@vellumai/assistant 0.4.48 → 0.4.50

package/src/runtime/routes/trust-rules-routes.ts

@@ -48,6 +48,13 @@ export async function handleAddTrustRuleManage(
   if (!toolName || typeof toolName !== "string") {
     return httpError("BAD_REQUEST", "toolName is required", 400);
   }
+  if (toolName.startsWith("__internal:")) {
+    return httpError(
+      "BAD_REQUEST",
+      "toolName must not start with __internal:",
+      400,
+    );
+  }
   if (!pattern || typeof pattern !== "string") {
     return httpError("BAD_REQUEST", "pattern is required", 400);
   }
@@ -124,6 +131,13 @@ export async function handleUpdateTrustRuleManage(
     priority?: number;
   };
 
+  if (typeof body.tool === "string" && body.tool.startsWith("__internal:")) {
+    return httpError(
+      "BAD_REQUEST",
+      "tool must not start with __internal:",
+      400,
+    );
+  }
   if (body.decision !== undefined) {
     const validDecisions = ["allow", "deny", "ask"] as const;
     if (

package/src/runtime/routes/watch-routes.ts

@@ -0,0 +1,128 @@
+/**
+ * HTTP route handler for watch (ambient observation) functionality.
+ *
+ * Decoupled from computer-use routes so that the watch endpoint has
+ * zero dependency on CU session state.
+ */
+
+import { getLogger } from "../../util/logger.js";
+import { httpError } from "../http-errors.js";
+import type { RouteDefinition } from "../http-router.js";
+
+const log = getLogger("watch-routes");
+
+// ---------------------------------------------------------------------------
+// Dependency injection interface
+// ---------------------------------------------------------------------------
+
+/**
+ * Minimal interface for watch observation handling.
+ * The daemon wires a concrete implementation at startup.
+ */
+export interface WatchDeps {
+  /** Handle a watch observation. */
+  handleWatchObservation: (params: {
+    watchId: string;
+    sessionId: string;
+    ocrText: string;
+    appName?: string;
+    windowTitle?: string;
+    bundleIdentifier?: string;
+    timestamp: number;
+    captureIndex: number;
+    totalExpected: number;
+  }) => Promise<void>;
+}
+
+// ---------------------------------------------------------------------------
+// Route handler
+// ---------------------------------------------------------------------------
+
+/**
+ * POST /v1/computer-use/watch — send a watch observation.
+ *
+ * Body: { watchId, sessionId, ocrText, appName?, windowTitle?,
+ *         bundleIdentifier?, timestamp, captureIndex, totalExpected }
+ */
+async function handleWatchObservationRoute(
+  req: Request,
+  deps: WatchDeps,
+): Promise<Response> {
+  const body = (await req.json()) as {
+    watchId?: string;
+    sessionId?: string;
+    ocrText?: string;
+    appName?: string;
+    windowTitle?: string;
+    bundleIdentifier?: string;
+    timestamp?: number;
+    captureIndex?: number;
+    totalExpected?: number;
+  };
+
+  if (!body.watchId || typeof body.watchId !== "string") {
+    return httpError("BAD_REQUEST", "watchId is required", 400);
+  }
+  if (!body.sessionId || typeof body.sessionId !== "string") {
+    return httpError("BAD_REQUEST", "sessionId is required", 400);
+  }
+  if (!body.ocrText || typeof body.ocrText !== "string") {
+    return httpError("BAD_REQUEST", "ocrText is required", 400);
+  }
+  if (typeof body.timestamp !== "number") {
+    return httpError("BAD_REQUEST", "timestamp is required", 400);
+  }
+  if (typeof body.captureIndex !== "number") {
+    return httpError("BAD_REQUEST", "captureIndex is required", 400);
+  }
+  if (typeof body.totalExpected !== "number") {
+    return httpError("BAD_REQUEST", "totalExpected is required", 400);
+  }
+
+  try {
+    await deps.handleWatchObservation({
+      watchId: body.watchId,
+      sessionId: body.sessionId,
+      ocrText: body.ocrText,
+      appName: body.appName,
+      windowTitle: body.windowTitle,
+      bundleIdentifier: body.bundleIdentifier,
+      timestamp: body.timestamp,
+      captureIndex: body.captureIndex,
+      totalExpected: body.totalExpected,
+    });
+
+    return Response.json({ ok: true });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    log.error(
+      { err, watchId: body.watchId },
+      "Failed to handle watch observation via HTTP",
+    );
+    return httpError("INTERNAL_ERROR", message, 500);
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+
+export function watchRouteDefinitions(deps: {
+  getWatchDeps?: () => WatchDeps;
+}): RouteDefinition[] {
+  const getDeps = (): WatchDeps => {
+    if (!deps.getWatchDeps) {
+      throw new Error("Watch deps not available");
+    }
+    return deps.getWatchDeps();
+  };
+
+  return [
+    {
+      endpoint: "computer-use/watch",
+      method: "POST",
+      policyKey: "computer-use/watch",
+      handler: async ({ req }) => handleWatchObservationRoute(req, getDeps()),
+    },
+  ];
+}

package/src/runtime/routes/workspace-routes.ts

@@ -33,6 +33,7 @@ interface TreeEntry {
 
 function handleWorkspaceTree(ctx: RouteContext): Response {
   const requestedPath = ctx.url.searchParams.get("path") ?? "";
+  const showHidden = ctx.url.searchParams.get("showHidden") === "true";
   const resolved = resolveWorkspacePath(requestedPath);
   if (resolved === undefined) {
     return httpError("BAD_REQUEST", "Invalid path", 400);
@@ -45,7 +46,7 @@ function handleWorkspaceTree(ctx: RouteContext): Response {
     const entries: TreeEntry[] = [];
     for (const entry of dirents) {
       // Filter out dotfiles/directories (.env, .git, .private, etc.)
-      if (entry.name.startsWith(".")) continue;
+      if (!showHidden && entry.name.startsWith(".")) continue;
 
       const fullPath = join(resolved, entry.name);
 

package/src/schedule/integration-status.ts

@@ -1,6 +1,8 @@
 import { hasTwilioCredentials } from "../calls/twilio-rest.js";
-import { credentialKey } from "../security/credential-key.js";
-import { getSecureKey } from "../security/secure-keys.js";
+import {
+  getConnectionByProvider,
+  isProviderConnected,
+} from "../oauth/oauth-store.js";
 
 interface IntegrationProbe {
   name: string;
@@ -13,14 +15,12 @@ const INTEGRATION_PROBES: IntegrationProbe[] = [
   {
     name: "Gmail",
     category: "email",
-    isConnected: () =>
-      !!getSecureKey(credentialKey("integration:gmail", "access_token")),
+    isConnected: () => isProviderConnected("integration:gmail"),
   },
   {
     name: "Slack",
     category: "messaging",
-    isConnected: () =>
-      !!getSecureKey(credentialKey("integration:slack", "access_token")),
+    isConnected: () => isProviderConnected("integration:slack"),
   },
   {
     name: "Twilio",
@@ -30,9 +30,10 @@ const INTEGRATION_PROBES: IntegrationProbe[] = [
   {
     name: "Telegram",
     category: "messaging",
-    isConnected: () =>
-      !!getSecureKey(credentialKey("telegram", "bot_token")) &&
-      !!getSecureKey(credentialKey("telegram", "webhook_secret")),
+    isConnected: () => {
+      const conn = getConnectionByProvider("telegram");
+      return !!(conn && conn.status === "active");
+    },
   },
 ];
 

package/src/security/credential-key.ts

@@ -2,23 +2,8 @@
  * Single source of truth for credential key format in the secure store.
  *
  * Keys follow the pattern: credential/{service}/{field}
- *
- * Previously, keys used colons as delimiters (credential:service:field),
- * which was ambiguous when service names contained colons (e.g.
- * "integration:gmail"). The slash-delimited format avoids this.
  */
 
-import { listCredentialMetadata } from "../tools/credentials/metadata-store.js";
-import { getLogger } from "../util/logger.js";
-import {
-  deleteSecureKey,
-  getSecureKey,
-  listSecureKeys,
-  setSecureKey,
-} from "./secure-keys.js";
-
-const log = getLogger("credential-key");
-
 /**
  * Build a credential key for the secure store.
  *
@@ -27,144 +12,3 @@ const log = getLogger("credential-key");
 export function credentialKey(service: string, field: string): string {
   return `credential/${service}/${field}`;
 }
-
-// ---------------------------------------------------------------------------
-// Migration from colon-delimited keys
-// ---------------------------------------------------------------------------
-
-let migrated = false;
-
-/**
- * Migrate any legacy colon-delimited credential keys to the new
- * slash-delimited format. Idempotent: skips keys that already exist
- * under the new format, and only runs once per process (guarded by a
- * module-level flag).
- *
- * Legacy key format: `credential:<service>:<field>`
- * New key format:    `credential/<service>/<field>`
- *
- * The old colon-delimited format is ambiguous when either the service
- * or field name contains colons — for `credential:A:B:C:D`, you can't
- * tell where the service ends and the field begins without external
- * context.
- *
- * To resolve this, the function first consults the credential metadata
- * store to find which (service, field) pair matches a valid split.
- * If no metadata match is found, it falls back to splitting on the
- * **first** colon after the prefix — this handles the common case
- * where service names are simple (e.g. "doordash.com") and field
- * names may contain colons (e.g. "session:cookies").
- */
-export function migrateKeys(): void {
-  if (migrated) return;
-  migrated = true;
-
-  let allKeys: string[];
-  try {
-    allKeys = listSecureKeys();
-  } catch (err) {
-    log.warn({ err }, "Failed to list secure keys during migration");
-    return;
-  }
-
-  const colonKeys = allKeys.filter(
-    (k) => k.startsWith("credential:") && !k.startsWith("credential/"),
-  );
-  if (colonKeys.length === 0) return;
-
-  log.info(
-    { count: colonKeys.length },
-    "Migrating colon-delimited credential keys to slash-delimited format",
-  );
-
-  // Build a set of known (service, field) pairs from credential metadata
-  // to disambiguate colon-delimited keys.
-  const knownPairs = new Set<string>();
-  try {
-    for (const meta of listCredentialMetadata()) {
-      knownPairs.add(`${meta.service}\0${meta.field}`);
-    }
-  } catch {
-    // If metadata is unavailable, we'll rely on the first-colon fallback.
-  }
-
-  for (const oldKey of colonKeys) {
-    // Strip the "credential:" prefix — `rest` is "service:field" with
-    // potential colons in either part.
-    const rest = oldKey.slice("credential:".length);
-
-    const parsed = parseServiceField(rest, knownPairs);
-    if (parsed === undefined) {
-      log.warn({ key: oldKey }, "Skipping malformed credential key");
-      continue;
-    }
-
-    const { service, field } = parsed;
-    const newKey = credentialKey(service, field);
-
-    // Skip if the new key already exists (idempotent)
-    if (getSecureKey(newKey) !== undefined) {
-      // Clean up old key
-      deleteSecureKey(oldKey);
-      continue;
-    }
-
-    const value = getSecureKey(oldKey);
-    if (value === undefined) {
-      continue;
-    }
-
-    const ok = setSecureKey(newKey, value);
-    if (ok) {
-      deleteSecureKey(oldKey);
-    } else {
-      log.warn(
-        { oldKey, newKey },
-        "Failed to write migrated key; keeping old key",
-      );
-    }
-  }
-}
-
-/**
- * Parse a "service:field" string, using known metadata pairs to
- * disambiguate when colons appear in either part.
- *
- * Strategy:
- * 1. Try every possible split position and check against metadata.
- * 2. If no metadata match, fall back to splitting on the first colon
- *    (field names with colons are more common than service names with colons).
- *
- * Returns undefined for malformed keys that have no colon.
- */
-function parseServiceField(
-  rest: string,
-  knownPairs: Set<string>,
-): { service: string; field: string } | undefined {
-  const firstColon = rest.indexOf(":");
-  if (firstColon <= 0) return undefined;
-
-  // Try each possible split position against metadata
-  if (knownPairs.size > 0) {
-    for (let i = firstColon; i < rest.length; i++) {
-      if (rest[i] !== ":") continue;
-      const service = rest.slice(0, i);
-      const field = rest.slice(i + 1);
-      if (field.length > 0 && knownPairs.has(`${service}\0${field}`)) {
-        return { service, field };
-      }
-    }
-  }
-
-  // Fallback: split on first colon — handles simple services with
-  // compound field names (e.g. "doordash.com:session:cookies").
-  return {
-    service: rest.slice(0, firstColon),
-    field: rest.slice(firstColon + 1),
-  };
-}
-
-/** @internal Test-only: reset the migration guard so migrateKeys() runs again. */
-export function _resetMigrationFlag(): void {
-  migrated = false;
-}

package/src/security/keychain-broker-client.ts

@@ -6,7 +6,7 @@
  * provides a graceful-fallback interface: every public method returns a
  * safe default on failure and never throws.
  *
- * Socket path: read from VELLUM_KEYCHAIN_BROKER_SOCKET env var.
+ * Socket path: derived from getRootDir() as `~/.vellum/keychain-broker.sock`.
  * Auth token: read from ~/.vellum/protected/keychain-broker.token on first
  * connection, cached for process lifetime.
  */
@@ -33,11 +33,18 @@ const REQUEST_TIMEOUT_MS = 5_000;
  *  back); `{ found: false }` means the key doesn't exist in the keychain. */
 export type BrokerGetResult = { found: boolean; value?: string } | null;
 
+/** Result of a `set()` call — distinguishes broker-unreachable from an active
+ *  rejection so callers can log meaningful diagnostics. */
+export type BrokerSetResult =
+  | { status: "ok" }
+  | { status: "unreachable" }
+  | { status: "rejected"; code: string; message: string };
+
 export interface KeychainBrokerClient {
   isAvailable(): boolean;
   ping(): Promise<{ pong: boolean } | null>;
   get(account: string): Promise<BrokerGetResult>;
-  set(account: string, value: string): Promise<boolean>;
+  set(account: string, value: string): Promise<BrokerSetResult>;
   del(account: string): Promise<boolean>;
   list(): Promise<string[]>;
 }
@@ -70,8 +77,8 @@ function getTokenPath(): string {
   return join(getRootDir(), "protected", "keychain-broker.token");
 }
 
-function getSocketPath(): string | undefined {
-  return process.env.VELLUM_KEYCHAIN_BROKER_SOCKET;
+function getSocketPath(): string {
+  return join(getRootDir(), "keychain-broker.sock");
 }
 
 // ---------------------------------------------------------------------------
@@ -172,7 +179,7 @@ export function createBrokerClient(): KeychainBrokerClient {
   function connect(): Promise<Socket> {
     return new Promise((resolve, reject) => {
       const socketPath = getSocketPath();
-      if (!socketPath) {
+      if (!pathExists(socketPath)) {
         reject(new Error("No socket path"));
         return;
       }
@@ -328,8 +335,7 @@ export function createBrokerClient(): KeychainBrokerClient {
   return {
     isAvailable(): boolean {
       if (permanentlyUnavailable) return false;
-      const socketPath = getSocketPath();
-      if (!socketPath) return false;
+      if (!pathExists(getSocketPath())) return false;
       return pathExists(getTokenPath());
     },
 
@@ -361,12 +367,18 @@ export function createBrokerClient(): KeychainBrokerClient {
       }
     },
 
-    async set(account: string, value: string): Promise<boolean> {
+    async set(account: string, value: string): Promise<BrokerSetResult> {
       try {
         const response = await doRequest("key.set", { account, value });
-        return response?.ok === true;
+        if (!response) return { status: "unreachable" };
+        if (response.ok) return { status: "ok" };
+        return {
+          status: "rejected",
+          code: response.error?.code ?? "UNKNOWN",
+          message: response.error?.message ?? "unknown error",
+        };
       } catch {
-        return false;
+        return { status: "unreachable" };
       }
     },
 

package/src/security/oauth2.ts

@@ -691,7 +691,7 @@ export async function startOAuth2Flow(
   if (transport === "gateway") {
     if (!hasPublicUrl) {
       throw new Error(
-        "Gateway transport requires a public ingress URL. Set ingress.publicBaseUrl or INGRESS_PUBLIC_BASE_URL, or use loopback transport.",
+        "Gateway transport requires a public ingress URL. Set ingress.publicBaseUrl, or use loopback transport.",
       );
     }
     log.debug({ transport: "gateway" }, "OAuth2 flow starting");

package/src/security/secure-keys.ts

@@ -7,10 +7,13 @@
  * encrypted store (startup code paths cannot do async I/O).
  */
 
+import { getLogger } from "../util/logger.js";
 import * as encryptedStore from "./encrypted-store.js";
 import type { KeychainBrokerClient } from "./keychain-broker-client.js";
 import { createBrokerClient } from "./keychain-broker-client.js";
 
+const log = getLogger("secure-keys");
+
 let _broker: KeychainBrokerClient | undefined;
 
 function getBroker(): KeychainBrokerClient {
@@ -120,13 +123,32 @@ export async function setSecureKeyAsync(
 ): Promise<boolean> {
   const broker = getBroker();
   if (broker.isAvailable()) {
-    const brokerOk = await broker.set(account, value);
-    if (!brokerOk) return false;
+    const result = await broker.set(account, value);
+    if (result.status !== "ok") {
+      log.warn(
+        {
+          account,
+          brokerStatus: result.status,
+          ...(result.status === "rejected"
+            ? { brokerCode: result.code, brokerMessage: result.message }
+            : {}),
+        },
+        "Broker set failed for secure key",
+      );
+      return false;
+    }
     // Broker succeeded — also persist to encrypted store for sync callers.
     const encOk = encryptedStore.setKey(account, value);
+    if (!encOk) {
+      log.warn({ account }, "Encrypted store set failed after broker success");
+    }
     return encOk;
   }
-  return encryptedStore.setKey(account, value);
+  const encOk = encryptedStore.setKey(account, value);
+  if (!encOk) {
+    log.warn({ account }, "Encrypted store set failed (broker unavailable)");
+  }
+  return encOk;
 }
 
 /**