@vellumai/assistant 0.4.31 → 0.4.33

package/src/runtime/routes/migration-routes.ts

@@ -18,6 +18,7 @@ import { resetDb } from "../../memory/db-connection.js";
 import { getLogger } from "../../util/logger.js";
 import { getDbPath, getWorkspaceConfigPath } from "../../util/platform.js";
 import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
 import { buildExportVBundle } from "../migrations/vbundle-builder.js";
 import {
   analyzeImport,
@@ -432,3 +433,32 @@ export async function handleMigrationImport(req: Request): Promise<Response> {
     );
   }
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function migrationRouteDefinitions(): RouteDefinition[] {
+  return [
+    {
+      endpoint: "migrations/validate",
+      method: "POST",
+      handler: async ({ req }) => handleMigrationValidate(req),
+    },
+    {
+      endpoint: "migrations/export",
+      method: "POST",
+      handler: async ({ req }) => handleMigrationExport(req),
+    },
+    {
+      endpoint: "migrations/import-preflight",
+      method: "POST",
+      handler: async ({ req }) => handleMigrationImportPreflight(req),
+    },
+    {
+      endpoint: "migrations/import",
+      method: "POST",
+      handler: async ({ req }) => handleMigrationImport(req),
+    },
+  ];
+}

package/src/runtime/routes/pairing-routes.ts

@@ -14,6 +14,7 @@ import { DAEMON_INTERNAL_ASSISTANT_ID } from "../assistant-scope.js";
 import { mintCredentialPair } from "../auth/credential-service.js";
 import { ensureVellumGuardianBinding } from "../guardian-vellum-migration.js";
 import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
 
 const log = getLogger("runtime-http");
 
@@ -404,3 +405,20 @@ export function handlePairingStatus(
 
   return Response.json({ status: entry.status });
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function pairingRouteDefinitions(deps: {
+  getPairingContext: () => PairingHandlerContext;
+}): RouteDefinition[] {
+  return [
+    {
+      endpoint: "pairing/register",
+      method: "POST",
+      handler: async ({ req }) =>
+        handlePairingRegister(req, deps.getPairingContext()),
+    },
+  ];
+}

package/src/runtime/routes/secret-routes.ts

@@ -12,6 +12,7 @@ import {
 } from "../../tools/credentials/metadata-store.js";
 import { getLogger } from "../../util/logger.js";
 import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
 
 const log = getLogger("runtime-http");
 
@@ -170,3 +171,22 @@ export async function handleDeleteSecret(req: Request): Promise<Response> {
     return httpError("INTERNAL_ERROR", message, 500);
   }
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function secretRouteDefinitions(): RouteDefinition[] {
+  return [
+    {
+      endpoint: "secrets",
+      method: "POST",
+      handler: async ({ req }) => handleAddSecret(req),
+    },
+    {
+      endpoint: "secrets",
+      method: "DELETE",
+      handler: async ({ req }) => handleDeleteSecret(req),
+    },
+  ];
+}

package/src/runtime/routes/surface-action-routes.ts

@@ -6,6 +6,7 @@
  */
 import { getLogger } from "../../util/logger.js";
 import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
 
 const log = getLogger("surface-action-routes");
 
@@ -74,3 +75,28 @@ export async function handleSurfaceAction(
     return httpError("INTERNAL_ERROR", "Failed to handle surface action", 500);
   }
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function surfaceActionRouteDefinitions(deps: {
+  findSession?: SessionLookup;
+}): RouteDefinition[] {
+  return [
+    {
+      endpoint: "surface-actions",
+      method: "POST",
+      handler: async ({ req }) => {
+        if (!deps.findSession) {
+          return httpError(
+            "NOT_IMPLEMENTED",
+            "Surface actions not available",
+            501,
+          );
+        }
+        return handleSurfaceAction(req, deps.findSession);
+      },
+    },
+  ];
+}

package/src/runtime/routes/trust-rules-routes.ts

@@ -13,6 +13,7 @@ import {
 } from "../../permissions/trust-store.js";
 import { getLogger } from "../../util/logger.js";
 import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
 
 const log = getLogger("trust-rules-routes");
 
@@ -151,3 +152,33 @@ export async function handleUpdateTrustRuleManage(
     return httpError("INTERNAL_ERROR", "Failed to update trust rule", 500);
   }
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function trustRulesRouteDefinitions(): RouteDefinition[] {
+  return [
+    {
+      endpoint: "trust-rules/manage",
+      method: "GET",
+      handler: () => handleListTrustRules(),
+    },
+    {
+      endpoint: "trust-rules/manage",
+      method: "POST",
+      handler: async ({ req }) => handleAddTrustRuleManage(req),
+    },
+    {
+      endpoint: "trust-rules/manage/:id",
+      method: "DELETE",
+      handler: ({ params }) => handleRemoveTrustRuleManage(params.id),
+    },
+    {
+      endpoint: "trust-rules/manage/:id",
+      method: "PATCH",
+      handler: async ({ req, params }) =>
+        handleUpdateTrustRuleManage(req, params.id),
+    },
+  ];
+}

package/src/runtime/routes/twilio-routes.ts

@@ -46,6 +46,7 @@ import {
   upsertCredentialMetadata,
 } from "../../tools/credentials/metadata-store.js";
 import { mintDaemonDeliveryToken } from "../auth/token-service.js";
+import type { RouteDefinition } from "../http-router.js";
 
 // ---------------------------------------------------------------------------
 // Shared helpers
@@ -1126,3 +1127,81 @@ export async function handleSmsDoctor(): Promise<Response> {
     },
   });
 }
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function twilioRouteDefinitions(): RouteDefinition[] {
+  return [
+    {
+      endpoint: "integrations/twilio/config",
+      method: "GET",
+      handler: () => handleGetTwilioConfig(),
+    },
+    {
+      endpoint: "integrations/twilio/credentials",
+      method: "POST",
+      handler: async ({ req }) => handleSetTwilioCredentials(req),
+    },
+    {
+      endpoint: "integrations/twilio/credentials",
+      method: "DELETE",
+      handler: () => handleClearTwilioCredentials(),
+    },
+    {
+      endpoint: "integrations/twilio/numbers",
+      method: "GET",
+      handler: async () => handleListTwilioNumbers(),
+    },
+    {
+      endpoint: "integrations/twilio/numbers/provision",
+      method: "POST",
+      handler: async ({ req }) => handleProvisionTwilioNumber(req),
+    },
+    {
+      endpoint: "integrations/twilio/numbers/assign",
+      method: "POST",
+      handler: async ({ req }) => handleAssignTwilioNumber(req),
+    },
+    {
+      endpoint: "integrations/twilio/numbers/release",
+      method: "POST",
+      handler: async ({ req }) => handleReleaseTwilioNumber(req),
+    },
+    {
+      endpoint: "integrations/twilio/sms/compliance",
+      method: "GET",
+      handler: async () => handleGetSmsCompliance(),
+    },
+    {
+      endpoint: "integrations/twilio/sms/compliance/tollfree",
+      method: "POST",
+      handler: async ({ req }) => handleSubmitTollfreeVerification(req),
+    },
+    {
+      endpoint: "integrations/twilio/sms/compliance/tollfree/:sid",
+      method: "PATCH",
+      policyKey: "integrations/twilio/sms/compliance/tollfree",
+      handler: async ({ req, params }) =>
+        handleUpdateTollfreeVerification(req, params.sid),
+    },
+    {
+      endpoint: "integrations/twilio/sms/compliance/tollfree/:sid",
+      method: "DELETE",
+      policyKey: "integrations/twilio/sms/compliance/tollfree",
+      handler: async ({ params }) =>
+        handleDeleteTollfreeVerification(params.sid),
+    },
+    {
+      endpoint: "integrations/twilio/sms/test",
+      method: "POST",
+      handler: async ({ req }) => handleSmsSendTest(req),
+    },
+    {
+      endpoint: "integrations/twilio/sms/doctor",
+      method: "POST",
+      handler: async () => handleSmsDoctor(),
+    },
+  ];
+}

package/src/schedule/recurrence-types.ts

@@ -34,13 +34,11 @@ export function detectScheduleSyntax(
  * Resolution order:
  * 1. If explicit `syntax` is provided, use it
  * 2. If `expression` is provided, auto-detect from expression
- * 3. If `legacyCronExpression` is provided, treat as cron
- * 4. Return null if nothing resolved
+ * 3. Return null if nothing resolved
  */
 export function normalizeScheduleSyntax(input: {
   syntax?: ScheduleSyntax;
   expression?: string;
-  legacyCronExpression?: string;
 }): { syntax: ScheduleSyntax; expression: string } | null {
   // Explicit syntax + expression
   if (input.syntax && input.expression) {
@@ -60,13 +58,5 @@ export function normalizeScheduleSyntax(input: {
     return null;
   }
 
-  // Legacy cron_expression fallback
-  if (input.legacyCronExpression) {
-    return {
-      syntax: input.syntax ?? "cron",
-      expression: input.legacyCronExpression,
-    };
-  }
-
   return null;
 }

package/src/tools/browser/browser-manager.ts

@@ -131,7 +131,16 @@ export function setLaunchFn(fn: LaunchFn | null): void {
 
 async function getDefaultLaunchFn(): Promise<LaunchFn> {
   const pw = await import("playwright");
-  return pw.chromium.launchPersistentContext.bind(pw.chromium);
+  // In compiled Bun binaries, CJS→ESM interop may place named exports
+  // under .default instead of at the top level of the module namespace.
+  const chromium =
+    pw.chromium ?? (pw.default as typeof pw | undefined)?.chromium;
+  if (!chromium) {
+    throw new Error(
+      "Failed to resolve Playwright chromium — the module loaded but 'chromium' is missing",
+    );
+  }
+  return chromium.launchPersistentContext.bind(chromium);
 }
 
 function getProfileDir(): string {

package/src/tools/browser/runtime-check.ts

@@ -12,7 +12,9 @@ export async function checkBrowserRuntime(): Promise<BrowserRuntimeStatus> {
   let chromium: { executablePath: () => string };
   try {
     const pw = await import("playwright");
-    chromium = pw.chromium;
+    // In compiled Bun binaries, CJS→ESM interop may place named exports
+    // under .default instead of at the top level of the module namespace.
+    chromium = pw.chromium ?? (pw.default as typeof pw | undefined)?.chromium;
   } catch {
     return {
       playwrightAvailable: false,

package/src/tools/followups/followup_create.ts

@@ -47,13 +47,19 @@ export async function executeFollowupCreate(
     };
   }
 
+  if (input.reminder_cron_id !== undefined) {
+    return {
+      content:
+        'Error: "reminder_cron_id" is deprecated. Use "reminder_schedule_id" instead.',
+      isError: true,
+    };
+  }
+
   const contactId = input.contact_id as string | undefined;
   const expectedResponseHours = input.expected_response_hours as
     | number
     | undefined;
-  // Canonical: reminder_schedule_id; deprecated alias: reminder_cron_id
-  const reminderScheduleId = (input.reminder_schedule_id ??
-    input.reminder_cron_id) as string | undefined;
+  const reminderScheduleId = input.reminder_schedule_id as string | undefined;
 
   // Validate contact exists if provided
   if (contactId) {

package/src/tools/mcp/mcp-tool-factory.ts

@@ -18,23 +18,6 @@ export function mcpToolName(serverId: string, toolName: string): string {
   return `mcp__${serverId}__${toolName}`;
 }
 
-/**
- * Parse a namespaced MCP tool name back into serverId and original tool name.
- * Returns null if the name doesn't match the MCP naming convention.
- */
-export function parseMcpToolName(
-  name: string,
-): { serverId: string; toolName: string } | null {
-  if (!name.startsWith("mcp__")) return null;
-  const prefixRemoved = name.slice(5); // remove 'mcp__'
-  const firstSep = prefixRemoved.indexOf("__");
-  if (firstSep === -1) return null;
-  return {
-    serverId: prefixRemoved.slice(0, firstSep),
-    toolName: prefixRemoved.slice(firstSep + 2),
-  };
-}
-
 export interface McpToolMetadata {
   name: string;
   description: string;

package/src/tools/memory/definitions.ts

@@ -93,9 +93,3 @@ export const memoryUpdateDefinition: ToolDefinition = {
     required: ["memory_id", "statement"],
   },
 };
-
-export const memoryToolDefinitions: ToolDefinition[] = [
-  memorySearchDefinition,
-  memorySaveDefinition,
-  memoryUpdateDefinition,
-];

package/src/tools/network/script-proxy/session-manager.ts

@@ -42,6 +42,32 @@ const DEFAULT_CONFIG: ProxySessionConfig = {
   maxSessionsPerConversation: 3,
 };
 
+/**
+ * Host patterns that are allowed by default through the proxy policy engine,
+ * regardless of session configuration. Supports exact matches (e.g.
+ * `"localhost"`) and wildcard subdomain patterns (e.g. `"*.vellum.ai"`
+ * matches `platform.vellum.ai`, `dev-platform.vellum.ai`, etc.).
+ */
+const ALLOWED_HOST_PATTERNS: readonly string[] = ["*.vellum.ai", "localhost"];
+
+/**
+ * Returns `true` when `hostname` matches any entry in
+ * {@link ALLOWED_HOST_PATTERNS}.
+ */
+function isAllowedHost(hostname: string): boolean {
+  for (const pattern of ALLOWED_HOST_PATTERNS) {
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(1); // e.g. ".vellum.ai"
+      if (hostname.endsWith(suffix) || hostname === pattern.slice(2)) {
+        return true;
+      }
+    } else if (hostname === pattern) {
+      return true;
+    }
+  }
+  return false;
+}
+
 interface ManagedSession {
   session: ProxySession;
   server: Server | null;
@@ -309,6 +335,13 @@ export async function startSession(
     reqPath: string,
     scheme: "http" | "https",
   ) => {
+    // Allowed hosts are always passed through the proxy, regardless of
+    // session configuration or credential state.
+    if (isAllowedHost(hostname)) {
+      log.debug({ hostname }, "Allowing always-permitted host");
+      return {};
+    }
+
     const decision = evaluateRequestWithApproval(
       hostname,
       port,
@@ -506,7 +539,8 @@ export async function getOrStartSession(
 ): Promise<{ session: ProxySession; created: boolean }> {
   const requestedHost = options?.listenHost ?? "127.0.0.1";
 
-  // Fast path — session already active with matching credentials and listen host, no lock needed.
+  // Fast path — session already active with matching credentials and listen
+  // host, no lock needed.
   const existing = getActiveSession(conversationId);
   if (existing && credentialIdsMatch(existing.credentialIds, credentialIds)) {
     const managed = sessions.get(existing.id);
@@ -533,8 +567,9 @@ export async function getOrStartSession(
         return { session, created: false };
       }
     }
-    // Credential or listenHost mismatch — tear down and loop back to re-check
-    // whether another waiter has already started a replacement session.
+    // Credential or listenHost mismatch — tear down and loop back to
+    // re-check whether another waiter has already started a replacement
+    // session.
     await stopSession(session.id);
   }
 

package/src/tools/schedule/create.ts

@@ -31,16 +31,14 @@ export async function executeScheduleCreate(
     };
   }
 
-  // Resolve syntax and expression from new or legacy fields
   const resolved = normalizeScheduleSyntax({
     syntax: input.syntax as "cron" | "rrule" | undefined,
     expression: input.expression as string | undefined,
-    legacyCronExpression: input.cron_expression as string | undefined,
   });
 
   if (!resolved) {
     return {
-      content: "Error: expression (or cron_expression) is required",
+      content: "Error: expression is required",
       isError: true,
     };
   }

package/src/tools/schedule/update.ts

@@ -20,6 +20,14 @@ export async function executeScheduleUpdate(
     return { content: "Error: job_id is required", isError: true };
   }
 
+  if (input.cron_expression !== undefined) {
+    return {
+      content:
+        'Error: "cron_expression" is deprecated. Use "expression" instead.',
+      isError: true,
+    };
+  }
+
   const updates: Record<string, unknown> = {};
   if (input.name !== undefined) updates.name = input.name;
   if (input.timezone !== undefined) updates.timezone = input.timezone;
@@ -27,13 +35,10 @@ export async function executeScheduleUpdate(
   if (input.enabled !== undefined) updates.enabled = input.enabled;
 
   // Auto-detect syntax when expression changes without explicit syntax
-  const hasExpression =
-    input.expression !== undefined || input.cron_expression !== undefined;
-  if (hasExpression || input.syntax !== undefined) {
+  if (input.expression !== undefined || input.syntax !== undefined) {
     const resolved = normalizeScheduleSyntax({
       syntax: input.syntax as "cron" | "rrule" | undefined,
       expression: input.expression as string | undefined,
-      legacyCronExpression: input.cron_expression as string | undefined,
     });
     if (resolved) {
       updates.syntax = resolved.syntax;
@@ -42,8 +47,6 @@ export async function executeScheduleUpdate(
       updates.expression = input.expression;
       const detected = detectScheduleSyntax(input.expression as string);
       if (detected) updates.syntax = detected;
-    } else if (input.cron_expression !== undefined) {
-      updates.cronExpression = input.cron_expression;
     }
     // When only syntax is provided (no expression), normalizeScheduleSyntax returns null
     // but we still need to persist the explicit syntax value.

package/src/tools/shared/shell-output.ts

@@ -39,8 +39,13 @@ export function formatShellOutput(
   }
 
   if (!output.trim()) {
-    output =
-      code === 0 ? "<command_completed />" : `<command_exit code="${code}" />`;
+    if (code === 0) {
+      output = "<command_completed />";
+    } else {
+      const exitTag = `<command_exit code="${code}" />`;
+      output = `${exitTag}\nCommand failed with exit code ${code}. No stdout or stderr output was produced.`;
+      statusParts.push(exitTag);
+    }
   } else if (code !== 0 && !timedOut) {
     statusParts.push(`<command_exit code="${code}" />`);
   }

package/src/twitter/session.ts

@@ -1,97 +1,49 @@
 /**
  * Twitter session persistence.
- * Stores/loads auth cookies from a recording or manual login.
+ * Delegates to the shared cookie-session primitive for CRUD and cookie header
+ * logic; keeps Twitter-specific cookie validation and CSRF extraction.
  */
 
+import type { CookieSession } from "../util/cookie-session.js";
 import {
-  existsSync,
-  mkdirSync,
-  readFileSync,
-  unlinkSync,
-  writeFileSync,
-} from "node:fs";
-import { join } from "node:path";
-
-import type {
-  ExtractedCredential,
-  SessionRecording,
-} from "../tools/browser/network-recording-types.js";
+  createSessionStore,
+  importFromRecordingBase,
+} from "../util/cookie-session.js";
 import { ConfigError } from "../util/errors.js";
-import { getDataDir } from "../util/platform.js";
-
-export interface TwitterSession {
-  cookies: ExtractedCredential[];
-  importedAt: string;
-  recordingId?: string;
-}
-
-function getSessionDir(): string {
-  return join(getDataDir(), "twitter");
-}
 
-function getSessionPath(): string {
-  return join(getSessionDir(), "session.json");
-}
-
-export function loadSession(): TwitterSession | null {
-  const path = getSessionPath();
-  if (!existsSync(path)) return null;
-  try {
-    return JSON.parse(readFileSync(path, "utf-8")) as TwitterSession;
-  } catch {
-    return null;
-  }
-}
+export type TwitterSession = CookieSession;
 
-export function saveSession(session: TwitterSession): void {
-  const dir = getSessionDir();
-  if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
-  writeFileSync(getSessionPath(), JSON.stringify(session, null, 2));
-}
+const store = createSessionStore("twitter");
 
-export function clearSession(): void {
-  const path = getSessionPath();
-  if (existsSync(path)) {
-    unlinkSync(path);
-  }
-}
+export const loadSession: () => TwitterSession | null = store.loadSession;
+export const saveSession: (session: TwitterSession) => void = store.saveSession;
+export const clearSession: () => void = store.clearSession;
+export const getCookieHeader: (session: TwitterSession) => string =
+  store.getCookieHeader;
 
 /**
  * Import cookies from a Ride Shotgun recording file.
  */
 export function importFromRecording(recordingPath: string): TwitterSession {
-  if (!existsSync(recordingPath)) {
-    throw new ConfigError(`Recording not found: ${recordingPath}`);
-  }
-  const recording = JSON.parse(
-    readFileSync(recordingPath, "utf-8"),
-  ) as SessionRecording;
-  if (!recording.cookies?.length) {
-    throw new ConfigError("Recording contains no cookies");
-  }
-  // Require the two cookies that prove a logged-in Twitter session:
-  // the auth session cookie and the ct0 CSRF cookie.
-  const cookieNames = new Set(recording.cookies.map((c) => c.name));
-  if (!cookieNames.has("ct0") || !cookieNames.has(`auth_${"token"}`)) {
+  try {
+    const session = importFromRecordingBase(recordingPath, (cookieNames) => {
+      // Require the two cookies that prove a logged-in Twitter session:
+      // the auth session cookie and the ct0 CSRF cookie.
+      if (!cookieNames.has("ct0") || !cookieNames.has(`auth_${"token"}`)) {
+        throw new ConfigError(
+          "Recording is missing required Twitter session cookies. " +
+            "Make sure you are logged in to x.com before recording.",
+        );
+      }
+    });
+    saveSession(session);
+    return session;
+  } catch (error) {
+    if (error instanceof ConfigError) throw error;
     throw new ConfigError(
-      "Recording is missing required Twitter session cookies. " +
-        "Make sure you are logged in to x.com before recording.",
+      error instanceof Error ? error.message : String(error),
     );
   }
-  const session: TwitterSession = {
-    cookies: recording.cookies,
-    importedAt: new Date().toISOString(),
-    recordingId: recording.id,
-  };
-  saveSession(session);
-  return session;
-}
-
-/**
- * Build a Cookie header string from the session.
- */
-export function getCookieHeader(session: TwitterSession): string {
-  return session.cookies.map((c) => `${c.name}=${c.value}`).join("; ");
 }
 
 /**