@vellumai/assistant 0.5.11 → 0.5.13

package/src/oauth/seed-providers.ts

@@ -6,16 +6,15 @@ import { seedProviders } from "./oauth-store.js";
  * These values are upserted into the `oauth_providers` SQLite table on
  * every startup. Only Vellum implementation fields (authUrl, tokenUrl,
  * tokenEndpointAuthMethod, userinfoUrl, extraParams, callbackTransport,
- * pingUrl, pingMethod, pingHeaders, pingBody, managedServiceConfigKey)
+ * pingUrl, pingMethod, pingHeaders, pingBody, managedServiceConfigKey,
+ * loopbackPort, injectionTemplates, appType, setupNotes,
+ * identityUrl, identityMethod, identityHeaders, identityBody,
+ * identityResponsePaths, identityFormat, identityOkField)
  * and display metadata (displayName,
  * description, dashboardUrl, clientIdPlaceholder, requiresClientSecret)
  * are overwritten on subsequent startups — user-customizable
- * fields (defaultScopes, scopePolicy, baseUrl) are only
+ * fields (defaultScopes, scopePolicy) are only
  * written on initial insert and preserved across restarts.
- *
- * Code-side behavioral fields (identityVerifier, injectionTemplates,
- * setup, etc.) live in `provider-behaviors.ts` and are never persisted
- * to the DB.
  */
 const PROVIDER_SEED_DATA: Record<
   string,
@@ -44,10 +43,26 @@ const PROVIDER_SEED_DATA: Record<
     dashboardUrl: string | null;
     clientIdPlaceholder: string | null;
     requiresClientSecret?: boolean;
+    loopbackPort?: number;
+    injectionTemplates?: Array<{
+      hostPattern: string;
+      injectionType: string;
+      headerName: string;
+      valuePrefix: string;
+    }>;
+    appType?: string;
+    setupNotes?: string[];
+    identityUrl?: string;
+    identityMethod?: string;
+    identityHeaders?: Record<string, string>;
+    identityBody?: unknown;
+    identityResponsePaths?: string[];
+    identityFormat?: string;
+    identityOkField?: string;
   }
 > = {
-  "integration:google": {
-    providerKey: "integration:google",
+  google: {
+    providerKey: "google",
     authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
     tokenUrl: "https://oauth2.googleapis.com/token",
     userinfoUrl: "https://www.googleapis.com/oauth2/v2/userinfo",
@@ -77,10 +92,33 @@ const PROVIDER_SEED_DATA: Record<
     extraParams: { access_type: "offline", prompt: "consent" },
     callbackTransport: "loopback",
     managedServiceConfigKey: "google-oauth",
+    injectionTemplates: [
+      {
+        hostPattern: "gmail.googleapis.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+      {
+        hostPattern: "www.googleapis.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+      {
+        hostPattern: "people.googleapis.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "Desktop app",
+    identityUrl: "https://www.googleapis.com/oauth2/v2/userinfo",
+    identityResponsePaths: ["email"],
   },
 
-  "integration:slack": {
-    providerKey: "integration:slack",
+  slack: {
+    providerKey: "slack",
     authUrl: "https://slack.com/oauth/v2/authorize",
     tokenUrl: "https://slack.com/api/oauth.v2.access",
     pingUrl: "https://slack.com/api/auth.test",
@@ -114,10 +152,24 @@ const PROVIDER_SEED_DATA: Record<
         "channels:read,channels:history,groups:read,groups:history,im:read,im:history,im:write,mpim:read,mpim:history,users:read,chat:write,search:read,reactions:write",
     },
     callbackTransport: "loopback",
+    loopbackPort: 17322,
+    injectionTemplates: [
+      {
+        hostPattern: "slack.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "Slack App",
+    identityUrl: "https://slack.com/api/auth.test",
+    identityOkField: "ok",
+    identityResponsePaths: ["user", "team"],
+    identityFormat: "@${user} (${team})",
   },
 
-  "integration:notion": {
-    providerKey: "integration:notion",
+  notion: {
+    providerKey: "notion",
     authUrl: "https://api.notion.com/v1/oauth/authorize",
     tokenUrl: "https://api.notion.com/v1/oauth/token",
     pingUrl: "https://api.notion.com/v1/users/me",
@@ -136,10 +188,23 @@ const PROVIDER_SEED_DATA: Record<
     extraParams: { owner: "user" },
     tokenEndpointAuthMethod: "client_secret_basic",
     callbackTransport: "loopback",
+    loopbackPort: 17323,
+    injectionTemplates: [
+      {
+        hostPattern: "api.notion.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "Public integration",
+    identityUrl: "https://api.notion.com/v1/users/me",
+    identityHeaders: { "Notion-Version": "2022-06-28" },
+    identityResponsePaths: ["name", "person.email"],
   },
 
-  "integration:twitter": {
-    providerKey: "integration:twitter",
+  twitter: {
+    providerKey: "twitter",
     authUrl: "https://twitter.com/i/oauth2/authorize",
     tokenUrl: "https://api.x.com/2/oauth2/token",
     pingUrl: "https://api.x.com/2/users/me",
@@ -161,10 +226,22 @@ const PROVIDER_SEED_DATA: Record<
     },
     tokenEndpointAuthMethod: "client_secret_basic",
     callbackTransport: "gateway",
+    injectionTemplates: [
+      {
+        hostPattern: "api.x.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "App",
+    identityUrl: "https://api.x.com/2/users/me",
+    identityResponsePaths: ["data.username"],
+    identityFormat: "@${data.username}",
   },
 
-  "integration:github": {
-    providerKey: "integration:github",
+  github: {
+    providerKey: "github",
     authUrl: "https://github.com/login/oauth/authorize",
     tokenUrl: "https://github.com/login/oauth/access_token",
     pingUrl: "https://api.github.com/user",
@@ -185,10 +262,23 @@ const PROVIDER_SEED_DATA: Record<
       forbiddenScopes: ["delete_repo", "admin:org"],
     },
     callbackTransport: "loopback",
+    loopbackPort: 17332,
+    injectionTemplates: [
+      {
+        hostPattern: "api.github.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "OAuth App",
+    identityUrl: "https://api.github.com/user",
+    identityResponsePaths: ["login"],
+    identityFormat: "@${login}",
   },
 
-  "integration:linear": {
-    providerKey: "integration:linear",
+  linear: {
+    providerKey: "linear",
     authUrl: "https://linear.app/oauth/authorize",
     tokenUrl: "https://api.linear.app/oauth/token",
     pingUrl: "https://api.linear.app/graphql",
@@ -208,10 +298,25 @@ const PROVIDER_SEED_DATA: Record<
     },
     extraParams: { prompt: "consent" },
     callbackTransport: "loopback",
+    loopbackPort: 17324,
+    injectionTemplates: [
+      {
+        hostPattern: "api.linear.app",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "OAuth application",
+    identityUrl: "https://api.linear.app/graphql",
+    identityMethod: "POST",
+    identityHeaders: { "Content-Type": "application/json" },
+    identityBody: { query: "{ viewer { email name } }" },
+    identityResponsePaths: ["data.viewer.email", "data.viewer.name"],
   },
 
-  "integration:spotify": {
-    providerKey: "integration:spotify",
+  spotify: {
+    providerKey: "spotify",
     authUrl: "https://accounts.spotify.com/authorize",
     tokenUrl: "https://accounts.spotify.com/api/token",
     pingUrl: "https://api.spotify.com/v1/me",
@@ -238,10 +343,22 @@ const PROVIDER_SEED_DATA: Record<
     },
     tokenEndpointAuthMethod: "client_secret_basic",
     callbackTransport: "loopback",
+    loopbackPort: 17333,
+    injectionTemplates: [
+      {
+        hostPattern: "api.spotify.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "App",
+    identityUrl: "https://api.spotify.com/v1/me",
+    identityResponsePaths: ["display_name", "email"],
   },
 
-  "integration:todoist": {
-    providerKey: "integration:todoist",
+  todoist: {
+    providerKey: "todoist",
     authUrl: "https://todoist.com/oauth/authorize",
     tokenUrl: "https://todoist.com/oauth/access_token",
     pingUrl: "https://api.todoist.com/rest/v2/projects",
@@ -257,10 +374,25 @@ const PROVIDER_SEED_DATA: Record<
       forbiddenScopes: ["data:delete"],
     },
     callbackTransport: "loopback",
+    loopbackPort: 17325,
+    injectionTemplates: [
+      {
+        hostPattern: "api.todoist.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "App",
+    identityUrl: "https://api.todoist.com/sync/v9/sync",
+    identityMethod: "POST",
+    identityHeaders: { "Content-Type": "application/x-www-form-urlencoded" },
+    identityBody: "sync_token=*&resource_types=[%22user%22]",
+    identityResponsePaths: ["user.full_name", "user.email"],
   },
 
-  "integration:discord": {
-    providerKey: "integration:discord",
+  discord: {
+    providerKey: "discord",
     authUrl: "https://discord.com/oauth2/authorize",
     tokenUrl: "https://discord.com/api/v10/oauth2/token",
     pingUrl: "https://discord.com/api/v10/users/@me",
@@ -281,10 +413,22 @@ const PROVIDER_SEED_DATA: Record<
       forbiddenScopes: [],
     },
     callbackTransport: "loopback",
+    loopbackPort: 17326,
+    injectionTemplates: [
+      {
+        hostPattern: "discord.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "Application",
+    identityUrl: "https://discord.com/api/v10/users/@me",
+    identityResponsePaths: ["global_name", "username"],
   },
 
-  "integration:dropbox": {
-    providerKey: "integration:dropbox",
+  dropbox: {
+    providerKey: "dropbox",
     authUrl: "https://www.dropbox.com/oauth2/authorize",
     tokenUrl: "https://api.dropboxapi.com/oauth2/token",
     pingUrl: "https://api.dropboxapi.com/2/users/get_current_account",
@@ -307,10 +451,29 @@ const PROVIDER_SEED_DATA: Record<
     },
     extraParams: { token_access_type: "offline" },
     callbackTransport: "loopback",
+    loopbackPort: 17327,
+    injectionTemplates: [
+      {
+        hostPattern: "api.dropboxapi.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+      {
+        hostPattern: "content.dropboxapi.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "Scoped access app",
+    identityUrl: "https://api.dropboxapi.com/2/users/get_current_account",
+    identityMethod: "POST",
+    identityResponsePaths: ["name.display_name", "email"],
   },
 
-  "integration:asana": {
-    providerKey: "integration:asana",
+  asana: {
+    providerKey: "asana",
     authUrl: "https://app.asana.com/-/oauth_authorize",
     tokenUrl: "https://app.asana.com/-/oauth_token",
     pingUrl: "https://app.asana.com/api/1.0/users/me",
@@ -326,10 +489,22 @@ const PROVIDER_SEED_DATA: Record<
       forbiddenScopes: [],
     },
     callbackTransport: "loopback",
+    loopbackPort: 17328,
+    injectionTemplates: [
+      {
+        hostPattern: "app.asana.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "App",
+    identityUrl: "https://app.asana.com/api/1.0/users/me",
+    identityResponsePaths: ["data.name", "data.email"],
   },
 
-  "integration:airtable": {
-    providerKey: "integration:airtable",
+  airtable: {
+    providerKey: "airtable",
     authUrl: "https://airtable.com/oauth2/v1/authorize",
     tokenUrl: "https://airtable.com/oauth2/v1/token",
     pingUrl: "https://api.airtable.com/v0/meta/whoami",
@@ -350,10 +525,22 @@ const PROVIDER_SEED_DATA: Record<
     },
     tokenEndpointAuthMethod: "client_secret_basic",
     callbackTransport: "loopback",
+    loopbackPort: 17329,
+    injectionTemplates: [
+      {
+        hostPattern: "api.airtable.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "OAuth integration",
+    identityUrl: "https://api.airtable.com/v0/meta/whoami",
+    identityResponsePaths: ["email"],
   },
 
-  "integration:hubspot": {
-    providerKey: "integration:hubspot",
+  hubspot: {
+    providerKey: "hubspot",
     authUrl: "https://app.hubspot.com/oauth/authorize",
     tokenUrl: "https://api.hubapi.com/oauth/v1/token",
     pingUrl: "https://api.hubapi.com/crm/v3/objects/contacts?limit=1",
@@ -378,10 +565,22 @@ const PROVIDER_SEED_DATA: Record<
       forbiddenScopes: [],
     },
     callbackTransport: "loopback",
+    loopbackPort: 17330,
+    injectionTemplates: [
+      {
+        hostPattern: "api.hubapi.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "App",
+    identityUrl: "https://api.hubapi.com/oauth/v1/access-tokens/${accessToken}",
+    identityResponsePaths: ["user", "hub_domain"],
   },
 
-  "integration:figma": {
-    providerKey: "integration:figma",
+  figma: {
+    providerKey: "figma",
     authUrl: "https://www.figma.com/oauth",
     tokenUrl: "https://api.figma.com/v1/oauth/token",
     pingUrl: "https://api.figma.com/v1/me",
@@ -398,6 +597,18 @@ const PROVIDER_SEED_DATA: Record<
     },
     tokenEndpointAuthMethod: "client_secret_basic",
     callbackTransport: "loopback",
+    loopbackPort: 17331,
+    injectionTemplates: [
+      {
+        hostPattern: "api.figma.com",
+        injectionType: "header",
+        headerName: "Authorization",
+        valuePrefix: "Bearer ",
+      },
+    ],
+    appType: "App",
+    identityUrl: "https://api.figma.com/v1/me",
+    identityResponsePaths: ["handle", "email"],
   },
 
   // Manual-token providers: these don't use OAuth2 flows but need provider
@@ -441,6 +652,8 @@ const PROVIDER_SEED_DATA: Record<
   },
 };
 
+export const SEEDED_PROVIDER_KEYS = new Set(Object.keys(PROVIDER_SEED_DATA));
+
 /**
  * Seed the oauth_providers table with well-known provider configurations.
  * Uses INSERT … ON CONFLICT DO UPDATE so seed-data corrections propagate

package/src/permissions/checker.ts

@@ -146,7 +146,6 @@ const LOW_RISK_PROGRAMS = new Set([
   "tree",
   "du",
   "df",
-  "assistant",
 ]);
 
 // High-risk shell programs / patterns
@@ -200,6 +199,46 @@ const LOW_RISK_GIT_SUBCOMMANDS = new Set([
   "reflog",
 ]);
 
+/**
+ * Classify risk for `assistant` CLI subcommands. Multi-word subcommands
+ * (e.g. `assistant oauth token`) are matched by walking the positional args.
+ */
+function classifyAssistantSubcommand(args: string[]): RiskLevel {
+  // `--help` on any subcommand is read-only, always Low risk.
+  // Only check args before `--` (option terminator) — after `--`, tokens
+  // are positional arguments, not flags.
+  const ddIndex = args.indexOf("--");
+  const flagArgs = ddIndex === -1 ? args : args.slice(0, ddIndex);
+  if (flagArgs.some((a) => a === "--help" || a === "-h")) return RiskLevel.Low;
+
+  const sub = firstPositionalArg(args);
+  if (!sub) return RiskLevel.Low;
+
+  if (sub === "oauth") {
+    const oauthSub = firstPositionalArg(args.slice(args.indexOf(sub) + 1));
+    if (oauthSub === "token") return RiskLevel.High;
+    if (oauthSub === "mode") {
+      // `oauth mode --set` is high risk; bare `oauth mode` (read) is low.
+      // Match both `--set value` (two tokens) and `--set=value` (one token).
+      if (args.some((a) => a === "--set" || a.startsWith("--set=")))
+        return RiskLevel.High;
+      return RiskLevel.Low;
+    }
+    if (oauthSub === "request") return RiskLevel.Medium;
+    if (oauthSub === "connect" || oauthSub === "disconnect")
+      return RiskLevel.Medium;
+    return RiskLevel.Low;
+  }
+
+  if (sub === "credentials") {
+    const credSub = firstPositionalArg(args.slice(args.indexOf(sub) + 1));
+    if (credSub === "reveal") return RiskLevel.High;
+    return RiskLevel.Low;
+  }
+
+  return RiskLevel.Low;
+}
+
 // Commands that wrap another program — the real program appears as the first
 // non-flag argument.  When one of these is the segment program we look through
 // its args to find the effective program (e.g. `env curl …` → curl).
@@ -222,6 +261,14 @@ const WRAPPER_PROGRAMS = new Set([
 // value of -u) as the wrapped program instead of `echo`.
 const ENV_VALUE_FLAGS = new Set(["-u", "--unset", "-C", "--chdir"]);
 
+// `timeout` flags that consume the next positional argument as their value.
+const TIMEOUT_VALUE_FLAGS = new Set(["-s", "--signal", "-k", "--kill-after"]);
+
+// Wrapper programs where the first non-flag positional argument is a
+// configuration value (duration, CPU mask), not the wrapped program name.
+// For these wrappers, the second non-flag positional is the real program.
+const WRAPPER_SKIP_FIRST_POSITIONAL = new Set(["timeout", "taskset"]);
+
 // `git` global flags that consume the next positional argument as their value.
 // Without this, `git -C status commit` would incorrectly identify `status`
 // (the directory path) as the subcommand instead of `commit`.
@@ -280,24 +327,66 @@ function isRmOfKnownSafeFile(args: string[]): boolean {
  *
  * Handles `env` specially: skips `VAR=value` pairs and value-taking flags
  * like `-u NAME` and `-C DIR`.
+ *
+ * Handles `timeout` and `taskset` specially: their first non-flag positional
+ * argument is a duration or CPU mask, not the wrapped program. The second
+ * non-flag positional is the real program.
  */
 function getWrappedProgram(seg: {
   program: string;
   args: string[];
 }): string | undefined {
   const isEnv = seg.program === "env";
+  const isTimeout = seg.program === "timeout";
+  const skipFirst = WRAPPER_SKIP_FIRST_POSITIONAL.has(seg.program);
+  let skippedFirstPositional = false;
   for (let i = 0; i < seg.args.length; i++) {
     const arg = seg.args[i];
     if (arg.startsWith("-")) {
       if (isEnv && ENV_VALUE_FLAGS.has(arg)) i++; // skip the value argument
+      if (isTimeout && TIMEOUT_VALUE_FLAGS.has(arg)) i++; // skip the value argument
       continue;
     }
     if (isEnv && arg.includes("=")) continue; // skip env VAR=value pairs
+    if (skipFirst && !skippedFirstPositional) {
+      skippedFirstPositional = true;
+      continue; // skip the duration/CPU mask
+    }
     return arg;
   }
   return undefined;
 }
 
+/**
+ * Like `getWrappedProgram`, but also returns the remaining args after the
+ * wrapped program name. This allows callers to propagate subcommand-aware
+ * classification (e.g. `env assistant oauth token` → classify `oauth token`).
+ */
+function getWrappedProgramWithArgs(seg: {
+  program: string;
+  args: string[];
+}): { program: string; args: string[] } | undefined {
+  const isEnv = seg.program === "env";
+  const isTimeout = seg.program === "timeout";
+  const skipFirst = WRAPPER_SKIP_FIRST_POSITIONAL.has(seg.program);
+  let skippedFirstPositional = false;
+  for (let i = 0; i < seg.args.length; i++) {
+    const arg = seg.args[i];
+    if (arg.startsWith("-")) {
+      if (isEnv && ENV_VALUE_FLAGS.has(arg)) i++;
+      if (isTimeout && TIMEOUT_VALUE_FLAGS.has(arg)) i++;
+      continue;
+    }
+    if (isEnv && arg.includes("=")) continue;
+    if (skipFirst && !skippedFirstPositional) {
+      skippedFirstPositional = true;
+      continue; // skip the duration/CPU mask
+    }
+    return { program: arg, args: seg.args.slice(i + 1) };
+  }
+  return undefined;
+}
+
 function getStringField(
   input: Record<string, unknown>,
   ...keys: string[]
@@ -731,6 +820,34 @@ async function classifyRiskUncached(
           maxRisk = RiskLevel.Medium;
           continue;
         }
+        // Propagate subcommand-aware classification for wrapped git/assistant
+        if (wrapped === "git") {
+          const wrappedWithArgs = getWrappedProgramWithArgs(seg);
+          if (wrappedWithArgs) {
+            const subcommand = firstPositionalArg(
+              wrappedWithArgs.args,
+              GIT_VALUE_FLAGS,
+            );
+            if (subcommand && LOW_RISK_GIT_SUBCOMMANDS.has(subcommand)) {
+              continue;
+            }
+            maxRisk = RiskLevel.Medium;
+            continue;
+          }
+        }
+        if (wrapped === "assistant") {
+          const wrappedWithArgs = getWrappedProgramWithArgs(seg);
+          if (wrappedWithArgs) {
+            const assistantRisk = classifyAssistantSubcommand(
+              wrappedWithArgs.args,
+            );
+            if (assistantRisk === RiskLevel.High) return RiskLevel.High;
+            if (assistantRisk === RiskLevel.Medium) {
+              maxRisk = RiskLevel.Medium;
+            }
+            continue;
+          }
+        }
       }
 
       if (prog === "git") {
@@ -744,6 +861,15 @@ async function classifyRiskUncached(
         continue;
       }
 
+      if (prog === "assistant") {
+        const assistantRisk = classifyAssistantSubcommand(seg.args);
+        if (assistantRisk === RiskLevel.High) return RiskLevel.High;
+        if (assistantRisk === RiskLevel.Medium) {
+          maxRisk = RiskLevel.Medium;
+        }
+        continue;
+      }
+
       if (!LOW_RISK_PROGRAMS.has(prog)) {
         // Unknown program → medium
         if (maxRisk === RiskLevel.Low) {

package/src/prompts/journal-context.ts

@@ -78,7 +78,10 @@ export function buildJournalContext(
 
   // Filter for .md files, excluding README.md (case-insensitive)
   const mdFiles = files.filter(
-    (f) => f.endsWith(".md") && f.toLowerCase() !== "readme.md",
+    (f) =>
+      f.endsWith(".md") &&
+      !f.startsWith(".") &&
+      f.toLowerCase() !== "readme.md",
   );
 
   // Collect file info with birthtime (creation time), skipping unreadable entries