npm - @vellumai/assistant - Versions diffs - 0.5.4 → 0.5.6 - Mend

@vellumai/assistant 0.5.4 → 0.5.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

package/Dockerfile +17 -27
package/node_modules/@vellumai/ces-contracts/src/index.ts +1 -0
package/node_modules/@vellumai/ces-contracts/src/trust-rules.ts +42 -0
package/package.json +1 -1
package/src/__tests__/actor-token-service.test.ts +113 -0
package/src/__tests__/config-schema.test.ts +2 -2
package/src/__tests__/context-window-manager.test.ts +78 -0
package/src/__tests__/conversation-title-service.test.ts +30 -1
package/src/__tests__/credential-security-invariants.test.ts +2 -0
package/src/__tests__/docker-signing-key-bootstrap.test.ts +207 -0
package/src/__tests__/memory-regressions.test.ts +8 -30
package/src/__tests__/openai-whisper.test.ts +93 -0
package/src/__tests__/require-fresh-approval.test.ts +4 -0
package/src/__tests__/slack-messaging-token-resolution.test.ts +319 -0
package/src/__tests__/tool-executor-lifecycle-events.test.ts +4 -0
package/src/__tests__/tool-executor.test.ts +4 -0
package/src/__tests__/volume-security-guard.test.ts +155 -0
package/src/cli/commands/conversations.ts +0 -18
package/src/config/bundled-skills/messaging/tools/shared.ts +1 -0
package/src/config/bundled-skills/transcribe/tools/transcribe-media.ts +16 -37
package/src/config/env-registry.ts +9 -0
package/src/config/env.ts +8 -2
package/src/config/feature-flag-registry.json +8 -8
package/src/config/schema.ts +0 -12
package/src/config/schemas/memory.ts +0 -4
package/src/config/schemas/platform.ts +1 -1
package/src/config/schemas/security.ts +4 -0
package/src/context/window-manager.ts +53 -2
package/src/credential-execution/managed-catalog.ts +5 -15
package/src/daemon/conversation-agent-loop.ts +0 -60
package/src/daemon/conversation-memory.ts +0 -117
package/src/daemon/conversation-runtime-assembly.ts +0 -2
package/src/daemon/daemon-control.ts +7 -0
package/src/daemon/handlers/conversations.ts +0 -11
package/src/daemon/lifecycle.ts +10 -47
package/src/daemon/providers-setup.ts +2 -1
package/src/followups/followup-store.ts +5 -2
package/src/hooks/manager.ts +7 -0
package/src/instrument.ts +33 -1
package/src/memory/conversation-crud.ts +0 -236
package/src/memory/conversation-title-service.ts +26 -10
package/src/memory/db-init.ts +5 -13
package/src/memory/embedding-local.ts +11 -5
package/src/memory/indexer.ts +15 -106
package/src/memory/job-handlers/conversation-starters.ts +24 -36
package/src/memory/job-handlers/embedding.ts +0 -79
package/src/memory/job-utils.ts +1 -1
package/src/memory/jobs-store.ts +0 -8
package/src/memory/jobs-worker.ts +0 -20
package/src/memory/migrations/189-drop-simplified-memory.ts +42 -0
package/src/memory/migrations/index.ts +1 -3
package/src/memory/qdrant-client.ts +4 -6
package/src/memory/schema/conversations.ts +0 -3
package/src/memory/schema/index.ts +0 -2
package/src/messaging/draft-store.ts +2 -2
package/src/messaging/provider.ts +9 -0
package/src/messaging/providers/slack/adapter.ts +29 -2
package/src/oauth/connection-resolver.test.ts +22 -18
package/src/oauth/connection-resolver.ts +92 -7
package/src/oauth/platform-connection.test.ts +78 -69
package/src/oauth/platform-connection.ts +12 -19
package/src/permissions/defaults.ts +3 -3
package/src/permissions/trust-client.ts +332 -0
package/src/permissions/trust-store-interface.ts +105 -0
package/src/permissions/trust-store.ts +531 -39
package/src/platform/client.test.ts +148 -0
package/src/platform/client.ts +71 -0
package/src/providers/speech-to-text/openai-whisper.test.ts +190 -0
package/src/providers/speech-to-text/openai-whisper.ts +68 -0
package/src/providers/speech-to-text/resolve.ts +9 -0
package/src/providers/speech-to-text/types.ts +17 -0
package/src/runtime/auth/route-policy.ts +14 -0
package/src/runtime/auth/token-service.ts +133 -0
package/src/runtime/http-server.ts +4 -2
package/src/runtime/routes/conversation-management-routes.ts +0 -36
package/src/runtime/routes/conversation-query-routes.ts +44 -2
package/src/runtime/routes/conversation-routes.ts +2 -1
package/src/runtime/routes/inbound-message-handler.ts +27 -3
package/src/runtime/routes/inbound-stages/acl-enforcement.ts +16 -1
package/src/runtime/routes/inbound-stages/transcribe-audio.test.ts +287 -0
package/src/runtime/routes/inbound-stages/transcribe-audio.ts +122 -0
package/src/runtime/routes/log-export-routes.ts +1 -0
package/src/runtime/routes/memory-item-routes.test.ts +221 -3
package/src/runtime/routes/memory-item-routes.ts +124 -2
package/src/runtime/routes/secret-routes.ts +4 -1
package/src/runtime/routes/upgrade-broadcast-routes.ts +151 -0
package/src/schedule/schedule-store.ts +0 -21
package/src/security/ces-credential-client.ts +173 -0
package/src/security/secure-keys.ts +65 -22
package/src/signals/bash.ts +3 -0
package/src/signals/cancel.ts +3 -0
package/src/signals/confirm.ts +3 -0
package/src/signals/conversation-undo.ts +3 -0
package/src/signals/event-stream.ts +7 -0
package/src/signals/shotgun.ts +3 -0
package/src/signals/trust-rule.ts +3 -0
package/src/skills/inline-command-render.ts +5 -1
package/src/skills/inline-command-runner.ts +30 -2
package/src/telemetry/usage-telemetry-reporter.test.ts +23 -36
package/src/telemetry/usage-telemetry-reporter.ts +21 -19
package/src/tools/memory/handlers.ts +1 -129
package/src/tools/permission-checker.ts +18 -0
package/src/tools/skills/load.ts +9 -2
package/src/util/device-id.ts +70 -7
package/src/util/logger.ts +35 -9
package/src/util/platform.ts +29 -5
package/src/util/xml.ts +8 -0
package/src/workspace/heartbeat-service.ts +5 -24
package/src/workspace/migrations/migrate-to-workspace-volume.ts +113 -0
package/src/workspace/migrations/registry.ts +2 -0
package/src/__tests__/archive-recall.test.ts +0 -560
package/src/__tests__/conversation-memory-dirty-tail.test.ts +0 -150
package/src/__tests__/conversation-switch-memory-reduction.test.ts +0 -474
package/src/__tests__/db-memory-archive-migration.test.ts +0 -372
package/src/__tests__/db-memory-brief-state-migration.test.ts +0 -213
package/src/__tests__/db-memory-reducer-checkpoints.test.ts +0 -273
package/src/__tests__/memory-brief-open-loops.test.ts +0 -530
package/src/__tests__/memory-brief-time.test.ts +0 -285
package/src/__tests__/memory-brief-wrapper.test.ts +0 -311
package/src/__tests__/memory-chunk-archive.test.ts +0 -400
package/src/__tests__/memory-chunk-dual-write.test.ts +0 -453
package/src/__tests__/memory-episode-archive.test.ts +0 -370
package/src/__tests__/memory-episode-dual-write.test.ts +0 -626
package/src/__tests__/memory-observation-archive.test.ts +0 -375
package/src/__tests__/memory-observation-dual-write.test.ts +0 -318
package/src/__tests__/memory-reducer-job.test.ts +0 -538
package/src/__tests__/memory-reducer-scheduling.test.ts +0 -473
package/src/__tests__/memory-reducer-store.test.ts +0 -728
package/src/__tests__/memory-reducer-types.test.ts +0 -707
package/src/__tests__/memory-reducer.test.ts +0 -704
package/src/__tests__/memory-simplified-config.test.ts +0 -281
package/src/__tests__/simplified-memory-e2e.test.ts +0 -666
package/src/__tests__/simplified-memory-runtime.test.ts +0 -616
package/src/config/schemas/memory-simplified.ts +0 -101
package/src/memory/archive-recall.ts +0 -516
package/src/memory/archive-store.ts +0 -400
package/src/memory/brief-formatting.ts +0 -33
package/src/memory/brief-open-loops.ts +0 -266
package/src/memory/brief-time.ts +0 -162
package/src/memory/brief.ts +0 -75
package/src/memory/job-handlers/backfill-simplified-memory.ts +0 -462
package/src/memory/job-handlers/reduce-conversation-memory.ts +0 -229
package/src/memory/migrations/185-memory-brief-state.ts +0 -52
package/src/memory/migrations/186-memory-archive.ts +0 -109
package/src/memory/migrations/187-memory-reducer-checkpoints.ts +0 -19
package/src/memory/reducer-scheduler.ts +0 -242
package/src/memory/reducer-store.ts +0 -271
package/src/memory/reducer-types.ts +0 -106
package/src/memory/reducer.ts +0 -467
package/src/memory/schema/memory-archive.ts +0 -121
package/src/memory/schema/memory-brief.ts +0 -55

package/src/telemetry/usage-telemetry-reporter.ts CHANGED Viewed

@@ -22,7 +22,7 @@ import {
 import { queryUnreportedLifecycleEvents } from "../memory/lifecycle-events-store.js";
 import { queryUnreportedUsageEvents } from "../memory/llm-usage-store.js";
 import { queryUnreportedTurnEvents } from "../memory/turn-events-store.js";
-import { resolveManagedProxyContext } from "../providers/managed-proxy/context.js";
+import { VellumPlatformClient } from "../platform/client.js";
 import { DAEMON_INTERNAL_ASSISTANT_ID } from "../runtime/assistant-scope.js";
 import { getExternalAssistantId } from "../runtime/auth/external-assistant-id.js";
 import { getDeviceId } from "../util/device-id.js";
@@ -139,22 +139,11 @@ export class UsageTelemetryReporter {
         return;
       // Resolve auth context — skip flush when neither auth mode is viable
-      const proxyCtx = await resolveManagedProxyContext();
-      if (!proxyCtx.enabled && !getTelemetryAppToken()) {
+      const client = await VellumPlatformClient.create();
+      if (!client && !getTelemetryAppToken()) {
         return;
       }
-      let url: string;
-      let authHeaders: Record<string, string>;
-      if (proxyCtx.enabled) {
-        url = `${proxyCtx.platformBaseUrl}${TELEMETRY_PATH}`;
-        authHeaders = { Authorization: `Api-Key ${proxyCtx.assistantApiKey}` };
-      } else {
-        url = `${getTelemetryPlatformUrl()}${TELEMETRY_PATH}`;
-        authHeaders = { "X-Telemetry-Token": getTelemetryAppToken() };
-      }
       // Build payload
       const typedEvents: TelemetryEvent[] = [
         ...events.map(
@@ -195,26 +184,39 @@ export class UsageTelemetryReporter {
       const payload = {
         device_id: getDeviceId(),
         assistant_id: assistantId,
-        app_version: APP_VERSION,
+        assistant_version: APP_VERSION,
         ...(organizationId ? { organization_id: organizationId } : {}),
         ...(userId ? { user_id: userId } : {}),
         events: typedEvents,
       };
       // Send
-      const resp = await fetch(url, {
+      const fetchInit: RequestInit = {
         method: "POST",
         headers: {
           "Content-Type": "application/json",
-          ...authHeaders,
         },
         body: JSON.stringify(payload),
-      });
+      };
+      let resp: Response;
+      if (client) {
+        resp = await client.fetch(TELEMETRY_PATH, fetchInit);
+      } else {
+        const url = `${getTelemetryPlatformUrl()}${TELEMETRY_PATH}`;
+        resp = await fetch(url, {
+          ...fetchInit,
+          headers: {
+            "Content-Type": "application/json",
+            "X-Telemetry-Token": getTelemetryAppToken(),
+          },
+        });
+      }
       if (!resp.ok) {
         await resp.text(); // consume body to release connection
         log.warn(
-          { status: resp.status, url },
+          { status: resp.status },
           "Usage telemetry POST failed — will retry next cycle",
         );
         return;

package/src/tools/memory/handlers.ts CHANGED Viewed

@@ -2,8 +2,6 @@ import { and, eq, ne } from "drizzle-orm";
 import { v4 as uuid } from "uuid";
 import type { AssistantConfig } from "../../config/types.js";
-import { buildArchiveRecall } from "../../memory/archive-recall.js";
-import { insertObservation } from "../../memory/archive-store.js";
 import { getDb } from "../../memory/db.js";
 import { computeMemoryFingerprint } from "../../memory/fingerprint.js";
 import { enqueueMemoryJob } from "../../memory/jobs-store.js";
@@ -20,7 +18,7 @@ const log = getLogger("memory-tools");
 export async function handleMemorySave(
   args: Record<string, unknown>,
-  config: AssistantConfig,
+  _config: AssistantConfig,
   conversationId: string,
   messageId: string | undefined,
   scopeId: string = "default",
@@ -65,19 +63,6 @@ export async function handleMemorySave(
       ? truncate(args.subject.trim(), 80, "")
       : inferSubjectFromStatement(statement.trim());
-  // When simplified memory is enabled, save directly to the simplified
-  // observation/chunk tables instead of the legacy memory_items table.
-  if (config.memory.simplified.enabled) {
-    return handleSimplifiedMemorySave(
-      kind,
-      subject,
-      statement.trim(),
-      conversationId,
-      messageId,
-      scopeId,
-    );
-  }
   try {
     const db = getDb();
     const id = uuid();
@@ -290,12 +275,6 @@ export async function handleMemoryRecall(
       ? args.scope.trim()
       : "default";
-  // When simplified memory is enabled, use the archive recall path
-  // instead of the legacy hybrid retriever.
-  if (config.memory.simplified.enabled) {
-    return handleSimplifiedMemoryRecall(query.trim(), scopeId ?? "default");
-  }
   // Scope policy: "conversation" means strict (only that scope),
   // anything else allows fallback to the default scope.
   const scopePolicyOverride: ScopePolicyOverride | undefined = scopeId
@@ -432,113 +411,6 @@ export async function handleMemoryDelete(
   }
 }
-// ── Simplified memory helpers ────────────────────────────────────────
-/**
- * Save a memory item as an observation + chunk in the simplified system.
- * This is used when simplified memory is enabled instead of writing to
- * the legacy memory_items table.
- */
-function handleSimplifiedMemorySave(
-  kind: string,
-  subject: string,
-  statement: string,
-  conversationId: string,
-  messageId: string | undefined,
-  scopeId: string,
-): ToolExecutionResult {
-  try {
-    const trimmedStatement = truncate(statement, 500, "");
-    const content = `[${kind}] ${subject}: ${trimmedStatement}`;
-    const result = insertObservation({
-      conversationId,
-      messageId: messageId ?? null,
-      role: "user",
-      content,
-      scopeId,
-      modality: "text",
-      source: "tool:memory_save",
-    });
-    log.debug(
-      {
-        observationId: result.observationId,
-        chunkId: result.chunkId,
-        kind,
-        subject,
-        conversationId,
-        messageId,
-      },
-      "Memory saved via simplified system",
-    );
-    return {
-      content: `Saved to memory (ID: ${result.observationId}).\nKind: ${kind}\nSubject: ${subject}\nStatement: ${trimmedStatement}`,
-      isError: false,
-    };
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    log.error({ err }, "simplified memory_save failed");
-    return { content: `Error: Failed to save memory: ${msg}`, isError: true };
-  }
-}
-/**
- * Recall memories using the simplified archive recall path instead of
- * the legacy hybrid retriever.
- */
-function handleSimplifiedMemoryRecall(
-  query: string,
-  scopeId: string,
-): ToolExecutionResult {
-  try {
-    const recallResult = buildArchiveRecall(scopeId, query);
-    if (recallResult.bullets.length === 0) {
-      return {
-        content: JSON.stringify({
-          text: "No matching memories found.",
-          resultCount: 0,
-          degraded: false,
-          items: [],
-          sources: { semantic: 0, recency: 0 },
-        }),
-        isError: false,
-      };
-    }
-    const items = recallResult.bullets.map((b) => ({
-      id: b.sourceId,
-      type: b.source,
-      kind: b.source,
-    }));
-    const result = {
-      text: recallResult.text,
-      resultCount: recallResult.bullets.length,
-      degraded: false,
-      items,
-      sources: {
-        semantic: recallResult.prefetchHitCount,
-        recency: 0,
-      },
-    };
-    return {
-      content: JSON.stringify(result),
-      isError: false,
-    };
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    log.error({ err, query }, "simplified memory_recall failed");
-    return {
-      content: `Error: Memory recall failed: ${msg}`,
-      isError: true,
-    };
-  }
-}
 // ── Helpers ──────────────────────────────────────────────────────────
 function inferSubjectFromStatement(statement: string): string {

package/src/tools/permission-checker.ts CHANGED Viewed

@@ -137,6 +137,24 @@ export class PermissionChecker {
       }
       if (result.decision === "prompt") {
+        // dangerouslySkipPermissions: when enabled, auto-approve all prompts
+        // without user interaction. Deny rules are still respected (they
+        // return before reaching this block).
+        //
+        // Note: unlike guardian auto-approve and temporary overrides below,
+        // this intentionally does NOT check `context.requireFreshApproval`.
+        // The setting is designed to skip ALL interactive prompts
+        // unconditionally — it is an explicit operator opt-out from the
+        // permission system, so requireFreshApproval does not apply.
+        const cfg = getConfig();
+        if (cfg.permissions.dangerouslySkipPermissions) {
+          log.info(
+            { toolName: name, riskLevel },
+            "dangerouslySkipPermissions active — auto-approving without prompt",
+          );
+          return { allowed: true, decision: "dangerously_skip_permissions", riskLevel };
+        }
         // Guardian-trust sessions (e.g. scheduled jobs, reminders) should be
         // able to use bundled tools without interactive approval. The guardian
         // is the owner - prompting makes no sense when there is no client.

package/src/tools/skills/load.ts CHANGED Viewed

@@ -440,9 +440,16 @@ export class SkillLoadTool implements Tool {
                 "Rendered inline command expansions for included skill",
               );
             } catch (err) {
-              log.warn(
+              log.error(
                 { err, skillId: childId, parentSkillId: skill.id },
-                "Failed to render inline commands for included skill, using raw body",
+                "Failed to render inline commands for included skill; falling back to sanitized body",
+              );
+              // Strip raw !`...` inline command tokens so they don't leak into
+              // the prompt. Replace with a safe stub to maintain fail-closed
+              // contract for raw tokens while still isolating child failures.
+              childBody = childBody.replace(
+                /!`[^`]*`/g,
+                "[inline command unavailable]",
               );
             }
           }

package/src/util/device-id.ts CHANGED Viewed

@@ -6,8 +6,10 @@
  * extensible for future per-device metadata.
  *
  * Path resolution:
- *   - Containerized (IS_CONTAINERIZED=true): uses BASE_DATA_DIR, which maps to a
- *     persistent volume. Each container is effectively its own "device."
+ *   - Containerized (IS_CONTAINERIZED=true): uses /home/assistant (the assistant
+ *     user's persistent home dir) so device.json lives on the assistant's own
+ *     filesystem rather than the shared data volume. Falls back to BASE_DATA_DIR
+ *     for migration from the old location.
  *   - Local (single or multi-instance): uses homedir() so all instances on the
  *     same machine share a single device ID, even when BASE_DATA_DIR is set to
  *     an instance-scoped directory.
@@ -31,18 +33,34 @@ let cached: string | undefined;
 /**
  * Resolve the base directory for device.json.
  *
- * In containerized environments, BASE_DATA_DIR points to a persistent volume
- * and homedir() is ephemeral, so we must use BASE_DATA_DIR.
+ * In containerized environments, device.json is stored under /home/assistant
+ * (the assistant user's persistent home dir) rather than on the shared data
+ * volume. Device ID is assistant-specific state that doesn't need to be shared.
  * In local environments (including multi-instance), homedir() is stable and
  * shared across instances, giving a true per-machine device ID.
  */
 export function getDeviceIdBaseDir(): string {
   if (getIsContainerized()) {
-    return getBaseDataDir() || homedir();
+    return "/home/assistant";
   }
   return homedir();
 }
+/**
+ * Resolve the legacy base directory for device.json migration.
+ *
+ * Returns the old containerized path (BASE_DATA_DIR) so we can fall back to
+ * reading device.json from the shared volume if it hasn't been migrated yet.
+ * Returns undefined when not containerized or when no legacy path exists.
+ */
+function getLegacyDeviceIdBaseDir(): string | undefined {
+  if (!getIsContainerized()) {
+    return undefined;
+  }
+  const baseDataDir = getBaseDataDir();
+  return baseDataDir || undefined;
+}
 /**
  * Get the stable device ID for this machine.
  *
@@ -78,10 +96,55 @@ export function getDeviceId(): string {
       }
     }
   } catch (err) {
-    log.warn({ err }, "Failed to read device.json — generating new device ID");
+    log.warn({ err }, "Failed to read device.json — checking legacy path");
+  }
+  // Migration fallback: check the legacy location (shared volume) if the new
+  // location doesn't have a valid device.json yet.
+  const legacyBase = getLegacyDeviceIdBaseDir();
+  if (legacyBase) {
+    const legacyPath = join(legacyBase, ".vellum", "device.json");
+    try {
+      if (existsSync(legacyPath)) {
+        const raw = JSON.parse(readFileSync(legacyPath, "utf-8"));
+        if (
+          raw &&
+          typeof raw === "object" &&
+          typeof raw.deviceId === "string" &&
+          raw.deviceId.length > 0
+        ) {
+          cached = raw.deviceId as string;
+          log.info(
+            { deviceId: cached },
+            "Resolved device ID from legacy device.json — will persist to new location",
+          );
+          // Persist to the new location so future reads don't need the fallback
+          try {
+            mkdirSync(vellumDir, { recursive: true });
+            writeFileSync(
+              filePath,
+              JSON.stringify({ deviceId: cached }, null, 2) + "\n",
+              { mode: 0o644 },
+            );
+            log.info("Migrated device.json to new location");
+          } catch (writeErr) {
+            log.warn(
+              { err: writeErr },
+              "Failed to migrate device.json to new location",
+            );
+          }
+          return cached;
+        }
+      }
+    } catch (err) {
+      log.warn(
+        { err },
+        "Failed to read legacy device.json — generating new device ID",
+      );
+    }
   }
-  // Either the file doesn't exist, or deviceId was missing/empty.
+  // Either the file doesn't exist at either location, or deviceId was missing/empty.
   // Generate a new UUID and persist it.
   try {
     mkdirSync(vellumDir, { recursive: true });

package/src/util/logger.ts CHANGED Viewed

@@ -76,20 +76,44 @@ let rootLogger: pino.Logger | null = null;
 let activeLogDate: string | null = null;
 let activeLogFileConfig: LogFileConfig | null = null;
+function resolveLogDir(config: LogFileConfig): string | undefined {
+  if (!config.dir) return undefined;
+  if (!existsSync(config.dir)) {
+    try {
+      mkdirSync(config.dir, { recursive: true });
+    } catch (err) {
+      if (getIsContainerized()) {
+        // Config has a host-specific path that can't be created inside the
+        // container (e.g. /Users/…). Fall back to the default log directory.
+        const fallback = join(getLogPath(), "..");
+        console.warn(
+          `[logger] Configured logFile.dir "${config.dir}" cannot be created ` +
+            `in container (${(err as Error).message}). Falling back to "${fallback}".`,
+        );
+        if (!existsSync(fallback)) {
+          mkdirSync(fallback, { recursive: true });
+        }
+        return fallback;
+      }
+      throw err;
+    }
+  }
+  return config.dir;
+}
 function buildRotatingLogger(config: LogFileConfig): pino.Logger {
-  if (!config.dir) {
+  const dir = resolveLogDir(config);
+  if (!dir) {
     return pino(
       { name: "assistant", serializers: logSerializers },
       pinoPretty(prettyOpts({ destination: 1 })),
     );
   }
-  if (!existsSync(config.dir)) {
-    mkdirSync(config.dir, { recursive: true });
-  }
   const today = formatDate(new Date());
-  const filePath = logFilePathForDate(config.dir, new Date());
+  const filePath = logFilePathForDate(dir, new Date());
   const fileDest = pino.destination({
     dest: filePath,
     sync: false,
@@ -107,7 +131,7 @@ function buildRotatingLogger(config: LogFileConfig): pino.Logger {
   );
   activeLogDate = today;
-  activeLogFileConfig = config;
+  activeLogFileConfig = { ...config, dir };
   // When stdout is not a TTY (e.g. desktop app redirects to a hatch log file),
   // write to the rotating file only — the hatch log already captured early
@@ -144,8 +168,10 @@ function ensureCurrentDate(): void {
 export function initLogger(config: LogFileConfig): void {
   rootLogger = buildRotatingLogger(config);
-  if (config.dir && config.retentionDays > 0) {
-    const removed = pruneOldLogFiles(config.dir, config.retentionDays);
+  // Use the resolved dir (may differ from config.dir when containerized)
+  const resolvedDir = activeLogFileConfig?.dir;
+  if (resolvedDir && config.retentionDays > 0) {
+    const removed = pruneOldLogFiles(resolvedDir, config.retentionDays);
     if (removed > 0) {
       rootLogger.info(
         { removed, retentionDays: config.retentionDays },

package/src/util/platform.ts CHANGED Viewed

@@ -8,7 +8,11 @@ import {
 import { homedir } from "node:os";
 import { join } from "node:path";
-import { getBaseDataDir } from "../config/env-registry.js";
+import {
+  getBaseDataDir,
+  getIsContainerized,
+  getWorkspaceDirOverride,
+} from "../config/env-registry.js";
 export function isMacOS(): boolean {
   return process.platform === "darwin";
@@ -237,6 +241,15 @@ export function getInterfacesDir(): string {
   return join(getDataDir(), "interfaces");
 }
+/**
+ * Returns the sounds directory (~/.vellum/workspace/data/sounds).
+ * Custom sound files and sound configuration live here. Sound files
+ * can be large, so this directory is excluded from diagnostic exports.
+ */
+export function getSoundsDir(): string {
+  return join(getWorkspaceDir(), "data", "sounds");
+}
 /**
  * Returns the TCP port the daemon should listen on for iOS clients.
  * Hardcoded default: 8765.
@@ -356,13 +369,19 @@ export function getSignalsDir(): string {
 // Currently not used by call-sites; wired in later PRs.
 /**
- * Returns ~/.vellum/workspace — the workspace root for user-facing state.
+ * Returns the workspace root for user-facing state.
+ *
+ * When the WORKSPACE_DIR env var is set, returns that value (used in
+ * containerized deployments where the workspace is a separate volume).
+ * Otherwise falls back to ~/.vellum/workspace.
  *
  * WARNING: The entire workspace directory is included in diagnostic log exports
  * ("Send logs to Vellum"). Do not store secrets, API keys, or sensitive
  * credentials here — use the credential store or ~/.vellum/protected/ instead.
  */
 export function getWorkspaceDir(): string {
+  const override = getWorkspaceDirOverride();
+  if (override) return override;
   return join(getRootDir(), "workspace");
 }
@@ -413,13 +432,17 @@ export function ensureDataDir(): void {
   const root = getRootDir();
   const workspace = getWorkspaceDir();
   const wsData = join(workspace, "data");
+  const containerized = getIsContainerized();
   const dirs = [
-    // Root-level dirs (runtime / protected)
+    // Root-level dirs (runtime)
     root,
-    join(root, "protected"),
+    // signals dir is needed everywhere (MCP reload, user-message signals)
+    join(root, "signals"),
+    // protected, hooks are local-only — skip in containerized mode
+    // (credentials via CES HTTP API, trust via gateway API)
+    ...(containerized ? [] : [join(root, "protected"), join(root, "hooks")]),
     // Workspace dirs
     workspace,
-    join(root, "hooks"),
     join(workspace, "skills"),
     join(workspace, "embedding-models"),
     join(workspace, "conversations"),
@@ -432,6 +455,7 @@ export function ensureDataDir(): void {
     join(wsData, "memory", "knowledge"),
     join(wsData, "apps"),
     join(wsData, "interfaces"),
+    join(wsData, "sounds"),
   ];
   for (const dir of dirs) {
     if (!existsSync(dir)) {

package/src/util/xml.ts CHANGED Viewed

@@ -6,3 +6,11 @@ export function escapeXmlAttr(s: string): string {
     .replace(/</g, "&lt;")
     .replace(/>/g, "&gt;");
 }
+/** Escape a string for safe inclusion as XML/HTML text content. */
+export function escapeXmlContent(s: string): string {
+  return s
+    .replace(/&/g, "&amp;")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;");
+}

package/src/workspace/heartbeat-service.ts CHANGED Viewed

@@ -210,13 +210,11 @@ export class WorkspaceHeartbeatService {
       try {
         const now = this.now();
-        let shutdownFiles: string[] = [];
         const { committed } = await service.commitIfDirty(
           (st) => {
             const uniqueFiles = [
               ...new Set([...st.staged, ...st.modified, ...st.untracked]),
             ];
-            shutdownFiles = uniqueFiles;
             log.info(
               { workspaceDir, totalChanges: uniqueFiles.length },
               "Committing pending changes on shutdown",
@@ -237,28 +235,11 @@ export class WorkspaceHeartbeatService {
         if (committed) {
           firstSeenDirty.delete(workspaceDir);
           result.committed++;
-          // Fire-and-forget enrichment
-          try {
-            const commitHash = await service.getHeadHash();
-            const shutdownCtx: CommitContext = {
-              workspaceDir,
-              trigger: "shutdown",
-              changedFiles: shutdownFiles,
-              timestampMs: this.now(),
-            };
-            getEnrichmentService().enqueue({
-              workspaceDir,
-              commitHash,
-              context: shutdownCtx,
-              gitService: service,
-            });
-          } catch (enrichErr) {
-            log.debug(
-              { enrichErr },
-              "Failed to enqueue shutdown enrichment (non-fatal)",
-            );
-          }
+          // Skip enrichment for shutdown commits — the enrichment queue is
+          // about to be shut down anyway, and the fire-and-forget writeNote()
+          // can race with subsequent commitAllPending() calls (the async
+          // git-notes operation acquires the mutex and may leave behind an
+          // index.lock on some git versions, causing the next commit to fail).
         } else {
           result.skipped++;
         }