@vellumai/assistant 0.3.14 → 0.3.16

package/src/daemon/handlers/config-inbox.ts

@@ -12,21 +12,17 @@ import {
 } from '../../memory/channel-guardian-store.js';
 import { addMessage, getMessages } from '../../memory/conversation-store.js';
 import { getBindingByConversation } from '../../memory/external-conversation-store.js';
-import {
-  createInvite,
-  type InviteStatus,
-  listInvites,
-  redeemInvite,
-  revokeInvite,
-} from '../../memory/ingress-invite-store.js';
-import {
-  blockMember,
-  type IngressMember,
-  listMembers,
-  revokeMember,
-  upsertMember,
-} from '../../memory/ingress-member-store.js';
 import { deliverChannelReply } from '../../runtime/gateway-client.js';
+import {
+  blockIngressMember,
+  createIngressInvite,
+  listIngressInvites,
+  listIngressMembers,
+  redeemIngressInvite,
+  revokeIngressInvite,
+  revokeIngressMember,
+  upsertIngressMember,
+} from '../../runtime/ingress-service.js';
 import type { AssistantInboxEscalationRequest, IngressInviteRequest, IngressMemberRequest } from '../ipc-protocol.js';
 import { defineHandlers, type HandlerContext, log } from './shared.js';
 import { renderHistoryContent } from './shared.js';
@@ -39,121 +35,60 @@ export function handleIngressInvite(
   try {
     switch (msg.action) {
       case 'create': {
-        if (!msg.sourceChannel) {
-          ctx.send(socket, { type: 'ingress_invite_response', success: false, error: 'sourceChannel is required for create' });
-          return;
-        }
-        const { invite, rawToken } = createInvite({
+        const result = createIngressInvite({
           sourceChannel: msg.sourceChannel,
           note: msg.note,
           maxUses: msg.maxUses,
           expiresInMs: msg.expiresInMs,
         });
-        ctx.send(socket, {
-          type: 'ingress_invite_response',
-          success: true,
-          invite: {
-            id: invite.id,
-            sourceChannel: invite.sourceChannel,
-            token: rawToken,
-            tokenHash: invite.tokenHash,
-            maxUses: invite.maxUses,
-            useCount: invite.useCount,
-            expiresAt: invite.expiresAt,
-            status: invite.status,
-            note: invite.note ?? undefined,
-            createdAt: invite.createdAt,
-          },
-        });
+        if (!result.ok) {
+          ctx.send(socket, { type: 'ingress_invite_response', success: false, error: result.error });
+          return;
+        }
+        ctx.send(socket, { type: 'ingress_invite_response', success: true, invite: result.data });
         return;
       }
 
       case 'list': {
-        const invites = listInvites({
+        const result = listIngressInvites({
           sourceChannel: msg.sourceChannel,
-          status: msg.status as InviteStatus | undefined,
-        });
-        ctx.send(socket, {
-          type: 'ingress_invite_response',
-          success: true,
-          invites: invites.map((inv) => ({
-            id: inv.id,
-            sourceChannel: inv.sourceChannel,
-            tokenHash: inv.tokenHash,
-            maxUses: inv.maxUses,
-            useCount: inv.useCount,
-            expiresAt: inv.expiresAt,
-            status: inv.status,
-            note: inv.note ?? undefined,
-            createdAt: inv.createdAt,
-          })),
+          status: msg.status,
         });
+        if (!result.ok) {
+          ctx.send(socket, { type: 'ingress_invite_response', success: false, error: result.error });
+          return;
+        }
+        ctx.send(socket, { type: 'ingress_invite_response', success: true, invites: result.data });
         return;
       }
 
       case 'revoke': {
-        if (!msg.inviteId) {
-          ctx.send(socket, { type: 'ingress_invite_response', success: false, error: 'inviteId is required for revoke' });
-          return;
-        }
-        const revoked = revokeInvite(msg.inviteId);
-        if (!revoked) {
-          ctx.send(socket, { type: 'ingress_invite_response', success: false, error: 'Invite not found or already revoked' });
+        const result = revokeIngressInvite(msg.inviteId);
+        if (!result.ok) {
+          ctx.send(socket, { type: 'ingress_invite_response', success: false, error: result.error });
           return;
         }
-        ctx.send(socket, {
-          type: 'ingress_invite_response',
-          success: true,
-          invite: {
-            id: revoked.id,
-            sourceChannel: revoked.sourceChannel,
-            tokenHash: revoked.tokenHash,
-            maxUses: revoked.maxUses,
-            useCount: revoked.useCount,
-            expiresAt: revoked.expiresAt,
-            status: revoked.status,
-            note: revoked.note ?? undefined,
-            createdAt: revoked.createdAt,
-          },
-        });
+        ctx.send(socket, { type: 'ingress_invite_response', success: true, invite: result.data });
         return;
       }
 
       case 'redeem': {
-        if (!msg.token) {
-          ctx.send(socket, { type: 'ingress_invite_response', success: false, error: 'token is required for redeem' });
-          return;
-        }
-        const result = redeemInvite({
-          rawToken: msg.token,
+        const result = redeemIngressInvite({
+          token: msg.token,
           externalUserId: msg.externalUserId,
           externalChatId: msg.externalChatId,
           sourceChannel: msg.sourceChannel,
         });
-        if ('error' in result) {
+        if (!result.ok) {
           ctx.send(socket, { type: 'ingress_invite_response', success: false, error: result.error });
           return;
         }
-        ctx.send(socket, {
-          type: 'ingress_invite_response',
-          success: true,
-          invite: {
-            id: result.invite.id,
-            sourceChannel: result.invite.sourceChannel,
-            tokenHash: result.invite.tokenHash,
-            maxUses: result.invite.maxUses,
-            useCount: result.invite.useCount,
-            expiresAt: result.invite.expiresAt,
-            status: result.invite.status,
-            note: result.invite.note ?? undefined,
-            createdAt: result.invite.createdAt,
-          },
-        });
+        ctx.send(socket, { type: 'ingress_invite_response', success: true, invite: result.data });
         return;
       }
 
       default: {
-        ctx.send(socket, { type: 'ingress_invite_response', success: false, error: `Unknown action: ${String((msg as unknown as Record<string, unknown>).action)}` });
+        ctx.send(socket, { type: 'ingress_invite_response', success: false, error: `Unknown action: ${String(msg.action)}` });
       }
     }
   } catch (err) {
@@ -163,21 +98,6 @@ export function handleIngressInvite(
   }
 }
 
-function memberToResponse(m: IngressMember) {
-  return {
-    id: m.id,
-    sourceChannel: m.sourceChannel,
-    externalUserId: m.externalUserId ?? undefined,
-    externalChatId: m.externalChatId ?? undefined,
-    displayName: m.displayName ?? undefined,
-    username: m.username ?? undefined,
-    status: m.status,
-    policy: m.policy,
-    lastSeenAt: m.lastSeenAt ?? undefined,
-    createdAt: m.createdAt,
-  };
-}
-
 export function handleIngressMember(
   msg: IngressMemberRequest,
   socket: net.Socket,
@@ -186,30 +106,22 @@ export function handleIngressMember(
   try {
     switch (msg.action) {
       case 'list': {
-        const members = listMembers({
+        const result = listIngressMembers({
           assistantId: msg.assistantId,
           sourceChannel: msg.sourceChannel,
           status: msg.status,
           policy: msg.policy,
         });
-        ctx.send(socket, {
-          type: 'ingress_member_response',
-          success: true,
-          members: members.map(memberToResponse),
-        });
+        if (!result.ok) {
+          ctx.send(socket, { type: 'ingress_member_response', success: false, error: result.error });
+          return;
+        }
+        ctx.send(socket, { type: 'ingress_member_response', success: true, members: result.data });
         return;
       }
 
       case 'upsert': {
-        if (!msg.sourceChannel) {
-          ctx.send(socket, { type: 'ingress_member_response', success: false, error: 'sourceChannel is required for upsert' });
-          return;
-        }
-        if (!msg.externalUserId && !msg.externalChatId) {
-          ctx.send(socket, { type: 'ingress_member_response', success: false, error: 'At least one of externalUserId or externalChatId is required for upsert' });
-          return;
-        }
-        const member = upsertMember({
+        const result = upsertIngressMember({
           assistantId: msg.assistantId,
           sourceChannel: msg.sourceChannel,
           externalUserId: msg.externalUserId,
@@ -219,52 +131,36 @@ export function handleIngressMember(
           policy: msg.policy,
           status: msg.status,
         });
-        ctx.send(socket, {
-          type: 'ingress_member_response',
-          success: true,
-          member: memberToResponse(member),
-        });
+        if (!result.ok) {
+          ctx.send(socket, { type: 'ingress_member_response', success: false, error: result.error });
+          return;
+        }
+        ctx.send(socket, { type: 'ingress_member_response', success: true, member: result.data });
         return;
       }
 
       case 'revoke': {
-        if (!msg.memberId) {
-          ctx.send(socket, { type: 'ingress_member_response', success: false, error: 'memberId is required for revoke' });
+        const result = revokeIngressMember(msg.memberId, msg.reason);
+        if (!result.ok) {
+          ctx.send(socket, { type: 'ingress_member_response', success: false, error: result.error });
           return;
         }
-        const revoked = revokeMember(msg.memberId, msg.reason);
-        if (!revoked) {
-          ctx.send(socket, { type: 'ingress_member_response', success: false, error: 'Member not found or cannot be revoked' });
-          return;
-        }
-        ctx.send(socket, {
-          type: 'ingress_member_response',
-          success: true,
-          member: memberToResponse(revoked),
-        });
+        ctx.send(socket, { type: 'ingress_member_response', success: true, member: result.data });
         return;
       }
 
       case 'block': {
-        if (!msg.memberId) {
-          ctx.send(socket, { type: 'ingress_member_response', success: false, error: 'memberId is required for block' });
-          return;
-        }
-        const blocked = blockMember(msg.memberId, msg.reason);
-        if (!blocked) {
-          ctx.send(socket, { type: 'ingress_member_response', success: false, error: 'Member not found or already blocked' });
+        const result = blockIngressMember(msg.memberId, msg.reason);
+        if (!result.ok) {
+          ctx.send(socket, { type: 'ingress_member_response', success: false, error: result.error });
           return;
         }
-        ctx.send(socket, {
-          type: 'ingress_member_response',
-          success: true,
-          member: memberToResponse(blocked),
-        });
+        ctx.send(socket, { type: 'ingress_member_response', success: true, member: result.data });
         return;
       }
 
       default: {
-        ctx.send(socket, { type: 'ingress_member_response', success: false, error: `Unknown action: ${String((msg as unknown as Record<string, unknown>).action)}` });
+        ctx.send(socket, { type: 'ingress_member_response', success: false, error: `Unknown action: ${String(msg.action)}` });
       }
     }
   } catch (err) {
@@ -342,7 +238,7 @@ export function handleInboxEscalation(
       }
 
       default: {
-        ctx.send(socket, { type: 'assistant_inbox_escalation_response', success: false, error: `Unknown action: ${String((msg as unknown as Record<string, unknown>).action)}` });
+        ctx.send(socket, { type: 'assistant_inbox_escalation_response', success: false, error: `Unknown action: ${String(msg.action)}` });
       }
     }
   } catch (err) {
@@ -482,7 +378,7 @@ async function executeDeny(
 
   // Store a system note about the denial in the conversation
   const denialInterface = isInterfaceId(sourceChannel) ? sourceChannel : undefined;
-  addMessage(conversationId, 'assistant', denialText, {
+  await addMessage(conversationId, 'assistant', denialText, {
     provenanceActorRole: 'guardian' as const,
     userMessageChannel: sourceChannel,
     assistantMessageChannel: sourceChannel,

package/src/daemon/handlers/config-ingress.ts

@@ -219,7 +219,7 @@ export async function handleIngressConfig(
         }
       }
     } else {
-      ctx.send(socket, { type: 'ingress_config_response', enabled: false, publicBaseUrl: '', localGatewayTarget, success: false, error: `Unknown action: ${String((msg as unknown as Record<string, unknown>).action)}` });
+      ctx.send(socket, { type: 'ingress_config_response', enabled: false, publicBaseUrl: '', localGatewayTarget, success: false, error: `Unknown action: ${String(msg.action)}` });
     }
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);

package/src/daemon/handlers/config-integrations.ts

@@ -258,7 +258,7 @@ export function handleTwitterIntegrationConfig(
         managedAvailable: false,
         localClientConfigured: false,
         connected: false,
-        error: `Unknown action: ${String((msg as unknown as Record<string, unknown>).action)}`,
+        error: `Unknown action: ${String(msg.action)}`,
       });
     }
   } catch (err) {

package/src/daemon/handlers/config-platform.ts

@@ -38,7 +38,7 @@ export async function handlePlatformConfig(
         type: 'platform_config_response',
         baseUrl: '',
         success: false,
-        error: `Unknown action: ${String((msg as unknown as Record<string, unknown>).action)}`,
+        error: `Unknown action: ${String(msg.action)}`,
       });
     }
   } catch (err) {

package/src/daemon/handlers/config-scheduling.ts

@@ -84,10 +84,10 @@ export async function handleScheduleRunNow(
       log.info({ jobId: schedule.id, name: schedule.name, taskId }, 'Executing scheduled task manually (run now)');
       const { runTask } = await import('../../tasks/task-runner.js');
       const result = await runTask(
-        { taskId, workingDir: process.cwd() },
+        { taskId, workingDir: process.cwd(), source: 'schedule' },
         async (conversationId, message, taskRunId) => {
           const session = await ctx.getOrCreateSession(conversationId, socket, true);
-          (session as unknown as { taskRunId?: string }).taskRunId = taskRunId;
+          session.taskRunId = taskRunId;
           await session.processMessage(message, [], (event) => {
             ctx.send(socket, event);
           }, undefined, undefined, undefined, { isInteractive: false });

package/src/daemon/handlers/config-slack-channel.ts

@@ -0,0 +1,190 @@
+import { deleteSecureKey, getSecureKey, setSecureKey } from '../../security/secure-keys.js';
+import { deleteCredentialMetadata, getCredentialMetadata, upsertCredentialMetadata } from '../../tools/credentials/metadata-store.js';
+import { log } from './shared.js';
+
+// -- Result type --
+
+export interface SlackChannelConfigResult {
+  success: boolean;
+  hasBotToken: boolean;
+  hasAppToken: boolean;
+  connected: boolean;
+  teamId?: string;
+  teamName?: string;
+  botUserId?: string;
+  botUsername?: string;
+  error?: string;
+  warning?: string;
+}
+
+// -- Metadata stored as JSON in accountInfo --
+
+interface SlackChannelMetadata {
+  teamId?: string;
+  teamName?: string;
+  botUserId?: string;
+  botUsername?: string;
+}
+
+function parseMetadata(raw: string | undefined): SlackChannelMetadata {
+  if (!raw) return {};
+  try {
+    return JSON.parse(raw) as SlackChannelMetadata;
+  } catch {
+    return {};
+  }
+}
+
+// -- Business logic --
+
+export function getSlackChannelConfig(): SlackChannelConfigResult {
+  const hasBotToken = !!getSecureKey('credential:slack_channel:bot_token');
+  const hasAppToken = !!getSecureKey('credential:slack_channel:app_token');
+  const meta = getCredentialMetadata('slack_channel', 'bot_token');
+  const metadata = parseMetadata(meta?.accountInfo);
+  return {
+    success: true,
+    hasBotToken,
+    hasAppToken,
+    connected: hasBotToken && hasAppToken,
+    ...metadata,
+  };
+}
+
+export async function setSlackChannelConfig(
+  botToken?: string,
+  appToken?: string,
+): Promise<SlackChannelConfigResult> {
+  let metadata: SlackChannelMetadata = {};
+  let warning: string | undefined;
+
+  // Validate and store bot token
+  if (botToken) {
+    // Validate bot token by calling Slack auth.test
+    try {
+      const res = await fetch('https://slack.com/api/auth.test', {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${botToken}` },
+      });
+      const data = (await res.json()) as {
+        ok: boolean;
+        error?: string;
+        team_id?: string;
+        team?: string;
+        user_id?: string;
+        user?: string;
+      };
+      if (!data.ok) {
+        const storedBotToken = !!getSecureKey('credential:slack_channel:bot_token');
+        const storedAppToken = !!getSecureKey('credential:slack_channel:app_token');
+        return {
+          success: false,
+          hasBotToken: storedBotToken,
+          hasAppToken: storedAppToken,
+          connected: storedBotToken && storedAppToken,
+          error: `Slack API validation failed: ${data.error ?? 'unknown error'}`,
+        };
+      }
+      metadata = {
+        teamId: data.team_id,
+        teamName: data.team,
+        botUserId: data.user_id,
+        botUsername: data.user,
+      };
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      const storedBotToken = !!getSecureKey('credential:slack_channel:bot_token');
+      const storedAppToken = !!getSecureKey('credential:slack_channel:app_token');
+      return {
+        success: false,
+        hasBotToken: storedBotToken,
+        hasAppToken: storedAppToken,
+        connected: storedBotToken && storedAppToken,
+        error: `Failed to validate bot token: ${message}`,
+      };
+    }
+
+    const stored = setSecureKey('credential:slack_channel:bot_token', botToken);
+    if (!stored) {
+      const storedBotToken = !!getSecureKey('credential:slack_channel:bot_token');
+      const storedAppToken = !!getSecureKey('credential:slack_channel:app_token');
+      return {
+        success: false,
+        hasBotToken: storedBotToken,
+        hasAppToken: storedAppToken,
+        connected: storedBotToken && storedAppToken,
+        error: 'Failed to store bot token in secure storage',
+      };
+    }
+
+    upsertCredentialMetadata('slack_channel', 'bot_token', {
+      accountInfo: JSON.stringify(metadata),
+    });
+  } else {
+    // Use existing metadata if no new bot token provided
+    const existingMeta = getCredentialMetadata('slack_channel', 'bot_token');
+    metadata = parseMetadata(existingMeta?.accountInfo);
+  }
+
+  // Validate and store app token
+  if (appToken) {
+    if (!appToken.startsWith('xapp-')) {
+      const storedBotToken = !!getSecureKey('credential:slack_channel:bot_token');
+      const storedAppToken = !!getSecureKey('credential:slack_channel:app_token');
+      return {
+        success: false,
+        hasBotToken: storedBotToken,
+        hasAppToken: storedAppToken,
+        connected: storedBotToken && storedAppToken,
+        error: 'Invalid app token: must start with "xapp-"',
+      };
+    }
+
+    const stored = setSecureKey('credential:slack_channel:app_token', appToken);
+    if (!stored) {
+      const storedBotToken = !!getSecureKey('credential:slack_channel:bot_token');
+      const storedAppToken = !!getSecureKey('credential:slack_channel:app_token');
+      return {
+        success: false,
+        hasBotToken: storedBotToken,
+        hasAppToken: storedAppToken,
+        connected: storedBotToken && storedAppToken,
+        error: 'Failed to store app token in secure storage',
+      };
+    }
+
+    upsertCredentialMetadata('slack_channel', 'app_token', {});
+  }
+
+  const hasBotToken = !!getSecureKey('credential:slack_channel:bot_token');
+  const hasAppToken = !!getSecureKey('credential:slack_channel:app_token');
+
+  if (hasBotToken && !hasAppToken) {
+    warning = 'Bot token stored but app token is missing — connection incomplete.';
+  } else if (!hasBotToken && hasAppToken) {
+    warning = 'App token stored but bot token is missing — connection incomplete.';
+  }
+
+  return {
+    success: true,
+    hasBotToken,
+    hasAppToken,
+    connected: hasBotToken && hasAppToken,
+    ...metadata,
+    ...(warning ? { warning } : {}),
+  };
+}
+
+export function clearSlackChannelConfig(): SlackChannelConfigResult {
+  deleteSecureKey('credential:slack_channel:bot_token');
+  deleteCredentialMetadata('slack_channel', 'bot_token');
+  deleteSecureKey('credential:slack_channel:app_token');
+  deleteCredentialMetadata('slack_channel', 'app_token');
+
+  return {
+    success: true,
+    hasBotToken: false,
+    hasAppToken: false,
+    connected: false,
+  };
+}

package/src/daemon/handlers/config-telegram.ts

@@ -319,7 +319,7 @@ export async function handleTelegramConfig(
         hasBotToken: false,
         connected: false,
         hasWebhookSecret: false,
-        error: `Unknown action: ${String((msg as unknown as Record<string, unknown>).action)}`,
+        error: `Unknown action: ${String(msg.action)}`,
       };
     }
 

package/src/daemon/handlers/config-twilio.ts

@@ -1062,7 +1062,7 @@ export async function handleTwilioConfig(
         type: 'twilio_config_response',
         success: false,
         hasCredentials: hasTwilioCredentials(),
-        error: `Unknown action: ${String((msg as unknown as Record<string, unknown>).action)}`,
+        error: `Unknown action: ${String(msg.action)}`,
       });
     }
   } catch (err) {

package/src/daemon/handlers/config-voice.ts

@@ -0,0 +1,100 @@
+import * as net from 'node:net';
+
+import type { VoiceConfigUpdateRequest } from '../ipc-contract/settings.js';
+import { defineHandlers, type HandlerContext, log } from './shared.js';
+
+/**
+ * Send a client_settings_update message to all connected clients.
+ * Used to push configuration changes (e.g. activation key) from the daemon
+ * to macOS/iOS clients so they can apply settings immediately.
+ */
+export function broadcastClientSettingsUpdate(
+  key: string,
+  value: string,
+  ctx: HandlerContext,
+): void {
+  ctx.broadcast({
+    type: 'client_settings_update',
+    key,
+    value,
+  });
+  log.info({ key, value }, 'Broadcast client_settings_update');
+}
+
+// ── Activation key validation ────────────────────────────────────────
+
+const VALID_ACTIVATION_KEYS = ['fn', 'ctrl', 'fn_shift', 'none'] as const;
+export type ActivationKey = (typeof VALID_ACTIVATION_KEYS)[number];
+
+/**
+ * Map natural-language activation key names to canonical enum values.
+ * Case-insensitive matching is applied by the caller.
+ */
+const NATURAL_LANGUAGE_MAP: Record<string, ActivationKey> = {
+  fn: 'fn',
+  globe: 'fn',
+  'fn key': 'fn',
+  'globe key': 'fn',
+  ctrl: 'ctrl',
+  control: 'ctrl',
+  'ctrl key': 'ctrl',
+  'control key': 'ctrl',
+  fn_shift: 'fn_shift',
+  'fn+shift': 'fn_shift',
+  'fn shift': 'fn_shift',
+  'shift+fn': 'fn_shift',
+  none: 'none',
+  off: 'none',
+  disabled: 'none',
+  disable: 'none',
+};
+
+/**
+ * Validate and normalise a user-provided activation key string.
+ * Accepts both canonical enum values and natural-language variants.
+ * Returns the canonical value on success, or an error message on failure.
+ */
+export function normalizeActivationKey(
+  input: string,
+): { ok: true; value: ActivationKey } | { ok: false; reason: string } {
+  const trimmed = input.trim().toLowerCase();
+
+  // Direct enum match
+  if ((VALID_ACTIVATION_KEYS as readonly string[]).includes(trimmed)) {
+    return { ok: true, value: trimmed as ActivationKey };
+  }
+
+  // Natural-language match
+  const mapped = NATURAL_LANGUAGE_MAP[trimmed];
+  if (mapped) {
+    return { ok: true, value: mapped };
+  }
+
+  return {
+    ok: false,
+    reason: `Invalid activation key "${input}". Valid values: fn (Fn/Globe key), ctrl (Control key), fn_shift (Fn+Shift), none (disable PTT).`,
+  };
+}
+
+/**
+ * Process a voice configuration update request from a session or IPC client.
+ * Validates the activation key and broadcasts the change to all connected clients.
+ */
+export function handleVoiceConfigUpdate(
+  msg: VoiceConfigUpdateRequest,
+  _socket: net.Socket,
+  ctx: HandlerContext,
+): void {
+  const result = normalizeActivationKey(msg.activationKey);
+  if (!result.ok) {
+    log.warn({ input: msg.activationKey }, result.reason);
+    return;
+  }
+
+  broadcastClientSettingsUpdate('activationKey', result.value, ctx);
+  log.info({ activationKey: result.value }, 'Voice config updated: activation key');
+}
+
+export const voiceHandlers = defineHandlers({
+  voice_config_update: handleVoiceConfigUpdate,
+});