@vellumai/assistant 0.4.48 → 0.4.49

package/src/runtime/routes/conversation-routes.ts

@@ -17,6 +17,7 @@ import {
 import { getConfig } from "../../config/loader.js";
 import { renderHistoryContent } from "../../daemon/handlers/shared.js";
 import { HostBashProxy } from "../../daemon/host-bash-proxy.js";
+import { HostCuProxy } from "../../daemon/host-cu-proxy.js";
 import { HostFileProxy } from "../../daemon/host-file-proxy.js";
 import type { ServerMessage } from "../../daemon/message-protocol.js";
 import {
@@ -449,6 +450,12 @@ function makeHubPublisher(
         conversationId,
         kind: "host_file",
       });
+    } else if (msg.type === "host_cu_request") {
+      pendingInteractions.register(msg.requestId, {
+        session,
+        conversationId,
+        kind: "host_cu",
+      });
     }
 
     // ServerMessage is a large union; sessionId exists on most but not all variants.
@@ -640,9 +647,14 @@ export async function handleSendMessage(
       });
       session.setHostFileProxy(fileProxy);
     }
+    if (!session.isProcessing() || !session.hostCuProxy) {
+      const cuProxy = new HostCuProxy(onEvent);
+      session.setHostCuProxy(cuProxy);
+    }
   } else if (!session.isProcessing()) {
     session.setHostBashProxy(undefined);
     session.setHostFileProxy(undefined);
+    session.setHostCuProxy(undefined);
   }
   // Wire sendToClient to the SSE hub so all subsystems can reach the HTTP client.
   // Called after setHostBashProxy so updateSender targets the current proxy.
@@ -679,7 +691,13 @@ export async function handleSendMessage(
       attachments,
       session,
       onEvent,
-      approvalConversationGenerator: deps.approvalConversationGenerator,
+      // Desktop path: disable NL classification to avoid consuming non-decision
+      // messages while a tool confirmation is pending. Deterministic code-prefix
+      // and callback parsing remain active. Mirrors session-process.ts behavior.
+      approvalConversationGenerator:
+        sourceChannel === "vellum"
+          ? undefined
+          : deps.approvalConversationGenerator,
       verifiedActorExternalUserId,
       verifiedActorPrincipalId,
     });
@@ -687,6 +705,7 @@ export async function handleSendMessage(
       return Response.json(
         {
           accepted: true,
+          conversationId: mapping.conversationId,
           ...(inlineReplyResult.messageId
             ? { messageId: inlineReplyResult.messageId }
             : {}),
@@ -751,7 +770,10 @@ export async function handleSendMessage(
       pendingInteractions.removeBySession(session);
     }
 
-    return Response.json({ accepted: true, queued: true }, { status: 202 });
+    return Response.json(
+      { accepted: true, queued: true, conversationId: mapping.conversationId },
+      { status: 202 },
+    );
   }
 
   // Session is idle — persist and fire agent loop immediately
@@ -782,6 +804,7 @@ export async function handleSendMessage(
 
   if (slashResult.kind === "unknown") {
     session.processing = true;
+    let cleanupDeferred = false;
     try {
       const provenance = provenanceFromTrustContext(session.trustContext);
       const channelMeta = {
@@ -818,26 +841,54 @@ export async function handleSendMessage(
         sourceInterface,
       );
 
-      // Emit fresh model info before the text delta so the client has
-      // up-to-date configuredProviders when rendering /model, /models,
-      // and provider shortcut commands (/gpt4, /opus, etc.).
-      if (isModelSlashCommand(rawContent) || isProviderShortcut(rawContent)) {
-        onEvent(buildModelInfoEvent());
-      }
-
-      onEvent({ type: "assistant_text_delta", text: slashResult.message });
-      onEvent({
-        type: "message_complete",
-        sessionId: mapping.conversationId,
-      });
+      // Snapshot model info now so the deferred callback cannot observe
+      // a config change from a concurrent request.
+      const modelInfoEvent =
+        isModelSlashCommand(rawContent) || isProviderShortcut(rawContent)
+          ? buildModelInfoEvent()
+          : null;
 
-      return Response.json(
-        { accepted: true, messageId: persisted.id },
+      const response = Response.json(
+        {
+          accepted: true,
+          messageId: persisted.id,
+          conversationId: mapping.conversationId,
+        },
         { status: 202 },
       );
+
+      // Defer event publishing to next tick so the HTTP response reaches the
+      // client first. This ensures the client's serverToLocalSessionMap is
+      // populated before SSE events arrive, preventing dropped events in new
+      // desktop threads.
+      //
+      // session.processing and drainQueue are also deferred so the current
+      // slash command's events are emitted before the next queued message
+      // starts processing.
+      const conversationId = mapping.conversationId;
+      const message = slashResult.message;
+      setTimeout(() => {
+        if (modelInfoEvent) {
+          onEvent(modelInfoEvent);
+        }
+        onEvent({ type: "assistant_text_delta", text: message });
+        onEvent({
+          type: "message_complete",
+          sessionId: conversationId,
+        });
+        session.processing = false;
+        session.drainQueue().catch(() => {});
+      }, 0);
+
+      cleanupDeferred = true;
+      return response;
     } finally {
-      session.processing = false;
-      session.drainQueue().catch(() => {});
+      // No-op for the slash-command early-return path (handled inside
+      // setTimeout above), but still needed for error paths.
+      if (!cleanupDeferred && session.processing) {
+        session.processing = false;
+        session.drainQueue().catch(() => {});
+      }
     }
   }
 
@@ -874,7 +925,10 @@ export async function handleSendMessage(
       );
     });
 
-  return Response.json({ accepted: true, messageId }, { status: 202 });
+  return Response.json(
+    { accepted: true, messageId, conversationId: mapping.conversationId },
+    { status: 202 },
+  );
 }
 
 async function generateLlmSuggestion(

package/src/runtime/routes/events-routes.ts

@@ -7,12 +7,17 @@
  * is called. The AuthContext is threaded through from the HTTP server
  * layer, so no additional actor-token verification is needed here.
  *
- * Subscribers receive all assistant events scoped to the given conversation.
+ * When `conversationKey` is provided, subscribers receive events scoped to
+ * that conversation. When omitted, subscribers receive events from ALL
+ * conversations for this assistant (unfiltered).
  */
 
 import { getOrCreateConversation } from "../../memory/conversation-key-store.js";
 import { formatSseFrame, formatSseHeartbeat } from "../assistant-event.js";
-import type { AssistantEventSubscription } from "../assistant-event-hub.js";
+import type {
+  AssistantEventFilter,
+  AssistantEventSubscription,
+} from "../assistant-event-hub.js";
 import {
   AssistantEventHub,
   assistantEventHub,
@@ -26,10 +31,12 @@ import type { RouteDefinition } from "../http-router.js";
 const DEFAULT_HEARTBEAT_INTERVAL_MS = 30_000;
 
 /**
- * Stream assistant events as Server-Sent Events for a specific conversation.
+ * Stream assistant events as Server-Sent Events.
  *
  * Query params:
- *   conversationKey -- required; scopes the stream to one conversation.
+ *   conversationKey -- optional; when provided, scopes the stream to one
+ *                      conversation. When omitted, the stream delivers events
+ *                      from ALL conversations for this assistant.
  *
  * Options (for testing):
  *   hub               -- override the event hub (defaults to process singleton).
@@ -56,15 +63,21 @@ export function handleSubscribeAssistantEvents(
   // scope and principal type requirements.
 
   const conversationKey = url.searchParams.get("conversationKey");
-  if (!conversationKey) {
-    return httpError("BAD_REQUEST", "conversationKey is required", 400);
+  if (url.searchParams.has("conversationKey") && !conversationKey?.trim()) {
+    return httpError("BAD_REQUEST", "conversationKey must not be empty", 400);
   }
 
   const hub = options?.hub ?? assistantEventHub;
   const heartbeatIntervalMs =
     options?.heartbeatIntervalMs ?? DEFAULT_HEARTBEAT_INTERVAL_MS;
 
-  const mapping = getOrCreateConversation(conversationKey);
+  const filter: AssistantEventFilter = {
+    assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
+  };
+  if (conversationKey) {
+    const mapping = getOrCreateConversation(conversationKey);
+    filter.sessionId = mapping.conversationId;
+  }
   const encoder = new TextEncoder();
 
   // -- Eager subscribe --------------------------------------------------------
@@ -90,10 +103,7 @@ export function handleSubscribeAssistantEvents(
 
   try {
     sub = hub.subscribe(
-      {
-        assistantId: DAEMON_INTERNAL_ASSISTANT_ID,
-        sessionId: mapping.conversationId,
-      },
+      filter,
       (event) => {
         const controller = controllerRef;
         if (!controller) return;

package/src/runtime/routes/host-cu-routes.ts

@@ -0,0 +1,97 @@
+/**
+ * Route handler for host CU (computer-use) result submissions.
+ *
+ * Resolves pending host CU proxy requests by requestId when the desktop
+ * client returns observation results via HTTP.
+ */
+import { requireBoundGuardian } from "../auth/require-bound-guardian.js";
+import type { AuthContext } from "../auth/types.js";
+import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
+import * as pendingInteractions from "../pending-interactions.js";
+
+/**
+ * POST /v1/host-cu-result — resolve a pending host CU request by requestId.
+ * Requires AuthContext with guardian-bound actor.
+ */
+export async function handleHostCuResult(
+  req: Request,
+  authContext: AuthContext,
+): Promise<Response> {
+  const authError = requireBoundGuardian(authContext);
+  if (authError) return authError;
+
+  const body = (await req.json()) as {
+    requestId?: string;
+    axTree?: string;
+    axDiff?: string;
+    screenshot?: string;
+    screenshotWidthPx?: number;
+    screenshotHeightPx?: number;
+    screenWidthPt?: number;
+    screenHeightPt?: number;
+    executionResult?: string;
+    executionError?: string;
+    secondaryWindows?: string;
+    userGuidance?: string;
+  };
+
+  const { requestId } = body;
+
+  if (!requestId || typeof requestId !== "string") {
+    return httpError("BAD_REQUEST", "requestId is required", 400);
+  }
+
+  // Peek first (non-destructive) so we can validate the interaction kind
+  // without accidentally consuming a confirmation or secret interaction.
+  const peeked = pendingInteractions.get(requestId);
+  if (!peeked) {
+    return httpError(
+      "NOT_FOUND",
+      "No pending interaction found for this requestId",
+      404,
+    );
+  }
+
+  if (peeked.kind !== "host_cu") {
+    return httpError(
+      "CONFLICT",
+      `Pending interaction is of kind "${peeked.kind}", expected "host_cu"`,
+      409,
+    );
+  }
+
+  // Validation passed — consume the pending interaction.
+  const interaction = pendingInteractions.resolve(requestId)!;
+
+  interaction.session.resolveHostCu(requestId, {
+    axTree: body.axTree,
+    axDiff: body.axDiff,
+    screenshot: body.screenshot,
+    screenshotWidthPx: body.screenshotWidthPx,
+    screenshotHeightPx: body.screenshotHeightPx,
+    screenWidthPt: body.screenWidthPt,
+    screenHeightPt: body.screenHeightPt,
+    executionResult: body.executionResult,
+    executionError: body.executionError,
+    secondaryWindows: body.secondaryWindows,
+    userGuidance: body.userGuidance,
+  });
+
+  return Response.json({ accepted: true });
+}
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function hostCuRouteDefinitions(): RouteDefinition[] {
+  return [
+    {
+      endpoint: "host-cu-result",
+      method: "POST",
+      handler: async ({ req, authContext }) =>
+        handleHostCuResult(req, authContext),
+    },
+  ];
+}

package/src/runtime/routes/inbound-stages/background-dispatch.ts

@@ -31,12 +31,8 @@ import type {
   ApprovalCopyGenerator,
   MessageProcessor,
 } from "../../http-types.js";
-import { TelegramStreamingDelivery } from "../../telegram-streaming-delivery.js";
 import { resolveRoutingState } from "../../trust-context-resolver.js";
-import {
-  deliverAttachmentsOnly,
-  deliverReplyViaCallback,
-} from "../channel-delivery-routes.js";
+import { deliverReplyViaCallback } from "../channel-delivery-routes.js";
 import { deliverGeneratedApprovalPrompt } from "../guardian-approval-prompt.js";
 
 const log = getLogger("runtime-http");
@@ -112,12 +108,6 @@ export function processChannelMessageInBackground(
   } = params;
 
   (async () => {
-    const boundGuardianActor = isBoundGuardianActor({
-      trustClass: trustCtx.trustClass,
-      guardianExternalUserId: trustCtx.guardianExternalUserId,
-      requesterExternalUserId: trustCtx.requesterExternalUserId,
-    });
-
     const typingCallbackUrl = shouldEmitTelegramTyping(
       sourceChannel,
       replyCallbackUrl,
@@ -181,16 +171,6 @@ export function processChannelMessageInBackground(
       }
     }
 
-    const telegramStreaming =
-      sourceChannel === "telegram" && replyCallbackUrl
-        ? new TelegramStreamingDelivery({
-            callbackUrl: replyCallbackUrl,
-            chatId: externalChatId,
-            mintBearerToken,
-            assistantId,
-          })
-        : undefined;
-
     try {
       const cmdIntent =
         commandIntent && typeof commandIntent.type === "string"
@@ -218,9 +198,6 @@ export function processChannelMessageInBackground(
           trustContext: trustCtx,
           isInteractive: resolveRoutingState(trustCtx).promptWaitingAllowed,
           ...(cmdIntent ? { commandIntent: cmdIntent } : {}),
-          ...(telegramStreaming
-            ? { onEvent: (msg) => telegramStreaming.onEvent(msg) }
-            : {}),
         },
         sourceChannel,
         sourceInterface,
@@ -228,94 +205,18 @@ export function processChannelMessageInBackground(
       deliveryCrud.linkMessage(eventId, userMessageId);
       deliveryStatus.markProcessed(eventId);
 
-      if (telegramStreaming) {
-        // Retrieve approval metadata from pending interactions (if any)
-        // so approval buttons can be attached to the final streamed message.
-        // Approval prompts are guardian-only and must never be attached for
-        // non-guardian or unverified actors.
-        const prompt = boundGuardianActor
-          ? getChannelApprovalPrompt(conversationId)
-          : undefined;
-        const pending = boundGuardianActor
-          ? getApprovalInfoByConversation(conversationId)
-          : [];
-        const approvalMeta =
-          prompt && pending.length > 0
-            ? buildApprovalUIMetadata(prompt, pending[0])
-            : undefined;
-        try {
-          await telegramStreaming.finish(approvalMeta);
-          deliveryChannels.updateDeliveredSegmentCount(eventId, 1);
-        } catch (err) {
-          log.error(
-            { err, conversationId },
-            "Telegram streaming finalization failed",
-          );
-          // Fallback: deliver approval as a standalone message so buttons
-          // are not permanently lost when finish() fails.
-          if (approvalMeta && replyCallbackUrl) {
-            try {
-              await deliverChannelReply(
-                replyCallbackUrl,
-                {
-                  chatId: externalChatId,
-                  text: approvalMeta.plainTextFallback ?? "Action needed:",
-                  approval: approvalMeta,
-                  assistantId,
-                },
-                mintBearerToken(),
-              );
-            } catch (fallbackErr) {
-              log.error(
-                { err: fallbackErr, conversationId },
-                "Fallback approval delivery also failed",
-              );
-            }
-          }
-        }
-      }
-
       if (replyCallbackUrl) {
-        // Streaming fully succeeded — only send attachments since text
-        // was already delivered via streaming edits.
-        const streamingFullyDelivered =
-          telegramStreaming?.hasDeliveredText &&
-          telegramStreaming.finishSucceeded;
-
-        if (streamingFullyDelivered) {
-          await deliverAttachmentsOnly(
-            conversationId,
-            externalChatId,
-            replyCallbackUrl,
-            mintBearerToken(),
-            assistantId,
-          );
-        } else {
-          // Non-streaming path, or streaming partially failed (some text
-          // was delivered but finish/finalization threw). In the partial
-          // failure case the user has a truncated message, so we deliver
-          // the full response to ensure nothing is lost.
-          if (
-            telegramStreaming?.hasDeliveredText &&
-            !telegramStreaming.finishSucceeded
-          ) {
-            log.warn(
-              { conversationId },
-              "Telegram streaming partially failed — falling back to full text delivery",
-            );
-          }
-          await deliverReplyViaCallback(
-            conversationId,
-            externalChatId,
-            replyCallbackUrl,
-            mintBearerToken(),
-            assistantId,
-            {
-              onSegmentDelivered: (count) =>
-                deliveryChannels.updateDeliveredSegmentCount(eventId, count),
-            },
-          );
-        }
+        await deliverReplyViaCallback(
+          conversationId,
+          externalChatId,
+          replyCallbackUrl,
+          mintBearerToken(),
+          assistantId,
+          {
+            onSegmentDelivered: (count) =>
+              deliveryChannels.updateDeliveredSegmentCount(eventId, count),
+          },
+        );
       }
     } catch (err) {
       log.error(

package/src/runtime/routes/integrations/slack/share.ts

@@ -12,7 +12,7 @@ import {
   userInfo,
 } from "../../../../messaging/providers/slack/client.js";
 import type { SlackConversation } from "../../../../messaging/providers/slack/types.js";
-import { credentialKey } from "../../../../security/credential-key.js";
+import { getConnectionByProvider } from "../../../../oauth/oauth-store.js";
 import { getSecureKey } from "../../../../security/secure-keys.js";
 import { getLogger } from "../../../../util/logger.js";
 import { httpError } from "../../../http-errors.js";
@@ -25,14 +25,13 @@ const log = getLogger("slack-share");
 // ---------------------------------------------------------------------------
 
 /**
- * Resolve the Slack bot token from secure storage.
- * Prefers the OAuth integration token, falls back to the legacy channel token.
+ * Resolve the Slack bot token from the OAuth connection store.
  */
 function resolveSlackToken(): string | undefined {
-  return (
-    getSecureKey(credentialKey("integration:slack", "access_token")) ??
-    getSecureKey(credentialKey("slack_channel", "bot_token"))
-  );
+  const conn = getConnectionByProvider("integration:slack");
+  return conn
+    ? getSecureKey(`oauth_connection/${conn.id}/access_token`)
+    : undefined;
 }
 
 // ---------------------------------------------------------------------------

package/src/runtime/routes/log-export-routes.ts

@@ -14,7 +14,11 @@ import { desc } from "drizzle-orm";
 import { getDb } from "../../memory/db.js";
 import { toolInvocations } from "../../memory/schema.js";
 import { getLogger } from "../../util/logger.js";
-import { getDataDir, getRootDir } from "../../util/platform.js";
+import {
+  getDataDir,
+  getRootDir,
+  getWorkspaceConfigPath,
+} from "../../util/platform.js";
 import { httpError } from "../http-errors.js";
 import type { RouteDefinition } from "../http-router.js";
 
@@ -31,6 +35,7 @@ interface ExportResponse {
   success: true;
   auditRows: Array<Record<string, unknown>>;
   logFiles: Record<string, string>;
+  configSnapshot?: Record<string, unknown>;
 }
 
 /**
@@ -83,21 +88,134 @@ async function handleExport(body: ExportRequestBody): Promise<Response> {
       }
     }
 
+    // --- Sanitized config snapshot ---
+    const configSnapshot = readSanitizedConfig();
+
     log.info(
-      { auditCount: auditRows.length, logFileCount: Object.keys(logFiles).length, totalBytes },
+      {
+        auditCount: auditRows.length,
+        logFileCount: Object.keys(logFiles).length,
+        totalBytes,
+        hasConfig: configSnapshot !== undefined,
+      },
       "Export completed",
     );
 
-    const payload: ExportResponse = { success: true, auditRows, logFiles };
+    const payload: ExportResponse = {
+      success: true,
+      auditRows,
+      logFiles,
+      configSnapshot,
+    };
     return Response.json(payload);
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
     log.error({ err }, "Failed to export");
-    return httpError(
-      "INTERNAL_ERROR",
-      `Failed to export: ${message}`,
-      500,
-    );
+    return httpError("INTERNAL_ERROR", `Failed to export: ${message}`, 500);
+  }
+}
+
+/**
+ * Replaces a string value with a presence flag: "(set)" if truthy, "(empty)" otherwise.
+ */
+function redactStringValue(val: unknown): string {
+  return val ? "(set)" : "(empty)";
+}
+
+/**
+ * Reads the workspace config.json and strips sensitive fields.
+ * Returns undefined if the file is missing or unreadable.
+ */
+function readSanitizedConfig(): Record<string, unknown> | undefined {
+  const configPath = getWorkspaceConfigPath();
+  if (!existsSync(configPath)) return undefined;
+
+  try {
+    const raw = readFileSync(configPath, "utf-8");
+    const config = JSON.parse(raw) as Record<string, unknown>;
+
+    // Strip API key values — preserve which providers have keys configured
+    if (config.apiKeys && typeof config.apiKeys === "object") {
+      const keys = config.apiKeys as Record<string, unknown>;
+      config.apiKeys = Object.fromEntries(
+        Object.keys(keys).map((k) => [k, redactStringValue(keys[k])]),
+      );
+    }
+
+    // Strip ingress webhook secret
+    if (config.ingress && typeof config.ingress === "object") {
+      const ingress = config.ingress as Record<string, unknown>;
+      if (ingress.webhook && typeof ingress.webhook === "object") {
+        const webhook = ingress.webhook as Record<string, unknown>;
+        webhook.secret = redactStringValue(webhook.secret);
+        ingress.webhook = webhook;
+      }
+      config.ingress = ingress;
+    }
+
+    // Strip skill-level API keys and env vars
+    if (config.skills && typeof config.skills === "object") {
+      const skills = config.skills as Record<string, unknown>;
+      if (skills.entries && typeof skills.entries === "object") {
+        const entries = skills.entries as Record<string, unknown>;
+        for (const name of Object.keys(entries)) {
+          const entry = entries[name];
+          if (entry && typeof entry === "object") {
+            const e = entry as Record<string, unknown>;
+            if ("apiKey" in e) e.apiKey = redactStringValue(e.apiKey);
+            if (e.env && typeof e.env === "object") {
+              const env = e.env as Record<string, unknown>;
+              e.env = Object.fromEntries(
+                Object.keys(env).map((k) => [k, redactStringValue(env[k])]),
+              );
+            }
+          }
+        }
+      }
+    }
+
+    // Strip Twilio accountSid
+    if (config.twilio && typeof config.twilio === "object") {
+      const twilio = config.twilio as Record<string, unknown>;
+      twilio.accountSid = redactStringValue(twilio.accountSid);
+      config.twilio = twilio;
+    }
+
+    // Strip MCP transport headers (SSE/streamable-http) and env vars (stdio)
+    if (config.mcp && typeof config.mcp === "object") {
+      const mcp = config.mcp as Record<string, unknown>;
+      if (mcp.servers && typeof mcp.servers === "object") {
+        const servers = mcp.servers as Record<string, unknown>;
+        for (const name of Object.keys(servers)) {
+          const server = servers[name];
+          if (server && typeof server === "object") {
+            const s = server as Record<string, unknown>;
+            if (s.transport && typeof s.transport === "object") {
+              const transport = s.transport as Record<string, unknown>;
+              if (transport.headers && typeof transport.headers === "object") {
+                const headers = transport.headers as Record<string, unknown>;
+                transport.headers = Object.fromEntries(
+                  Object.keys(headers).map((k) => [
+                    k,
+                    redactStringValue(headers[k]),
+                  ]),
+                );
+              }
+              if (transport.env && typeof transport.env === "object") {
+                const env = transport.env as Record<string, unknown>;
+                transport.env = Object.fromEntries(
+                  Object.keys(env).map((k) => [k, redactStringValue(env[k])]),
+                );
+              }
+            }
+          }
+        }
+      }
+    }
+
+    return config;
+  } catch {
+    return undefined;
   }
 }