@vellumai/assistant 0.4.37 → 0.4.41

package/src/tools/system/avatar-generator.ts

@@ -1,11 +1,10 @@
-import { mkdirSync, writeFileSync } from "node:fs";
+import { randomUUID } from "node:crypto";
+import { mkdirSync, renameSync, writeFileSync } from "node:fs";
 import { dirname, join } from "node:path";
 
-import { getConfig } from "../../config/loader.js";
-import {
-  generateImage,
-  mapGeminiError,
-} from "../../media/gemini-image-service.js";
+import { routedGenerateAvatar } from "../../media/avatar-router.js";
+import { ManagedAvatarError } from "../../media/avatar-types.js";
+import { mapGeminiError } from "../../media/gemini-image-service.js";
 import { RiskLevel } from "../../permissions/types.js";
 import type { ToolDefinition } from "../../providers/types.js";
 import { getLogger } from "../../util/logger.js";
@@ -66,21 +65,8 @@ export const setAvatarTool: Tool = {
       };
     }
 
-    const config = getConfig();
-    const apiKey = config.apiKeys.gemini ?? process.env.GEMINI_API_KEY;
-    if (!apiKey) {
-      return {
-        content:
-          "No Gemini API key configured. Please add your Gemini API key in Settings → Models & Services, or set the GEMINI_API_KEY environment variable.",
-        isError: true,
-      };
-    }
-
     try {
-      log.info(
-        { description: description.trim() },
-        "Generating avatar via Gemini",
-      );
+      log.info({ description: description.trim() }, "Generating avatar");
 
       const prompt =
         `Create an avatar image based on this description: ${description.trim()}\n\n` +
@@ -89,29 +75,31 @@ export const setAvatarTool: Tool = {
         "Circular or rounded composition filling the canvas. " +
         "Subtle background color (not white or transparent).";
 
-      const result = await generateImage(apiKey, {
-        prompt,
-        mode: "generate",
-        model: config.imageGenModel,
-      });
-
-      if (result.images.length === 0) {
+      const result = await routedGenerateAvatar(prompt);
+      if (!result.imageBase64) {
         return {
-          content: "Error: Gemini returned no image data. Please try again.",
+          content: "Error: No image data returned. Please try again.",
           isError: true,
         };
       }
-
-      const image = result.images[0];
-      const pngBuffer = Buffer.from(image.dataBase64, "base64");
+      const pngBuffer = Buffer.from(result.imageBase64, "base64");
 
       const avatarPath = getAvatarPath();
       const avatarDir = dirname(avatarPath);
 
+      const tmpPath = `${avatarPath}.${randomUUID()}.tmp`;
       mkdirSync(avatarDir, { recursive: true });
-      writeFileSync(avatarPath, pngBuffer);
+      writeFileSync(tmpPath, pngBuffer);
+      renameSync(tmpPath, avatarPath);
 
-      log.info({ avatarPath }, "Avatar saved successfully");
+      log.info(
+        {
+          avatarPath,
+          pathUsed: result.pathUsed,
+          correlationId: result.correlationId,
+        },
+        "Avatar saved successfully",
+      );
 
       // Side-effect hook in tool-side-effects.ts broadcasts avatar_updated to all clients.
 
@@ -120,9 +108,42 @@ export const setAvatarTool: Tool = {
         isError: false,
       };
     } catch (error) {
+      if (error instanceof ManagedAvatarError) {
+        if (error.statusCode === 429) {
+          log.warn(
+            { correlationId: error.correlationId },
+            "Avatar generation rate limited",
+          );
+          return {
+            content:
+              "Avatar generation is rate limited. Please wait and try again.",
+            isError: true,
+          };
+        }
+        if (error.statusCode === 503) {
+          log.warn(
+            { correlationId: error.correlationId },
+            "Avatar generation service unavailable",
+          );
+          return {
+            content: "Avatar generation service is temporarily unavailable.",
+            isError: true,
+          };
+        }
+        const detail =
+          error.message || "Avatar generation failed. Please try again.";
+        log.error(
+          { error: detail, correlationId: error.correlationId },
+          "Managed avatar generation failed",
+        );
+        return {
+          content: `Avatar generation failed: ${detail}`,
+          isError: true,
+        };
+      }
+
       const message = mapGeminiError(error);
       log.error({ error: message }, "Avatar generation failed");
-
       return {
         content: `Avatar generation failed: ${message}`,
         isError: true,

package/src/twitter/client.ts

@@ -93,7 +93,7 @@ async function findTwitterTab(): Promise<string> {
   const res = await fetch(`${CDP_BASE}/json/list`).catch(() => null);
   if (!res?.ok) {
     throw new SessionExpiredError(
-      "Chrome CDP not available. Run `vellum twitter refresh` first.",
+      "Chrome CDP not available. Run `assistant twitter refresh` first.",
     );
   }
   const targets = (await res.json()) as Array<{

package/src/twitter/oauth-client.ts

@@ -1,17 +1,13 @@
 /**
  * OAuth-backed Twitter API client.
  *
- * Uses stored OAuth2 Bearer tokens (via the token manager) to execute
+ * Accepts an OAuth2 Bearer token as a parameter and uses it to execute
  * Twitter API v2 operations directly, without requiring a browser session.
  * Currently supports post and reply; all other operations fall back to the
  * browser-based CDP client.
  */
 
-import { getSecureKey } from "../security/secure-keys.js";
-import { withValidToken } from "../security/token-manager.js";
-
 const TWITTER_API_BASE = "https://api.x.com/2";
-const SERVICE = "integration:twitter";
 
 /** Operations that the OAuth client can handle natively. */
 const SUPPORTED_OPERATIONS = new Set(["post", "reply"]);
@@ -45,55 +41,47 @@ export class UnsupportedOAuthOperationError extends Error {
 /**
  * Post a tweet (or reply) using OAuth2 Bearer token authentication.
  *
- * The token manager handles refresh transparently — if the stored token
- * is expired it will be refreshed before (or after a 401) calling the API.
+ * The caller is responsible for providing a valid token (e.g. via
+ * `assistant oauth token twitter`).
  */
 export async function oauthPostTweet(
   text: string,
-  opts?: { inReplyToTweetId?: string },
+  opts: { inReplyToTweetId?: string; oauthToken: string },
 ): Promise<OAuthPostResult> {
-  return withValidToken(SERVICE, async (token) => {
-    const body: Record<string, unknown> = { text };
-    if (opts?.inReplyToTweetId) {
-      body.reply = { in_reply_to_tweet_id: opts.inReplyToTweetId };
-    }
+  const body: Record<string, unknown> = { text };
+  if (opts.inReplyToTweetId) {
+    body.reply = { in_reply_to_tweet_id: opts.inReplyToTweetId };
+  }
 
-    const res = await fetch(`${TWITTER_API_BASE}/tweets`, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${token}`,
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify(body),
-    });
+  const res = await fetch(`${TWITTER_API_BASE}/tweets`, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${opts.oauthToken}`,
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify(body),
+  });
 
-    if (!res.ok) {
-      const errorBody = await res.text().catch(() => "");
-      const err = new Error(
-        `Twitter API error (${res.status}): ${errorBody.slice(0, 500)}`,
-      );
-      // Attach status so the token manager's 401-retry logic can detect it.
-      (err as Error & { status: number }).status = res.status;
-      throw err;
-    }
+  if (!res.ok) {
+    const errorBody = await res.text().catch(() => "");
+    throw new Error(
+      `Twitter API error (${res.status}): ${errorBody.slice(0, 500)}`,
+    );
+  }
 
-    const json = (await res.json()) as { data: { id: string; text: string } };
-    return {
-      tweetId: json.data.id,
-      text: json.data.text,
-    };
-  });
+  const json = (await res.json()) as { data: { id: string; text: string } };
+  return {
+    tweetId: json.data.id,
+    text: json.data.text,
+  };
 }
 
 /**
- * Check whether OAuth credentials are available for the Twitter integration.
- * Returns true if an access token has been stored (the token manager will
- * handle refresh if it's expired).
+ * Check whether an OAuth token is available.
+ * When the caller provides a token string, OAuth is available.
  */
-export function oauthIsAvailable(): boolean {
-  return (
-    getSecureKey("credential:integration:twitter:access_token") !== undefined
-  );
+export function oauthIsAvailable(oauthToken: string | undefined): boolean {
+  return oauthToken != null && oauthToken.length > 0;
 }
 
 /**

package/src/twitter/router.ts

@@ -1,9 +1,8 @@
 /**
  * Strategy router for Twitter operations.
- * Selects OAuth or browser path based on persisted preference and capability.
+ * Selects OAuth or browser path based on the caller-provided strategy.
  */
 
-import { loadRawConfig } from "../config/loader.js";
 import type { PostTweetResult } from "./client.js";
 import {
   postTweet as browserPostTweet,
@@ -29,30 +28,23 @@ export interface RoutedError {
   alternativeSetupHint?: string;
 }
 
-function getPreferredStrategy(): TwitterStrategy {
-  try {
-    const raw = loadRawConfig();
-    const strategy = raw.twitterOperationStrategy as string | undefined;
-    if (strategy === "oauth" || strategy === "browser") return strategy;
-  } catch {
-    /* fall through */
-  }
-  return "auto";
-}
-
 export async function routedPostTweet(
   text: string,
-  opts?: { inReplyToTweetId?: string },
+  opts: {
+    inReplyToTweetId?: string;
+    strategy: TwitterStrategy;
+    oauthToken?: string;
+  },
 ): Promise<RoutedResult<PostTweetResult>> {
-  const strategy = getPreferredStrategy();
-  const operation = opts?.inReplyToTweetId ? "reply" : "post";
+  const strategy = opts.strategy;
+  const operation = opts.inReplyToTweetId ? "reply" : "post";
 
   if (strategy === "oauth") {
     // User explicitly wants OAuth
-    if (!oauthIsAvailable()) {
+    if (!oauthIsAvailable(opts.oauthToken)) {
       throw Object.assign(
         new Error(
-          "OAuth is not configured. Provide your X developer credentials here in the chat to set up OAuth, or switch to browser strategy: `vellum x strategy set browser`.",
+          "OAuth is not configured. Provide your X developer credentials here in the chat to set up OAuth, or switch to browser strategy: `assistant config set twitter.operationStrategy browser`.",
         ),
         {
           pathUsed: "oauth" as const,
@@ -60,7 +52,10 @@ export async function routedPostTweet(
         },
       );
     }
-    const result = await oauthPostTweet(text, opts);
+    const result = await oauthPostTweet(text, {
+      inReplyToTweetId: opts.inReplyToTweetId,
+      oauthToken: opts.oauthToken!,
+    });
     return {
       result: {
         tweetId: result.tweetId,
@@ -74,7 +69,9 @@ export async function routedPostTweet(
   if (strategy === "browser") {
     // User explicitly wants browser
     try {
-      const result = await browserPostTweet(text, opts);
+      const result = await browserPostTweet(text, {
+        inReplyToTweetId: opts.inReplyToTweetId,
+      });
       return { result, pathUsed: "browser" };
     } catch (err) {
       if (err instanceof SessionExpiredError) {
@@ -89,9 +86,12 @@ export async function routedPostTweet(
 
   // auto strategy: try OAuth first if available and supported, fallback to browser
   let oauthError: Error | undefined;
-  if (oauthIsAvailable() && oauthSupportsOperation(operation)) {
+  if (oauthIsAvailable(opts.oauthToken) && oauthSupportsOperation(operation)) {
     try {
-      const result = await oauthPostTweet(text, opts);
+      const result = await oauthPostTweet(text, {
+        inReplyToTweetId: opts.inReplyToTweetId,
+        oauthToken: opts.oauthToken!,
+      });
       return {
         result: {
           tweetId: result.tweetId,
@@ -108,7 +108,9 @@ export async function routedPostTweet(
 
   // Fallback to browser
   try {
-    const result = await browserPostTweet(text, opts);
+    const result = await browserPostTweet(text, {
+      inReplyToTweetId: opts.inReplyToTweetId,
+    });
     return { result, pathUsed: "browser" };
   } catch (err) {
     if (err instanceof SessionExpiredError) {

package/src/util/platform.ts

@@ -85,6 +85,11 @@ export function readLockfile(): Record<string, unknown> | null {
  * inbound call path resolves phone numbers to config keys (typically
  * "self"). This function maps any known lockfile assistant ID to "self"
  * so both sides use a consistent DB key.
+ *
+ * Multi-instance safety: each daemon process runs with a scoped
+ * BASE_DATA_DIR, so readLockfile() only sees the lockfile for this
+ * instance. The mapping to "self" is correct because each daemon is
+ * single-tenant — it only manages its own instance's data.
  */
 export function normalizeAssistantId(assistantId: string): string {
   if (assistantId === "self") return "self";

package/src/slack/slack-webhook.ts

@@ -1,66 +0,0 @@
-import { ProviderError } from "../util/errors.js";
-import { getLogger } from "../util/logger.js";
-
-const log = getLogger("slack-webhook");
-
-/**
- * Post a rich Block Kit message to a Slack Incoming Webhook URL.
- *
- * Uses the Block Kit format so the message renders nicely in Slack with
- * a header, description section, and context footer.
- */
-export async function postToSlackWebhook(
-  webhookUrl: string,
-  appName: string,
-  appDescription: string,
-  appIcon: string,
-): Promise<void> {
-  const blocks = [
-    {
-      type: "header",
-      text: {
-        type: "plain_text",
-        text: `${appIcon} ${appName}`,
-        emoji: true,
-      },
-    },
-    {
-      type: "section",
-      text: {
-        type: "mrkdwn",
-        text: appDescription || "_No description_",
-      },
-    },
-    {
-      type: "context",
-      elements: [
-        {
-          type: "mrkdwn",
-          text: `Shared from Vellum Assistant`,
-        },
-      ],
-    },
-  ];
-
-  const payload = {
-    blocks,
-    text: `${appIcon} ${appName}: ${appDescription || "No description"}`,
-  };
-
-  log.info({ appName }, "Posting app to Slack webhook");
-
-  const response = await fetch(webhookUrl, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify(payload),
-  });
-
-  if (!response.ok) {
-    const body = await response.text();
-    throw new ProviderError(
-      `Slack webhook returned ${response.status}: ${body}`,
-      "slack",
-      response.status,
-    );
-  }
-}