vellum 0.2.13 → 0.2.14

package/src/__tests__/gateway-only-enforcement.test.ts

@@ -2,13 +2,14 @@
  * Tests for gateway-only ingress enforcement in the runtime HTTP server.
  *
  * Verifies:
+ * - Runtime does not expose any Telegram webhook ingress routes
  * - Direct Twilio webhook routes return 410
  * - Internal forwarding routes (gateway→runtime) still work
  * - Relay WebSocket upgrade blocked for non-private-network origins (isPrivateNetworkOrigin)
  * - Relay WebSocket upgrade allowed from private network peers/origins
  * - Startup warning when RUNTIME_HTTP_HOST is not loopback
  */
-import { describe, test, expect, beforeEach, afterEach, mock } from 'bun:test';
+import { describe, test, expect, beforeAll, afterAll, mock } from 'bun:test';
 import { mkdtempSync, realpathSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
@@ -127,6 +128,15 @@ mock.module('../security/oauth-callback-registry.js', () => ({
   consumeCallbackError: () => true,
 }));
 
+// Mock call-store so WebSocket close handlers don't hit the real DB
+mock.module('../calls/call-store.js', () => ({
+  getCallSession: () => null,
+  getCallSessionByCallSid: () => null,
+  updateCallSession: () => {},
+  recordCallEvent: () => {},
+  expirePendingQuestions: () => {},
+}));
+
 import { RuntimeHttpServer, isPrivateAddress } from '../runtime/http-server.js';
 
 // ---------------------------------------------------------------------------
@@ -148,8 +158,10 @@ describe('gateway-only ingress enforcement', () => {
   let server: RuntimeHttpServer;
   let port: number;
 
-  beforeEach(async () => {
-    logMessages.length = 0;
+  // Share a single server across all tests to avoid EADDRINUSE flakes from
+  // rapid port allocation/deallocation when creating a server per test.
+  // All tests are read-only (HTTP requests checking status codes) so sharing is safe.
+  beforeAll(async () => {
     server = new RuntimeHttpServer({
       port: 0,
       hostname: '127.0.0.1',
@@ -159,10 +171,63 @@ describe('gateway-only ingress enforcement', () => {
     port = server.actualPort;
   });
 
-  afterEach(async () => {
+  afterAll(async () => {
     await server.stop();
   });
 
+  // ── Runtime does not expose Telegram webhook ingress ─────────────
+
+  describe('runtime has no Telegram webhook routes', () => {
+
+    test('POST /webhooks/telegram is rejected (not handled by runtime)', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/webhooks/telegram`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ update_id: 1, message: { text: 'hello' } }),
+      });
+      // The runtime has no route for /webhooks/telegram. Without auth, the
+      // request is rejected with 401 (auth middleware fires before 404).
+      // With auth, it would 404. Either way, no Telegram handler runs.
+      expect(res.status).toBe(401);
+    });
+
+    test('GET /webhooks/telegram is rejected', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/webhooks/telegram`);
+      expect(res.status).toBe(401);
+    });
+
+    test('POST /webhooks/telegram/test is rejected', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/webhooks/telegram/test`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({}),
+      });
+      expect(res.status).toBe(401);
+    });
+
+    test('POST /webhooks/telegram returns 404 when authenticated (no handler exists)', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/webhooks/telegram`, {
+        method: 'POST',
+        headers: { ...AUTH_HEADERS, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ update_id: 1, message: { text: 'hello' } }),
+      });
+      // With valid auth, the request passes the auth middleware and reaches
+      // route matching — confirming no Telegram webhook handler exists.
+      expect(res.status).toBe(404);
+    });
+
+    test('POST /webhooks/telegram/test returns 404 when authenticated (no handler exists)', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/webhooks/telegram/test`, {
+        method: 'POST',
+        headers: { ...AUTH_HEADERS, 'Content-Type': 'application/json' },
+        body: JSON.stringify({}),
+      });
+      // With valid auth, the request passes the auth middleware and reaches
+      // route matching — confirming no Telegram subpath handler exists.
+      expect(res.status).toBe(404);
+    });
+  });
+
   // ── Direct Twilio webhook routes blocked in gateway_only mode ──────
 
   describe('direct webhook routes are blocked', () => {
@@ -408,6 +473,51 @@ describe('gateway-only ingress enforcement', () => {
     });
   });
 
+  // ── Channel sync endpoints require auth ─────────────────────────────
+
+  describe('channel sync endpoints require authentication', () => {
+
+    test('POST /v1/channels/inbound without auth returns 401', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/v1/channels/inbound`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          sourceChannel: 'telegram',
+          externalChatId: '12345',
+          externalMessageId: 'msg-1',
+          content: 'hello',
+        }),
+      });
+      expect(res.status).toBe(401);
+    });
+
+    test('DELETE /v1/channels/conversation without auth returns 401', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/v1/channels/conversation`, {
+        method: 'DELETE',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          sourceChannel: 'telegram',
+          externalChatId: '12345',
+        }),
+      });
+      expect(res.status).toBe(401);
+    });
+
+    test('POST /v1/channels/delivery-ack without auth returns 401', async () => {
+      const res = await fetch(`http://127.0.0.1:${port}/v1/channels/delivery-ack`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          sourceChannel: 'telegram',
+          externalChatId: '12345',
+          externalMessageId: 'msg-1',
+        }),
+      });
+      expect(res.status).toBe(401);
+    });
+
+  });
+
   // ── Startup warning for non-loopback host ──────────────────────────
 
   describe('startup guard — non-loopback host', () => {

package/src/__tests__/handlers-add-trust-rule-metadata.test.ts

@@ -0,0 +1,202 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import { describe, test, expect, beforeEach } from 'bun:test';
+import { mkdtempSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import * as net from 'node:net';
+import { mock } from 'bun:test';
+
+const testDir = mkdtempSync(join(tmpdir(), 'trust-rule-metadata-test-'));
+
+mock.module('../util/platform.js', () => ({
+  getRootDir: () => testDir,
+  getDataDir: () => join(testDir, 'data'),
+  getWorkspaceSkillsDir: () => join(testDir, 'skills'),
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getDbPath: () => join(testDir, 'test.db'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+  getIpcBlobDir: () => join(testDir, 'ipc-blobs'),
+}));
+
+mock.module('../util/logger.js', () => ({
+  getLogger: () => ({
+    info: () => {},
+    warn: () => {},
+    error: () => {},
+    debug: () => {},
+    trace: () => {},
+    fatal: () => {},
+    child: () => ({
+      info: () => {},
+      warn: () => {},
+      error: () => {},
+      debug: () => {},
+    }),
+  }),
+}));
+
+const testConfig: Record<string, any> = {
+  permissions: { mode: 'legacy' as 'legacy' | 'strict' | 'workspace' },
+  skills: { load: { extraDirs: [] as string[] } },
+  sandbox: { enabled: true },
+};
+
+mock.module('../config/loader.js', () => ({
+  getConfig: () => testConfig,
+  loadConfig: () => testConfig,
+  invalidateConfigCache: () => {},
+  saveConfig: () => {},
+  loadRawConfig: () => ({}),
+  saveRawConfig: () => {},
+  getNestedValue: () => undefined,
+  setNestedValue: () => {},
+}));
+
+import { handleAddTrustRule } from '../daemon/handlers/config.js';
+import { getAllRules, clearAllRules, clearCache } from '../permissions/trust-store.js';
+import type { AddTrustRule } from '../daemon/ipc-contract.js';
+import type { HandlerContext } from '../daemon/handlers.js';
+import type { ServerMessage } from '../daemon/ipc-contract.js';
+import { DebouncerMap } from '../util/debounce.js';
+
+function createTestContext(): { ctx: HandlerContext; sent: ServerMessage[] } {
+  const sent: ServerMessage[] = [];
+  const ctx: HandlerContext = {
+    sessions: new Map(),
+    socketToSession: new Map(),
+    cuSessions: new Map(),
+    socketToCuSession: new Map(),
+    cuObservationParseSequence: new Map(),
+    socketSandboxOverride: new Map(),
+    sharedRequestTimestamps: [],
+    debounceTimers: new DebouncerMap({ defaultDelayMs: 200 }),
+    suppressConfigReload: false,
+    setSuppressConfigReload: () => {},
+    updateConfigFingerprint: () => {},
+    send: (_socket, msg) => { sent.push(msg); },
+    broadcast: () => {},
+    clearAllSessions: () => 0,
+    getOrCreateSession: () => { throw new Error('not implemented'); },
+    touchSession: () => {},
+  };
+  return { ctx, sent };
+}
+
+describe('handleAddTrustRule metadata plumbing', () => {
+  beforeEach(() => {
+    clearAllRules();
+    clearCache();
+  });
+
+  test('persists allowHighRisk and executionTarget fields when provided', () => {
+    const { ctx } = createTestContext();
+    const msg: AddTrustRule = {
+      type: 'add_trust_rule',
+      toolName: 'bash',
+      pattern: 'git *',
+      scope: '/projects/my-app',
+      decision: 'allow',
+      allowHighRisk: true,
+      executionTarget: 'host',
+    };
+
+    handleAddTrustRule(msg, {} as net.Socket, ctx);
+
+    const rules = getAllRules();
+    const userRule = rules.find((r) => r.tool === 'bash' && r.pattern === 'git *');
+    expect(userRule).toBeDefined();
+    expect(userRule!.allowHighRisk).toBe(true);
+    expect(userRule!.executionTarget).toBe('host');
+  });
+
+  test('backward compatibility: rules work without any metadata fields', () => {
+    const { ctx } = createTestContext();
+    const msg: AddTrustRule = {
+      type: 'add_trust_rule',
+      toolName: 'file_write',
+      pattern: '**',
+      scope: 'everywhere',
+      decision: 'allow',
+    };
+
+    handleAddTrustRule(msg, {} as net.Socket, ctx);
+
+    const rules = getAllRules();
+    const userRule = rules.find((r) => r.tool === 'file_write' && r.pattern === '**');
+    expect(userRule).toBeDefined();
+    expect(userRule!.decision).toBe('allow');
+    // Metadata fields should be absent
+    expect(userRule!.allowHighRisk).toBeUndefined();
+    expect(userRule!.executionTarget).toBeUndefined();
+  });
+
+  test('rule can be retrieved after being added with metadata', () => {
+    const { ctx } = createTestContext();
+    const msg: AddTrustRule = {
+      type: 'add_trust_rule',
+      toolName: 'bash',
+      pattern: 'npm install *',
+      scope: '/projects/web',
+      decision: 'allow',
+      allowHighRisk: false,
+      executionTarget: 'sandbox',
+    };
+
+    handleAddTrustRule(msg, {} as net.Socket, ctx);
+
+    // Force re-read from disk to verify persistence
+    clearCache();
+    const rules = getAllRules();
+    const userRule = rules.find((r) => r.tool === 'bash' && r.pattern === 'npm install *');
+    expect(userRule).toBeDefined();
+    expect(userRule!.scope).toBe('/projects/web');
+    expect(userRule!.decision).toBe('allow');
+    expect(userRule!.allowHighRisk).toBe(false);
+    expect(userRule!.executionTarget).toBe('sandbox');
+  });
+
+  test('partial metadata: only allowHighRisk is forwarded when others are absent', () => {
+    const { ctx } = createTestContext();
+    const msg: AddTrustRule = {
+      type: 'add_trust_rule',
+      toolName: 'bash',
+      pattern: 'docker *',
+      scope: 'everywhere',
+      decision: 'allow',
+      allowHighRisk: true,
+    };
+
+    handleAddTrustRule(msg, {} as net.Socket, ctx);
+
+    const rules = getAllRules();
+    const userRule = rules.find((r) => r.tool === 'bash' && r.pattern === 'docker *');
+    expect(userRule).toBeDefined();
+    expect(userRule!.allowHighRisk).toBe(true);
+    expect(userRule!.executionTarget).toBeUndefined();
+  });
+
+  test('partial metadata: only executionTarget is forwarded when others are absent', () => {
+    const { ctx } = createTestContext();
+    const msg: AddTrustRule = {
+      type: 'add_trust_rule',
+      toolName: 'bash',
+      pattern: 'curl *',
+      scope: 'everywhere',
+      decision: 'allow',
+      executionTarget: 'sandbox',
+    };
+
+    handleAddTrustRule(msg, {} as net.Socket, ctx);
+
+    const rules = getAllRules();
+    const userRule = rules.find((r) => r.tool === 'bash' && r.pattern === 'curl *');
+    expect(userRule).toBeDefined();
+    expect(userRule!.executionTarget).toBe('sandbox');
+    expect(userRule!.allowHighRisk).toBeUndefined();
+  });
+});

package/src/__tests__/handlers-cu-observation-blob.test.ts

@@ -45,6 +45,7 @@ mock.module('../util/logger.js', () => ({
 import { handleMessage, type HandlerContext } from '../daemon/handlers.js';
 import type { CuObservation, IpcBlobRef, ServerMessage } from '../daemon/ipc-contract.js';
 import { ComputerUseSession } from '../daemon/computer-use-session.js';
+import { DebouncerMap } from '../util/debounce.js';
 
 /** Write a blob file to the test blob directory and return the IpcBlobRef. */
 function writeBlobFile(content: Buffer, kind: IpcBlobRef['kind'], encoding: IpcBlobRef['encoding']): IpcBlobRef {
@@ -86,7 +87,7 @@ function createTestContext(sessionId: string): {
     cuObservationParseSequence: new Map(),
     socketSandboxOverride: new Map(),
     sharedRequestTimestamps: [],
-    debounceTimers: new Map(),
+    debounceTimers: new DebouncerMap({ defaultDelayMs: 200 }),
     suppressConfigReload: false,
     setSuppressConfigReload: () => {},
     updateConfigFingerprint: () => {},

package/src/__tests__/handlers-ipc-blob-probe.test.ts

@@ -44,6 +44,7 @@ mock.module('../util/logger.js', () => ({
 
 import { handleMessage, type HandlerContext } from '../daemon/handlers.js';
 import type { IpcBlobProbe, ServerMessage } from '../daemon/ipc-contract.js';
+import { DebouncerMap } from '../util/debounce.js';
 
 /** Write a probe file to the test blob directory. */
 function writeProbeFile(probeId: string, content: Buffer): string {
@@ -63,7 +64,7 @@ function createTestContext(): { ctx: HandlerContext; sent: ServerMessage[] } {
     cuObservationParseSequence: new Map(),
     socketSandboxOverride: new Map(),
     sharedRequestTimestamps: [],
-    debounceTimers: new Map(),
+    debounceTimers: new DebouncerMap({ defaultDelayMs: 200 }),
     suppressConfigReload: false,
     setSuppressConfigReload: () => {},
     updateConfigFingerprint: () => {},

package/src/__tests__/handlers-slack-config.test.ts

@@ -82,6 +82,7 @@ import type {
   ShareToSlackRequest,
   ServerMessage,
 } from '../daemon/ipc-contract.js';
+import { DebouncerMap } from '../util/debounce.js';
 
 function createTestContext(): { ctx: HandlerContext; sent: ServerMessage[] } {
   const sent: ServerMessage[] = [];
@@ -93,7 +94,7 @@ function createTestContext(): { ctx: HandlerContext; sent: ServerMessage[] } {
     cuObservationParseSequence: new Map(),
     socketSandboxOverride: new Map(),
     sharedRequestTimestamps: [],
-    debounceTimers: new Map(),
+    debounceTimers: new DebouncerMap({ defaultDelayMs: 200 }),
     suppressConfigReload: false,
     setSuppressConfigReload: () => {},
     updateConfigFingerprint: () => {},