@vellumai/assistant 0.5.12 → 0.5.13

package/Dockerfile

@@ -38,23 +38,55 @@ WORKDIR /app/assistant
 
 # Install runtime dependencies for Playwright and tree-sitter
 RUN apt-get update && apt-get install -y \
-    curl \
-    unzip \
+    bubblewrap \
     ca-certificates \
-    python3 \
-    libnss3 \
-    libfreetype6 \
-    libharfbuzz0b \
+    curl \
+    ffmpeg \
     fonts-freefont-ttf \
-    make \
     g++ \
     git \
-    sudo \
     htop \
-    procps \
     jq \
+    libasound2 \
+    libatk-bridge2.0-0 \
+    libatk1.0-0 \
+    libatspi2.0-0 \
+    libcairo2 \
+    libcups2 \
+    libdrm2 \
+    libfreetype6 \
+    libgbm1 \
+    libharfbuzz0b \
+    libnspr4 \
+    libnss3 \
+    libpango-1.0-0 \
+    libpangocairo-1.0-0 \
+    libx11-6 \
+    libx11-xcb1 \
+    libxcb-dri3-0 \
+    libxcb1 \
+    libxcomposite1 \
+    libxdamage1 \
+    libxext6 \
+    libxfixes3 \
+    libxi6 \
+    libxkbcommon0 \
+    libxrandr2 \
+    libxrender1 \
+    libxshmfence1 \
+    libxtst6 \
+    lsof \
+    make \
+    openssl \
+    procps \
+    python3 \
+    sqlite3 \
+    sudo \
+    unzip \
     uuid-runtime \
     vim \
+    xclip \
+    xdg-utils \
     && rm -rf /var/lib/apt/lists/*
 
 # Copy bun binary from builder instead of re-installing

package/node_modules/@vellumai/ces-contracts/src/index.ts

@@ -33,6 +33,13 @@ export const HandshakeRequestSchema = z.object({
    * can use it for platform credential materialisation.
    */
   assistantApiKey: z.string().optional(),
+  /**
+   * Optional platform assistant ID passed from the assistant runtime.
+   * In managed (sidecar) mode with warm pools, the PLATFORM_ASSISTANT_ID
+   * env var may not be set at CES startup. The assistant forwards it here
+   * so CES can use it for platform credential materialisation.
+   */
+  assistantId: z.string().optional(),
 });
 export type HandshakeRequest = z.infer<typeof HandshakeRequestSchema>;
 

package/node_modules/@vellumai/ces-contracts/src/rpc.ts

@@ -422,6 +422,11 @@ export type ListAuditRecordsResponse = z.infer<
 export const UpdateManagedCredentialSchema = z.object({
   /** The assistant API key to push to CES for platform credential materialization. */
   assistantApiKey: z.string(), // nosemgrep: not-a-secret
+  /**
+   * Optional platform assistant ID. In warm-pool mode the ID may not be
+   * available at CES startup; the assistant pushes it here once provisioned.
+   */
+  assistantId: z.string().optional(),
 });
 export type UpdateManagedCredential = z.infer<
   typeof UpdateManagedCredentialSchema

package/openapi.yaml

@@ -3,7 +3,7 @@
 openapi: 3.0.0
 info:
   title: Vellum Assistant API
-  version: 0.5.11
+  version: 0.5.12
   description: Auto-generated OpenAPI specification for the Vellum Assistant runtime HTTP server.
 servers:
   - url: http://127.0.0.1:7821

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.5.12",
+  "version": "0.5.13",
   "license": "MIT",
   "type": "module",
   "exports": {

package/src/__tests__/first-greeting.test.ts

@@ -50,6 +50,13 @@ describe("first-greeting", () => {
       expect(isWakeUpGreeting("Wake Up, My Friend.", 0)).toBe(true);
     });
 
+    it("returns true for punctuation variations", () => {
+      writeFileSync(join(tempDir, "BOOTSTRAP.md"), "bootstrap content");
+      expect(isWakeUpGreeting("Wake up, my friend!", 0)).toBe(true);
+      expect(isWakeUpGreeting("Wake up, my friend?", 0)).toBe(true);
+      expect(isWakeUpGreeting("Wake up, my friend", 0)).toBe(true);
+    });
+
     it("returns false when content doesn't match wake-up greeting", () => {
       writeFileSync(join(tempDir, "BOOTSTRAP.md"), "bootstrap content");
       expect(isWakeUpGreeting("Hello", 0)).toBe(false);

package/src/__tests__/navigate-settings-tab.test.ts

@@ -9,11 +9,13 @@ function makeContext(sendToClient?: (msg: unknown) => void): ToolContext {
 
 const CANONICAL_TABS = [
   "General",
-  "Channels",
   "Models & Services",
   "Voice",
+  "Sounds",
   "Permissions & Privacy",
-  "Contacts",
+  "Billing",
+  "Archived Conversations",
+  "Schedules",
   "Developer",
 ];
 
@@ -28,6 +30,8 @@ const LEGACY_TABS = [
   "Privacy",
   "Sentry Testing",
   "Automation",
+  "Channels",
+  "Contacts",
 ];
 
 describe("navigate-settings-tab", () => {

package/src/__tests__/platform.test.ts

@@ -1,15 +1,8 @@
 import { randomBytes } from "node:crypto";
-import { existsSync, mkdirSync, rmSync, writeFileSync } from "node:fs";
-import { homedir, tmpdir } from "node:os";
+import { existsSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
 import { join } from "node:path";
-import { afterEach, describe, expect, mock, test } from "bun:test";
-
-// Mutable homedir override — when set, resolveInstanceDataDir reads from here.
-let homedirOverride: string | undefined;
-mock.module("node:os", () => ({
-  homedir: () => homedirOverride ?? homedir(),
-  tmpdir,
-}));
+import { afterEach, describe, expect, test } from "bun:test";
 
 import {
   ensureDataDir,
@@ -28,7 +21,6 @@ import {
   getWorkspaceHooksDir,
   getWorkspacePromptPath,
   getWorkspaceSkillsDir,
-  resolveInstanceDataDir,
 } from "../util/platform.js";
 
 const originalBaseDataDir = process.env.BASE_DATA_DIR;
@@ -39,7 +31,6 @@ afterEach(() => {
   } else {
     process.env.BASE_DATA_DIR = originalBaseDataDir;
   }
-  homedirOverride = undefined;
 });
 
 // Baseline path characterization: documents current pre-migration path layout.
@@ -155,159 +146,3 @@ describe("workspace path primitives", () => {
     expect(getWorkspaceDir()).toBe("/tmp/custom-base/.vellum/workspace");
   });
 });
-
-describe("resolveInstanceDataDir", () => {
-  function makeTempHome(): string {
-    const dir = join(
-      tmpdir(),
-      `platform-home-${randomBytes(4).toString("hex")}`,
-    );
-    mkdirSync(dir, { recursive: true });
-    homedirOverride = dir;
-    return dir;
-  }
-
-  function writeLockfileToHome(
-    home: string,
-    data: Record<string, unknown>,
-  ): void {
-    writeFileSync(
-      join(home, ".vellum.lock.json"),
-      JSON.stringify(data, null, 2),
-    );
-  }
-
-  test("returns undefined when no lockfile exists", () => {
-    makeTempHome();
-    expect(resolveInstanceDataDir()).toBeUndefined();
-  });
-
-  test("returns sole local assistant instanceDir when no activeAssistant", () => {
-    const home = makeTempHome();
-    writeLockfileToHome(home, {
-      assistants: [
-        {
-          assistantId: "vellum-calm-stork",
-          cloud: "local",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-calm-stork",
-          },
-        },
-      ],
-    });
-    expect(resolveInstanceDataDir()).toBe(
-      "/Users/test/.local/share/vellum/assistants/vellum-calm-stork",
-    );
-  });
-
-  test("returns active assistant instanceDir when activeAssistant matches", () => {
-    const home = makeTempHome();
-    writeLockfileToHome(home, {
-      activeAssistant: "vellum-bold-fox",
-      assistants: [
-        {
-          assistantId: "vellum-calm-stork",
-          cloud: "local",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-calm-stork",
-          },
-        },
-        {
-          assistantId: "vellum-bold-fox",
-          cloud: "local",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-bold-fox",
-          },
-        },
-      ],
-    });
-    expect(resolveInstanceDataDir()).toBe(
-      "/Users/test/.local/share/vellum/assistants/vellum-bold-fox",
-    );
-  });
-
-  test("returns undefined when multiple local assistants and no activeAssistant", () => {
-    const home = makeTempHome();
-    writeLockfileToHome(home, {
-      assistants: [
-        {
-          assistantId: "vellum-calm-stork",
-          cloud: "local",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-calm-stork",
-          },
-        },
-        {
-          assistantId: "vellum-bold-fox",
-          cloud: "local",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-bold-fox",
-          },
-        },
-      ],
-    });
-    expect(resolveInstanceDataDir()).toBeUndefined();
-  });
-
-  test("returns undefined when lockfile has no assistants array", () => {
-    const home = makeTempHome();
-    writeLockfileToHome(home, { version: 1 });
-    expect(resolveInstanceDataDir()).toBeUndefined();
-  });
-
-  test("returns undefined when lockfile is malformed JSON", () => {
-    const home = makeTempHome();
-    writeFileSync(join(home, ".vellum.lock.json"), "{{not json");
-    expect(resolveInstanceDataDir()).toBeUndefined();
-  });
-
-  test("treats assistants without cloud field as local", () => {
-    const home = makeTempHome();
-    writeLockfileToHome(home, {
-      assistants: [
-        {
-          assistantId: "vellum-quiet-owl",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-quiet-owl",
-          },
-        },
-      ],
-    });
-    expect(resolveInstanceDataDir()).toBe(
-      "/Users/test/.local/share/vellum/assistants/vellum-quiet-owl",
-    );
-  });
-
-  test("ignores cloud assistants when resolving", () => {
-    const home = makeTempHome();
-    writeLockfileToHome(home, {
-      assistants: [
-        {
-          assistantId: "vellum-cloud-eagle",
-          cloud: "platform",
-          resources: {
-            instanceDir: "/some/cloud/path",
-          },
-        },
-        {
-          assistantId: "vellum-local-robin",
-          cloud: "local",
-          resources: {
-            instanceDir:
-              "/Users/test/.local/share/vellum/assistants/vellum-local-robin",
-          },
-        },
-      ],
-    });
-    // Only one local assistant, so it auto-selects
-    expect(resolveInstanceDataDir()).toBe(
-      "/Users/test/.local/share/vellum/assistants/vellum-local-robin",
-    );
-  });
-});

package/src/__tests__/skill-feature-flags.test.ts

@@ -19,6 +19,7 @@ afterEach(() => {
 const DECLARED_FLAG_ID = "contacts";
 const DECLARED_FLAG_KEY = DECLARED_FLAG_ID;
 const DECLARED_SKILL_ID = "contacts";
+const APP_BUILDER_MULTIFILE_FLAG_KEY = "app-builder-multifile";
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
@@ -158,6 +159,13 @@ describe("isAssistantFeatureFlagEnabled", () => {
     // browser is declared in the registry with defaultEnabled: true
     expect(isAssistantFeatureFlagEnabled("browser", config)).toBe(true);
   });
+
+  test("app-builder-multifile defaults to enabled when no override is set", () => {
+    const config = makeConfig();
+    expect(
+      isAssistantFeatureFlagEnabled(APP_BUILDER_MULTIFILE_FLAG_KEY, config),
+    ).toBe(true);
+  });
 });
 
 // ---------------------------------------------------------------------------

package/src/__tests__/skill-secret-handling-guard.test.ts

@@ -0,0 +1,212 @@
+import { execSync } from "node:child_process";
+import { describe, expect, test } from "bun:test";
+
+/**
+ * Guard test: SKILL.md files must never instruct the assistant to accept
+ * secrets (passwords, API keys, tokens, etc.) pasted directly in chat.
+ *
+ * Secrets must always be collected via `credential_store prompt`, which
+ * presents a secure native UI that keeps the value out of conversation
+ * history and LLM context.
+ *
+ * This guard prevents regressions like the gmail/messaging bundled skill
+ * violation where SKILL.md contained "Include client_secret too if they
+ * provide one" — directing the assistant to accept a secret value from
+ * the chat stream.
+ */
+
+/** SKILL.md files permitted to contain otherwise-violating patterns. */
+const ALLOWLIST = new Set<string>([
+  // Add paths here only if there is a genuine, documented exception.
+]);
+
+/**
+ * Words that indicate the line is about a secret/credential value.
+ */
+const SECRET_WORDS =
+  "secret|password|api[_\\s-]?key|auth[_\\s-]?token|private[_\\s-]?key|access[_\\s-]?token|client[_\\s-]?secret|signing[_\\s-]?key|bearer[_\\s-]?token";
+
+/**
+ * Patterns that indicate the assistant is being told to accept a secret
+ * value directly in chat, rather than via credential_store prompt.
+ */
+const VIOLATION_PATTERNS: RegExp[] = [
+  // "accept <secret> in/via/from chat/plaintext/the conversation"
+  new RegExp(
+    `accept\\s+.*(?:${SECRET_WORDS}).*\\b(?:in|via|from)\\s+(?:chat|plaintext|the\\s+conversation)`,
+    "i",
+  ),
+  new RegExp(
+    `accept\\s+.*\\b(?:in|via|from)\\s+(?:chat|plaintext|the\\s+conversation).*(?:${SECRET_WORDS})`,
+    "i",
+  ),
+  // "ask (the user|them) (for|to share/send/paste/type/provide) <secret>" where destination is chat
+  // Must have "the user" or "them" as the object to avoid matching third-party descriptions
+  // like "Discord will ask for a 2FA code before revealing the secret"
+  new RegExp(
+    `ask\\s+(?:the\\s+user|them)\\s+(?:for|to\\s+(?:share|send|paste|type|provide))\\s+(?:the\\s+|their\\s+|a\\s+)?(?:${SECRET_WORDS})`,
+    "i",
+  ),
+  // "Include <secret> too if they provide one" — the original gmail violation pattern
+  new RegExp(
+    `include\\s+(?:the\\s+)?(?:${SECRET_WORDS})\\s+(?:too|as\\s+well|also)\\s+if\\s+they\\s+provide`,
+    "i",
+  ),
+  // "<secret> pasted/typed/sent in chat/conversation/plaintext"
+  new RegExp(
+    `(?:${SECRET_WORDS})\\s+(?:pasted|typed|sent|provided|shared)\\s+(?:in|via|through)\\s+(?:chat|conversation|plaintext)`,
+    "i",
+  ),
+  // "paste/type/send <secret> in chat/here/the conversation"
+  new RegExp(
+    `(?:paste|type|send|share|provide)\\s+(?:the\\s+|your\\s+|their\\s+)?(?:${SECRET_WORDS})\\s+(?:in\\s+(?:chat|the\\s+conversation)|here)`,
+    "i",
+  ),
+];
+
+/**
+ * Lines containing these negation words are typically instructing the
+ * assistant NOT to do something — these are not violations.
+ */
+const NEGATION_PATTERNS =
+  /\b(?:never|do\s+not|don['']t|must\s+not|should\s+not|shouldn['']t)\b|\bNOT\b/;
+
+/**
+ * Lines that are YAML-style field values within a credential_store prompt
+ * block (label, description, placeholder). These contain secret-related
+ * words but are secure UI text, not chat instructions.
+ */
+const CREDENTIAL_STORE_UI_FIELD =
+  /^\s*(?:[-*]\s+)?(?:label|description|placeholder)\s*[:=]\s*/i;
+
+interface Violation {
+  file: string;
+  line: number;
+  text: string;
+}
+
+function findViolations(): Violation[] {
+  const repoRoot = process.cwd() + "/..";
+
+  // Find all SKILL.md files tracked by git
+  let skillFiles: string[];
+  try {
+    const output = execSync(`git grep -l "" -- '*/SKILL.md'`, {
+      encoding: "utf-8",
+      cwd: repoRoot,
+    }).trim();
+    skillFiles = output.split("\n").filter((f) => f.length > 0);
+  } catch (err) {
+    if ((err as { status?: number }).status === 1) {
+      return []; // no SKILL.md files found
+    }
+    throw err;
+  }
+
+  // Filter to skills/ and assistant/src/config/bundled-skills/ directories
+  skillFiles = skillFiles.filter(
+    (f) =>
+      f.startsWith("skills/") ||
+      f.startsWith("assistant/src/config/bundled-skills/"),
+  );
+
+  const violations: Violation[] = [];
+
+  for (const filePath of skillFiles) {
+    if (ALLOWLIST.has(filePath)) continue;
+
+    let content: string;
+    try {
+      content = execSync(`git show HEAD:${filePath}`, {
+        encoding: "utf-8",
+        cwd: repoRoot,
+      });
+    } catch {
+      continue;
+    }
+
+    const lines = content.split("\n");
+
+    // Track whether we're inside a credential_store prompt block
+    // (indented YAML-like content after a credential_store mention)
+    let inCredentialStoreBlock = false;
+    let blockIndent = 0;
+
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      const lineNumber = i + 1;
+
+      // Track credential_store prompt blocks
+      if (/credential_store\s+prompt/i.test(line)) {
+        inCredentialStoreBlock = true;
+        blockIndent = line.search(/\S/);
+        continue;
+      }
+
+      // Exit credential_store block when indentation returns to same or lesser level
+      if (inCredentialStoreBlock) {
+        const currentIndent = line.search(/\S/);
+        if (
+          currentIndent !== -1 &&
+          currentIndent <= blockIndent &&
+          line.trim().length > 0
+        ) {
+          inCredentialStoreBlock = false;
+        }
+      }
+
+      // Skip empty lines
+      if (line.trim().length === 0) continue;
+
+      // Skip negation lines — these instruct NOT to do something
+      if (NEGATION_PATTERNS.test(line)) continue;
+
+      // Skip credential_store UI field lines (label:, description:, placeholder:)
+      if (inCredentialStoreBlock && CREDENTIAL_STORE_UI_FIELD.test(line))
+        continue;
+
+      // Strip markdown backticks before pattern matching so that
+      // violations like `client_secret` are caught the same as bare words.
+      const stripped = line.replace(/`/g, "");
+
+      // Check against violation patterns
+      for (const pattern of VIOLATION_PATTERNS) {
+        if (pattern.test(stripped)) {
+          violations.push({
+            file: filePath,
+            line: lineNumber,
+            text: line.trim(),
+          });
+          break; // one violation per line is enough
+        }
+      }
+    }
+  }
+
+  return violations;
+}
+
+describe("SKILL.md secret handling guard", () => {
+  test("no SKILL.md files instruct accepting secrets in chat", () => {
+    const violations = findViolations();
+
+    if (violations.length > 0) {
+      const message = [
+        "Found SKILL.md files that instruct accepting secrets directly in chat.",
+        "Secrets must always be collected via `credential_store prompt`, which",
+        "presents a secure native UI that keeps values out of conversation history.",
+        "",
+        "Violations:",
+        ...violations.map((v) => `  - ${v.file}:${v.line}: ${v.text}`),
+        "",
+        "To fix: replace chat-based secret collection with a `credential_store prompt` call.",
+        "See any *-setup skill (e.g. skills/slack-app-setup/SKILL.md) for the correct pattern.",
+        "",
+        "If this is a genuine exception, add the file path to the ALLOWLIST in",
+        "skill-secret-handling-guard.test.ts.",
+      ].join("\n");
+
+      expect(violations, message).toEqual([]);
+    }
+  });
+});

package/src/__tests__/token-estimator-accuracy.benchmark.test.ts

@@ -205,7 +205,7 @@ function makeSystemPrompt(size: "small" | "production" = "small"): string {
     "### OAuth Setup",
     "Most integrations use OAuth for authentication.",
     "Guide the user through the OAuth flow when setting up a new integration:",
-    "1. Navigate to Settings > Integrations",
+    "1. Navigate to Settings > Models & Services",
     "2. Click 'Connect' for the desired service",
     "3. Authorize in the browser popup",
     "4. Confirm the connection is active",