@vellumai/assistant 0.4.48 → 0.4.49

package/src/tools/credentials/vault.ts

@@ -1,17 +1,22 @@
 import { getConfig } from "../../config/loader.js";
 import { orchestrateOAuthConnect } from "../../oauth/connect-orchestrator.js";
 import {
-  getProviderProfile,
+  disconnectOAuthProvider,
+  getAppByProviderAndClientId,
+  getMostRecentAppByProvider,
+  getProvider,
+} from "../../oauth/oauth-store.js";
+import {
+  getProviderBehavior,
   resolveService,
   SERVICE_ALIASES,
-} from "../../oauth/provider-profiles.js";
+} from "../../oauth/provider-behaviors.js";
 import { RiskLevel } from "../../permissions/types.js";
 import type { ToolDefinition } from "../../providers/types.js";
 import { buildAssistantEvent } from "../../runtime/assistant-event.js";
 import { assistantEventHub } from "../../runtime/assistant-event-hub.js";
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "../../runtime/assistant-scope.js";
-import { credentialKey, migrateKeys } from "../../security/credential-key.js";
-import type { TokenEndpointAuthMethod } from "../../security/oauth2.js";
+import { credentialKey } from "../../security/credential-key.js";
 import {
   deleteSecureKeyAsync,
   getSecureKey,
@@ -36,50 +41,6 @@ import { toPolicyFromInput, validatePolicyInput } from "./policy-validate.js";
 
 const log = getLogger("credential-vault");
 
-/**
- * Look up a stored OAuth secret (e.g. client_secret) for a service from the
- * secure store. Checks both the canonical and alias service names.
- */
-function findStoredOAuthSecret(
-  service: string,
-  field: string,
-): string | undefined {
-  const servicesToCheck = [service];
-  // Also check the alias if the input is the canonical name, or vice versa
-  for (const [alias, canonical] of Object.entries(SERVICE_ALIASES)) {
-    if (canonical === service) servicesToCheck.push(alias);
-    if (alias === service) servicesToCheck.push(canonical);
-  }
-  for (const svc of servicesToCheck) {
-    const value = getSecureKey(credentialKey(svc, field));
-    if (value) return value;
-  }
-  return undefined;
-}
-
-/**
- * Look up the stored OAuth client_id for a service from credential metadata.
- * Checks both the canonical and alias service names.
- */
-function findStoredOAuthClientId(service: string): string | undefined {
-  const servicesToCheck = [service];
-  for (const [alias, canonical] of Object.entries(SERVICE_ALIASES)) {
-    if (canonical === service) servicesToCheck.push(alias);
-    if (alias === service) servicesToCheck.push(canonical);
-  }
-  // Check metadata first (written by oauth2_connect after successful auth)
-  for (const svc of servicesToCheck) {
-    const meta = getCredentialMetadata(svc, "access_token");
-    if (meta?.oauth2ClientId) return meta.oauth2ClientId;
-  }
-  // Fall back to secure key store (written by credential_store prompt action)
-  for (const svc of servicesToCheck) {
-    const value = getSecureKey(credentialKey(svc, "client_id"));
-    if (value) return value;
-  }
-  return undefined;
-}
-
 class CredentialStoreTool implements Tool {
   name = "credential_store";
   description =
@@ -151,16 +112,6 @@ class CredentialStoreTool implements Tool {
             description:
               'Human-readable description of intended usage (for store/prompt actions), e.g. "GitHub login for pushing changes"',
           },
-          auth_url: {
-            type: "string",
-            description:
-              "OAuth2 authorization endpoint (only for oauth2_connect action). Auto-filled for well-known services (gmail, slack).",
-          },
-          token_url: {
-            type: "string",
-            description:
-              "OAuth2 token endpoint (only for oauth2_connect action). Auto-filled for well-known services (gmail, slack).",
-          },
           scopes: {
             type: "array",
             items: { type: "string" },
@@ -172,27 +123,11 @@ class CredentialStoreTool implements Tool {
             description:
               "OAuth2 client ID (only for oauth2_connect action). If omitted, looked up from previously stored credentials.",
           },
-          extra_params: {
-            type: "object",
-            description:
-              "Extra query params for OAuth2 auth URL (only for oauth2_connect action)",
-          },
-          userinfo_url: {
-            type: "string",
-            description:
-              "Endpoint to fetch account info after OAuth2 auth (only for oauth2_connect action)",
-          },
           client_secret: {
             type: "string",
             description:
               "OAuth2 client secret for providers that require it (e.g. Google, Slack). If omitted, looked up from previously stored credentials; if still absent, PKCE-only is used (only for oauth2_connect action)",
           },
-          token_endpoint_auth_method: {
-            type: "string",
-            enum: ["client_secret_basic", "client_secret_post"],
-            description:
-              'How to send client credentials at the token endpoint: "client_secret_post" (default, in POST body) or "client_secret_basic" (HTTP Basic Auth header). Only for oauth2_connect action.',
-          },
           alias: {
             type: "string",
             description:
@@ -243,7 +178,6 @@ class CredentialStoreTool implements Tool {
     input: Record<string, unknown>,
     context: ToolContext,
   ): Promise<ToolExecutionResult> {
-    migrateKeys();
     const action = input.action as string;
 
     switch (action) {
@@ -517,6 +451,21 @@ class CredentialStoreTool implements Tool {
             "metadata delete failed after removing credential",
           );
         }
+        // Also clean up any OAuth connection for this service (best-effort)
+        try {
+          const oauthResult = await disconnectOAuthProvider(service);
+          if (oauthResult === "error") {
+            log.warn(
+              { service },
+              "OAuth disconnect failed after removing credential — secure key deletion error",
+            );
+          }
+        } catch (err) {
+          log.warn(
+            { service, err },
+            "OAuth disconnect failed after removing credential",
+          );
+        }
         return {
           content: `Deleted credential for ${service}/${field}.`,
           isError: false,
@@ -777,51 +726,44 @@ class CredentialStoreTool implements Tool {
         // Resolve aliases (e.g. "gmail" → "integration:gmail")
         const service = resolveService(rawService);
 
-        // Fill missing params from provider profile
-        const profile = getProviderProfile(service);
-
-        // Look up client_id from metadata and client_secret from secure store
-        const clientId =
-          (input.client_id as string | undefined) ??
-          findStoredOAuthClientId(service);
-        const clientSecret =
-          (input.client_secret as string | undefined) ??
-          findStoredOAuthSecret(service, "client_secret");
+        // Code-side behavioral fields (identityVerifier, setup, etc.)
+        const behavior = getProviderBehavior(service);
+        // Protocol-level config from the DB (authUrl, tokenUrl, scopes, etc.)
+        const providerRow = getProvider(service);
+
+        // Resolve client_id and client_secret.
+        // Priority:
+        //   1. Explicit input from the caller
+        //   2. oauth-store DB — when clientId is already known, look up the
+        //      matching app so the secret comes from the same app. Only fall
+        //      back to the most-recent-app heuristic when clientId is unknown.
+        let clientId = input.client_id as string | undefined;
+        let clientSecret = input.client_secret as string | undefined;
+
+        if (!clientId || !clientSecret) {
+          const dbApp = clientId
+            ? getAppByProviderAndClientId(service, clientId)
+            : getMostRecentAppByProvider(service);
+          if (dbApp) {
+            if (!clientId) clientId = dbApp.clientId;
+            if (!clientSecret) {
+              clientSecret = getSecureKey(
+                `oauth_app/${dbApp.id}/client_secret`,
+              );
+            }
+          }
+        }
 
         // Early guardrails that stay in vault.ts (credential resolution is vault-specific)
         const inputScopes = input.scopes as string[] | undefined;
 
-        if (profile) {
-          // Profile-based provider (well-known like gmail, slack, twitter):
-          // Don't pass authUrl/tokenUrl — the orchestrator resolves those from the profile.
-          // Pass user-provided scopes as requestedScopes so the scope policy engine is invoked.
-          // If no scopes provided, pass neither — let the orchestrator use profile defaults via scope policy.
-        } else {
-          // Custom/unknown provider: require authUrl, tokenUrl, scopes from input
-          if (!input.auth_url)
-            return {
-              content:
-                "Error: auth_url is required for oauth2_connect action (no well-known config for this service)",
-              isError: true,
-            };
-          if (!input.token_url)
-            return {
-              content:
-                "Error: token_url is required for oauth2_connect action (no well-known config for this service)",
-              isError: true,
-            };
-          if (!inputScopes)
-            return {
-              content:
-                "Error: scopes is required for oauth2_connect action (no well-known config for this service)",
-              isError: true,
-            };
+        if (!providerRow) {
+          return {
+            content: `Error: no OAuth provider registered for "${service}". Ensure the provider is seeded in the database.`,
+            isError: true,
+          };
         }
 
-        const authUrl =
-          (input.auth_url as string | undefined) ?? profile?.authUrl;
-        const tokenUrl =
-          (input.token_url as string | undefined) ?? profile?.tokenUrl;
         if (!clientId)
           return {
             content:
@@ -833,10 +775,10 @@ class CredentialStoreTool implements Tool {
         // agent to collect it from the user rather than letting it improvise
         // browser-automation workarounds that inevitably fail.
         const requiresSecret =
-          profile?.setup?.requiresClientSecret ??
-          !!(profile?.tokenEndpointAuthMethod || profile?.extraParams);
+          behavior?.setup?.requiresClientSecret ??
+          !!(providerRow.tokenEndpointAuthMethod || providerRow.extraParams);
         if (requiresSecret && !clientSecret) {
-          const skillId = profile?.setupSkillId;
+          const skillId = behavior?.setupSkillId;
           const skillHint = skillId
             ? `\n\nLoad the "${skillId}" skill for provider-specific instructions on obtaining the client secret.`
             : '\n\nUse credential_store with action "prompt" to securely collect the client_secret from the user before calling oauth2_connect again.';
@@ -846,25 +788,8 @@ class CredentialStoreTool implements Tool {
           };
         }
 
-        try {
-          assertMetadataWritable();
-        } catch {
-          return {
-            content:
-              "Error: credential metadata file has an unrecognized version; cannot store credentials",
-            isError: true,
-          };
-        }
-
-        const tokenEndpointAuthMethod =
-          (input.token_endpoint_auth_method as
-            | TokenEndpointAuthMethod
-            | undefined) ?? profile?.tokenEndpointAuthMethod;
-
-        // Delegate to the shared orchestrator.
-        // For profile-based providers, pass user scopes as requestedScopes so the
-        // scope policy engine (resolveScopes) is invoked. For custom providers,
-        // pass scopes directly as an explicit override.
+        // Delegate to the shared orchestrator — it resolves authUrl, tokenUrl,
+        // extraParams, userinfoUrl, and tokenEndpointAuthMethod from the DB.
         const result = await orchestrateOAuthConnect({
           service: rawService,
           clientId,
@@ -872,24 +797,7 @@ class CredentialStoreTool implements Tool {
           isInteractive: !!context.isInteractive,
           sendToClient: context.sendToClient,
           allowedTools: input.allowed_tools as string[] | undefined,
-          authUrl,
-          tokenUrl,
-          ...(profile
-            ? {
-                // Profile-based: let orchestrator resolve scopes via policy engine.
-                // Only pass requestedScopes if the user explicitly provided scopes.
-                ...(inputScopes ? { requestedScopes: inputScopes } : {}),
-              }
-            : {
-                // Custom provider: explicit scopes override (bypasses policy engine)
-                scopes: inputScopes,
-              }),
-          extraParams:
-            (input.extra_params as Record<string, string> | undefined) ??
-            profile?.extraParams,
-          userinfoUrl:
-            (input.userinfo_url as string | undefined) ?? profile?.userinfoUrl,
-          tokenEndpointAuthMethod,
+          ...(inputScopes ? { requestedScopes: inputScopes } : {}),
           onDeferredComplete: (deferredResult) => {
             // Emit oauth_connect_result to all connected SSE clients so the
             // UI can update immediately when the deferred browser flow completes.
@@ -958,8 +866,8 @@ class CredentialStoreTool implements Tool {
           };
         }
         const resolvedService = resolveService(rawService);
-        const profile = getProviderProfile(resolvedService);
-        if (!profile) {
+        const descProviderRow = getProvider(resolvedService);
+        if (!descProviderRow) {
           return {
             content: `No well-known OAuth config found for "${rawService}". Available services: ${Object.keys(
               SERVICE_ALIASES,
@@ -968,11 +876,17 @@ class CredentialStoreTool implements Tool {
           };
         }
 
+        const descBehavior = getProviderBehavior(resolvedService);
+
         // Compute the redirect URI based on callback transport
         let redirectUri: string;
-        const transport = profile.callbackTransport ?? "gateway";
-        if (transport === "loopback" && profile.loopbackPort) {
-          redirectUri = `http://127.0.0.1:${profile.loopbackPort}/oauth/callback`;
+        const transport =
+          (descProviderRow.callbackTransport as
+            | "loopback"
+            | "gateway"
+            | null) ?? "gateway";
+        if (transport === "loopback" && descProviderRow.loopbackPort) {
+          redirectUri = `http://127.0.0.1:${descProviderRow.loopbackPort}/oauth/callback`;
         } else if (transport === "loopback") {
           redirectUri =
             "(automatic — no redirect URI needed, uses random localhost port)";
@@ -986,26 +900,39 @@ class CredentialStoreTool implements Tool {
             redirectUri = `${baseUrl}/webhooks/oauth/callback`;
           } catch {
             redirectUri =
-              "(requires INGRESS_PUBLIC_BASE_URL — not currently configured)";
+              "(requires ingress.publicBaseUrl — not currently configured)";
           }
         }
 
         // Prefer explicit setup metadata, fall back to heuristic
         const requiresClientSecret =
-          profile.setup?.requiresClientSecret ??
-          !!(profile.tokenEndpointAuthMethod || profile.extraParams);
+          descBehavior?.setup?.requiresClientSecret ??
+          !!(
+            descProviderRow.tokenEndpointAuthMethod ||
+            descProviderRow.extraParams
+          );
+
+        const descDefaultScopes: string[] = descProviderRow.defaultScopes
+          ? JSON.parse(descProviderRow.defaultScopes)
+          : [];
 
         const info: Record<string, unknown> = {
           service: resolvedService,
-          authUrl: profile.authUrl,
-          tokenUrl: profile.tokenUrl,
-          scopes: profile.defaultScopes,
+          authUrl: descProviderRow.authUrl,
+          tokenUrl: descProviderRow.tokenUrl,
+          scopes: descDefaultScopes,
           callbackTransport: transport,
           redirectUri,
           requiresClientSecret,
         };
-        if (profile.setup) info.setup = profile.setup;
-        if (profile.extraParams) info.extraParams = profile.extraParams;
+        if (descBehavior?.setup) info.setup = descBehavior.setup;
+        if (descProviderRow.extraParams) {
+          try {
+            info.extraParams = JSON.parse(descProviderRow.extraParams);
+          } catch {
+            // Non-fatal
+          }
+        }
 
         return { content: JSON.stringify(info, null, 2), isError: false };
       }

package/src/tools/registry.ts

@@ -4,7 +4,6 @@ import { getLogger } from "../util/logger.js";
 import { coreAppProxyTools } from "./apps/definitions.js";
 import { registerAppTools } from "./apps/registry.js";
 import { allComputerUseTools } from "./computer-use/definitions.js";
-import { requestComputerControlTool } from "./computer-use/request-computer-control.js";
 import { hostFileEditTool } from "./host-filesystem/edit.js";
 import { hostFileReadTool } from "./host-filesystem/read.js";
 import { hostFileWriteTool } from "./host-filesystem/write.js";
@@ -300,8 +299,8 @@ export function getSkillRefCount(skillId: string): number {
 }
 
 export function getAllToolDefinitions(): ToolDefinition[] {
-  // Exclude proxy tools (e.g. computer_use_* tools) — they are only used
-  // by ComputerUseSession which builds its own tool definitions list.
+  // Exclude proxy tools (e.g. computer_use_* tools) — they are projected
+  // into sessions by the skill system, not via the global tool list.
   // Exclude skill-origin tools — they are managed by the session-level
   // skill projection system (projectSkillTools) and must not leak into
   // the base tool list, which is shared across sessions via the global
@@ -341,9 +340,6 @@ export async function initializeTools(): Promise<void> {
     registerTool(tool);
   }
 
-  // The escalation tool is registered in core so text_qa sessions can execute it.
-  // The 12 action tools are provided by the bundled computer-use skill.
-  registerTool(requestComputerControlTool);
   registerUiSurfaceTools();
   registerAppTools();
 
@@ -367,7 +363,6 @@ export async function initializeTools(): Promise<void> {
       ...lazyTools.map((t: LazyToolDescriptor) => t.name),
       ...hostTools.map((t: Tool) => t.name),
       ...allComputerUseTools.map((t: Tool) => t.name),
-      requestComputerControlTool.name,
       ...allUiSurfaceTools.map((t: Tool) => t.name),
       ...coreAppProxyTools.map((t: Tool) => t.name),
     ]);

package/src/tools/skills/load.ts

@@ -8,7 +8,9 @@ import type { SkillSummary, SkillToolManifest } from "../../config/skills.js";
 import { loadSkillBySelector, loadSkillCatalog } from "../../config/skills.js";
 import { RiskLevel } from "../../permissions/types.js";
 import type { ToolDefinition } from "../../providers/types.js";
+import { autoInstallFromCatalog } from "../../skills/catalog-install.js";
 import {
+  collectAllMissing,
   indexCatalogById,
   validateIncludes,
 } from "../../skills/include-graph.js";
@@ -137,7 +139,32 @@ export class SkillLoadTool implements Tool {
       };
     }
 
-    const loaded = loadSkillBySelector(selector);
+    let loaded = loadSkillBySelector(selector);
+
+    // Auto-install from catalog if the skill isn't found locally
+    if (
+      !loaded.skill &&
+      (loaded.errorCode === "not_found" || loaded.errorCode === "empty_catalog")
+    ) {
+      try {
+        const installed = await autoInstallFromCatalog(selector);
+        if (installed) {
+          log.info({ skillId: selector }, "Auto-installed skill from catalog");
+          loaded = loadSkillBySelector(selector);
+        }
+      } catch (err) {
+        const installError = err instanceof Error ? err.message : String(err);
+        log.warn(
+          { err, skillId: selector },
+          "Auto-install from catalog failed",
+        );
+        return {
+          content: `Error: skill "${selector}" was found in the catalog but installation failed: ${installError}`,
+          isError: true,
+        };
+      }
+    }
+
     if (!loaded.skill) {
       return {
         content: `Error: ${loaded.error ?? "Failed to load skill"}`,
@@ -160,10 +187,42 @@ export class SkillLoadTool implements Tool {
     // Load catalog for include validation and child metadata output
     let catalogIndex: Map<string, SkillSummary> | undefined;
     if (skill.includes && skill.includes.length > 0) {
-      const catalog = loadSkillCatalog();
+      let catalog = loadSkillCatalog();
       catalogIndex = indexCatalogById(catalog);
 
-      // Validate recursive includes (fail-closed)
+      // Auto-install missing includes before validation (max 5 rounds for transitive deps)
+      const MAX_INSTALL_ROUNDS = 5;
+      for (let round = 0; round < MAX_INSTALL_ROUNDS; round++) {
+        const missing = collectAllMissing(skill.id, catalogIndex);
+        if (missing.size === 0) break;
+
+        let installedAny = false;
+        for (const missingId of missing) {
+          try {
+            const installed = await autoInstallFromCatalog(missingId);
+            if (installed) {
+              log.info(
+                { skillId: missingId, parentSkillId: skill.id },
+                "Auto-installed missing include",
+              );
+              installedAny = true;
+            }
+          } catch (err) {
+            log.warn(
+              { err, skillId: missingId },
+              "Failed to auto-install missing include",
+            );
+          }
+        }
+
+        if (!installedAny) break; // Nothing could be installed, stop trying
+
+        // Reload catalog to pick up newly installed skills
+        catalog = loadSkillCatalog();
+        catalogIndex = indexCatalogById(catalog);
+      }
+
+      // Validate (fail-closed — catches genuinely missing deps + cycles)
       const validation = validateIncludes(skill.id, catalogIndex);
       if (!validation.ok) {
         if (validation.error === "missing") {

package/src/tools/watch/watch-state.ts

@@ -24,18 +24,6 @@ export interface WatchSession {
   timeoutHandle?: ReturnType<typeof setTimeout>;
   /** Guards against concurrent generateSummary calls */
   summaryInFlight?: boolean;
-  /** Whether this session was started via ride shotgun (no live commentary) */
-  isRideShotgun?: boolean;
-  /** Learn mode records network traffic alongside screen observations */
-  isLearnMode?: boolean;
-  /** Domain filter for network recording in learn mode */
-  targetDomain?: string;
-  /** Recording ID for learn mode sessions */
-  recordingId?: string;
-  /** Path where the learn recording was successfully saved (undefined if save failed) */
-  savedRecordingPath?: string;
-  /** Reason the learn-mode bootstrap failed (CDP launch vs recorder attach) */
-  bootstrapFailureReason?: string;
 }
 
 /** Module-level map of watch sessions keyed by watchId. */

package/src/util/logger.ts

@@ -12,11 +12,7 @@ import pino from "pino";
 import type { PrettyOptions } from "pino-pretty";
 import pinoPretty from "pino-pretty";
 
-import {
-  getDebugMode,
-  getDebugStdoutLogs,
-  getLogStderr,
-} from "../config/env-registry.js";
+import { getDebugStdoutLogs } from "../config/env-registry.js";
 import { logSerializers } from "./log-redact.js";
 import { getLogPath } from "./platform.js";
 
@@ -110,31 +106,18 @@ function buildRotatingLogger(config: LogFileConfig): pino.Logger {
   activeLogDate = today;
   activeLogFileConfig = config;
 
-  const level = getDebugMode() ? "debug" : "info";
-
-  if (getDebugMode()) {
-    const prettyStream = pinoPretty(prettyOpts({ destination: 2 }));
-    return pino(
-      { name: "assistant", level, serializers: logSerializers },
-      pino.multistream([
-        { stream: fileStream, level: "info" as const },
-        { stream: prettyStream, level: "debug" as const },
-      ]),
-    );
-  }
-
   // When stdout is not a TTY (e.g. desktop app redirects to a hatch log file),
   // write to the rotating file only — the hatch log already captured early
   // startup output and echoing pino output there is unnecessary duplication.
   if (!process.stdout.isTTY) {
     return pino(
-      { name: "assistant", level, serializers: logSerializers },
+      { name: "assistant", level: "info", serializers: logSerializers },
       fileStream,
     );
   }
 
   return pino(
-    { name: "assistant", level, serializers: logSerializers },
+    { name: "assistant", level: "info", serializers: logSerializers },
     pino.multistream([
       { stream: fileStream, level: "info" as const },
       {
@@ -173,13 +156,11 @@ function getRootLogger(): pino.Logger {
   }
   if (!rootLogger) {
     const forceStderr =
-      process.env.BUN_TEST === "1" ||
-      process.env.NODE_ENV === "test" ||
-      getLogStderr();
+      process.env.BUN_TEST === "1" || process.env.NODE_ENV === "test";
     if (forceStderr) {
       rootLogger = pino(
         {
-          level: getDebugMode() ? "debug" : "info",
+          level: "info",
           serializers: logSerializers,
         },
         pino.destination(2),
@@ -208,17 +189,7 @@ function getRootLogger(): pino.Logger {
         prettyOpts({ destination: fileDest, colorize: false }),
       );
 
-      if (getDebugMode()) {
-        const prettyStream = pinoPretty(prettyOpts({ destination: 2 }));
-        const multi = pino.multistream([
-          { stream: fileStream, level: "info" as const },
-          { stream: prettyStream, level: "debug" as const },
-        ]);
-        rootLogger = pino(
-          { level: "debug", serializers: logSerializers },
-          multi,
-        );
-      } else if (getDebugStdoutLogs()) {
+      if (getDebugStdoutLogs()) {
         rootLogger = pino(
           { level: "info", serializers: logSerializers },
           pino.multistream([
@@ -238,7 +209,7 @@ function getRootLogger(): pino.Logger {
     } catch {
       rootLogger = pino(
         {
-          level: getDebugMode() ? "debug" : "info",
+          level: "info",
           serializers: logSerializers,
         },
         pinoPretty(prettyOpts({ destination: 2 })),
@@ -248,11 +219,6 @@ function getRootLogger(): pino.Logger {
   return rootLogger;
 }
 
-/** Returns true when VELLUM_DEBUG=1 is set. */
-export function isDebug(): boolean {
-  return getDebugMode();
-}
-
 /**
  * Truncate a string for debug logging. Returns the original if under maxLen,
  * otherwise returns the first maxLen chars with a suffix indicating how much was cut.