@vellumai/assistant 0.3.4 → 0.3.6

package/src/daemon/handlers/config-telegram.ts

@@ -0,0 +1,301 @@
+import * as net from 'node:net';
+import { getSecureKey, setSecureKey, deleteSecureKey } from '../../security/secure-keys.js';
+import { upsertCredentialMetadata, deleteCredentialMetadata, getCredentialMetadata } from '../../tools/credentials/metadata-store.js';
+import { triggerGatewayReconcile } from './config-ingress.js';
+import { getIngressPublicBaseUrl } from '../../config/env.js';
+import type { TelegramConfigRequest } from '../ipc-protocol.js';
+import { log, defineHandlers, type HandlerContext } from './shared.js';
+
+const TELEGRAM_BOT_TOKEN_IN_URL_PATTERN = /\/bot\d{8,10}:[A-Za-z0-9_-]{30,120}\//g;
+const TELEGRAM_BOT_TOKEN_PATTERN = /(?<![A-Za-z0-9_])\d{8,10}:[A-Za-z0-9_-]{30,120}(?![A-Za-z0-9_])/g;
+
+function redactTelegramBotTokens(value: string): string {
+  return value
+    .replace(TELEGRAM_BOT_TOKEN_IN_URL_PATTERN, '/bot[REDACTED]/')
+    .replace(TELEGRAM_BOT_TOKEN_PATTERN, '[REDACTED]');
+}
+
+export function summarizeTelegramError(err: unknown): string {
+  const parts: string[] = [];
+  if (err instanceof Error) {
+    parts.push(err.message);
+  } else {
+    parts.push(String(err));
+  }
+  const path = (err as { path?: unknown })?.path;
+  if (typeof path === 'string' && path.length > 0) {
+    parts.push(`path=${path}`);
+  }
+  const code = (err as { code?: unknown })?.code;
+  if (typeof code === 'string' && code.length > 0) {
+    parts.push(`code=${code}`);
+  }
+  return redactTelegramBotTokens(parts.join(' '));
+}
+
+export async function handleTelegramConfig(
+  msg: TelegramConfigRequest,
+  socket: net.Socket,
+  ctx: HandlerContext,
+): Promise<void> {
+  try {
+    if (msg.action === 'get') {
+      const hasBotToken = !!getSecureKey('credential:telegram:bot_token');
+      const hasWebhookSecret = !!getSecureKey('credential:telegram:webhook_secret');
+      const meta = getCredentialMetadata('telegram', 'bot_token');
+      const botUsername = meta?.accountInfo ?? undefined;
+      ctx.send(socket, {
+        type: 'telegram_config_response',
+        success: true,
+        hasBotToken,
+        botUsername,
+        connected: hasBotToken && hasWebhookSecret,
+        hasWebhookSecret,
+      });
+    } else if (msg.action === 'set') {
+      // Resolve token: prefer explicit msg.botToken, fall back to secure storage.
+      // Track provenance so we only rollback tokens that were freshly provided.
+      const isNewToken = !!msg.botToken;
+      const botToken = msg.botToken || getSecureKey('credential:telegram:bot_token');
+      if (!botToken) {
+        ctx.send(socket, {
+          type: 'telegram_config_response',
+          success: false,
+          hasBotToken: false,
+          connected: false,
+          hasWebhookSecret: false,
+          error: 'botToken is required for set action',
+        });
+        return;
+      }
+
+      // Validate token via Telegram getMe API
+      let botUsername: string;
+      try {
+        const res = await fetch(`https://api.telegram.org/bot${botToken}/getMe`);
+        if (!res.ok) {
+          const body = await res.text();
+          ctx.send(socket, {
+            type: 'telegram_config_response',
+            success: false,
+            hasBotToken: false,
+            connected: false,
+            hasWebhookSecret: false,
+            error: `Telegram API validation failed: ${body}`,
+          });
+          return;
+        }
+        const data = await res.json() as { ok: boolean; result?: { username?: string } };
+        if (!data.ok || !data.result?.username) {
+          ctx.send(socket, {
+            type: 'telegram_config_response',
+            success: false,
+            hasBotToken: false,
+            connected: false,
+            hasWebhookSecret: false,
+            error: 'Telegram API returned unexpected response',
+          });
+          return;
+        }
+        botUsername = data.result.username;
+      } catch (err) {
+        const message = summarizeTelegramError(err);
+        ctx.send(socket, {
+          type: 'telegram_config_response',
+          success: false,
+          hasBotToken: false,
+          connected: false,
+          hasWebhookSecret: false,
+          error: `Failed to validate bot token: ${message}`,
+        });
+        return;
+      }
+
+      // Store bot token securely
+      const stored = setSecureKey('credential:telegram:bot_token', botToken);
+      if (!stored) {
+        ctx.send(socket, {
+          type: 'telegram_config_response',
+          success: false,
+          hasBotToken: false,
+          connected: false,
+          hasWebhookSecret: false,
+          error: 'Failed to store bot token in secure storage',
+        });
+        return;
+      }
+
+      // Store metadata with bot username
+      upsertCredentialMetadata('telegram', 'bot_token', {
+        accountInfo: botUsername,
+      });
+
+      // Ensure webhook secret exists (generate if missing)
+      let hasWebhookSecret = !!getSecureKey('credential:telegram:webhook_secret');
+      if (!hasWebhookSecret) {
+        const { randomUUID } = await import('node:crypto');
+        const webhookSecret = randomUUID();
+        const secretStored = setSecureKey('credential:telegram:webhook_secret', webhookSecret);
+        if (secretStored) {
+          upsertCredentialMetadata('telegram', 'webhook_secret', {});
+          hasWebhookSecret = true;
+        } else {
+          // Only roll back the bot token if it was freshly provided.
+          // When the token came from secure storage it was already valid
+          // configuration; deleting it would destroy working state.
+          if (isNewToken) {
+            deleteSecureKey('credential:telegram:bot_token');
+            deleteCredentialMetadata('telegram', 'bot_token');
+          }
+          ctx.send(socket, {
+            type: 'telegram_config_response',
+            success: false,
+            hasBotToken: !isNewToken,
+            connected: false,
+            hasWebhookSecret: false,
+            error: 'Failed to store webhook secret',
+          });
+          return;
+        }
+      } else {
+        // Self-heal: ensure metadata exists even when the secret was
+        // already present (covers previously lost/corrupted metadata).
+        upsertCredentialMetadata('telegram', 'webhook_secret', {});
+      }
+
+      ctx.send(socket, {
+        type: 'telegram_config_response',
+        success: true,
+        hasBotToken: true,
+        botUsername,
+        connected: true,
+        hasWebhookSecret,
+      });
+
+      // Trigger gateway reconcile so the webhook registration updates immediately
+      const effectiveUrl = getIngressPublicBaseUrl();
+      if (effectiveUrl) {
+        triggerGatewayReconcile(effectiveUrl);
+      }
+    } else if (msg.action === 'clear') {
+      // Deregister the Telegram webhook before deleting credentials.
+      // The gateway reconcile short-circuits when credentials are absent,
+      // so we must call the Telegram API directly while the token is still
+      // available.
+      const botToken = getSecureKey('credential:telegram:bot_token');
+      if (botToken) {
+        try {
+          await fetch(`https://api.telegram.org/bot${botToken}/deleteWebhook`);
+        } catch (err) {
+          log.warn(
+            { error: summarizeTelegramError(err) },
+            'Failed to deregister Telegram webhook (proceeding with credential cleanup)',
+          );
+        }
+      }
+
+      deleteSecureKey('credential:telegram:bot_token');
+      deleteCredentialMetadata('telegram', 'bot_token');
+      deleteSecureKey('credential:telegram:webhook_secret');
+      deleteCredentialMetadata('telegram', 'webhook_secret');
+
+      ctx.send(socket, {
+        type: 'telegram_config_response',
+        success: true,
+        hasBotToken: false,
+        connected: false,
+        hasWebhookSecret: false,
+      });
+
+      // Trigger reconcile to deregister webhook
+      const effectiveUrl = getIngressPublicBaseUrl();
+      if (effectiveUrl) {
+        triggerGatewayReconcile(effectiveUrl);
+      }
+    } else if (msg.action === 'set_commands') {
+      const storedToken = getSecureKey('credential:telegram:bot_token');
+      if (!storedToken) {
+        ctx.send(socket, {
+          type: 'telegram_config_response',
+          success: false,
+          hasBotToken: false,
+          connected: false,
+          hasWebhookSecret: false,
+          error: 'Bot token not configured. Run set action first.',
+        });
+        return;
+      }
+
+      const commands = msg.commands ?? [
+        { command: 'new', description: 'Start a new conversation' },
+        { command: 'help', description: 'Show available commands' },
+        { command: 'guardian_verify', description: 'Verify your guardian identity' },
+      ];
+
+      try {
+        const res = await fetch(`https://api.telegram.org/bot${storedToken}/setMyCommands`, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ commands }),
+        });
+        if (!res.ok) {
+          const body = await res.text();
+          ctx.send(socket, {
+            type: 'telegram_config_response',
+            success: false,
+            hasBotToken: true,
+            connected: !!getSecureKey('credential:telegram:webhook_secret'),
+            hasWebhookSecret: !!getSecureKey('credential:telegram:webhook_secret'),
+            error: `Failed to set bot commands: ${body}`,
+          });
+          return;
+        }
+      } catch (err) {
+        const message = summarizeTelegramError(err);
+        ctx.send(socket, {
+          type: 'telegram_config_response',
+          success: false,
+          hasBotToken: true,
+          connected: !!getSecureKey('credential:telegram:webhook_secret'),
+          hasWebhookSecret: !!getSecureKey('credential:telegram:webhook_secret'),
+          error: `Failed to set bot commands: ${message}`,
+        });
+        return;
+      }
+
+      const hasBotToken = !!getSecureKey('credential:telegram:bot_token');
+      const hasWebhookSecret = !!getSecureKey('credential:telegram:webhook_secret');
+      ctx.send(socket, {
+        type: 'telegram_config_response',
+        success: true,
+        hasBotToken,
+        connected: hasBotToken && hasWebhookSecret,
+        hasWebhookSecret,
+      });
+    } else {
+      ctx.send(socket, {
+        type: 'telegram_config_response',
+        success: false,
+        hasBotToken: false,
+        connected: false,
+        hasWebhookSecret: false,
+        error: `Unknown action: ${String((msg as unknown as Record<string, unknown>).action)}`,
+      });
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    log.error({ err }, 'Failed to handle Telegram config');
+    ctx.send(socket, {
+      type: 'telegram_config_response',
+      success: false,
+      hasBotToken: false,
+      connected: false,
+      hasWebhookSecret: false,
+      error: message,
+    });
+  }
+}
+
+export const telegramHandlers = defineHandlers({
+  telegram_config: handleTelegramConfig,
+});

package/src/daemon/handlers/config-tools.ts

@@ -0,0 +1,177 @@
+import * as net from 'node:net';
+import { join } from 'node:path';
+import { classifyRisk, check, generateAllowlistOptions, generateScopeOptions } from '../../permissions/checker.js';
+import { isSideEffectTool } from '../../tools/executor.js';
+import { resolveExecutionTarget, type ManifestOverride } from '../../tools/execution-target.js';
+import { getAllTools, getTool } from '../../tools/registry.js';
+import { loadSkillCatalog } from '../../config/skills.js';
+import { parseToolManifestFile } from '../../skills/tool-manifest.js';
+import type { ToolPermissionSimulateRequest } from '../ipc-protocol.js';
+import { log, defineHandlers, type HandlerContext } from './shared.js';
+
+export function handleEnvVarsRequest(socket: net.Socket, ctx: HandlerContext): void {
+  const vars: Record<string, string> = {};
+  for (const [key, value] of Object.entries(process.env)) {
+    if (value !== undefined) vars[key] = value;
+  }
+  ctx.send(socket, { type: 'env_vars_response', vars });
+}
+
+/**
+ * Look up manifest metadata for a tool that isn't in the live registry.
+ * Searches all installed skills' TOOLS.json manifests for a matching tool name.
+ */
+function resolveManifestOverride(toolName: string): ManifestOverride | undefined {
+  if (getTool(toolName)) return undefined;
+  try {
+    const catalog = loadSkillCatalog();
+    for (const skill of catalog) {
+      if (!skill.toolManifest?.present || !skill.toolManifest.valid) continue;
+      try {
+        const manifest = parseToolManifestFile(join(skill.directoryPath, 'TOOLS.json'));
+        const entry = manifest.tools.find((t) => t.name === toolName);
+        if (entry) {
+          return { risk: entry.risk, execution_target: entry.execution_target };
+        }
+      } catch {
+        // Skip unparseable manifests
+      }
+    }
+  } catch {
+    // Non-fatal
+  }
+  return undefined;
+}
+
+export async function handleToolPermissionSimulate(
+  msg: ToolPermissionSimulateRequest,
+  socket: net.Socket,
+  ctx: HandlerContext,
+): Promise<void> {
+  try {
+    if (!msg.toolName || typeof msg.toolName !== 'string') {
+      ctx.send(socket, {
+        type: 'tool_permission_simulate_response',
+        success: false,
+        error: 'toolName is required',
+      });
+      return;
+    }
+    if (!msg.input || typeof msg.input !== 'object') {
+      ctx.send(socket, {
+        type: 'tool_permission_simulate_response',
+        success: false,
+        error: 'input is required and must be an object',
+      });
+      return;
+    }
+
+    const workingDir = msg.workingDir ?? process.cwd();
+
+    // For unregistered skill tools, resolve manifest metadata so the simulation
+    // uses accurate risk/execution_target values instead of falling back to defaults.
+    const manifestOverride = resolveManifestOverride(msg.toolName);
+
+    const executionTarget = resolveExecutionTarget(msg.toolName, manifestOverride);
+    const policyContext = { executionTarget };
+
+    const riskLevel = await classifyRisk(msg.toolName, msg.input, workingDir, undefined, manifestOverride);
+    const result = await check(msg.toolName, msg.input, workingDir, policyContext, manifestOverride);
+
+    // Private-thread override: promote allow → prompt for side-effect tools
+    if (
+      msg.forcePromptSideEffects
+      && result.decision === 'allow'
+      && isSideEffectTool(msg.toolName, msg.input)
+    ) {
+      result.decision = 'prompt';
+      result.reason = 'Private thread: side-effect tools require explicit approval';
+    }
+
+    // Non-interactive override: convert prompt → deny
+    if (msg.isInteractive === false && result.decision === 'prompt') {
+      result.decision = 'deny';
+      result.reason = 'Non-interactive session: no client to approve prompt';
+    }
+
+    // When decision is prompt, generate the full payload the UI needs
+    let promptPayload: {
+      allowlistOptions: Array<{ label: string; description: string; pattern: string }>;
+      scopeOptions: Array<{ label: string; scope: string }>;
+      persistentDecisionsAllowed: boolean;
+    } | undefined;
+
+    if (result.decision === 'prompt') {
+      const allowlistOptions = await generateAllowlistOptions(msg.toolName, msg.input);
+      const scopeOptions = generateScopeOptions(workingDir, msg.toolName);
+      const persistentDecisionsAllowed = !(
+        msg.toolName === 'bash'
+        && msg.input.network_mode === 'proxied'
+      );
+      promptPayload = { allowlistOptions, scopeOptions, persistentDecisionsAllowed };
+    }
+
+    ctx.send(socket, {
+      type: 'tool_permission_simulate_response',
+      success: true,
+      decision: result.decision,
+      riskLevel,
+      reason: result.reason,
+      executionTarget,
+      matchedRuleId: result.matchedRule?.id,
+      promptPayload,
+    });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    log.error({ err }, 'Failed to simulate tool permission');
+    ctx.send(socket, {
+      type: 'tool_permission_simulate_response',
+      success: false,
+      error: message,
+    });
+  }
+}
+
+export function handleToolNamesList(socket: net.Socket, ctx: HandlerContext): void {
+  const tools = getAllTools();
+  const nameSet = new Set(tools.map((t) => t.name));
+  const schemas: Record<string, import('../ipc-contract.js').ToolInputSchema> = {};
+  for (const tool of tools) {
+    try {
+      const def = tool.getDefinition();
+      schemas[tool.name] = def.input_schema as import('../ipc-contract.js').ToolInputSchema;
+    } catch {
+      // Skip tools whose definitions can't be resolved
+    }
+  }
+
+  // Include tools from all installed skills, even those not currently
+  // activated in any session.
+  try {
+    const catalog = loadSkillCatalog();
+    for (const skill of catalog) {
+      if (!skill.toolManifest?.present || !skill.toolManifest.valid) continue;
+      try {
+        const manifest = parseToolManifestFile(join(skill.directoryPath, 'TOOLS.json'));
+        for (const entry of manifest.tools) {
+          if (nameSet.has(entry.name)) continue;
+          nameSet.add(entry.name);
+          schemas[entry.name] = entry.input_schema as unknown as import('../ipc-contract.js').ToolInputSchema;
+        }
+      } catch {
+        // Skip skills whose manifests can't be parsed
+      }
+    }
+  } catch {
+    // Non-fatal — fall back to registered tools only
+  }
+
+  const names = Array.from(nameSet).sort((a, b) => a.localeCompare(b));
+  ctx.send(socket, { type: 'tool_names_list_response', names, schemas });
+}
+
+export const toolHandlers = defineHandlers({
+  env_vars_request: (_msg, socket, ctx) => handleEnvVarsRequest(socket, ctx),
+  tool_permission_simulate: handleToolPermissionSimulate,
+  tool_names_list: (_msg, socket, ctx) => handleToolNamesList(socket, ctx),
+});

package/src/daemon/handlers/config-trust.ts

@@ -0,0 +1,104 @@
+import * as net from 'node:net';
+import { addRule, removeRule, updateRule, getAllRules, acceptStarterBundle } from '../../permissions/trust-store.js';
+import type {
+  AddTrustRule,
+  RemoveTrustRule,
+  UpdateTrustRule,
+} from '../ipc-protocol.js';
+import { log, defineHandlers, type HandlerContext } from './shared.js';
+
+export function handleAddTrustRule(
+  msg: AddTrustRule,
+  _socket: net.Socket,
+  _ctx: HandlerContext,
+): void {
+  try {
+    const hasMetadata = msg.allowHighRisk != null
+      || msg.executionTarget != null;
+
+    addRule(
+      msg.toolName,
+      msg.pattern,
+      msg.scope,
+      msg.decision,
+      undefined, // priority — use default
+      hasMetadata
+        ? {
+            allowHighRisk: msg.allowHighRisk,
+            executionTarget: msg.executionTarget,
+          }
+        : undefined,
+    );
+    log.info({ toolName: msg.toolName, pattern: msg.pattern, scope: msg.scope, decision: msg.decision }, 'Trust rule added via client');
+  } catch (err) {
+    log.error({ err, toolName: msg.toolName, pattern: msg.pattern, scope: msg.scope }, 'Failed to add trust rule via client');
+  }
+}
+
+export function handleTrustRulesList(socket: net.Socket, ctx: HandlerContext): void {
+  const rules = getAllRules();
+  ctx.send(socket, { type: 'trust_rules_list_response', rules });
+}
+
+export function handleRemoveTrustRule(
+  msg: RemoveTrustRule,
+  _socket: net.Socket,
+  _ctx: HandlerContext,
+): void {
+  try {
+    const removed = removeRule(msg.id);
+    if (!removed) {
+      log.warn({ id: msg.id }, 'Trust rule not found for removal');
+    } else {
+      log.info({ id: msg.id }, 'Trust rule removed via client');
+    }
+  } catch (err) {
+    log.error({ err }, 'Failed to remove trust rule');
+  }
+}
+
+export function handleUpdateTrustRule(
+  msg: UpdateTrustRule,
+  _socket: net.Socket,
+  _ctx: HandlerContext,
+): void {
+  try {
+    updateRule(msg.id, {
+      tool: msg.tool,
+      pattern: msg.pattern,
+      scope: msg.scope,
+      decision: msg.decision,
+      priority: msg.priority,
+    });
+    log.info({ id: msg.id }, 'Trust rule updated via client');
+  } catch (err) {
+    log.error({ err }, 'Failed to update trust rule');
+  }
+}
+
+export function handleAcceptStarterBundle(
+  socket: net.Socket,
+  ctx: HandlerContext,
+): void {
+  try {
+    const result = acceptStarterBundle();
+    ctx.send(socket, {
+      type: 'accept_starter_bundle_response',
+      accepted: result.accepted,
+      rulesAdded: result.rulesAdded,
+      alreadyAccepted: result.alreadyAccepted,
+    });
+    log.info({ rulesAdded: result.rulesAdded, alreadyAccepted: result.alreadyAccepted }, 'Starter bundle accepted via client');
+  } catch (err) {
+    log.error({ err }, 'Failed to accept starter bundle');
+    ctx.send(socket, { type: 'error', message: 'Failed to accept starter bundle' });
+  }
+}
+
+export const trustHandlers = defineHandlers({
+  add_trust_rule: handleAddTrustRule,
+  trust_rules_list: (_msg, socket, ctx) => handleTrustRulesList(socket, ctx),
+  remove_trust_rule: handleRemoveTrustRule,
+  update_trust_rule: handleUpdateTrustRule,
+  accept_starter_bundle: (_msg, socket, ctx) => handleAcceptStarterBundle(socket, ctx),
+});