npm - @vellumai/assistant - Versions diffs - 0.4.9 → 0.4.11 - Mend

@vellumai/assistant 0.4.9 → 0.4.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (116) hide show

package/src/__tests__/trust-context-guards.test.ts ADDED Viewed

@@ -0,0 +1,218 @@
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { describe, expect, it } from 'bun:test';
+/**
+ * Guard tests for the canonical trust-context model.
+ *
+ * These tests prevent reintroduction of removed compatibility patterns
+ * by scanning source files for type invariants:
+ *
+ *  (a) guardianPrincipalId in GuardianRuntimeContext must be `?: string`
+ *      (optional string), NOT `string | null`.
+ *  (b) guardianTrustClass in ToolContext must be a required field (no `?`).
+ *  (c) The channel retry sweep parser must not reference `actorRole`.
+ *  (d) guardianPrincipalId in GuardianBinding must be `string` (non-null,
+ *      non-optional).
+ */
+const srcDir = join(import.meta.dir, '..');
+describe('trust-context guards', () => {
+  // -----------------------------------------------------------------------
+  // (a) No `string | null` for guardianPrincipalId in runtime types
+  // -----------------------------------------------------------------------
+  it('guardianPrincipalId is not typed as string | null in GuardianRuntimeContext', () => {
+    const source = readFileSync(
+      join(srcDir, 'daemon', 'session-runtime-assembly.ts'),
+      'utf-8',
+    );
+    // Extract the GuardianRuntimeContext interface block
+    const ifaceStart = source.indexOf('export interface GuardianRuntimeContext');
+    expect(ifaceStart).toBeGreaterThan(-1);
+    const blockStart = source.indexOf('{', ifaceStart);
+    let braceDepth = 0;
+    let blockEnd = blockStart;
+    for (let i = blockStart; i < source.length; i++) {
+      if (source[i] === '{') braceDepth++;
+      if (source[i] === '}') braceDepth--;
+      if (braceDepth === 0) {
+        blockEnd = i + 1;
+        break;
+      }
+    }
+    const block = source.slice(blockStart, blockEnd);
+    // guardianPrincipalId should NOT be typed as `string | null`
+    const principalLine = block.split('\n').find((l) =>
+      l.includes('guardianPrincipalId'),
+    );
+    expect(
+      principalLine,
+      'Expected to find guardianPrincipalId in GuardianRuntimeContext',
+    ).toBeDefined();
+    expect(
+      principalLine!.includes('string | null') || principalLine!.includes('null | string'),
+      'guardianPrincipalId must not be typed as nullable in GuardianRuntimeContext. ' +
+        'Use `guardianPrincipalId?: string` (optional, non-nullable) instead. ' +
+        `Found: "${principalLine!.trim()}"`,
+    ).toBe(false);
+    // The field must remain optional (has `?`) — channels where no guardian
+    // principal exists should be able to omit it.
+    expect(
+      /guardianPrincipalId\s*\?/.test(principalLine!),
+      'guardianPrincipalId must remain optional (`?:`) in GuardianRuntimeContext. ' +
+        'Channels without a guardian principal need to omit this field. ' +
+        `Found: "${principalLine!.trim()}"`,
+    ).toBe(true);
+  });
+  // -----------------------------------------------------------------------
+  // (b) guardianTrustClass is required in ToolContext
+  // -----------------------------------------------------------------------
+  it('guardianTrustClass is a required field in ToolContext', () => {
+    const source = readFileSync(
+      join(srcDir, 'tools', 'types.ts'),
+      'utf-8',
+    );
+    // Extract the ToolContext interface block
+    const ifaceStart = source.indexOf('export interface ToolContext');
+    expect(ifaceStart).toBeGreaterThan(-1);
+    const blockStart = source.indexOf('{', ifaceStart);
+    let braceDepth = 0;
+    let blockEnd = blockStart;
+    for (let i = blockStart; i < source.length; i++) {
+      if (source[i] === '{') braceDepth++;
+      if (source[i] === '}') braceDepth--;
+      if (braceDepth === 0) {
+        blockEnd = i + 1;
+        break;
+      }
+    }
+    const block = source.slice(blockStart, blockEnd);
+    const trustLine = block.split('\n').find((l) =>
+      l.includes('guardianTrustClass'),
+    );
+    expect(
+      trustLine,
+      'Expected to find guardianTrustClass in ToolContext',
+    ).toBeDefined();
+    // The field must NOT have a `?` before the colon — it must be required.
+    expect(
+      /guardianTrustClass\s*\?/.test(trustLine!),
+      'guardianTrustClass must be a required field in ToolContext (no `?`). ' +
+        'Explicit trust gates must not be optional — every tool execution ' +
+        `must carry a trust classification. Found: "${trustLine!.trim()}"`,
+    ).toBe(false);
+  });
+  // -----------------------------------------------------------------------
+  // (c) No actorRole fallback in channel retry sweep parser
+  // -----------------------------------------------------------------------
+  it('channel retry sweep parser does not reference actorRole', () => {
+    const source = readFileSync(
+      join(srcDir, 'runtime', 'channel-retry-sweep.ts'),
+      'utf-8',
+    );
+    // The parseGuardianRuntimeContext function must use strict trustClass
+    // parsing only — no legacy actorRole fallback.
+    const parserStart = source.indexOf('function parseGuardianRuntimeContext');
+    expect(parserStart).toBeGreaterThan(-1);
+    // Find the end of the function (next function-level declaration or EOF)
+    const parserBody = source.slice(parserStart);
+    const nextFn = parserBody.indexOf('\nexport ', 1);
+    const parserSource = nextFn > 0 ? parserBody.slice(0, nextFn) : parserBody;
+    expect(
+      parserSource.includes('actorRole'),
+      'parseGuardianRuntimeContext must not reference `actorRole`. ' +
+        'The retry sweep uses strict `trustClass` parsing — no legacy actorRole fallback.',
+    ).toBe(false);
+  });
+  // -----------------------------------------------------------------------
+  // (d) Retry sweep never passes undefined guardianContext to processMessage
+  // -----------------------------------------------------------------------
+  it('retry sweep always provides an explicit guardianContext (never undefined)', () => {
+    const source = readFileSync(
+      join(srcDir, 'runtime', 'channel-retry-sweep.ts'),
+      'utf-8',
+    );
+    // The sweep must synthesize a trust context when guardianCtx is absent,
+    // so `guardianContext` should never be conditionally undefined at the
+    // processMessage callsite. Look for the pattern that ensures this:
+    // a `const guardianContext: GuardianRuntimeContext = parsedGuardianContext ?? {`
+    // fallback that synthesizes trustClass: 'unknown'.
+    expect(
+      source.includes("trustClass: 'unknown'"),
+      'The retry sweep must synthesize an explicit `trustClass: \'unknown\'` context ' +
+        'when guardianCtx is absent from stored payloads. This prevents downstream ' +
+        'defaults from granting implicit guardian trust on replay.',
+    ).toBe(true);
+  });
+  // -----------------------------------------------------------------------
+  // (e) guardianPrincipalId is non-null in GuardianBinding
+  // -----------------------------------------------------------------------
+  it('guardianPrincipalId is typed as string (non-null) in GuardianBinding', () => {
+    const source = readFileSync(
+      join(srcDir, 'memory', 'guardian-bindings.ts'),
+      'utf-8',
+    );
+    // Extract the GuardianBinding interface block
+    const ifaceStart = source.indexOf('export interface GuardianBinding');
+    expect(ifaceStart).toBeGreaterThan(-1);
+    const blockStart = source.indexOf('{', ifaceStart);
+    let braceDepth = 0;
+    let blockEnd = blockStart;
+    for (let i = blockStart; i < source.length; i++) {
+      if (source[i] === '{') braceDepth++;
+      if (source[i] === '}') braceDepth--;
+      if (braceDepth === 0) {
+        blockEnd = i + 1;
+        break;
+      }
+    }
+    const block = source.slice(blockStart, blockEnd);
+    const principalLine = block.split('\n').find((l) =>
+      l.includes('guardianPrincipalId'),
+    );
+    expect(
+      principalLine,
+      'Expected to find guardianPrincipalId in GuardianBinding',
+    ).toBeDefined();
+    // Must be `guardianPrincipalId: string` — not optional, not nullable
+    expect(
+      principalLine!.includes('string | null') || principalLine!.includes('null | string'),
+      'guardianPrincipalId must not be typed as nullable in GuardianBinding. ' +
+        `Found: "${principalLine!.trim()}"`,
+    ).toBe(false);
+    expect(
+      /guardianPrincipalId\s*\?/.test(principalLine!),
+      'guardianPrincipalId must not be optional in GuardianBinding. ' +
+        `Found: "${principalLine!.trim()}"`,
+    ).toBe(false);
+  });
+});

package/src/__tests__/trusted-contact-inline-approval-integration.test.ts CHANGED Viewed

@@ -316,6 +316,7 @@ describe('(a) target flow: trusted-contact inline guardian approval end-to-end',
   test('complete flow: routing state allows interactive + bridge notifies guardian + tool resumes', async () => {
     // Step 1: Verify routing state allows interactive turns for trusted contacts
     const guardianCtx: GuardianContext = {
+      sourceChannel: 'telegram',
       trustClass: 'trusted_contact',
       guardianExternalUserId: 'guardian-1',
       guardianChatId: 'guardian-chat-1',
@@ -463,6 +464,7 @@ describe('(c) no-binding flow: trusted contact fails fast without guardian bindi
   test('routing state blocks prompt waiting when no guardian binding exists', () => {
     const ctx: GuardianContext = {
+      sourceChannel: 'telegram',
       trustClass: 'trusted_contact',
       // No guardianExternalUserId — mirrors no binding
     };
@@ -592,10 +594,12 @@ describe('(d) unknown actor flow: fail-closed with no interactive approval', ()
   test('unknown actors have promptWaitingAllowed=false regardless of guardian route', () => {
     const withRoute: GuardianContext = {
+      sourceChannel: 'telegram',
       trustClass: 'unknown',
       guardianExternalUserId: 'guardian-1',
     };
     const withoutRoute: GuardianContext = {
+      sourceChannel: 'telegram',
       trustClass: 'unknown',
     };
@@ -961,6 +965,7 @@ describe('cross-milestone integration checks', () => {
   test('M1+M4: routing state interactivity drives inline wait eligibility', async () => {
     // With guardian binding: interactive + inline wait allowed
     const withBinding: GuardianContext = {
+      sourceChannel: 'telegram',
       trustClass: 'trusted_contact',
       guardianExternalUserId: 'guardian-1',
     };
@@ -968,6 +973,7 @@ describe('cross-milestone integration checks', () => {
     // Without guardian binding: not interactive + inline wait should not enter dead-end
     const withoutBinding: GuardianContext = {
+      sourceChannel: 'telegram',
       trustClass: 'trusted_contact',
     };
     expect(resolveRoutingState(withoutBinding).promptWaitingAllowed).toBe(false);

package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts CHANGED Viewed

@@ -161,6 +161,7 @@ describe('trusted contact lifecycle notification signals', () => {
       channel: 'telegram',
       guardianExternalUserId: 'guardian-user-789',
       guardianDeliveryChatId: 'guardian-chat-789',
+      guardianPrincipalId: 'guardian-user-789',
     });
     upsertMember({
       assistantId: 'self',
@@ -236,6 +237,7 @@ describe('trusted contact lifecycle notification signals', () => {
       channel: 'telegram',
       guardianExternalUserId: 'guardian-user-789',
       guardianDeliveryChatId: 'guardian-chat-789',
+      guardianPrincipalId: 'guardian-user-789',
     });
     upsertMember({
       assistantId: 'self',
@@ -310,6 +312,7 @@ describe('trusted contact lifecycle notification signals', () => {
       channel: 'telegram',
       guardianExternalUserId: 'guardian-user-789',
       guardianDeliveryChatId: 'guardian-chat-789',
+      guardianPrincipalId: 'guardian-user-789',
     });
     upsertMember({
       assistantId: 'self',
@@ -373,6 +376,7 @@ describe('trusted contact activated notification signal', () => {
       channel: 'telegram',
       guardianExternalUserId: 'guardian-user-789',
       guardianDeliveryChatId: 'guardian-chat-789',
+      guardianPrincipalId: 'guardian-user-789',
     });
     // Create an identity-bound outbound session (simulates M3 approval flow)
@@ -425,6 +429,7 @@ describe('trusted contact activated notification signal', () => {
       channel: 'telegram',
       guardianExternalUserId: 'guardian-user-789',
       guardianDeliveryChatId: 'guardian-chat-789',
+      guardianPrincipalId: 'guardian-user-789',
     });
     upsertMember({
@@ -506,6 +511,7 @@ describe('trusted contact activated notification signal', () => {
       channel: 'telegram',
       guardianExternalUserId: 'guardian-user-789',
       guardianDeliveryChatId: 'guardian-chat-789',
+      guardianPrincipalId: 'guardian-user-789',
     });
     const session = createOutboundSession({

package/src/__tests__/trusted-contact-multichannel.test.ts CHANGED Viewed

@@ -210,6 +210,7 @@ for (const config of CHANNEL_CONFIGS) {
         channel: config.channel,
         guardianExternalUserId: config.guardianExternalUserId,
         guardianDeliveryChatId: config.guardianChatId,
+        guardianPrincipalId: config.guardianExternalUserId,
       });
       const req = buildInboundRequest(config);

package/src/__tests__/trusted-contact-verification.test.ts CHANGED Viewed

@@ -393,6 +393,7 @@ describe('trusted contact verification → member activation', () => {
       channel: 'telegram',
       guardianExternalUserId: 'guardian-user-original',
       guardianDeliveryChatId: 'guardian-chat-original',
+      guardianPrincipalId: 'guardian-user-original',
       verifiedVia: 'challenge',
       metadataJson: null,
     });

package/src/__tests__/view-image-tool.test.ts CHANGED Viewed

@@ -50,6 +50,7 @@ function makeContext(workingDir: string = testDir): ToolContext {
     workingDir,
     sessionId: 'test-session',
     conversationId: 'test-conversation',
+    guardianTrustClass: 'guardian',
   };
 }

package/src/calls/guardian-dispatch.ts CHANGED Viewed

@@ -95,14 +95,14 @@ async function dispatchGuardianQuestionInner(params: GuardianDispatchParams): Pr
     // (the canonical assistant-level binding) so the request is attributed to
     // the assistant's guardian principal.
     let vellumBinding = getActiveBinding(assistantId, 'vellum');
-    let guardianPrincipalId = vellumBinding?.guardianPrincipalId ?? undefined;
+    let guardianPrincipalId = vellumBinding?.guardianPrincipalId;
-    // Self-heal: if the vellum binding is missing or lacks a principal,
-    // bootstrap it so the pending_question request can be attributed.
+    // Self-heal: if the vellum binding is missing, bootstrap it so
+    // the pending_question request can be attributed.
     if (!guardianPrincipalId) {
       log.info(
         { callSessionId, assistantId, hadBinding: !!vellumBinding },
-        'Vellum binding missing or lacks principal — self-healing for voice dispatch',
+        'Vellum binding missing — self-healing for voice dispatch',
       );
       const healedPrincipalId = ensureVellumGuardianBinding(assistantId);
       vellumBinding = getActiveBinding(assistantId, 'vellum');

package/src/cli/mcp.ts CHANGED Viewed

@@ -1,11 +1,46 @@
+import { UnauthorizedError } from '@modelcontextprotocol/sdk/client/auth.js';
+import { Client } from '@modelcontextprotocol/sdk/client/index.js';
+import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
+import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
 import type { Command } from 'commander';
 import { loadRawConfig, saveRawConfig } from '../config/loader.js';
 import type { McpConfig, McpServerConfig } from '../config/mcp-schema.js';
+import { McpClient } from '../mcp/client.js';
+import { deleteMcpOAuthCredentials, McpOAuthProvider } from '../mcp/mcp-oauth-provider.js';
 import { getCliLogger } from '../util/logger.js';
 const log = getCliLogger('cli');
+const HEALTH_CHECK_TIMEOUT_MS = 10_000;
+async function checkServerHealth(serverId: string, config: McpServerConfig): Promise<string> {
+  const client = new McpClient(serverId, { quiet: true });
+  try {
+    await Promise.race([
+      client.connect(config.transport),
+      new Promise<never>((_, reject) => {
+        const t = setTimeout(() => reject(new Error('timeout')), HEALTH_CHECK_TIMEOUT_MS);
+        if (typeof t === 'object' && 'unref' in t) t.unref();
+      }),
+    ]);
+    if (!client.isConnected) {
+      return '! Needs authentication';
+    }
+    await client.disconnect();
+    return '\u2713 Connected';
+  } catch (err) {
+    try { await client.disconnect(); } catch { /* ignore */ }
+    const message = err instanceof Error ? err.message : String(err);
+    if (message.includes('timeout')) {
+      return '\u2717 Timed out';
+    }
+    return `\u2717 Error: ${message}`;
+  }
+}
 export function registerMcpCommand(program: Command): void {
   const mcp = program.command('mcp').description('Manage MCP (Model Context Protocol) servers');
@@ -13,7 +48,7 @@ export function registerMcpCommand(program: Command): void {
     .command('list')
     .description('List configured MCP servers and their status')
     .option('--json', 'Output as JSON')
-    .action((opts: { json?: boolean }) => {
+    .action(async (opts: { json?: boolean }) => {
       const raw = loadRawConfig();
       const mcpConfig = raw.mcp as Partial<McpConfig> | undefined;
       const servers = mcpConfig?.servers ?? {};
@@ -37,6 +72,8 @@ export function registerMcpCommand(program: Command): void {
       }
       log.info(`${entries.length} MCP server(s) configured:\n`);
+      let didHealthCheck = false;
       for (const [id, cfg] of entries) {
         if (!cfg || typeof cfg !== 'object') {
           log.info(`  ${id} (invalid config — skipped)\n`);
@@ -45,7 +82,14 @@ export function registerMcpCommand(program: Command): void {
         const enabled = cfg.enabled !== false;
         const transport = cfg.transport;
         const risk = cfg.defaultRiskLevel ?? 'high';
-        const status = enabled ? '✓ enabled' : '✗ disabled';
+        let status: string;
+        if (!enabled) {
+          status = '✗ disabled';
+        } else {
+          status = await checkServerHealth(id, cfg);
+          didHealthCheck = true;
+        }
         log.info(`  ${id}`);
         log.info(`    Status:    ${status}`);
@@ -60,6 +104,9 @@ export function registerMcpCommand(program: Command): void {
         if (cfg.blockedTools) log.info(`    Blocked:   ${cfg.blockedTools.join(', ')}`);
         log.info('');
       }
+      // Health checks may leave MCP transports alive — force exit
+      if (didHealthCheck) process.exit(0);
     });
   mcp
@@ -133,10 +180,132 @@ export function registerMcpCommand(program: Command): void {
       log.info('Restart the daemon for changes to take effect: vellum daemon restart');
     });
+  mcp
+    .command('auth <name>')
+    .description('Authenticate with an MCP server via OAuth')
+    .action(async (name: string) => {
+      const raw = loadRawConfig();
+      const mcpConfig = raw.mcp as Partial<McpConfig> | undefined;
+      const servers = mcpConfig?.servers ?? {};
+      const serverConfig = (servers as Record<string, McpServerConfig>)[name];
+      if (!serverConfig) {
+        log.error(`MCP server "${name}" not found. Add it first with: vellum mcp add`);
+        process.exitCode = 1;
+        return;
+      }
+      const transport = serverConfig.transport;
+      if (transport.type !== 'sse' && transport.type !== 'streamable-http') {
+        log.error(`OAuth is only supported for sse/streamable-http transports (server "${name}" uses ${transport.type})`);
+        process.exitCode = 1;
+        return;
+      }
+      // Validate URL early so we fail fast before starting the callback server
+      let serverUrl: URL;
+      try {
+        serverUrl = new URL(transport.url);
+      } catch {
+        log.error(`Invalid URL for MCP server "${name}": ${transport.url}`);
+        process.exitCode = 1;
+        return;
+      }
+      const provider = new McpOAuthProvider(name, transport.url, /* interactive */ true);
+      // Clear stale client_info and discovery — the callback server uses a random port,
+      // so any previously cached client_info has a mismatched redirect_uri.
+      // Preserve tokens so they survive if this auth attempt fails.
+      await provider.invalidateCredentials('client');
+      await provider.invalidateCredentials('discovery');
+      const { codePromise } = await provider.startCallbackServer();
+      const OAUTH_TIMEOUT_MS = 150_000; // 2.5 min for browser interaction
+      const TransportClass = transport.type === 'sse' ? SSEClientTransport : StreamableHTTPClientTransport;
+      const mcpTransport = new TransportClass(
+        serverUrl,
+        {
+          authProvider: provider,
+          requestInit: transport.headers ? { headers: transport.headers } : undefined,
+        },
+      );
+      const client = new Client({ name: 'vellum-assistant', version: '1.0.0' });
+      try {
+        // Try connecting — if tokens are already cached, this succeeds immediately
+        await client.connect(mcpTransport);
+        provider.stopCallbackServer();
+        await client.close();
+        log.info(`Server "${name}" is already authenticated.`);
+        return;
+      } catch (err) {
+        if (!(err instanceof UnauthorizedError)) {
+          provider.stopCallbackServer();
+          try { await client.close(); } catch { /* ignore */ }
+          log.error(`Failed to connect to "${name}": ${err}`);
+          process.exitCode = 1;
+          return;
+        }
+      }
+      // UnauthorizedError — browser was opened by redirectToAuthorization().
+      // Wait for the user to complete the OAuth flow.
+      log.info('Waiting for authorization in browser... (press Ctrl+C to cancel)');
+      let code: string;
+      let oauthTimer: ReturnType<typeof setTimeout> | undefined;
+      try {
+        code = await Promise.race([
+          codePromise,
+          new Promise<never>((_, reject) => {
+            oauthTimer = setTimeout(() => reject(new Error('OAuth authorization timed out after 2.5 minutes')), OAUTH_TIMEOUT_MS);
+            if (typeof oauthTimer === 'object' && 'unref' in oauthTimer) oauthTimer.unref();
+          }),
+        ]);
+        clearTimeout(oauthTimer);
+      } catch (err) {
+        clearTimeout(oauthTimer);
+        provider.stopCallbackServer();
+        try { await client.close(); } catch { /* ignore */ }
+        const message = err instanceof Error ? err.message : String(err);
+        if (message.includes('denied') || message.includes('cancelled')) {
+          log.error(`Authorization cancelled for "${name}".`);
+        } else if (message.includes('timed out')) {
+          log.error(`Authorization timed out for "${name}". Try again with: vellum mcp auth ${name}`);
+        } else {
+          log.error(`Authorization failed for "${name}": ${message}`);
+        }
+        process.exitCode = 1;
+        return;
+      }
+      log.info('Authorization received. Exchanging token...');
+      // Exchange auth code for tokens
+      try {
+        await mcpTransport.finishAuth(code);
+      } catch (err) {
+        provider.stopCallbackServer();
+        try { await client.close(); } catch { /* ignore */ }
+        log.error(`Token exchange failed for "${name}": ${err}`);
+        process.exitCode = 1;
+        return;
+      }
+      // Clean up transport/client so the process can exit
+      try { await client.close(); } catch { /* ignore */ }
+      provider.stopCallbackServer();
+      log.info(`Authentication successful for "${name}".`);
+      log.info('Restart the daemon for changes to take effect: vellum daemon restart');
+      process.exit(0);
+    });
   mcp
     .command('remove <name>')
     .description('Remove an MCP server configuration')
-    .action((name: string) => {
+    .action(async (name: string) => {
       const raw = loadRawConfig();
       const mcpConfig = raw.mcp as Record<string, unknown> | undefined;
       const servers = mcpConfig?.servers as Record<string, unknown> | undefined;
@@ -147,6 +316,17 @@ export function registerMcpCommand(program: Command): void {
         return;
       }
+      // Best-effort cleanup of any OAuth credentials stored for this server
+      const serverConfig = servers[name] as Record<string, unknown>;
+      const transport = serverConfig?.transport as Record<string, unknown> | undefined;
+      if (transport?.type === 'sse' || transport?.type === 'streamable-http') {
+        try {
+          await deleteMcpOAuthCredentials(name);
+        } catch {
+          // Ignore — credentials may not exist
+        }
+      }
       delete servers[name];
       saveRawConfig(raw);
       log.info(`Removed MCP server "${name}".`);

package/src/config/bundled-skills/agentmail/SKILL.md CHANGED Viewed

@@ -8,9 +8,9 @@ metadata: {"vellum": {"emoji": "📬"}}
 ## How to run
 `vellum` is your own CLI binary — it is already installed and available on the PATH.
-Run all commands via `host_bash`. Do NOT attempt to install, build, or locate the CLI — just execute it directly.
+Run all commands via `bash`. Do NOT attempt to install, build, or locate the CLI — just execute it directly.
-Example: `host_bash("vellum email status --json")`
+Example: `bash("vellum email status --json")`
 Never use browser/computer-use unless user explicitly approves fallback.
@@ -20,7 +20,7 @@ This skill manages the **assistant's own** AgentMail address (`@agentmail.to`)
 ## Rules
-- Always run `vellum email` commands via `host_bash` and parse JSON output.
+- Always run `vellum email` commands via `bash` and parse JSON output.
 - Always do `vellum email status --json` preflight first.
 - Prefer `draft create` before any send — never bypass draft flow.
 - Require explicit user confirmation before `draft approve-send --confirm`.
@@ -38,7 +38,7 @@ Use `credential_store` with:
 - label: `AgentMail API Key`
 - description: `Get your API key from console.agentmail.to`
 - placeholder: `am_us_...`
-- allowed_tools: `["host_bash"]`
+- allowed_tools: `["bash"]`
 - usage_description: `AgentMail email operations via vellum CLI`
 After the credential is stored, retry `vellum email status --json` to confirm it works.

package/src/config/bundled-skills/google-oauth-setup/SKILL.md CHANGED Viewed

@@ -2,6 +2,7 @@
 name: "Google OAuth Setup"
 description: "Set up Google Cloud OAuth credentials for Gmail and Calendar using browser automation"
 user-invocable: true
+credential-setup-for: "gmail"
 includes: ["browser", "public-ingress"]
 metadata: {"vellum": {"emoji": "\ud83d\udd11"}}
 ---