@vellumai/assistant 0.5.4 → 0.5.6

package/src/__tests__/volume-security-guard.test.ts

@@ -0,0 +1,155 @@
+import { execFileSync } from "node:child_process";
+import { join } from "node:path";
+import { describe, expect, test } from "bun:test";
+
+/**
+ * Guard test: assistant source code must not directly access files in the
+ * `protected/` directory (`trust.json`, `keys.enc`, `store.key`,
+ * `actor-token-signing-key`). In containerized (Docker) mode these files
+ * live outside the assistant's data volume and are managed by the gateway.
+ *
+ * All access must go through the appropriate abstraction layer:
+ *  - Trust rules: trust-store.ts / trust-client.ts (file vs gateway backend)
+ *  - Credentials: encrypted-store.ts / ces-credential-client.ts
+ *  - Signing keys: secure-keys.ts / credential-backend.ts
+ *
+ * Only the abstraction-layer files themselves (and tests) are allowed to
+ * reference the raw file paths / helper functions.
+ */
+
+// ---------------------------------------------------------------------------
+// Allowed files — abstraction layers that legitimately access protected/ files
+// ---------------------------------------------------------------------------
+
+const ALLOWED_FILES = new Set([
+  // Trust store backends
+  "assistant/src/permissions/trust-store.ts",
+  "assistant/src/permissions/trust-client.ts",
+  "assistant/src/permissions/trust-store-interface.ts",
+  // Credential / encrypted store backends
+  "assistant/src/security/encrypted-store.ts",
+  "assistant/src/security/secure-keys.ts",
+  "assistant/src/security/credential-backend.ts",
+  "assistant/src/security/ces-credential-client.ts",
+  // Token service owns the signing key lifecycle
+  "assistant/src/runtime/auth/token-service.ts",
+  // CLI commands that run outside Docker (doctor diagnostics, trust management)
+  "assistant/src/cli/commands/doctor.ts",
+  "assistant/src/cli/commands/trust.ts",
+  // Auth middleware documentation comment (not a file access)
+  "assistant/src/runtime/auth/middleware.ts",
+]);
+
+// ---------------------------------------------------------------------------
+// Patterns that indicate direct access to protected directory files
+// ---------------------------------------------------------------------------
+
+/**
+ * Each entry is a `git grep -E` pattern and a human-readable description
+ * for the error message.
+ */
+const GUARDED_PATTERNS: Array<{ pattern: string; description: string }> = [
+  {
+    pattern: "protected/trust\\.json",
+    description: "direct reference to protected/trust.json",
+  },
+  {
+    pattern: "protected/keys\\.enc",
+    description: "direct reference to protected/keys.enc",
+  },
+  {
+    pattern: "protected/store\\.key",
+    description: "direct reference to protected/store.key",
+  },
+  {
+    pattern: "actor-token-signing-key",
+    description: "direct reference to actor-token-signing-key file",
+  },
+  {
+    pattern: "\\bgetTrustPath\\b",
+    description: "use of getTrustPath() (trust-store internal)",
+  },
+  {
+    pattern: "\\bgetStoreKeyPath\\b",
+    description: "use of getStoreKeyPath() (encrypted-store internal)",
+  },
+];
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function getRepoRoot(): string {
+  return join(process.cwd(), "..");
+}
+
+function isTestFile(filePath: string): boolean {
+  return (
+    filePath.includes("/__tests__/") ||
+    filePath.endsWith(".test.ts") ||
+    filePath.endsWith(".test.js") ||
+    filePath.endsWith(".spec.ts") ||
+    filePath.endsWith(".spec.js")
+  );
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("volume security: protected directory access guard", () => {
+  for (const { pattern, description } of GUARDED_PATTERNS) {
+    test(`no ${description} outside allowed files`, () => {
+      const repoRoot = getRepoRoot();
+
+      let grepOutput = "";
+      try {
+        grepOutput = execFileSync(
+          "git",
+          [
+            "grep",
+            "-lE",
+            pattern,
+            "--",
+            "assistant/src/**/*.ts",
+            "assistant/src/*.ts",
+          ],
+          { encoding: "utf-8", cwd: repoRoot },
+        ).trim();
+      } catch (err) {
+        // Exit code 1 means no matches — happy path
+        if ((err as { status?: number }).status === 1) {
+          return;
+        }
+        throw err;
+      }
+
+      const files = grepOutput.split("\n").filter((f) => f.length > 0);
+      const violations = files.filter(
+        (f) => !isTestFile(f) && !ALLOWED_FILES.has(f),
+      );
+
+      if (violations.length > 0) {
+        const message = [
+          `Found assistant source files with ${description}.`,
+          "",
+          "In containerized (Docker) mode, the protected/ directory is not",
+          "accessible to the assistant. All access to protected files must go",
+          "through the abstraction layers:",
+          "  - Trust rules: trust-store.ts / trust-client.ts",
+          "  - Credentials: encrypted-store.ts / ces-credential-client.ts",
+          "  - Signing keys: secure-keys.ts / credential-backend.ts",
+          "",
+          "If this file is a new abstraction backend, add it to ALLOWED_FILES",
+          "in this guard test. Otherwise, use the appropriate abstraction layer",
+          "or gate the access behind !getIsContainerized().",
+          "",
+          "Violations:",
+          ...violations.map((f) => `  - ${f}`),
+        ].join("\n");
+
+        expect(violations, message).toEqual([]);
+      }
+    });
+  }
+});

package/src/cli/commands/conversations.ts

@@ -375,24 +375,6 @@ Examples:
           targetId: summaryId,
         });
       }
-      for (const obsId of result.deletedObservationIds) {
-        enqueueMemoryJob("delete_qdrant_vectors", {
-          targetType: "observation",
-          targetId: obsId,
-        });
-      }
-      for (const chunkId of result.deletedChunkIds) {
-        enqueueMemoryJob("delete_qdrant_vectors", {
-          targetType: "chunk",
-          targetId: chunkId,
-        });
-      }
-      for (const episodeId of result.deletedEpisodeIds) {
-        enqueueMemoryJob("delete_qdrant_vectors", {
-          targetType: "episode",
-          targetId: episodeId,
-        });
-      }
 
       log.info(
         `Wiped conversation "${conversation.title ?? "Untitled"}". ` +

package/src/config/bundled-skills/messaging/tools/shared.ts

@@ -136,6 +136,7 @@ export async function getProviderConnection(
   provider: MessagingProvider,
   account?: string,
 ): Promise<OAuthConnection | string> {
+  if (provider.resolveConnection) return provider.resolveConnection(account);
   if (await provider.isConnected?.()) return "";
   return resolveOAuthConnection(provider.credentialService, { account });
 }

package/src/config/bundled-skills/transcribe/tools/transcribe-media.ts

@@ -10,6 +10,7 @@ import {
 import { tmpdir } from "node:os";
 import { extname, join } from "node:path";
 
+import { OpenAIWhisperProvider } from "../../../../providers/speech-to-text/openai-whisper.js";
 import { getProviderKeyAsync } from "../../../../security/secure-keys.js";
 import type {
   ToolContext,
@@ -168,12 +169,19 @@ async function transcribeViaApi(
   apiKey: string,
   context: ToolContext,
 ): Promise<string> {
+  const provider = new OpenAIWhisperProvider(apiKey);
   const duration = await getAudioDuration(audioPath);
   const fileSize = Bun.file(audioPath).size;
 
   // If small enough, send directly
   if (fileSize <= WHISPER_API_MAX_BYTES) {
-    return await whisperApiRequest(audioPath, apiKey);
+    const audioBuffer = await readFile(audioPath);
+    const result = await provider.transcribe(
+      audioBuffer,
+      "audio/wav",
+      AbortSignal.timeout(API_REQUEST_TIMEOUT_MS),
+    );
+    return result.text;
   }
 
   // Split into chunks for large files
@@ -199,8 +207,13 @@ async function transcribeViaApi(
     for (let i = 0; i < chunks.length; i++) {
       if (context.signal?.aborted) throw new Error("Cancelled");
       context.onOutput?.(`  Transcribing chunk ${i + 1}/${chunks.length}...\n`);
-      const text = await whisperApiRequest(chunks[i], apiKey);
-      if (text) parts.push(text);
+      const audioBuffer = await readFile(chunks[i]);
+      const result = await provider.transcribe(
+        audioBuffer,
+        "audio/wav",
+        AbortSignal.timeout(API_REQUEST_TIMEOUT_MS),
+      );
+      if (result.text) parts.push(result.text);
     }
 
     return parts.join(" ");
@@ -213,40 +226,6 @@ async function transcribeViaApi(
   }
 }
 
-async function whisperApiRequest(
-  audioPath: string,
-  apiKey: string,
-): Promise<string> {
-  const audioData = await readFile(audioPath);
-  const formData = new FormData();
-  formData.append(
-    "file",
-    new Blob([audioData], { type: "audio/wav" }),
-    "audio.wav",
-  );
-  formData.append("model", "whisper-1");
-
-  const response = await fetch(
-    "https://api.openai.com/v1/audio/transcriptions",
-    {
-      method: "POST",
-      headers: { Authorization: `Bearer ${apiKey}` },
-      body: formData,
-      signal: AbortSignal.timeout(API_REQUEST_TIMEOUT_MS),
-    },
-  );
-
-  if (!response.ok) {
-    const body = await response.text().catch(() => "");
-    throw new Error(
-      `Whisper API error (${response.status}): ${body.slice(0, 300)}`,
-    );
-  }
-
-  const result = (await response.json()) as { text?: string };
-  return result.text?.trim() ?? "";
-}
-
 // ---------------------------------------------------------------------------
 // Local mode - whisper.cpp
 // ---------------------------------------------------------------------------

package/src/config/env-registry.ts

@@ -54,6 +54,15 @@ export function getIsContainerized(): boolean {
   return flag("IS_CONTAINERIZED");
 }
 
+/**
+ * WORKSPACE_DIR — string, default: undefined
+ * When set, overrides the default workspace directory. Used in containerized
+ * deployments where the workspace is a separate volume.
+ */
+export function getWorkspaceDirOverride(): string | undefined {
+  return str("WORKSPACE_DIR");
+}
+
 // ── Known env var names ──────────────────────────────────────────────────────
 
 /**

package/src/config/env.ts

@@ -51,9 +51,15 @@ export function getGatewayPort(): number {
   return int("GATEWAY_PORT", DEFAULT_GATEWAY_PORT);
 }
 
-/** Resolve the gateway base URL for internal service-to-service calls. */
+/**
+ * Resolve the gateway base URL for internal service-to-service calls.
+ *
+ * In containerized deployments the gateway runs in a separate container,
+ * reachable via `GATEWAY_INTERNAL_URL` (e.g. `http://gateway:7822`).
+ * Falls back to `http://127.0.0.1:<GATEWAY_PORT>` for local deployments.
+ */
 export function getGatewayInternalBaseUrl(): string {
-  return `http://127.0.0.1:${getGatewayPort()}`;
+  return str("GATEWAY_INTERNAL_URL") ?? `http://127.0.0.1:${getGatewayPort()}`;
 }
 
 // ── Ingress ──────────────────────────────────────────────────────────────────

package/src/config/feature-flag-registry.json

@@ -25,14 +25,6 @@
       "description": "Show the Contacts tab in Settings for viewing and managing contacts",
       "defaultEnabled": true
     },
-    {
-      "id": "custom-inference-provider",
-      "scope": "macos",
-      "key": "custom_inference_provider_enabled",
-      "label": "Custom Inference Provider",
-      "description": "Allow selecting a specific LLM provider and model for inference in Your Own mode",
-      "defaultEnabled": false
-    },
     {
       "id": "email-channel",
       "scope": "assistant",
@@ -288,6 +280,14 @@
       "label": "Inline Skill Command Expansion",
       "description": "Enable secure inline skill command expansion via !`command` syntax, with version-pinned approval and sandboxed execution at skill load time",
       "defaultEnabled": true
+    },
+    {
+      "id": "channel-voice-transcription",
+      "scope": "assistant",
+      "key": "feature_flags.channel-voice-transcription.enabled",
+      "label": "Channel Voice Transcription",
+      "description": "Auto-transcribe voice/audio messages received from channels (Telegram, WhatsApp) before processing",
+      "defaultEnabled": true
     }
   ]
 }

package/src/config/schema.ts

@@ -106,18 +106,6 @@ export {
   MemoryDynamicBudgetConfigSchema,
   MemoryRetrievalConfigSchema,
 } from "./schemas/memory-retrieval.js";
-export type {
-  MemorySimplifiedArchiveRecallConfig,
-  MemorySimplifiedBriefConfig,
-  MemorySimplifiedConfig,
-  MemorySimplifiedReducerConfig,
-} from "./schemas/memory-simplified.js";
-export {
-  MemorySimplifiedArchiveRecallConfigSchema,
-  MemorySimplifiedBriefConfigSchema,
-  MemorySimplifiedConfigSchema,
-  MemorySimplifiedReducerConfigSchema,
-} from "./schemas/memory-simplified.js";
 export type {
   MemoryEmbeddingsConfig,
   MemorySegmentationConfig,

package/src/config/schemas/memory.ts

@@ -10,7 +10,6 @@ import {
   MemorySummarizationConfigSchema,
 } from "./memory-processing.js";
 import { MemoryRetrievalConfigSchema } from "./memory-retrieval.js";
-import { MemorySimplifiedConfigSchema } from "./memory-simplified.js";
 import {
   MemoryEmbeddingsConfigSchema,
   MemorySegmentationConfigSchema,
@@ -46,9 +45,6 @@ export const MemoryConfigSchema = z
     summarization: MemorySummarizationConfigSchema.default(
       MemorySummarizationConfigSchema.parse({}),
     ),
-    simplified: MemorySimplifiedConfigSchema.default(
-      MemorySimplifiedConfigSchema.parse({}),
-    ),
   })
   .describe(
     "Long-term memory system — stores, retrieves, and manages persistent knowledge across conversations",

package/src/config/schemas/platform.ts

@@ -43,7 +43,7 @@ export const DaemonConfigSchema = z
       .number({ error: "daemon.titleGenerationMaxTokens must be a number" })
       .int("daemon.titleGenerationMaxTokens must be an integer")
       .positive("daemon.titleGenerationMaxTokens must be a positive integer")
-      .default(30)
+      .default(50)
       .describe(
         "Maximum number of tokens for auto-generated conversation titles",
       ),

package/src/config/schemas/security.ts

@@ -77,6 +77,10 @@ export const PermissionsConfigSchema = z
       .describe(
         "Permission mode — 'strict' requires explicit approval for all operations, 'workspace' allows operations within the workspace",
       ),
+    dangerouslySkipPermissions: z
+      .boolean({ error: "permissions.dangerouslySkipPermissions must be a boolean" })
+      .default(false)
+      .describe("Auto-accept all permission prompts without asking"),
   })
   .describe("Permission enforcement mode for tool operations");
 

package/src/context/window-manager.ts

@@ -538,12 +538,12 @@ export class ContextWindowManager {
     }
 
     const keepTurns = lo;
-    const keepFromIndex =
+    const rawKeepFromIndex =
       keepTurns === 0
         ? messages.length
         : (userTurnStarts[userTurnStarts.length - keepTurns] ??
           messages.length);
-
+    const keepFromIndex = adjustForToolPairs(messages, rawKeepFromIndex);
     return { keepFromIndex, keepTurns };
   }
 
@@ -703,6 +703,57 @@ function isToolResultOnly(message: Message): boolean {
   );
 }
 
+/**
+ * Walk the keep boundary backward to ensure tool_use/tool_result pairs are
+ * never split across the compaction boundary. If the first kept message is
+ * a user message containing tool_result blocks whose matching tool_use blocks
+ * live in the preceding (compacted-away) assistant message, include that
+ * assistant message in the kept set.
+ */
+function adjustForToolPairs(
+  messages: Message[],
+  keepFromIndex: number,
+): number {
+  let idx = keepFromIndex;
+  while (idx > 0) {
+    const msg = messages[idx];
+    if (!msg || msg.role !== "user") break;
+
+    // Collect tool_use_ids referenced by tool_results in this user message
+    const referencedIds = new Set<string>();
+    for (const block of msg.content) {
+      if ((block.type === "tool_result" || block.type === "web_search_tool_result") && "tool_use_id" in block) {
+        referencedIds.add((block as { tool_use_id: string }).tool_use_id);
+      }
+    }
+    if (referencedIds.size === 0) break;
+
+    // Check if the preceding assistant message contains matching tool_uses
+    const prev = messages[idx - 1];
+    if (!prev || prev.role !== "assistant") break;
+
+    const hasOrphanedPair = prev.content.some(
+      (block) =>
+        (block.type === "tool_use" || block.type === "server_tool_use") &&
+        "id" in block &&
+        referencedIds.has((block as { id: string }).id),
+    );
+    if (!hasOrphanedPair) break;
+
+    // Include the assistant message
+    idx--;
+
+    // The assistant message may itself be preceded by a tool_result user
+    // message that pairs with an even earlier assistant — continue the check
+    if (idx > 0 && messages[idx - 1]?.role === "user") {
+      idx--;
+    } else {
+      break;
+    }
+  }
+  return idx;
+}
+
 export function getSummaryFromContextMessage(
   message: Message | undefined,
 ): string | null {

package/src/credential-execution/managed-catalog.ts

@@ -11,8 +11,7 @@
 
 import { platformOAuthHandle } from "@vellumai/ces-contracts";
 
-import { getPlatformAssistantId } from "../config/env.js";
-import { resolveManagedProxyContext } from "../providers/managed-proxy/context.js";
+import { VellumPlatformClient } from "../platform/client.js";
 import { getLogger } from "../util/logger.js";
 
 const log = getLogger("managed-catalog");
@@ -79,25 +78,18 @@ export interface FetchManagedCatalogResult {
  * error message that never contains secret material.
  */
 export async function fetchManagedCatalog(): Promise<FetchManagedCatalogResult> {
-  const ctx = await resolveManagedProxyContext();
+  const client = await VellumPlatformClient.create();
 
-  if (!ctx.enabled) {
+  if (!client || !client.platformAssistantId) {
     return { ok: true, descriptors: [] };
   }
 
-  const assistantId = getPlatformAssistantId();
-  if (!assistantId) {
-    log.warn("PLATFORM_ASSISTANT_ID not set; cannot fetch managed catalog");
-    return { ok: true, descriptors: [] };
-  }
-
-  const url = `${ctx.platformBaseUrl}/v1/assistants/${encodeURIComponent(assistantId)}/oauth/managed/catalog/`;
+  const path = `/v1/assistants/${encodeURIComponent(client.platformAssistantId)}/oauth/managed/catalog/`;
 
   try {
-    const response = await fetch(url, {
+    const response = await client.fetch(path, {
       method: "GET",
       headers: {
-        Authorization: `Api-Key ${ctx.assistantApiKey}`,
         Accept: "application/json",
       },
     });
@@ -139,8 +131,6 @@ export async function fetchManagedCatalog(): Promise<FetchManagedCatalogResult>
     return { ok: true, descriptors };
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
-    // Ensure the error message does not leak secrets — strip any URL params
-    // that might contain tokens (defensive, since we use Api-Key header).
     const safeMessage = message.replace(
       /Api-Key\s+\S+/gi,
       "Api-Key [REDACTED]",

package/src/daemon/conversation-agent-loop.ts

@@ -33,7 +33,6 @@ import {
 } from "../instrument.js";
 import { commitAppTurnChanges } from "../memory/app-git-service.js";
 import { getApp, listAppFiles, resolveAppDir } from "../memory/app-store.js";
-import { insertCompactionEpisode } from "../memory/archive-store.js";
 import {
   addMessage,
   deleteMessageById,
@@ -514,12 +513,6 @@ export async function runAgentLoopImpl(
         compacted.summaryText,
         ctx.contextCompactedMessageCount,
       );
-      dualWriteCompactionEpisode(
-        ctx.conversationId,
-        ctx.memoryPolicy.scopeId,
-        compacted.summaryText,
-        compacted.summaryOutputTokens,
-      );
       onEvent({
         type: "context_compacted",
         previousEstimatedInputTokens: compacted.previousEstimatedInputTokens,
@@ -787,12 +780,6 @@ export async function runAgentLoopImpl(
             step.compactionResult.summaryText,
             ctx.contextCompactedMessageCount,
           );
-          dualWriteCompactionEpisode(
-            ctx.conversationId,
-            ctx.memoryPolicy.scopeId,
-            step.compactionResult.summaryText,
-            step.compactionResult.summaryOutputTokens,
-          );
           onEvent({
             type: "context_compacted",
             previousEstimatedInputTokens:
@@ -977,12 +964,6 @@ export async function runAgentLoopImpl(
           midLoopCompact.summaryText,
           ctx.contextCompactedMessageCount,
         );
-        dualWriteCompactionEpisode(
-          ctx.conversationId,
-          ctx.memoryPolicy.scopeId,
-          midLoopCompact.summaryText,
-          midLoopCompact.summaryOutputTokens,
-        );
         onEvent({
           type: "context_compacted",
           previousEstimatedInputTokens:
@@ -1179,12 +1160,6 @@ export async function runAgentLoopImpl(
             step.compactionResult.summaryText,
             ctx.contextCompactedMessageCount,
           );
-          dualWriteCompactionEpisode(
-            ctx.conversationId,
-            ctx.memoryPolicy.scopeId,
-            step.compactionResult.summaryText,
-            step.compactionResult.summaryOutputTokens,
-          );
           onEvent({
             type: "context_compacted",
             previousEstimatedInputTokens:
@@ -1292,12 +1267,6 @@ export async function runAgentLoopImpl(
                 emergencyCompact.summaryText,
                 ctx.contextCompactedMessageCount,
               );
-              dualWriteCompactionEpisode(
-                ctx.conversationId,
-                ctx.memoryPolicy.scopeId,
-                emergencyCompact.summaryText,
-                emergencyCompact.summaryOutputTokens,
-              );
               onEvent({
                 type: "context_compacted",
                 previousEstimatedInputTokens:
@@ -1402,12 +1371,6 @@ export async function runAgentLoopImpl(
               emergencyCompact.summaryText,
               ctx.contextCompactedMessageCount,
             );
-            dualWriteCompactionEpisode(
-              ctx.conversationId,
-              ctx.memoryPolicy.scopeId,
-              emergencyCompact.summaryText,
-              emergencyCompact.summaryOutputTokens,
-            );
             onEvent({
               type: "context_compacted",
               previousEstimatedInputTokens:
@@ -1873,26 +1836,3 @@ function collapseRawResponses(rawResponses?: unknown[]): unknown | undefined {
   if (!rawResponses || rawResponses.length === 0) return undefined;
   return rawResponses.length === 1 ? rawResponses[0] : rawResponses;
 }
-
-/**
- * Dual-write a compaction summary as an archive episode so it becomes
- * searchable via vector recall. Called after each successful compaction
- * that produces a new summary.
- */
-function dualWriteCompactionEpisode(
-  conversationId: string,
-  scopeId: string,
-  summaryText: string,
-  summaryOutputTokens: number,
-): void {
-  const now = Date.now();
-  insertCompactionEpisode({
-    conversationId,
-    scopeId,
-    title: truncate(summaryText, 120, ""),
-    summary: summaryText,
-    tokenEstimate: summaryOutputTokens,
-    startAt: now,
-    endAt: now,
-  });
-}