@vellumai/assistant 0.4.50 → 0.4.51

package/src/runtime/routes/secret-routes.ts

@@ -20,6 +20,17 @@ import { httpError } from "../http-errors.js";
 import type { RouteDefinition } from "../http-router.js";
 
 const log = getLogger("runtime-http");
+const MANAGED_PROXY_CREDENTIAL = {
+  service: "vellum",
+  field: "assistant_api_key",
+};
+
+function isManagedProxyCredential(service: string, field: string): boolean {
+  return (
+    service === MANAGED_PROXY_CREDENTIAL.service &&
+    field === MANAGED_PROXY_CREDENTIAL.field
+  );
+}
 
 export async function handleAddSecret(req: Request): Promise<Response> {
   const body = (await req.json()) as {
@@ -89,6 +100,9 @@ export async function handleAddSecret(req: Request): Promise<Response> {
         );
       }
       upsertCredentialMetadata(service, field, {});
+      if (isManagedProxyCredential(service, field)) {
+        initializeProviders(getConfig());
+      }
       log.info({ service, field }, "Credential added via HTTP");
       return Response.json({ success: true, type, name }, { status: 201 });
     }
@@ -181,6 +195,9 @@ export async function handleDeleteSecret(req: Request): Promise<Response> {
         );
       }
       deleteCredentialMetadata(service, field);
+      if (isManagedProxyCredential(service, field)) {
+        initializeProviders(getConfig());
+      }
       log.info({ service, field }, "Credential deleted via HTTP");
       return Response.json({ success: true, type, name });
     }

package/src/runtime/routes/settings-routes.ts

@@ -29,7 +29,7 @@ import {
   generateAllowlistOptions,
   generateScopeOptions,
 } from "../../permissions/checker.js";
-import { getSecureKey } from "../../security/secure-keys.js";
+import { getSecureKeyAsync } from "../../security/secure-keys.js";
 import { parseToolManifestFile } from "../../skills/tool-manifest.js";
 import {
   type ManifestOverride,
@@ -160,7 +160,7 @@ async function handleOAuthConnectStart(body: {
     const app = getApp(conn.oauthAppId);
     if (app) {
       clientId = app.clientId;
-      clientSecret = getSecureKey(app.clientSecretCredentialPath);
+      clientSecret = await getSecureKeyAsync(app.clientSecretCredentialPath);
     }
   }
 
@@ -170,7 +170,7 @@ async function handleOAuthConnectStart(body: {
     if (dbApp) {
       clientId = dbApp.clientId;
       if (!clientSecret) {
-        clientSecret = getSecureKey(dbApp.clientSecretCredentialPath);
+        clientSecret = await getSecureKeyAsync(dbApp.clientSecretCredentialPath);
       }
     }
   }

package/src/runtime/routes/workspace-routes.ts

@@ -34,7 +34,9 @@ interface TreeEntry {
 function handleWorkspaceTree(ctx: RouteContext): Response {
   const requestedPath = ctx.url.searchParams.get("path") ?? "";
   const showHidden = ctx.url.searchParams.get("showHidden") === "true";
-  const resolved = resolveWorkspacePath(requestedPath);
+  const resolved = resolveWorkspacePath(requestedPath, {
+    allowHidden: showHidden,
+  });
   if (resolved === undefined) {
     return httpError("BAD_REQUEST", "Invalid path", 400);
   }
@@ -96,7 +98,8 @@ function handleWorkspaceFile(ctx: RouteContext): Response {
     return httpError("BAD_REQUEST", "path query parameter is required", 400);
   }
 
-  const resolved = resolveWorkspacePath(path);
+  const showHidden = ctx.url.searchParams.get("showHidden") === "true";
+  const resolved = resolveWorkspacePath(path, { allowHidden: showHidden });
   if (resolved === undefined) {
     return httpError("BAD_REQUEST", "Invalid path", 400);
   }
@@ -146,7 +149,8 @@ function handleWorkspaceFileContent(ctx: RouteContext): Response {
     );
   }
 
-  const resolved = resolveWorkspacePath(path);
+  const showHidden = ctx.url.searchParams.get("showHidden") === "true";
+  const resolved = resolveWorkspacePath(path, { allowHidden: showHidden });
   if (resolved === undefined) {
     return httpError("BAD_REQUEST", "Invalid path", 400);
   }

package/src/runtime/routes/workspace-utils.ts

@@ -7,10 +7,16 @@ import { getWorkspaceDir } from "../../util/platform.js";
  * Resolves a user-provided relative path to an absolute path within the workspace.
  * Returns the resolved absolute path, or undefined if the path escapes the workspace root.
  */
-export function resolveWorkspacePath(relativePath: string): string | undefined {
+export function resolveWorkspacePath(
+  relativePath: string,
+  options?: { allowHidden?: boolean },
+): string | undefined {
   // Reject paths containing hidden (dot-prefixed) segments like .env, .git, .hidden/foo
   const segments = relativePath.split(/[/\\]/);
-  if (segments.some((s) => s.startsWith(".") && s !== "." && s !== "..")) {
+  if (
+    !options?.allowHidden &&
+    segments.some((s) => s.startsWith(".") && s !== "." && s !== "..")
+  ) {
     return undefined;
   }
 

package/src/schedule/integration-status.ts

@@ -7,7 +7,7 @@ import {
 interface IntegrationProbe {
   name: string;
   category: string;
-  isConnected: () => boolean;
+  isConnected: () => Promise<boolean>;
 }
 
 // Registry — add new integrations here:
@@ -15,7 +15,7 @@ const INTEGRATION_PROBES: IntegrationProbe[] = [
   {
     name: "Gmail",
     category: "email",
-    isConnected: () => isProviderConnected("integration:gmail"),
+    isConnected: () => isProviderConnected("integration:google"),
   },
   {
     name: "Slack",
@@ -25,39 +25,46 @@ const INTEGRATION_PROBES: IntegrationProbe[] = [
   {
     name: "Twilio",
     category: "telephony",
-    isConnected: () => hasTwilioCredentials(),
+    isConnected: async () => hasTwilioCredentials(),
   },
   {
     name: "Telegram",
     category: "messaging",
-    isConnected: () => {
+    isConnected: async () => {
       const conn = getConnectionByProvider("telegram");
       return !!(conn && conn.status === "active");
     },
   },
 ];
 
-export function getIntegrationSummary(): Array<{
-  name: string;
-  category: string;
-  connected: boolean;
-}> {
-  return INTEGRATION_PROBES.map((probe) => ({
-    name: probe.name,
-    category: probe.category,
-    connected: probe.isConnected(),
-  }));
+export async function getIntegrationSummary(): Promise<
+  Array<{
+    name: string;
+    category: string;
+    connected: boolean;
+  }>
+> {
+  return Promise.all(
+    INTEGRATION_PROBES.map(async (probe) => ({
+      name: probe.name,
+      category: probe.category,
+      connected: await probe.isConnected(),
+    })),
+  );
 }
 
-export function formatIntegrationSummary(): string {
-  const summary = getIntegrationSummary();
+export async function formatIntegrationSummary(): Promise<string> {
+  const summary = await getIntegrationSummary();
   return summary
     .map((s) => `${s.name} ${s.connected ? "\u2713" : "\u2717"}`)
     .join(" | ");
 }
 
-export function hasCapability(category: string): boolean {
-  return INTEGRATION_PROBES.some(
-    (probe) => probe.category === category && probe.isConnected(),
+export async function hasCapability(category: string): Promise<boolean> {
+  const results = await Promise.all(
+    INTEGRATION_PROBES.filter((probe) => probe.category === category).map(
+      (probe) => probe.isConnected(),
+    ),
   );
+  return results.some(Boolean);
 }

package/src/security/oauth2.ts

@@ -420,18 +420,17 @@ export interface OAuth2PreparedFlow {
  * URL directly in chat and the callback arrives asynchronously via the gateway.
  *
  * Supports two transports:
- * - **gateway** (default): routes callbacks through the public ingress URL.
- *   Requires `ingress.publicBaseUrl` to be configured.
- * - **loopback**: starts a temporary localhost server to receive the callback.
- *   Used for services like Slack that require pre-registered localhost redirect
- *   URIs. The daemon is always local, so this works even in non-interactive
- *   (channel) sessions.
+ * - **loopback** (default): starts a temporary localhost server to receive the
+ *   callback. Works without any public URL or tunnel.
+ * - **gateway**: routes callbacks through the public ingress URL.
+ *   Requires `ingress.publicBaseUrl` to be configured. Used for providers that
+ *   don't support localhost redirects (e.g. Twitter, Notion).
  */
 export async function prepareOAuth2Flow(
   config: OAuth2Config,
   options?: OAuth2FlowOptions,
 ): Promise<OAuth2PreparedFlow> {
-  const transport = options?.callbackTransport ?? "gateway";
+  const transport = options?.callbackTransport ?? "loopback";
 
   if (transport === "loopback") {
     return prepareLoopbackFlow(config, options?.loopbackPort);

package/src/security/secure-keys.ts

@@ -3,7 +3,7 @@
  * available (macOS app embedded), with transparent fallback to the
  * encrypted-at-rest file store.
  *
- * Async variants try the broker first; sync variants always use the
+ * Async variants try the encrypted store first; sync variants always use the
  * encrypted store (startup code paths cannot do async I/O).
  */
 
@@ -82,30 +82,33 @@ export function isDowngradedFromKeychain(): boolean {
 }
 
 // ---------------------------------------------------------------------------
-// Async variants — try broker first, fall back to encrypted store
+// Async variants — try encrypted store first, fall back to broker
 // ---------------------------------------------------------------------------
 
 /**
- * Async version of `getSecureKey`. When the broker is available it is
- * queried first. A `null` return from the broker means error (fall back
- * to encrypted store). A `{ found: false }` also falls back to the
- * encrypted store — keys may exist only in `keys.enc` (e.g. written
- * while the broker was unavailable or via sync `setSecureKey`).
+ * Async version of `getSecureKey`. Checks the encrypted store first
+ * (instant) since `setSecureKeyAsync` always writes to both stores.
+ * Falls back to the broker for keys that may exist only in the macOS
+ * Keychain. Returns `undefined` if the key is not found in either store.
  */
 export async function getSecureKeyAsync(
   account: string,
 ): Promise<string | undefined> {
+  // Check encrypted store first (sync, instant). Since setSecureKeyAsync
+  // always writes to both broker and encrypted store, a hit here is
+  // authoritative and avoids the broker IPC round-trip.
+  const encResult = encryptedStore.getKey(account);
+  if (encResult != null && encResult.length > 0) return encResult;
+
+  // Not in encrypted store — try broker as fallback for keys that may
+  // exist only in the macOS Keychain (e.g. written by the app directly).
   const broker = getBroker();
   if (broker.isAvailable()) {
     const result = await broker.get(account);
-    // null = broker error, fall back to encrypted store
-    if (result == null) return encryptedStore.getKey(account);
-    // Broker found the key — use it
-    if (result.found) return result.value;
-    // Broker says not found — check encrypted store as fallback
-    return encryptedStore.getKey(account);
+    if (result?.found) return result.value;
   }
-  return encryptedStore.getKey(account);
+
+  return undefined;
 }
 
 /**
@@ -115,7 +118,7 @@ export async function getSecureKeyAsync(
  *
  * If the broker is available but `broker.set()` fails we return `false`
  * immediately — falling through to an encrypted-store-only write would
- * leave the broker with stale data that async readers would still see.
+ * leave the two stores out of sync.
  */
 export async function setSecureKeyAsync(
   account: string,
@@ -161,7 +164,7 @@ export async function setSecureKeyAsync(
  *
  * If the broker is available but `broker.del()` fails we return `"error"`
  * immediately — falling through to an encrypted-store-only delete would
- * leave the broker with the key, and async readers would still see it.
+ * leave the broker with the key, causing stale reads on broker fallback.
  */
 export async function deleteSecureKeyAsync(
   account: string,

package/src/security/token-manager.ts

@@ -16,11 +16,15 @@ import {
 } from "../oauth/oauth-store.js";
 import { getLogger } from "../util/logger.js";
 import { refreshOAuth2Token, type TokenEndpointAuthMethod } from "./oauth2.js";
-import { getSecureKey, setSecureKeyAsync } from "./secure-keys.js";
+import {
+  getSecureKey,
+  getSecureKeyAsync,
+  setSecureKeyAsync,
+} from "./secure-keys.js";
 
 const log = getLogger("token-manager");
 
-const MESSAGING_SERVICES = new Set(["integration:gmail", "integration:slack"]);
+const MESSAGING_SERVICES = new Set(["integration:google", "integration:slack"]);
 
 function recoveryHint(service: string): string {
   const shortName = service.startsWith("integration:")
@@ -185,7 +189,10 @@ interface RefreshConfig {
  * authMethod. Throws `TokenExpiredError` if the connection is not found
  * or incomplete.
  */
-function resolveRefreshConfig(service: string, connId: string): RefreshConfig {
+async function resolveRefreshConfig(
+  service: string,
+  connId: string,
+): Promise<RefreshConfig> {
   const conn = getConnection(connId);
   if (!conn) {
     throw new TokenExpiredError(
@@ -219,9 +226,9 @@ function resolveRefreshConfig(service: string, connId: string): RefreshConfig {
     );
   }
 
-  const secret = getSecureKey(app.clientSecretCredentialPath);
+  const secret = await getSecureKeyAsync(app.clientSecretCredentialPath);
 
-  const refreshToken = getSecureKey(
+  const refreshToken = await getSecureKeyAsync(
     `oauth_connection/${conn.id}/refresh_token`,
   );
 
@@ -249,7 +256,7 @@ function resolveRefreshConfig(service: string, connId: string): RefreshConfig {
  * Throws `TokenExpiredError` if refresh is not possible.
  */
 async function doRefresh(service: string, connId: string): Promise<string> {
-  const refreshConfig = resolveRefreshConfig(service, connId);
+  const refreshConfig = await resolveRefreshConfig(service, connId);
   const {
     tokenUrl,
     clientId: resolvedClientId,

package/src/services/vercel-deploy.ts

@@ -55,27 +55,3 @@ export async function deployHtmlToVercel(opts: {
 
   return { url: publicUrl, deploymentId: data.id };
 }
-
-export async function deleteVercelDeployment(
-  deploymentId: string,
-  token: string,
-): Promise<void> {
-  const response = await fetch(
-    `https://api.vercel.com/v13/deployments/${deploymentId}`,
-    {
-      method: "DELETE",
-      headers: {
-        Authorization: `Bearer ${token}`,
-      },
-    },
-  );
-
-  if (!response.ok) {
-    const text = await response.text();
-    throw new ProviderError(
-      `Vercel delete deployment failed (${response.status}): ${text}`,
-      "vercel",
-      response.status,
-    );
-  }
-}

package/src/signals/confirm.ts

@@ -0,0 +1,78 @@
+/**
+ * Handle confirmation decisions delivered via signal files from the CLI.
+ *
+ * The built-in CLI writes JSON to `signals/confirm` instead of making an
+ * HTTP POST to `/v1/confirm`. The daemon's ConfigWatcher detects the file
+ * change and invokes {@link handleConfirmationSignal}, which reads the
+ * payload and resolves the pending interaction in-process.
+ */
+
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+
+import type { UserDecision } from "../permissions/types.js";
+import * as pendingInteractions from "../runtime/pending-interactions.js";
+import { getLogger } from "../util/logger.js";
+import { getWorkspaceDir } from "../util/platform.js";
+
+const log = getLogger("signal:confirm");
+
+const VALID_DECISIONS: ReadonlySet<string> = new Set<string>([
+  "allow",
+  "allow_10m",
+  "allow_thread",
+  "always_allow",
+  "always_allow_high_risk",
+  "deny",
+  "always_deny",
+  "temporary_override",
+]);
+
+function isUserDecision(value: string): value is UserDecision {
+  return VALID_DECISIONS.has(value);
+}
+
+/**
+ * Read the `signals/confirm` file and resolve the pending interaction.
+ * Called by ConfigWatcher when the signal file is written or modified.
+ */
+export function handleConfirmationSignal(): void {
+  try {
+    const content = readFileSync(
+      join(getWorkspaceDir(), "signals", "confirm"),
+      "utf-8",
+    );
+    const parsed = JSON.parse(content) as {
+      requestId?: string;
+      decision?: string;
+    };
+    const { requestId, decision } = parsed;
+
+    if (!requestId || typeof requestId !== "string") {
+      log.warn("Confirmation signal missing requestId");
+      return;
+    }
+    if (!decision || !isUserDecision(decision)) {
+      log.warn({ decision }, "Confirmation signal has invalid decision");
+      return;
+    }
+
+    const interaction = pendingInteractions.resolve(requestId);
+    if (!interaction) {
+      log.warn({ requestId }, "No pending interaction for confirmation signal");
+      return;
+    }
+
+    interaction.session.handleConfirmationResponse(
+      requestId,
+      decision,
+      undefined,
+      undefined,
+      undefined,
+      { source: "button" },
+    );
+    log.info({ requestId, decision }, "Confirmation resolved via signal file");
+  } catch (err) {
+    log.error({ err }, "Failed to handle confirmation signal");
+  }
+}

package/src/signals/mcp-reload.ts

@@ -0,0 +1,18 @@
+/**
+ * Handle MCP reload signals from the CLI.
+ *
+ * When the CLI writes to `signals/mcp-reload`, the daemon's ConfigWatcher
+ * detects the file change and invokes {@link handleMcpReloadSignal} to
+ * restart MCP servers with the latest configuration.
+ */
+
+import { reloadMcpServers } from "../daemon/mcp-reload-service.js";
+import { getLogger } from "../util/logger.js";
+
+const log = getLogger("signal:mcp-reload");
+
+export function handleMcpReloadSignal(): void {
+  reloadMcpServers().catch((err: unknown) => {
+    log.error({ err }, "MCP reload triggered by signal file failed");
+  });
+}

package/src/tools/credentials/vault.ts

@@ -3,6 +3,7 @@ import { orchestrateOAuthConnect } from "../../oauth/connect-orchestrator.js";
 import {
   disconnectOAuthProvider,
   getAppByProviderAndClientId,
+  getConnectionByProviderAndAccount,
   getMostRecentAppByProvider,
   getProvider,
 } from "../../oauth/oauth-store.js";
@@ -19,7 +20,7 @@ import { DAEMON_INTERNAL_ASSISTANT_ID } from "../../runtime/assistant-scope.js";
 import { credentialKey } from "../../security/credential-key.js";
 import {
   deleteSecureKeyAsync,
-  getSecureKey,
+  getSecureKeyAsync,
   listSecureKeys,
   setSecureKeyAsync,
 } from "../../security/secure-keys.js";
@@ -72,6 +73,11 @@ class CredentialStoreTool implements Tool {
             type: "string",
             description: "Service name, e.g. gmail, github",
           },
+          account: {
+            type: "string",
+            description:
+              "Account identifier (e.g. email address) to target a specific connection when multiple accounts are connected for the same service. If omitted, uses the most recently connected account.",
+          },
           field: {
             type: "string",
             description: "Field name, e.g. password, username, recovery_email",
@@ -453,7 +459,19 @@ class CredentialStoreTool implements Tool {
         }
         // Also clean up any OAuth connection for this service (best-effort)
         try {
-          const oauthResult = await disconnectOAuthProvider(service);
+          const accountHint = input.account as string | undefined;
+          let oauthResult: "disconnected" | "not-found" | "error";
+          if (accountHint) {
+            const targetConn = getConnectionByProviderAndAccount(
+              service,
+              accountHint,
+            );
+            oauthResult = targetConn
+              ? await disconnectOAuthProvider(service, undefined, targetConn.id)
+              : "not-found";
+          } else {
+            oauthResult = await disconnectOAuthProvider(service);
+          }
           if (oauthResult === "error") {
             log.warn(
               { service },
@@ -723,7 +741,7 @@ class CredentialStoreTool implements Tool {
             isError: true,
           };
 
-        // Resolve aliases (e.g. "gmail" → "integration:gmail")
+        // Resolve aliases (e.g. "gmail" → "integration:google")
         const service = resolveService(rawService);
 
         // Code-side behavioral fields (identityVerifier, setup, etc.)
@@ -747,7 +765,7 @@ class CredentialStoreTool implements Tool {
           if (dbApp) {
             if (!clientId) clientId = dbApp.clientId;
             if (!clientSecret) {
-              clientSecret = getSecureKey(dbApp.clientSecretCredentialPath);
+              clientSecret = await getSecureKeyAsync(dbApp.clientSecretCredentialPath);
             }
           }
         }
@@ -794,7 +812,6 @@ class CredentialStoreTool implements Tool {
           clientSecret,
           isInteractive: !!context.isInteractive,
           sendToClient: context.sendToClient,
-          allowedTools: input.allowed_tools as string[] | undefined,
           ...(inputScopes ? { requestedScopes: inputScopes } : {}),
           onDeferredComplete: (deferredResult) => {
             // Emit oauth_connect_result to all connected SSE clients so the

package/src/tools/network/script-proxy/session-manager.ts

@@ -19,7 +19,7 @@ import {
   routeConnection,
   stripQueryString,
 } from "../../../outbound-proxy/index.js";
-import { getSecureKey } from "../../../security/secure-keys.js";
+import { getSecureKeyAsync } from "../../../security/secure-keys.js";
 import { getLogger } from "../../../util/logger.js";
 import { silentlyWithLog } from "../../../util/silently.js";
 import {
@@ -97,10 +97,10 @@ const acquireLocks = new Map<string, Promise<ProxySession>>();
  * Handles optional composition with a second credential and value transforms.
  * Returns null if any referenced credential cannot be resolved.
  */
-function buildInjectedValue(
+async function buildInjectedValue(
   tpl: CredentialInjectionTemplate,
   primaryValue: string,
-): string | null {
+): Promise<string | null> {
   let value = primaryValue;
 
   if (tpl.composeWith) {
@@ -109,7 +109,7 @@ function buildInjectedValue(
       tpl.composeWith.field,
     );
     if (!composed) return null;
-    const composedValue = getSecureKey(composed.storageKey);
+    const composedValue = await getSecureKeyAsync(composed.storageKey);
     if (!composedValue) return null;
     value = `${value}${tpl.composeWith.separator}${composedValue}`;
   }
@@ -311,10 +311,10 @@ export async function startSession(
           if (tpl.injectionType === "header" && tpl.headerName) {
             const resolved = resolveById(credId);
             if (!resolved) return req.headers;
-            const value = getSecureKey(resolved.storageKey);
+            const value = await getSecureKeyAsync(resolved.storageKey);
             if (!value) return req.headers;
 
-            const headerValue = buildInjectedValue(tpl, value);
+            const headerValue = await buildInjectedValue(tpl, value);
             if (!headerValue) {
               log.warn(
                 { host: req.hostname, credentialId: credId },
@@ -399,11 +399,11 @@ export async function startSession(
         const { credentialId, template } = decision;
         const resolved = resolveById(credentialId);
         if (!resolved) return {};
-        const value = getSecureKey(resolved.storageKey);
+        const value = await getSecureKeyAsync(resolved.storageKey);
         if (!value) return {};
 
         if (template.injectionType === "header" && template.headerName) {
-          const headerValue = buildInjectedValue(template, value);
+          const headerValue = await buildInjectedValue(template, value);
           if (!headerValue) {
             log.warn(
               { hostname, credentialId },

package/src/tools/schedule/create.ts

@@ -115,7 +115,7 @@ export async function executeScheduleCreate(
       });
 
       const fireDate = formatLocalDate(job.nextRunAt);
-      const integrations = formatIntegrationSummary();
+      const integrations = await formatIntegrationSummary();
       return {
         content: [
           `One-shot schedule created successfully.`,
@@ -197,7 +197,7 @@ export async function executeScheduleCreate(
           : describeCronExpression(job.cronExpression);
 
     const nextRunDate = formatLocalDate(job.nextRunAt);
-    const integrations = formatIntegrationSummary();
+    const integrations = await formatIntegrationSummary();
     return {
       content: [
         `Recurring schedule created successfully.`,

package/src/watcher/provider-types.ts

@@ -28,7 +28,7 @@ export interface WatcherProvider {
   id: string;
   /** Human-readable name. */
   displayName: string;
-  /** Credential service required (e.g. 'integration:gmail'). */
+  /** Credential service required (e.g. 'integration:google'). */
   requiredCredentialService: string;
 
   /**

package/src/watcher/providers/github.ts

@@ -130,7 +130,7 @@ export const githubProvider: WatcherProvider = {
     _config: Record<string, unknown>,
     _watcherKey: string,
   ): Promise<FetchResult> {
-    const connection = resolveOAuthConnection(credentialService);
+    const connection = await resolveOAuthConnection(credentialService);
     const since = watermark ?? new Date().toISOString();
     const items: WatcherItem[] = [];
     let page = 1;