@vellumai/assistant 0.5.3 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (111) hide show
  1. package/Dockerfile +18 -27
  2. package/docs/architecture/memory.md +105 -0
  3. package/node_modules/@vellumai/ces-contracts/src/index.ts +1 -0
  4. package/node_modules/@vellumai/ces-contracts/src/trust-rules.ts +42 -0
  5. package/package.json +1 -1
  6. package/src/__tests__/archive-recall.test.ts +560 -0
  7. package/src/__tests__/conversation-clear-safety.test.ts +259 -0
  8. package/src/__tests__/conversation-switch-memory-reduction.test.ts +474 -0
  9. package/src/__tests__/credential-security-invariants.test.ts +2 -0
  10. package/src/__tests__/db-schedule-syntax-migration.test.ts +3 -0
  11. package/src/__tests__/memory-reducer-job.test.ts +538 -0
  12. package/src/__tests__/memory-reducer-scheduling.test.ts +473 -0
  13. package/src/__tests__/memory-reducer-types.test.ts +12 -4
  14. package/src/__tests__/memory-reducer.test.ts +7 -1
  15. package/src/__tests__/memory-regressions.test.ts +24 -4
  16. package/src/__tests__/memory-simplified-config.test.ts +4 -4
  17. package/src/__tests__/openai-whisper.test.ts +93 -0
  18. package/src/__tests__/simplified-memory-e2e.test.ts +666 -0
  19. package/src/__tests__/simplified-memory-runtime.test.ts +616 -0
  20. package/src/__tests__/slack-messaging-token-resolution.test.ts +319 -0
  21. package/src/__tests__/volume-security-guard.test.ts +155 -0
  22. package/src/cli/commands/conversations.ts +18 -0
  23. package/src/config/bundled-skills/messaging/tools/shared.ts +1 -0
  24. package/src/config/bundled-skills/schedule/TOOLS.json +8 -0
  25. package/src/config/bundled-skills/transcribe/tools/transcribe-media.ts +16 -37
  26. package/src/config/env-registry.ts +9 -0
  27. package/src/config/feature-flag-registry.json +8 -0
  28. package/src/config/loader.ts +0 -1
  29. package/src/config/schemas/memory-simplified.ts +1 -1
  30. package/src/credential-execution/managed-catalog.ts +5 -15
  31. package/src/daemon/config-watcher.ts +4 -1
  32. package/src/daemon/conversation-memory.ts +117 -0
  33. package/src/daemon/conversation-runtime-assembly.ts +1 -0
  34. package/src/daemon/daemon-control.ts +7 -0
  35. package/src/daemon/handlers/conversations.ts +11 -0
  36. package/src/daemon/lifecycle.ts +51 -2
  37. package/src/daemon/providers-setup.ts +2 -1
  38. package/src/hooks/manager.ts +7 -0
  39. package/src/instrument.ts +33 -1
  40. package/src/memory/archive-recall.ts +516 -0
  41. package/src/memory/brief-time.ts +5 -4
  42. package/src/memory/conversation-crud.ts +210 -0
  43. package/src/memory/conversation-key-store.ts +33 -4
  44. package/src/memory/db-init.ts +4 -0
  45. package/src/memory/embedding-local.ts +11 -5
  46. package/src/memory/job-handlers/backfill-simplified-memory.ts +462 -0
  47. package/src/memory/job-handlers/conversation-starters.ts +24 -30
  48. package/src/memory/job-handlers/reduce-conversation-memory.ts +229 -0
  49. package/src/memory/jobs-store.ts +2 -0
  50. package/src/memory/jobs-worker.ts +8 -0
  51. package/src/memory/migrations/036-normalize-phone-identities.ts +49 -14
  52. package/src/memory/migrations/135-backfill-contact-interaction-stats.ts +9 -1
  53. package/src/memory/migrations/141-rename-verification-table.ts +8 -0
  54. package/src/memory/migrations/142-rename-verification-session-id-column.ts +7 -2
  55. package/src/memory/migrations/174-rename-thread-starters-table.ts +8 -0
  56. package/src/memory/migrations/188-schedule-quiet-flag.ts +13 -0
  57. package/src/memory/migrations/index.ts +1 -0
  58. package/src/memory/reducer-scheduler.ts +242 -0
  59. package/src/memory/reducer-types.ts +9 -2
  60. package/src/memory/reducer.ts +25 -11
  61. package/src/memory/schema/infrastructure.ts +1 -0
  62. package/src/messaging/provider.ts +9 -0
  63. package/src/messaging/providers/slack/adapter.ts +29 -2
  64. package/src/oauth/connection-resolver.test.ts +22 -18
  65. package/src/oauth/connection-resolver.ts +92 -7
  66. package/src/oauth/platform-connection.test.ts +78 -69
  67. package/src/oauth/platform-connection.ts +12 -19
  68. package/src/permissions/trust-client.ts +343 -0
  69. package/src/permissions/trust-store-interface.ts +105 -0
  70. package/src/permissions/trust-store.ts +523 -36
  71. package/src/platform/client.test.ts +148 -0
  72. package/src/platform/client.ts +71 -0
  73. package/src/providers/speech-to-text/openai-whisper.test.ts +190 -0
  74. package/src/providers/speech-to-text/openai-whisper.ts +68 -0
  75. package/src/providers/speech-to-text/resolve.ts +9 -0
  76. package/src/providers/speech-to-text/types.ts +17 -0
  77. package/src/runtime/auth/route-policy.ts +10 -1
  78. package/src/runtime/http-server.ts +2 -2
  79. package/src/runtime/routes/conversation-management-routes.ts +88 -2
  80. package/src/runtime/routes/guardian-bootstrap-routes.ts +19 -7
  81. package/src/runtime/routes/inbound-message-handler.ts +27 -3
  82. package/src/runtime/routes/inbound-stages/acl-enforcement.ts +16 -1
  83. package/src/runtime/routes/inbound-stages/transcribe-audio.test.ts +287 -0
  84. package/src/runtime/routes/inbound-stages/transcribe-audio.ts +122 -0
  85. package/src/runtime/routes/log-export-routes.ts +1 -0
  86. package/src/runtime/routes/secret-routes.ts +5 -1
  87. package/src/schedule/schedule-store.ts +7 -0
  88. package/src/schedule/scheduler.ts +6 -2
  89. package/src/security/ces-credential-client.ts +173 -0
  90. package/src/security/secure-keys.ts +65 -22
  91. package/src/signals/bash.ts +3 -0
  92. package/src/signals/cancel.ts +3 -0
  93. package/src/signals/confirm.ts +3 -0
  94. package/src/signals/conversation-undo.ts +3 -0
  95. package/src/signals/event-stream.ts +7 -0
  96. package/src/signals/shotgun.ts +3 -0
  97. package/src/signals/trust-rule.ts +3 -0
  98. package/src/telemetry/usage-telemetry-reporter.test.ts +23 -36
  99. package/src/telemetry/usage-telemetry-reporter.ts +22 -20
  100. package/src/tools/filesystem/edit.ts +6 -1
  101. package/src/tools/filesystem/read.ts +6 -1
  102. package/src/tools/filesystem/write.ts +6 -1
  103. package/src/tools/memory/handlers.ts +129 -1
  104. package/src/tools/schedule/create.ts +3 -0
  105. package/src/tools/schedule/list.ts +5 -1
  106. package/src/tools/schedule/update.ts +6 -0
  107. package/src/util/device-id.ts +70 -7
  108. package/src/util/logger.ts +35 -9
  109. package/src/util/platform.ts +29 -5
  110. package/src/workspace/migrations/migrate-to-workspace-volume.ts +113 -0
  111. package/src/workspace/migrations/registry.ts +2 -0
package/src/permissions/trust-store-interface.ts ADDED
@@ -0,0 +1,105 @@
1
+ import type { PolicyContext, TrustRule } from "./types.js";
2
+
3
+ export interface StarterBundleRule {
4
+ id: string;
5
+ tool: string;
6
+ pattern: string;
7
+ scope: string;
8
+ decision: "allow";
9
+ priority: number;
10
+ }
11
+
12
+ export interface AcceptStarterBundleResult {
13
+ accepted: boolean;
14
+ rulesAdded: number;
15
+ alreadyAccepted: boolean;
16
+ }
17
+
18
+ /**
19
+ * Backend interface for trust rule storage and retrieval.
20
+ *
21
+ * The file-based implementation reads/writes `~/.vellum/protected/trust.json`.
22
+ * A future gateway-backed implementation will proxy these operations through
23
+ * the gateway HTTP API for containerized deployments.
24
+ */
25
+ export interface TrustStoreBackend {
26
+ /** Return a copy of all trust rules (file-based rules + defaults). */
27
+ getAllRules(): TrustRule[];
28
+
29
+ /**
30
+ * Find the highest-priority rule that matches any of the command candidates.
31
+ * Rules are pre-sorted by priority descending, so the first match wins.
32
+ */
33
+ findHighestPriorityRule(
34
+ tool: string,
35
+ commands: string[],
36
+ scope: string,
37
+ ctx?: PolicyContext,
38
+ ): TrustRule | null;
39
+
40
+ /** Find the first matching allow rule for a tool/command/scope. */
41
+ findMatchingRule(
42
+ tool: string,
43
+ command: string,
44
+ scope: string,
45
+ ): TrustRule | null;
46
+
47
+ /** Find the first matching deny rule for a tool/command/scope. */
48
+ findDenyRule(
49
+ tool: string,
50
+ command: string,
51
+ scope: string,
52
+ ): TrustRule | null;
53
+
54
+ /** Add a new trust rule and persist it. */
55
+ addRule(
56
+ tool: string,
57
+ pattern: string,
58
+ scope: string,
59
+ decision?: "allow" | "deny" | "ask",
60
+ priority?: number,
61
+ options?: {
62
+ allowHighRisk?: boolean;
63
+ executionTarget?: string;
64
+ },
65
+ ): TrustRule;
66
+
67
+ /** Update an existing trust rule by ID and persist it. */
68
+ updateRule(
69
+ id: string,
70
+ updates: {
71
+ tool?: string;
72
+ pattern?: string;
73
+ scope?: string;
74
+ decision?: "allow" | "deny" | "ask";
75
+ priority?: number;
76
+ },
77
+ ): TrustRule;
78
+
79
+ /** Remove a trust rule by ID. Returns true if the rule existed. */
80
+ removeRule(id: string): boolean;
81
+
82
+ /** Clear all user-created rules (default rules are re-backfilled). */
83
+ clearAllRules(): void;
84
+
85
+ /** Accept the starter approval bundle, seeding low-risk allow rules. */
86
+ acceptStarterBundle(): AcceptStarterBundleResult;
87
+
88
+ /** Whether the user has previously accepted the starter bundle. */
89
+ isStarterBundleAccepted(): boolean;
90
+
91
+ /** Register a callback to be invoked whenever trust rules change. */
92
+ onRulesChanged(listener: () => void): void;
93
+
94
+ /** Invalidate in-memory caches, forcing a re-read from the backing store. */
95
+ clearCache(): void;
96
+
97
+ /**
98
+ * Check whether a minimatch pattern matches a candidate string.
99
+ * Reuses the compiled pattern cache from trust rule evaluation.
100
+ */
101
+ patternMatchesCandidate(pattern: string, candidate: string): boolean;
102
+
103
+ /** Returns the starter bundle rule definitions. */
104
+ getStarterBundleRules(): StarterBundleRule[];
105
+ }