@vellumai/assistant 0.4.3 → 0.4.4

package/src/runtime/routes/approval-routes.ts

@@ -3,20 +3,77 @@
  *
  * These endpoints resolve pending confirmations, secrets, and trust rules
  * by requestId — orthogonal to message sending.
+ *
+ * All approval endpoints require a valid actor token via the X-Actor-Token
+ * header (with local CLI fallback). Guardian decisions additionally verify
+ * that the actor is the bound guardian.
  */
 import { getConversationByKey } from '../../memory/conversation-key-store.js';
 import { addRule } from '../../permissions/trust-store.js';
 import { getTool } from '../../tools/registry.js';
 import { getLogger } from '../../util/logger.js';
 import { httpError } from '../http-errors.js';
+import {
+  isActorBoundGuardian,
+  isLocalFallbackBoundGuardian,
+  type ServerWithRequestIP,
+  verifyHttpActorTokenWithLocalFallback,
+} from '../middleware/actor-token.js';
 import * as pendingInteractions from '../pending-interactions.js';
 
 const log = getLogger('approval-routes');
 
+/**
+ * Verify the actor token from the request with local fallback.
+ * Returns an error Response if verification fails, or null if
+ * the actor is authenticated (via actor token or local identity).
+ */
+function requireActorToken(req: Request, server: ServerWithRequestIP): Response | null {
+  const result = verifyHttpActorTokenWithLocalFallback(req, server);
+  if (!result.ok) {
+    return httpError(
+      result.status === 401 ? 'UNAUTHORIZED' : 'FORBIDDEN',
+      result.message,
+      result.status,
+    );
+  }
+  return null;
+}
+
+/**
+ * Verify the actor token and confirm the actor is the bound guardian.
+ * When no actor token is present (bearer-authenticated local client),
+ * falls back to local IPC identity resolution and checks the local
+ * identity is the bound guardian.
+ */
+function requireBoundGuardian(req: Request, server: ServerWithRequestIP): Response | null {
+  const result = verifyHttpActorTokenWithLocalFallback(req, server);
+  if (!result.ok) {
+    return httpError(
+      result.status === 401 ? 'UNAUTHORIZED' : 'FORBIDDEN',
+      result.message,
+      result.status,
+    );
+  }
+  // For actor-token-authenticated requests, check the token's identity.
+  // For local fallback (bearer-auth only), check the local identity.
+  const isBoundGuardian = result.claims
+    ? isActorBoundGuardian(result.claims)
+    : isLocalFallbackBoundGuardian();
+  if (!isBoundGuardian) {
+    return httpError('FORBIDDEN', 'Actor is not the bound guardian for this channel', 403);
+  }
+  return null;
+}
+
 /**
  * POST /v1/confirm — resolve a pending confirmation by requestId.
+ * Requires a valid actor token (guardian-bound).
  */
-export async function handleConfirm(req: Request): Promise<Response> {
+export async function handleConfirm(req: Request, server: ServerWithRequestIP): Promise<Response> {
+  const authError = requireBoundGuardian(req, server);
+  if (authError) return authError;
+
   const body = await req.json() as {
     requestId?: string;
     decision?: string;
@@ -37,14 +94,20 @@ export async function handleConfirm(req: Request): Promise<Response> {
     return httpError('NOT_FOUND', 'No pending interaction found for this requestId', 404);
   }
 
-  interaction.session.handleConfirmationResponse(requestId, decision);
+  interaction.session.handleConfirmationResponse(requestId, decision, undefined, undefined, undefined, {
+    source: 'button',
+  });
   return Response.json({ accepted: true });
 }
 
 /**
  * POST /v1/secret — resolve a pending secret request by requestId.
+ * Requires a valid actor token (guardian-bound).
  */
-export async function handleSecret(req: Request): Promise<Response> {
+export async function handleSecret(req: Request, server: ServerWithRequestIP): Promise<Response> {
+  const authError = requireBoundGuardian(req, server);
+  if (authError) return authError;
+
   const body = await req.json() as {
     requestId?: string;
     value?: string;
@@ -76,13 +139,17 @@ export async function handleSecret(req: Request): Promise<Response> {
 
 /**
  * POST /v1/trust-rules — add a trust rule for a pending confirmation.
+ * Requires a valid actor token (guardian-bound).
  *
  * Does NOT resolve the confirmation itself (the client still needs to
  * POST /v1/confirm to approve/deny). Validates the pattern and scope
  * against the server-provided allowlist options from the original
  * confirmation_request.
  */
-export async function handleTrustRule(req: Request): Promise<Response> {
+export async function handleTrustRule(req: Request, server: ServerWithRequestIP): Promise<Response> {
+  const authError = requireBoundGuardian(req, server);
+  if (authError) return authError;
+
   const body = await req.json() as {
     requestId?: string;
     pattern?: string;
@@ -130,9 +197,14 @@ export async function handleTrustRule(req: Request): Promise<Response> {
     return httpError('FORBIDDEN', 'pattern does not match any server-provided allowlist option', 403);
   }
 
-  // Validate scope against server-provided scope options
+  // Validate scope against server-provided scope options.
+  // Non-scoped tools have empty scopeOptions — only "everywhere" is valid for them.
   const validScopes = (confirmation.scopeOptions ?? []).map((o) => o.scope);
-  if (!validScopes.includes(scope)) {
+  if (validScopes.length === 0) {
+    if (scope !== 'everywhere') {
+      return httpError('FORBIDDEN', 'non-scoped tools only accept scope "everywhere"', 403);
+    }
+  } else if (!validScopes.includes(scope)) {
     return httpError('FORBIDDEN', 'scope does not match any server-provided scope option', 403);
   }
 
@@ -155,12 +227,15 @@ export async function handleTrustRule(req: Request): Promise<Response> {
 
 /**
  * GET /v1/pending-interactions?conversationKey=...
+ * Requires a valid actor token.
  *
  * Returns pending confirmations and secrets for a conversation, allowing
  * polling-based clients (like the CLI) to discover approval requests
  * without SSE.
  */
-export function handleListPendingInteractions(url: URL): Response {
+export function handleListPendingInteractions(url: URL, req: Request, server: ServerWithRequestIP): Response {
+  const authError = requireActorToken(req, server);
+  if (authError) return authError;
   const conversationKey = url.searchParams.get('conversationKey');
   const conversationId = url.searchParams.get('conversationId');
 

package/src/runtime/routes/brain-graph-routes.ts

@@ -0,0 +1,222 @@
+/**
+ * Route handlers for the brain graph visualization endpoint.
+ *
+ * Queries the memory database to return a knowledge graph shaped for brain-lobe
+ * visualization, with entities mapped to brain regions based on their type.
+ */
+
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+
+import { count } from 'drizzle-orm';
+
+import { getDb } from '../../memory/db.js';
+import { memoryEntities, memoryEntityRelations, memoryItems } from '../../memory/schema.js';
+import { resolveBundledDir } from '../../util/bundled-asset.js';
+
+function getLobeRegion(entityType: string): string {
+  switch (entityType) {
+    case 'person':
+    case 'organization':
+      return 'right-social';
+    case 'project':
+    case 'company':
+      return 'left-planning';
+    case 'tool':
+      return 'left-technical';
+    case 'concept':
+      return 'right-creative';
+    case 'location':
+      return 'right-spatial';
+    default:
+      return 'center';
+  }
+}
+
+function getEntityColor(entityType: string): string {
+  switch (entityType) {
+    case 'person':
+      return '#22c55e';
+    case 'project':
+      return '#f97316';
+    case 'tool':
+      return '#06b6d4';
+    case 'company':
+      return '#a855f7';
+    case 'organization':
+      return '#a855f7';
+    case 'concept':
+      return '#eab308';
+    case 'location':
+      return '#14b8a6';
+    default:
+      return '#94a3b8';
+  }
+}
+
+function getMemoryKindColor(kind: string): string {
+  switch (kind) {
+    case 'profile':
+      return '#8b5cf6';
+    case 'preference':
+      return '#3b82f6';
+    case 'constraint':
+      return '#ef4444';
+    case 'instruction':
+      return '#f59e0b';
+    case 'style':
+      return '#ec4899';
+    default:
+      return '#94a3b8';
+  }
+}
+
+export function handleGetBrainGraph(): Response {
+  try {
+    const db = getDb();
+
+    const entityRows = db
+      .select({
+        id: memoryEntities.id,
+        name: memoryEntities.name,
+        type: memoryEntities.type,
+        mentionCount: memoryEntities.mentionCount,
+        firstSeenAt: memoryEntities.firstSeenAt,
+        lastSeenAt: memoryEntities.lastSeenAt,
+      })
+      .from(memoryEntities)
+      .all();
+
+    const relationRows = db
+      .select({
+        sourceEntityId: memoryEntityRelations.sourceEntityId,
+        targetEntityId: memoryEntityRelations.targetEntityId,
+        relation: memoryEntityRelations.relation,
+      })
+      .from(memoryEntityRelations)
+      .all();
+
+    const kindCountRows = db
+      .select({
+        kind: memoryItems.kind,
+        count: count(),
+      })
+      .from(memoryItems)
+      .groupBy(memoryItems.kind)
+      .all();
+
+    const entities = entityRows.map((entity) => ({
+      id: entity.id,
+      name: entity.name,
+      type: entity.type,
+      lobeRegion: getLobeRegion(entity.type),
+      color: getEntityColor(entity.type),
+      mentionCount: entity.mentionCount,
+      firstSeenAt: entity.firstSeenAt,
+      lastSeenAt: entity.lastSeenAt,
+    }));
+
+    const relations = relationRows.map((rel) => ({
+      sourceId: rel.sourceEntityId,
+      targetId: rel.targetEntityId,
+      relation: rel.relation,
+    }));
+
+    const memorySummary = kindCountRows.map((row) => ({
+      kind: row.kind,
+      count: row.count,
+      color: getMemoryKindColor(row.kind),
+    }));
+
+    const totalKnowledgeCount = memorySummary.reduce((sum, entry) => sum + entry.count, 0);
+
+    return Response.json({
+      entities,
+      relations,
+      memorySummary,
+      totalKnowledgeCount,
+      generatedAt: new Date().toISOString(),
+    });
+  } catch (err) {
+    return Response.json(
+      { error: 'Failed to generate brain graph', detail: err instanceof Error ? err.message : String(err) },
+      { status: 500 },
+    );
+  }
+}
+
+export function handleServeHomeBaseUI(bearerToken?: string): Response {
+  try {
+    const prebuiltDir = resolveBundledDir(
+      import.meta.dirname ?? __dirname,
+      '../../home-base/prebuilt',
+      'prebuilt',
+    );
+    let html = readFileSync(join(prebuiltDir, 'index.html'), 'utf-8');
+    if (bearerToken) {
+      const escapedToken = bearerToken
+        .replace(/&/g, '&')
+        .replace(/"/g, '"')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;');
+      html = html.replace(
+        '</head>',
+        `  <meta name="api-token" content="${escapedToken}">\n</head>`,
+      );
+    }
+    return new Response(html, {
+      headers: { 'Content-Type': 'text/html; charset=utf-8' },
+    });
+  } catch (err) {
+    return Response.json(
+      { error: 'Home Base UI not available', detail: err instanceof Error ? err.message : String(err) },
+      { status: 500 },
+    );
+  }
+}
+
+export function handleServeBrainGraphUI(bearerToken?: string): Response {
+  try {
+    const prebuiltDir = resolveBundledDir(
+      import.meta.dirname ?? __dirname,
+      '../../home-base/prebuilt',
+      'prebuilt',
+    );
+    let html = readFileSync(join(prebuiltDir, 'brain-graph.html'), 'utf-8');
+    if (bearerToken) {
+      // Inject token as a meta tag for client-side fetch authentication.
+      // HTML-escape the token value to guard against injection if the token
+      // comes from an environment variable with special characters.
+      const escapedToken = bearerToken
+        .replace(/&/g, '&amp;')
+        .replace(/"/g, '&quot;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;');
+      html = html.replace(
+        '</head>',
+        `  <meta name="api-token" content="${escapedToken}">\n</head>`,
+      );
+    }
+    // CSP permits the CDN sources required by D3.js and Three.js.
+    // 'unsafe-eval' is needed by Three.js's shader compilation path.
+    const csp = [
+      "default-src 'self'",
+      "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://d3js.org",
+      "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
+      "font-src 'self' https://fonts.gstatic.com",
+      "connect-src 'self'",
+      "img-src 'self' data:",
+    ].join('; ');
+    return new Response(html, {
+      headers: {
+        'Content-Type': 'text/html; charset=utf-8',
+        'Content-Security-Policy': csp,
+      },
+    });
+  } catch (err) {
+    return Response.json(
+      { error: 'Brain graph UI not available', detail: err instanceof Error ? err.message : String(err) },
+      { status: 500 },
+    );
+  }
+}

package/src/runtime/routes/channel-readiness-routes.ts

@@ -0,0 +1,71 @@
+/**
+ * Route handlers for channel readiness endpoints.
+ *
+ * GET   /v1/channels/readiness          — get channel readiness snapshots
+ * POST  /v1/channels/readiness/refresh  — invalidate cache and refresh readiness
+ */
+
+import type { ChannelId } from '../../channels/types.js';
+import { getReadinessService } from '../../daemon/handlers/config-channels.js';
+
+/**
+ * GET /v1/channels/readiness
+ *
+ * Query params: channel? (optional ChannelId), includeRemote? (optional boolean)
+ */
+export async function handleGetChannelReadiness(url: URL): Promise<Response> {
+  const channel = (url.searchParams.get('channel') as ChannelId | null) ?? undefined;
+  const includeRemote = url.searchParams.get('includeRemote') === 'true';
+
+  const service = getReadinessService();
+  const snapshots = await service.getReadiness(channel, includeRemote);
+
+  return Response.json({
+    success: true,
+    snapshots: snapshots.map((s) => ({
+      channel: s.channel,
+      ready: s.ready,
+      checkedAt: s.checkedAt,
+      stale: s.stale,
+      reasons: s.reasons,
+      localChecks: s.localChecks,
+      remoteChecks: s.remoteChecks,
+    })),
+  });
+}
+
+/**
+ * POST /v1/channels/readiness/refresh
+ *
+ * Body: { channel?: ChannelId, includeRemote?: boolean }
+ */
+export async function handleRefreshChannelReadiness(req: Request): Promise<Response> {
+  const body = (await req.json().catch(() => ({}))) as {
+    channel?: ChannelId;
+    includeRemote?: boolean;
+  };
+
+  const service = getReadinessService();
+
+  // Invalidate cache before fetching
+  if (body.channel) {
+    service.invalidateChannel(body.channel);
+  } else {
+    service.invalidateAll();
+  }
+
+  const snapshots = await service.getReadiness(body.channel, body.includeRemote);
+
+  return Response.json({
+    success: true,
+    snapshots: snapshots.map((s) => ({
+      channel: s.channel,
+      ready: s.ready,
+      checkedAt: s.checkedAt,
+      stale: s.stale,
+      reasons: s.reasons,
+      localChecks: s.localChecks,
+      remoteChecks: s.remoteChecks,
+    })),
+  });
+}