@vellumai/assistant 0.4.13 → 0.4.15

package/src/messaging/providers/sms/adapter.ts

@@ -19,8 +19,8 @@ import { loadConfig } from '../../../config/loader.js';
 import { getOrCreateConversation } from '../../../memory/conversation-key-store.js';
 import * as externalConversationStore from '../../../memory/external-conversation-store.js';
 import { DAEMON_INTERNAL_ASSISTANT_ID } from '../../../runtime/assistant-scope.js';
+import { mintDaemonDeliveryToken } from '../../../runtime/auth/token-service.js';
 import { getSecureKey } from '../../../security/secure-keys.js';
-import { readHttpToken } from '../../../util/platform.js';
 import type { MessagingProvider } from '../../provider.js';
 import type {
   ConnectionInfo,
@@ -40,13 +40,9 @@ function getGatewayUrl(): string {
   return getGatewayInternalBaseUrl();
 }
 
-/** Read the runtime HTTP bearer token used to authenticate with the gateway. */
+/** Mint a short-lived JWT for authenticating with the gateway. */
 function getBearerToken(): string {
-  const token = readHttpToken();
-  if (!token) {
-    throw new Error('No runtime HTTP bearer token available — is the daemon running?');
-  }
-  return token;
+  return mintDaemonDeliveryToken();
 }
 
 /** Check whether Twilio credentials are stored. */

package/src/messaging/providers/telegram-bot/adapter.ts

@@ -14,8 +14,8 @@
 import { getGatewayInternalBaseUrl } from '../../../config/env.js';
 import { getOrCreateConversation } from '../../../memory/conversation-key-store.js';
 import * as externalConversationStore from '../../../memory/external-conversation-store.js';
+import { mintDaemonDeliveryToken } from '../../../runtime/auth/token-service.js';
 import { getSecureKey } from '../../../security/secure-keys.js';
-import { readHttpToken } from '../../../util/platform.js';
 import type { MessagingProvider } from '../../provider.js';
 import type {
   ConnectionInfo,
@@ -35,13 +35,9 @@ function getGatewayUrl(): string {
   return getGatewayInternalBaseUrl();
 }
 
-/** Read the runtime HTTP bearer token used to authenticate with the gateway. */
+/** Mint a short-lived JWT for authenticating with the gateway. */
 function getBearerToken(): string {
-  const token = readHttpToken();
-  if (!token) {
-    throw new Error('No runtime HTTP bearer token available — is the daemon running?');
-  }
-  return token;
+  return mintDaemonDeliveryToken();
 }
 
 /** Read the Telegram bot token from the credential vault. */

package/src/messaging/providers/whatsapp/adapter.ts

@@ -13,8 +13,8 @@
 import { getGatewayInternalBaseUrl } from '../../../config/env.js';
 import { getOrCreateConversation } from '../../../memory/conversation-key-store.js';
 import * as externalConversationStore from '../../../memory/external-conversation-store.js';
+import { mintDaemonDeliveryToken } from '../../../runtime/auth/token-service.js';
 import { getSecureKey } from '../../../security/secure-keys.js';
-import { readHttpToken } from '../../../util/platform.js';
 import type { MessagingProvider } from '../../provider.js';
 import type {
   ConnectionInfo,
@@ -34,13 +34,9 @@ function getGatewayUrl(): string {
   return getGatewayInternalBaseUrl();
 }
 
-/** Read the runtime HTTP bearer token used to authenticate with the gateway. */
+/** Mint a short-lived JWT for authenticating with the gateway. */
 function getBearerToken(): string {
-  const token = readHttpToken();
-  if (!token) {
-    throw new Error('No runtime HTTP bearer token available — is the daemon running?');
-  }
-  return token;
+  return mintDaemonDeliveryToken();
 }
 
 /** Check whether WhatsApp credentials are stored. */

package/src/notifications/adapters/sms.ts

@@ -13,9 +13,9 @@
  */
 
 import { getGatewayInternalBaseUrl } from '../../config/env.js';
+import { mintDaemonDeliveryToken } from '../../runtime/auth/token-service.js';
 import { deliverChannelReply } from '../../runtime/gateway-client.js';
 import { getLogger } from '../../util/logger.js';
-import { readHttpToken } from '../../util/platform.js';
 import { nonEmpty } from '../copy-composer.js';
 import type {
   ChannelAdapter,
@@ -59,7 +59,7 @@ export class SmsAdapter implements ChannelAdapter {
       await deliverChannelReply(
         deliverUrl,
         { chatId: phoneNumber, text: messageText, assistantId: payload.assistantId },
-        readHttpToken() ?? undefined,
+        mintDaemonDeliveryToken(),
       );
 
       log.info(

package/src/notifications/adapters/telegram.ts

@@ -8,9 +8,9 @@
  */
 
 import { getGatewayInternalBaseUrl } from '../../config/env.js';
+import { mintDaemonDeliveryToken } from '../../runtime/auth/token-service.js';
 import { deliverChannelReply } from '../../runtime/gateway-client.js';
 import { getLogger } from '../../util/logger.js';
-import { readHttpToken } from '../../util/platform.js';
 import { nonEmpty } from '../copy-composer.js';
 import { isThreadSeedSane } from '../thread-seed-composer.js';
 import type {
@@ -61,7 +61,7 @@ export class TelegramAdapter implements ChannelAdapter {
       await deliverChannelReply(
         deliverUrl,
         { chatId, text: messageText },
-        readHttpToken() ?? undefined,
+        mintDaemonDeliveryToken(),
       );
 
       log.info(

package/src/permissions/prompter.ts

@@ -56,6 +56,7 @@ export class PermissionPrompter {
     executionTarget?: ExecutionTarget,
     persistentDecisionsAllowed?: boolean,
     signal?: AbortSignal,
+    temporaryOptionsAvailable?: Array<'allow_10m' | 'allow_thread'>,
   ): Promise<{
     decision: UserDecision;
     selectedPattern?: string;
@@ -101,6 +102,7 @@ export class PermissionPrompter {
         sessionId,
         executionTarget,
         persistentDecisionsAllowed: persistentDecisionsAllowed ?? true,
+        temporaryOptionsAvailable,
       });
 
       this.onStateChanged?.(requestId, 'pending', 'system');

package/src/permissions/types.ts

@@ -16,7 +16,17 @@ export interface TrustRule {
   allowHighRisk?: boolean;
 }
 
-export type UserDecision = 'allow' | 'always_allow' | 'always_allow_high_risk' | 'deny' | 'always_deny';
+export type UserDecision = 'allow' | 'allow_10m' | 'allow_thread' | 'always_allow' | 'always_allow_high_risk' | 'deny' | 'always_deny' | 'temporary_override';
+
+/** Returns true for any allow-variant decision. Centralizes the check to prevent omissions when new allow variants are added. */
+export function isAllowDecision(decision: UserDecision): boolean {
+  return decision === 'allow'
+    || decision === 'allow_10m'
+    || decision === 'allow_thread'
+    || decision === 'always_allow'
+    || decision === 'always_allow_high_risk'
+    || decision === 'temporary_override';
+}
 
 export interface PermissionCheckResult {
   decision: 'allow' | 'deny' | 'prompt';

package/src/runtime/approval-conversation-turn.ts

@@ -21,6 +21,8 @@ import type {
 const VALID_DISPOSITIONS: ReadonlySet<ApprovalConversationDisposition> = new Set([
   'keep_pending',
   'approve_once',
+  'approve_10m',
+  'approve_thread',
   'approve_always',
   'reject',
 ]);
@@ -28,6 +30,8 @@ const VALID_DISPOSITIONS: ReadonlySet<ApprovalConversationDisposition> = new Set
 /** Dispositions that represent an actual decision (not just "keep waiting"). */
 const DECISION_BEARING_DISPOSITIONS: ReadonlySet<ApprovalConversationDisposition> = new Set([
   'approve_once',
+  'approve_10m',
+  'approve_thread',
   'approve_always',
   'reject',
 ]);

package/src/runtime/auth/__tests__/context.test.ts

@@ -0,0 +1,130 @@
+import { describe, expect, test } from 'bun:test';
+
+import { DAEMON_INTERNAL_ASSISTANT_ID } from '../../assistant-scope.js';
+import { buildAuthContext } from '../context.js';
+import type { TokenClaims } from '../types.js';
+
+function validClaims(overrides?: Partial<TokenClaims>): TokenClaims {
+  return {
+    iss: 'vellum-auth',
+    aud: 'vellum-daemon',
+    sub: 'actor:self:principal-abc',
+    scope_profile: 'actor_client_v1',
+    exp: Math.floor(Date.now() / 1000) + 300,
+    policy_epoch: 1,
+    iat: Math.floor(Date.now() / 1000),
+    jti: 'test-jti',
+    ...overrides,
+  };
+}
+
+describe('buildAuthContext', () => {
+  test('builds context from valid actor claims', () => {
+    const result = buildAuthContext(validClaims());
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.context.subject).toBe('actor:self:principal-abc');
+      expect(result.context.principalType).toBe('actor');
+      expect(result.context.assistantId).toBe('self');
+      expect(result.context.actorPrincipalId).toBe('principal-abc');
+      expect(result.context.sessionId).toBeUndefined();
+      expect(result.context.scopeProfile).toBe('actor_client_v1');
+      expect(result.context.policyEpoch).toBe(1);
+      expect(result.context.scopes.has('chat.read')).toBe(true);
+      expect(result.context.scopes.has('chat.write')).toBe(true);
+    }
+  });
+
+  test('builds context from valid svc:gateway claims', () => {
+    const result = buildAuthContext(validClaims({
+      sub: 'svc:gateway:self',
+      scope_profile: 'gateway_ingress_v1',
+    }));
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.context.principalType).toBe('svc_gateway');
+      expect(result.context.assistantId).toBe('self');
+      expect(result.context.scopes.has('ingress.write')).toBe(true);
+    }
+  });
+
+  test('builds context from valid ipc claims', () => {
+    const result = buildAuthContext(validClaims({
+      sub: 'ipc:self:session-123',
+      scope_profile: 'ipc_v1',
+    }));
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.context.principalType).toBe('ipc');
+      expect(result.context.assistantId).toBe('self');
+      expect(result.context.sessionId).toBe('session-123');
+      expect(result.context.scopes.has('ipc.all')).toBe(true);
+    }
+  });
+
+  test('daemon-audience token forces assistantId to DAEMON_INTERNAL_ASSISTANT_ID', () => {
+    // Token sub contains an external assistant ID, but audience is daemon
+    const result = buildAuthContext(validClaims({
+      aud: 'vellum-daemon',
+      sub: 'actor:external-assistant-xyz:principal-abc',
+    }));
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.context.assistantId).toBe(DAEMON_INTERNAL_ASSISTANT_ID);
+      expect(result.context.assistantId).toBe('self');
+      // Other fields should still reflect the parsed sub
+      expect(result.context.principalType).toBe('actor');
+      expect(result.context.actorPrincipalId).toBe('principal-abc');
+    }
+  });
+
+  test('gateway-audience token preserves assistantId from sub', () => {
+    const result = buildAuthContext(validClaims({
+      aud: 'vellum-gateway',
+      sub: 'actor:external-assistant-xyz:principal-abc',
+    }));
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.context.assistantId).toBe('external-assistant-xyz');
+      expect(result.context.principalType).toBe('actor');
+      expect(result.context.actorPrincipalId).toBe('principal-abc');
+    }
+  });
+
+  test('daemon-audience svc:gateway sub also forces assistantId to self', () => {
+    const result = buildAuthContext(validClaims({
+      aud: 'vellum-daemon',
+      sub: 'svc:gateway:external-id',
+      scope_profile: 'gateway_ingress_v1',
+    }));
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.context.assistantId).toBe(DAEMON_INTERNAL_ASSISTANT_ID);
+      expect(result.context.principalType).toBe('svc_gateway');
+    }
+  });
+
+  test('fails with invalid sub pattern', () => {
+    const result = buildAuthContext(validClaims({ sub: 'bad:format' }));
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.reason).toContain('unrecognized');
+    }
+  });
+
+  test('fails with empty sub', () => {
+    const result = buildAuthContext(validClaims({ sub: '' }));
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.reason).toContain('empty');
+    }
+  });
+
+  test('preserves policy epoch from claims', () => {
+    const result = buildAuthContext(validClaims({ policy_epoch: 42 }));
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.context.policyEpoch).toBe(42);
+    }
+  });
+});

package/src/runtime/auth/__tests__/credential-service.test.ts

@@ -0,0 +1,277 @@
+/**
+ * Tests for the JWT credential service — mint round-trip, rotation,
+ * replay detection, and device binding enforcement.
+ */
+import { createHash } from 'node:crypto';
+import { mkdtempSync, realpathSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+import { afterAll, beforeEach, describe, expect, mock, test } from 'bun:test';
+
+const testDir = realpathSync(mkdtempSync(join(tmpdir(), 'credential-service-test-')));
+
+mock.module('../../../util/platform.js', () => ({
+  getRootDir: () => testDir,
+  getDataDir: () => testDir,
+  getDbPath: () => join(testDir, 'test.db'),
+  normalizeAssistantId: (id: string) => id === 'self' ? 'self' : id,
+  readLockfile: () => ({ assistants: [{ assistantId: 'vellum-test-eel' }] }),
+  isMacOS: () => process.platform === 'darwin',
+  isLinux: () => process.platform === 'linux',
+  isWindows: () => process.platform === 'win32',
+  getSocketPath: () => join(testDir, 'test.sock'),
+  getPidPath: () => join(testDir, 'test.pid'),
+  getLogPath: () => join(testDir, 'test.log'),
+  ensureDataDir: () => {},
+}));
+
+mock.module('../../../util/logger.js', () => ({
+  getLogger: () => new Proxy({} as Record<string, unknown>, {
+    get: () => () => {},
+  }),
+}));
+
+import { getSqlite, initializeDb, resetDb } from '../../../memory/db.js';
+import { findActiveByTokenHash } from '../../actor-token-store.js';
+import { mintCredentialPair, rotateCredentials } from '../credential-service.js';
+import { resetExternalAssistantIdCache } from '../external-assistant-id.js';
+import { hashToken, initAuthSigningKey, verifyToken } from '../token-service.js';
+
+const TEST_KEY = Buffer.from('test-signing-key-32-bytes-long!!');
+
+initializeDb();
+
+beforeEach(() => {
+  initAuthSigningKey(TEST_KEY);
+  resetExternalAssistantIdCache();
+  resetDb();
+  initializeDb();
+  const db = getSqlite();
+  db.run('DELETE FROM actor_token_records');
+  db.run('DELETE FROM actor_refresh_token_records');
+});
+
+afterAll(() => {
+  try { rmSync(testDir, { recursive: true, force: true }); } catch {}
+});
+
+// ---------------------------------------------------------------------------
+// Mint credential pair
+// ---------------------------------------------------------------------------
+
+describe('mintCredentialPair', () => {
+  test('returns JWT access token and opaque refresh token', () => {
+    const result = mintCredentialPair({
+      assistantId: 'self',
+      platform: 'macos',
+      deviceId: 'device-123',
+      guardianPrincipalId: 'principal-abc',
+      hashedDeviceId: createHash('sha256').update('device-123').digest('hex'),
+    });
+
+    expect(result.accessToken).toBeTruthy();
+    expect(result.refreshToken).toBeTruthy();
+    expect(result.accessTokenExpiresAt).toBeGreaterThan(Date.now());
+    expect(result.refreshTokenExpiresAt).toBeGreaterThan(Date.now());
+    expect(result.refreshAfter).toBeGreaterThan(Date.now());
+    expect(result.guardianPrincipalId).toBe('principal-abc');
+  });
+
+  test('access token is a valid 3-part JWT', () => {
+    const result = mintCredentialPair({
+      assistantId: 'self',
+      platform: 'macos',
+      deviceId: 'device-jwt',
+      guardianPrincipalId: 'principal-jwt',
+      hashedDeviceId: createHash('sha256').update('device-jwt').digest('hex'),
+    });
+
+    const parts = result.accessToken.split('.');
+    expect(parts.length).toBe(3);
+  });
+
+  test('access token verifies against vellum-gateway audience', () => {
+    const result = mintCredentialPair({
+      assistantId: 'self',
+      platform: 'macos',
+      deviceId: 'device-verify',
+      guardianPrincipalId: 'principal-verify',
+      hashedDeviceId: createHash('sha256').update('device-verify').digest('hex'),
+    });
+
+    const verify = verifyToken(result.accessToken, 'vellum-gateway');
+    expect(verify.ok).toBe(true);
+    if (verify.ok) {
+      expect(verify.claims.aud).toBe('vellum-gateway');
+      expect(verify.claims.scope_profile).toBe('actor_client_v1');
+      // Sub should contain the external assistant ID from lockfile
+      expect(verify.claims.sub).toBe('actor:vellum-test-eel:principal-verify');
+    }
+  });
+
+  test('access token hash is stored in actor-token store', () => {
+    const result = mintCredentialPair({
+      assistantId: 'self',
+      platform: 'macos',
+      deviceId: 'device-store',
+      guardianPrincipalId: 'principal-store',
+      hashedDeviceId: createHash('sha256').update('device-store').digest('hex'),
+    });
+
+    const tokenHash = hashToken(result.accessToken);
+    const record = findActiveByTokenHash(tokenHash);
+    expect(record).not.toBeNull();
+    expect(record!.platform).toBe('macos');
+    expect(record!.guardianPrincipalId).toBe('principal-store');
+  });
+
+  test('minting twice for same device revokes previous tokens', () => {
+    const hashedDeviceId = createHash('sha256').update('device-dup').digest('hex');
+    const params = {
+      assistantId: 'self',
+      platform: 'macos' as const,
+      deviceId: 'device-dup',
+      guardianPrincipalId: 'principal-dup',
+      hashedDeviceId,
+    };
+
+    const first = mintCredentialPair(params);
+    const second = mintCredentialPair(params);
+
+    expect(first.accessToken).not.toBe(second.accessToken);
+    expect(first.refreshToken).not.toBe(second.refreshToken);
+
+    // First token should be revoked
+    const firstTokenHash = hashToken(first.accessToken);
+    const firstRecord = findActiveByTokenHash(firstTokenHash);
+    expect(firstRecord).toBeNull();
+
+    // Second should be active
+    const secondTokenHash = hashToken(second.accessToken);
+    const secondRecord = findActiveByTokenHash(secondTokenHash);
+    expect(secondRecord).not.toBeNull();
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Rotate credentials
+// ---------------------------------------------------------------------------
+
+describe('rotateCredentials', () => {
+  test('successful rotation returns new JWT access token', () => {
+    const hashedDeviceId = createHash('sha256').update('device-rot').digest('hex');
+    const initial = mintCredentialPair({
+      assistantId: 'self',
+      platform: 'ios',
+      deviceId: 'device-rot',
+      guardianPrincipalId: 'principal-rot',
+      hashedDeviceId,
+    });
+
+    const result = rotateCredentials({
+      refreshToken: initial.refreshToken,
+      platform: 'ios',
+      deviceId: 'device-rot',
+    });
+
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.result.accessToken).toBeTruthy();
+      expect(result.result.accessToken).not.toBe(initial.accessToken);
+      expect(result.result.refreshToken).not.toBe(initial.refreshToken);
+
+      // New access token is a valid JWT
+      const verify = verifyToken(result.result.accessToken, 'vellum-gateway');
+      expect(verify.ok).toBe(true);
+    }
+  });
+
+  test('replay detection: reusing rotated refresh token revokes family', () => {
+    const hashedDeviceId = createHash('sha256').update('device-replay').digest('hex');
+    const initial = mintCredentialPair({
+      assistantId: 'self',
+      platform: 'ios',
+      deviceId: 'device-replay',
+      guardianPrincipalId: 'principal-replay',
+      hashedDeviceId,
+    });
+
+    // First rotation succeeds
+    const first = rotateCredentials({
+      refreshToken: initial.refreshToken,
+      platform: 'ios',
+      deviceId: 'device-replay',
+    });
+    expect(first.ok).toBe(true);
+
+    // Reusing the initial (now rotated) refresh token triggers replay detection
+    const replay = rotateCredentials({
+      refreshToken: initial.refreshToken,
+      platform: 'ios',
+      deviceId: 'device-replay',
+    });
+    expect(replay.ok).toBe(false);
+    if (!replay.ok) {
+      expect(replay.error).toBe('refresh_reuse_detected');
+    }
+  });
+
+  test('invalid refresh token returns refresh_invalid', () => {
+    const result = rotateCredentials({
+      refreshToken: 'not-a-real-token',
+      platform: 'ios',
+      deviceId: 'device-bad',
+    });
+
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBe('refresh_invalid');
+    }
+  });
+
+  test('device binding mismatch returns device_binding_mismatch', () => {
+    const hashedDeviceId = createHash('sha256').update('device-bind').digest('hex');
+    const initial = mintCredentialPair({
+      assistantId: 'self',
+      platform: 'ios',
+      deviceId: 'device-bind',
+      guardianPrincipalId: 'principal-bind',
+      hashedDeviceId,
+    });
+
+    // Try to rotate with a different device ID
+    const result = rotateCredentials({
+      refreshToken: initial.refreshToken,
+      platform: 'ios',
+      deviceId: 'different-device',
+    });
+
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBe('device_binding_mismatch');
+    }
+  });
+
+  test('platform mismatch returns device_binding_mismatch', () => {
+    const hashedDeviceId = createHash('sha256').update('device-plat').digest('hex');
+    const initial = mintCredentialPair({
+      assistantId: 'self',
+      platform: 'ios',
+      deviceId: 'device-plat',
+      guardianPrincipalId: 'principal-plat',
+      hashedDeviceId,
+    });
+
+    const result = rotateCredentials({
+      refreshToken: initial.refreshToken,
+      platform: 'macos',
+      deviceId: 'device-plat',
+    });
+
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBe('device_binding_mismatch');
+    }
+  });
+});