@vellumai/assistant 0.4.48 → 0.4.50

package/src/oauth/platform-connection.test.ts

@@ -1,5 +1,6 @@
 import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
 
+import { BackendError, VellumError } from "../util/errors.js";
 import {
   CredentialRequiredError,
   PlatformOAuthConnection,
@@ -116,6 +117,16 @@ describe("PlatformOAuthConnection", () => {
     await conn.request({ method: "GET", path: "/some/path" });
   });
 
+  test("error classes extend VellumError hierarchy", () => {
+    const credErr = new CredentialRequiredError();
+    expect(credErr).toBeInstanceOf(BackendError);
+    expect(credErr).toBeInstanceOf(VellumError);
+
+    const provErr = new ProviderUnreachableError();
+    expect(provErr).toBeInstanceOf(BackendError);
+    expect(provErr).toBeInstanceOf(VellumError);
+  });
+
   test("424 response throws CredentialRequiredError", async () => {
     globalThis.fetch = mock(async () => {
       return new Response("", { status: 424 });
@@ -145,6 +156,24 @@ describe("PlatformOAuthConnection", () => {
     );
   });
 
+  test("strips trailing slash from platformBaseUrl to avoid double slashes", async () => {
+    globalThis.fetch = mock(async (url: string | URL | Request) => {
+      expect(String(url)).toBe(
+        "https://platform.example.com/v1/assistants/asst-abc/external-provider-proxy/gmail/",
+      );
+      return new Response(
+        JSON.stringify({ status: 200, headers: {}, body: null }),
+        { status: 200 },
+      );
+    }) as unknown as typeof globalThis.fetch;
+
+    const conn = new PlatformOAuthConnection({
+      ...DEFAULT_OPTIONS,
+      platformBaseUrl: "https://platform.example.com/",
+    });
+    await conn.request({ method: "GET", path: "/test" });
+  });
+
   test("strips integration: prefix from providerKey for slug", async () => {
     globalThis.fetch = mock(async (url: string | URL | Request) => {
       expect(String(url)).toContain("/external-provider-proxy/slack/");

package/src/oauth/platform-connection.ts

@@ -1,17 +1,18 @@
+import { BackendError } from "../util/errors.js";
 import type {
   OAuthConnection,
   OAuthConnectionRequest,
   OAuthConnectionResponse,
 } from "./connection.js";
 
-export class CredentialRequiredError extends Error {
+export class CredentialRequiredError extends BackendError {
   constructor(message = "Connection not set up on platform") {
     super(message);
     this.name = "CredentialRequiredError";
   }
 }
 
-export class ProviderUnreachableError extends Error {
+export class ProviderUnreachableError extends BackendError {
   constructor(message = "Provider is unreachable") {
     super(message);
     this.name = "ProviderUnreachableError";
@@ -47,7 +48,7 @@ export class PlatformOAuthConnection implements OAuthConnection {
     this.accountInfo = options.accountInfo;
     this.grantedScopes = options.grantedScopes;
     this.assistantId = options.assistantId;
-    this.platformBaseUrl = options.platformBaseUrl;
+    this.platformBaseUrl = options.platformBaseUrl.replace(/\/+$/, "");
     this.apiKey = options.apiKey;
   }
 
@@ -84,7 +85,7 @@ export class PlatformOAuthConnection implements OAuthConnection {
     }
 
     if (!response.ok) {
-      throw new Error(
+      throw new BackendError(
         `Platform proxy returned unexpected status ${response.status}`,
       );
     }
@@ -103,7 +104,7 @@ export class PlatformOAuthConnection implements OAuthConnection {
   }
 
   async withToken<T>(_fn: (token: string) => Promise<T>): Promise<T> {
-    throw new Error(
+    throw new BackendError(
       "Raw token access is not supported for platform-managed connections. Use connection.request() instead.",
     );
   }

package/src/oauth/provider-behaviors.ts

@@ -0,0 +1,124 @@
+/**
+ * OAuth provider behavior registry.
+ *
+ * Contains code-side behavioral configuration for well-known OAuth
+ * providers. Protocol-level fields (authUrl, tokenUrl, scopes, etc.)
+ * are stored in the `oauth_providers` SQLite table and seeded by
+ * `seed-providers.ts`. This module contains only fields that require
+ * code references (functions, templates, skill IDs) and cannot be
+ * serialised to a DB row.
+ */
+
+import type { OAuthProviderBehavior } from "./connect-types.js";
+
+// ---------------------------------------------------------------------------
+// Provider behaviors
+// ---------------------------------------------------------------------------
+
+export const PROVIDER_BEHAVIORS: Record<string, OAuthProviderBehavior> = {
+  "integration:gmail": {
+    service: "integration:gmail",
+    // Google APIs for Gmail/Calendar/Contacts span multiple hosts; register
+    // all of them so proxied bash can inject the OAuth bearer token reliably.
+    injectionTemplates: [
+      {
+        hostPattern: "gmail.googleapis.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+      {
+        hostPattern: "www.googleapis.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+      {
+        hostPattern: "people.googleapis.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    setupSkillId: "google-oauth-applescript",
+    setup: {
+      displayName: "Google (Gmail & Calendar)",
+      dashboardUrl: "https://console.cloud.google.com/apis/credentials",
+      appType: "Desktop app",
+      requiresClientSecret: true,
+    },
+  },
+
+  "integration:slack": {
+    service: "integration:slack",
+  },
+
+  "integration:notion": {
+    service: "integration:notion",
+    injectionTemplates: [
+      {
+        hostPattern: "api.notion.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+  },
+
+  "integration:twitter": {
+    service: "integration:twitter",
+    setup: {
+      displayName: "Twitter / X",
+      dashboardUrl: "https://developer.x.com/en/portal/dashboard",
+      appType: "App",
+      requiresClientSecret: false,
+    },
+    identityVerifier: async (
+      accessToken: string,
+    ): Promise<string | undefined> => {
+      try {
+        const resp = await fetch("https://api.x.com/2/users/me", {
+          headers: { Authorization: `Bearer ${accessToken}` },
+        });
+        if (resp.ok) {
+          const body = (await resp.json()) as { data?: { username?: string } };
+          return body.data?.username ? `@${body.data.username}` : undefined;
+        }
+      } catch {
+        // Non-fatal — identity verification is best-effort
+      }
+      return undefined;
+    },
+  },
+};
+
+// ---------------------------------------------------------------------------
+// Aliases & resolution
+// ---------------------------------------------------------------------------
+
+/** Map shorthand aliases to canonical service names. */
+export const SERVICE_ALIASES: Record<string, string> = {
+  gmail: "integration:gmail",
+  slack: "integration:slack",
+  notion: "integration:notion",
+  twitter: "integration:twitter",
+};
+
+/**
+ * Resolve a service name through aliases, then fall back to `integration:`
+ * prefix for providers registered in PROVIDER_BEHAVIORS without a
+ * SERVICE_ALIASES entry.
+ */
+export function resolveService(service: string): string {
+  if (SERVICE_ALIASES[service]) return SERVICE_ALIASES[service];
+  if (!service.includes(":") && PROVIDER_BEHAVIORS[`integration:${service}`])
+    return `integration:${service}`;
+  return service;
+}
+
+/** Look up a provider behavior by canonical service name. */
+export function getProviderBehavior(
+  service: string,
+): OAuthProviderBehavior | undefined {
+  return PROVIDER_BEHAVIORS[service];
+}

package/src/oauth/scope-policy.ts

@@ -5,7 +5,7 @@
  * scopes for an OAuth flow based on the provider profile's scope policy.
  */
 
-import type { OAuthProviderProfile } from "./connect-types.js";
+import type { OAuthScopePolicy } from "./connect-types.js";
 
 // ---------------------------------------------------------------------------
 // Result types
@@ -28,8 +28,15 @@ export type ScopeResolutionResult =
  *   requested scope against the provider's `scopePolicy`.
  * - Returns a deduplicated union of default + approved requested scopes.
  */
+/** Minimal shape needed by the scope resolver. */
+export interface ScopeResolverInput {
+  service: string;
+  defaultScopes: string[];
+  scopePolicy: OAuthScopePolicy;
+}
+
 export function resolveScopes(
-  profile: OAuthProviderProfile,
+  profile: ScopeResolverInput,
   requestedScopes?: string[],
 ): ScopeResolutionResult {
   const { defaultScopes, scopePolicy, service } = profile;

package/src/oauth/seed-providers.ts

@@ -0,0 +1,167 @@
+import { seedProviders } from "./oauth-store.js";
+
+/**
+ * Protocol-level seed data for each well-known OAuth provider.
+ *
+ * These values are upserted into the `oauth_providers` SQLite table on
+ * every startup so that corrections (e.g. a fixed baseUrl) propagate to
+ * existing installations. Code-side behavioral fields (identityVerifier,
+ * injectionTemplates, setup, etc.) live in `provider-behaviors.ts` and
+ * are never persisted to the DB.
+ */
+const PROVIDER_SEED_DATA: Record<
+  string,
+  {
+    providerKey: string;
+    authUrl: string;
+    tokenUrl: string;
+    tokenEndpointAuthMethod?: string;
+    userinfoUrl?: string;
+    pingUrl?: string;
+    baseUrl?: string;
+    defaultScopes: string[];
+    scopePolicy: {
+      allowAdditionalScopes: boolean;
+      allowedOptionalScopes: string[];
+      forbiddenScopes: string[];
+    };
+    extraParams?: Record<string, string>;
+    callbackTransport?: string;
+    loopbackPort?: number;
+  }
+> = {
+  "integration:gmail": {
+    providerKey: "integration:gmail",
+    authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+    tokenUrl: "https://oauth2.googleapis.com/token",
+    userinfoUrl: "https://www.googleapis.com/oauth2/v2/userinfo",
+    pingUrl: "https://www.googleapis.com/oauth2/v2/userinfo",
+    baseUrl: "https://gmail.googleapis.com/gmail/v1/users/me",
+    defaultScopes: [
+      "https://www.googleapis.com/auth/gmail.readonly",
+      "https://www.googleapis.com/auth/gmail.modify",
+      "https://www.googleapis.com/auth/gmail.send",
+      "https://www.googleapis.com/auth/calendar.readonly",
+      "https://www.googleapis.com/auth/calendar.events",
+      "https://www.googleapis.com/auth/userinfo.email",
+      "https://www.googleapis.com/auth/contacts.readonly",
+    ],
+    scopePolicy: {
+      allowAdditionalScopes: false,
+      allowedOptionalScopes: [],
+      forbiddenScopes: [],
+    },
+    extraParams: { access_type: "offline", prompt: "consent" },
+    callbackTransport: "loopback",
+  },
+
+  "integration:slack": {
+    providerKey: "integration:slack",
+    authUrl: "https://slack.com/oauth/v2/authorize",
+    tokenUrl: "https://slack.com/api/oauth.v2.access",
+    pingUrl: "https://slack.com/api/auth.test",
+    baseUrl: "https://slack.com/api",
+    defaultScopes: [
+      "channels:read",
+      "channels:history",
+      "groups:read",
+      "groups:history",
+      "im:read",
+      "im:history",
+      "im:write",
+      "mpim:read",
+      "mpim:history",
+      "users:read",
+      "chat:write",
+      "search:read",
+      "reactions:write",
+    ],
+    scopePolicy: {
+      allowAdditionalScopes: false,
+      allowedOptionalScopes: [],
+      forbiddenScopes: [],
+    },
+    extraParams: {
+      user_scope:
+        "channels:read,channels:history,groups:read,groups:history,im:read,im:history,im:write,mpim:read,mpim:history,users:read,chat:write,search:read,reactions:write",
+    },
+    callbackTransport: "loopback",
+    loopbackPort: 17322,
+  },
+
+  "integration:notion": {
+    providerKey: "integration:notion",
+    authUrl: "https://api.notion.com/v1/oauth/authorize",
+    tokenUrl: "https://api.notion.com/v1/oauth/token",
+    pingUrl: "https://api.notion.com/v1/users/me",
+    baseUrl: "https://api.notion.com",
+    defaultScopes: [],
+    scopePolicy: {
+      allowAdditionalScopes: false,
+      allowedOptionalScopes: [],
+      forbiddenScopes: [],
+    },
+    extraParams: { owner: "user" },
+    tokenEndpointAuthMethod: "client_secret_basic",
+  },
+
+  "integration:twitter": {
+    providerKey: "integration:twitter",
+    authUrl: "https://twitter.com/i/oauth2/authorize",
+    tokenUrl: "https://api.x.com/2/oauth2/token",
+    pingUrl: "https://api.x.com/2/users/me",
+    baseUrl: "https://api.x.com",
+    defaultScopes: [
+      "tweet.read",
+      "tweet.write",
+      "users.read",
+      "offline.access",
+    ],
+    scopePolicy: {
+      allowAdditionalScopes: false,
+      allowedOptionalScopes: [],
+      forbiddenScopes: [],
+    },
+    tokenEndpointAuthMethod: "client_secret_basic",
+    callbackTransport: "gateway",
+  },
+
+  // Manual-token providers: these don't use OAuth2 flows but need provider
+  // rows so that oauth_app and oauth_connection FK chains can reference them.
+  // The authUrl/tokenUrl values are placeholders — never used at runtime.
+  slack_channel: {
+    providerKey: "slack_channel",
+    authUrl: "urn:manual-token",
+    tokenUrl: "urn:manual-token",
+    pingUrl: "https://slack.com/api/auth.test",
+    baseUrl: "https://slack.com/api",
+    defaultScopes: [],
+    scopePolicy: {
+      allowAdditionalScopes: false,
+      allowedOptionalScopes: [],
+      forbiddenScopes: [],
+    },
+  },
+
+  telegram: {
+    providerKey: "telegram",
+    authUrl: "urn:manual-token",
+    tokenUrl: "urn:manual-token",
+    baseUrl: "https://api.telegram.org",
+    defaultScopes: [],
+    scopePolicy: {
+      allowAdditionalScopes: false,
+      allowedOptionalScopes: [],
+      forbiddenScopes: [],
+    },
+  },
+};
+
+/**
+ * Seed the oauth_providers table with well-known provider configurations.
+ * Uses INSERT … ON CONFLICT DO UPDATE so seed-data corrections propagate
+ * to existing installations. Safe to call on every startup.
+ */
+export function seedOAuthProviders(): void {
+  seedProviders(Object.values(PROVIDER_SEED_DATA));
+}

package/src/oauth/token-persistence.ts

@@ -2,11 +2,14 @@
  * OAuth2 token persistence helper.
  *
  * Extracted from vault.ts so it can be reused by both the credential
- * vault tool (interactive and deferred paths) and the future OAuth
+ * vault tool (interactive and deferred paths) and the OAuth
  * orchestrator without duplicating storage logic.
+ *
+ * Writes exclusively to the SQLite tables (oauth_app, oauth_connection)
+ * and new-format secure keys (`oauth_app/{id}/...`,
+ * `oauth_connection/{id}/...`).
  */
 
-import { credentialKey, migrateKeys } from "../security/credential-key.js";
 import type {
   OAuth2FlowResult,
   TokenEndpointAuthMethod,
@@ -15,9 +18,15 @@ import {
   deleteSecureKeyAsync,
   setSecureKeyAsync,
 } from "../security/secure-keys.js";
-import { upsertCredentialMetadata } from "../tools/credentials/metadata-store.js";
 import type { CredentialInjectionTemplate } from "../tools/credentials/policy-types.js";
 import { runPostConnectHook } from "../tools/credentials/post-connect-hooks.js";
+import {
+  createConnection,
+  getApp,
+  getConnectionByProvider,
+  updateConnection,
+  upsertApp,
+} from "./oauth-store.js";
 
 // ---------------------------------------------------------------------------
 // Types
@@ -37,6 +46,8 @@ export interface StoreOAuth2TokensParams {
   wellKnownInjectionTemplates?: CredentialInjectionTemplate[];
   /** Fallback account info from an identity verifier (e.g. @username, email). */
   identityAccountInfo?: string;
+  /** Pre-resolved oauth_app ID — skips the upsertApp() call if provided. */
+  oauthAppId?: string;
 }
 
 // ---------------------------------------------------------------------------
@@ -47,15 +58,13 @@ export interface StoreOAuth2TokensParams {
  * Store OAuth2 tokens and associated metadata after a successful flow.
  *
  * Persists the access token, optional refresh token, client credentials,
- * and metadata (scopes, expiry, account info) into the secure key store
- * and credential metadata file. Runs any registered post-connect hook
- * for the service.
+ * and metadata (scopes, expiry, account info) into the SQLite oauth_app /
+ * oauth_connection tables with new-format secure keys. Runs any registered
+ * post-connect hook for the service.
  */
 export async function storeOAuth2Tokens(
   params: StoreOAuth2TokensParams,
 ): Promise<{ accountInfo?: string }> {
-  migrateKeys();
-
   const {
     service,
     tokens,
@@ -63,21 +72,9 @@ export async function storeOAuth2Tokens(
     rawTokenResponse,
     clientId,
     clientSecret,
-    tokenUrl,
-    tokenEndpointAuthMethod,
     userinfoUrl,
-    allowedTools,
-    wellKnownInjectionTemplates,
   } = params;
 
-  const tokenStored = await setSecureKeyAsync(
-    credentialKey(service, "access_token"),
-    tokens.accessToken,
-  );
-  if (!tokenStored) {
-    throw new Error("Failed to store access token in secure storage");
-  }
-
   const expiresAt = tokens.expiresIn
     ? Date.now() + tokens.expiresIn * 1000
     : null;
@@ -97,82 +94,89 @@ export async function storeOAuth2Tokens(
     }
   }
 
-  // client_id is stored in metadata only (oauth2ClientId field) — not the
-  // secure store. token-manager.ts reads it from meta?.oauth2ClientId.
-  if (clientSecret) {
-    const clientSecretStored = await setSecureKeyAsync(
-      credentialKey(service, "client_secret"),
+  const resolvedAccountInfo = accountInfo ?? params.identityAccountInfo;
+
+  // -------------------------------------------------------------------
+  // SQLite oauth_app + oauth_connection + new-format secure keys
+  // -------------------------------------------------------------------
+
+  // 1. Upsert the oauth_app row (or use the pre-resolved ID).
+  const app = params.oauthAppId
+    ? (getApp(params.oauthAppId) ?? {
+        id: params.oauthAppId,
+        clientSecretCredentialPath: `oauth_app/${params.oauthAppId}/client_secret`,
+      })
+    : await upsertApp(
+        service,
+        clientId,
+        clientSecret ? { clientSecretValue: clientSecret } : undefined,
+      );
+
+  // When oauthAppId is pre-resolved, still persist clientSecret if provided.
+  if (params.oauthAppId && clientSecret) {
+    const stored = await setSecureKeyAsync(
+      app.clientSecretCredentialPath,
       clientSecret,
     );
-    if (!clientSecretStored) {
+    if (!stored) {
       throw new Error("Failed to store client_secret in secure storage");
     }
   }
 
-  upsertCredentialMetadata(service, "access_token", {
-    allowedTools: allowedTools ?? [],
-    expiresAt,
-    grantedScopes,
-    oauth2TokenUrl: tokenUrl,
-    oauth2ClientId: clientId,
-    ...(tokenEndpointAuthMethod
-      ? { oauth2TokenEndpointAuthMethod: tokenEndpointAuthMethod }
-      : {}),
-    ...(wellKnownInjectionTemplates
-      ? { injectionTemplates: wellKnownInjectionTemplates }
-      : {}),
-  });
-
-  // Write accountInfo to config using a namespaced key (dynamic import to
-  // avoid circular dependencies — the config loader may transitively depend
-  // on credential modules).
-  const resolvedAccountInfo = accountInfo ?? params.identityAccountInfo;
-  if (resolvedAccountInfo) {
-    try {
-      const {
-        invalidateConfigCache,
-        loadRawConfig,
-        saveRawConfig,
-        setNestedValue,
-      } = await import("../config/loader.js");
-      const raw = loadRawConfig();
-
-      // Write to the namespaced path
-      setNestedValue(
-        raw,
-        `integrations.${service}.accountInfo`,
-        resolvedAccountInfo,
-      );
+  // 2. Upsert oauth_connection — reuse existing active connection for this
+  //    provider, or create a new one.
+  const existingConn = getConnectionByProvider(service);
+  let connId: string;
+
+  const hasRefreshToken = !!tokens.refreshToken;
+
+  if (existingConn) {
+    connId = existingConn.id;
+    updateConnection(connId, {
+      oauthAppId: app.id,
+      accountInfo: resolvedAccountInfo,
+      grantedScopes,
+      expiresAt,
+      hasRefreshToken,
+      metadata: rawTokenResponse,
+    });
+  } else {
+    const conn = createConnection({
+      oauthAppId: app.id,
+      providerKey: service,
+      accountInfo: resolvedAccountInfo,
+      grantedScopes,
+      expiresAt: expiresAt ?? undefined,
+      hasRefreshToken,
+      metadata: rawTokenResponse,
+    });
+    connId = conn.id;
+  }
 
-      saveRawConfig(raw);
-      invalidateConfigCache();
-    } catch {
-      // Non-fatal — tokens stored even if config write fails
-    }
+  // 3. Write access_token: oauth_connection/{conn.id}/access_token
+  const tokenStored = await setSecureKeyAsync(
+    `oauth_connection/${connId}/access_token`,
+    tokens.accessToken,
+  );
+  if (!tokenStored) {
+    throw new Error("Failed to store access token in secure storage");
   }
 
+  // 4. Write or clear refresh_token: oauth_connection/{conn.id}/refresh_token
   if (tokens.refreshToken) {
-    const refreshStored = await setSecureKeyAsync(
-      credentialKey(service, "refresh_token"),
+    await setSecureKeyAsync(
+      `oauth_connection/${connId}/refresh_token`,
       tokens.refreshToken,
     );
-    if (refreshStored) {
-      upsertCredentialMetadata(service, "access_token", {
-        hasRefreshToken: true,
-      });
-    }
   } else {
     // Re-auth grants that omit refresh_token must clear any stale stored
     // token — otherwise withValidToken() will attempt refresh with invalid
     // credentials.
-    await deleteSecureKeyAsync(credentialKey(service, "refresh_token"));
-    upsertCredentialMetadata(service, "access_token", {
-      hasRefreshToken: false,
-    });
+    await deleteSecureKeyAsync(`oauth_connection/${connId}/refresh_token`);
   }
 
   // Run any provider-specific post-connect actions (e.g. Slack welcome DM)
   await runPostConnectHook({ service, rawTokenResponse });
 
-  return { accountInfo: accountInfo ?? params.identityAccountInfo };
+  return { accountInfo: resolvedAccountInfo };
 }

package/src/permissions/checker.ts

@@ -805,12 +805,12 @@ export async function check(
   }
 
   // Workspace mode: auto-allow workspace-scoped operations that don't have
-  // an explicit rule. Non-workspace operations fall through to risk-based policy.
-  // High-risk operations always require approval regardless of scope.
+  // an explicit rule, but only when risk is Low. Medium and High risk operations
+  // fall through to risk-based policy and always require approval.
   if (
     permissionsMode === "workspace" &&
     !matchedRule &&
-    risk !== RiskLevel.High
+    risk === RiskLevel.Low
   ) {
     // When sandbox is disabled, bash runs on the host — don't auto-allow
     const sandboxEnabled = getConfig().sandbox.enabled;

package/src/permissions/defaults.ts

@@ -20,6 +20,7 @@ const HOST_FILE_TOOLS = [
   "host_file_edit",
 ] as const;
 const COMPUTER_USE_TOOLS = [
+  "computer_use_observe",
   "computer_use_click",
   "computer_use_type_text",
   "computer_use_key",
@@ -28,7 +29,6 @@ const COMPUTER_USE_TOOLS = [
   "computer_use_wait",
   "computer_use_open_app",
   "computer_use_run_applescript",
-  "computer_use_request_control",
   // computer_use_done and computer_use_respond are terminal signal tools
   // (RiskLevel.Low) — they don't perform any computer action, so they
   // should NOT get an 'ask' rule.