npm - @vellumai/assistant - Versions diffs - 0.4.9 → 0.4.11 - Mend

@vellumai/assistant 0.4.9 → 0.4.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (116) hide show

package/src/runtime/guardian-vellum-migration.ts CHANGED Viewed

@@ -5,22 +5,17 @@
  * 'vellum' channel with a guardianPrincipalId. This is required for
  * the identity-bound hatch bootstrap flow.
  *
- * - If a vellum binding already exists with a guardianPrincipalId, no-op.
- * - If a vellum binding exists but lacks guardianPrincipalId, backfill it
- *   from the binding's guardianExternalUserId.
+ * - If a vellum binding already exists, returns its guardianPrincipalId.
  * - If no vellum binding exists, creates one with a fresh principal.
  * - Preserves existing guardian bindings for other channels unchanged.
  */
-import { eq } from 'drizzle-orm';
 import { v4 as uuid } from 'uuid';
-import { getDb } from '../memory/db.js';
 import {
   createBinding,
   getActiveBinding,
 } from '../memory/guardian-bindings.js';
-import { channelGuardianBindings } from '../memory/schema.js';
 import { getLogger } from '../util/logger.js';
 import { DAEMON_INTERNAL_ASSISTANT_ID } from './assistant-scope.js';
@@ -36,23 +31,6 @@ const log = getLogger('guardian-vellum-migration');
 export function ensureVellumGuardianBinding(assistantId: string = DAEMON_INTERNAL_ASSISTANT_ID): string {
   const existing = getActiveBinding(assistantId, 'vellum');
   if (existing) {
-    // If the binding exists but is missing guardianPrincipalId, backfill it
-    // from the binding's guardianExternalUserId (the canonical identity).
-    if (!existing.guardianPrincipalId) {
-      const principalId = existing.guardianExternalUserId;
-      const db = getDb();
-      db.update(channelGuardianBindings)
-        .set({ guardianPrincipalId: principalId, updatedAt: Date.now() })
-        .where(eq(channelGuardianBindings.id, existing.id))
-        .run();
-      log.info(
-        { assistantId, guardianPrincipalId: principalId },
-        'Backfilled guardianPrincipalId on existing vellum binding',
-      );
-      return principalId;
-    }
     log.debug(
       { assistantId, guardianPrincipalId: existing.guardianPrincipalId },
       'Vellum guardian binding already exists with principal',

package/src/runtime/guardian-verification-templates.ts CHANGED Viewed

@@ -12,43 +12,50 @@
 export const GUARDIAN_VERIFY_TEMPLATE_KEYS = {
   /** Initial outbound SMS with verification code. */
-  CHALLENGE_REQUEST: 'guardian_verify.sms.challenge_request',
+  CHALLENGE_REQUEST: "guardian_verify.sms.challenge_request",
   /** Resend SMS with verification code. */
-  RESEND: 'guardian_verify.sms.resend',
+  RESEND: "guardian_verify.sms.resend",
   /** Response when the user is already verified. */
-  ALREADY_VERIFIED: 'guardian_verify.already_verified',
+  ALREADY_VERIFIED: "guardian_verify.already_verified",
   /** Initial outbound Telegram verification prompt (code is not included). */
-  TELEGRAM_CHALLENGE_REQUEST: 'guardian_verify.telegram.challenge_request',
+  TELEGRAM_CHALLENGE_REQUEST: "guardian_verify.telegram.challenge_request",
   /** Resend Telegram verification prompt (code is not included). */
-  TELEGRAM_RESEND: 'guardian_verify.telegram.resend',
+  TELEGRAM_RESEND: "guardian_verify.telegram.resend",
+  /** Initial outbound Slack DM verification prompt. */
+  SLACK_CHALLENGE_REQUEST: "guardian_verify.slack.challenge_request",
+  /** Resend Slack DM verification prompt. */
+  SLACK_RESEND: "guardian_verify.slack.resend",
   /** Outbound voice call intro prompt: asks guardian to enter verification code via keypad. */
-  VOICE_CALL_INTRO: 'guardian_verify.voice.call_intro',
+  VOICE_CALL_INTRO: "guardian_verify.voice.call_intro",
   /** Voice retry prompt after an incorrect code entry. */
-  VOICE_RETRY: 'guardian_verify.voice.retry',
+  VOICE_RETRY: "guardian_verify.voice.retry",
   /** Voice success prompt after successful verification. */
-  VOICE_SUCCESS: 'guardian_verify.voice.success',
+  VOICE_SUCCESS: "guardian_verify.voice.success",
   /** Voice failure prompt after too many incorrect attempts. */
-  VOICE_FAILURE: 'guardian_verify.voice.failure',
+  VOICE_FAILURE: "guardian_verify.voice.failure",
   /** Deterministic reply after successful channel verification command. */
-  CHANNEL_VERIFY_SUCCESS: 'guardian_verify.channel.success',
+  CHANNEL_VERIFY_SUCCESS: "guardian_verify.channel.success",
   /** Deterministic reply after failed channel verification command. */
-  CHANNEL_VERIFY_FAILED: 'guardian_verify.channel.failed',
+  CHANNEL_VERIFY_FAILED: "guardian_verify.channel.failed",
   /** Deterministic reply for bootstrap deep-link success. */
-  CHANNEL_BOOTSTRAP_BOUND: 'guardian_verify.channel.bootstrap_bound',
+  CHANNEL_BOOTSTRAP_BOUND: "guardian_verify.channel.bootstrap_bound",
   /** Deterministic reply after successful trusted contact verification. */
-  CHANNEL_TRUSTED_CONTACT_VERIFY_SUCCESS: 'guardian_verify.channel.trusted_contact_success',
+  CHANNEL_TRUSTED_CONTACT_VERIFY_SUCCESS:
+    "guardian_verify.channel.trusted_contact_success",
 } as const;
 export type GuardianVerifyTemplateKey =
   (typeof GUARDIAN_VERIFY_TEMPLATE_KEYS)[keyof typeof GUARDIAN_VERIFY_TEMPLATE_KEYS];
-/** Template keys for SMS/Telegram text-based verification messages. */
+/** Template keys for SMS/Telegram/Slack text-based verification messages. */
 type TextVerifyTemplateKey =
   | typeof GUARDIAN_VERIFY_TEMPLATE_KEYS.CHALLENGE_REQUEST
   | typeof GUARDIAN_VERIFY_TEMPLATE_KEYS.RESEND
   | typeof GUARDIAN_VERIFY_TEMPLATE_KEYS.ALREADY_VERIFIED
   | typeof GUARDIAN_VERIFY_TEMPLATE_KEYS.TELEGRAM_CHALLENGE_REQUEST
-  | typeof GUARDIAN_VERIFY_TEMPLATE_KEYS.TELEGRAM_RESEND;
+  | typeof GUARDIAN_VERIFY_TEMPLATE_KEYS.TELEGRAM_RESEND
+  | typeof GUARDIAN_VERIFY_TEMPLATE_KEYS.SLACK_CHALLENGE_REQUEST
+  | typeof GUARDIAN_VERIFY_TEMPLATE_KEYS.SLACK_RESEND;
 /** Template keys for deterministic channel verification reply messages. */
 export type ChannelVerifyReplyTemplateKey =
@@ -81,25 +88,36 @@ export interface ChannelVerifyReplyVars {
 // Template Composers
 // ---------------------------------------------------------------------------
-const templates: Record<TextVerifyTemplateKey, (vars: GuardianVerifyTemplateVars) => string> = {
+const templates: Record<
+  TextVerifyTemplateKey,
+  (vars: GuardianVerifyTemplateVars) => string
+> = {
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.CHALLENGE_REQUEST]: (_vars) => {
-    return 'Vellum assistant guardian verification requested. Reply with the 6-digit code you were given.';
+    return "Vellum assistant guardian verification requested. Reply with the 6-digit code you were given.";
   },
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.RESEND]: (_vars) => {
-    return 'Vellum assistant guardian verification requested. Reply with the 6-digit code you were given. (resent)';
+    return "Vellum assistant guardian verification requested. Reply with the 6-digit code you were given. (resent)";
   },
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.ALREADY_VERIFIED]: (_vars) => {
-    return 'This channel is already verified. No further action is needed.';
+    return "This channel is already verified. No further action is needed.";
   },
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.TELEGRAM_CHALLENGE_REQUEST]: (_vars) => {
-    return 'Vellum assistant guardian verification requested. Reply with the 6-digit code you were given.';
+    return "Vellum assistant guardian verification requested. Reply with the 6-digit code you were given.";
   },
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.TELEGRAM_RESEND]: (_vars) => {
-    return 'Vellum assistant guardian verification requested. Reply with the 6-digit code you were given. (resent)';
+    return "Vellum assistant guardian verification requested. Reply with the 6-digit code you were given. (resent)";
+  },
+  [GUARDIAN_VERIFY_TEMPLATE_KEYS.SLACK_CHALLENGE_REQUEST]: (_vars) => {
+    return "Vellum assistant guardian verification requested. Reply with the 6-digit code you were given.";
+  },
+  [GUARDIAN_VERIFY_TEMPLATE_KEYS.SLACK_RESEND]: (_vars) => {
+    return "Vellum assistant guardian verification requested. Reply with the 6-digit code you were given. (resent)";
   },
 };
@@ -115,6 +133,18 @@ export function composeVerificationSms(
   return composer(vars);
 }
+/**
+ * Compose an outbound verification Slack DM from a template key and typed variables.
+ * Returns plain string content suitable for Slack delivery.
+ */
+export function composeVerificationSlack(
+  templateKey: TextVerifyTemplateKey,
+  vars: GuardianVerifyTemplateVars,
+): string {
+  const composer = templates[templateKey];
+  return composer(vars);
+}
 /**
  * Compose an outbound verification Telegram message from a template key and typed variables.
  * Returns plain string content suitable for Telegram delivery.
@@ -137,18 +167,21 @@ type VoiceTemplateKey =
   | typeof GUARDIAN_VERIFY_TEMPLATE_KEYS.VOICE_SUCCESS
   | typeof GUARDIAN_VERIFY_TEMPLATE_KEYS.VOICE_FAILURE;
-const voiceTemplates: Record<VoiceTemplateKey, (vars: GuardianVerifyVoiceTemplateVars) => string> = {
+const voiceTemplates: Record<
+  VoiceTemplateKey,
+  (vars: GuardianVerifyVoiceTemplateVars) => string
+> = {
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.VOICE_CALL_INTRO]: (vars) =>
     `You are receiving a guardian verification call for your Vellum assistant. Please enter your ${vars.codeDigits}-digit verification code using your keypad.`,
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.VOICE_RETRY]: (_vars) =>
-    'That code was incorrect. Please try again.',
+    "That code was incorrect. Please try again.",
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.VOICE_SUCCESS]: (_vars) =>
-    'Verification successful. Thank you. Goodbye.',
+    "Verification successful. Thank you. Goodbye.",
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.VOICE_FAILURE]: (_vars) =>
-    'Too many incorrect attempts. Goodbye.',
+    "Too many incorrect attempts. Goodbye.",
 };
 /**
@@ -167,18 +200,21 @@ export function composeVerificationVoice(
 // Channel Verification Reply Templates (deterministic, non-agent)
 // ---------------------------------------------------------------------------
-const channelVerifyReplyTemplates: Record<ChannelVerifyReplyTemplateKey, (vars: ChannelVerifyReplyVars) => string> = {
+const channelVerifyReplyTemplates: Record<
+  ChannelVerifyReplyTemplateKey,
+  (vars: ChannelVerifyReplyVars) => string
+> = {
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.CHANNEL_VERIFY_SUCCESS]: () =>
-    'Verification successful. You are now set as the guardian for this channel.',
+    "Verification successful. You are now set as the guardian for this channel.",
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.CHANNEL_VERIFY_FAILED]: (vars) =>
-    vars.failureReason ?? 'The verification code is invalid or has expired.',
+    vars.failureReason ?? "The verification code is invalid or has expired.",
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.CHANNEL_BOOTSTRAP_BOUND]: () =>
-    'Welcome! Your identity has been linked. Please check for a verification code message.',
+    "Welcome! Your identity has been linked. Please check for a verification code message.",
   [GUARDIAN_VERIFY_TEMPLATE_KEYS.CHANNEL_TRUSTED_CONTACT_VERIFY_SUCCESS]: () =>
-    'Verification successful! You can now message the assistant.',
+    "Verification successful! You can now message the assistant.",
 };
 /**

package/src/runtime/local-actor-identity.ts CHANGED Viewed

@@ -16,10 +16,7 @@ import type { GuardianRuntimeContext } from '../daemon/session-runtime-assembly.
 import { getActiveBinding } from '../memory/guardian-bindings.js';
 import { getLogger } from '../util/logger.js';
 import { DAEMON_INTERNAL_ASSISTANT_ID } from './assistant-scope.js';
-import {
-  resolveGuardianContext,
-  toGuardianRuntimeContext,
-} from './guardian-context-resolver.js';
+import { resolveGuardianContext } from './guardian-context-resolver.js';
 import { ensureVellumGuardianBinding } from './guardian-vellum-migration.js';
 const log = getLogger('local-actor-identity');
@@ -58,7 +55,8 @@ export function resolveLocalIpcGuardianContext(
       conversationExternalId: 'local',
       actorExternalId: principalId,
     });
-    return toGuardianRuntimeContext(sourceChannel, guardianCtx);
+    // Overlay the caller's actual sourceChannel onto the resolved context.
+    return { ...guardianCtx, sourceChannel };
   }
   const guardianPrincipalId = binding.guardianExternalUserId;
@@ -78,5 +76,5 @@ export function resolveLocalIpcGuardianContext(
   // Overlay the caller's actual sourceChannel onto the resolved context
   // so downstream consumers see the correct channel provenance.
-  return toGuardianRuntimeContext(sourceChannel, guardianCtx);
+  return { ...guardianCtx, sourceChannel };
 }

package/src/runtime/middleware/actor-token.ts CHANGED Viewed

@@ -14,17 +14,13 @@
  * guardian context pathway when no actor token is present.
  */
-import type { ChannelId } from '../../channels/types.js';
 import type { GuardianRuntimeContext } from '../../daemon/session-runtime-assembly.js';
 import { getActiveBinding } from '../../memory/guardian-bindings.js';
 import { getLogger } from '../../util/logger.js';
 import { type ActorTokenClaims, hashToken, verifyActorToken } from '../actor-token-service.js';
 import { findActiveByTokenHash } from '../actor-token-store.js';
 import { DAEMON_INTERNAL_ASSISTANT_ID } from '../assistant-scope.js';
-import {
-  resolveGuardianContext,
-  toGuardianRuntimeContext,
-} from '../guardian-context-resolver.js';
+import { resolveGuardianContext } from '../guardian-context-resolver.js';
 import { resolveLocalIpcGuardianContext } from '../local-actor-identity.js';
 const log = getLogger('actor-token-middleware');
@@ -120,12 +116,10 @@ export function verifyHttpActorToken(req: Request): ActorTokenVerification {
     actorExternalId: claims.guardianPrincipalId,
   });
-  const guardianContext = toGuardianRuntimeContext('vellum' as ChannelId, guardianCtx);
   return {
     ok: true,
     claims,
-    guardianContext,
+    guardianContext: guardianCtx,
   };
 }

package/src/runtime/routes/channel-route-shared.ts CHANGED Viewed

@@ -12,7 +12,6 @@ import type {
 } from '../channel-approval-types.js';
 import type { DenialReason } from '../guardian-context-resolver.js';
 export type { ActorTrustClass, DenialReason, GuardianContext } from '../guardian-context-resolver.js';
-export { toGuardianRuntimeContext } from '../guardian-context-resolver.js';
 /** Canonicalize assistantId for channel ingress paths. */
 export function canonicalChannelAssistantId(_assistantId: string): string {

package/src/runtime/routes/inbound-message-handler.ts CHANGED Viewed

@@ -70,7 +70,6 @@ import {
   GUARDIAN_APPROVAL_TTL_MS,
   type GuardianContext,
   stripVerificationFailurePrefix,
-  toGuardianRuntimeContext,
   verifyGatewayOrigin,
 } from './channel-route-shared.js';
 import { handleApprovalInterception } from './guardian-approval-interception.js';
@@ -628,7 +627,7 @@ export async function handleChannelInbound(
         conversationId: result.conversationId,
         requesterExternalUserId: canonicalSenderId ?? rawSenderId ?? undefined,
         guardianExternalUserId: binding.guardianExternalUserId,
-        guardianPrincipalId: binding.guardianPrincipalId ?? undefined,
+        guardianPrincipalId: binding.guardianPrincipalId,
         toolName: 'ingress_message',
         questionText: 'Ingress policy requires guardian approval',
         expiresAt: new Date(Date.now() + GUARDIAN_APPROVAL_TTL_MS).toISOString(),
@@ -1141,7 +1140,7 @@ export async function handleChannelInbound(
       senderName: body.actorDisplayName,
       senderExternalUserId: body.actorExternalId,
       senderUsername: body.actorUsername,
-      guardianCtx: toGuardianRuntimeContext(sourceChannel, guardianCtx),
+      guardianCtx,
       replyCallbackUrl,
       assistantId: canonicalAssistantId,
     });
@@ -1687,7 +1686,7 @@ function processChannelMessageInBackground(params: BackgroundProcessingParams):
             uxBrief: metadataUxBrief,
           },
           assistantId,
-          guardianContext: toGuardianRuntimeContext(sourceChannel, guardianCtx),
+          guardianContext: guardianCtx,
           isInteractive: resolveRoutingState(guardianCtx).promptWaitingAllowed,
           ...(cmdIntent ? { commandIntent: cmdIntent } : {}),
         },

package/src/runtime/tool-grant-request-helper.ts CHANGED Viewed

@@ -123,7 +123,7 @@ export function createOrReuseToolGrantRequest(
     requesterExternalUserId,
     requesterChatId: requesterChatId ?? undefined,
     guardianExternalUserId: binding.guardianExternalUserId,
-    guardianPrincipalId: binding.guardianPrincipalId ?? undefined,
+    guardianPrincipalId: binding.guardianPrincipalId,
     toolName,
     inputDigest,
     questionText,

package/src/tools/credentials/policy-validate.ts CHANGED Viewed

@@ -8,6 +8,20 @@
 import type { CredentialPolicy, CredentialPolicyInput } from './policy-types.js';
+/**
+ * Host tools that must never appear in credential allowed_tools.
+ *
+ * Credentials should only be accessible from sandboxed tools, not from
+ * host-level tools that execute directly on the user's machine.
+ * Map each blocked tool to its safe sandboxed equivalent.
+ */
+const BLOCKED_HOST_TOOLS: ReadonlyMap<string, string> = new Map([
+  ['host_bash', 'bash'],
+  ['host_file_read', 'file_read'],
+  ['host_file_write', 'file_write'],
+  ['host_file_edit', 'file_edit'],
+]);
 export interface ValidationResult {
   valid: boolean;
   errors: string[];
@@ -29,6 +43,14 @@ export function validatePolicyInput(input: CredentialPolicyInput): ValidationRes
         const tool = input.allowed_tools[i];
         if (typeof tool !== 'string' || tool.trim().length === 0) {
           errors.push(`allowed_tools[${i}] must be a non-empty string`);
+        } else {
+          const replacement = BLOCKED_HOST_TOOLS.get(tool);
+          if (replacement !== undefined) {
+            errors.push(
+              `allowed_tools[${i}] "${tool}" is a host tool and cannot be used for credential access. ` +
+              `Use "${replacement}" instead.`,
+            );
+          }
         }
       }
     }

package/src/tools/guardian-control-plane-policy.ts CHANGED Viewed

@@ -124,13 +124,13 @@ export function isGuardianControlPlaneInvocation(
 export function enforceGuardianOnlyPolicy(
   toolName: string,
   input: Record<string, unknown>,
-  trustClass: string | undefined,
+  trustClass: string,
 ): { denied: boolean; reason?: string } {
   if (!isGuardianControlPlaneInvocation(toolName, input)) {
     return { denied: false };
   }
-  if (trustClass === 'guardian' || trustClass === undefined) {
+  if (trustClass === 'guardian') {
     return { denied: false };
   }

package/src/tools/types.ts CHANGED Viewed

@@ -138,7 +138,7 @@ export interface ToolContext {
   /** Optional principal identifier propagated to sub-tool confirmation flows. */
   principal?: string;
   /** Inbound trust classification for the session — used by trust/policy gates. */
-  guardianTrustClass?: 'guardian' | 'trusted_contact' | 'unknown';
+  guardianTrustClass: 'guardian' | 'trusted_contact' | 'unknown';
   /** Channel through which the tool invocation originates (e.g. 'telegram', 'voice'). Used for scoped grant consumption. */
   executionChannel?: string;
   /** Voice/call session ID, if the invocation originates from a call. Used for scoped grant consumption. */