vellum 0.2.13 → 0.2.14

package/src/__tests__/session-process-bridge.test.ts

@@ -0,0 +1,242 @@
+import { describe, test, expect, beforeEach, mock } from 'bun:test';
+import { mkdtempSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+const testDir = mkdtempSync(join(tmpdir(), 'session-process-bridge-test-'));
+
+// ── Platform + logger mocks ─────────────────────────────────────────
+
+mock.module('../util/platform.js', () => ({
+  getDataDir: () => testDir,
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getDbPath: () => join(testDir, 'test.db'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+}));
+
+mock.module('../util/logger.js', () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+mock.module('../config/loader.js', () => ({
+  getConfig: () => ({
+    apiKeys: { anthropic: 'test-key' },
+    model: 'claude-sonnet-4-20250514',
+    provider: 'anthropic',
+    memory: { enabled: false },
+    calls: { enabled: false },
+  }),
+}));
+
+// ── Mock the call bridge ─────────────────────────────────────────────
+
+import type { CallBridgeResult } from '../calls/call-bridge.js';
+
+const mockTryRouteCallMessage = mock(
+  (_convId: string, _text: string, _msgId?: string): Promise<CallBridgeResult> =>
+    Promise.resolve({ handled: false, reason: 'no_active_call' }),
+);
+
+mock.module('../calls/call-bridge.js', () => ({
+  tryRouteCallMessage: (...args: [string, string, string?]) => mockTryRouteCallMessage(...args),
+}));
+
+// ── Mock slash resolution ────────────────────────────────────────────
+
+mock.module('./session-slash.js', () => ({
+  resolveSlash: (content: string) => ({ kind: 'passthrough' as const, content }),
+}));
+
+// ── Import after mocks ──────────────────────────────────────────────
+
+import type { ServerMessage } from '../daemon/ipc-protocol.js';
+import type { ProcessSessionContext } from '../daemon/session-process.js';
+import { processMessage, drainQueue } from '../daemon/session-process.js';
+import { MessageQueue } from '../daemon/session-queue-manager.js';
+
+// ── Session mock factory ─────────────────────────────────────────────
+
+function createMockSession(overrides?: Partial<ProcessSessionContext>): ProcessSessionContext {
+  return {
+    conversationId: 'test-conv',
+    messages: [],
+    processing: false,
+    abortController: null,
+    currentRequestId: undefined,
+    queue: new MessageQueue(),
+    traceEmitter: {
+      emit: () => {},
+    } as unknown as ProcessSessionContext['traceEmitter'],
+    persistUserMessage: mock((_content: string, _attachments: unknown[], _requestId?: string) => 'mock-msg-id'),
+    runAgentLoop: mock(async () => {}),
+    ...overrides,
+  };
+}
+
+// ── Tests ────────────────────────────────────────────────────────────
+
+describe('session-process bridge consumption', () => {
+  beforeEach(() => {
+    mockTryRouteCallMessage.mockReset();
+  });
+
+  // ── Direct processMessage path ───────────────────────────────
+
+  test('processMessage emits assistant_text_delta + message_complete when bridge consumes with userFacingText', async () => {
+    mockTryRouteCallMessage.mockResolvedValue({
+      handled: true,
+      userFacingText: 'Instruction relayed to active call.',
+    });
+
+    const events: ServerMessage[] = [];
+    const onEvent = (msg: ServerMessage) => events.push(msg);
+    const session = createMockSession();
+
+    await processMessage(session, 'ask about pricing', [], onEvent);
+
+    // Should have emitted text delta then message_complete
+    const textDelta = events.find((e) => e.type === 'assistant_text_delta');
+    expect(textDelta).toBeDefined();
+    expect((textDelta as { text: string }).text).toBe('Instruction relayed to active call.');
+
+    const complete = events.find((e) => e.type === 'message_complete');
+    expect(complete).toBeDefined();
+
+    // Should NOT have called runAgentLoop
+    expect(session.runAgentLoop).not.toHaveBeenCalled();
+  });
+
+  test('processMessage emits failure text when bridge consumes with failure userFacingText', async () => {
+    mockTryRouteCallMessage.mockResolvedValue({
+      handled: true,
+      reason: 'instruction_relay_failed',
+      userFacingText: 'Failed to relay instruction to the active call.',
+    });
+
+    const events: ServerMessage[] = [];
+    const onEvent = (msg: ServerMessage) => events.push(msg);
+    const session = createMockSession();
+
+    await processMessage(session, 'change the topic', [], onEvent);
+
+    const textDelta = events.find((e) => e.type === 'assistant_text_delta');
+    expect(textDelta).toBeDefined();
+    expect((textDelta as { text: string }).text).toBe('Failed to relay instruction to the active call.');
+
+    const complete = events.find((e) => e.type === 'message_complete');
+    expect(complete).toBeDefined();
+
+    // Only one message_complete
+    const completeCount = events.filter((e) => e.type === 'message_complete').length;
+    expect(completeCount).toBe(1);
+
+    expect(session.runAgentLoop).not.toHaveBeenCalled();
+  });
+
+  test('processMessage skips text delta when bridge consumes without userFacingText', async () => {
+    mockTryRouteCallMessage.mockResolvedValue({
+      handled: true,
+    });
+
+    const events: ServerMessage[] = [];
+    const onEvent = (msg: ServerMessage) => events.push(msg);
+    const session = createMockSession();
+
+    await processMessage(session, 'hello', [], onEvent);
+
+    const textDelta = events.find((e) => e.type === 'assistant_text_delta');
+    expect(textDelta).toBeUndefined();
+
+    const complete = events.find((e) => e.type === 'message_complete');
+    expect(complete).toBeDefined();
+
+    expect(session.runAgentLoop).not.toHaveBeenCalled();
+  });
+
+  test('processMessage falls through to agent loop when bridge does not consume', async () => {
+    mockTryRouteCallMessage.mockResolvedValue({
+      handled: false,
+      reason: 'no_active_call',
+    });
+
+    const events: ServerMessage[] = [];
+    const onEvent = (msg: ServerMessage) => events.push(msg);
+    const session = createMockSession();
+
+    await processMessage(session, 'normal message', [], onEvent);
+
+    expect(session.runAgentLoop).toHaveBeenCalled();
+  });
+
+  // ── Queued routeOrProcess path ───────────────────────────────
+
+  test('drainQueue emits assistant_text_delta + message_complete for bridge-consumed queued message', async () => {
+    mockTryRouteCallMessage.mockResolvedValue({
+      handled: true,
+      userFacingText: 'Instruction relayed to active call.',
+    });
+
+    const events: ServerMessage[] = [];
+    const onEvent = (msg: ServerMessage) => events.push(msg);
+    const session = createMockSession({ processing: true });
+
+    // Enqueue a message
+    session.queue.push({
+      content: 'ask about pricing',
+      attachments: [],
+      requestId: 'req-1',
+      onEvent,
+    });
+
+    drainQueue(session);
+
+    // Wait for async routeOrProcess
+    await new Promise((r) => setTimeout(r, 50));
+
+    const textDelta = events.find((e) => e.type === 'assistant_text_delta');
+    expect(textDelta).toBeDefined();
+    expect((textDelta as { text: string }).text).toBe('Instruction relayed to active call.');
+
+    // message_complete (from dequeue + bridge consumption — only one expected for this request)
+    const completeEvents = events.filter((e) => e.type === 'message_complete');
+    expect(completeEvents.length).toBe(1);
+
+    expect(session.runAgentLoop).not.toHaveBeenCalled();
+  });
+
+  test('drainQueue emits failure text for bridge-consumed queued message with relay failure', async () => {
+    mockTryRouteCallMessage.mockResolvedValue({
+      handled: true,
+      reason: 'instruction_relay_failed',
+      userFacingText: 'Failed to relay instruction to the active call.',
+    });
+
+    const events: ServerMessage[] = [];
+    const onEvent = (msg: ServerMessage) => events.push(msg);
+    const session = createMockSession({ processing: true });
+
+    session.queue.push({
+      content: 'change the topic',
+      attachments: [],
+      requestId: 'req-2',
+      onEvent,
+    });
+
+    drainQueue(session);
+    await new Promise((r) => setTimeout(r, 50));
+
+    const textDelta = events.find((e) => e.type === 'assistant_text_delta');
+    expect(textDelta).toBeDefined();
+    expect((textDelta as { text: string }).text).toBe('Failed to relay instruction to the active call.');
+
+    expect(session.runAgentLoop).not.toHaveBeenCalled();
+  });
+});

package/src/__tests__/session-skill-tools.test.ts

@@ -2175,7 +2175,7 @@ describe('hash change re-prompt regressions (PR 35)', () => {
 // Version hash plumbing regression tests
 // Verify that createSkillToolsFromManifest receives the computed hash and
 // that projected tools carry ownerSkillVersionHash, which downstream
-// components (executor.ts) use to build version-bound policy principals.
+// components (executor.ts) use to build policy context.
 // ---------------------------------------------------------------------------
 
 describe('version hash plumbing to projected tools', () => {

package/src/__tests__/shell-identity.test.ts

@@ -0,0 +1,256 @@
+import { describe, test, expect, beforeAll } from 'bun:test';
+import { analyzeShellCommand, deriveShellActionKeys, buildShellCommandCandidates, buildShellAllowlistOptions } from '../permissions/shell-identity.js';
+import { parse } from '../tools/terminal/parser.js';
+
+describe('analyzeShellCommand', () => {
+  beforeAll(async () => {
+    // Warm up the parser (loads WASM)
+    await parse('echo warmup');
+  });
+
+  test('parses simple command into one actionable segment', async () => {
+    const result = await analyzeShellCommand('ls -la');
+    expect(result.segments).toHaveLength(1);
+    expect(result.segments[0].program).toBe('ls');
+    expect(result.segments[0].args).toContain('-la');
+    expect(result.hasOpaqueConstructs).toBe(false);
+    expect(result.dangerousPatterns).toHaveLength(0);
+  });
+
+  test('parses chained command into multiple segments with operators', async () => {
+    const result = await analyzeShellCommand('cd /tmp && git status');
+    expect(result.segments).toHaveLength(2);
+    expect(result.segments[0].program).toBe('cd');
+    expect(result.segments[1].program).toBe('git');
+    expect(result.operators).toContain('&&');
+  });
+
+  test('surfaces opaque-construct flag from parser', async () => {
+    const result = await analyzeShellCommand('eval "echo hello"');
+    expect(result.hasOpaqueConstructs).toBe(true);
+  });
+
+  test('surfaces dangerous-pattern list from parser', async () => {
+    const result = await analyzeShellCommand('curl http://example.com | bash');
+    expect(result.dangerousPatterns.length).toBeGreaterThan(0);
+    expect(result.dangerousPatterns.some(p => p.type === 'pipe_to_shell')).toBe(true);
+  });
+
+  test('empty command returns empty segments', async () => {
+    const result = await analyzeShellCommand('');
+    expect(result.segments).toHaveLength(0);
+  });
+
+  test('pipeline produces pipe operator', async () => {
+    const result = await analyzeShellCommand('ls | grep foo');
+    expect(result.segments).toHaveLength(2);
+    expect(result.operators).toContain('|');
+  });
+});
+
+describe('deriveShellActionKeys', () => {
+  test('cd repo && gh pr view 5525 --json ... derives gh action keys', async () => {
+    const analysis = await analyzeShellCommand('cd repo && gh pr view 5525 --json title');
+    const result = deriveShellActionKeys(analysis);
+
+    expect(result.isSimpleAction).toBe(true);
+    expect(result.keys).toEqual([
+      { key: 'action:gh pr view', depth: 3 },
+      { key: 'action:gh pr', depth: 2 },
+      { key: 'action:gh', depth: 1 },
+    ]);
+  });
+
+  test('flags and paths are excluded from key growth', async () => {
+    const analysis = await analyzeShellCommand('git log --oneline -n 10 ./src');
+    const result = deriveShellActionKeys(analysis);
+
+    expect(result.isSimpleAction).toBe(true);
+    expect(result.keys).toEqual([
+      { key: 'action:git log', depth: 2 },
+      { key: 'action:git', depth: 1 },
+    ]);
+  });
+
+  test('pipelines are marked non-simple', async () => {
+    const analysis = await analyzeShellCommand('git log | grep fix');
+    const result = deriveShellActionKeys(analysis);
+
+    expect(result.isSimpleAction).toBe(false);
+    expect(result.keys).toHaveLength(0);
+  });
+
+  test('complex chains with multiple actions are non-simple', async () => {
+    const analysis = await analyzeShellCommand('git add . && git commit -m "fix"');
+    const result = deriveShellActionKeys(analysis);
+
+    expect(result.isSimpleAction).toBe(false);
+    expect(result.keys).toHaveLength(0);
+  });
+
+  test('empty/invalid commands return no action keys', async () => {
+    const analysis = await analyzeShellCommand('');
+    const result = deriveShellActionKeys(analysis);
+
+    expect(result.isSimpleAction).toBe(false);
+    expect(result.keys).toHaveLength(0);
+  });
+
+  test('single program command produces single key', async () => {
+    const analysis = await analyzeShellCommand('ls -la');
+    const result = deriveShellActionKeys(analysis);
+
+    expect(result.isSimpleAction).toBe(true);
+    expect(result.keys).toEqual([
+      { key: 'action:ls', depth: 1 },
+    ]);
+  });
+
+  test('setup-prefix handling identifies primary action', async () => {
+    const analysis = await analyzeShellCommand('export PATH="/usr/bin:$PATH" && npm install');
+    const result = deriveShellActionKeys(analysis);
+
+    expect(result.isSimpleAction).toBe(true);
+    expect(result.keys).toEqual([
+      { key: 'action:npm install', depth: 2 },
+      { key: 'action:npm', depth: 1 },
+    ]);
+  });
+
+  test('OR chains (||) are marked non-simple', async () => {
+    const analysis = await analyzeShellCommand('cd repo || gh pr view 123');
+    const result = deriveShellActionKeys(analysis);
+
+    expect(result.isSimpleAction).toBe(false);
+    expect(result.keys).toHaveLength(0);
+  });
+
+  test('semicolon chains (;) are marked non-simple', async () => {
+    const analysis = await analyzeShellCommand('cd repo; gh pr view 123');
+    const result = deriveShellActionKeys(analysis);
+
+    expect(result.isSimpleAction).toBe(false);
+    expect(result.keys).toHaveLength(0);
+  });
+
+  test('newline-separated commands are marked non-simple', async () => {
+    const analysis = await analyzeShellCommand('cd repo\ngh pr view 123');
+    const result = deriveShellActionKeys(analysis);
+    expect(result.isSimpleAction).toBe(false);
+    expect(result.keys).toHaveLength(0);
+  });
+
+  test('background operator (&) chains are marked non-simple', async () => {
+    const analysis = await analyzeShellCommand('sleep 5 & echo done');
+    const result = deriveShellActionKeys(analysis);
+    expect(result.isSimpleAction).toBe(false);
+    expect(result.keys).toHaveLength(0);
+  });
+
+  test('numeric arguments are excluded from keys', async () => {
+    const analysis = await analyzeShellCommand('gh pr view 5525');
+    const result = deriveShellActionKeys(analysis);
+
+    expect(result.isSimpleAction).toBe(true);
+    expect(result.keys).toEqual([
+      { key: 'action:gh pr view', depth: 3 },
+      { key: 'action:gh pr', depth: 2 },
+      { key: 'action:gh', depth: 1 },
+    ]);
+  });
+});
+
+describe('buildShellCommandCandidates', () => {
+  test('raw candidate is always present', async () => {
+    const candidates = await buildShellCommandCandidates('ls -la');
+    expect(candidates[0]).toBe('ls -la');
+  });
+
+  test('simple action adds canonical and action candidates', async () => {
+    const candidates = await buildShellCommandCandidates('cd repo && gh pr view 5525 --json title');
+    expect(candidates[0]).toBe('cd repo && gh pr view 5525 --json title');
+    // Should include the canonical primary command
+    expect(candidates).toContain('gh pr view 5525 --json title');
+    // Should include action keys
+    expect(candidates).toContain('action:gh pr view');
+    expect(candidates).toContain('action:gh pr');
+    expect(candidates).toContain('action:gh');
+  });
+
+  test('complex command returns raw-only', async () => {
+    const candidates = await buildShellCommandCandidates('git add . && git commit -m "fix"');
+    expect(candidates).toEqual(['git add . && git commit -m "fix"']);
+  });
+
+  test('pipeline returns raw-only', async () => {
+    const candidates = await buildShellCommandCandidates('git log | grep fix');
+    expect(candidates).toEqual(['git log | grep fix']);
+  });
+
+  test('candidate order is stable', async () => {
+    const c1 = await buildShellCommandCandidates('npm install express');
+    const c2 = await buildShellCommandCandidates('npm install express');
+    expect(c1).toEqual(c2);
+  });
+
+  test('empty command returns raw', async () => {
+    const candidates = await buildShellCommandCandidates('');
+    expect(candidates).toEqual(['']);
+  });
+
+  test('semicolon chain returns raw-only', async () => {
+    const candidates = await buildShellCommandCandidates('cd repo; gh pr view 123');
+    expect(candidates).toHaveLength(1);
+  });
+
+  test('deduplication preserves order', async () => {
+    // Single command — raw and canonical are the same
+    const candidates = await buildShellCommandCandidates('git status');
+    // raw is 'git status', canonical would also be 'git status' (same segment)
+    // so it should be deduped to just once
+    const gitStatusCount = candidates.filter(c => c === 'git status').length;
+    expect(gitStatusCount).toBe(1);
+  });
+});
+
+describe('buildShellAllowlistOptions — complex command restrictions', () => {
+  test('chain with && offers exact only', async () => {
+    const options = await buildShellAllowlistOptions('gh pr view 123 && rm -rf /');
+    expect(options).toHaveLength(1);
+    expect(options[0].pattern).toBe('gh pr view 123 && rm -rf /');
+    expect(options[0].description).toContain('compound');
+  });
+
+  test('pipeline offers exact only', async () => {
+    const options = await buildShellAllowlistOptions('cat file.txt | grep error | wc -l');
+    expect(options).toHaveLength(1);
+    expect(options[0].pattern).toBe('cat file.txt | grep error | wc -l');
+    expect(options[0].description).toContain('compound');
+  });
+
+  test('semicolon chain offers exact only', async () => {
+    const options = await buildShellAllowlistOptions('cd repo; gh pr view 123');
+    expect(options).toHaveLength(1);
+    expect(options[0].description).toContain('compound');
+  });
+
+  test('newline-separated commands offer exact only', async () => {
+    const options = await buildShellAllowlistOptions('cd repo\ngh pr view 123');
+    expect(options).toHaveLength(1);
+    expect(options[0].description).toContain('compound');
+  });
+
+  test('setup-prefix + single-action still gets action-key options', async () => {
+    const options = await buildShellAllowlistOptions('cd /repo && npm install express');
+    expect(options.length).toBeGreaterThan(1);
+    expect(options.some(o => o.pattern.startsWith('action:'))).toBe(true);
+  });
+
+  test('simple single command gets action-key options', async () => {
+    const options = await buildShellAllowlistOptions('npm install express');
+    expect(options.length).toBeGreaterThan(1);
+    expect(options[0].pattern).toBe('npm install express');
+    expect(options.some(o => o.pattern === 'action:npm install')).toBe(true);
+    expect(options.some(o => o.pattern === 'action:npm')).toBe(true);
+  });
+});

package/src/__tests__/skill-projection.benchmark.test.ts

@@ -211,10 +211,12 @@ describe('Skill projection benchmark', () => {
     // Warm the cache
     const warmResult = projectSkillTools(history, { cache, previouslyActiveSkillIds: prevActive });
 
-    // Snapshot cache object references after warm-up
+    // Snapshot cache object references and cardinality after warm-up
     const derivedAfterWarm = cache.derived!;
     const entriesAfterWarm = cache.derived!.entries;
+    const entriesCountAfterWarm = cache.derived!.entries.length;
     const seenIdsAfterWarm = cache.derived!.seenIds;
+    const seenIdsSizeAfterWarm = cache.derived!.seenIds.size;
 
     // Second call with identical history — should hit cache fast path
     let cachedResult: ReturnType<typeof projectSkillTools> | undefined;
@@ -233,6 +235,9 @@ describe('Skill projection benchmark', () => {
     expect(cache.derived).toBe(derivedAfterWarm);
     expect(cache.derived!.entries).toBe(entriesAfterWarm);
     expect(cache.derived!.seenIds).toBe(seenIdsAfterWarm);
+    // Assert cardinality unchanged — catches in-place mutation (e.g., appended duplicates)
+    expect(cache.derived!.entries.length).toBe(entriesCountAfterWarm);
+    expect(cache.derived!.seenIds.size).toBe(seenIdsSizeAfterWarm);
 
     // Assert tool definitions are identical between warm and cached calls
     expect(cachedResult!.toolDefinitions.length).toBe(warmResult.toolDefinitions.length);
@@ -256,7 +261,9 @@ describe('Skill projection benchmark', () => {
     expect(cache.derived).toBeDefined();
     const snapshotDerived = cache.derived!;
     const snapshotEntries = cache.derived!.entries;
+    const snapshotEntriesCount = cache.derived!.entries.length;
     const snapshotSeenIds = cache.derived!.seenIds;
+    const snapshotSeenIdsSize = cache.derived!.seenIds.size;
 
     // Run multiple subsequent calls with unchanged history
     for (let i = 0; i < 5; i++) {
@@ -266,6 +273,9 @@ describe('Skill projection benchmark', () => {
       expect(cache.derived).toBe(snapshotDerived);
       expect(cache.derived!.entries).toBe(snapshotEntries);
       expect(cache.derived!.seenIds).toBe(snapshotSeenIds);
+      // Cardinality must be unchanged — guards against in-place mutation (e.g., growing entries while reusing same object)
+      expect(cache.derived!.entries.length).toBe(snapshotEntriesCount);
+      expect(cache.derived!.seenIds.size).toBe(snapshotSeenIdsSize);
 
       // Tool definitions must match the first call exactly
       expect(result.toolDefinitions.length).toBe(firstResult.toolDefinitions.length);