npm - @vellumai/assistant - Versions diffs - 0.4.50 → 0.4.51 - Mend

@vellumai/assistant 0.4.50 → 0.4.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (153) hide show

package/docs/architecture/integrations.md +2 -2
package/docs/architecture/keychain-broker.md +6 -6
package/knip.json +32 -0
package/package.json +3 -2
package/src/__tests__/btw-routes.test.ts +61 -5
package/src/__tests__/config-watcher.test.ts +8 -0
package/src/__tests__/credential-security-invariants.test.ts +8 -7
package/src/__tests__/credential-vault-unit.test.ts +19 -18
package/src/__tests__/credential-vault.test.ts +17 -17
package/src/__tests__/credentials-cli.test.ts +257 -82
package/src/__tests__/inbound-invite-redemption.test.ts +36 -7
package/src/__tests__/integration-status.test.ts +31 -30
package/src/__tests__/invite-redemption-service.test.ts +121 -32
package/src/__tests__/invite-routes-http.test.ts +166 -5
package/src/__tests__/list-messages-attachments.test.ts +193 -0
package/src/__tests__/oauth-cli.test.ts +286 -60
package/src/__tests__/oauth-provider-profiles.test.ts +1 -1
package/src/__tests__/oauth-store.test.ts +243 -11
package/src/__tests__/relay-server.test.ts +9 -0
package/src/__tests__/secret-routes-managed-proxy.test.ts +183 -0
package/src/__tests__/secure-keys.test.ts +71 -16
package/src/__tests__/server-history-render.test.ts +2 -2
package/src/__tests__/skills.test.ts +2 -2
package/src/__tests__/slack-channel-config.test.ts +10 -8
package/src/__tests__/twilio-config.test.ts +11 -10
package/src/__tests__/twilio-provider.test.ts +9 -4
package/src/__tests__/voice-invite-redemption.test.ts +58 -9
package/src/calls/call-domain.ts +3 -4
package/src/calls/relay-server.ts +1 -1
package/src/calls/twilio-config.ts +4 -3
package/src/calls/twilio-provider.ts +14 -9
package/src/calls/twilio-rest.ts +10 -7
package/src/cli/commands/config.ts +14 -9
package/src/cli/commands/contacts.ts +3 -0
package/src/cli/commands/credentials.ts +170 -174
package/src/cli/commands/doctor.ts +7 -5
package/src/cli/commands/keys.ts +9 -9
package/src/cli/commands/oauth/apps.ts +40 -11
package/src/cli/commands/oauth/connections.ts +66 -30
package/src/cli/commands/oauth/index.ts +3 -3
package/src/cli/commands/oauth/providers.ts +3 -3
package/src/cli.ts +16 -12
package/src/config/__tests__/feature-flag-registry-bundled.test.ts +39 -0
package/src/config/bundled-skills/contacts/SKILL.md +35 -11
package/src/config/bundled-skills/contacts/tools/google-contacts.ts +1 -1
package/src/config/bundled-skills/gmail/SKILL.md +1 -1
package/src/config/bundled-skills/gmail/TOOLS.json +52 -0
package/src/config/bundled-skills/gmail/tools/gmail-archive.ts +13 -3
package/src/config/bundled-skills/gmail/tools/gmail-attachments.ts +9 -2
package/src/config/bundled-skills/gmail/tools/gmail-draft.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-filters.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-follow-up.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-forward.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-label.ts +9 -2
package/src/config/bundled-skills/gmail/tools/gmail-outreach-scan.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-send-draft.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-trash.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-unsubscribe.ts +5 -1
package/src/config/bundled-skills/gmail/tools/gmail-vacation.ts +5 -1
package/src/config/bundled-skills/google-calendar/TOOLS.json +20 -0
package/src/config/bundled-skills/google-calendar/tools/calendar-check-availability.ts +2 -1
package/src/config/bundled-skills/google-calendar/tools/calendar-create-event.ts +2 -1
package/src/config/bundled-skills/google-calendar/tools/calendar-get-event.ts +2 -1
package/src/config/bundled-skills/google-calendar/tools/calendar-list-events.ts +2 -1
package/src/config/bundled-skills/google-calendar/tools/calendar-rsvp.ts +2 -1
package/src/config/bundled-skills/google-calendar/tools/shared.ts +8 -2
package/src/config/bundled-skills/messaging/SKILL.md +1 -1
package/src/config/bundled-skills/messaging/tools/messaging-analyze-style.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-archive-by-sender.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-auth-test.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-list-conversations.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-mark-read.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-read.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-search.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-send.ts +2 -2
package/src/config/bundled-skills/messaging/tools/messaging-sender-digest.ts +2 -2
package/src/config/bundled-skills/messaging/tools/shared.ts +7 -5
package/src/config/bundled-skills/slack/tools/shared.ts +1 -1
package/src/config/bundled-skills/slack/tools/slack-add-reaction.ts +1 -1
package/src/config/bundled-skills/slack/tools/slack-channel-details.ts +1 -1
package/src/config/bundled-skills/slack/tools/slack-delete-message.ts +1 -1
package/src/config/bundled-skills/slack/tools/slack-edit-message.ts +1 -1
package/src/config/bundled-skills/slack/tools/slack-leave-channel.ts +1 -1
package/src/config/bundled-skills/slack/tools/slack-scan-digest.ts +1 -1
package/src/config/loader.ts +6 -42
package/src/contacts/contact-store.ts +39 -2
package/src/contacts/contacts-write.ts +9 -0
package/src/daemon/config-watcher.ts +8 -13
package/src/daemon/handlers/config-ingress.ts +2 -2
package/src/daemon/handlers/config-slack-channel.ts +59 -39
package/src/daemon/handlers/config-telegram.ts +23 -14
package/src/daemon/handlers/session-history.ts +1 -358
package/src/daemon/handlers/shared.ts +3 -17
package/src/daemon/lifecycle.ts +8 -1
package/src/daemon/message-types/sessions.ts +0 -42
package/src/daemon/server.ts +0 -6
package/src/daemon/session-slash.ts +3 -5
package/src/email/providers/index.ts +2 -2
package/src/media/avatar-router.ts +1 -1
package/src/memory/conversation-queries.ts +3 -80
package/src/memory/db-init.ts +4 -0
package/src/memory/invite-store.ts +19 -0
package/src/memory/migrations/149-oauth-tables.ts +1 -1
package/src/memory/migrations/150-oauth-apps-client-secret-path.ts +1 -1
package/src/memory/migrations/157-invite-contact-id.ts +104 -0
package/src/memory/migrations/index.ts +1 -0
package/src/memory/migrations/registry.ts +6 -0
package/src/memory/schema/contacts.ts +1 -0
package/src/messaging/provider.ts +1 -1
package/src/messaging/providers/gmail/adapter.ts +1 -1
package/src/messaging/providers/telegram-bot/adapter.ts +17 -8
package/src/messaging/providers/whatsapp/adapter.ts +13 -9
package/src/messaging/registry.ts +9 -5
package/src/oauth/byo-connection.test.ts +32 -24
package/src/oauth/connect-orchestrator.ts +4 -10
package/src/oauth/connection-resolver.ts +20 -6
package/src/oauth/manual-token-connection.ts +5 -5
package/src/oauth/oauth-store.ts +83 -17
package/src/oauth/platform-connection.test.ts +1 -1
package/src/oauth/provider-behaviors.ts +503 -4
package/src/oauth/seed-providers.ts +208 -8
package/src/oauth/token-persistence.ts +20 -13
package/src/runtime/channel-readiness-service.ts +48 -40
package/src/runtime/http-types.ts +2 -0
package/src/runtime/invite-redemption-service.ts +71 -29
package/src/runtime/invite-service.ts +40 -22
package/src/runtime/middleware/twilio-validation.ts +1 -1
package/src/runtime/routes/btw-routes.ts +10 -5
package/src/runtime/routes/conversation-routes.ts +47 -10
package/src/runtime/routes/integrations/slack/channel.ts +2 -2
package/src/runtime/routes/integrations/telegram.ts +2 -2
package/src/runtime/routes/integrations/twilio.ts +17 -17
package/src/runtime/routes/invite-routes.ts +29 -4
package/src/runtime/routes/secret-routes.ts +17 -0
package/src/runtime/routes/settings-routes.ts +3 -3
package/src/runtime/routes/workspace-routes.ts +7 -3
package/src/runtime/routes/workspace-utils.ts +8 -2
package/src/schedule/integration-status.ts +26 -19
package/src/security/oauth2.ts +6 -7
package/src/security/secure-keys.ts +19 -16
package/src/security/token-manager.ts +13 -6
package/src/services/vercel-deploy.ts +0 -24
package/src/signals/confirm.ts +78 -0
package/src/signals/mcp-reload.ts +18 -0
package/src/tools/credentials/vault.ts +22 -5
package/src/tools/network/script-proxy/session-manager.ts +8 -8
package/src/tools/schedule/create.ts +2 -2
package/src/watcher/provider-types.ts +1 -1
package/src/watcher/providers/github.ts +1 -1
package/src/watcher/providers/gmail.ts +3 -3
package/src/watcher/providers/google-calendar.ts +3 -3
package/src/watcher/providers/linear.ts +1 -1

package/src/calls/twilio-provider.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { createHmac, timingSafeEqual } from "node:crypto";
 import { credentialKey } from "../security/credential-key.js";
-import { getSecureKey } from "../security/secure-keys.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { ProviderError } from "../util/errors.js";
 import { getLogger } from "../util/logger.js";
 import {
@@ -24,8 +24,11 @@ export class TwilioConversationRelayProvider implements VoiceProvider {
   // ── Credential helpers ──────────────────────────────────────────────
-  private getCredentials(): { accountSid: string; authToken: string } {
-    return getTwilioCredentials();
+  private async getCredentials(): Promise<{
+    accountSid: string;
+    authToken: string;
+  }> {
+    return await getTwilioCredentials();
   }
   private authHeader(accountSid: string, authToken: string): string {
@@ -39,7 +42,7 @@ export class TwilioConversationRelayProvider implements VoiceProvider {
   // ── VoiceProvider interface ─────────────────────────────────────────
   async initiateCall(opts: InitiateCallOptions): Promise<{ callSid: string }> {
-    const { accountSid, authToken } = this.getCredentials();
+    const { accountSid, authToken } = await this.getCredentials();
     const body = new URLSearchParams({
       From: opts.from,
@@ -104,7 +107,7 @@ export class TwilioConversationRelayProvider implements VoiceProvider {
   }
   async endCall(callSid: string): Promise<void> {
-    const { accountSid, authToken } = this.getCredentials();
+    const { accountSid, authToken } = await this.getCredentials();
     log.info({ callSid }, "Ending Twilio call");
@@ -139,7 +142,7 @@ export class TwilioConversationRelayProvider implements VoiceProvider {
   }
   async getCallStatus(callSid: string): Promise<string> {
-    const { accountSid, authToken } = this.getCredentials();
+    const { accountSid, authToken } = await this.getCredentials();
     const res = await fetch(
       `${this.baseUrl(accountSid)}/Calls/${callSid}.json`,
@@ -179,7 +182,7 @@ export class TwilioConversationRelayProvider implements VoiceProvider {
   async checkCallerIdEligibility(
     phoneNumber: string,
   ): Promise<{ eligible: boolean; reason?: string }> {
-    const { accountSid, authToken } = this.getCredentials();
+    const { accountSid, authToken } = await this.getCredentials();
     const encodedNumber = encodeURIComponent(phoneNumber);
     let incomingOk = false;
@@ -280,8 +283,10 @@ export class TwilioConversationRelayProvider implements VoiceProvider {
    * Exposed as a static method so callers (e.g. the HTTP server webhook
    * middleware) can check availability independently.
    */
-  static getAuthToken(): string | null {
-    return getSecureKey(credentialKey("twilio", "auth_token")) || null;
+  static async getAuthToken(): Promise<string | null> {
+    return (
+      (await getSecureKeyAsync(credentialKey("twilio", "auth_token"))) || null
+    );
   }
   /**

package/src/calls/twilio-rest.ts CHANGED Viewed

@@ -8,7 +8,7 @@
 import { loadConfig } from "../config/loader.js";
 import { credentialKey } from "../security/credential-key.js";
-import { getSecureKey } from "../security/secure-keys.js";
+import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { ConfigError, ProviderError } from "../util/errors.js";
 export interface TwilioCredentials {
@@ -28,14 +28,17 @@ function resolveAccountSid(): string | undefined {
 }
 /** Resolve the Twilio Auth Token from the credential store. */
-function resolveAuthToken(): string | undefined {
-  return getSecureKey(credentialKey("twilio", "auth_token")) || undefined;
+async function resolveAuthToken(): Promise<string | undefined> {
+  return (
+    (await getSecureKeyAsync(credentialKey("twilio", "auth_token"))) ||
+    undefined
+  );
 }
 /** Resolve Twilio credentials from config (SID) and credential store (token). Throws if not configured. */
-export function getTwilioCredentials(): TwilioCredentials {
+export async function getTwilioCredentials(): Promise<TwilioCredentials> {
   const accountSid = resolveAccountSid();
-  const authToken = resolveAuthToken();
+  const authToken = await resolveAuthToken();
   if (!accountSid || !authToken) {
     throw new ConfigError(
       "Twilio credentials not configured. Set twilio.accountSid via config and store auth token via credential store.",
@@ -45,9 +48,9 @@ export function getTwilioCredentials(): TwilioCredentials {
 }
 /** Check whether Twilio credentials are present (non-throwing). */
-export function hasTwilioCredentials(): boolean {
+export async function hasTwilioCredentials(): Promise<boolean> {
   try {
-    return !!resolveAccountSid() && !!resolveAuthToken();
+    return !!resolveAccountSid() && !!(await resolveAuthToken());
   } catch {
     return false;
   }

package/src/cli/commands/config.ts CHANGED Viewed

@@ -39,10 +39,13 @@ export function registerConfigCommand(program: Command): void {
     "after",
     `
 Configuration is stored in config.json in the assistant workspace directory.
-Keys support dotted paths for nested values (e.g. calls.enabled, apiKeys.anthropic).
+Keys support dotted paths for nested values (e.g. calls.enabled, twilio.accountSid).
 Values are auto-parsed as JSON (booleans, numbers, objects) with fallback to
 plain string if parsing fails.
+API keys are managed separately via secure storage. Use "assistant keys list"
+and "assistant keys set <provider> <key>" to view and manage API keys.
 Examples:
   $ assistant config list
   $ assistant config get provider
@@ -53,14 +56,14 @@ Examples:
   config
     .command("set <key> <value>")
     .description(
-      "Set a config value (supports dotted paths like apiKeys.anthropic)",
+      "Set a config value (supports dotted paths like calls.enabled)",
     )
     .addHelpText(
       "after",
       `
 Arguments:
   key     Dotted path to the config key (e.g. provider, calls.enabled,
-          apiKeys.anthropic). Intermediate objects are created automatically.
+          twilio.accountSid). Intermediate objects are created automatically.
   value   The value to store. Parsed as JSON first (so "true" becomes boolean
           true, "42" becomes number 42). Falls back to plain string if JSON
           parsing fails.
@@ -68,10 +71,11 @@ Arguments:
 After writing the value to config.json, the lockfile is automatically synced
 to reflect the updated configuration.
+To manage API keys, use "assistant keys set <provider> <key>" instead.
 Examples:
   $ assistant config set provider anthropic
-  $ assistant config set calls.enabled true
-  $ assistant config set apiKeys.anthropic sk-ant-abc123`,
+  $ assistant config set calls.enabled true`,
     )
     .action((key: string, value: string) => {
       const raw = loadRawConfig();
@@ -100,10 +104,11 @@ Arguments:
 Prints the value at the given key path. If the key is not set, prints
 "(not set)". Object values are pretty-printed as indented JSON.
+To view API keys, use "assistant keys list" instead.
 Examples:
   $ assistant config get provider
-  $ assistant config get calls.enabled
-  $ assistant config get apiKeys`,
+  $ assistant config get calls.enabled`,
     )
     .action((key: string) => {
       const raw = loadRawConfig();
@@ -133,8 +138,8 @@ Dumps the full raw configuration from config.json as pretty-printed JSON.
 If no configuration has been set, prints "No configuration set".
 The --search flag filters results by case-insensitive substring match against
-flattened dotted key paths. For example, --search api matches apiKeys.anthropic,
-apiKeys.openai, and any other key containing "api".
+flattened dotted key paths. For example, --search calls matches calls.enabled,
+calls.recordingEnabled, and any other key containing "calls".
 Examples:
   $ assistant config list

package/src/cli/commands/contacts.ts CHANGED Viewed

@@ -497,6 +497,7 @@ Examples:
       "--guardian-name <name>",
       "Guardian name (required for voice invites)",
     )
+    .requiredOption("--contact-id <id>", "Contact ID to bind the invite to")
     .addHelpText(
       "after",
       `
@@ -529,6 +530,7 @@ Examples:
           expectedExternalUserId?: string;
           friendName?: string;
           guardianName?: string;
+          contactId: string;
         },
         cmd: Command,
       ) => {
@@ -563,6 +565,7 @@ Examples:
             expectedExternalUserId: opts.expectedExternalUserId,
             friendName: opts.friendName,
             guardianName: opts.guardianName,
+            contactId: opts.contactId,
           });
           if (result.ok) {
             writeOutput(cmd, { ok: true, invite: result.data });