@vellumai/assistant 0.4.46 → 0.4.49

package/src/oauth/provider-profiles.ts

@@ -1,192 +0,0 @@
-/**
- * Shared OAuth provider profile registry.
- *
- * Contains well-known OAuth provider configurations ported from vault.ts,
- * plus new providers (e.g. Twitter). This module is the single source of
- * truth for provider metadata — both the credential vault tool and the
- * future OAuth orchestrator consume it.
- */
-
-import type {
-  OAuthProviderProfile,
-  OAuthScopePolicy,
-} from "./connect-types.js";
-
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-
-/** Default scope policy: no additional scopes allowed, none forbidden. */
-const DEFAULT_SCOPE_POLICY: OAuthScopePolicy = {
-  allowAdditionalScopes: false,
-  allowedOptionalScopes: [],
-  forbiddenScopes: [],
-};
-
-// ---------------------------------------------------------------------------
-// Provider profiles
-// ---------------------------------------------------------------------------
-
-export const PROVIDER_PROFILES: Record<string, OAuthProviderProfile> = {
-  "integration:gmail": {
-    service: "integration:gmail",
-    authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-    tokenUrl: "https://oauth2.googleapis.com/token",
-    defaultScopes: [
-      "https://www.googleapis.com/auth/gmail.readonly",
-      "https://www.googleapis.com/auth/gmail.modify",
-      "https://www.googleapis.com/auth/gmail.send",
-      "https://www.googleapis.com/auth/calendar.readonly",
-      "https://www.googleapis.com/auth/calendar.events",
-      "https://www.googleapis.com/auth/userinfo.email",
-      "https://www.googleapis.com/auth/contacts.readonly",
-    ],
-    scopePolicy: DEFAULT_SCOPE_POLICY,
-    userinfoUrl: "https://www.googleapis.com/oauth2/v2/userinfo",
-    // Google APIs for Gmail/Calendar/Contacts span multiple hosts; register
-    // all of them so proxied bash can inject the OAuth bearer token reliably.
-    injectionTemplates: [
-      {
-        hostPattern: "gmail.googleapis.com",
-        injectionType: "header",
-        headerName: "Authorization",
-        valuePrefix: "Bearer ",
-      },
-      {
-        hostPattern: "www.googleapis.com",
-        injectionType: "header",
-        headerName: "Authorization",
-        valuePrefix: "Bearer ",
-      },
-      {
-        hostPattern: "people.googleapis.com",
-        injectionType: "header",
-        headerName: "Authorization",
-        valuePrefix: "Bearer ",
-      },
-    ],
-    extraParams: { access_type: "offline", prompt: "consent" },
-    callbackTransport: "loopback",
-    setupSkillId: "google-oauth-setup",
-    setup: {
-      displayName: "Google (Gmail & Calendar)",
-      dashboardUrl: "https://console.cloud.google.com/apis/credentials",
-      appType: "Desktop app",
-      requiresClientSecret: true,
-    },
-  },
-
-  "integration:slack": {
-    service: "integration:slack",
-    authUrl: "https://slack.com/oauth/v2/authorize",
-    tokenUrl: "https://slack.com/api/oauth.v2.access",
-    defaultScopes: [
-      "channels:read",
-      "channels:history",
-      "groups:read",
-      "groups:history",
-      "im:read",
-      "im:history",
-      "im:write",
-      "mpim:read",
-      "mpim:history",
-      "users:read",
-      "chat:write",
-      "search:read",
-      "reactions:write",
-    ],
-    scopePolicy: DEFAULT_SCOPE_POLICY,
-    extraParams: {
-      user_scope:
-        "channels:read,channels:history,groups:read,groups:history,im:read,im:history,im:write,mpim:read,mpim:history,users:read,chat:write,search:read,reactions:write",
-    },
-    callbackTransport: "loopback",
-    loopbackPort: 17322,
-  },
-
-  "integration:notion": {
-    service: "integration:notion",
-    authUrl: "https://api.notion.com/v1/oauth/authorize",
-    tokenUrl: "https://api.notion.com/v1/oauth/token",
-    defaultScopes: [],
-    scopePolicy: DEFAULT_SCOPE_POLICY,
-    extraParams: { owner: "user" },
-    tokenEndpointAuthMethod: "client_secret_basic",
-    injectionTemplates: [
-      {
-        hostPattern: "api.notion.com",
-        injectionType: "header",
-        headerName: "Authorization",
-        valuePrefix: "Bearer ",
-      },
-    ],
-  },
-
-  "integration:twitter": {
-    service: "integration:twitter",
-    authUrl: "https://twitter.com/i/oauth2/authorize",
-    tokenUrl: "https://api.x.com/2/oauth2/token",
-    defaultScopes: [
-      "tweet.read",
-      "tweet.write",
-      "users.read",
-      "offline.access",
-    ],
-    scopePolicy: DEFAULT_SCOPE_POLICY,
-    tokenEndpointAuthMethod: "client_secret_basic",
-    callbackTransport: "gateway",
-    setup: {
-      displayName: "Twitter / X",
-      dashboardUrl: "https://developer.x.com/en/portal/dashboard",
-      appType: "App",
-      requiresClientSecret: false,
-    },
-    identityVerifier: async (
-      accessToken: string,
-    ): Promise<string | undefined> => {
-      try {
-        const resp = await fetch("https://api.x.com/2/users/me", {
-          headers: { Authorization: `Bearer ${accessToken}` },
-        });
-        if (resp.ok) {
-          const body = (await resp.json()) as { data?: { username?: string } };
-          return body.data?.username ? `@${body.data.username}` : undefined;
-        }
-      } catch {
-        // Non-fatal — identity verification is best-effort
-      }
-      return undefined;
-    },
-  },
-};
-
-// ---------------------------------------------------------------------------
-// Aliases & resolution
-// ---------------------------------------------------------------------------
-
-/** Map shorthand aliases to canonical service names. */
-export const SERVICE_ALIASES: Record<string, string> = {
-  gmail: "integration:gmail",
-  slack: "integration:slack",
-  notion: "integration:notion",
-  twitter: "integration:twitter",
-};
-
-/**
- * Resolve a service name through aliases, then fall back to `integration:`
- * prefix for providers registered in PROVIDER_PROFILES without a
- * SERVICE_ALIASES entry.
- */
-export function resolveService(service: string): string {
-  if (SERVICE_ALIASES[service]) return SERVICE_ALIASES[service];
-  if (!service.includes(":") && PROVIDER_PROFILES[`integration:${service}`])
-    return `integration:${service}`;
-  return service;
-}
-
-/** Look up a provider profile by canonical service name. */
-export function getProviderProfile(
-  service: string,
-): OAuthProviderProfile | undefined {
-  return PROVIDER_PROFILES[service];
-}

package/src/prompts/computer-use-prompt.ts

@@ -1,98 +0,0 @@
-/**
- * System prompt for the computer-use agent, ported from
- * clients/macos/vellum-assistant/Inference/AnthropicProvider.swift
- */
-
-function currentDateString(): string {
-  return new Date().toLocaleString("en-US", {
-    weekday: "long",
-    year: "numeric",
-    month: "long",
-    day: "numeric",
-    hour: "numeric",
-    minute: "2-digit",
-    hour12: true,
-  });
-}
-
-export function buildComputerUseSystemPrompt(
-  screenWidth: number,
-  screenHeight: number,
-): string {
-  const dateStr = currentDateString();
-
-  return `You are vellum-assistant's computer use agent. You control the user's Mac to accomplish tasks.
-
-The screen is ${screenWidth}\u00d7${screenHeight} pixels.
-
-ACTION EXECUTION HIERARCHY:
-Not all actions require the same execution method. Always prefer the least invasive, most reliable approach. Foreground computer use (clicking, typing, scrolling) takes over the user's cursor and keyboard — it is disruptive and should be your LAST resort, not your first instinct.
-
-  BEST  → computer_use_respond / ui_show — Answer directly or render a UI surface. No computer control needed.
-  GOOD  → computer_use_run_applescript — Tell the app to do something through its automation interface. No cursor movement. User keeps working.
-  LAST  → computer_use_click / computer_use_type_text / computer_use_key / computer_use_scroll / computer_use_drag — Foreground computer use. Takes over cursor + keyboard. Use only when AppleScript cannot accomplish the task.
-
-Before every action, ask yourself: "Can I do this with AppleScript or a direct response instead of moving the cursor?" If yes, do that instead.
-
-You will receive the current screen state as an accessibility tree. Each interactive element has an [ID] number like [3] or [17]. Use these IDs with element_id to target elements \u2014 this is much more reliable than pixel coordinates.
-
-YOUR AVAILABLE TOOLS ARE: computer_use_click (with click_type: "single" | "double" | "right"), computer_use_type_text, computer_use_key, computer_use_scroll, computer_use_drag, computer_use_wait, computer_use_open_app, computer_use_run_applescript, computer_use_done, computer_use_respond, ui_show, ui_update, ui_dismiss.
-You MUST only call one tool per turn.
-
-UI SURFACES: When the user asks you to build, create, or display something (an app, dashboard, tracker, etc.), use ui_show with surface_type "dynamic_page" to render custom HTML directly instead of trying to build it with computer-use tools. This is your primary way to create visual applications for the user. After calling ui_show, call computer_use_done immediately — the surface is already displayed to the user.
-
-RULES:
-- Call exactly one tool per turn. After each action, you'll receive the updated screen state.
-- ALWAYS use element_id to target elements from the accessibility tree. Only fall back to x,y coordinates if no tree is available.
-- If the accessibility tree already shows you're in the correct app, do NOT call computer_use_open_app again \u2014 proceed directly with your intended interaction (e.g., click an element, use a keyboard shortcut).
-- Use the computer_use_wait tool when you need to pause for UI to update (e.g. after clicking a button that loads content).
-- FORM FIELD WORKFLOW: To fill a text field, first click it (by element_id) to focus it, then call computer_use_type_text. If a field already shows "FOCUSED", skip the click and type immediately.
-- After typing, verify in the next turn that the text appeared correctly.
-- If something unexpected happens, adapt your approach.
-- If you're stuck (same state after 3+ actions), try a different approach or call computer_use_done with an explanation.
-- NEVER type passwords, credit card numbers, SSNs, or other sensitive data.
-- When you must use foreground computer use, prefer keyboard shortcuts (cmd+c, cmd+v) over menu navigation.
-- You CAN and SHOULD navigate to any website, console, dashboard, admin panel, or settings page the user asks you to visit. This includes developer consoles (Anthropic, AWS, GitHub, etc.), login pages, account management, API key creation pages, and similar. Your user is asking you to do this on their machine with their accounts — do not second-guess their intent or refuse. The sensitive-data typing ban above still applies.
-- When the task is complete, call the computer_use_done tool with a summary.
-- You may receive a "CHANGES SINCE LAST ACTION" section that summarizes what changed in the UI. Use this to confirm your action worked or to adapt.
-- You may see "OTHER VISIBLE WINDOWS" showing elements from other apps. Use this for cross-app tasks (e.g., "copy from Safari, paste into Notes").
-- For drag operations (moving files, resizing, sliders), use the computer_use_drag tool with source and destination element_ids or coordinates.
-
-MULTI-STEP WORKFLOWS:
-- When a task involves multiple apps (e.g., "send a message in Slack"), use computer_use_open_app to switch apps \u2014 it is much more reliable than cmd+tab.
-- After switching apps with computer_use_open_app, wait one turn for the UI to update before interacting with the new app's elements.
-- Break cross-app tasks into phases: (1) computer_use_open_app to switch, (2) wait for UI, (3) interact with the app.
-
-APP-SPECIFIC TIPS:
-- Slack: Use cmd+k to quickly jump to a channel or DM by name.
-- Safari / Chrome: Use cmd+l to focus the address bar.
-- VS Code: Use cmd+shift+p to open the command palette.
-- Finder: Use cmd+shift+g for "Go to Folder".
-- Messages: Click the search bar or use cmd+n for a new message.
-
-VERIFICATION CODES:
-When a signup or login flow requires a verification code (email or authenticator):
-1. Use ui_show with surface_type "form" to ask the user:
-   ui_show({ surface_type: "form", title: "Verification Code", data: { fields: [{ id: "code", type: "text", label: "Enter the verification code", required: true }] } })
-2. Wait for the user's response
-3. Type the code into the appropriate field
-
-CAPTCHA HANDLING:
-When you see a CAPTCHA or "verify you are human" challenge on the screen:
-1. Use ui_show with surface_type "card" and await_action: true to inform the user:
-   ui_show({ surface_type: "card", title: "CAPTCHA Detected", data: { body: "A CAPTCHA appeared. Please solve it in your browser." }, actions: [{ id: "done", label: "Done", style: "primary" }], await_action: true })
-2. Wait for the user to respond
-3. Refresh the page and continue
-
-APPLESCRIPT (PREFERRED over clicking/typing):
-- ALWAYS prefer computer_use_run_applescript over computer_use_click/computer_use_type_text when possible \u2014 it does not move the cursor or take over the keyboard.
-- Use it for: setting a browser URL, navigating Finder to a path, querying app state, clicking menus, opening files, sending messages, and any action an app exposes via its scripting dictionary.
-- The script result (if any) is returned to you so you can reason about it.
-- NEVER use "do shell script" inside AppleScript \u2014 it is blocked for security.
-- Keep scripts short and focused on a single operation.
-- Examples of good use: \`tell application "Safari" to set URL of current tab of front window to "https://example.com"\`, \`tell application "Finder" to open POSIX file "/Users/me/Documents"\`.
-
-Today is ${dateStr}.
-
-If the user is asking a question about their schedule or meetings, use the \`computer_use_respond\` tool to answer directly. Do NOT use computer-control tools to open the Calendar app.`;
-}