@vellumai/assistant 0.5.13 → 0.5.14

package/src/workspace/git-service.ts

@@ -2,7 +2,6 @@ import { execFile } from "node:child_process";
 import {
   existsSync,
   readFileSync,
-  statSync,
   unlinkSync,
   writeFileSync,
 } from "node:fs";
@@ -258,30 +257,21 @@ export class WorkspaceGitService {
     );
   }
 
-  /** Age threshold (ms) beyond which an index.lock is considered stale. */
-  private static readonly LOCK_STALE_THRESHOLD_MS = 30_000;
-
   /**
-   * Remove `.git/index.lock` only if it is stale — older than
-   * {@link LOCK_STALE_THRESHOLD_MS}. A recently-created lock may belong to a
-   * concurrent git process outside our mutex (e.g. a user-initiated CLI
-   * command), so we leave it alone.
+   * Remove `.git/index.lock` if it exists.
+   *
+   * This method is always called inside the mutex, so no git operation from
+   * our code can be concurrently holding the lock. Any lock file present is
+   * stale — left behind by a crashed process or an external command that
+   * has already exited.
    */
   private cleanStaleLockFile(): void {
     const lockPath = join(this.workspaceDir, ".git", "index.lock");
     try {
-      const stat = statSync(lockPath);
-      const ageMs = Date.now() - stat.mtimeMs;
-      if (ageMs < WorkspaceGitService.LOCK_STALE_THRESHOLD_MS) {
-        log.debug(
-          `index.lock exists but is only ${Math.round(ageMs / 1000)}s old — leaving it`,
-        );
-        return;
-      }
       unlinkSync(lockPath);
-      log.debug(`Removed stale index.lock (${Math.round(ageMs / 1000)}s old)`);
+      log.debug("Removed stale index.lock");
     } catch {
-      // File doesn't exist or can't be stat'd/removed — move on.
+      // File doesn't exist or can't be removed — move on.
     }
   }
 

package/src/workspace/migrations/003-seed-device-id.ts

@@ -5,6 +5,7 @@ import {
   unlinkSync,
   writeFileSync,
 } from "node:fs";
+import { homedir } from "node:os";
 import { join } from "node:path";
 
 import { getDeviceIdBaseDir } from "../../util/device-id.js";
@@ -37,11 +38,12 @@ export const seedDeviceIdMigration: WorkspaceMigration = {
     }
 
     // b. Read the lockfile to find an existing installationId.
-    //    Check both the current and legacy lockfile paths to support installs
-    //    that haven't migrated the filename yet.
+    //    The lockfile is always under the user's home directory, never under
+    //    BASE_DATA_DIR. Check both the current and legacy filenames.
+    const home = homedir();
     const lockCandidates = [
-      join(base, ".vellum.lock.json"),
-      join(base, ".vellum.lockfile.json"),
+      join(home, ".vellum.lock.json"),
+      join(home, ".vellum.lockfile.json"),
     ];
 
     let lockData: Record<string, unknown> | undefined;

package/src/workspace/migrations/016-extract-feature-flags-to-protected.ts

@@ -7,11 +7,17 @@ import {
   unlinkSync,
   writeFileSync,
 } from "node:fs";
+import { homedir } from "node:os";
 import { join } from "node:path";
 
-import { getRootDir } from "../../util/platform.js";
 import type { WorkspaceMigration } from "./types.js";
 
+/** Inlined from platform.ts to satisfy migration self-containment rule (AGENTS.md). */
+function getRootDir(): string {
+  const base = process.env.BASE_DATA_DIR?.trim() || homedir();
+  return join(base, ".vellum");
+}
+
 export const extractFeatureFlagsToProtectedMigration: WorkspaceMigration = {
   id: "016-extract-feature-flags-to-protected",
   description:

package/src/workspace/migrations/017-seed-persona-dirs.ts

@@ -13,10 +13,8 @@ import { desc, eq } from "drizzle-orm";
 import { generateUserFileSlug } from "../../contacts/contact-store.js";
 import { getDb } from "../../memory/db.js";
 import { contacts } from "../../memory/schema/contacts.js";
-import {
-  isTemplateContent,
-  stripCommentLines,
-} from "../../prompts/system-prompt.js";
+import { isTemplateContent } from "../../prompts/system-prompt.js";
+import { stripCommentLines } from "../../util/strip-comment-lines.js";
 import type { WorkspaceMigration } from "./types.js";
 
 export const seedPersonaDirsMigration: WorkspaceMigration = {

package/src/workspace/migrations/021-move-signals-to-workspace.ts

@@ -0,0 +1,84 @@
+/**
+ * Workspace migration 021: Move signals directory from root to workspace.
+ *
+ * Previously, `~/.vellum/signals/` lived directly under getRootDir(). This
+ * migration moves any existing signal files into `~/.vellum/workspace/signals/`
+ * so that getSignalsDir() resolves correctly under the workspace.
+ *
+ * Signal files are ephemeral IPC artifacts (written, read once, then stale),
+ * so the migration simply ensures the workspace signals directory exists and
+ * copies over any files that may still be pending. The old root-level
+ * directory is left in place (but empty) to avoid breaking concurrent
+ * watchers during the transition.
+ */
+
+import { existsSync, mkdirSync, readdirSync, renameSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+
+import type { WorkspaceMigration } from "./types.js";
+
+/** Inlined from platform.ts to satisfy migration self-containment rule (AGENTS.md). */
+function getRootDir(): string {
+  const base = process.env.BASE_DATA_DIR?.trim() || homedir();
+  return join(base, ".vellum");
+}
+
+export const moveSignalsToWorkspaceMigration: WorkspaceMigration = {
+  id: "021-move-signals-to-workspace",
+  description: "Move signals directory from root to workspace",
+
+  run(workspaceDir: string): void {
+    const oldSignalsDir = join(getRootDir(), "signals");
+    const newSignalsDir = join(workspaceDir, "signals");
+
+    mkdirSync(newSignalsDir, { recursive: true });
+
+    if (!existsSync(oldSignalsDir)) return;
+
+    // Move any pending signal files to the new location
+    try {
+      const entries = readdirSync(oldSignalsDir);
+      for (const entry of entries) {
+        const oldPath = join(oldSignalsDir, entry);
+        const newPath = join(newSignalsDir, entry);
+        if (!existsSync(newPath)) {
+          try {
+            renameSync(oldPath, newPath);
+          } catch {
+            // Best-effort: file may have been consumed between readdir and rename
+          }
+        }
+      }
+    } catch {
+      // Best-effort: old directory may not be readable
+    }
+  },
+
+  down(workspaceDir: string): void {
+    const oldSignalsDir = join(getRootDir(), "signals");
+    const newSignalsDir = join(workspaceDir, "signals");
+
+    mkdirSync(oldSignalsDir, { recursive: true });
+
+    if (!existsSync(newSignalsDir)) return;
+
+    // Move signal files back to the root-level directory
+    try {
+      const entries = readdirSync(newSignalsDir);
+      for (const entry of entries) {
+        const newPath = join(newSignalsDir, entry);
+        const oldPath = join(oldSignalsDir, entry);
+        if (!existsSync(oldPath)) {
+          try {
+            renameSync(newPath, oldPath);
+          } catch {
+            // Best-effort
+          }
+        }
+      }
+    } catch {
+      // Best-effort
+    }
+  },
+};

package/src/workspace/migrations/022-move-hooks-to-workspace.ts

@@ -0,0 +1,94 @@
+/**
+ * Workspace migration 022: Move hooks directory from root to workspace.
+ *
+ * Previously, `~/.vellum/hooks/` lived directly under getRootDir(). This
+ * migration moves existing hook directories and files into
+ * `~/.vellum/workspace/hooks/` so that getWorkspaceHooksDir() resolves
+ * correctly under the workspace.
+ *
+ * Hooks are persistent user-installed scripts (manifests, config, executables),
+ * so the migration recursively moves all entries from the old directory to the
+ * new one. The old root-level directory is left in place (but empty) to avoid
+ * breaking any external references during the transition.
+ */
+
+import {
+  existsSync,
+  mkdirSync,
+  readdirSync,
+  renameSync,
+  rmSync,
+} from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+
+import type { WorkspaceMigration } from "./types.js";
+
+/** Inlined from platform.ts to satisfy migration self-containment rule (AGENTS.md). */
+function getRootDir(): string {
+  const base = process.env.BASE_DATA_DIR?.trim() || homedir();
+  return join(base, ".vellum");
+}
+
+export const moveHooksToWorkspaceMigration: WorkspaceMigration = {
+  id: "022-move-hooks-to-workspace",
+  description: "Move hooks directory from root to workspace",
+
+  run(workspaceDir: string): void {
+    const oldHooksDir = join(getRootDir(), "hooks");
+    const newHooksDir = join(workspaceDir, "hooks");
+
+    mkdirSync(newHooksDir, { recursive: true });
+
+    if (!existsSync(oldHooksDir)) return;
+
+    // Move hook entries from root to workspace. The old (user) entries take
+    // precedence over anything already at the destination (e.g. template
+    // files written by installTemplates(), which runs before migrations).
+    // We remove the destination first so renameSync succeeds atomically.
+    try {
+      const entries = readdirSync(oldHooksDir);
+      for (const entry of entries) {
+        const oldPath = join(oldHooksDir, entry);
+        const newPath = join(newHooksDir, entry);
+        try {
+          if (existsSync(newPath)) {
+            rmSync(newPath, { recursive: true, force: true });
+          }
+          renameSync(oldPath, newPath);
+        } catch {
+          // Best-effort: entry may have been modified concurrently
+        }
+      }
+    } catch {
+      // Best-effort: old directory may not be readable
+    }
+  },
+
+  down(workspaceDir: string): void {
+    const oldHooksDir = join(getRootDir(), "hooks");
+    const newHooksDir = join(workspaceDir, "hooks");
+
+    mkdirSync(oldHooksDir, { recursive: true });
+
+    if (!existsSync(newHooksDir)) return;
+
+    // Move hook entries back to the root-level directory
+    try {
+      const entries = readdirSync(newHooksDir);
+      for (const entry of entries) {
+        const newPath = join(newHooksDir, entry);
+        const oldPath = join(oldHooksDir, entry);
+        if (!existsSync(oldPath)) {
+          try {
+            renameSync(newPath, oldPath);
+          } catch {
+            // Best-effort
+          }
+        }
+      }
+    } catch {
+      // Best-effort
+    }
+  },
+};

package/src/workspace/migrations/023-move-config-files-to-workspace.ts

@@ -0,0 +1,86 @@
+/**
+ * Workspace migration 023: Move config/state JSON files from root to workspace.
+ *
+ * Previously, dictation-profiles.json, email-guardrails.json, and
+ * active-call-leases.json lived directly under getRootDir() (~/.vellum/).
+ * This migration moves them into the workspace directory so they are
+ * included in diagnostic exports and follow the workspace convention.
+ */
+
+import { existsSync, renameSync, unlinkSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+
+import type { WorkspaceMigration } from "./types.js";
+
+/** Inlined from platform.ts to satisfy migration self-containment rule (AGENTS.md). */
+function getRootDir(): string {
+  const base = process.env.BASE_DATA_DIR?.trim() || homedir();
+  return join(base, ".vellum");
+}
+
+/** Files to move from root → workspace. */
+const CONFIG_FILES = [
+  "dictation-profiles.json",
+  "email-guardrails.json",
+  "active-call-leases.json",
+] as const;
+
+export const moveConfigFilesToWorkspaceMigration: WorkspaceMigration = {
+  id: "023-move-config-files-to-workspace",
+  description:
+    "Move dictation-profiles, email-guardrails, and active-call-leases from root to workspace",
+
+  run(workspaceDir: string): void {
+    const rootDir = getRootDir();
+
+    for (const file of CONFIG_FILES) {
+      const oldPath = join(rootDir, file);
+      const newPath = join(workspaceDir, file);
+
+      if (!existsSync(oldPath)) continue;
+      // Don't overwrite if the destination already exists (e.g. partial
+      // previous run or user-created file).
+      if (existsSync(newPath)) {
+        // Clean up the old file since workspace already has one.
+        try {
+          unlinkSync(oldPath);
+        } catch {
+          // Best-effort cleanup
+        }
+        continue;
+      }
+
+      try {
+        renameSync(oldPath, newPath);
+      } catch {
+        // Best-effort: cross-device rename or permission issue
+      }
+    }
+  },
+
+  down(workspaceDir: string): void {
+    const rootDir = getRootDir();
+
+    for (const file of CONFIG_FILES) {
+      const newPath = join(workspaceDir, file);
+      const oldPath = join(rootDir, file);
+
+      if (!existsSync(newPath)) continue;
+      if (existsSync(oldPath)) {
+        try {
+          unlinkSync(newPath);
+        } catch {
+          // Best-effort cleanup
+        }
+        continue;
+      }
+
+      try {
+        renameSync(newPath, oldPath);
+      } catch {
+        // Best-effort
+      }
+    }
+  },
+};

package/src/workspace/migrations/024-move-runtime-files-to-workspace.ts

@@ -0,0 +1,126 @@
+/**
+ * Workspace migration 024: Move remaining root-level runtime files/dirs to workspace.
+ *
+ * Previously, several runtime files and directories lived directly under
+ * ~/.vellum/ (the root dir). This migration moves them into the workspace
+ * directory so that the root dir can eventually be cleaned up.
+ *
+ * Files moved:
+ *   - daemon-stderr.log      -> workspace/logs/daemon-stderr.log
+ *   - daemon-startup.lock    -> workspace/daemon-startup.lock
+ *   - embed-worker.pid       -> workspace/embed-worker.pid
+ *
+ * NOT moved:
+ *   - .env (stays at root because it contains secrets)
+ *
+ * Directories moved:
+ *   - external/              -> workspace/external/
+ *   - bin/                   -> workspace/bin/
+ */
+
+import {
+  existsSync,
+  mkdirSync,
+  readdirSync,
+  renameSync,
+  unlinkSync,
+} from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+
+import type { WorkspaceMigration } from "./types.js";
+
+/** Inlined from platform.ts to satisfy migration self-containment rule (AGENTS.md). */
+function getRootDir(): string {
+  const base = process.env.BASE_DATA_DIR?.trim() || homedir();
+  return join(base, ".vellum");
+}
+
+/** Individual files to move from root → workspace (with optional subdirectory). */
+const FILE_MOVES: Array<{ name: string; subdir?: string }> = [
+  { name: "daemon-stderr.log", subdir: "logs" },
+  { name: "daemon-startup.lock" },
+  // .env stays at root — it contains secrets (API keys) and the entire
+  // workspace directory is included in diagnostic log exports.
+  { name: "embed-worker.pid" },
+];
+
+/** Directories to move from root → workspace. */
+const DIR_MOVES = ["external", "bin"] as const;
+
+/**
+ * Move a single file from oldPath to newPath. If the destination already
+ * exists, remove the old file instead of overwriting.
+ */
+function moveFile(oldPath: string, newPath: string): void {
+  if (!existsSync(oldPath)) return;
+  if (existsSync(newPath)) {
+    try {
+      unlinkSync(oldPath);
+    } catch {
+      // Best-effort cleanup
+    }
+    return;
+  }
+  try {
+    renameSync(oldPath, newPath);
+  } catch {
+    // Best-effort: cross-device rename or permission issue
+  }
+}
+
+/**
+ * Move all entries from one directory to another. If the destination already
+ * has an entry with the same name, the source entry is removed.
+ */
+function moveDirContents(oldDir: string, newDir: string): void {
+  if (!existsSync(oldDir)) return;
+  mkdirSync(newDir, { recursive: true });
+
+  try {
+    const entries = readdirSync(oldDir);
+    for (const entry of entries) {
+      moveFile(join(oldDir, entry), join(newDir, entry));
+    }
+  } catch {
+    // Best-effort: old directory may not be readable
+  }
+}
+
+export const moveRuntimeFilesToWorkspaceMigration: WorkspaceMigration = {
+  id: "024-move-runtime-files-to-workspace",
+  description:
+    "Move daemon-stderr.log, daemon-startup.lock, embed-worker.pid, external/, and bin/ from root to workspace",
+
+  run(workspaceDir: string): void {
+    const rootDir = getRootDir();
+
+    // Move individual files
+    for (const { name, subdir } of FILE_MOVES) {
+      const oldPath = join(rootDir, name);
+      const destDir = subdir ? join(workspaceDir, subdir) : workspaceDir;
+      mkdirSync(destDir, { recursive: true });
+      moveFile(oldPath, join(destDir, name));
+    }
+
+    // Move directories
+    for (const dir of DIR_MOVES) {
+      moveDirContents(join(rootDir, dir), join(workspaceDir, dir));
+    }
+  },
+
+  down(workspaceDir: string): void {
+    const rootDir = getRootDir();
+
+    // Move individual files back
+    for (const { name, subdir } of FILE_MOVES) {
+      const srcDir = subdir ? join(workspaceDir, subdir) : workspaceDir;
+      moveFile(join(srcDir, name), join(rootDir, name));
+    }
+
+    // Move directories back
+    for (const dir of DIR_MOVES) {
+      moveDirContents(join(workspaceDir, dir), join(rootDir, dir));
+    }
+  },
+};

package/src/workspace/migrations/migrate-to-workspace-volume.ts

@@ -23,10 +23,6 @@ import {
 } from "node:fs";
 import { join } from "node:path";
 
-import {
-  getBaseDataDir,
-  getWorkspaceDirOverride,
-} from "../../config/env-registry.js";
 import type { WorkspaceMigration } from "./types.js";
 
 const SENTINEL_FILENAME = ".workspace-volume-migrated";
@@ -53,7 +49,8 @@ export const migrateToWorkspaceVolumeMigration: WorkspaceMigration = {
   },
 
   run(workspaceDir: string): void {
-    const workspaceDirOverride = getWorkspaceDirOverride();
+    const workspaceDirOverride =
+      process.env.VELLUM_WORKSPACE_DIR?.trim() || undefined;
 
     // Only relevant when VELLUM_WORKSPACE_DIR is explicitly set (Docker with separate volume)
     if (!workspaceDirOverride) return;
@@ -72,7 +69,7 @@ export const migrateToWorkspaceVolumeMigration: WorkspaceMigration = {
     }
 
     // Resolve the old workspace location: $BASE_DATA_DIR/.vellum/workspace
-    const baseDataDir = getBaseDataDir();
+    const baseDataDir = process.env.BASE_DATA_DIR?.trim() || undefined;
     if (!baseDataDir) {
       // No BASE_DATA_DIR means there's no old location to migrate from
       writeSentinel(sentinelPath);

package/src/workspace/migrations/registry.ts

@@ -17,6 +17,10 @@ import { seedPersonaDirsMigration } from "./017-seed-persona-dirs.js";
 import { rekeyCompoundCredentialKeysMigration } from "./018-rekey-compound-credential-keys.js";
 import { scopeJournalToGuardianMigration } from "./019-scope-journal-to-guardian.js";
 import { renameOauthSkillDirsMigration } from "./020-rename-oauth-skill-dirs.js";
+import { moveSignalsToWorkspaceMigration } from "./021-move-signals-to-workspace.js";
+import { moveHooksToWorkspaceMigration } from "./022-move-hooks-to-workspace.js";
+import { moveConfigFilesToWorkspaceMigration } from "./023-move-config-files-to-workspace.js";
+import { moveRuntimeFilesToWorkspaceMigration } from "./024-move-runtime-files-to-workspace.js";
 import { migrateToWorkspaceVolumeMigration } from "./migrate-to-workspace-volume.js";
 import type { WorkspaceMigration } from "./types.js";
 
@@ -45,4 +49,8 @@ export const WORKSPACE_MIGRATIONS: WorkspaceMigration[] = [
   rekeyCompoundCredentialKeysMigration,
   scopeJournalToGuardianMigration,
   renameOauthSkillDirsMigration,
+  moveSignalsToWorkspaceMigration,
+  moveHooksToWorkspaceMigration,
+  moveConfigFilesToWorkspaceMigration,
+  moveRuntimeFilesToWorkspaceMigration,
 ];

package/src/signals/confirm.ts

@@ -1,82 +0,0 @@
-/**
- * Handle confirmation decisions delivered via signal files from the CLI.
- *
- * The built-in CLI writes JSON to `signals/confirm` instead of making an
- * HTTP POST to `/v1/confirm`. The daemon's ConfigWatcher detects the file
- * change and invokes {@link handleConfirmationSignal}, which reads the
- * payload and resolves the pending interaction in-process.
- */
-
-import { readFileSync } from "node:fs";
-import { join } from "node:path";
-
-import { getIsContainerized } from "../config/env-registry.js";
-import type { UserDecision } from "../permissions/types.js";
-import * as pendingInteractions from "../runtime/pending-interactions.js";
-import { getLogger } from "../util/logger.js";
-import { getSignalsDir } from "../util/platform.js";
-
-const log = getLogger("signal:confirm");
-
-const VALID_DECISIONS: ReadonlySet<string> = new Set<string>([
-  "allow",
-  "allow_10m",
-  "allow_conversation",
-  "always_allow",
-  "always_allow_high_risk",
-  "deny",
-  "always_deny",
-  "temporary_override",
-]);
-
-function isUserDecision(value: string): value is UserDecision {
-  return VALID_DECISIONS.has(value);
-}
-
-/**
- * Read the `signals/confirm` file and resolve the pending interaction.
- * Called by ConfigWatcher when the signal file is written or modified.
- */
-export function handleConfirmationSignal(): void {
-  if (getIsContainerized()) return;
-
-  try {
-    const content = readFileSync(join(getSignalsDir(), "confirm"), "utf-8");
-    const parsed = JSON.parse(content) as {
-      requestId?: string;
-      decision?: string;
-    };
-    const { requestId, decision } = parsed;
-
-    if (!requestId || typeof requestId !== "string") {
-      log.warn("Confirmation signal missing requestId");
-      return;
-    }
-    if (!decision || !isUserDecision(decision)) {
-      log.warn({ decision }, "Confirmation signal has invalid decision");
-      return;
-    }
-
-    const interaction = pendingInteractions.resolve(requestId);
-    if (!interaction) {
-      log.warn({ requestId }, "No pending interaction for confirmation signal");
-      return;
-    }
-
-    if (interaction.directResolve) {
-      interaction.directResolve(decision);
-    } else {
-      interaction.conversation!.handleConfirmationResponse(
-        requestId,
-        decision,
-        undefined,
-        undefined,
-        undefined,
-        { source: "button" },
-      );
-    }
-    log.info({ requestId, decision }, "Confirmation resolved via signal file");
-  } catch (err) {
-    log.error({ err }, "Failed to handle confirmation signal");
-  }
-}