@vellumai/assistant 0.5.4 → 0.5.5

package/src/util/platform.ts

@@ -8,7 +8,11 @@ import {
 import { homedir } from "node:os";
 import { join } from "node:path";
 
-import { getBaseDataDir } from "../config/env-registry.js";
+import {
+  getBaseDataDir,
+  getIsContainerized,
+  getWorkspaceDirOverride,
+} from "../config/env-registry.js";
 
 export function isMacOS(): boolean {
   return process.platform === "darwin";
@@ -237,6 +241,15 @@ export function getInterfacesDir(): string {
   return join(getDataDir(), "interfaces");
 }
 
+/**
+ * Returns the sounds directory (~/.vellum/workspace/data/sounds).
+ * Custom sound files and sound configuration live here. Sound files
+ * can be large, so this directory is excluded from diagnostic exports.
+ */
+export function getSoundsDir(): string {
+  return join(getWorkspaceDir(), "data", "sounds");
+}
+
 /**
  * Returns the TCP port the daemon should listen on for iOS clients.
  * Hardcoded default: 8765.
@@ -356,13 +369,19 @@ export function getSignalsDir(): string {
 // Currently not used by call-sites; wired in later PRs.
 
 /**
- * Returns ~/.vellum/workspace — the workspace root for user-facing state.
+ * Returns the workspace root for user-facing state.
+ *
+ * When the WORKSPACE_DIR env var is set, returns that value (used in
+ * containerized deployments where the workspace is a separate volume).
+ * Otherwise falls back to ~/.vellum/workspace.
  *
  * WARNING: The entire workspace directory is included in diagnostic log exports
  * ("Send logs to Vellum"). Do not store secrets, API keys, or sensitive
  * credentials here — use the credential store or ~/.vellum/protected/ instead.
  */
 export function getWorkspaceDir(): string {
+  const override = getWorkspaceDirOverride();
+  if (override) return override;
   return join(getRootDir(), "workspace");
 }
 
@@ -413,13 +432,17 @@ export function ensureDataDir(): void {
   const root = getRootDir();
   const workspace = getWorkspaceDir();
   const wsData = join(workspace, "data");
+  const containerized = getIsContainerized();
   const dirs = [
-    // Root-level dirs (runtime / protected)
+    // Root-level dirs (runtime)
     root,
-    join(root, "protected"),
+    // protected, signals, hooks are local-only — skip in containerized mode
+    // (credentials via CES HTTP API, trust via gateway API, no IPC signals)
+    ...(containerized
+      ? []
+      : [join(root, "protected"), join(root, "signals"), join(root, "hooks")]),
     // Workspace dirs
     workspace,
-    join(root, "hooks"),
     join(workspace, "skills"),
     join(workspace, "embedding-models"),
     join(workspace, "conversations"),
@@ -432,6 +455,7 @@ export function ensureDataDir(): void {
     join(wsData, "memory", "knowledge"),
     join(wsData, "apps"),
     join(wsData, "interfaces"),
+    join(wsData, "sounds"),
   ];
   for (const dir of dirs) {
     if (!existsSync(dir)) {

package/src/workspace/migrations/migrate-to-workspace-volume.ts

@@ -0,0 +1,113 @@
+/**
+ * Workspace migration: Migrate workspace data from /data to /workspace volume.
+ *
+ * In the old Docker volume layout, workspace data lived at
+ * `$BASE_DATA_DIR/.vellum/workspace`. In the new layout, WORKSPACE_DIR points
+ * to a dedicated volume (e.g. `/workspace`). On first boot with the new layout,
+ * this migration copies existing workspace data from the old location to the
+ * new volume so nothing is lost.
+ *
+ * Idempotent:
+ * - Skips if WORKSPACE_DIR is not set (non-Docker or old layout).
+ * - Skips if the workspace volume already has data (config.json exists).
+ * - Skips if the sentinel file exists (already migrated).
+ * - Skips if the old workspace directory doesn't exist or is empty.
+ */
+
+import { cpSync, existsSync, readdirSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import {
+  getBaseDataDir,
+  getWorkspaceDirOverride,
+} from "../../config/env-registry.js";
+import type { WorkspaceMigration } from "./types.js";
+
+const SENTINEL_FILENAME = ".workspace-volume-migrated";
+
+export const migrateToWorkspaceVolumeMigration: WorkspaceMigration = {
+  id: "014-migrate-to-workspace-volume",
+  description:
+    "Copy workspace data from old /data/.vellum/workspace to new WORKSPACE_DIR volume on first boot",
+
+  run(workspaceDir: string): void {
+    const workspaceDirOverride = getWorkspaceDirOverride();
+
+    // Only relevant when WORKSPACE_DIR is explicitly set (Docker with separate volume)
+    if (!workspaceDirOverride) return;
+
+    const sentinelPath = join(workspaceDir, SENTINEL_FILENAME);
+
+    // Already migrated — skip
+    if (existsSync(sentinelPath)) return;
+
+    // If the workspace volume already has data (config.json), assume it's
+    // already populated — either by a previous migration or manual setup.
+    if (existsSync(join(workspaceDir, "config.json"))) {
+      // Write sentinel so we don't re-check on every boot
+      writeSentinel(sentinelPath);
+      return;
+    }
+
+    // Resolve the old workspace location: $BASE_DATA_DIR/.vellum/workspace
+    const baseDataDir = getBaseDataDir();
+    if (!baseDataDir) {
+      // No BASE_DATA_DIR means there's no old location to migrate from
+      writeSentinel(sentinelPath);
+      return;
+    }
+
+    const oldWorkspaceDir = join(baseDataDir, ".vellum", "workspace");
+
+    // If the old workspace doesn't exist or is empty, nothing to migrate
+    if (!existsSync(oldWorkspaceDir)) {
+      writeSentinel(sentinelPath);
+      return;
+    }
+
+    let entries: string[];
+    try {
+      entries = readdirSync(oldWorkspaceDir);
+    } catch {
+      // Can't read old workspace — write sentinel and move on
+      writeSentinel(sentinelPath);
+      return;
+    }
+
+    if (entries.length === 0) {
+      writeSentinel(sentinelPath);
+      return;
+    }
+
+    // Copy everything from old workspace to new workspace volume.
+    // Use cpSync with recursive to handle nested directories.
+    // Copy each entry individually rather than the whole directory to avoid
+    // overwriting the target directory itself (which may already have
+    // sub-directories created by ensureDataDir).
+    for (const entry of entries) {
+      const src = join(oldWorkspaceDir, entry);
+      const dst = join(workspaceDir, entry);
+
+      // Skip if destination already exists (partial previous run)
+      if (existsSync(dst)) continue;
+
+      try {
+        cpSync(src, dst, { recursive: true });
+      } catch {
+        // Best-effort per entry — continue with remaining items
+      }
+    }
+
+    // Mark migration complete
+    writeSentinel(sentinelPath);
+  },
+};
+
+function writeSentinel(sentinelPath: string): void {
+  try {
+    writeFileSync(sentinelPath, new Date().toISOString() + "\n", "utf-8");
+  } catch {
+    // Best-effort — if we can't write the sentinel, the migration runner's
+    // checkpoint will still prevent re-running the migration function.
+  }
+}

package/src/workspace/migrations/registry.ts

@@ -10,6 +10,7 @@ import { appDirRenameMigration } from "./010-app-dir-rename.js";
 import { backfillInstallationIdMigration } from "./011-backfill-installation-id.js";
 import { renameConversationDiskViewDirsMigration } from "./012-rename-conversation-disk-view-dirs.js";
 import { repairConversationDiskViewMigration } from "./013-repair-conversation-disk-view.js";
+import { migrateToWorkspaceVolumeMigration } from "./migrate-to-workspace-volume.js";
 import type { WorkspaceMigration } from "./types.js";
 
 /**
@@ -29,4 +30,5 @@ export const WORKSPACE_MIGRATIONS: WorkspaceMigration[] = [
   appDirRenameMigration,
   renameConversationDiskViewDirsMigration,
   repairConversationDiskViewMigration,
+  migrateToWorkspaceVolumeMigration,
 ];