vellum 0.2.2 → 0.2.8

package/src/__tests__/handlers-twilio-config.test.ts

@@ -0,0 +1,221 @@
+import { describe, test, expect, mock, beforeEach } from 'bun:test';
+import { mkdtempSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import * as net from 'node:net';
+
+const testDir = mkdtempSync(join(tmpdir(), 'handlers-twilio-cfg-test-'));
+
+let rawConfigStore: Record<string, unknown> = {};
+const saveRawConfigCalls: Record<string, unknown>[] = [];
+
+mock.module('../config/loader.js', () => ({
+  getConfig: () => ({}),
+  loadConfig: () => ({}),
+  loadRawConfig: () => ({ ...rawConfigStore }),
+  saveRawConfig: (cfg: Record<string, unknown>) => {
+    saveRawConfigCalls.push(cfg);
+    rawConfigStore = { ...cfg };
+  },
+  saveConfig: () => {},
+  invalidateConfigCache: () => {},
+}));
+
+mock.module('../util/platform.js', () => ({
+  getRootDir: () => testDir,
+  getDataDir: () => testDir,
+  getIpcBlobDir: () => join(testDir, 'ipc-blobs'),
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getDbPath: () => join(testDir, 'test.db'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+}));
+
+mock.module('../util/logger.js', () => ({
+  getLogger: () => ({
+    info: () => {},
+    warn: () => {},
+    error: () => {},
+    debug: () => {},
+    trace: () => {},
+    fatal: () => {},
+    child: () => ({
+      info: () => {},
+      warn: () => {},
+      error: () => {},
+      debug: () => {},
+    }),
+  }),
+}));
+
+mock.module('../memory/app-store.js', () => ({
+  queryAppRecords: () => [],
+  createAppRecord: () => {},
+  updateAppRecord: () => {},
+  deleteAppRecord: () => {},
+  listApps: () => [],
+  getApp: () => undefined,
+  createApp: () => {},
+  updateApp: () => {},
+}));
+
+mock.module('../slack/slack-webhook.js', () => ({
+  postToSlackWebhook: async () => {},
+}));
+
+import { handleMessage, type HandlerContext } from '../daemon/handlers.js';
+import type {
+  TwilioWebhookConfigRequest,
+  ServerMessage,
+} from '../daemon/ipc-contract.js';
+
+function createTestContext(): { ctx: HandlerContext; sent: ServerMessage[] } {
+  const sent: ServerMessage[] = [];
+  const ctx: HandlerContext = {
+    sessions: new Map(),
+    socketToSession: new Map(),
+    cuSessions: new Map(),
+    socketToCuSession: new Map(),
+    cuObservationParseSequence: new Map(),
+    socketSandboxOverride: new Map(),
+    sharedRequestTimestamps: [],
+    debounceTimers: new Map(),
+    suppressConfigReload: false,
+    setSuppressConfigReload: () => {},
+    updateConfigFingerprint: () => {},
+    send: (_socket, msg) => { sent.push(msg); },
+    broadcast: () => {},
+    clearAllSessions: () => 0,
+    getOrCreateSession: () => { throw new Error('not implemented'); },
+    touchSession: () => {},
+  };
+  return { ctx, sent };
+}
+
+describe('Twilio webhook config handler', () => {
+  beforeEach(() => {
+    rawConfigStore = {};
+    saveRawConfigCalls.length = 0;
+  });
+
+  test('get returns empty string when no config set', () => {
+    rawConfigStore = {};
+
+    const msg: TwilioWebhookConfigRequest = {
+      type: 'twilio_webhook_config',
+      action: 'get',
+    };
+
+    const { ctx, sent } = createTestContext();
+    handleMessage(msg, {} as net.Socket, ctx);
+
+    expect(sent).toHaveLength(1);
+    const res = sent[0] as { type: string; webhookBaseUrl: string; success: boolean };
+    expect(res.type).toBe('twilio_webhook_config_response');
+    expect(res.success).toBe(true);
+    expect(res.webhookBaseUrl).toBe('');
+  });
+
+  test('set persists value and returns it', () => {
+    rawConfigStore = {};
+
+    const msg: TwilioWebhookConfigRequest = {
+      type: 'twilio_webhook_config',
+      action: 'set',
+      webhookBaseUrl: 'https://example.com/twilio',
+    };
+
+    const { ctx, sent } = createTestContext();
+    handleMessage(msg, {} as net.Socket, ctx);
+
+    expect(sent).toHaveLength(1);
+    const res = sent[0] as { type: string; webhookBaseUrl: string; success: boolean };
+    expect(res.type).toBe('twilio_webhook_config_response');
+    expect(res.success).toBe(true);
+    expect(res.webhookBaseUrl).toBe('https://example.com/twilio');
+
+    expect(saveRawConfigCalls).toHaveLength(1);
+    const saved = saveRawConfigCalls[0] as { calls?: { webhookBaseUrl?: string } };
+    expect(saved.calls?.webhookBaseUrl).toBe('https://example.com/twilio');
+  });
+
+  test('set normalizes trailing slashes', () => {
+    rawConfigStore = {};
+
+    const msg: TwilioWebhookConfigRequest = {
+      type: 'twilio_webhook_config',
+      action: 'set',
+      webhookBaseUrl: 'https://example.com/twilio///',
+    };
+
+    const { ctx, sent } = createTestContext();
+    handleMessage(msg, {} as net.Socket, ctx);
+
+    expect(sent).toHaveLength(1);
+    const res = sent[0] as { type: string; webhookBaseUrl: string; success: boolean };
+    expect(res.webhookBaseUrl).toBe('https://example.com/twilio');
+
+    const saved = saveRawConfigCalls[0] as { calls?: { webhookBaseUrl?: string } };
+    expect(saved.calls?.webhookBaseUrl).toBe('https://example.com/twilio');
+  });
+
+  test('set treats empty string as unset', () => {
+    rawConfigStore = { calls: { webhookBaseUrl: 'https://example.com/twilio' } };
+    saveRawConfigCalls.length = 0;
+
+    const msg: TwilioWebhookConfigRequest = {
+      type: 'twilio_webhook_config',
+      action: 'set',
+      webhookBaseUrl: '',
+    };
+
+    const { ctx, sent } = createTestContext();
+    handleMessage(msg, {} as net.Socket, ctx);
+
+    expect(sent).toHaveLength(1);
+    const res = sent[0] as { type: string; webhookBaseUrl: string; success: boolean };
+    expect(res.success).toBe(true);
+    expect(res.webhookBaseUrl).toBe('');
+
+    const saved = saveRawConfigCalls[0] as { calls?: { webhookBaseUrl?: string } };
+    expect(saved.calls?.webhookBaseUrl).toBeUndefined();
+  });
+
+  test('get after set roundtrip works', () => {
+    rawConfigStore = {};
+
+    // Set
+    const setMsg: TwilioWebhookConfigRequest = {
+      type: 'twilio_webhook_config',
+      action: 'set',
+      webhookBaseUrl: 'https://my-server.ngrok.io',
+    };
+
+    const { ctx: setCtx, sent: setSent } = createTestContext();
+    handleMessage(setMsg, {} as net.Socket, setCtx);
+
+    expect(setSent).toHaveLength(1);
+    const setRes = setSent[0] as { type: string; webhookBaseUrl: string; success: boolean };
+    expect(setRes.success).toBe(true);
+    expect(setRes.webhookBaseUrl).toBe('https://my-server.ngrok.io');
+
+    // Get (rawConfigStore was updated by the mock saveRawConfig)
+    const getMsg: TwilioWebhookConfigRequest = {
+      type: 'twilio_webhook_config',
+      action: 'get',
+    };
+
+    const { ctx: getCtx, sent: getSent } = createTestContext();
+    handleMessage(getMsg, {} as net.Socket, getCtx);
+
+    expect(getSent).toHaveLength(1);
+    const getRes = getSent[0] as { type: string; webhookBaseUrl: string; success: boolean };
+    expect(getRes.type).toBe('twilio_webhook_config_response');
+    expect(getRes.success).toBe(true);
+    expect(getRes.webhookBaseUrl).toBe('https://my-server.ngrok.io');
+  });
+});

package/src/__tests__/ipc-snapshot.test.ts

@@ -339,6 +339,10 @@ const clientMessages: Record<ClientMessageType, ClientMessage> = {
     type: 'slack_webhook_config',
     action: 'get',
   },
+  twilio_webhook_config: {
+    type: 'twilio_webhook_config',
+    action: 'get',
+  },
   vercel_api_config: {
     type: 'vercel_api_config',
     action: 'get',
@@ -1125,6 +1129,11 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
     webhookUrl: 'https://hooks.slack.com/services/T00/B00/xxx',
     success: true,
   },
+  twilio_webhook_config_response: {
+    type: 'twilio_webhook_config_response',
+    webhookBaseUrl: 'https://example.com/twilio',
+    success: true,
+  },
   vercel_api_config_response: {
     type: 'vercel_api_config_response',
     hasToken: true,
@@ -1420,6 +1429,17 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
       sessionId: 'sub-sess-001',
     },
   },
+  agent_heartbeat_alert: {
+    type: 'agent_heartbeat_alert',
+    title: 'Agent unresponsive',
+    body: 'The agent has not responded for 5 minutes.',
+  },
+  task_run_thread_created: {
+    type: 'task_run_thread_created',
+    conversationId: 'conv-task-001',
+    workItemId: 'work-item-001',
+    title: 'Task run thread',
+  },
 };
 
 // ---------------------------------------------------------------------------

package/src/__tests__/memory-regressions.test.ts

@@ -949,7 +949,7 @@ describe('Memory regressions', () => {
         id: 'msg-conflicts-bg',
         conversationId: 'conv-conflicts-bg',
         role: 'user',
-        content: JSON.stringify([{ type: 'text', text: 'Keep the new one instead.' }]),
+        content: JSON.stringify([{ type: 'text', text: 'Keep the new MySQL default instead.' }]),
         createdAt: now + 1,
       }).run();
 
@@ -1047,7 +1047,7 @@ describe('Memory regressions', () => {
         id: 'msg-conflicts-age',
         conversationId: 'conv-conflicts-age',
         role: 'user',
-        content: JSON.stringify([{ type: 'text', text: 'Keep the new one instead.' }]),
+        content: JSON.stringify([{ type: 'text', text: 'Keep the new Bun runtime instead.' }]),
         createdAt: now + 1,
       }).run();
 
@@ -1118,6 +1118,104 @@ describe('Memory regressions', () => {
     }
   });
 
+  test('background conflict resolver ignores clarification-like replies with no topical overlap when conflict was never asked', async () => {
+    const db = getDb();
+    const now = 1_700_001_400_000;
+    const originalConflictsEnabled = TEST_CONFIG.memory.conflicts.enabled;
+    TEST_CONFIG.memory.conflicts.enabled = true;
+
+    try {
+      db.insert(conversations).values({
+        id: 'conv-conflicts-unrelated',
+        title: null,
+        createdAt: now,
+        updatedAt: now,
+        totalInputTokens: 0,
+        totalOutputTokens: 0,
+        totalEstimatedCost: 0,
+        contextSummary: null,
+        contextCompactedMessageCount: 0,
+        contextCompactedAt: null,
+      }).run();
+
+      db.insert(messages).values({
+        id: 'msg-conflicts-unrelated',
+        conversationId: 'conv-conflicts-unrelated',
+        role: 'user',
+        content: JSON.stringify([{ type: 'text', text: 'Keep the new one instead.' }]),
+        createdAt: now + 1,
+      }).run();
+
+      db.insert(memoryItems).values([
+        {
+          id: 'item-conflict-existing-unrelated',
+          kind: 'preference',
+          subject: 'database',
+          statement: 'Use Postgres by default.',
+          status: 'active',
+          confidence: 0.8,
+          fingerprint: 'fp-conflict-existing-unrelated',
+          verificationState: 'assistant_inferred',
+          scopeId: 'scope-conflicts-unrelated',
+          firstSeenAt: now - 10_000,
+          lastSeenAt: now - 5_000,
+          validFrom: now - 10_000,
+          invalidAt: null,
+        },
+        {
+          id: 'item-conflict-candidate-unrelated',
+          kind: 'preference',
+          subject: 'database',
+          statement: 'Use MySQL by default.',
+          status: 'pending_clarification',
+          confidence: 0.8,
+          fingerprint: 'fp-conflict-candidate-unrelated',
+          verificationState: 'assistant_inferred',
+          scopeId: 'scope-conflicts-unrelated',
+          firstSeenAt: now - 9_000,
+          lastSeenAt: now - 4_000,
+          validFrom: now - 9_000,
+          invalidAt: null,
+        },
+      ]).run();
+
+      const conflict = createOrUpdatePendingConflict({
+        scopeId: 'scope-conflicts-unrelated',
+        existingItemId: 'item-conflict-existing-unrelated',
+        candidateItemId: 'item-conflict-candidate-unrelated',
+        relationship: 'ambiguous_contradiction',
+      });
+      db.update(memoryItemConflicts)
+        .set({ createdAt: now, updatedAt: now, lastAskedAt: null })
+        .where(eq(memoryItemConflicts.id, conflict.id))
+        .run();
+
+      enqueueResolvePendingConflictsForMessageJob('msg-conflicts-unrelated', 'scope-conflicts-unrelated');
+      const processed = await runMemoryJobsOnce();
+      expect(processed).toBe(1);
+
+      const existing = db
+        .select()
+        .from(memoryItems)
+        .where(eq(memoryItems.id, 'item-conflict-existing-unrelated'))
+        .get();
+      const candidate = db
+        .select()
+        .from(memoryItems)
+        .where(eq(memoryItems.id, 'item-conflict-candidate-unrelated'))
+        .get();
+      const updatedConflict = getConflictById(conflict.id);
+
+      expect(existing?.status).toBe('active');
+      expect(existing?.invalidAt).toBeNull();
+      expect(candidate?.status).toBe('pending_clarification');
+      expect(updatedConflict?.status).toBe('pending_clarification');
+      expect(updatedConflict?.resolutionNote).toBeNull();
+    } finally {
+      TEST_CONFIG.memory.conflicts.enabled = originalConflictsEnabled;
+    }
+  });
+
   test('cleanup job enqueue is deduped and retention overrides upgrade payload', () => {
     const db = getDb();
 

package/src/__tests__/oauth-callback-registry.test.ts

@@ -0,0 +1,85 @@
+import { describe, test, expect, afterEach } from 'bun:test';
+import {
+  registerPendingCallback,
+  consumeCallback,
+  consumeCallbackError,
+  clearAllCallbacks,
+} from '../security/oauth-callback-registry.js';
+
+afterEach(() => {
+  clearAllCallbacks();
+});
+
+describe('OAuth callback registry', () => {
+  test('registerPendingCallback + consumeCallback resolves with code', async () => {
+    const promise = new Promise<string>((resolve, reject) => {
+      registerPendingCallback('state-1', resolve, reject);
+    });
+
+    const consumed = consumeCallback('state-1', 'auth-code-123');
+    expect(consumed).toBe(true);
+
+    const code = await promise;
+    expect(code).toBe('auth-code-123');
+  });
+
+  test('consumeCallback with unknown state returns false', () => {
+    const consumed = consumeCallback('nonexistent', 'code');
+    expect(consumed).toBe(false);
+  });
+
+  test('consumeCallbackError rejects the pending callback', async () => {
+    const promise = new Promise<string>((resolve, reject) => {
+      registerPendingCallback('state-err', resolve, reject);
+    });
+
+    const consumed = consumeCallbackError('state-err', 'access_denied');
+    expect(consumed).toBe(true);
+
+    await expect(promise).rejects.toThrow('access_denied');
+  });
+
+  test('consumeCallbackError with unknown state returns false', () => {
+    const consumed = consumeCallbackError('nonexistent', 'some error');
+    expect(consumed).toBe(false);
+  });
+
+  test('duplicate consumeCallback returns false on second call', async () => {
+    const promise = new Promise<string>((resolve, reject) => {
+      registerPendingCallback('state-dup', resolve, reject);
+    });
+
+    const first = consumeCallback('state-dup', 'code-1');
+    expect(first).toBe(true);
+
+    const second = consumeCallback('state-dup', 'code-2');
+    expect(second).toBe(false);
+
+    const code = await promise;
+    expect(code).toBe('code-1');
+  });
+
+  test('TTL expiry rejects callback with timeout error', async () => {
+    const promise = new Promise<string>((resolve, reject) => {
+      registerPendingCallback('state-ttl', resolve, reject, 50);
+    });
+
+    // Wait for the TTL to expire
+    await new Promise((r) => setTimeout(r, 100));
+
+    await expect(promise).rejects.toThrow('OAuth callback timed out');
+
+    // After expiry, consume should return false
+    const consumed = consumeCallback('state-ttl', 'late-code');
+    expect(consumed).toBe(false);
+  });
+
+  test('clearAllCallbacks cleans up all pending entries', () => {
+    registerPendingCallback('s1', () => {}, () => {});
+    registerPendingCallback('s2', () => {}, () => {});
+    clearAllCallbacks();
+
+    expect(consumeCallback('s1', 'code')).toBe(false);
+    expect(consumeCallback('s2', 'code')).toBe(false);
+  });
+});