@vellumai/assistant 0.4.31 → 0.4.32

package/src/runtime/routes/integration-routes.ts

@@ -48,6 +48,7 @@ import {
   startOutbound,
 } from "../guardian-outbound-actions.js";
 import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
 import { guardianVerificationLimiter } from "../verification-rate-limiter.js";
 
 /**
@@ -296,3 +297,85 @@ export async function handleCancelOutbound(req: Request): Promise<Response> {
   const status = result.success ? 200 : 400;
   return Response.json(result, { status });
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function integrationRouteDefinitions(): RouteDefinition[] {
+  return [
+    // Telegram
+    {
+      endpoint: "integrations/telegram/config",
+      method: "GET",
+      handler: () => handleGetTelegramConfig(),
+    },
+    {
+      endpoint: "integrations/telegram/config",
+      method: "POST",
+      handler: async ({ req }) => handleSetTelegramConfig(req),
+    },
+    {
+      endpoint: "integrations/telegram/config",
+      method: "DELETE",
+      handler: async () => handleClearTelegramConfig(),
+    },
+    {
+      endpoint: "integrations/telegram/commands",
+      method: "POST",
+      handler: async ({ req }) => handleSetTelegramCommands(req),
+    },
+    {
+      endpoint: "integrations/telegram/setup",
+      method: "POST",
+      handler: async ({ req }) => handleSetupTelegram(req),
+    },
+    // Slack
+    {
+      endpoint: "integrations/slack/channel/config",
+      method: "GET",
+      handler: () => handleGetSlackChannelConfig(),
+    },
+    {
+      endpoint: "integrations/slack/channel/config",
+      method: "POST",
+      handler: async ({ req }) => handleSetSlackChannelConfig(req),
+    },
+    {
+      endpoint: "integrations/slack/channel/config",
+      method: "DELETE",
+      handler: () => handleClearSlackChannelConfig(),
+    },
+    // Guardian
+    {
+      endpoint: "integrations/guardian/challenge",
+      method: "POST",
+      handler: async ({ req }) => handleCreateGuardianChallenge(req),
+    },
+    {
+      endpoint: "integrations/guardian/status",
+      method: "GET",
+      handler: ({ url }) => handleGetGuardianStatus(url),
+    },
+    {
+      endpoint: "integrations/guardian/revoke",
+      method: "POST",
+      handler: async ({ req }) => handleRevokeGuardian(req),
+    },
+    {
+      endpoint: "integrations/guardian/outbound/start",
+      method: "POST",
+      handler: async ({ req }) => handleStartOutbound(req),
+    },
+    {
+      endpoint: "integrations/guardian/outbound/resend",
+      method: "POST",
+      handler: async ({ req }) => handleResendOutbound(req),
+    },
+    {
+      endpoint: "integrations/guardian/outbound/cancel",
+      method: "POST",
+      handler: async ({ req }) => handleCancelOutbound(req),
+    },
+  ];
+}

package/src/runtime/routes/invite-routes.ts

@@ -8,6 +8,7 @@
  *   POST   /v1/contacts/invites/redeem — redeem an invite (token or voice code)
  */
 
+import type { RouteDefinition } from "../http-router.js";
 import {
   createIngressInvite,
   listIngressInvites,
@@ -138,3 +139,33 @@ export async function handleRedeemInvite(req: Request): Promise<Response> {
   }
   return Response.json({ ok: true, invite: result.data });
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function inviteRouteDefinitions(): RouteDefinition[] {
+  return [
+    {
+      endpoint: "contacts/invites",
+      method: "GET",
+      handler: ({ url }) => handleListInvites(url),
+    },
+    {
+      endpoint: "contacts/invites",
+      method: "POST",
+      handler: async ({ req }) => handleCreateInvite(req),
+    },
+    {
+      endpoint: "contacts/invites/redeem",
+      method: "POST",
+      handler: async ({ req }) => handleRedeemInvite(req),
+    },
+    {
+      endpoint: "contacts/invites/:id",
+      method: "DELETE",
+      policyKey: "contacts/invites",
+      handler: ({ params }) => handleRevokeInvite(params.id),
+    },
+  ];
+}

package/src/runtime/routes/migration-routes.ts

@@ -18,6 +18,7 @@ import { resetDb } from "../../memory/db-connection.js";
 import { getLogger } from "../../util/logger.js";
 import { getDbPath, getWorkspaceConfigPath } from "../../util/platform.js";
 import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
 import { buildExportVBundle } from "../migrations/vbundle-builder.js";
 import {
   analyzeImport,
@@ -432,3 +433,32 @@ export async function handleMigrationImport(req: Request): Promise<Response> {
     );
   }
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function migrationRouteDefinitions(): RouteDefinition[] {
+  return [
+    {
+      endpoint: "migrations/validate",
+      method: "POST",
+      handler: async ({ req }) => handleMigrationValidate(req),
+    },
+    {
+      endpoint: "migrations/export",
+      method: "POST",
+      handler: async ({ req }) => handleMigrationExport(req),
+    },
+    {
+      endpoint: "migrations/import-preflight",
+      method: "POST",
+      handler: async ({ req }) => handleMigrationImportPreflight(req),
+    },
+    {
+      endpoint: "migrations/import",
+      method: "POST",
+      handler: async ({ req }) => handleMigrationImport(req),
+    },
+  ];
+}

package/src/runtime/routes/pairing-routes.ts

@@ -14,6 +14,7 @@ import { DAEMON_INTERNAL_ASSISTANT_ID } from "../assistant-scope.js";
 import { mintCredentialPair } from "../auth/credential-service.js";
 import { ensureVellumGuardianBinding } from "../guardian-vellum-migration.js";
 import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
 
 const log = getLogger("runtime-http");
 
@@ -404,3 +405,20 @@ export function handlePairingStatus(
 
   return Response.json({ status: entry.status });
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function pairingRouteDefinitions(deps: {
+  getPairingContext: () => PairingHandlerContext;
+}): RouteDefinition[] {
+  return [
+    {
+      endpoint: "pairing/register",
+      method: "POST",
+      handler: async ({ req }) =>
+        handlePairingRegister(req, deps.getPairingContext()),
+    },
+  ];
+}

package/src/runtime/routes/secret-routes.ts

@@ -12,6 +12,7 @@ import {
 } from "../../tools/credentials/metadata-store.js";
 import { getLogger } from "../../util/logger.js";
 import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
 
 const log = getLogger("runtime-http");
 
@@ -170,3 +171,22 @@ export async function handleDeleteSecret(req: Request): Promise<Response> {
     return httpError("INTERNAL_ERROR", message, 500);
   }
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function secretRouteDefinitions(): RouteDefinition[] {
+  return [
+    {
+      endpoint: "secrets",
+      method: "POST",
+      handler: async ({ req }) => handleAddSecret(req),
+    },
+    {
+      endpoint: "secrets",
+      method: "DELETE",
+      handler: async ({ req }) => handleDeleteSecret(req),
+    },
+  ];
+}

package/src/runtime/routes/surface-action-routes.ts

@@ -6,6 +6,7 @@
  */
 import { getLogger } from "../../util/logger.js";
 import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
 
 const log = getLogger("surface-action-routes");
 
@@ -74,3 +75,28 @@ export async function handleSurfaceAction(
     return httpError("INTERNAL_ERROR", "Failed to handle surface action", 500);
   }
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function surfaceActionRouteDefinitions(deps: {
+  findSession?: SessionLookup;
+}): RouteDefinition[] {
+  return [
+    {
+      endpoint: "surface-actions",
+      method: "POST",
+      handler: async ({ req }) => {
+        if (!deps.findSession) {
+          return httpError(
+            "NOT_IMPLEMENTED",
+            "Surface actions not available",
+            501,
+          );
+        }
+        return handleSurfaceAction(req, deps.findSession);
+      },
+    },
+  ];
+}

package/src/runtime/routes/trust-rules-routes.ts

@@ -13,6 +13,7 @@ import {
 } from "../../permissions/trust-store.js";
 import { getLogger } from "../../util/logger.js";
 import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
 
 const log = getLogger("trust-rules-routes");
 
@@ -151,3 +152,33 @@ export async function handleUpdateTrustRuleManage(
     return httpError("INTERNAL_ERROR", "Failed to update trust rule", 500);
   }
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function trustRulesRouteDefinitions(): RouteDefinition[] {
+  return [
+    {
+      endpoint: "trust-rules/manage",
+      method: "GET",
+      handler: () => handleListTrustRules(),
+    },
+    {
+      endpoint: "trust-rules/manage",
+      method: "POST",
+      handler: async ({ req }) => handleAddTrustRuleManage(req),
+    },
+    {
+      endpoint: "trust-rules/manage/:id",
+      method: "DELETE",
+      handler: ({ params }) => handleRemoveTrustRuleManage(params.id),
+    },
+    {
+      endpoint: "trust-rules/manage/:id",
+      method: "PATCH",
+      handler: async ({ req, params }) =>
+        handleUpdateTrustRuleManage(req, params.id),
+    },
+  ];
+}

package/src/runtime/routes/twilio-routes.ts

@@ -46,6 +46,7 @@ import {
   upsertCredentialMetadata,
 } from "../../tools/credentials/metadata-store.js";
 import { mintDaemonDeliveryToken } from "../auth/token-service.js";
+import type { RouteDefinition } from "../http-router.js";
 
 // ---------------------------------------------------------------------------
 // Shared helpers
@@ -1126,3 +1127,81 @@ export async function handleSmsDoctor(): Promise<Response> {
     },
   });
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function twilioRouteDefinitions(): RouteDefinition[] {
+  return [
+    {
+      endpoint: "integrations/twilio/config",
+      method: "GET",
+      handler: () => handleGetTwilioConfig(),
+    },
+    {
+      endpoint: "integrations/twilio/credentials",
+      method: "POST",
+      handler: async ({ req }) => handleSetTwilioCredentials(req),
+    },
+    {
+      endpoint: "integrations/twilio/credentials",
+      method: "DELETE",
+      handler: () => handleClearTwilioCredentials(),
+    },
+    {
+      endpoint: "integrations/twilio/numbers",
+      method: "GET",
+      handler: async () => handleListTwilioNumbers(),
+    },
+    {
+      endpoint: "integrations/twilio/numbers/provision",
+      method: "POST",
+      handler: async ({ req }) => handleProvisionTwilioNumber(req),
+    },
+    {
+      endpoint: "integrations/twilio/numbers/assign",
+      method: "POST",
+      handler: async ({ req }) => handleAssignTwilioNumber(req),
+    },
+    {
+      endpoint: "integrations/twilio/numbers/release",
+      method: "POST",
+      handler: async ({ req }) => handleReleaseTwilioNumber(req),
+    },
+    {
+      endpoint: "integrations/twilio/sms/compliance",
+      method: "GET",
+      handler: async () => handleGetSmsCompliance(),
+    },
+    {
+      endpoint: "integrations/twilio/sms/compliance/tollfree",
+      method: "POST",
+      handler: async ({ req }) => handleSubmitTollfreeVerification(req),
+    },
+    {
+      endpoint: "integrations/twilio/sms/compliance/tollfree/:sid",
+      method: "PATCH",
+      policyKey: "integrations/twilio/sms/compliance/tollfree",
+      handler: async ({ req, params }) =>
+        handleUpdateTollfreeVerification(req, params.sid),
+    },
+    {
+      endpoint: "integrations/twilio/sms/compliance/tollfree/:sid",
+      method: "DELETE",
+      policyKey: "integrations/twilio/sms/compliance/tollfree",
+      handler: async ({ params }) =>
+        handleDeleteTollfreeVerification(params.sid),
+    },
+    {
+      endpoint: "integrations/twilio/sms/test",
+      method: "POST",
+      handler: async ({ req }) => handleSmsSendTest(req),
+    },
+    {
+      endpoint: "integrations/twilio/sms/doctor",
+      method: "POST",
+      handler: async () => handleSmsDoctor(),
+    },
+  ];
+}

package/src/schedule/recurrence-types.ts

@@ -34,13 +34,11 @@ export function detectScheduleSyntax(
  * Resolution order:
  * 1. If explicit `syntax` is provided, use it
  * 2. If `expression` is provided, auto-detect from expression
- * 3. If `legacyCronExpression` is provided, treat as cron
- * 4. Return null if nothing resolved
+ * 3. Return null if nothing resolved
  */
 export function normalizeScheduleSyntax(input: {
   syntax?: ScheduleSyntax;
   expression?: string;
-  legacyCronExpression?: string;
 }): { syntax: ScheduleSyntax; expression: string } | null {
   // Explicit syntax + expression
   if (input.syntax && input.expression) {
@@ -60,13 +58,5 @@ export function normalizeScheduleSyntax(input: {
     return null;
   }
 
-  // Legacy cron_expression fallback
-  if (input.legacyCronExpression) {
-    return {
-      syntax: input.syntax ?? "cron",
-      expression: input.legacyCronExpression,
-    };
-  }
-
   return null;
 }

package/src/tools/followups/followup_create.ts

@@ -47,13 +47,19 @@ export async function executeFollowupCreate(
     };
   }
 
+  if (input.reminder_cron_id !== undefined) {
+    return {
+      content:
+        'Error: "reminder_cron_id" is deprecated. Use "reminder_schedule_id" instead.',
+      isError: true,
+    };
+  }
+
   const contactId = input.contact_id as string | undefined;
   const expectedResponseHours = input.expected_response_hours as
     | number
     | undefined;
-  // Canonical: reminder_schedule_id; deprecated alias: reminder_cron_id
-  const reminderScheduleId = (input.reminder_schedule_id ??
-    input.reminder_cron_id) as string | undefined;
+  const reminderScheduleId = input.reminder_schedule_id as string | undefined;
 
   // Validate contact exists if provided
   if (contactId) {

package/src/tools/mcp/mcp-tool-factory.ts

@@ -18,23 +18,6 @@ export function mcpToolName(serverId: string, toolName: string): string {
   return `mcp__${serverId}__${toolName}`;
 }
 
-/**
- * Parse a namespaced MCP tool name back into serverId and original tool name.
- * Returns null if the name doesn't match the MCP naming convention.
- */
-export function parseMcpToolName(
-  name: string,
-): { serverId: string; toolName: string } | null {
-  if (!name.startsWith("mcp__")) return null;
-  const prefixRemoved = name.slice(5); // remove 'mcp__'
-  const firstSep = prefixRemoved.indexOf("__");
-  if (firstSep === -1) return null;
-  return {
-    serverId: prefixRemoved.slice(0, firstSep),
-    toolName: prefixRemoved.slice(firstSep + 2),
-  };
-}
-
 export interface McpToolMetadata {
   name: string;
   description: string;

package/src/tools/memory/definitions.ts

@@ -93,9 +93,3 @@ export const memoryUpdateDefinition: ToolDefinition = {
     required: ["memory_id", "statement"],
   },
 };
-
-export const memoryToolDefinitions: ToolDefinition[] = [
-  memorySearchDefinition,
-  memorySaveDefinition,
-  memoryUpdateDefinition,
-];

package/src/tools/network/script-proxy/session-manager.ts

@@ -42,6 +42,32 @@ const DEFAULT_CONFIG: ProxySessionConfig = {
   maxSessionsPerConversation: 3,
 };
 
+/**
+ * Host patterns that are allowed by default through the proxy policy engine,
+ * regardless of session configuration. Supports exact matches (e.g.
+ * `"localhost"`) and wildcard subdomain patterns (e.g. `"*.vellum.ai"`
+ * matches `platform.vellum.ai`, `dev-platform.vellum.ai`, etc.).
+ */
+const ALLOWED_HOST_PATTERNS: readonly string[] = ["*.vellum.ai", "localhost"];
+
+/**
+ * Returns `true` when `hostname` matches any entry in
+ * {@link ALLOWED_HOST_PATTERNS}.
+ */
+function isAllowedHost(hostname: string): boolean {
+  for (const pattern of ALLOWED_HOST_PATTERNS) {
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(1); // e.g. ".vellum.ai"
+      if (hostname.endsWith(suffix) || hostname === pattern.slice(2)) {
+        return true;
+      }
+    } else if (hostname === pattern) {
+      return true;
+    }
+  }
+  return false;
+}
+
 interface ManagedSession {
   session: ProxySession;
   server: Server | null;
@@ -309,6 +335,13 @@ export async function startSession(
     reqPath: string,
     scheme: "http" | "https",
   ) => {
+    // Allowed hosts are always passed through the proxy, regardless of
+    // session configuration or credential state.
+    if (isAllowedHost(hostname)) {
+      log.debug({ hostname }, "Allowing always-permitted host");
+      return {};
+    }
+
     const decision = evaluateRequestWithApproval(
       hostname,
       port,
@@ -506,7 +539,8 @@ export async function getOrStartSession(
 ): Promise<{ session: ProxySession; created: boolean }> {
   const requestedHost = options?.listenHost ?? "127.0.0.1";
 
-  // Fast path — session already active with matching credentials and listen host, no lock needed.
+  // Fast path — session already active with matching credentials and listen
+  // host, no lock needed.
   const existing = getActiveSession(conversationId);
   if (existing && credentialIdsMatch(existing.credentialIds, credentialIds)) {
     const managed = sessions.get(existing.id);
@@ -533,8 +567,9 @@ export async function getOrStartSession(
         return { session, created: false };
       }
     }
-    // Credential or listenHost mismatch — tear down and loop back to re-check
-    // whether another waiter has already started a replacement session.
+    // Credential or listenHost mismatch — tear down and loop back to
+    // re-check whether another waiter has already started a replacement
+    // session.
     await stopSession(session.id);
   }
 

package/src/tools/schedule/create.ts

@@ -31,16 +31,14 @@ export async function executeScheduleCreate(
     };
   }
 
-  // Resolve syntax and expression from new or legacy fields
   const resolved = normalizeScheduleSyntax({
     syntax: input.syntax as "cron" | "rrule" | undefined,
     expression: input.expression as string | undefined,
-    legacyCronExpression: input.cron_expression as string | undefined,
   });
 
   if (!resolved) {
     return {
-      content: "Error: expression (or cron_expression) is required",
+      content: "Error: expression is required",
       isError: true,
     };
   }

package/src/tools/schedule/update.ts

@@ -20,6 +20,14 @@ export async function executeScheduleUpdate(
     return { content: "Error: job_id is required", isError: true };
   }
 
+  if (input.cron_expression !== undefined) {
+    return {
+      content:
+        'Error: "cron_expression" is deprecated. Use "expression" instead.',
+      isError: true,
+    };
+  }
+
   const updates: Record<string, unknown> = {};
   if (input.name !== undefined) updates.name = input.name;
   if (input.timezone !== undefined) updates.timezone = input.timezone;
@@ -27,13 +35,10 @@ export async function executeScheduleUpdate(
   if (input.enabled !== undefined) updates.enabled = input.enabled;
 
   // Auto-detect syntax when expression changes without explicit syntax
-  const hasExpression =
-    input.expression !== undefined || input.cron_expression !== undefined;
-  if (hasExpression || input.syntax !== undefined) {
+  if (input.expression !== undefined || input.syntax !== undefined) {
     const resolved = normalizeScheduleSyntax({
       syntax: input.syntax as "cron" | "rrule" | undefined,
       expression: input.expression as string | undefined,
-      legacyCronExpression: input.cron_expression as string | undefined,
     });
     if (resolved) {
       updates.syntax = resolved.syntax;
@@ -42,8 +47,6 @@ export async function executeScheduleUpdate(
       updates.expression = input.expression;
       const detected = detectScheduleSyntax(input.expression as string);
       if (detected) updates.syntax = detected;
-    } else if (input.cron_expression !== undefined) {
-      updates.cronExpression = input.cron_expression;
     }
     // When only syntax is provided (no expression), normalizeScheduleSyntax returns null
     // but we still need to persist the explicit syntax value.