@vellumai/assistant 0.4.23 → 0.4.26

package/src/runtime/auth/middleware.ts

@@ -1,8 +1,18 @@
 /**
  * JWT bearer auth middleware for the runtime HTTP server.
  *
- * Extracts `Authorization: Bearer <token>`, verifies the JWT with
- * `aud=vellum-daemon`, and builds an AuthContext from the claims.
+ * Extracts `Authorization: Bearer <token>`, verifies the JWT, and
+ * builds an AuthContext from the claims.
+ *
+ * Accepts two JWT audiences:
+ *   - `vellum-daemon` — primary audience, used by the gateway's runtime
+ *     proxy after token exchange and by daemon-minted delivery tokens.
+ *   - `vellum-gateway` — fallback audience, used by direct local clients
+ *     (e.g., the macOS app's SettingsStore) that hold a guardian-issued
+ *     JWT but call daemon endpoints directly without routing through the
+ *     gateway's runtime proxy. Both daemon and gateway share the same
+ *     HMAC signing key (~/.vellum/protected/actor-token-signing-key),
+ *     so the signature is valid regardless of audience.
  *
  * Replaces both the legacy bearer shared-secret check and the
  * actor-token HMAC middleware with a single JWT verification path.
@@ -12,16 +22,16 @@
  * so downstream code always has a typed context to consume.
  */
 
-import { isHttpAuthDisabled } from '../../config/env.js';
-import { getLogger } from '../../util/logger.js';
-import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
-import { extractBearerToken } from '../middleware/auth.js';
-import { buildAuthContext } from './context.js';
-import { resolveScopeProfile } from './scopes.js';
-import { verifyToken } from './token-service.js';
-import type { AuthContext } from './types.js';
+import { isHttpAuthDisabled } from "../../config/env.js";
+import { getLogger } from "../../util/logger.js";
+import { DAEMON_INTERNAL_ASSISTANT_ID } from "../assistant-scope.js";
+import { extractBearerToken } from "../middleware/auth.js";
+import { buildAuthContext } from "./context.js";
+import { resolveScopeProfile } from "./scopes.js";
+import { verifyToken } from "./token-service.js";
+import type { AuthContext } from "./types.js";
 
-const log = getLogger('auth-middleware');
+const log = getLogger("auth-middleware");
 
 // ---------------------------------------------------------------------------
 // Result type
@@ -43,11 +53,11 @@ export type AuthenticateResult =
 function buildDevBypassContext(): AuthContext {
   return {
     subject: `actor:${DAEMON_INTERNAL_ASSISTANT_ID}:dev-bypass`,
-    principalType: 'actor',
+    principalType: "actor",
     assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
-    actorPrincipalId: 'dev-bypass',
-    scopeProfile: 'actor_client_v1',
-    scopes: resolveScopeProfile('actor_client_v1'),
+    actorPrincipalId: "dev-bypass",
+    scopeProfile: "actor_client_v1",
+    scopes: resolveScopeProfile("actor_client_v1"),
     policyEpoch: Number.MAX_SAFE_INTEGER,
   };
 }
@@ -72,36 +82,82 @@ export function authenticateRequest(req: Request): AuthenticateResult {
 
   const rawToken = extractBearerToken(req);
   if (!rawToken) {
-    log.warn({ reason: 'missing_token', path }, 'Auth denied: missing Authorization header');
+    log.warn(
+      { reason: "missing_token", path },
+      "Auth denied: missing Authorization header",
+    );
     return {
       ok: false,
       response: Response.json(
-        { error: { code: 'UNAUTHORIZED', message: 'Missing Authorization header' } },
+        {
+          error: {
+            code: "UNAUTHORIZED",
+            message: "Missing Authorization header",
+          },
+        },
         { status: 401 },
       ),
     };
   }
 
-  // Verify the JWT with audience = vellum-daemon
-  const verifyResult = verifyToken(rawToken, 'vellum-daemon');
+  // Verify the JWT — prefer vellum-daemon audience (gateway-proxied requests
+  // and daemon-minted tokens), but also accept vellum-gateway audience for
+  // direct local clients (macOS SettingsStore) that hold a guardian-issued JWT
+  // and call daemon endpoints without routing through the gateway runtime proxy.
+  let verifyResult = verifyToken(rawToken, "vellum-daemon");
+  if (
+    !verifyResult.ok &&
+    verifyResult.reason?.startsWith("audience_mismatch")
+  ) {
+    verifyResult = verifyToken(rawToken, "vellum-gateway");
+    // Normalize gateway-audience claims to daemon context so that
+    // buildAuthContext applies the same assistantId normalization
+    // (aud=vellum-daemon → assistantId='self') that gateway-exchanged
+    // tokens receive. Without this rewrite, the external assistant ID
+    // from the guardian-issued JWT would leak into daemon-internal
+    // scoping (storage keys, routing), violating the invariant
+    // documented in context.ts:30-33.
+    if (verifyResult.ok) {
+      verifyResult = {
+        ok: true,
+        claims: { ...verifyResult.claims, aud: "vellum-daemon" },
+      };
+    }
+  }
   if (!verifyResult.ok) {
     // Stale policy epoch gets a specific error code so clients can refresh
-    if (verifyResult.reason === 'stale_policy_epoch') {
-      log.warn({ reason: 'stale_policy_epoch', path }, 'Auth denied: stale policy epoch');
+    if (verifyResult.reason === "stale_policy_epoch") {
+      log.warn(
+        { reason: "stale_policy_epoch", path },
+        "Auth denied: stale policy epoch",
+      );
       return {
         ok: false,
         response: Response.json(
-          { error: { code: 'refresh_required', message: 'Token policy epoch is stale; refresh required' } },
+          {
+            error: {
+              code: "refresh_required",
+              message: "Token policy epoch is stale; refresh required",
+            },
+          },
           { status: 401 },
         ),
       };
     }
 
-    log.warn({ reason: verifyResult.reason, path }, 'Auth denied: JWT verification failed');
+    log.warn(
+      { reason: verifyResult.reason, path },
+      "Auth denied: JWT verification failed",
+    );
     return {
       ok: false,
       response: Response.json(
-        { error: { code: 'UNAUTHORIZED', message: `Invalid token: ${verifyResult.reason}` } },
+        {
+          error: {
+            code: "UNAUTHORIZED",
+            message: `Invalid token: ${verifyResult.reason}`,
+          },
+        },
         { status: 401 },
       ),
     };
@@ -112,12 +168,17 @@ export function authenticateRequest(req: Request): AuthenticateResult {
   if (!contextResult.ok) {
     log.warn(
       { reason: contextResult.reason, path, sub: verifyResult.claims.sub },
-      'Auth denied: invalid JWT claims',
+      "Auth denied: invalid JWT claims",
     );
     return {
       ok: false,
       response: Response.json(
-        { error: { code: 'UNAUTHORIZED', message: `Invalid token claims: ${contextResult.reason}` } },
+        {
+          error: {
+            code: "UNAUTHORIZED",
+            message: `Invalid token claims: ${contextResult.reason}`,
+          },
+        },
         { status: 401 },
       ),
     };

package/src/runtime/routes/events-routes.ts

@@ -116,6 +116,13 @@ export function handleSubscribeAssistantEvents(
         return;
       }
 
+      // Immediately enqueue a heartbeat comment so the HTTP status line and
+      // headers are flushed to the client without waiting for a real event.
+      // Without this, Bun may buffer the headers until the first data chunk
+      // arrives, causing clients (e.g. Python `requests`) to hang until the
+      // periodic heartbeat fires or an event is published.
+      controller.enqueue(encoder.encode(formatSseHeartbeat()));
+
       // Send a keep-alive comment on each interval to prevent proxies and
       // load-balancers from treating idle connections as timed out.
       heartbeatTimer = setInterval(() => {

package/src/runtime/routes/inbound-message-handler.ts

@@ -9,6 +9,7 @@
 import type { ChannelId, InterfaceId } from '../../channels/types.js';
 import { CHANNEL_IDS, INTERFACE_IDS, isChannelId, parseInterfaceId } from '../../channels/types.js';
 import { getGatewayInternalBaseUrl } from '../../config/env.js';
+import { resolveUserReference } from '../../config/user-reference.js';
 import { RESEND_COOLDOWN_MS } from '../../daemon/handlers/config-channels.js';
 import * as attachmentsStore from '../../memory/attachments-store.js';
 import {
@@ -1577,10 +1578,8 @@ function startTrustedContactApprovalNotifier(params: {
           const guardianName = resolveGuardianDisplayName(
             assistantId ?? DAEMON_INTERNAL_ASSISTANT_ID,
             sourceChannel,
-          );
-          const waitingText = guardianName
-            ? `Waiting for ${guardianName}'s approval...`
-            : 'Waiting for your guardian\'s approval...';
+          ) ?? resolveUserReference();
+          const waitingText = `Waiting for ${guardianName}'s approval...`;
           try {
             await deliverChannelReply(replyCallbackUrl, {
               chatId: externalChatId,

package/src/schedule/scheduler.ts

@@ -1,18 +1,31 @@
-import { createConversation } from '../memory/conversation-store.js';
-import { GENERATING_TITLE, queueGenerateConversationTitle } from '../memory/conversation-title-service.js';
-import { invalidateAssistantInferredItemsForConversation } from '../memory/task-memory-cleanup.js';
-import { runSequencesOnce } from '../sequence/engine.js';
-import { claimDueReminders, completeReminder, failReminder, type RoutingIntent,setReminderConversationId } from '../tools/reminder/reminder-store.js';
-import { getLogger } from '../util/logger.js';
-import { runWatchersOnce, type WatcherEscalator,type WatcherNotifier } from '../watcher/engine.js';
-import { hasSetConstructs } from './recurrence-engine.js';
+import { createConversation } from "../memory/conversation-store.js";
+import {
+  GENERATING_TITLE,
+  queueGenerateConversationTitle,
+} from "../memory/conversation-title-service.js";
+import { invalidateAssistantInferredItemsForConversation } from "../memory/task-memory-cleanup.js";
+import { runSequencesOnce } from "../sequence/engine.js";
+import {
+  claimDueReminders,
+  completeReminder,
+  failReminder,
+  type RoutingIntent,
+  setReminderConversationId,
+} from "../tools/reminder/reminder-store.js";
+import { getLogger } from "../util/logger.js";
+import {
+  runWatchersOnce,
+  type WatcherEscalator,
+  type WatcherNotifier,
+} from "../watcher/engine.js";
+import { hasSetConstructs } from "./recurrence-engine.js";
 import {
   claimDueSchedules,
   completeScheduleRun,
   createScheduleRun,
-} from './schedule-store.js';
+} from "./schedule-store.js";
 
-const log = getLogger('scheduler');
+const log = getLogger("scheduler");
 
 export type ScheduleMessageProcessor = (
   conversationId: string,
@@ -50,21 +63,35 @@ export function startScheduler(
     if (stopped || tickRunning) return;
     tickRunning = true;
     try {
-      await runScheduleOnce(processMessage, notifyReminder, notifySchedule, watcherNotifier, watcherEscalator);
+      await runScheduleOnce(
+        processMessage,
+        notifyReminder,
+        notifySchedule,
+        watcherNotifier,
+        watcherEscalator,
+      );
     } catch (err) {
-      log.error({ err }, 'Schedule tick failed');
+      log.error({ err }, "Schedule tick failed");
     } finally {
       tickRunning = false;
     }
   };
 
-  const timer = setInterval(() => { void tick(); }, TICK_INTERVAL_MS);
+  const timer = setInterval(() => {
+    void tick();
+  }, TICK_INTERVAL_MS);
   timer.unref();
   void tick();
 
   return {
     async runOnce(): Promise<number> {
-      return runScheduleOnce(processMessage, notifyReminder, notifySchedule, watcherNotifier, watcherEscalator);
+      return runScheduleOnce(
+        processMessage,
+        notifyReminder,
+        notifySchedule,
+        watcherNotifier,
+        watcherEscalator,
+      );
     },
     stop(): void {
       stopped = true;
@@ -90,62 +117,123 @@ async function runScheduleOnce(
     const taskMatch = job.message.match(/^run_task:(\S+)$/);
     if (taskMatch) {
       const taskId = taskMatch[1];
-      const isRruleSet = job.syntax === 'rrule' && hasSetConstructs(job.expression);
+      const isRruleSet =
+        job.syntax === "rrule" && hasSetConstructs(job.expression);
       try {
-        log.info({ jobId: job.id, name: job.name, taskId, syntax: job.syntax, expression: job.expression, isRruleSet }, 'Executing scheduled task');
-        const { runTask } = await import('../tasks/task-runner.js');
+        log.info(
+          {
+            jobId: job.id,
+            name: job.name,
+            taskId,
+            syntax: job.syntax,
+            expression: job.expression,
+            isRruleSet,
+          },
+          "Executing scheduled task",
+        );
+        const { runTask } = await import("../tasks/task-runner.js");
         const result = await runTask(
-          { taskId, workingDir: process.cwd(), source: 'schedule' },
-          processMessage as (conversationId: string, message: string, taskRunId: string) => Promise<void>,
+          { taskId, workingDir: process.cwd(), source: "schedule" },
+          processMessage as (
+            conversationId: string,
+            message: string,
+            taskRunId: string,
+          ) => Promise<void>,
         );
 
         // Track the schedule run using the task's conversation
         const runId = createScheduleRun(job.id, result.conversationId);
-        if (result.status === 'failed') {
-          completeScheduleRun(runId, { status: 'error', error: result.error ?? 'Task run failed' });
+        if (result.status === "failed") {
+          completeScheduleRun(runId, {
+            status: "error",
+            error: result.error ?? "Task run failed",
+          });
         } else {
-          completeScheduleRun(runId, { status: 'ok' });
+          completeScheduleRun(runId, { status: "ok" });
           notifySchedule({ id: job.id, name: job.name });
         }
         processed += 1;
       } catch (err) {
         const message = err instanceof Error ? err.message : String(err);
-        log.warn({ err, jobId: job.id, name: job.name, taskId, syntax: job.syntax, expression: job.expression, isRruleSet }, 'Scheduled task execution failed');
+        log.warn(
+          {
+            err,
+            jobId: job.id,
+            name: job.name,
+            taskId,
+            syntax: job.syntax,
+            expression: job.expression,
+            isRruleSet,
+          },
+          "Scheduled task execution failed",
+        );
         // Create a fallback conversation for the schedule run record
-        const fallbackConversation = createConversation({ title: GENERATING_TITLE, source: 'schedule' });
+        const fallbackConversation = createConversation({
+          title: GENERATING_TITLE,
+          source: "schedule",
+          scheduleJobId: job.id,
+        });
         queueGenerateConversationTitle({
           conversationId: fallbackConversation.id,
-          context: { origin: 'schedule', systemHint: `Schedule: ${job.name}` },
+          context: { origin: "schedule", systemHint: `Schedule: ${job.name}` },
         });
         const runId = createScheduleRun(job.id, fallbackConversation.id);
-        completeScheduleRun(runId, { status: 'error', error: message });
+        completeScheduleRun(runId, { status: "error", error: message });
       }
       continue;
     }
 
-    const conversation = createConversation({ title: GENERATING_TITLE, source: 'schedule' });
+    const conversation = createConversation({
+      title: GENERATING_TITLE,
+      source: "schedule",
+      scheduleJobId: job.id,
+    });
     queueGenerateConversationTitle({
       conversationId: conversation.id,
-      context: { origin: 'schedule', systemHint: `Schedule: ${job.name}` },
+      context: { origin: "schedule", systemHint: `Schedule: ${job.name}` },
     });
     const runId = createScheduleRun(job.id, conversation.id);
-    const isRruleSetMsg = job.syntax === 'rrule' && hasSetConstructs(job.expression);
+    const isRruleSetMsg =
+      job.syntax === "rrule" && hasSetConstructs(job.expression);
 
     try {
-      log.info({ jobId: job.id, name: job.name, syntax: job.syntax, expression: job.expression, isRruleSet: isRruleSetMsg, conversationId: conversation.id }, 'Executing schedule');
+      log.info(
+        {
+          jobId: job.id,
+          name: job.name,
+          syntax: job.syntax,
+          expression: job.expression,
+          isRruleSet: isRruleSetMsg,
+          conversationId: conversation.id,
+        },
+        "Executing schedule",
+      );
       await processMessage(conversation.id, job.message);
-      completeScheduleRun(runId, { status: 'ok' });
+      completeScheduleRun(runId, { status: "ok" });
       notifySchedule({ id: job.id, name: job.name });
       processed += 1;
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
-      log.warn({ err, jobId: job.id, name: job.name, syntax: job.syntax, expression: job.expression, isRruleSet: isRruleSetMsg }, 'Schedule execution failed');
-      completeScheduleRun(runId, { status: 'error', error: message });
+      log.warn(
+        {
+          err,
+          jobId: job.id,
+          name: job.name,
+          syntax: job.syntax,
+          expression: job.expression,
+          isRruleSet: isRruleSetMsg,
+        },
+        "Schedule execution failed",
+      );
+      completeScheduleRun(runId, { status: "error", error: message });
 
       try {
         invalidateAssistantInferredItemsForConversation(conversation.id);
       } catch (cleanupErr) {
-        log.warn({ err: cleanupErr, conversationId: conversation.id }, 'Failed to invalidate assistant-inferred memory items');
+        log.warn(
+          { err: cleanupErr, conversationId: conversation.id },
+          "Failed to invalidate assistant-inferred memory items",
+        );
       }
     }
   }
@@ -153,24 +241,43 @@ async function runScheduleOnce(
   // ── One-shot reminders ──────────────────────────────────────────────
   const dueReminders = claimDueReminders(now);
   for (const reminder of dueReminders) {
-    if (reminder.mode === 'execute') {
-      const conversation = createConversation({ title: GENERATING_TITLE, source: 'reminder' });
+    if (reminder.mode === "execute") {
+      const conversation = createConversation({
+        title: GENERATING_TITLE,
+        source: "reminder",
+      });
       queueGenerateConversationTitle({
         conversationId: conversation.id,
-        context: { origin: 'reminder', systemHint: `Reminder: ${reminder.label}` },
+        context: {
+          origin: "reminder",
+          systemHint: `Reminder: ${reminder.label}`,
+        },
       });
       setReminderConversationId(reminder.id, conversation.id);
       try {
-        log.info({ reminderId: reminder.id, label: reminder.label, conversationId: conversation.id }, 'Executing reminder');
+        log.info(
+          {
+            reminderId: reminder.id,
+            label: reminder.label,
+            conversationId: conversation.id,
+          },
+          "Executing reminder",
+        );
         await processMessage(conversation.id, reminder.message);
         completeReminder(reminder.id);
       } catch (err) {
-        log.warn({ err, reminderId: reminder.id }, 'Reminder execution failed, reverting to pending');
+        log.warn(
+          { err, reminderId: reminder.id },
+          "Reminder execution failed, reverting to pending",
+        );
         failReminder(reminder.id);
       }
     } else {
       try {
-        log.info({ reminderId: reminder.id, label: reminder.label }, 'Firing reminder notification');
+        log.info(
+          { reminderId: reminder.id, label: reminder.label },
+          "Firing reminder notification",
+        );
         notifyReminder({
           id: reminder.id,
           label: reminder.label,
@@ -180,7 +287,10 @@ async function runScheduleOnce(
         });
         completeReminder(reminder.id);
       } catch (err) {
-        log.warn({ err, reminderId: reminder.id }, 'Reminder notification failed, reverting to pending');
+        log.warn(
+          { err, reminderId: reminder.id },
+          "Reminder notification failed, reverting to pending",
+        );
         failReminder(reminder.id);
       }
     }
@@ -190,10 +300,14 @@ async function runScheduleOnce(
   // ── Watchers (event-driven polling) ────────────────────────────────
   if (watcherNotifier && watcherEscalator) {
     try {
-      const watcherProcessed = await runWatchersOnce(processMessage, watcherNotifier, watcherEscalator);
+      const watcherProcessed = await runWatchersOnce(
+        processMessage,
+        watcherNotifier,
+        watcherEscalator,
+      );
       processed += watcherProcessed;
     } catch (err) {
-      log.error({ err }, 'Watcher tick failed');
+      log.error({ err }, "Watcher tick failed");
     }
   }
 
@@ -202,11 +316,11 @@ async function runScheduleOnce(
     const sequenceProcessed = await runSequencesOnce(processMessage);
     processed += sequenceProcessed;
   } catch (err) {
-    log.error({ err }, 'Sequence engine tick failed');
+    log.error({ err }, "Sequence engine tick failed");
   }
 
   if (processed > 0) {
-    log.info({ processed }, 'Schedule tick complete');
+    log.info({ processed }, "Schedule tick complete");
   }
   return processed;
 }

package/src/security/secure-keys.ts

@@ -161,7 +161,7 @@ export function setSecureKey(account: string, value: string): boolean {
     try {
       // Only attempt deletion if the key actually exists in keychain to
       // avoid spawning a subprocess on every write.
-      if (keychain.getKey(account) !== undefined) {
+      if (keychain.getKey(account) != null) {
         keychain.deleteKey(account);
       }
     } catch { /* best-effort */ }
@@ -301,7 +301,7 @@ export async function setSecureKeyAsync(
         // Only attempt deletion if the key actually exists in keychain to
         // avoid spawning a subprocess on every write.
         const exists = await keychain.getKeyAsync(account);
-        if (exists !== undefined) {
+        if (exists != null) {
           await keychain.deleteKeyAsync(account);
         }
       } catch { /* best-effort */ }
@@ -323,7 +323,7 @@ export async function setSecureKeyAsync(
       keychainMissCache.delete(account);
       try {
         const exists = await keychain.getKeyAsync(account);
-        if (exists !== undefined) {
+        if (exists != null) {
           await keychain.deleteKeyAsync(account);
         }
       } catch { /* best-effort */ }