@vellumai/assistant 0.5.6 → 0.5.7

package/src/runtime/routes/audio-routes.ts

@@ -0,0 +1,40 @@
+/**
+ * HTTP route handler for serving synthesized TTS audio.
+ *
+ * GET /v1/audio/:audioId — retrieve a previously stored audio segment.
+ *
+ * This endpoint is unauthenticated because Twilio fetches audio URLs
+ * directly; the audioId itself is an unguessable UUID that acts as a
+ * capability token.
+ */
+
+import { getAudio } from "../../calls/audio-store.js";
+import { httpError } from "../http-errors.js";
+
+/**
+ * Handle GET /v1/audio/:audioId.
+ *
+ * Returns the audio with its stored Content-Type. For complete audio,
+ * includes Content-Length for efficient playback. For in-progress
+ * streaming entries, uses chunked transfer encoding.
+ */
+export function handleGetAudio(audioId: string): Response {
+  const entry = getAudio(audioId);
+  if (!entry) {
+    return httpError("NOT_FOUND", "Audio not found", 404);
+  }
+  if (entry.type === "buffer") {
+    return new Response(new Uint8Array(entry.buffer), {
+      status: 200,
+      headers: {
+        "Content-Type": entry.contentType,
+        "Content-Length": entry.buffer.length.toString(),
+      },
+    });
+  }
+  // Streaming — Content-Length unknown, chunked transfer encoding
+  return new Response(entry.stream, {
+    status: 200,
+    headers: { "Content-Type": entry.contentType },
+  });
+}

package/src/runtime/routes/btw-routes.ts

@@ -15,7 +15,6 @@
 import { existsSync, readFileSync } from "node:fs";
 
 import { getConversationByKey } from "../../memory/conversation-key-store.js";
-import { checkIngressForSecrets } from "../../security/secret-ingress.js";
 import { getLogger } from "../../util/logger.js";
 import { getWorkspacePromptPath } from "../../util/platform.js";
 import type { AuthContext } from "../auth/types.js";
@@ -89,22 +88,6 @@ async function handleBtw(
   }
 
   const trimmedContent = content.trim();
-  const ingressCheck = checkIngressForSecrets(trimmedContent);
-  if (ingressCheck.blocked) {
-    log.warn(
-      { detectedTypes: ingressCheck.detectedTypes },
-      "Blocked /v1/btw message containing secrets",
-    );
-    return Response.json(
-      {
-        accepted: false,
-        error: "secret_blocked",
-        message: ingressCheck.userNotice,
-        detectedTypes: ingressCheck.detectedTypes,
-      },
-      { status: 422 },
-    );
-  }
 
   // ----- Identity intro fast-path -----
   // When the client requests the identity intro, check SOUL.md first (persisted

package/src/runtime/routes/conversation-query-routes.ts

@@ -12,13 +12,20 @@
  * PUT    /v1/config/embeddings          — set embedding provider/model
  * GET    /v1/config/permissions/skip    — dangerouslySkipPermissions status
  * PUT    /v1/config/permissions/skip    — toggle dangerouslySkipPermissions
+ * GET    /v1/config                     — full raw workspace config
+ * PATCH  /v1/config                     — deep-merge partial config
  * GET    /v1/conversations/search       — search conversations
  * GET    /v1/messages/:id/content       — full message content
  * GET    /v1/messages/:id/llm-context   — LLM request logs for a message
  * DELETE /v1/messages/queued/:id        — delete queued message
  */
 
-import { getConfig, loadRawConfig, saveRawConfig } from "../../config/loader.js";
+import {
+  deepMergeOverwrite,
+  getConfig,
+  loadRawConfig,
+  saveRawConfig,
+} from "../../config/loader.js";
 import { VALID_MEMORY_EMBEDDING_PROVIDERS } from "../../config/schemas/memory-storage.js";
 import { VALID_INFERENCE_PROVIDERS } from "../../config/schemas/services.js";
 import {
@@ -292,6 +299,61 @@ export function conversationQueryRouteDefinitions(
       },
     },
 
+    // ── Full config read ─────────────────────────────────────────────
+    {
+      endpoint: "config",
+      method: "GET",
+      policyKey: "config",
+      handler: () => {
+        try {
+          const raw = loadRawConfig();
+          return Response.json(raw);
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          return httpError(
+            "INTERNAL_ERROR",
+            `Failed to read config: ${message}`,
+            500,
+          );
+        }
+      },
+    },
+
+    // ── Generic config patch ──────────────────────────────────────────
+    {
+      endpoint: "config",
+      method: "PATCH",
+      policyKey: "config",
+      handler: async ({ req }) => {
+        const body = (await req.json()) as Record<string, unknown>;
+        if (
+          body == null ||
+          typeof body !== "object" ||
+          Array.isArray(body) ||
+          Object.keys(body).length === 0
+        ) {
+          return httpError(
+            "BAD_REQUEST",
+            "Body must be a non-empty JSON object",
+            400,
+          );
+        }
+        try {
+          const raw = loadRawConfig();
+          deepMergeOverwrite(raw, body);
+          saveRawConfig(raw);
+          return Response.json({ ok: true });
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          return httpError(
+            "INTERNAL_ERROR",
+            `Failed to patch config: ${message}`,
+            500,
+          );
+        }
+      },
+    },
+
     // ── Conversation search ───────────────────────────────────────────
     {
       endpoint: "conversations/search",

package/src/runtime/routes/conversation-routes.ts

@@ -56,7 +56,6 @@ import {
 import { searchConversations } from "../../memory/conversation-queries.js";
 import { getConfiguredProvider } from "../../providers/provider-send-message.js";
 import type { Provider } from "../../providers/types.js";
-import { checkIngressForSecrets } from "../../security/secret-ingress.js";
 import { getLogger } from "../../util/logger.js";
 import { silentlyWithLog } from "../../util/silently.js";
 import { buildAssistantEvent } from "../assistant-event.js";
@@ -637,7 +636,6 @@ export async function handleSendMessage(
     interface?: string;
     conversationType?: string;
     automated?: boolean;
-    bypassSecretCheck?: boolean;
   };
 
   const { conversationKey, content, attachmentIds } = body;
@@ -705,29 +703,6 @@ export async function handleSendMessage(
     }
   }
 
-  // Block inbound messages containing secrets before they reach the model.
-  // This mirrors the legacy handleUserMessage behavior: secrets are
-  // detected and the message is rejected with a safe notice. The client
-  // should prompt the user to use the secure credential flow instead.
-  if (trimmedContent.length > 0 && !body.bypassSecretCheck) {
-    const ingressCheck = checkIngressForSecrets(trimmedContent);
-    if (ingressCheck.blocked) {
-      log.warn(
-        { detectedTypes: ingressCheck.detectedTypes },
-        "Blocked user message containing secrets (POST /v1/messages)",
-      );
-      return Response.json(
-        {
-          accepted: false,
-          error: "secret_blocked",
-          message: ingressCheck.userNotice,
-          detectedTypes: ingressCheck.detectedTypes,
-        },
-        { status: 422 },
-      );
-    }
-  }
-
   if (!deps.sendMessageDeps) {
     return httpError(
       "SERVICE_UNAVAILABLE",
@@ -1259,12 +1234,12 @@ async function generateLlmSuggestion(
   const truncated =
     assistantText.length > 2000 ? assistantText.slice(-2000) : assistantText;
 
-  const prompt = `Given this assistant message, write a very short tab-complete suggestion (max 50 chars) the user could send next to keep the conversation going. Be casual, curious, or actionable — like a quick reply, not a formal request. Reply with ONLY the suggestion text.\n\nAssistant's message:\n${truncated}`;
+  const prompt = `Given this assistant message, write a very short tab-complete suggestion the user could send next to keep the conversation going. Be casual, curious, or actionable — like a quick reply, not a formal request. Reply with ONLY the suggestion text.\n\nAssistant's message:\n${truncated}`;
   const response = await provider.sendMessage(
     [{ role: "user", content: [{ type: "text", text: prompt }] }],
     [], // no tools
     undefined, // no system prompt
-    { config: { max_tokens: 40, modelIntent: "latency-optimized" } },
+    { config: { modelIntent: "latency-optimized" } },
   );
 
   const textBlock = response.content.find((b) => b.type === "text");
@@ -1276,7 +1251,7 @@ async function generateLlmSuggestion(
     return null;
   }
 
-  // Take first line only, then enforce the length cap
+  // Take first line only
   const firstLine = stripped.split("\n")[0].trim();
   if (!firstLine) {
     log.debug(
@@ -1285,22 +1260,7 @@ async function generateLlmSuggestion(
     );
     return null;
   }
-  if (firstLine.length <= 50) return firstLine;
-  // Truncate at last word boundary within 50 chars.
-  // Only strip the trailing partial word if the slice actually cut mid-word;
-  // if the character right after the cut is whitespace, the slice is already clean.
-  const sliced = firstLine.slice(0, 50);
-  const wordTruncated = (
-    /\s/.test(firstLine[50]) ? sliced : sliced.replace(/\s+\S*$/, "")
-  ).trim();
-  if (wordTruncated.length < 15) {
-    log.debug(
-      { rawLength: firstLine.length, truncatedLength: wordTruncated.length },
-      "Suggestion rejected: too short after word-boundary truncation",
-    );
-    return null;
-  }
-  return wordTruncated;
+  return firstLine;
 }
 
 export async function handleGetSuggestion(