@vellumai/assistant 0.3.16 → 0.3.18

package/src/daemon/daemon-control.ts

@@ -1,4 +1,4 @@
-import { spawn } from 'node:child_process';
+import { execSync, spawn } from 'node:child_process';
 import { closeSync,existsSync, mkdirSync, openSync, readFileSync, unlinkSync, writeFileSync } from 'node:fs';
 import { createConnection } from 'node:net';
 import { join, resolve } from 'node:path';
@@ -70,9 +70,17 @@ function killStaleDaemon(): void {
     return;
   }
 
-  // The PID file references a live process, but getDaemonStatus() (called
-  // earlier in startDaemon) already returns early when the daemon is healthy.
-  // If we reach here, the recorded process is alive but non-responsive.
+  // Guard against stale PID reuse: if the PID has been recycled by the OS
+  // and now belongs to an unrelated process, we must not signal it.
+  if (!isVellumDaemonProcess(pid)) {
+    log.info({ pid }, 'PID file references a non-vellum process (stale PID reuse) — cleaning up PID file only');
+    cleanupPidFile();
+    return;
+  }
+
+  // The PID file references a live vellum daemon process, but getDaemonStatus()
+  // (called earlier in startDaemon) already returns early when the daemon is
+  // healthy. If we reach here, the recorded process is alive but non-responsive.
   try {
     log.info({ pid }, 'Killing stale daemon process from PID file');
     process.kill(pid, 'SIGKILL');
@@ -91,6 +99,27 @@ function isProcessRunning(pid: number): boolean {
   }
 }
 
+/**
+ * Check whether a PID belongs to a vellum daemon process (a bun process
+ * running the daemon's main.ts). Prevents signaling an unrelated process
+ * that reused a stale PID.
+ */
+function isVellumDaemonProcess(pid: number): boolean {
+  try {
+    const cmd = execSync(`ps -p ${pid} -o command=`, {
+      encoding: 'utf-8',
+      timeout: 3000,
+      stdio: ['ignore', 'pipe', 'ignore'],
+    }).trim();
+    // The daemon is spawned as `bun run <path>/main.ts` — look for bun
+    // running our daemon entry point.
+    return cmd.includes('bun') && cmd.includes('daemon/main.ts');
+  } catch {
+    // Process exited or ps failed — treat as not ours.
+    return false;
+  }
+}
+
 /** Try a TCP connect to the Unix socket. Returns true if the connection
  *  handshake completes within the timeout — false on connection refused,
  *  timeout, or missing socket file. */
@@ -166,10 +195,17 @@ export async function getDaemonStatus(): Promise<{ running: boolean; pid?: numbe
     cleanupPidFile();
     return { running: false };
   }
-  // Process is alive — verify the socket is responsive. A deadlocked or
-  // wedged daemon will pass the PID liveness check but fail to accept
-  // connections, and should be treated as not running so killStaleDaemon()
-  // can clean it up.
+  // Guard against stale PID reuse: if the OS recycled the PID and it now
+  // belongs to an unrelated process, discard the stale PID file.
+  if (!isVellumDaemonProcess(pid)) {
+    log.info({ pid }, 'PID file references a non-vellum process (stale PID reuse) — cleaning up');
+    cleanupPidFile();
+    return { running: false };
+  }
+  // Process is alive and is ours — verify the socket is responsive. A
+  // deadlocked or wedged daemon will pass the PID liveness check but fail
+  // to accept connections, and should be treated as not running so
+  // killStaleDaemon() can clean it up.
   const responsive = await isSocketResponsive();
   if (!responsive) {
     log.warn({ pid }, 'Daemon process alive but socket unresponsive');
@@ -188,6 +224,11 @@ function getStartupLockPath(): string {
 function acquireStartupLock(): boolean {
   const lockPath = getStartupLockPath();
   try {
+    // Ensure the root directory exists before attempting the lock file write.
+    // On a first-time run, getRootDir() may not exist yet, and writeFileSync
+    // with 'wx' would throw ENOENT — which the catch block misinterprets as
+    // "lock already held."
+    mkdirSync(getRootDir(), { recursive: true });
     // O_CREAT | O_EXCL — fails atomically if the file already exists.
     writeFileSync(lockPath, String(Date.now()), { flag: 'wx' });
     return true;
@@ -226,12 +267,16 @@ export async function startDaemon(): Promise<{
     const lockWaitMs = 10_000;
     const lockInterval = 200;
     let lockWaited = 0;
+    let lockAcquired = false;
     while (lockWaited < lockWaitMs) {
       await new Promise((r) => setTimeout(r, lockInterval));
       lockWaited += lockInterval;
-      if (acquireStartupLock()) break;
+      if (acquireStartupLock()) {
+        lockAcquired = true;
+        break;
+      }
     }
-    if (lockWaited >= lockWaitMs) {
+    if (!lockAcquired) {
       // Timed out waiting for the lock — re-check status in case the
       // other caller succeeded.
       const recheck = await getDaemonStatus();
@@ -358,6 +403,15 @@ export async function stopDaemon(): Promise<StopResult> {
     return { stopped: false, reason: 'not_running' };
   }
 
+  // Guard against stale PID reuse: if the PID has been recycled by the OS
+  // and now belongs to an unrelated process, clean up the PID file but
+  // never signal it.
+  if (!isVellumDaemonProcess(pid)) {
+    log.info({ pid }, 'PID file references a non-vellum process (stale PID reuse) — cleaning up PID file only');
+    cleanupPidFile();
+    return { stopped: false, reason: 'not_running' };
+  }
+
   process.kill(pid, 'SIGTERM');
 
   const timeouts = readDaemonTimeouts();

package/src/daemon/handlers/config-slack-channel.ts

@@ -1,6 +1,6 @@
 import { deleteSecureKey, getSecureKey, setSecureKey } from '../../security/secure-keys.js';
 import { deleteCredentialMetadata, getCredentialMetadata, upsertCredentialMetadata } from '../../tools/credentials/metadata-store.js';
-import { log } from './shared.js';
+import { log as _log } from './shared.js';
 
 // -- Result type --
 

package/src/daemon/handlers/identity.ts

@@ -6,6 +6,45 @@ import { fileURLToPath } from 'node:url';
 import { getWorkspacePromptPath, readLockfile } from '../../util/platform.js';
 import { defineHandlers, type HandlerContext,log } from './shared.js';
 
+export interface IdentityFields {
+  name: string;
+  role: string;
+  personality: string;
+  emoji: string;
+  home: string;
+}
+
+/** Parse the core identity fields from IDENTITY.md content. */
+export function parseIdentityFields(content: string): IdentityFields {
+  const fields: Record<string, string> = {};
+  for (const line of content.split('\n')) {
+    const trimmed = line.trim();
+    const lower = trimmed.toLowerCase();
+    const extract = (prefix: string): string | null => {
+      if (!lower.startsWith(prefix)) return null;
+      return trimmed.split(':**').pop()?.trim() ?? null;
+    };
+
+    const name = extract('- **name:**');
+    if (name) { fields.name = name; continue; }
+    const role = extract('- **role:**');
+    if (role) { fields.role = role; continue; }
+    const personality = extract('- **personality:**') ?? extract('- **vibe:**');
+    if (personality) { fields.personality = personality; continue; }
+    const emoji = extract('- **emoji:**');
+    if (emoji) { fields.emoji = emoji; continue; }
+    const home = extract('- **home:**');
+    if (home) { fields.home = home; continue; }
+  }
+  return {
+    name: fields.name ?? '',
+    role: fields.role ?? '',
+    personality: fields.personality ?? '',
+    emoji: fields.emoji ?? '',
+    home: fields.home ?? '',
+  };
+}
+
 function handleIdentityGet(socket: net.Socket, ctx: HandlerContext): void {
   const identityPath = getWorkspacePromptPath('IDENTITY.md');
 
@@ -24,26 +63,7 @@ function handleIdentityGet(socket: net.Socket, ctx: HandlerContext): void {
 
   try {
     const content = readFileSync(identityPath, 'utf-8');
-    const fields: Record<string, string> = {};
-    for (const line of content.split('\n')) {
-      const trimmed = line.trim();
-      const lower = trimmed.toLowerCase();
-      const extract = (prefix: string): string | null => {
-        if (!lower.startsWith(prefix)) return null;
-        return trimmed.split(':**').pop()?.trim() ?? null;
-      };
-
-      const name = extract('- **name:**');
-      if (name) { fields.name = name; continue; }
-      const role = extract('- **role:**');
-      if (role) { fields.role = role; continue; }
-      const personality = extract('- **personality:**') ?? extract('- **vibe:**');
-      if (personality) { fields.personality = personality; continue; }
-      const emoji = extract('- **emoji:**');
-      if (emoji) { fields.emoji = emoji; continue; }
-      const home = extract('- **home:**');
-      if (home) { fields.home = home; continue; }
-    }
+    const fields = parseIdentityFields(content);
 
     // Read version from package.json
     let version: string | undefined;
@@ -90,11 +110,11 @@ function handleIdentityGet(socket: net.Socket, ctx: HandlerContext): void {
     ctx.send(socket, {
       type: 'identity_get_response',
       found: true,
-      name: fields.name ?? '',
-      role: fields.role ?? '',
-      personality: fields.personality ?? '',
-      emoji: fields.emoji ?? '',
-      home: fields.home ?? '',
+      name: fields.name,
+      role: fields.role,
+      personality: fields.personality,
+      emoji: fields.emoji,
+      home: fields.home,
       version,
       assistantId,
       createdAt,

package/src/daemon/handlers/sessions.ts

@@ -38,8 +38,8 @@ import { normalizeThreadType } from '../ipc-protocol.js';
 import { executeRecordingIntent } from '../recording-executor.js';
 import { resolveRecordingIntent } from '../recording-intent.js';
 import { classifyRecordingIntentFallback, containsRecordingKeywords } from '../recording-intent-fallback.js';
-import { resolveChannelCapabilities } from '../session-runtime-assembly.js';
 import { buildSessionErrorMessage,classifySessionError } from '../session-error.js';
+import { resolveChannelCapabilities } from '../session-runtime-assembly.js';
 import { generateVideoThumbnail } from '../video-thumbnail.js';
 import { handleRecordingPause, handleRecordingRestart, handleRecordingResume, handleRecordingStart, handleRecordingStop } from './recording.js';
 import {

package/src/daemon/ipc-contract/sessions.ts

@@ -213,7 +213,7 @@ export interface AssistantAttention {
 
 export interface SessionListResponse {
   type: 'session_list_response';
-  sessions: Array<{ id: string; title: string; createdAt: number; updatedAt: number; threadType?: ThreadType; source?: string; channelBinding?: ChannelBinding; conversationOriginChannel?: ChannelId; conversationOriginInterface?: InterfaceId; assistantAttention?: AssistantAttention }>;
+  sessions: Array<{ id: string; title: string; createdAt?: number; updatedAt: number; threadType?: ThreadType; source?: string; channelBinding?: ChannelBinding; conversationOriginChannel?: ChannelId; conversationOriginInterface?: InterfaceId; assistantAttention?: AssistantAttention }>;
   /** Whether more sessions exist beyond the returned page. */
   hasMore?: boolean;
 }

package/src/daemon/ipc-contract/workspace.ts

@@ -112,6 +112,16 @@ export interface ToolNamesListResponse {
   schemas?: Record<string, ToolInputSchema>;
 }
 
+/** Server push — broadcast when IDENTITY.md changes on disk. */
+export interface IdentityChanged {
+  type: 'identity_changed';
+  name: string;
+  role: string;
+  personality: string;
+  emoji: string;
+  home: string;
+}
+
 // --- Domain-level union aliases (consumed by the barrel file) ---
 
 export type _WorkspaceClientMessages =
@@ -126,4 +136,5 @@ export type _WorkspaceServerMessages =
   | WorkspaceFileReadResponse
   | IdentityGetResponse
   | ToolPermissionSimulateResponse
-  | ToolNamesListResponse;
+  | ToolNamesListResponse
+  | IdentityChanged;

package/src/daemon/ipc-contract-inventory.json

@@ -248,6 +248,7 @@
     "heartbeat_runs_list_response",
     "history_response",
     "home_base_get_response",
+    "identity_changed",
     "identity_get_response",
     "ingress_config_response",
     "ingress_invite_response",

package/src/daemon/lifecycle.ts

@@ -17,6 +17,7 @@ import {
 } from '../config/env.js';
 import { loadConfig } from '../config/loader.js';
 import { ensurePromptFiles } from '../config/system-prompt.js';
+import { syncUpdateBulletinOnStartup } from '../config/update-bulletin.js';
 import { HeartbeatService } from '../heartbeat/heartbeat-service.js';
 import { getHookManager } from '../hooks/manager.js';
 import { installTemplates } from '../hooks/templates.js';
@@ -63,6 +64,7 @@ import { installShutdownHandlers } from './shutdown-handlers.js';
 // Re-export public API so existing consumers don't need to change imports
 export type { StopResult } from './daemon-control.js';
 export {
+  cleanupPidFile,
   ensureDaemonRunning,
   getDaemonStatus,
   isDaemonRunning,
@@ -139,6 +141,12 @@ export async function runDaemon(): Promise<void> {
     initializeDb();
     log.info('Daemon startup: DB initialized');
 
+    try {
+      syncUpdateBulletinOnStartup();
+    } catch (err) {
+      log.warn({ err }, 'Bulletin sync failed — continuing startup');
+    }
+
     // Recover orphaned work items that were left in 'running' state when the
     // daemon previously crashed or was killed mid-task.
     const orphanedRunning = listWorkItems({ status: 'running' });

package/src/daemon/server.ts

@@ -1,4 +1,4 @@
-import { chmodSync, readFileSync,statSync } from 'node:fs';
+import { chmodSync, existsSync, readFileSync,statSync } from 'node:fs';
 import * as net from 'node:net';
 import { join } from 'node:path';
 import * as tls from 'node:tls';
@@ -20,12 +20,13 @@ import { getSubagentManager } from '../subagent/index.js';
 import { IngressBlockedError } from '../util/errors.js';
 import { getLogger } from '../util/logger.js';
 import { getLocalIPv4 } from '../util/network-info.js';
-import { getSandboxWorkingDir, getSocketPath, getTCPHost, getTCPPort, isIOSPairingEnabled,isTCPEnabled, removeSocketFile } from '../util/platform.js';
+import { getSandboxWorkingDir, getSocketPath, getTCPHost, getTCPPort, getWorkspacePromptPath, isIOSPairingEnabled,isTCPEnabled, removeSocketFile } from '../util/platform.js';
 import { registerDaemonCallbacks } from '../work-items/work-item-runner.js';
 import { AuthManager } from './auth-manager.js';
 import { ComputerUseSession } from './computer-use-session.js';
 import { ConfigWatcher } from './config-watcher.js';
 import { handleMessage, type HandlerContext, type SessionCreateOptions } from './handlers.js';
+import { parseIdentityFields } from './handlers/identity.js';
 import { cleanupRecordingsOnDisconnect } from './handlers/recording.js';
 import { ensureBlobDir, sweepStaleBlobs } from './ipc-blob-store.js';
 import { IpcSender } from './ipc-handler.js';
@@ -226,6 +227,24 @@ export class DaemonServer {
     );
   }
 
+  private broadcastIdentityChanged(): void {
+    try {
+      const identityPath = getWorkspacePromptPath('IDENTITY.md');
+      const content = existsSync(identityPath) ? readFileSync(identityPath, 'utf-8') : '';
+      const fields = parseIdentityFields(content);
+      this.broadcast({
+        type: 'identity_changed',
+        name: fields.name,
+        role: fields.role,
+        personality: fields.personality,
+        emoji: fields.emoji,
+        home: fields.home,
+      });
+    } catch (err) {
+      log.error({ err }, 'Failed to broadcast identity change');
+    }
+  }
+
   // ── Server lifecycle ────────────────────────────────────────────────
 
   async start(): Promise<void> {
@@ -255,7 +274,10 @@ export class DaemonServer {
       });
     }, 5 * 60 * 1000);
 
-    this.configWatcher.start(() => this.evictSessionsForReload());
+    this.configWatcher.start(
+      () => this.evictSessionsForReload(),
+      () => this.broadcastIdentityChanged(),
+    );
     this.auth.initToken();
 
     let tlsCreds: { cert: string; key: string; fingerprint: string } | null = null;