@vellumai/assistant 0.3.6 → 0.3.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.3.6",
+  "version": "0.3.7",
   "type": "module",
   "bin": {
     "vellum": "./src/index.ts"

package/src/config/defaults.ts

@@ -47,7 +47,7 @@ export const DEFAULT_CONFIG: AssistantConfig = {
       injectionFormat: 'markdown' as const,
       injectionStrategy: 'prepend_user_block' as const,
       reranking: {
-        enabled: true,
+        enabled: false,
         model: 'claude-haiku-4-5-20251001',
         topK: 20,
       },

package/src/config/env-registry.ts

@@ -136,11 +136,18 @@ const KNOWN_VELLUM_VARS = new Set([
   'VELLUM_DAEMON_TCP_ENABLED',
   'VELLUM_DAEMON_TCP_HOST',
   'VELLUM_DAEMON_IOS_PAIRING',
+  'VELLUM_DAEMON_NOAUTH',
+  'VELLUM_DAEMON_AUTOSTART',
   'VELLUM_DEBUG',
   'VELLUM_LOG_STDERR',
   'VELLUM_ENABLE_MONITORING',
   'VELLUM_HOOK_EVENT',
   'VELLUM_HOOK_NAME',
+  'VELLUM_HOOK_SETTINGS',
+  'VELLUM_ROOT_DIR',
+  'VELLUM_WORKSPACE_DIR',
+  'VELLUM_CLAUDE_CODE_DEPTH',
+  'VELLUM_ASSISTANT_PLATFORM_URL',
 ]);
 
 /**

package/src/config/memory-schema.ts

@@ -60,7 +60,7 @@ export const QdrantConfigSchema = z.object({
 export const MemoryRerankingConfigSchema = z.object({
   enabled: z
     .boolean({ error: 'memory.retrieval.reranking.enabled must be a boolean' })
-    .default(true),
+    .default(false),
   model: z
     .string({ error: 'memory.retrieval.reranking.model must be a string' })
     .default('claude-haiku-4-5-20251001'),
@@ -186,7 +186,7 @@ export const MemoryRetrievalConfigSchema = z.object({
     })
     .default('prepend_user_block'),
   reranking: MemoryRerankingConfigSchema.default({
-    enabled: true,
+    enabled: false,
     model: 'claude-haiku-4-5-20251001',
     topK: 20,
   }),
@@ -430,7 +430,7 @@ export const MemoryConfigSchema = z.object({
     injectionFormat: 'markdown',
     injectionStrategy: 'prepend_user_block',
     reranking: {
-      enabled: true,
+      enabled: false,
       model: 'claude-haiku-4-5-20251001',
       topK: 20,
     },

package/src/config/schema.ts

@@ -215,7 +215,7 @@ export const AssistantConfigSchema = z.object({
       injectionFormat: 'markdown',
       injectionStrategy: 'prepend_user_block',
       reranking: {
-        enabled: true,
+        enabled: false,
         model: 'claude-haiku-4-5-20251001',
         topK: 20,
       },

package/src/daemon/daemon-control.ts

@@ -5,14 +5,51 @@ import {
   getSocketPath,
   getPidPath,
   getRootDir,
+  getWorkspaceConfigPath,
   removeSocketFile,
 } from '../util/platform.js';
 import { getLogger } from '../util/logger.js';
 import { DaemonError } from '../util/errors.js';
-import { getConfig } from '../config/loader.js';
 
 const log = getLogger('lifecycle');
 
+const DAEMON_TIMEOUT_DEFAULTS = {
+  startupSocketWaitMs: 5000,
+  stopTimeoutMs: 5000,
+  sigkillGracePeriodMs: 2000,
+};
+
+/**
+ * Read daemon timeout values directly from the config JSON file, bypassing
+ * loadConfig() and its ensureMigratedDataDir()/ensureDataDir() side effects.
+ * Falls back to hardcoded defaults on any error (missing file, malformed JSON,
+ * unexpected shape) so daemon stop/start never fails due to config issues.
+ */
+function readDaemonTimeouts(): typeof DAEMON_TIMEOUT_DEFAULTS {
+  try {
+    const raw = JSON.parse(readFileSync(getWorkspaceConfigPath(), 'utf-8'));
+    if (raw.daemon && typeof raw.daemon === 'object') {
+      return {
+        startupSocketWaitMs:
+          typeof raw.daemon.startupSocketWaitMs === 'number'
+            ? raw.daemon.startupSocketWaitMs
+            : DAEMON_TIMEOUT_DEFAULTS.startupSocketWaitMs,
+        stopTimeoutMs:
+          typeof raw.daemon.stopTimeoutMs === 'number'
+            ? raw.daemon.stopTimeoutMs
+            : DAEMON_TIMEOUT_DEFAULTS.stopTimeoutMs,
+        sigkillGracePeriodMs:
+          typeof raw.daemon.sigkillGracePeriodMs === 'number'
+            ? raw.daemon.sigkillGracePeriodMs
+            : DAEMON_TIMEOUT_DEFAULTS.sigkillGracePeriodMs,
+      };
+    }
+  } catch {
+    // Missing file, malformed JSON, etc. — use defaults.
+  }
+  return { ...DAEMON_TIMEOUT_DEFAULTS };
+}
+
 function isProcessRunning(pid: number): boolean {
   try {
     process.kill(pid, 0);
@@ -125,8 +162,8 @@ export async function startDaemon(): Promise<{
   writePid(pid);
 
   // Wait for socket to appear
-  const config = getConfig();
-  const maxWait = config.daemon.startupSocketWaitMs;
+  const timeouts = readDaemonTimeouts();
+  const maxWait = timeouts.startupSocketWaitMs;
   const interval = 100;
   let waited = 0;
   while (waited < maxWait) {
@@ -165,10 +202,10 @@ export async function stopDaemon(): Promise<StopResult> {
 
   process.kill(pid, 'SIGTERM');
 
-  const config = getConfig();
+  const timeouts = readDaemonTimeouts();
 
   // Wait for process to exit
-  const maxWait = config.daemon.stopTimeoutMs;
+  const maxWait = timeouts.stopTimeoutMs;
   const interval = 100;
   let waited = 0;
   while (waited < maxWait) {
@@ -190,7 +227,7 @@ export async function stopDaemon(): Promise<StopResult> {
   // Wait for the process to actually die after SIGKILL. Without this,
   // startDaemon() can race with the dying process's shutdown handler,
   // which removes the socket file and bricks the new daemon.
-  const killMaxWait = config.daemon.sigkillGracePeriodMs;
+  const killMaxWait = timeouts.sigkillGracePeriodMs;
   let killWaited = 0;
   while (killWaited < killMaxWait && isProcessRunning(pid)) {
     await new Promise((r) => setTimeout(r, 100));

package/src/daemon/handlers/sessions.ts

@@ -16,6 +16,7 @@ import type {
   SecretResponse,
   SessionCreateRequest,
   SessionSwitchRequest,
+  SessionRenameRequest,
   CancelRequest,
   DeleteQueuedMessage,
   HistoryRequest,
@@ -352,6 +353,24 @@ export async function handleSessionSwitch(
   });
 }
 
+export function handleSessionRename(
+  msg: SessionRenameRequest,
+  socket: net.Socket,
+  ctx: HandlerContext,
+): void {
+  const conversation = conversationStore.getConversation(msg.sessionId);
+  if (!conversation) {
+    ctx.send(socket, { type: 'error', message: `Session ${msg.sessionId} not found` });
+    return;
+  }
+  conversationStore.updateConversationTitle(msg.sessionId, msg.title);
+  ctx.send(socket, {
+    type: 'session_title_updated',
+    sessionId: msg.sessionId,
+    title: msg.title,
+  });
+}
+
 export function handleCancel(msg: CancelRequest, socket: net.Socket, ctx: HandlerContext): void {
   const sessionId = msg.sessionId || ctx.socketToSession.get(socket);
   if (sessionId) {
@@ -597,6 +616,7 @@ export const sessionHandlers = defineHandlers({
   session_create: handleSessionCreate,
   sessions_clear: (_msg, socket, ctx) => handleSessionsClear(socket, ctx),
   session_switch: handleSessionSwitch,
+  session_rename: handleSessionRename,
   cancel: handleCancel,
   delete_queued_message: handleDeleteQueuedMessage,
   history_request: handleHistoryRequest,

package/src/daemon/ipc-contract/sessions.ts

@@ -43,6 +43,12 @@ export interface SessionSwitchRequest {
   sessionId: string;
 }
 
+export interface SessionRenameRequest {
+  type: 'session_rename';
+  sessionId: string;
+  title: string;
+}
+
 export interface AuthMessage {
   type: 'auth';
   token: string;

package/src/daemon/ipc-contract-inventory.json

@@ -79,6 +79,7 @@
     "SecretResponse",
     "SessionCreateRequest",
     "SessionListRequest",
+    "SessionRenameRequest",
     "SessionSwitchRequest",
     "SessionsClearRequest",
     "ShareAppCloudRequest",
@@ -363,6 +364,7 @@
     "secret_response",
     "session_create",
     "session_list",
+    "session_rename",
     "session_switch",
     "sessions_clear",
     "share_app_cloud",

package/src/daemon/ipc-contract.ts

@@ -29,7 +29,7 @@ export * from './ipc-contract/inbox.js';
 export * from './ipc-contract/pairing.js';
 
 // Import types needed for aggregate unions and SubagentEvent
-import type { AuthMessage, PingMessage, CancelRequest, DeleteQueuedMessage, ModelGetRequest, ModelSetRequest, ImageGenModelSetRequest, HistoryRequest, UndoRequest, RegenerateRequest, UsageRequest, SandboxSetRequest, SessionListRequest, SessionCreateRequest, SessionSwitchRequest, SessionsClearRequest, ConversationSearchRequest } from './ipc-contract/sessions.js';
+import type { AuthMessage, PingMessage, CancelRequest, DeleteQueuedMessage, ModelGetRequest, ModelSetRequest, ImageGenModelSetRequest, HistoryRequest, UndoRequest, RegenerateRequest, UsageRequest, SandboxSetRequest, SessionListRequest, SessionCreateRequest, SessionSwitchRequest, SessionRenameRequest, SessionsClearRequest, ConversationSearchRequest } from './ipc-contract/sessions.js';
 import type { UserMessage, ConfirmationResponse, SecretResponse, SuggestionRequest } from './ipc-contract/messages.js';
 import type { UiSurfaceAction, UiSurfaceUndoRequest } from './ipc-contract/surfaces.js';
 import type { SkillsListRequest, SkillDetailRequest, SkillsEnableRequest, SkillsDisableRequest, SkillsConfigureRequest, SkillsInstallRequest, SkillsUninstallRequest, SkillsUpdateRequest, SkillsCheckUpdatesRequest, SkillsSearchRequest, SkillsInspectRequest } from './ipc-contract/skills.js';
@@ -84,6 +84,7 @@ export type ClientMessage =
   | SessionListRequest
   | SessionCreateRequest
   | SessionSwitchRequest
+  | SessionRenameRequest
   | PingMessage
   | CancelRequest
   | DeleteQueuedMessage

package/src/daemon/session-queue-manager.ts

@@ -78,11 +78,6 @@ export class MessageQueue {
 
     if (this.items.length >= MAX_QUEUE_DEPTH) {
       this.droppedCount++;
-      item.onEvent({
-        type: 'error',
-        message: 'Message queue is full. Please wait for current messages to be processed.',
-        category: 'queue_full',
-      });
       return false;
     }
 
@@ -149,21 +144,28 @@ export class MessageQueue {
   private expireStale(): void {
     const now = Date.now();
     const cutoff = now - this.maxWaitMs;
-    const before = this.items.length;
+    const expired: QueuedMessage[] = [];
     this.items = this.items.filter((item) => {
       if (item.queuedAt < cutoff) {
         this.expiredCount++;
-        log.warn({ requestId: item.requestId, waitMs: now - item.queuedAt }, 'Expiring stale queued message');
+        expired.push(item);
+        return false;
+      }
+      return true;
+    });
+    for (const item of expired) {
+      log.warn({ requestId: item.requestId, waitMs: now - item.queuedAt }, 'Expiring stale queued message');
+      try {
         item.onEvent({
           type: 'error',
           message: 'Your queued message was dropped because it waited too long in the queue.',
           category: 'queue_expired',
         });
-        return false;
+      } catch (e) {
+        log.debug({ err: e, requestId: item.requestId }, 'Failed to notify client of expired message');
       }
-      return true;
-    });
-    if (this.items.length < before && this.items.length / MAX_QUEUE_DEPTH < CAPACITY_WARNING_THRESHOLD) {
+    }
+    if (expired.length > 0 && this.items.length / MAX_QUEUE_DEPTH < CAPACITY_WARNING_THRESHOLD) {
       this.capacityWarned = false;
     }
   }

package/src/daemon/session-surfaces.ts

@@ -140,7 +140,14 @@ export function createSurfaceMutex(): <T>(surfaceId: string, fn: () => T | Promi
     const prev = chains.get(surfaceId) ?? Promise.resolve();
     const next = prev.then(fn, fn);
     // Keep the chain alive but swallow errors so one failure doesn't block subsequent ops
-    chains.set(surfaceId, next.then(() => {}, () => {}));
+    const tail = next.then(() => {}, () => {});
+    chains.set(surfaceId, tail);
+    // Clean up the map entry once the queue settles to prevent unbounded growth
+    tail.then(() => {
+      if (chains.get(surfaceId) === tail) {
+        chains.delete(surfaceId);
+      }
+    });
     return next;
   };
 }

package/src/memory/migrations/016-memory-segments-indexes.ts

@@ -1,11 +1,11 @@
 import type { DrizzleDb } from '../db-connection.js';
 
 /**
- * Idempotent migration to ensure memory_segments has indexes on scope_id and
- * conversation_id for faster lookups.  scope_id was already covered by
- * db-init, but we include both here for completeness.
+ * Idempotent migration to add a scope_id index on memory_segments.
+ * conversation_id is already covered by the composite index
+ * idx_memory_segments_conversation_created(conversation_id, created_at DESC)
+ * in db-init, so a standalone index is unnecessary.
  */
 export function migrateMemorySegmentsIndexes(database: DrizzleDb): void {
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_memory_segments_scope_id ON memory_segments(scope_id)`);
-  database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_memory_segments_conversation_id ON memory_segments(conversation_id)`);
 }

package/src/memory/migrations/017-memory-items-indexes.ts

@@ -1,10 +1,12 @@
 import type { DrizzleDb } from '../db-connection.js';
 
 /**
- * Idempotent migration to add indexes on memory_items for scope_id and
- * fingerprint — critical for duplicate detection and scope-filtered queries.
+ * Idempotent migration to add an index on memory_items.scope_id for
+ * scope-filtered queries. The standalone fingerprint index is intentionally
+ * omitted — it's superseded by the compound unique index
+ * idx_memory_items_fingerprint_scope(fingerprint, scope_id), which already
+ * covers single-column lookups on fingerprint as its leading column.
  */
 export function migrateMemoryItemsIndexes(database: DrizzleDb): void {
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_memory_items_scope_id ON memory_items(scope_id)`);
-  database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_memory_items_fingerprint ON memory_items(fingerprint)`);
 }

package/src/memory/retriever.ts

@@ -779,7 +779,10 @@ function isAbortError(err: unknown): boolean {
  * in the message. This avoids false positives from dimension numbers like 512.
  */
 function getErrorStatusCode(err: Error): unknown {
-  if ('status' in err) return (err as { status: unknown }).status;
+  if ('status' in err) {
+    const status = (err as { status: unknown }).status;
+    if (status != null) return status;
+  }
   if ('statusCode' in err) return (err as { statusCode: unknown }).statusCode;
   return undefined;
 }

package/src/permissions/checker.ts

@@ -16,16 +16,23 @@ import type { ManifestOverride } from '../tools/execution-target.js';
 
 // ── Risk classification cache ────────────────────────────────────────────────
 // classifyRisk() is called on every permission check and can invoke WASM
-// parsing for shell commands. Cache results keyed on (toolName, inputHash).
+// parsing for shell commands. Cache results keyed on
+// (toolName, inputHash, workingDir, manifestOverride).
 // Invalidated when trust rules change since risk classification for file tools
 // depends on skill source path checks which reference config, but the core
 // risk logic is input-deterministic.
 const RISK_CACHE_MAX = 256;
 const riskCache = new Map<string, RiskLevel>();
 
-function riskCacheKey(toolName: string, input: Record<string, unknown>): string {
+function riskCacheKey(toolName: string, input: Record<string, unknown>, workingDir?: string, manifestOverride?: ManifestOverride): string {
   const inputJson = JSON.stringify(input);
-  const hash = createHash('sha256').update(inputJson).digest('hex');
+  const hash = createHash('sha256')
+    .update(inputJson)
+    .update('\0')
+    .update(workingDir ?? '')
+    .update('\0')
+    .update(manifestOverride ? JSON.stringify(manifestOverride) : '')
+    .digest('hex');
   return `${toolName}\0${hash}`;
 }
 
@@ -305,11 +312,11 @@ async function buildCommandCandidates(toolName: string, input: Record<string, un
 }
 
 export async function classifyRisk(toolName: string, input: Record<string, unknown>, workingDir?: string, preParsed?: ParsedCommand, manifestOverride?: ManifestOverride, signal?: AbortSignal): Promise<RiskLevel> {
-  if (signal?.aborted) throw new Error('Cancelled');
+  signal?.throwIfAborted();
 
   // Check cache first (skip when preParsed is provided since caller already
   // parsed and we'd just be duplicating the key computation cost).
-  const cacheKey = preParsed ? null : riskCacheKey(toolName, input);
+  const cacheKey = preParsed ? null : riskCacheKey(toolName, input, workingDir, manifestOverride);
   if (cacheKey) {
     const cached = riskCache.get(cacheKey);
     if (cached !== undefined) {
@@ -466,7 +473,7 @@ export async function check(
   manifestOverride?: ManifestOverride,
   signal?: AbortSignal,
 ): Promise<PermissionCheckResult> {
-  if (signal?.aborted) throw new Error('Cancelled');
+  signal?.throwIfAborted();
 
   // For shell tools, parse once and share the result to avoid duplicate tree-sitter work.
   let shellParsed: ParsedCommand | undefined;
@@ -608,7 +615,7 @@ function friendlyHostname(url: URL): string {
 }
 
 export async function generateAllowlistOptions(toolName: string, input: Record<string, unknown>, signal?: AbortSignal): Promise<AllowlistOption[]> {
-  if (signal?.aborted) throw new Error('Cancelled');
+  signal?.throwIfAborted();
   if (toolName === 'bash' || toolName === 'host_bash') {
     const command = ((input.command as string) ?? '').trim();
     return buildShellAllowlistOptions(command);

package/src/runtime/assistant-event-hub.ts

@@ -123,7 +123,9 @@ export class AssistantEventHub {
     for (const entry of snapshot) {
       if (!entry.active) continue;
       if (entry.filter.assistantId !== event.assistantId) continue;
-      if (entry.filter.sessionId != null && entry.filter.sessionId !== event.sessionId) continue;
+      // System events (no sessionId) match all subscribers; scoped events
+      // must match the subscriber's sessionId filter when present.
+      if (event.sessionId != null && entry.filter.sessionId != null && entry.filter.sessionId !== event.sessionId) continue;
       try {
         await entry.callback(event);
       } catch (err) {

package/src/runtime/http-server.ts

@@ -1,8 +1,8 @@
 /**
  * Optional HTTP server that exposes the canonical runtime API.
  *
- * Runs in the same process as the daemon. Started only when
- * `RUNTIME_HTTP_PORT` is set (default: disabled).
+ * Runs in the same process as the daemon. Always started on the
+ * configured port (default: 7821).
  */
 
 import { existsSync, readFileSync } from 'node:fs';
@@ -77,6 +77,9 @@ import type { BrowserRelayWebSocketData } from '../browser-extension-relay/serve
 import { handleSubscribeAssistantEvents } from './routes/events-routes.js';
 import { consumeCallback, consumeCallbackError } from '../security/oauth-callback-registry.js';
 import { PairingStore } from '../daemon/pairing-store.js';
+import type { ServerMessage } from '../daemon/ipc-contract.js';
+import { assistantEventHub } from './assistant-event-hub.js';
+import { buildAssistantEvent } from './assistant-event.js';
 
 // Middleware
 import {
@@ -152,7 +155,7 @@ export class RuntimeHttpServer {
   private retrySweepTimer: ReturnType<typeof setInterval> | null = null;
   private sweepInProgress = false;
   private pairingStore = new PairingStore();
-  private pairingBroadcast?: (msg: { type: string; [key: string]: unknown }) => void;
+  private pairingBroadcast?: (msg: ServerMessage) => void;
 
   constructor(options: RuntimeHttpServerOptions = {}) {
     this.port = options.port ?? DEFAULT_PORT;
@@ -177,15 +180,24 @@ export class RuntimeHttpServer {
   }
 
   /** Set a callback for broadcasting IPC messages (wired by daemon server). */
-  setPairingBroadcast(fn: (msg: { type: string; [key: string]: unknown }) => void): void {
+  setPairingBroadcast(fn: (msg: ServerMessage) => void): void {
     this.pairingBroadcast = fn;
   }
 
   private get pairingContext(): PairingHandlerContext {
+    const ipcBroadcast = this.pairingBroadcast;
     return {
       pairingStore: this.pairingStore,
       bearerToken: this.bearerToken,
-      pairingBroadcast: this.pairingBroadcast,
+      pairingBroadcast: ipcBroadcast
+        ? (msg) => {
+            // Broadcast to IPC socket clients (local Unix socket)
+            ipcBroadcast(msg);
+            // Also publish to the event hub so HTTP/SSE clients (e.g. macOS
+            // app with localHttpEnabled) receive pairing approval requests.
+            void assistantEventHub.publish(buildAssistantEvent('self', msg));
+          }
+        : undefined,
     };
   }
 

package/src/runtime/routes/pairing-routes.ts

@@ -9,13 +9,14 @@ import {
   refreshDevice,
   hashDeviceId,
 } from '../../daemon/approved-devices-store.js';
+import type { ServerMessage } from '../../daemon/ipc-contract.js';
 
 const log = getLogger('runtime-http');
 
 export interface PairingHandlerContext {
   pairingStore: PairingStore;
   bearerToken: string | undefined;
-  pairingBroadcast?: (msg: { type: string; [key: string]: unknown }) => void;
+  pairingBroadcast?: (msg: ServerMessage) => void;
 }
 
 /**

package/src/tools/browser/browser-execution.ts

@@ -320,7 +320,10 @@ export async function executeBrowserNavigate(
       if (challenge?.type === 'captcha') {
         log.info('CAPTCHA detected, waiting up to 5s for auto-resolve');
         for (let i = 0; i < 5; i++) {
-          if (context.signal?.aborted) break;
+          if (context.signal?.aborted) {
+            if (sender) updateBrowserStatus(context.sessionId, sender, 'idle');
+            return { content: 'Navigation cancelled.', isError: true };
+          }
           await new Promise((r) => setTimeout(r, 1000));
           const still = await detectCaptchaChallenge(page);
           if (!still) {

package/src/tools/executor.ts

@@ -699,15 +699,18 @@ export class ToolExecutor {
     } catch (err) {
       const durationMs = Date.now() - startTime;
       const msg = err instanceof Error ? err.message : String(err);
-      const isExpected = err instanceof PermissionDeniedError || err instanceof ToolError || err instanceof TokenExpiredError;
-
-      const errorCategory = err instanceof PermissionDeniedError
-        ? 'permission_denied' as const
-        : err instanceof TokenExpiredError
-          ? 'auth' as const
-          : err instanceof ToolError
-            ? 'tool_failure' as const
-            : 'unexpected' as const;
+      const isAbort = err instanceof Error && err.name === 'AbortError';
+      const isExpected = isAbort || err instanceof PermissionDeniedError || err instanceof ToolError || err instanceof TokenExpiredError;
+
+      const errorCategory = isAbort
+        ? 'tool_failure' as const
+        : err instanceof PermissionDeniedError
+          ? 'permission_denied' as const
+          : err instanceof TokenExpiredError
+            ? 'auth' as const
+            : err instanceof ToolError
+              ? 'tool_failure' as const
+              : 'unexpected' as const;
 
       emitLifecycleEvent(context, {
         type: 'error',

package/src/util/logger.ts

@@ -1,4 +1,4 @@
-import { existsSync, mkdirSync, readdirSync, unlinkSync } from 'node:fs';
+import { chmodSync, existsSync, mkdirSync, readdirSync, unlinkSync } from 'node:fs';
 import { join } from 'node:path';
 import { Writable } from 'node:stream';
 import pino from 'pino';
@@ -67,6 +67,8 @@ function buildRotatingLogger(config: LogFileConfig): pino.Logger {
   const today = formatDate(new Date());
   const filePath = logFilePathForDate(config.dir, new Date());
   const fileStream = pino.destination({ dest: filePath, sync: false, mkdir: true, mode: 0o600 });
+  // Tighten permissions on pre-existing log files that may have been created with looser modes
+  try { chmodSync(filePath, 0o600); } catch { /* best-effort */ }
 
   activeLogDate = today;
   activeLogFileConfig = config;
@@ -130,7 +132,10 @@ function getRootLogger(): pino.Logger {
     }
 
     try {
-      const fileStream = pino.destination({ dest: getLogPath(), sync: false, mkdir: true, mode: 0o600 });
+      const logPath = getLogPath();
+      const fileStream = pino.destination({ dest: logPath, sync: false, mkdir: true, mode: 0o600 });
+      // Tighten permissions on pre-existing log files that may have been created with looser modes
+      try { chmodSync(logPath, 0o600); } catch { /* best-effort */ }
 
       if (getDebugMode()) {
         const prettyStream = pinoPretty({ destination: 2 });