@vellumai/assistant 0.5.6 → 0.5.7

package/src/runtime/auth/__tests__/credential-service.test.ts

@@ -17,7 +17,6 @@ mock.module("../../../util/platform.js", () => ({
   getDataDir: () => testDir,
   getDbPath: () => join(testDir, "test.db"),
   normalizeAssistantId: (id: string) => (id === "self" ? "self" : id),
-  readLockfile: () => ({ assistants: [{ assistantId: "vellum-test-eel" }] }),
   isMacOS: () => process.platform === "darwin",
   isLinux: () => process.platform === "linux",
   isWindows: () => process.platform === "win32",

package/src/runtime/auth/__tests__/external-assistant-id.test.ts

@@ -1,21 +1,7 @@
 /**
- * Tests for getExternalAssistantId resolution order.
+ * Tests for getExternalAssistantId.
  */
-import { afterEach, describe, expect, mock, test } from "bun:test";
-
-mock.module("../../../util/logger.js", () => ({
-  getLogger: () =>
-    new Proxy({} as Record<string, unknown>, {
-      get: () => () => {},
-    }),
-}));
-
-// Controllable mock for readLockfile — defaults to null (no lockfile data)
-const mockReadLockfile = mock(() => null as Record<string, unknown> | null);
-
-mock.module("../../../util/platform.js", () => ({
-  readLockfile: mockReadLockfile,
-}));
+import { afterEach, describe, expect, test } from "bun:test";
 
 import {
   getExternalAssistantId,
@@ -24,65 +10,24 @@ import {
 
 afterEach(() => {
   resetExternalAssistantIdCache();
-  mockReadLockfile.mockReset();
-  mockReadLockfile.mockImplementation(() => null);
-  delete process.env.BASE_DATA_DIR;
+  delete process.env.VELLUM_ASSISTANT_NAME;
 });
 
 describe("getExternalAssistantId", () => {
-  test("resolves from lockfile assistants array (most recently hatched)", () => {
-    mockReadLockfile.mockImplementation(() => ({
-      assistants: [
-        { assistantId: "vellum-old-fox", hatchedAt: "2025-01-01T00:00:00Z" },
-        { assistantId: "vellum-new-eel", hatchedAt: "2025-06-15T12:00:00Z" },
-      ],
-    }));
-    expect(getExternalAssistantId()).toBe("vellum-new-eel");
-  });
-
-  test("resolves from lockfile with single assistant entry", () => {
-    mockReadLockfile.mockImplementation(() => ({
-      assistants: [
-        { assistantId: "vellum-solo-cat", hatchedAt: "2025-03-01T00:00:00Z" },
-      ],
-    }));
-    expect(getExternalAssistantId()).toBe("vellum-solo-cat");
-  });
-
-  test("resolves from BASE_DATA_DIR when lockfile has no data", () => {
-    process.env.BASE_DATA_DIR = "/tmp/vellum/assistants/vellum-true-eel";
-    expect(getExternalAssistantId()).toBe("vellum-true-eel");
-  });
-
-  test("resolves from BASE_DATA_DIR with trailing slash", () => {
-    process.env.BASE_DATA_DIR = "/tmp/vellum/assistants/vellum-cool-heron/";
-    expect(getExternalAssistantId()).toBe("vellum-cool-heron");
-  });
-
-  test("resolves from BASE_DATA_DIR with Windows-style backslashes", () => {
-    process.env.BASE_DATA_DIR =
-      "C:\\Users\\user\\.local\\share\\vellum\\assistants\\vellum-nice-fox";
-    expect(getExternalAssistantId()).toBe("vellum-nice-fox");
-  });
-
-  test("resolves from BASE_DATA_DIR with /instances/<name> path", () => {
-    process.env.BASE_DATA_DIR = "/home/user/.vellum/instances/vellum-swift-owl";
-    expect(getExternalAssistantId()).toBe("vellum-swift-owl");
-  });
-
-  test("resolves from BASE_DATA_DIR with /instances/<name> trailing slash", () => {
-    process.env.BASE_DATA_DIR =
-      "/home/user/.vellum/instances/vellum-swift-owl/";
-    expect(getExternalAssistantId()).toBe("vellum-swift-owl");
+  test("resolves from VELLUM_ASSISTANT_NAME env var", () => {
+    process.env.VELLUM_ASSISTANT_NAME = "vellum-cool-eel";
+    expect(getExternalAssistantId()).toBe("vellum-cool-eel");
   });
 
-  test("falls back to undefined when BASE_DATA_DIR does not match known patterns", () => {
-    process.env.BASE_DATA_DIR = "/tmp/some-other-path";
-    expect(getExternalAssistantId()).toBe(undefined);
+  test("caches the resolved value", () => {
+    process.env.VELLUM_ASSISTANT_NAME = "vellum-cool-eel";
+    expect(getExternalAssistantId()).toBe("vellum-cool-eel");
+    // Change env var — cached value should still be returned
+    process.env.VELLUM_ASSISTANT_NAME = "vellum-other-fox";
+    expect(getExternalAssistantId()).toBe("vellum-cool-eel");
   });
 
-  test("falls back to undefined when BASE_DATA_DIR is not set", () => {
-    delete process.env.BASE_DATA_DIR;
+  test("returns undefined when env var is not set", () => {
     expect(getExternalAssistantId()).toBe(undefined);
   });
 });

package/src/runtime/auth/external-assistant-id.ts

@@ -6,81 +6,35 @@
  * must identify which assistant the token belongs to, while the daemon
  * internally uses 'self'.
  *
- * Resolution order:
- *   1. Cached in-memory value (populated on first call)
- *   2. Most recently hatched entry in lockfile assistants array
- *      (sorted by `hatchedAt` descending) → assistantId
- *   3. BASE_DATA_DIR path matching `/assistants/<name>` or `/instances/<name>` suffix
- *   4. `undefined` — callers must handle the missing value
+ * Reads from the VELLUM_ASSISTANT_NAME env var, which is set by CLI
+ * hatch and Docker setup. Returns `undefined` if the env var is not set.
  *
- * The value is cached in memory after the first successful read.
+ * The value is cached in memory after the first read.
  */
 
-import { getBaseDataDir } from "../../config/env-registry.js";
 import { getLogger } from "../../util/logger.js";
-import { readLockfile } from "../../util/platform.js";
 
 const log = getLogger("external-assistant-id");
 
 let cached: string | null | undefined;
 
 /**
- * Get the external assistant ID.
- *
- * Resolution order:
- *   1. Cached in-memory value (populated on first call)
- *   2. Most recently hatched entry in lockfile assistants array
- *      (sorted by `hatchedAt` descending) → assistantId
- *   3. BASE_DATA_DIR path matching `/assistants/<name>` or `/instances/<name>` suffix
- *   4. `undefined` when resolution fails entirely
+ * Get the external assistant ID from the VELLUM_ASSISTANT_NAME env var.
+ * Returns `undefined` when the env var is not set.
  */
 export function getExternalAssistantId(): string | undefined {
   if (cached !== undefined) {
     return cached ?? undefined;
   }
 
-  try {
-    const lockData = readLockfile();
-    if (lockData) {
-      const assistants = lockData.assistants as
-        | Array<Record<string, unknown>>
-        | undefined;
-      if (assistants && assistants.length > 0) {
-        // Sort by hatchedAt descending to use the most recent entry,
-        // matching the pattern used elsewhere in the codebase.
-        const sorted = [...assistants].sort((a, b) => {
-          const dateA = new Date((a.hatchedAt as string) || 0).getTime();
-          const dateB = new Date((b.hatchedAt as string) || 0).getTime();
-          return dateB - dateA;
-        });
-        const latest = sorted[0];
-        if (typeof latest.assistantId === "string") {
-          cached = latest.assistantId;
-          log.info(
-            { externalAssistantId: cached },
-            "Resolved external assistant ID from lockfile",
-          );
-          return cached;
-        }
-      }
-    }
-  } catch (err) {
-    log.warn({ err }, "Failed to read lockfile for external assistant ID");
-  }
-
-  // Fallback: derive from BASE_DATA_DIR path
-  const base = getBaseDataDir();
-  if (base && typeof base === "string") {
-    const normalized = base.replace(/\\/g, "/").replace(/\/+$/, "");
-    const match = normalized.match(/\/(?:assistants|instances)\/([^/]+)$/);
-    if (match) {
-      cached = match[1];
-      log.info(
-        { externalAssistantId: cached },
-        "Resolved external assistant ID from BASE_DATA_DIR",
-      );
-      return cached;
-    }
+  const envName = process.env.VELLUM_ASSISTANT_NAME;
+  if (envName) {
+    cached = envName;
+    log.info(
+      { externalAssistantId: cached },
+      "Resolved external assistant ID from VELLUM_ASSISTANT_NAME",
+    );
+    return cached;
   }
 
   cached = null;

package/src/runtime/auth/route-policy.ts

@@ -352,6 +352,10 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "config/permissions/skip:GET", scopes: ["settings.read"] },
   { endpoint: "config/permissions/skip:PUT", scopes: ["settings.write"] },
 
+  // Generic config read/patch
+  { endpoint: "config:GET", scopes: ["settings.read"] },
+  { endpoint: "config:PATCH", scopes: ["settings.write"] },
+
   // Conversation management
   { endpoint: "conversations:DELETE", scopes: ["chat.write"] },
   { endpoint: "conversations/wipe", scopes: ["chat.write"] },
@@ -366,6 +370,7 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   // Message content
   { endpoint: "messages/content", scopes: ["chat.read"] },
   { endpoint: "messages/llm-context", scopes: ["chat.read"] },
+  { endpoint: "messages/tts", scopes: ["chat.read"] },
 
   // Queued message deletion
   { endpoint: "messages/queued", scopes: ["chat.write"] },
@@ -443,7 +448,6 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
 
   // Diagnostics
   { endpoint: "export", scopes: ["settings.read"] },
-  { endpoint: "diagnostics/export", scopes: ["settings.read"] },
   { endpoint: "diagnostics/env-vars", scopes: ["settings.read"] },
 
   // Dictation
@@ -512,3 +516,13 @@ registerPolicy("admin/upgrade-broadcast", {
   requiredScopes: ["internal.write"],
   allowedPrincipalTypes: ["svc_gateway"],
 });
+
+registerPolicy("admin/workspace-commit", {
+  requiredScopes: ["internal.write"],
+  allowedPrincipalTypes: ["svc_gateway"],
+});
+
+registerPolicy("admin/rollback-migrations", {
+  requiredScopes: ["internal.write"],
+  allowedPrincipalTypes: ["svc_gateway"],
+});

package/src/runtime/auth/token-service.ts

@@ -28,22 +28,6 @@ import type { ScopeProfile, TokenAudience, TokenClaims } from "./types.js";
 
 const log = getLogger("token-service");
 
-// ---------------------------------------------------------------------------
-// Bootstrap sentinel error
-// ---------------------------------------------------------------------------
-
-/**
- * Thrown when the gateway's signing-key bootstrap endpoint returns 403,
- * indicating that bootstrap has already completed (daemon restart case).
- * The caller should fall back to loading the key from disk.
- */
-export class BootstrapAlreadyCompleted extends Error {
-  constructor() {
-    super("Gateway signing key bootstrap already completed");
-    this.name = "BootstrapAlreadyCompleted";
-  }
-}
-
 // ---------------------------------------------------------------------------
 // Signing key management
 // ---------------------------------------------------------------------------
@@ -58,28 +42,44 @@ function getSigningKeyPath(): string {
   return join(getRootDir(), "protected", "actor-token-signing-key");
 }
 
+/**
+ * Load a signing key from disk. Returns the key buffer if found and valid,
+ * or undefined if the file does not exist or is invalid.
+ *
+ * Used in the Docker 403-fallback path where generating a new key would
+ * create a mismatch with the gateway's already-bootstrapped key.
+ */
+export function loadSigningKey(): Buffer | undefined {
+  const keyPath = getSigningKeyPath();
+  if (!existsSync(keyPath)) {
+    return undefined;
+  }
+  try {
+    const raw = readFileSync(keyPath);
+    if (raw.length === 32) {
+      log.info("Auth signing key loaded from disk");
+      return raw;
+    }
+    log.warn("Signing key file has unexpected length");
+    return undefined;
+  } catch (err) {
+    log.warn({ err }, "Failed to read signing key file");
+    return undefined;
+  }
+}
+
 /**
  * Load a signing key from disk or generate and persist a new one.
  * Uses atomic-write + chmod 0o600 for safe persistence.
  */
 export function loadOrCreateSigningKey(): Buffer {
-  const keyPath = getSigningKeyPath();
-
-  // Try to load existing key
-  if (existsSync(keyPath)) {
-    try {
-      const raw = readFileSync(keyPath);
-      if (raw.length === 32) {
-        log.info("Auth signing key loaded from disk");
-        return raw;
-      }
-      log.warn("Signing key file has unexpected length, regenerating");
-    } catch (err) {
-      log.warn({ err }, "Failed to read signing key file, regenerating");
-    }
+  const existing = loadSigningKey();
+  if (existing) {
+    return existing;
   }
 
   // Generate and persist a new key
+  const keyPath = getSigningKeyPath();
   const newKey = randomBytes(32);
   const dir = dirname(keyPath);
   if (!existsSync(dir)) {
@@ -94,120 +94,25 @@ export function loadOrCreateSigningKey(): Buffer {
   return newKey;
 }
 
-/**
- * Fetch the shared signing key from the gateway's bootstrap endpoint.
- *
- * Used in Docker mode where the gateway owns the signing key and the daemon
- * must fetch it at startup. Retries up to 30 times with 1s intervals to
- * tolerate gateway startup delays.
- *
- * @returns A 32-byte Buffer containing the signing key.
- * @throws {BootstrapAlreadyCompleted} If the gateway returns 403 (bootstrap
- *   already completed — daemon restart case). Caller should fall back to
- *   loading the key from disk.
- * @throws {Error} If the gateway is unreachable after all retry attempts.
- */
-export async function fetchSigningKeyFromGateway(): Promise<Buffer> {
-  const gatewayUrl = process.env.GATEWAY_INTERNAL_URL;
-  if (!gatewayUrl) {
-    throw new Error("GATEWAY_INTERNAL_URL not set — cannot fetch signing key");
-  }
-
-  const maxAttempts = 30;
-  const intervalMs = 1000;
-
-  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
-    let resp: Response | undefined;
-    try {
-      resp = await fetch(`${gatewayUrl}/internal/signing-key-bootstrap`, {
-        signal: AbortSignal.timeout(5000),
-      });
-    } catch (err) {
-      log.warn(
-        { err, attempt },
-        "Signing key bootstrap: connection failed, retrying",
-      );
-      await Bun.sleep(intervalMs);
-      continue;
-    }
-
-    if (resp.ok) {
-      const body = (await resp.json()) as { key: string };
-      const keyBuf = Buffer.from(body.key, "hex");
-      if (keyBuf.length !== 32) {
-        throw new Error(`Invalid signing key length: ${keyBuf.length}`);
-      }
-      log.info("Signing key fetched from gateway bootstrap endpoint");
-      return keyBuf;
-    }
-
-    if (resp.status === 403) {
-      // Bootstrap already completed — fall through to file-based load.
-      // This happens on daemon restart when the gateway lockfile persists.
-      log.info(
-        "Gateway signing key bootstrap already completed — loading from disk",
-      );
-      throw new BootstrapAlreadyCompleted();
-    }
-
-    log.warn(
-      { status: resp.status, attempt },
-      "Signing key bootstrap: gateway not ready, retrying",
-    );
-
-    await Bun.sleep(intervalMs);
-  }
-
-  throw new Error("Signing key bootstrap: timed out waiting for gateway");
-}
-
-/**
- * Persist a signing key to disk using an atomic-write pattern.
- * Used after fetching the key from the gateway so daemon restarts can
- * load it from disk when the gateway returns 403.
- */
-function persistSigningKey(key: Buffer): void {
-  const keyPath = getSigningKeyPath();
-  const dir = dirname(keyPath);
-  if (!existsSync(dir)) {
-    mkdirSync(dir, { recursive: true });
-  }
-  const tmpPath = keyPath + ".tmp." + process.pid;
-  writeFileSync(tmpPath, key, { mode: 0o600 });
-  renameSync(tmpPath, keyPath);
-  chmodSync(keyPath, 0o600);
-}
-
 /**
  * Resolve the signing key for the current environment.
  *
- * In Docker mode (IS_CONTAINERIZED=true + GATEWAY_INTERNAL_URL set), fetches
- * the key from the gateway's bootstrap endpoint and persists it locally for
- * restart resilience. On daemon restart (gateway returns 403), falls back to
- * loading the key from disk.
- *
- * In local mode, delegates to the existing file-based loadOrCreateSigningKey().
+ * Resolution order:
+ *   1. ACTOR_TOKEN_SIGNING_KEY env var (hex-encoded, set by CLI for Docker)
+ *   2. File-based load/create (~/.vellum/protected/actor-token-signing-key)
  */
-export async function resolveSigningKey(): Promise<Buffer> {
-  const isContainerized = process.env.IS_CONTAINERIZED === "true";
-  const gatewayUrl = process.env.GATEWAY_INTERNAL_URL;
-
-  if (isContainerized && gatewayUrl) {
-    try {
-      const key = await fetchSigningKeyFromGateway();
-      // Persist locally so daemon restarts (where gateway returns 403) load from disk.
-      persistSigningKey(key);
-      return key;
-    } catch (err) {
-      if (err instanceof BootstrapAlreadyCompleted) {
-        // Gateway already bootstrapped (daemon restart) — load from disk.
-        return loadOrCreateSigningKey();
-      }
-      throw err;
+export function resolveSigningKey(): Buffer {
+  const envKey = process.env.ACTOR_TOKEN_SIGNING_KEY;
+  if (envKey) {
+    if (!/^[0-9a-f]{64}$/i.test(envKey)) {
+      throw new Error(
+        `Invalid ACTOR_TOKEN_SIGNING_KEY: expected 64 hex characters, got ${envKey.length} chars`,
+      );
     }
+    log.info("Signing key loaded from ACTOR_TOKEN_SIGNING_KEY env var");
+    return Buffer.from(envKey, "hex");
   }
 
-  // Local mode: use file-based load/create (unchanged behavior).
   return loadOrCreateSigningKey();
 }
 
@@ -246,7 +151,7 @@ export function isSigningKeyInitialized(): boolean {
 
 /**
  * Returns a short hex fingerprint of the current signing key.
- * Used by daemon_status to let clients detect instance switches.
+ * Used by assistant_status to let clients detect instance switches.
  */
 export function getSigningKeyFingerprint(): string {
   return createHash("sha256")

package/src/runtime/channel-readiness-service.ts

@@ -15,7 +15,6 @@ import type {
   ReadinessCheckResult,
   SetupStatus,
 } from "./channel-readiness-types.js";
-import { probeLocalGatewayHealth } from "./local-gateway-health.js";
 
 /** Remote check results are cached for 5 minutes before being considered stale. */
 export const REMOTE_TTL_MS = 5 * 60 * 1000;
@@ -82,7 +81,7 @@ const voiceProbe: ChannelProbe = {
     const hasPhone = !!resolveTwilioPhoneNumber();
     const ingress = checkIngress();
 
-    const checks: ReadinessCheckResult[] = [
+    return [
       check(
         "twilio_credentials",
         hasCreds,
@@ -97,20 +96,6 @@ const voiceProbe: ChannelProbe = {
       ),
       ingress,
     ];
-
-    if (ingress.passed) {
-      const gw = await probeLocalGatewayHealth();
-      checks.push(
-        check(
-          "gateway_health",
-          gw.healthy,
-          `Local gateway is serving requests at ${gw.target}`,
-          `Local gateway is not serving requests at ${gw.target}${gw.error ? `: ${gw.error}` : ""}`,
-        ),
-      );
-    }
-
-    return checks;
   },
 };
 

package/src/runtime/http-server.ts

@@ -106,6 +106,7 @@ import { handleServePage } from "./routes/app-routes.js";
 import { appRouteDefinitions } from "./routes/app-routes.js";
 import { approvalRouteDefinitions } from "./routes/approval-routes.js";
 import { attachmentRouteDefinitions } from "./routes/attachment-routes.js";
+import { handleGetAudio } from "./routes/audio-routes.js";
 import { avatarRouteDefinitions } from "./routes/avatar-routes.js";
 import { brainGraphRouteDefinitions } from "./routes/brain-graph-routes.js";
 import { btwRouteDefinitions } from "./routes/btw-routes.js";
@@ -144,16 +145,19 @@ import { handleGuardianRefresh } from "./routes/guardian-refresh-routes.js";
 import { hostBashRouteDefinitions } from "./routes/host-bash-routes.js";
 import { hostCuRouteDefinitions } from "./routes/host-cu-routes.js";
 import { hostFileRouteDefinitions } from "./routes/host-file-routes.js";
-import { handleHealth } from "./routes/identity-routes.js";
+import { handleHealth, handleReadyz } from "./routes/identity-routes.js";
 import { identityRouteDefinitions } from "./routes/identity-routes.js";
 import { slackChannelRouteDefinitions } from "./routes/integrations/slack/channel.js";
 import { slackShareRouteDefinitions } from "./routes/integrations/slack/share.js";
 import { telegramRouteDefinitions } from "./routes/integrations/telegram.js";
 import { twilioRouteDefinitions } from "./routes/integrations/twilio.js";
+import { vercelRouteDefinitions } from "./routes/integrations/vercel.js";
 import { inviteRouteDefinitions } from "./routes/invite-routes.js";
 import { logExportRouteDefinitions } from "./routes/log-export-routes.js";
 import { memoryItemRouteDefinitions } from "./routes/memory-item-routes.js";
+import { migrationRollbackRouteDefinitions } from "./routes/migration-rollback-routes.js";
 import { migrationRouteDefinitions } from "./routes/migration-routes.js";
+import { notificationRouteDefinitions } from "./routes/notification-routes.js";
 import { oauthAppsRouteDefinitions } from "./routes/oauth-apps.js";
 import type { PairingHandlerContext } from "./routes/pairing-routes.js";
 import {
@@ -172,10 +176,12 @@ import { surfaceContentRouteDefinitions } from "./routes/surface-content-routes.
 import { telemetryRouteDefinitions } from "./routes/telemetry-routes.js";
 import { traceEventRouteDefinitions } from "./routes/trace-event-routes.js";
 import { trustRulesRouteDefinitions } from "./routes/trust-rules-routes.js";
+import { ttsRouteDefinitions } from "./routes/tts-routes.js";
 import { upgradeBroadcastRouteDefinitions } from "./routes/upgrade-broadcast-routes.js";
 import { usageRouteDefinitions } from "./routes/usage-routes.js";
 import { watchRouteDefinitions } from "./routes/watch-routes.js";
 import { workItemRouteDefinitions } from "./routes/work-items-routes.js";
+import { workspaceCommitRouteDefinitions } from "./routes/workspace-commit-routes.js";
 import { workspaceRouteDefinitions } from "./routes/workspace-routes.js";
 
 // Re-export for consumers
@@ -464,7 +470,10 @@ export class RuntimeHttpServer {
     server.timeout(req, 1800);
     // Skip request logging for health-check probes to reduce log noise.
     const url = new URL(req.url);
-    if (url.pathname === "/healthz" && req.method === "GET") {
+    if (
+      (url.pathname === "/healthz" || url.pathname === "/readyz") &&
+      req.method === "GET"
+    ) {
       return this.routeRequest(req, server);
     }
     return withRequestLogging(req, () => this.routeRequest(req, server));
@@ -481,6 +490,10 @@ export class RuntimeHttpServer {
       return handleHealth();
     }
 
+    if (path === "/readyz" && req.method === "GET") {
+      return handleReadyz();
+    }
+
     // WebSocket upgrade for the Chrome extension browser relay.
     if (
       path === "/v1/browser-relay" &&
@@ -503,6 +516,13 @@ export class RuntimeHttpServer {
     const twilioResponse = await this.handleTwilioWebhook(req, path);
     if (twilioResponse) return twilioResponse;
 
+    // Audio serving endpoint — before auth check because Twilio
+    // fetches these URLs directly. The audioId is an unguessable UUID.
+    const audioMatch = path.match(/^\/v1\/audio\/([^/]+)$/);
+    if (audioMatch && req.method === "GET") {
+      return handleGetAudio(audioMatch[1]);
+    }
+
     // Pairing endpoints (unauthenticated, secret-gated)
     if (path === "/v1/pairing/request" && req.method === "POST") {
       return await handlePairingRequest(req, this.pairingContext);
@@ -920,6 +940,8 @@ export class RuntimeHttpServer {
       }),
       ...identityRouteDefinitions(),
       ...upgradeBroadcastRouteDefinitions(),
+      ...workspaceCommitRouteDefinitions(),
+      ...migrationRollbackRouteDefinitions(),
       ...debugRouteDefinitions(),
       ...usageRouteDefinitions(),
       ...telemetryRouteDefinitions(),
@@ -931,6 +953,7 @@ export class RuntimeHttpServer {
       ...scheduleRouteDefinitions({
         sendMessageDeps: this.sendMessageDeps,
       }),
+      ...notificationRouteDefinitions(),
       ...diagnosticsRouteDefinitions(),
       ...logExportRouteDefinitions(),
       ...documentRouteDefinitions(),
@@ -961,6 +984,7 @@ export class RuntimeHttpServer {
             }
           : undefined,
       }),
+      ...ttsRouteDefinitions(),
 
       // Browser relay — not extracted into a domain module because
       // these two routes depend on the in-process extensionRelayServer
@@ -1165,6 +1189,7 @@ export class RuntimeHttpServer {
       ...slackChannelRouteDefinitions(),
       ...slackShareRouteDefinitions(),
       ...twilioRouteDefinitions(),
+      ...vercelRouteDefinitions(),
       ...channelReadinessRouteDefinitions(),
       ...oauthAppsRouteDefinitions(),
       ...attachmentRouteDefinitions(),

package/src/runtime/middleware/error-handler.ts

@@ -4,7 +4,6 @@
 
 import {
   ConfigError,
-  IngressBlockedError,
   ProviderNotConfiguredError,
 } from "../../util/errors.js";
 import { getLogger } from "../../util/logger.js";
@@ -14,7 +13,7 @@ const log = getLogger("runtime-http");
 
 /**
  * Wrap an async endpoint handler with standard error handling.
- * Catches IngressBlockedError (422), ConfigError (422), and generic errors (500).
+ * Catches ConfigError (422) and generic errors (500).
  */
 export async function withErrorHandling(
   endpoint: string,
@@ -23,13 +22,6 @@ export async function withErrorHandling(
   try {
     return await handler();
   } catch (err) {
-    if (err instanceof IngressBlockedError) {
-      log.warn(
-        { endpoint, detectedTypes: err.detectedTypes },
-        "Blocked HTTP request containing secrets",
-      );
-      return httpError("UNPROCESSABLE_ENTITY", err.message, 422);
-    }
     if (err instanceof ProviderNotConfiguredError) {
       log.warn({ err, endpoint }, "No LLM provider configured");
       return httpError(