.error.code).toBe('PATH_OUT_OF_BOUNDS');
+    // The outside file must NOT have been modified
+    expect(readFileSync(outsideFile, 'utf-8')).toBe('original');
+  });
+});
+// ===========================================================================
+// FileSystemOps: read offset/limit edge cases
+// ===========================================================================
+describe('FileSystemOps read offset/limit edge cases', () => {
+  test('offset beyond file length returns empty content', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'short.txt'), 'a\nb\nc');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: 'short.txt', offset: 100 });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.content).toBe('');
+  });
+  test('limit of zero returns empty content', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'file.txt'), 'a\nb\nc');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: 'file.txt', limit: 0 });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.content).toBe('');
+  });
+  test('offset=1 reads from first line (1-indexed)', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'file.txt'), 'first\nsecond\nthird');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: 'file.txt', offset: 1, limit: 1 });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.content).toContain('first');
+    expect(result.value.content).not.toContain('second');
+  });
+  test('limit exceeding file length returns all remaining lines', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'file.txt'), 'a\nb');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: 'file.txt', offset: 1, limit: 1000 });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.content).toContain('a');
+    expect(result.value.content).toContain('b');
+  });
+  test('read adds line numbers starting from offset', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'file.txt'), 'a\nb\nc\nd\ne');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: 'file.txt', offset: 3, limit: 2 });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    // Lines should be numbered 3 and 4
+    expect(result.value.content).toContain('3');
+    expect(result.value.content).toContain('4');
+    expect(result.value.content).toContain('c');
+    expect(result.value.content).toContain('d');
+  });
+});
+// ===========================================================================
+// FileSystemOps: edit with whitespace-normalized and fuzzy matches
+// ===========================================================================
+describe('FileSystemOps edit match methods', () => {
+  test('whitespace-normalized match succeeds', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'file.txt'), '  function foo() {\n    return 1;\n  }\n');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.editFileSafe({
+      path: 'file.txt',
+      oldString: 'function foo() {\n  return 1;\n}',
+      newString: 'function bar() {\n  return 2;\n}',
+      replaceAll: false,
+    });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.matchMethod).toBe('whitespace');
+    expect(result.value.similarity).toBe(1);
+    expect(result.value.newContent).toContain('bar');
+  });
+  test('fuzzy match succeeds with near-match', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'file.txt'), 'function fooo() {\n  return 1;\n}\n');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.editFileSafe({
+      path: 'file.txt',
+      oldString: 'function foo() {\n  return 1;\n}',
+      newString: 'function bar() {\n  return 2;\n}',
+      replaceAll: false,
+    });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.matchMethod).toBe('fuzzy');
+    expect(result.value.similarity).toBeGreaterThan(0.8);
+    expect(result.value.similarity).toBeLessThan(1);
+  });
+  test('edit returns actualOld and actualNew for fuzzy match', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'file.txt'), 'function fooo() {\n  return 1;\n}\n');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.editFileSafe({
+      path: 'file.txt',
+      oldString: 'function foo() {\n  return 1;\n}',
+      newString: 'function bar() {\n  return 2;\n}',
+      replaceAll: false,
+    });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    // actualOld should be the text as it appeared in the file
+    expect(result.value.actualOld).toContain('fooo');
+  });
+});
+// ===========================================================================
+// FileSystemOps: write overwrites and oldContent tracking
+// ===========================================================================
+describe('FileSystemOps write content tracking', () => {
+  test('new file has empty oldContent', () => {
+    const dir = makeTempDir();
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.writeFileSafe({ path: 'brand-new.txt', content: 'new' });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.oldContent).toBe('');
+    expect(result.value.isNewFile).toBe(true);
+  });
+  test('overwrite tracks oldContent and newContent', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'existing.txt'), 'version 1');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.writeFileSafe({ path: 'existing.txt', content: 'version 2' });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.oldContent).toBe('version 1');
+    expect(result.value.newContent).toBe('version 2');
+    expect(result.value.isNewFile).toBe(false);
+  });
+  test('write returns resolved absolute path', () => {
+    const dir = makeTempDir();
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.writeFileSafe({ path: 'output.txt', content: 'data' });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.filePath).toBe(join(dir, 'output.txt'));
+  });
+});
+// ===========================================================================
+// formatEditDiff
+// ===========================================================================
+describe('formatEditDiff', () => {
+  test('shows removed and added lines', () => {
+    const result = formatEditDiff('old line', 'new line');
+    expect(result).toContain('- old line');
+    expect(result).toContain('+ new line');
+  });
+  test('handles multi-line changes', () => {
+    const result = formatEditDiff('a\nb\nc', 'x\ny\nz');
+    expect(result).toContain('- a');
+    expect(result).toContain('- b');
+    expect(result).toContain('- c');
+    expect(result).toContain('+ x');
+    expect(result).toContain('+ y');
+    expect(result).toContain('+ z');
+  });
+  test('handles empty old string (pure addition)', () => {
+    const result = formatEditDiff('', 'added');
+    expect(result).not.toContain('- ');
+    expect(result).toContain('+ added');
+  });
+  test('handles empty new string (pure deletion)', () => {
+    const result = formatEditDiff('removed', '');
+    expect(result).toContain('- removed');
+    expect(result).not.toContain('+ ');
+  });
+  test('truncates long diffs beyond 8 lines', () => {
+    const longOld = Array.from({ length: 12 }, (_, i) => `old-line-${i}`).join('\n');
+    const result = formatEditDiff(longOld, 'short');
+    expect(result).toContain('more lines');
+  });
+});
+// ===========================================================================
+// formatWriteSummary
+// ===========================================================================
+describe('formatWriteSummary', () => {
+  test('new file summary includes line count', () => {
+    const result = formatWriteSummary('', 'line1\nline2\nline3', true);
+    expect(result).toContain('new file');
+    expect(result).toContain('3 lines');
+  });
+  test('new file with single line uses singular', () => {
+    const result = formatWriteSummary('', 'single', true);
+    expect(result).toContain('1 line');
+    expect(result).not.toContain('1 lines');
+  });
+  test('overwrite summary shows line count change', () => {
+    const result = formatWriteSummary('a\nb', 'x\ny\nz', false);
+    expect(result).toContain('2');
+    expect(result).toContain('3');
+  });
+});
+// ===========================================================================
+// FileSystemOps: path traversal patterns
+// ===========================================================================
+describe('FileSystemOps path traversal prevention', () => {
+  test('rejects absolute path outside boundary on read', () => {
+    const dir = makeTempDir();
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: '/etc/passwd' });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.error.code).toBe('PATH_OUT_OF_BOUNDS');
+  });
+  test('rejects absolute path outside boundary on write', () => {
+    const dir = makeTempDir();
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.writeFileSafe({ path: '/tmp/evil-write.txt', content: 'bad' });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.error.code).toBe('PATH_OUT_OF_BOUNDS');
+  });
+  test('rejects absolute path outside boundary on edit', () => {
+    const dir = makeTempDir();
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.editFileSafe({
+      path: '/etc/hosts',
+      oldString: 'a',
+      newString: 'b',
+      replaceAll: false,
+    });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.error.code).toBe('PATH_OUT_OF_BOUNDS');
+  });
+  test('rejects dot-dot traversal embedded in path on read', () => {
+    const dir = makeTempDir();
+    mkdirSync(join(dir, 'sub'));
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: 'sub/../../etc/passwd' });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.error.code).toBe('PATH_OUT_OF_BOUNDS');
+  });
+  test('accepts absolute path inside boundary', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'inside.txt'), 'safe content');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: join(dir, 'inside.txt') });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.content).toContain('safe content');
+  });
+});
+// ===========================================================================
+// FileSystemOps: binary file handling on read
+// ===========================================================================
+describe('FileSystemOps binary file read', () => {
+  test('reads binary content as utf-8 without crashing', () => {
+    const dir = makeTempDir();
+    const binaryContent = Buffer.from([0x00, 0xFF, 0x89, 0x50, 0x4E, 0x47]);
+    writeFileSync(join(dir, 'binary.bin'), binaryContent);
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: 'binary.bin' });
+    // Should succeed — the file is readable, even if content has replacement chars
+    expect(result.ok).toBe(true);
+  });
+});
+// ===========================================================================
+// FileSystemOps: empty file handling
+// ===========================================================================
+describe('FileSystemOps empty file operations', () => {
+  test('reads empty file successfully', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'empty.txt'), '');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: 'empty.txt' });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    // Empty file still has one "line" (the empty string before any newline)
+    expect(result.value.content).toBeDefined();
+  });
+  test('write empty content creates empty file', () => {
+    const dir = makeTempDir();
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.writeFileSafe({ path: 'empty.txt', content: '' });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.isNewFile).toBe(true);
+    expect(readFileSync(join(dir, 'empty.txt'), 'utf-8')).toBe('');
+  });
+  test('edit on empty file returns MATCH_NOT_FOUND', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'empty.txt'), '');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.editFileSafe({
+      path: 'empty.txt',
+      oldString: 'something',
+      newString: 'else',
+      replaceAll: false,
+    });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.error.code).toBe('MATCH_NOT_FOUND');
+  });
+});
+// ===========================================================================
+// FileSystemOps: container /workspace path remapping
+// ===========================================================================
+describe('FileSystemOps /workspace path remapping', () => {
+  test('read remaps /workspace/ path to boundary', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'file.txt'), 'workspace content');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: '/workspace/file.txt' });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.content).toContain('workspace content');
+  });
+  test('write remaps /workspace/ path to boundary', () => {
+    const dir = makeTempDir();
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.writeFileSafe({ path: '/workspace/new.txt', content: 'remapped' });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(existsSync(join(dir, 'new.txt'))).toBe(true);
+    expect(readFileSync(join(dir, 'new.txt'), 'utf-8')).toBe('remapped');
+  });
+  test('edit remaps /workspace/ path to boundary', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'file.txt'), 'old content');
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.editFileSafe({
+      path: '/workspace/file.txt',
+      oldString: 'old content',
+      newString: 'new content',
+      replaceAll: false,
+    });
+    expect(result.ok).toBe(true);
+    if (!result.ok) return;
+    expect(result.value.newContent).toBe('new content');
+    expect(readFileSync(join(dir, 'file.txt'), 'utf-8')).toBe('new content');
+  });
+  test('/workspace traversal escape is blocked', () => {
+    const dir = makeTempDir();
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: '/workspace/../../../etc/passwd' });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.error.code).toBe('PATH_OUT_OF_BOUNDS');
+  });
+});
+// ===========================================================================
+// FileSystemOps: custom size limit enforcement
+// ===========================================================================
+describe('FileSystemOps custom size limit', () => {
+  test('read rejects file exceeding custom limit', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'big.txt'), 'x'.repeat(500));
+    const ops = new FileSystemOps(sandboxPolicyFor(dir), { sizeLimit: 100 });
+    const result = ops.readFileSafe({ path: 'big.txt' });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.error.code).toBe('SIZE_LIMIT_EXCEEDED');
+  });
+  test('read accepts file within custom limit', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'small.txt'), 'x'.repeat(50));
+    const ops = new FileSystemOps(sandboxPolicyFor(dir), { sizeLimit: 100 });
+    const result = ops.readFileSafe({ path: 'small.txt' });
+    expect(result.ok).toBe(true);
+  });
+  test('write rejects content exceeding custom limit', () => {
+    const dir = makeTempDir();
+    const ops = new FileSystemOps(sandboxPolicyFor(dir), { sizeLimit: 100 });
+    const result = ops.writeFileSafe({ path: 'big.txt', content: 'x'.repeat(500) });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.error.code).toBe('SIZE_LIMIT_EXCEEDED');
+  });
+  test('edit rejects file exceeding custom limit', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'big.txt'), 'x'.repeat(500));
+    const ops = new FileSystemOps(sandboxPolicyFor(dir), { sizeLimit: 100 });
+    const result = ops.editFileSafe({
+      path: 'big.txt',
+      oldString: 'x',
+      newString: 'y',
+      replaceAll: false,
+    });
+    expect(result.ok).toBe(false);
+    if (result.ok) return;
+    expect(result.error.code).toBe('SIZE_LIMIT_EXCEEDED');
+  });
+  test('no size limit when not specified (defaults to 100MB)', () => {
+    const dir = makeTempDir();
+    writeFileSync(join(dir, 'file.txt'), 'x'.repeat(1000));
+    const ops = new FileSystemOps(sandboxPolicyFor(dir));
+    const result = ops.readFileSafe({ path: 'file.txt' });
+    expect(result.ok).toBe(true);
+  });
+});