@vellumai/assistant 0.5.5 → 0.5.7

package/src/tools/permission-checker.ts

@@ -137,6 +137,24 @@ export class PermissionChecker {
       }
 
       if (result.decision === "prompt") {
+        // dangerouslySkipPermissions: when enabled, auto-approve all prompts
+        // without user interaction. Deny rules are still respected (they
+        // return before reaching this block).
+        //
+        // Note: unlike guardian auto-approve and temporary overrides below,
+        // this intentionally does NOT check `context.requireFreshApproval`.
+        // The setting is designed to skip ALL interactive prompts
+        // unconditionally — it is an explicit operator opt-out from the
+        // permission system, so requireFreshApproval does not apply.
+        const cfg = getConfig();
+        if (cfg.permissions.dangerouslySkipPermissions) {
+          log.info(
+            { toolName: name, riskLevel },
+            "dangerouslySkipPermissions active — auto-approving without prompt",
+          );
+          return { allowed: true, decision: "dangerously_skip_permissions", riskLevel };
+        }
+
         // Guardian-trust sessions (e.g. scheduled jobs, reminders) should be
         // able to use bundled tools without interactive approval. The guardian
         // is the owner - prompting makes no sense when there is no client.

package/src/tools/skills/execute.ts

@@ -30,7 +30,7 @@ export class SkillExecuteTool implements Tool {
           activity: {
             type: "string",
             description:
-              "Brief non-technical explanation of what you are doing and why, shown to the user as a status update.",
+              "Brief non-technical explanation of what you are doing and why, shown to the user as a progress update.",
           },
         },
         required: ["tool", "input", "activity"],

package/src/tools/skills/load.ts

@@ -440,9 +440,16 @@ export class SkillLoadTool implements Tool {
                 "Rendered inline command expansions for included skill",
               );
             } catch (err) {
-              log.warn(
+              log.error(
                 { err, skillId: childId, parentSkillId: skill.id },
-                "Failed to render inline commands for included skill, using raw body",
+                "Failed to render inline commands for included skill; falling back to sanitized body",
+              );
+              // Strip raw !`...` inline command tokens so they don't leak into
+              // the prompt. Replace with a safe stub to maintain fail-closed
+              // contract for raw tokens while still isolating child failures.
+              childBody = childBody.replace(
+                /!`[^`]*`/g,
+                "[inline command unavailable]",
               );
             }
           }

package/src/tools/types.ts

@@ -118,14 +118,6 @@ export interface ToolContext {
   proxyToolResolver?: ProxyToolResolver;
   /** When set, only tools in this set may execute. Tools outside the set are blocked with an error. */
   allowedToolNames?: Set<string>;
-  /** Request user confirmation for a sub-tool operation (used by claude_code tool). */
-  requestConfirmation?: (req: {
-    toolName: string;
-    input: Record<string, unknown>;
-    riskLevel: string;
-    executionTarget?: ExecutionTarget;
-    principal?: string;
-  }) => Promise<{ decision: "allow" | "deny" }>;
   /** Prompt the user for a secret value via native SecureField UI. */
   requestSecret?: (params: {
     service: string;

package/src/util/errors.ts

@@ -20,9 +20,6 @@ export enum ErrorCode {
   // WASM integrity check failures
   INTEGRITY_ERROR = "INTEGRITY_ERROR",
 
-  // Secret detected in inbound content
-  INGRESS_BLOCKED = "INGRESS_BLOCKED",
-
   // Internal/unexpected errors
   INTERNAL_ERROR = "INTERNAL_ERROR",
 }
@@ -178,12 +175,3 @@ export class IntegrityError extends AssistantError {
   }
 }
 
-export class IngressBlockedError extends AssistantError {
-  constructor(
-    message: string,
-    public readonly detectedTypes: string[],
-  ) {
-    super(message, ErrorCode.INGRESS_BLOCKED);
-    this.name = "IngressBlockedError";
-  }
-}

package/src/util/platform.ts

@@ -3,7 +3,6 @@ import {
   existsSync,
   mkdirSync,
   readFileSync,
-  writeFileSync,
 } from "node:fs";
 import { homedir } from "node:os";
 import { join } from "node:path";
@@ -45,25 +44,6 @@ export function getClipboardCommand(): string | null {
   return null;
 }
 
-/**
- * Read and parse the lockfile (~/.vellum.lock.json).
- * Respects BASE_DATA_DIR for non-standard home directories.
- * Returns null if the file doesn't exist or is malformed.
- */
-export function readLockfile(): Record<string, unknown> | null {
-  const base = getBaseDataDir() || homedir();
-  const lockPath = join(base, ".vellum.lock.json");
-  if (!existsSync(lockPath)) return null;
-  try {
-    const raw = JSON.parse(readFileSync(lockPath, "utf-8"));
-    if (raw && typeof raw === "object" && !Array.isArray(raw)) {
-      return raw as Record<string, unknown>;
-    }
-  } catch {
-    // malformed JSON
-  }
-  return null;
-}
 
 /**
  * Resolve the instance data directory from the lockfile.
@@ -155,45 +135,18 @@ export function resolveInstanceDataDir(): string | undefined {
  * (see migration 007-assistant-id-to-self). However, the desktop UI
  * sends the real assistant ID (e.g., "vellum-true-eel") while the
  * inbound call path resolves phone numbers to config keys (typically
- * "self"). This function maps any known lockfile assistant ID to "self"
+ * "self"). This function maps the current assistant's ID to "self"
  * so both sides use a consistent DB key.
- *
- * Multi-instance safety: each daemon process runs with a scoped
- * BASE_DATA_DIR, so readLockfile() only sees the lockfile for this
- * instance. The mapping to "self" is correct because each daemon is
- * single-tenant — it only manages its own instance's data.
  */
 export function normalizeAssistantId(assistantId: string): string {
   if (assistantId === "self") return "self";
 
-  try {
-    const lockData = readLockfile();
-    const assistants = lockData?.assistants as
-      | Array<Record<string, unknown>>
-      | undefined;
-    if (assistants) {
-      for (const entry of assistants) {
-        if (entry.assistantId === assistantId) return "self";
-      }
-    }
-  } catch {
-    // lockfile unreadable — return as-is
-  }
+  const ownName = process.env.VELLUM_ASSISTANT_NAME;
+  if (ownName && assistantId === ownName) return "self";
 
   return assistantId;
 }
 
-/**
- * Write data to the primary lockfile (~/.vellum.lock.json).
- * Respects BASE_DATA_DIR for non-standard home directories.
- */
-export function writeLockfile(data: Record<string, unknown>): void {
-  const base = getBaseDataDir() || homedir();
-  writeFileSync(
-    join(base, ".vellum.lock.json"),
-    JSON.stringify(data, null, 2) + "\n",
-  );
-}
 
 /**
  * Returns the root ~/.vellum directory. User-facing files (config, prompt
@@ -436,11 +389,11 @@ export function ensureDataDir(): void {
   const dirs = [
     // Root-level dirs (runtime)
     root,
-    // protected, signals, hooks are local-only — skip in containerized mode
-    // (credentials via CES HTTP API, trust via gateway API, no IPC signals)
-    ...(containerized
-      ? []
-      : [join(root, "protected"), join(root, "signals"), join(root, "hooks")]),
+    // signals dir is needed everywhere (MCP reload, user-message signals)
+    join(root, "signals"),
+    // protected, hooks are local-only — skip in containerized mode
+    // (credentials via CES HTTP API, trust via gateway API)
+    ...(containerized ? [] : [join(root, "protected"), join(root, "hooks")]),
     // Workspace dirs
     workspace,
     join(workspace, "skills"),

package/src/util/xml.ts

@@ -6,3 +6,11 @@ export function escapeXmlAttr(s: string): string {
     .replace(/</g, "&lt;")
     .replace(/>/g, "&gt;");
 }
+
+/** Escape a string for safe inclusion as XML/HTML text content. */
+export function escapeXmlContent(s: string): string {
+  return s
+    .replace(/&/g, "&amp;")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;");
+}

package/src/workspace/git-service.ts

@@ -753,8 +753,11 @@ export class WorkspaceGitService {
    * Must be called with the mutex lock held.
    */
   private async ensureCommitIdentityLocked(): Promise<void> {
-    await this.execGit(["config", "user.name", "Vellum Assistant"]);
-    await this.execGit(["config", "user.email", "assistant@vellum.ai"]);
+    const gitName = process.env.ASSISTANT_GIT_USER_NAME || "Vellum Assistant";
+    const gitEmail =
+      process.env.ASSISTANT_GIT_USER_EMAIL || "assistant@vellum.ai";
+    await this.execGit(["config", "user.name", gitName]);
+    await this.execGit(["config", "user.email", gitEmail]);
   }
 
   /**

package/src/workspace/heartbeat-service.ts

@@ -210,13 +210,11 @@ export class WorkspaceHeartbeatService {
 
       try {
         const now = this.now();
-        let shutdownFiles: string[] = [];
         const { committed } = await service.commitIfDirty(
           (st) => {
             const uniqueFiles = [
               ...new Set([...st.staged, ...st.modified, ...st.untracked]),
             ];
-            shutdownFiles = uniqueFiles;
             log.info(
               { workspaceDir, totalChanges: uniqueFiles.length },
               "Committing pending changes on shutdown",
@@ -237,28 +235,11 @@ export class WorkspaceHeartbeatService {
         if (committed) {
           firstSeenDirty.delete(workspaceDir);
           result.committed++;
-
-          // Fire-and-forget enrichment
-          try {
-            const commitHash = await service.getHeadHash();
-            const shutdownCtx: CommitContext = {
-              workspaceDir,
-              trigger: "shutdown",
-              changedFiles: shutdownFiles,
-              timestampMs: this.now(),
-            };
-            getEnrichmentService().enqueue({
-              workspaceDir,
-              commitHash,
-              context: shutdownCtx,
-              gitService: service,
-            });
-          } catch (enrichErr) {
-            log.debug(
-              { enrichErr },
-              "Failed to enqueue shutdown enrichment (non-fatal)",
-            );
-          }
+          // Skip enrichment for shutdown commits — the enrichment queue is
+          // about to be shut down anyway, and the fire-and-forget writeNote()
+          // can race with subsequent commitAllPending() calls (the async
+          // git-notes operation acquires the mutex and may leave behind an
+          // index.lock on some git versions, causing the next commit to fail).
         } else {
           result.skipped++;
         }

package/src/workspace/migrations/001-avatar-rename.ts

@@ -22,4 +22,19 @@ export const avatarRenameMigration: WorkspaceMigration = {
       renameSync(oldTraits, newTraits);
     }
   },
+  down(workspaceDir: string): void {
+    const avatarDir = join(workspaceDir, "data", "avatar");
+
+    const newImage = join(avatarDir, "avatar-image.png");
+    const oldImage = join(avatarDir, "custom-avatar.png");
+    if (existsSync(newImage) && !existsSync(oldImage)) {
+      renameSync(newImage, oldImage);
+    }
+
+    const newTraits = join(avatarDir, "character-traits.json");
+    const oldTraits = join(avatarDir, "avatar-components.json");
+    if (existsSync(newTraits) && !existsSync(oldTraits)) {
+      renameSync(newTraits, oldTraits);
+    }
+  },
 };

package/src/workspace/migrations/003-seed-device-id.ts

@@ -1,4 +1,10 @@
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import {
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  unlinkSync,
+  writeFileSync,
+} from "node:fs";
 import { join } from "node:path";
 
 import { getDeviceIdBaseDir } from "../../util/device-id.js";
@@ -97,4 +103,14 @@ export const seedDeviceIdMigration: WorkspaceMigration = {
       // Best-effort — getDeviceId() will generate a new one if this fails.
     }
   },
+  down(_workspaceDir: string): void {
+    // The forward migration seeds deviceId in ~/.vellum/device.json from the
+    // lockfile. Reverse by removing device.json entirely — getDeviceId() will
+    // generate a fresh one on next startup if needed.
+    const base = getDeviceIdBaseDir();
+    const devicePath = join(base, ".vellum", "device.json");
+    if (existsSync(devicePath)) {
+      unlinkSync(devicePath);
+    }
+  },
 };

package/src/workspace/migrations/004-extract-collect-usage-data.ts

@@ -45,6 +45,39 @@ export const extractCollectUsageDataMigration: WorkspaceMigration = {
       delete config.assistantFeatureFlagValues;
     }
 
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  },
+  down(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) return;
+
+    let config: Record<string, unknown>;
+    try {
+      const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+      config = raw as Record<string, unknown>;
+    } catch {
+      return;
+    }
+
+    // Only reverse if collectUsageData was explicitly set to false
+    // (the forward migration only persisted false).
+    if (!("collectUsageData" in config)) return;
+    const value = config.collectUsageData;
+    if (typeof value !== "boolean") return;
+
+    // Restore the feature flag value
+    const FLAG_KEY = "feature_flags.collect-usage-data.enabled";
+    const flagValues = (config.assistantFeatureFlagValues ?? {}) as Record<
+      string,
+      unknown
+    >;
+    flagValues[FLAG_KEY] = value;
+    config.assistantFeatureFlagValues = flagValues;
+
+    // Remove the extracted top-level key
+    delete config.collectUsageData;
+
     writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
   },
 };

package/src/workspace/migrations/005-add-send-diagnostics.ts

@@ -9,4 +9,7 @@ export const addSendDiagnosticsMigration: WorkspaceMigration = {
     // will sync the UserDefaults value on first startup. This migration exists
     // as a checkpoint marker for future reference.
   },
+  down(_workspaceDir: string): void {
+    // No-op — the forward migration is a checkpoint marker with no data changes.
+  },
 };

package/src/workspace/migrations/006-services-config.ts

@@ -132,6 +132,55 @@ export const servicesConfigMigration: WorkspaceMigration = {
     delete config.imageGenModel;
     delete config.webSearchProvider;
 
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  },
+  down(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) return;
+
+    let config: Record<string, unknown>;
+    try {
+      const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+      config = raw as Record<string, unknown>;
+    } catch {
+      return;
+    }
+
+    const services = config.services;
+    if (!services || typeof services !== "object" || Array.isArray(services))
+      return;
+
+    const svc = services as Record<string, Record<string, unknown>>;
+
+    // Extract inference provider and model back to top-level fields.
+    // Note: inferenceMode is lost in this rollback — the original config did
+    // not store a mode field. This is an accepted lossy reversal.
+    if (svc.inference) {
+      if (typeof svc.inference.provider === "string") {
+        config.provider = svc.inference.provider;
+      }
+      if (typeof svc.inference.model === "string") {
+        config.model = svc.inference.model;
+      }
+    }
+
+    // Extract image generation model back to top-level
+    if (svc["image-generation"]) {
+      if (typeof svc["image-generation"].model === "string") {
+        config.imageGenModel = svc["image-generation"].model;
+      }
+    }
+
+    // Extract web search provider back to top-level
+    if (svc["web-search"]) {
+      if (typeof svc["web-search"].provider === "string") {
+        config.webSearchProvider = svc["web-search"].provider;
+      }
+    }
+
+    delete config.services;
+
     writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
   },
 };

package/src/workspace/migrations/007-web-search-provider-rename.ts

@@ -34,4 +34,31 @@ export const webSearchProviderRenameMigration: WorkspaceMigration = {
     ws.provider = "inference-provider-native";
     writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
   },
+  down(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) return;
+
+    let config: Record<string, unknown>;
+    try {
+      const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+      config = raw as Record<string, unknown>;
+    } catch {
+      return;
+    }
+
+    const services = config.services;
+    if (!services || typeof services !== "object" || Array.isArray(services))
+      return;
+
+    const webSearch = (services as Record<string, unknown>)["web-search"];
+    if (!webSearch || typeof webSearch !== "object" || Array.isArray(webSearch))
+      return;
+
+    const ws = webSearch as Record<string, unknown>;
+    if (ws.provider !== "inference-provider-native") return;
+
+    ws.provider = "anthropic-native";
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  },
 };

package/src/workspace/migrations/008-voice-timeout-and-max-steps.ts

@@ -9,4 +9,7 @@ export const voiceTimeoutAndMaxStepsMigration: WorkspaceMigration = {
     // Existing users: macOS client will sync UserDefaults values
     // to config on next startup via settings sync endpoints.
   },
+  down(_workspaceDir: string): void {
+    // No-op — the forward migration is a checkpoint marker with no data changes.
+  },
 };

package/src/workspace/migrations/009-backfill-conversation-disk-view.ts

@@ -7,4 +7,8 @@ export const backfillConversationDiskViewMigration: WorkspaceMigration = {
   run(_workspaceDir: string): void {
     rebuildConversationDiskViewFromDb();
   },
+  // No-op: the disk view is a derived cache that can be regenerated from the
+  // database at any time. Removing it would only cause unnecessary I/O churn
+  // since the next forward migration (or startup rebuild) will recreate it.
+  down(_workspaceDir: string): void {},
 };

package/src/workspace/migrations/010-app-dir-rename.ts

@@ -76,6 +76,84 @@ export const appDirRenameMigration: WorkspaceMigration = {
   description:
     "Rename UUID-based app directories and files to human-readable slugified names",
 
+  down(workspaceDir: string): void {
+    const appsDir = join(workspaceDir, "data", "apps");
+    if (!existsSync(appsDir)) return;
+
+    const jsonFiles = readdirSync(appsDir)
+      .filter((f) => f.endsWith(".json"))
+      .sort();
+
+    if (jsonFiles.length === 0) return;
+
+    for (const jsonFile of jsonFiles) {
+      const jsonPath = join(appsDir, jsonFile);
+      let raw: string;
+      try {
+        raw = readFileSync(jsonPath, "utf-8");
+      } catch {
+        continue;
+      }
+
+      let parsed: {
+        id?: string;
+        name?: string;
+        dirName?: string;
+      };
+      try {
+        parsed = JSON.parse(raw);
+      } catch {
+        continue;
+      }
+
+      const appId = parsed.id;
+      if (!appId || !parsed.dirName || !isValidDirName(parsed.dirName)) {
+        continue;
+      }
+
+      const dirName = parsed.dirName;
+
+      // 1. Rename the app directory: {dirName}/ -> {appId}/
+      const slugDir = join(appsDir, dirName);
+      const uuidDir = join(appsDir, appId);
+      if (existsSync(slugDir) && !existsSync(uuidDir) && slugDir !== uuidDir) {
+        renameSync(slugDir, uuidDir);
+      }
+
+      // 2. Rename the preview file: {dirName}.preview -> {appId}.preview
+      const slugPreview = join(appsDir, `${dirName}.preview`);
+      const uuidPreview = join(appsDir, `${appId}.preview`);
+      if (
+        existsSync(slugPreview) &&
+        !existsSync(uuidPreview) &&
+        slugPreview !== uuidPreview
+      ) {
+        renameSync(slugPreview, uuidPreview);
+      }
+
+      // 3. Remove dirName from JSON and rename file: {dirName}.json -> {appId}.json
+      const updatedParsed = { ...parsed };
+      delete updatedParsed.dirName;
+      const updatedJson = JSON.stringify(updatedParsed, null, 2);
+
+      const uuidJsonFile = `${appId}.json`;
+      const uuidJsonPath = join(appsDir, uuidJsonFile);
+
+      if (jsonFile !== uuidJsonFile) {
+        writeFileSync(uuidJsonPath, updatedJson, "utf-8");
+        if (existsSync(jsonPath) && jsonPath !== uuidJsonPath) {
+          try {
+            unlinkSync(jsonPath);
+          } catch {
+            // Old file cleanup is best-effort
+          }
+        }
+      } else {
+        writeFileSync(uuidJsonPath, updatedJson, "utf-8");
+      }
+    }
+  },
+
   run(workspaceDir: string): void {
     const appsDir = join(workspaceDir, "data", "apps");
     if (!existsSync(appsDir)) return;

package/src/workspace/migrations/011-backfill-installation-id.ts

@@ -14,6 +14,17 @@ export const backfillInstallationIdMigration: WorkspaceMigration = {
   id: "011-backfill-installation-id",
   description:
     "Backfill installationId into lockfile from SQLite checkpoint and clean up stale row",
+
+  down(_workspaceDir: string): void {
+    // The forward migration moved an installationId from a SQLite checkpoint
+    // into the lockfile entry. Rolling back by removing installationId from
+    // the lockfile would break telemetry continuity and the field is harmless
+    // to leave in place. The SQLite checkpoint was already deleted and
+    // cannot be restored.
+    //
+    // No-op: leaving installationId in the lockfile is safe and non-disruptive.
+  },
+
   run(_workspaceDir: string): void {
     // a. Read existing installation ID from SQLite, or generate a new one.
     //    On fresh installs the memory_checkpoints table may not exist yet,

package/src/workspace/migrations/012-rename-conversation-disk-view-dirs.ts

@@ -17,6 +17,10 @@ import type { WorkspaceMigration } from "./types.js";
 const LEGACY_CONVERSATION_DIR_PATTERN =
   /^(.*)_(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}\.\d{3}Z)$/;
 
+/** Matches the new timestamp-first format: {timestamp}_{conversationId} */
+const NEW_CONVERSATION_DIR_PATTERN =
+  /^(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}\.\d{3}Z)_(.+)$/;
+
 function parseLegacyConversationDirName(
   dirName: string,
 ): { conversationId: string; timestamp: string } | null {
@@ -29,11 +33,51 @@ function parseLegacyConversationDirName(
   };
 }
 
+function parseNewConversationDirName(
+  dirName: string,
+): { timestamp: string; conversationId: string } | null {
+  const match = dirName.match(NEW_CONVERSATION_DIR_PATTERN);
+  if (!match) return null;
+
+  return {
+    timestamp: match[1],
+    conversationId: match[2],
+  };
+}
+
 export const renameConversationDiskViewDirsMigration: WorkspaceMigration = {
   id: "012-rename-conversation-disk-view-dirs",
   description:
     "Rename legacy conversation disk-view directories to timestamp-first names",
 
+  down(workspaceDir: string): void {
+    const conversationsDir = join(workspaceDir, "conversations");
+    if (!existsSync(conversationsDir)) return;
+
+    const entries = readdirSync(conversationsDir, { withFileTypes: true })
+      .filter((entry) => entry.isDirectory())
+      .map((entry) => entry.name)
+      .sort();
+
+    for (const dirName of entries) {
+      const parsed = parseNewConversationDirName(dirName);
+      if (!parsed) continue;
+
+      const sourcePath = join(conversationsDir, dirName);
+      const targetName = `${parsed.conversationId}_${parsed.timestamp}`;
+      const targetPath = join(conversationsDir, targetName);
+
+      if (sourcePath === targetPath) continue;
+      if (existsSync(targetPath)) continue;
+
+      try {
+        renameSync(sourcePath, targetPath);
+      } catch {
+        // Best-effort: leave the directory in place if a single rename fails.
+      }
+    }
+  },
+
   run(workspaceDir: string): void {
     const conversationsDir = join(workspaceDir, "conversations");
     if (!existsSync(conversationsDir)) return;

package/src/workspace/migrations/013-repair-conversation-disk-view.ts

@@ -8,4 +8,9 @@ export const repairConversationDiskViewMigration: WorkspaceMigration = {
   run(_workspaceDir: string): void {
     rebuildConversationDiskViewFromDb();
   },
+  // No-op: this is a repair migration that rebuilds derived disk-view data
+  // from the database. There is no meaningful reverse operation — the data
+  // is a cache that can be regenerated, and removing it would just cause
+  // unnecessary churn on the next forward run.
+  down(_workspaceDir: string): void {},
 };