@vellumai/assistant 0.5.1 → 0.5.3

package/src/runtime/routes/surface-action-routes.ts

@@ -5,8 +5,15 @@
  * Requires the conversation to already exist (does not create new conversations).
  */
 import { getLogger } from "../../util/logger.js";
+import { DAEMON_INTERNAL_ASSISTANT_ID } from "../assistant-scope.js";
+import type { AuthContext } from "../auth/types.js";
+import { healGuardianBindingDrift } from "../guardian-vellum-migration.js";
 import { httpError } from "../http-errors.js";
 import type { RouteDefinition } from "../http-router.js";
+import {
+  resolveTrustContext,
+  withSourceChannel,
+} from "../trust-context-resolver.js";
 
 const log = getLogger("surface-action-routes");
 
@@ -18,6 +25,11 @@ interface SurfaceActionTarget {
     data?: Record<string, unknown>,
   ): void;
   handleSurfaceUndo?(surfaceId: string): void;
+  setTrustContext?(ctx: {
+    trustClass: "guardian" | "trusted_contact" | "unknown";
+    sourceChannel: string;
+  }): void;
+  trustContext?: { trustClass: string } | null;
 }
 
 export type ConversationLookup = (
@@ -28,6 +40,53 @@ export type ConversationLookupBySurfaceId = (
   surfaceId: string,
 ) => SurfaceActionTarget | undefined;
 
+/**
+ * Resolve trust context from the request's auth context and set it on the
+ * conversation, following the same pattern as POST /v1/messages. This ensures
+ * surface actions inherit the correct trust class (guardian vs trusted_contact)
+ * rather than defaulting to unknown.
+ */
+function applyTrustContext(
+  conversation: SurfaceActionTarget,
+  authContext: AuthContext,
+): void {
+  if (!conversation.setTrustContext) return;
+
+  const sourceChannel = "vellum";
+
+  if (authContext.actorPrincipalId) {
+    const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
+    let trustCtx = resolveTrustContext({
+      assistantId,
+      sourceChannel,
+      conversationExternalId: "local",
+      actorExternalId: authContext.actorPrincipalId,
+    });
+    if (trustCtx.trustClass === "unknown") {
+      const healed = healGuardianBindingDrift(authContext.actorPrincipalId);
+      if (healed) {
+        trustCtx = resolveTrustContext({
+          assistantId,
+          sourceChannel,
+          conversationExternalId: "local",
+          actorExternalId: authContext.actorPrincipalId,
+        });
+        log.info(
+          {
+            actorPrincipalId: authContext.actorPrincipalId,
+            trustClass: trustCtx.trustClass,
+          },
+          "Trust re-resolved after guardian binding drift heal (surface action)",
+        );
+      }
+    }
+    conversation.setTrustContext(withSourceChannel(sourceChannel, trustCtx));
+  } else {
+    // Service principals or tokens without an actor ID get guardian context.
+    conversation.setTrustContext({ trustClass: "guardian", sourceChannel });
+  }
+}
+
 /**
  * POST /v1/surface-actions — handle a UI surface action.
  *
@@ -37,6 +96,7 @@ export async function handleSurfaceAction(
   req: Request,
   findConversation: ConversationLookup,
   findConversationBySurfaceId?: ConversationLookupBySurfaceId,
+  authContext?: AuthContext,
 ): Promise<Response> {
   const body = (await req.json()) as {
     conversationId?: string | null;
@@ -65,6 +125,12 @@ export async function handleSurfaceAction(
     return httpError("NOT_FOUND", "No active conversation found", 404);
   }
 
+  // Resolve trust context from the request's auth headers so the conversation
+  // has the correct trust class for tool approval decisions.
+  if (authContext) {
+    applyTrustContext(conversation, authContext);
+  }
+
   try {
     conversation.handleSurfaceAction(surfaceId, actionId, data);
     log.info(
@@ -143,7 +209,7 @@ export function surfaceActionRouteDefinitions(deps: {
     {
       endpoint: "surface-actions",
       method: "POST",
-      handler: async ({ req }) => {
+      handler: async ({ req, authContext }) => {
         if (!deps.findConversation) {
           return httpError(
             "NOT_IMPLEMENTED",
@@ -155,6 +221,7 @@ export function surfaceActionRouteDefinitions(deps: {
           req,
           deps.findConversation,
           deps.findConversationBySurfaceId,
+          authContext,
         );
       },
     },

package/src/runtime/routes/trace-event-routes.ts

@@ -42,7 +42,10 @@ export function traceEventRouteDefinitions(): RouteDefinition[] {
         const afterSequence = afterSequenceParam
           ? parseInt(afterSequenceParam, 10)
           : undefined;
-        if (afterSequenceParam && (isNaN(afterSequence!) || afterSequence! < 0)) {
+        if (
+          afterSequenceParam &&
+          (isNaN(afterSequence!) || afterSequence! < 0)
+        ) {
           return httpError(
             "BAD_REQUEST",
             "afterSequence must be a non-negative integer",

package/src/schedule/schedule-store.ts

@@ -15,10 +15,7 @@ import type { ScheduleSyntax } from "./recurrence-types.js";
 const logger = getLogger("schedule-store");
 
 export type ScheduleMode = "notify" | "execute";
-export type RoutingIntent =
-  | "single_channel"
-  | "multi_channel"
-  | "all_channels";
+export type RoutingIntent = "single_channel" | "multi_channel" | "all_channels";
 export type ScheduleStatus = "active" | "firing" | "fired" | "cancelled";
 
 export interface ScheduleJob {
@@ -193,9 +190,7 @@ export function listSchedules(options?: {
     conditions.push(isNull(scheduleJobs.cronExpression));
   }
   if (options?.recurringOnly) {
-    conditions.push(
-      sql`${scheduleJobs.cronExpression} IS NOT NULL`,
-    );
+    conditions.push(sql`${scheduleJobs.cronExpression} IS NOT NULL`);
   }
   const where = conditions.length > 0 ? and(...conditions) : undefined;
   const rows = db
@@ -207,6 +202,27 @@ export function listSchedules(options?: {
   return rows.map(parseJobRow);
 }
 
+/**
+ * Return enabled schedules whose next run falls within a time window.
+ * Used by the memory brief compiler to surface due-soon schedule entries.
+ */
+export function getDueSoonSchedules(
+  now: number,
+  horizonMs: number,
+): ScheduleJob[] {
+  const db = getDb();
+  const cutoff = now + horizonMs;
+  const rows = db
+    .select()
+    .from(scheduleJobs)
+    .where(
+      and(eq(scheduleJobs.enabled, true), lte(scheduleJobs.nextRunAt, cutoff)),
+    )
+    .orderBy(asc(scheduleJobs.nextRunAt))
+    .all();
+  return rows.map(parseJobRow);
+}
+
 export function updateSchedule(
   id: string,
   updates: {
@@ -415,10 +431,7 @@ export function claimDueSchedules(now: number): ScheduleJob[] {
         updatedAt: now,
       })
       .where(
-        and(
-          eq(scheduleJobs.id, row.id),
-          eq(scheduleJobs.status, "active"),
-        ),
+        and(eq(scheduleJobs.id, row.id), eq(scheduleJobs.status, "active")),
       )
       .run();
 
@@ -450,9 +463,7 @@ export function completeOneShot(id: string): void {
       enabled: false,
       updatedAt: now,
     })
-    .where(
-      and(eq(scheduleJobs.id, id), eq(scheduleJobs.status, "firing")),
-    )
+    .where(and(eq(scheduleJobs.id, id), eq(scheduleJobs.status, "firing")))
     .run();
 }
 
@@ -468,9 +479,7 @@ export function failOneShot(id: string): void {
       status: "active",
       updatedAt: now,
     })
-    .where(
-      and(eq(scheduleJobs.id, id), eq(scheduleJobs.status, "firing")),
-    )
+    .where(and(eq(scheduleJobs.id, id), eq(scheduleJobs.status, "firing")))
     .run();
 }
 
@@ -487,9 +496,7 @@ export function cancelSchedule(id: string): boolean {
       enabled: false,
       updatedAt: now,
     })
-    .where(
-      and(eq(scheduleJobs.id, id), eq(scheduleJobs.status, "active")),
-    )
+    .where(and(eq(scheduleJobs.id, id), eq(scheduleJobs.status, "active")))
     .run();
   return rawChanges() > 0;
 }
@@ -770,7 +777,9 @@ function parseJobRow(row: typeof scheduleJobs.$inferSelect): ScheduleJob {
   };
 }
 
-function safeParseJson(json: string | null | undefined): Record<string, unknown> {
+function safeParseJson(
+  json: string | null | undefined,
+): Record<string, unknown> {
   if (!json) return {};
   try {
     return JSON.parse(json) as Record<string, unknown>;

package/src/security/secure-keys.ts

@@ -193,6 +193,27 @@ export async function getProviderKeyAsync(
   return envVar ? process.env[envVar] : undefined;
 }
 
+// ---------------------------------------------------------------------------
+// Masked provider key — for safe display in client UIs
+// ---------------------------------------------------------------------------
+
+/**
+ * Retrieve a provider API key and return a masked version suitable for
+ * display. Shows the first 10 characters and last 4, with `...` in between,
+ * always hiding at least 3 characters. Returns `null` if no key is stored.
+ */
+export async function getMaskedProviderKey(
+  provider: string,
+): Promise<string | null> {
+  const key = await getProviderKeyAsync(provider);
+  if (!key || key.length === 0) return null;
+  const minHidden = 3;
+  const maxVisible = Math.max(1, key.length - minHidden);
+  const prefixLen = Math.min(10, maxVisible);
+  const suffixLen = Math.min(4, Math.max(0, maxVisible - prefixLen));
+  return `${key.slice(0, prefixLen)}...${suffixLen > 0 ? key.slice(-suffixLen) : ""}`;
+}
+
 // ---------------------------------------------------------------------------
 // Test helpers
 // ---------------------------------------------------------------------------

package/src/signals/bash.ts

@@ -80,7 +80,7 @@ export function handleBashSignal(filename: string): void {
         exitCode: null,
         timedOut: false,
         error:
-          "Bash signals are disabled. The running assistant process must have been started with VELLUM_DEBUG=1 (setting it on the CLI command alone is not enough). Restart the assistant with: VELLUM_DEBUG=1 assistant start",
+          "Bash signals are disabled. The running assistant process must have been started with VELLUM_DEBUG=1 (setting it on the CLI command alone is not enough). Restart the assistant with: vellum sleep && VELLUM_DEBUG=1 vellum wake",
       });
     }
     return;

package/src/skills/inline-command-expansions.ts

@@ -0,0 +1,204 @@
+/**
+ * Canonical parser for inline command expansion tokens in skill bodies.
+ *
+ * Syntax: !\`command\`
+ *
+ * These tokens are parsed from the markdown body of a SKILL.md file (after
+ * frontmatter extraction). Tokens inside fenced code blocks are ignored so
+ * that documentation examples or literal snippets do not accidentally execute.
+ *
+ * The parser fails closed on malformed tokens: unmatched backticks, empty
+ * commands, or nested backticks that make the command text ambiguous are
+ * rejected rather than best-effort expanded.
+ */
+
+import { getLogger } from "../util/logger.js";
+
+const log = getLogger("inline-command-expansions");
+
+// ─── Types ────────────────────────────────────────────────────────────────────
+
+/** A single parsed inline command expansion descriptor. */
+export interface InlineCommandExpansion {
+  /** The raw command text between the backticks (trimmed). */
+  command: string;
+  /** Byte offset of the `!` character in the original body string. */
+  startOffset: number;
+  /** Byte offset one past the closing backtick in the original body string. */
+  endOffset: number;
+  /** Stable placeholder ID derived from encounter order (0-indexed). */
+  placeholderId: number;
+}
+
+/** Result of parsing a skill body for inline command expansions. */
+export interface InlineCommandExpansionResult {
+  /** Successfully parsed expansion descriptors, in encounter order. */
+  expansions: InlineCommandExpansion[];
+  /** Malformed tokens that were rejected (fail-closed). */
+  errors: InlineCommandExpansionError[];
+}
+
+/** A malformed inline command expansion token. */
+export interface InlineCommandExpansionError {
+  /** The raw matched text that was rejected. */
+  raw: string;
+  /** Byte offset in the original body. */
+  offset: number;
+  /** Human-readable reason for rejection. */
+  reason: string;
+}
+
+// ─── Fenced code block stripping ──────────────────────────────────────────────
+
+/**
+ * Build a set of character ranges that fall inside fenced code blocks.
+ * A fenced code block starts with a line matching ``` (with optional info
+ * string) and ends with a line matching ``` (or end of string).
+ */
+function buildFencedCodeRanges(body: string): Array<[number, number]> {
+  const ranges: Array<[number, number]> = [];
+  // Match fenced code block delimiters: ``` optionally followed by info string
+  const fenceRe = /^(`{3,}|~{3,})(.*)?$/gm;
+  let openFence: { index: number; delimiter: string } | undefined;
+
+  let match: RegExpExecArray | undefined;
+  while ((match = fenceRe.exec(body) ?? undefined) !== undefined) {
+    const delimiter = match[1];
+    if (openFence === undefined) {
+      // Opening fence
+      openFence = {
+        index: match.index,
+        delimiter: delimiter[0].repeat(delimiter.length),
+      };
+    } else if (
+      delimiter[0] === openFence.delimiter[0] &&
+      delimiter.length >= openFence.delimiter.length &&
+      // Closing fence must be bare (no info string after it)
+      (!match[2] || match[2].trim() === "")
+    ) {
+      // Closing fence — range covers from opening fence to end of closing fence line
+      ranges.push([openFence.index, match.index + match[0].length]);
+      openFence = undefined;
+    }
+    // Otherwise ignore (nested fence-like lines inside a code block)
+  }
+
+  // If a fence was opened but never closed, treat everything from the opening
+  // fence to EOF as inside a code block.
+  if (openFence !== undefined) {
+    ranges.push([openFence.index, body.length]);
+  }
+
+  return ranges;
+}
+
+function isInsideFencedCode(
+  offset: number,
+  ranges: Array<[number, number]>,
+): boolean {
+  for (const [start, end] of ranges) {
+    if (offset >= start && offset < end) return true;
+  }
+  return false;
+}
+
+// ─── Parser ───────────────────────────────────────────────────────────────────
+
+/**
+ * Parse inline command expansion tokens (`!\`...\``) from a skill body.
+ *
+ * The body must be the markdown content _after_ frontmatter has been stripped.
+ * Tokens inside fenced code blocks are skipped.
+ *
+ * Returns both the successfully parsed expansions and any malformed tokens
+ * that were rejected (fail-closed).
+ */
+export function parseInlineCommandExpansions(
+  body: string,
+): InlineCommandExpansionResult {
+  const expansions: InlineCommandExpansion[] = [];
+  const errors: InlineCommandExpansionError[] = [];
+
+  const fencedRanges = buildFencedCodeRanges(body);
+
+  // Match !\`...\` tokens. The regex captures the content between the backticks.
+  // We use a non-greedy match to find the first closing backtick.
+  const tokenRe = /!\`([^`]*)\`/g;
+
+  let match: RegExpExecArray | undefined;
+  let placeholderCounter = 0;
+
+  while ((match = tokenRe.exec(body) ?? undefined) !== undefined) {
+    const startOffset = match.index;
+    const endOffset = startOffset + match[0].length;
+    const rawCommand = match[1];
+
+    // Skip tokens inside fenced code blocks
+    if (isInsideFencedCode(startOffset, fencedRanges)) {
+      continue;
+    }
+
+    // Fail closed: empty command
+    if (rawCommand.trim().length === 0) {
+      errors.push({
+        raw: match[0],
+        offset: startOffset,
+        reason: "Empty command text",
+      });
+      continue;
+    }
+
+    // Fail closed: nested backticks (would make command text ambiguous)
+    if (rawCommand.includes("`")) {
+      errors.push({
+        raw: match[0],
+        offset: startOffset,
+        reason: "Nested backticks in command text",
+      });
+      continue;
+    }
+
+    expansions.push({
+      command: rawCommand.trim(),
+      startOffset,
+      endOffset,
+      placeholderId: placeholderCounter++,
+    });
+  }
+
+  // Also detect malformed tokens: !\` without a closing backtick.
+  // These are unmatched opening tokens that didn't match the regex above.
+  const unmatchedRe = /!\`/g;
+  const matchedStarts = new Set<number>();
+  // Re-run the token regex to collect all matched positions
+  tokenRe.lastIndex = 0;
+  while ((match = tokenRe.exec(body) ?? undefined) !== undefined) {
+    matchedStarts.add(match.index);
+  }
+
+  let unmatchedMatch: RegExpExecArray | undefined;
+  while ((unmatchedMatch = unmatchedRe.exec(body) ?? undefined) !== undefined) {
+    const offset = unmatchedMatch.index;
+
+    // Skip if this was already matched as a complete token
+    if (matchedStarts.has(offset)) continue;
+
+    // Skip if inside a fenced code block
+    if (isInsideFencedCode(offset, fencedRanges)) continue;
+
+    errors.push({
+      raw: body.slice(offset, Math.min(offset + 40, body.length)),
+      offset,
+      reason: "Unmatched opening backtick (no closing backtick found)",
+    });
+  }
+
+  if (errors.length > 0) {
+    log.warn(
+      { errorCount: errors.length, errors },
+      "Malformed inline command expansion tokens detected",
+    );
+  }
+
+  return { expansions, errors };
+}

package/src/skills/inline-command-render.ts

@@ -0,0 +1,127 @@
+/**
+ * Renderer for inline command expansion tokens in skill bodies.
+ *
+ * Given a skill body and its parsed `InlineCommandExpansion` descriptors,
+ * replaces each `!\`command\`` token by executing the command through the
+ * sandbox-only runner and wrapping the result in XML tags:
+ *
+ *   <inline_skill_command index="0">...output...</inline_skill_command>
+ *
+ * Render failures produce stable inline stubs rather than dumping raw
+ * shell stderr into the prompt:
+ *
+ *   <inline_skill_command index="0">[inline command unavailable: <reason>]</inline_skill_command>
+ */
+
+import { getLogger } from "../util/logger.js";
+import type { InlineCommandExpansion } from "./inline-command-expansions.js";
+import type { InlineCommandResult } from "./inline-command-runner.js";
+import { runInlineCommand } from "./inline-command-runner.js";
+
+const log = getLogger("inline-command-render");
+
+// ─── Types ────────────────────────────────────────────────────────────────────
+
+/** Result of rendering all inline command expansions in a skill body. */
+export interface InlineCommandRenderResult {
+  /** The body with all inline command tokens replaced. */
+  renderedBody: string;
+  /** Count of successfully expanded tokens. */
+  expandedCount: number;
+  /** Count of tokens that failed to expand (rendered as stubs). */
+  failedCount: number;
+}
+
+// ─── Failure reason mapping ───────────────────────────────────────────────────
+
+/**
+ * Map a machine-readable failure reason to a human-readable stub message
+ * suitable for inclusion in the prompt. These messages are intentionally
+ * terse and deterministic so they don't leak raw stderr or confuse the LLM.
+ */
+function failureReasonToStub(result: InlineCommandResult): string {
+  switch (result.failureReason) {
+    case "timeout":
+      return "command timed out";
+    case "non_zero_exit":
+      return "command failed";
+    case "binary_output":
+      return "command produced binary output";
+    case "spawn_failure":
+      return "command could not be started";
+    default:
+      return "unknown error";
+  }
+}
+
+// ─── Public API ───────────────────────────────────────────────────────────────
+
+/**
+ * Render all inline command expansion tokens in a skill body.
+ *
+ * Each `!\`command\`` token is executed through the sandbox-only runner and
+ * replaced with its output wrapped in XML tags. Expansions are processed
+ * sequentially (not in parallel) to keep execution order deterministic and
+ * avoid overwhelming the sandbox.
+ *
+ * @param body  The skill body containing `!\`command\`` tokens.
+ * @param expansions  Parsed expansion descriptors from `parseInlineCommandExpansions`.
+ * @param workingDir  The conversation's working directory (repo root).
+ */
+export async function renderInlineCommands(
+  body: string,
+  expansions: InlineCommandExpansion[],
+  workingDir: string,
+): Promise<InlineCommandRenderResult> {
+  if (expansions.length === 0) {
+    return { renderedBody: body, expandedCount: 0, failedCount: 0 };
+  }
+
+  let expandedCount = 0;
+  let failedCount = 0;
+
+  // Process replacements in reverse offset order so that earlier offsets
+  // remain valid after splicing in replacement text.
+  const sorted = [...expansions].sort((a, b) => b.startOffset - a.startOffset);
+
+  let result = body;
+
+  for (const expansion of sorted) {
+    const commandResult = await runInlineCommand(expansion.command, workingDir);
+
+    let replacement: string;
+    if (commandResult.ok) {
+      replacement = wrapInXml(expansion.placeholderId, commandResult.output);
+      expandedCount++;
+    } else {
+      const stub = failureReasonToStub(commandResult);
+      replacement = wrapInXml(
+        expansion.placeholderId,
+        `[inline command unavailable: ${stub}]`,
+      );
+      failedCount++;
+      log.warn(
+        {
+          command: expansion.command,
+          placeholderId: expansion.placeholderId,
+          failureReason: commandResult.failureReason,
+        },
+        "Inline command expansion failed, rendering stub",
+      );
+    }
+
+    // Replace the original token with the rendered output
+    result =
+      result.slice(0, expansion.startOffset) +
+      replacement +
+      result.slice(expansion.endOffset);
+  }
+
+  return { renderedBody: result, expandedCount, failedCount };
+}
+
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+
+function wrapInXml(index: number, content: string): string {
+  return `<inline_skill_command index="${index}">${content}</inline_skill_command>`;
+}