vellum 0.2.13 → 0.2.14

package/src/__tests__/channel-approval.test.ts

@@ -0,0 +1,266 @@
+import { describe, test, expect, beforeEach, afterAll, mock } from 'bun:test';
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+// ---------------------------------------------------------------------------
+// Test isolation: in-memory SQLite via temp directory
+// ---------------------------------------------------------------------------
+
+const testDir = mkdtempSync(join(tmpdir(), 'channel-approval-test-'));
+
+mock.module('../util/platform.js', () => ({
+  getDataDir: () => testDir,
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getDbPath: () => join(testDir, 'test.db'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+}));
+
+mock.module('../util/logger.js', () => ({
+  getLogger: () => new Proxy({} as Record<string, unknown>, {
+    get: () => () => {},
+  }),
+}));
+
+import { initializeDb, resetDb } from '../memory/db.js';
+import {
+  createRun,
+  setRunConfirmation,
+  getPendingConfirmationsByConversation,
+} from '../memory/runs-store.js';
+import type { PendingConfirmation } from '../memory/runs-store.js';
+import { parseApprovalDecision } from '../runtime/channel-approval-parser.js';
+
+initializeDb();
+
+afterAll(() => {
+  resetDb();
+  try { rmSync(testDir, { recursive: true }); } catch { /* best effort */ }
+});
+
+// ---------------------------------------------------------------------------
+// Helper: insert a conversation so FK constraints pass
+// ---------------------------------------------------------------------------
+
+function ensureConversation(conversationId: string): void {
+  const { getDb } = require('../memory/db.js');
+  const db = getDb();
+  const { conversations } = require('../memory/schema.js');
+  try {
+    db.insert(conversations).values({
+      id: conversationId,
+      createdAt: Date.now(),
+      updatedAt: Date.now(),
+    }).run();
+  } catch {
+    // already exists
+  }
+}
+
+function resetTables(): void {
+  const { getDb } = require('../memory/db.js');
+  const db = getDb();
+  db.run('DELETE FROM message_runs');
+  db.run('DELETE FROM conversations');
+}
+
+// ═══════════════════════════════════════════════════════════════════════════
+// 1. Plain-text approval decision parser
+// ═══════════════════════════════════════════════════════════════════════════
+
+describe('parseApprovalDecision', () => {
+  // ── Approve once ──────────────────────────────────────────────────
+
+  test.each([
+    'yes',
+    'Yes',
+    'YES',
+    'approve',
+    'Approve',
+    'APPROVE',
+    'allow',
+    'Allow',
+    'go ahead',
+    'Go Ahead',
+    'GO AHEAD',
+  ])('recognises "%s" as approve_once', (input) => {
+    const result = parseApprovalDecision(input);
+    expect(result).not.toBeNull();
+    expect(result!.action).toBe('approve_once');
+    expect(result!.source).toBe('plain_text');
+  });
+
+  // ── Approve always ────────────────────────────────────────────────
+
+  test.each([
+    'always',
+    'Always',
+    'ALWAYS',
+    'approve always',
+    'Approve Always',
+    'APPROVE ALWAYS',
+    'allow always',
+    'Allow Always',
+    'ALLOW ALWAYS',
+  ])('recognises "%s" as approve_always', (input) => {
+    const result = parseApprovalDecision(input);
+    expect(result).not.toBeNull();
+    expect(result!.action).toBe('approve_always');
+    expect(result!.source).toBe('plain_text');
+  });
+
+  // ── Reject ────────────────────────────────────────────────────────
+
+  test.each([
+    'no',
+    'No',
+    'NO',
+    'reject',
+    'Reject',
+    'REJECT',
+    'deny',
+    'Deny',
+    'DENY',
+    'cancel',
+    'Cancel',
+    'CANCEL',
+  ])('recognises "%s" as reject', (input) => {
+    const result = parseApprovalDecision(input);
+    expect(result).not.toBeNull();
+    expect(result!.action).toBe('reject');
+    expect(result!.source).toBe('plain_text');
+  });
+
+  // ── Whitespace handling ───────────────────────────────────────────
+
+  test('trims leading and trailing whitespace', () => {
+    const result = parseApprovalDecision('  approve  ');
+    expect(result).not.toBeNull();
+    expect(result!.action).toBe('approve_once');
+  });
+
+  test('trims tabs and newlines', () => {
+    const result = parseApprovalDecision('\t\nreject\n\t');
+    expect(result).not.toBeNull();
+    expect(result!.action).toBe('reject');
+  });
+
+  // ── Non-matching text ─────────────────────────────────────────────
+
+  test.each([
+    '',
+    '   ',
+    'hello',
+    'please approve this',
+    'I approve',
+    'yes please',
+    'nope',
+    'approved',
+    'allow me',
+    'go',
+    'ahead',
+    'maybe',
+    'approve once',
+  ])('returns null for non-matching text: "%s"', (input) => {
+    expect(parseApprovalDecision(input)).toBeNull();
+  });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════
+// 2. Pending-run lookup helpers
+// ═══════════════════════════════════════════════════════════════════════════
+
+describe('getPendingConfirmationsByConversation', () => {
+  beforeEach(() => {
+    resetTables();
+  });
+
+  const sampleConfirmation: PendingConfirmation = {
+    toolName: 'shell',
+    toolUseId: 'req-abc-123',
+    input: { command: 'rm -rf /tmp/test' },
+    riskLevel: 'high',
+  };
+
+  test('returns empty array when no runs exist', () => {
+    ensureConversation('conv-1');
+    const result = getPendingConfirmationsByConversation('conv-1');
+    expect(result).toEqual([]);
+  });
+
+  test('returns empty array when no runs need confirmation', () => {
+    ensureConversation('conv-1');
+    createRun('conv-1', 'msg-1');
+    const result = getPendingConfirmationsByConversation('conv-1');
+    expect(result).toEqual([]);
+  });
+
+  test('returns pending confirmation for a run needing confirmation', () => {
+    ensureConversation('conv-1');
+    const run = createRun('conv-1', 'msg-1');
+    setRunConfirmation(run.id, sampleConfirmation);
+
+    const result = getPendingConfirmationsByConversation('conv-1');
+    expect(result).toHaveLength(1);
+    expect(result[0].runId).toBe(run.id);
+    expect(result[0].requestId).toBe('req-abc-123');
+    expect(result[0].toolName).toBe('shell');
+    expect(result[0].input).toEqual({ command: 'rm -rf /tmp/test' });
+    expect(result[0].riskLevel).toBe('high');
+  });
+
+  test('only returns runs for the specified conversation', () => {
+    ensureConversation('conv-1');
+    ensureConversation('conv-2');
+
+    const run1 = createRun('conv-1', 'msg-1');
+    const run2 = createRun('conv-2', 'msg-2');
+    setRunConfirmation(run1.id, sampleConfirmation);
+    setRunConfirmation(run2.id, { ...sampleConfirmation, toolUseId: 'req-def-456' });
+
+    const result1 = getPendingConfirmationsByConversation('conv-1');
+    expect(result1).toHaveLength(1);
+    expect(result1[0].runId).toBe(run1.id);
+
+    const result2 = getPendingConfirmationsByConversation('conv-2');
+    expect(result2).toHaveLength(1);
+    expect(result2[0].runId).toBe(run2.id);
+  });
+
+  test('returns multiple pending runs for the same conversation', () => {
+    ensureConversation('conv-1');
+
+    const run1 = createRun('conv-1', 'msg-1');
+    const run2 = createRun('conv-1', 'msg-2');
+    setRunConfirmation(run1.id, sampleConfirmation);
+    setRunConfirmation(run2.id, { ...sampleConfirmation, toolUseId: 'req-ghi-789', toolName: 'file_edit' });
+
+    const result = getPendingConfirmationsByConversation('conv-1');
+    expect(result).toHaveLength(2);
+
+    const runIds = result.map((r) => r.runId).sort();
+    expect(runIds).toContain(run1.id);
+    expect(runIds).toContain(run2.id);
+  });
+
+  test('excludes completed and failed runs', () => {
+    ensureConversation('conv-1');
+
+    const run1 = createRun('conv-1', 'msg-1');
+    const run2 = createRun('conv-1', 'msg-2');
+    const run3 = createRun('conv-1', 'msg-3');
+
+    setRunConfirmation(run1.id, sampleConfirmation);
+    // run2 stays in 'running' state
+    // run3 gets confirmation then completes — simulated by not setting confirmation
+
+    const result = getPendingConfirmationsByConversation('conv-1');
+    expect(result).toHaveLength(1);
+    expect(result[0].runId).toBe(run1.id);
+  });
+});

package/src/__tests__/channel-approvals.test.ts

@@ -0,0 +1,393 @@
+import { describe, test, expect, beforeEach, afterAll, mock, spyOn } from 'bun:test';
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+// ---------------------------------------------------------------------------
+// Test isolation: in-memory SQLite via temp directory
+// ---------------------------------------------------------------------------
+
+const testDir = mkdtempSync(join(tmpdir(), 'channel-approvals-test-'));
+
+mock.module('../util/platform.js', () => ({
+  getRootDir: () => testDir,
+  getDataDir: () => testDir,
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getDbPath: () => join(testDir, 'test.db'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+}));
+
+mock.module('../util/logger.js', () => ({
+  getLogger: () => new Proxy({} as Record<string, unknown>, {
+    get: () => () => {},
+  }),
+}));
+
+import { initializeDb, getDb, resetDb } from '../memory/db.js';
+import {
+  createRun,
+  setRunConfirmation,
+} from '../memory/runs-store.js';
+import type { PendingConfirmation, PendingRunInfo } from '../memory/runs-store.js';
+import type { RunOrchestrator } from '../runtime/run-orchestrator.js';
+import {
+  getChannelApprovalPrompt,
+  buildApprovalUIMetadata,
+  handleChannelDecision,
+  buildReminderPrompt,
+} from '../runtime/channel-approvals.js';
+import type { ApprovalDecisionResult, ChannelApprovalPrompt } from '../runtime/channel-approval-types.js';
+import * as trustStore from '../permissions/trust-store.js';
+
+initializeDb();
+
+afterAll(() => {
+  resetDb();
+  try { rmSync(testDir, { recursive: true }); } catch { /* best effort */ }
+});
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function ensureConversation(conversationId: string): void {
+  const db = getDb();
+  try {
+    db.run(
+      `INSERT INTO conversations (id, createdAt, updatedAt) VALUES (?, ?, ?)`,
+      [conversationId, Date.now(), Date.now()],
+    );
+  } catch {
+    // already exists
+  }
+}
+
+function resetTables(): void {
+  const db = getDb();
+  db.run('DELETE FROM message_runs');
+  db.run('DELETE FROM conversations');
+}
+
+const sampleConfirmation: PendingConfirmation = {
+  toolName: 'shell',
+  toolUseId: 'req-abc-123',
+  input: { command: 'rm -rf /tmp/test' },
+  riskLevel: 'high',
+  allowlistOptions: [{ label: 'rm -rf /tmp/test', pattern: 'rm -rf /tmp/test' }],
+  scopeOptions: [{ label: 'everywhere', scope: 'everywhere' }],
+};
+
+function makeMockOrchestrator(
+  submitResult: 'applied' | 'run_not_found' | 'no_pending_decision' = 'applied',
+): RunOrchestrator {
+  return {
+    submitDecision: mock(() => submitResult),
+  } as unknown as RunOrchestrator;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════
+// 1. getChannelApprovalPrompt
+// ═══════════════════════════════════════════════════════════════════════════
+
+describe('getChannelApprovalPrompt', () => {
+  beforeEach(() => {
+    resetTables();
+  });
+
+  test('returns null when no pending runs exist', () => {
+    ensureConversation('conv-1');
+    const result = getChannelApprovalPrompt('conv-1');
+    expect(result).toBeNull();
+  });
+
+  test('returns null when runs exist but none need confirmation', () => {
+    ensureConversation('conv-1');
+    createRun('conv-1', 'msg-1');
+    const result = getChannelApprovalPrompt('conv-1');
+    expect(result).toBeNull();
+  });
+
+  test('returns a prompt when a run needs confirmation', () => {
+    ensureConversation('conv-1');
+    const run = createRun('conv-1', 'msg-1');
+    setRunConfirmation(run.id, sampleConfirmation);
+
+    const result = getChannelApprovalPrompt('conv-1');
+    expect(result).not.toBeNull();
+    expect(result!.promptText).toContain('shell');
+    expect(result!.actions).toHaveLength(3);
+    expect(result!.actions.map((a) => a.id)).toEqual([
+      'approve_once',
+      'approve_always',
+      'reject',
+    ]);
+    expect(result!.plainTextFallback).toContain('yes');
+    expect(result!.plainTextFallback).toContain('always');
+    expect(result!.plainTextFallback).toContain('no');
+  });
+
+  test('uses the first pending run when multiple exist', () => {
+    ensureConversation('conv-1');
+    const run1 = createRun('conv-1', 'msg-1');
+    const run2 = createRun('conv-1', 'msg-2');
+    setRunConfirmation(run1.id, sampleConfirmation);
+    setRunConfirmation(run2.id, {
+      ...sampleConfirmation,
+      toolName: 'file_edit',
+      toolUseId: 'req-def-456',
+    });
+
+    const result = getChannelApprovalPrompt('conv-1');
+    expect(result).not.toBeNull();
+    // Should contain one of the tool names (the first pending run)
+    expect(result!.promptText).toMatch(/shell|file_edit/);
+  });
+
+  test('does not return prompts for other conversations', () => {
+    ensureConversation('conv-1');
+    ensureConversation('conv-2');
+    const run = createRun('conv-1', 'msg-1');
+    setRunConfirmation(run.id, sampleConfirmation);
+
+    const result = getChannelApprovalPrompt('conv-2');
+    expect(result).toBeNull();
+  });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════
+// 2. buildApprovalUIMetadata
+// ═══════════════════════════════════════════════════════════════════════════
+
+describe('buildApprovalUIMetadata', () => {
+  test('maps prompt and run info to UI metadata', () => {
+    const prompt: ChannelApprovalPrompt = {
+      promptText: 'Allow shell?',
+      actions: [
+        { id: 'approve_once', label: 'Approve once' },
+        { id: 'reject', label: 'Reject' },
+      ],
+      plainTextFallback: 'Reply yes or no.',
+    };
+
+    const runInfo: PendingRunInfo = {
+      runId: 'run-123',
+      requestId: 'req-abc',
+      toolName: 'shell',
+      input: { command: 'ls' },
+      riskLevel: 'low',
+    };
+
+    const metadata = buildApprovalUIMetadata(prompt, runInfo);
+    expect(metadata.runId).toBe('run-123');
+    expect(metadata.requestId).toBe('req-abc');
+    expect(metadata.actions).toEqual(prompt.actions);
+    expect(metadata.plainTextFallback).toBe('Reply yes or no.');
+  });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════
+// 3. handleChannelDecision
+// ═══════════════════════════════════════════════════════════════════════════
+
+describe('handleChannelDecision', () => {
+  beforeEach(() => {
+    resetTables();
+  });
+
+  test('returns applied: false when no pending runs exist', () => {
+    ensureConversation('conv-1');
+    const orchestrator = makeMockOrchestrator();
+    const decision: ApprovalDecisionResult = {
+      action: 'approve_once',
+      source: 'plain_text',
+    };
+
+    const result = handleChannelDecision('conv-1', decision, orchestrator);
+    expect(result.applied).toBe(false);
+    expect(result.runId).toBeUndefined();
+  });
+
+  test('approves once via orchestrator.submitDecision with "allow"', () => {
+    ensureConversation('conv-1');
+    const run = createRun('conv-1', 'msg-1');
+    setRunConfirmation(run.id, sampleConfirmation);
+
+    const orchestrator = makeMockOrchestrator();
+    const decision: ApprovalDecisionResult = {
+      action: 'approve_once',
+      source: 'plain_text',
+    };
+
+    const result = handleChannelDecision('conv-1', decision, orchestrator);
+    expect(result.applied).toBe(true);
+    expect(result.runId).toBe(run.id);
+    expect(orchestrator.submitDecision).toHaveBeenCalledWith(run.id, 'allow');
+  });
+
+  test('rejects via orchestrator.submitDecision with "deny"', () => {
+    ensureConversation('conv-1');
+    const run = createRun('conv-1', 'msg-1');
+    setRunConfirmation(run.id, sampleConfirmation);
+
+    const orchestrator = makeMockOrchestrator();
+    const decision: ApprovalDecisionResult = {
+      action: 'reject',
+      source: 'telegram_button',
+    };
+
+    const result = handleChannelDecision('conv-1', decision, orchestrator);
+    expect(result.applied).toBe(true);
+    expect(result.runId).toBe(run.id);
+    expect(orchestrator.submitDecision).toHaveBeenCalledWith(run.id, 'deny');
+  });
+
+  test('approve_always adds a trust rule and submits "allow"', () => {
+    ensureConversation('conv-1');
+    const run = createRun('conv-1', 'msg-1');
+    setRunConfirmation(run.id, {
+      ...sampleConfirmation,
+      executionTarget: 'sandbox',
+      allowlistOptions: [{ label: 'rm pattern', pattern: 'rm -rf *' }],
+      scopeOptions: [{ label: 'project dir', scope: '/tmp/project' }],
+    });
+
+    const addRuleSpy = spyOn(trustStore, 'addRule');
+    const orchestrator = makeMockOrchestrator();
+    const decision: ApprovalDecisionResult = {
+      action: 'approve_always',
+      source: 'plain_text',
+    };
+
+    const result = handleChannelDecision('conv-1', decision, orchestrator);
+    expect(result.applied).toBe(true);
+    expect(result.runId).toBe(run.id);
+
+    // Trust rule added with first allowlist and scope option
+    expect(addRuleSpy).toHaveBeenCalledWith(
+      'shell',
+      'rm -rf *',
+      '/tmp/project',
+      'allow',
+      100,
+      { executionTarget: 'sandbox' },
+    );
+
+    // The run is still approved with a simple "allow"
+    expect(orchestrator.submitDecision).toHaveBeenCalledWith(run.id, 'allow');
+
+    addRuleSpy.mockRestore();
+  });
+
+  test('approve_always falls back to "**" / "everywhere" when no options available', () => {
+    ensureConversation('conv-1');
+    const run = createRun('conv-1', 'msg-1');
+    setRunConfirmation(run.id, {
+      toolName: 'bash',
+      toolUseId: 'req-no-opts',
+      input: { command: 'echo hi' },
+      riskLevel: 'low',
+      // No allowlistOptions or scopeOptions
+    });
+
+    const addRuleSpy = spyOn(trustStore, 'addRule');
+    const orchestrator = makeMockOrchestrator();
+    const decision: ApprovalDecisionResult = {
+      action: 'approve_always',
+      source: 'telegram_button',
+    };
+
+    handleChannelDecision('conv-1', decision, orchestrator);
+
+    expect(addRuleSpy).toHaveBeenCalledWith(
+      'bash',
+      '**',
+      'everywhere',
+      'allow',
+      100,
+      { executionTarget: undefined },
+    );
+
+    addRuleSpy.mockRestore();
+  });
+
+  test('returns applied: false when orchestrator cannot apply decision', () => {
+    ensureConversation('conv-1');
+    const run = createRun('conv-1', 'msg-1');
+    setRunConfirmation(run.id, sampleConfirmation);
+
+    const orchestrator = makeMockOrchestrator('no_pending_decision');
+    const decision: ApprovalDecisionResult = {
+      action: 'approve_once',
+      source: 'plain_text',
+    };
+
+    const result = handleChannelDecision('conv-1', decision, orchestrator);
+    expect(result.applied).toBe(false);
+    expect(result.runId).toBe(run.id);
+  });
+});
+
+// ═══════════════════════════════════════════════════════════════════════════
+// 4. buildReminderPrompt
+// ═══════════════════════════════════════════════════════════════════════════
+
+describe('buildReminderPrompt', () => {
+  test('prefixes promptText with a reminder', () => {
+    const original: ChannelApprovalPrompt = {
+      promptText: 'Allow shell?',
+      actions: [
+        { id: 'approve_once', label: 'Approve once' },
+        { id: 'reject', label: 'Reject' },
+      ],
+      plainTextFallback: 'Reply yes or no.',
+    };
+
+    const reminder = buildReminderPrompt(original);
+    expect(reminder.promptText).toContain("I'm still waiting");
+    expect(reminder.promptText).toContain('Allow shell?');
+  });
+
+  test('preserves the original actions', () => {
+    const original: ChannelApprovalPrompt = {
+      promptText: 'Approve file_edit?',
+      actions: [
+        { id: 'approve_once', label: 'Approve once' },
+        { id: 'approve_always', label: 'Approve always' },
+        { id: 'reject', label: 'Reject' },
+      ],
+      plainTextFallback: 'Reply yes, always, or no.',
+    };
+
+    const reminder = buildReminderPrompt(original);
+    expect(reminder.actions).toEqual(original.actions);
+  });
+
+  test('prefixes plainTextFallback with a reminder', () => {
+    const original: ChannelApprovalPrompt = {
+      promptText: 'Allow bash?',
+      actions: [],
+      plainTextFallback: 'Reply yes or no.',
+    };
+
+    const reminder = buildReminderPrompt(original);
+    expect(reminder.plainTextFallback).toContain("I'm still waiting");
+    expect(reminder.plainTextFallback).toContain('Reply yes or no.');
+  });
+
+  test('does not mutate the original prompt', () => {
+    const original: ChannelApprovalPrompt = {
+      promptText: 'Allow grep?',
+      actions: [{ id: 'approve_once', label: 'Approve once' }],
+      plainTextFallback: 'Reply yes.',
+    };
+
+    const originalText = original.promptText;
+    buildReminderPrompt(original);
+    expect(original.promptText).toBe(originalText);
+  });
+});