@vellumai/assistant 0.5.6 → 0.5.7

package/src/runtime/local-gateway-health.ts

@@ -1,275 +0,0 @@
-import { getGatewayInternalBaseUrl } from "../config/env.js";
-import { getBaseDataDir, getIsContainerized } from "../config/env-registry.js";
-import { readLockfile } from "../util/platform.js";
-import { sleep } from "../util/retry.js";
-
-const DEFAULT_PROBE_TIMEOUT_MS = 2_000;
-const DEFAULT_RECOVERY_POLL_TIMEOUT_MS = 30_000;
-const DEFAULT_RECOVERY_POLL_INTERVAL_MS = 250;
-const DEFAULT_WAKE_TIMEOUT_MS = 90_000;
-
-interface LockfileAssistantEntry {
-  assistantId?: string;
-  cloud?: string;
-  hatchedAt?: string | number | Date;
-}
-
-export interface WakeCommandResult {
-  exitCode: number;
-  stdout: string;
-  stderr: string;
-}
-
-export interface LocalGatewayHealthResult {
-  target: string;
-  healthy: boolean;
-  localDeployment: boolean;
-  error?: string;
-}
-
-export interface EnsureLocalGatewayReadyResult extends LocalGatewayHealthResult {
-  recovered: boolean;
-  recoveryAttempted: boolean;
-  recoverySkipped: boolean;
-}
-
-export interface ProbeLocalGatewayHealthOptions {
-  timeoutMs?: number;
-  fetchImpl?: typeof fetch;
-}
-
-export interface EnsureLocalGatewayReadyOptions extends ProbeLocalGatewayHealthOptions {
-  pollTimeoutMs?: number;
-  pollIntervalMs?: number;
-  wakeTimeoutMs?: number;
-  runWakeCommand?: () => Promise<WakeCommandResult>;
-  sleepImpl?: (ms: number) => Promise<void>;
-}
-
-function getLatestAssistantEntry(): LockfileAssistantEntry | null {
-  try {
-    const lockData = readLockfile();
-    const assistants = lockData?.assistants;
-    if (!Array.isArray(assistants) || assistants.length === 0) {
-      return null;
-    }
-
-    const sorted = [...assistants].sort((a, b) => {
-      const dateA = new Date(
-        (a as LockfileAssistantEntry).hatchedAt || 0,
-      ).getTime();
-      const dateB = new Date(
-        (b as LockfileAssistantEntry).hatchedAt || 0,
-      ).getTime();
-      return dateB - dateA;
-    });
-
-    return (sorted[0] as LockfileAssistantEntry) ?? null;
-  } catch {
-    return null;
-  }
-}
-
-function resolveLocalDeployment(): boolean {
-  if (getIsContainerized()) {
-    return false;
-  }
-
-  const latestAssistant = getLatestAssistantEntry();
-  if (typeof latestAssistant?.cloud === "string") {
-    return latestAssistant.cloud === "local";
-  }
-
-  return true;
-}
-
-/**
- * Derive instance name from BASE_DATA_DIR which follows the multi-instance
- * path pattern (~/.local/share/vellum/assistants/<name>/).
- */
-function resolveInstanceNameFromBaseDataDir(): string | undefined {
-  const base = getBaseDataDir();
-  if (!base || typeof base !== "string") return undefined;
-
-  const normalized = base.replace(/\\/g, "/").replace(/\/+$/, "");
-  const match = normalized.match(/\/assistants\/([^/]+)$/);
-  if (match) return match[1];
-  return undefined;
-}
-
-function resolveLocalAssistantName(): string | undefined {
-  const fromPath = resolveInstanceNameFromBaseDataDir();
-  if (fromPath) return fromPath;
-
-  const latestAssistant = getLatestAssistantEntry();
-  if (
-    latestAssistant &&
-    typeof latestAssistant.assistantId === "string" &&
-    latestAssistant.assistantId.trim().length > 0
-  ) {
-    return latestAssistant.assistantId.trim();
-  }
-
-  return undefined;
-}
-
-function formatError(err: unknown): string {
-  return err instanceof Error ? err.message : String(err);
-}
-
-async function runDefaultWakeCommand(
-  timeoutMs: number,
-): Promise<WakeCommandResult> {
-  const assistantName = resolveLocalAssistantName();
-  const command = assistantName
-    ? ["vellum", "wake", assistantName]
-    : ["vellum", "wake"];
-
-  // Only when the assistant name came from the instance path (e.g.
-  // ~/.local/share/vellum/assistants/<name>/), unset BASE_DATA_DIR so the
-  // spawned CLI reads the global lockfile. When the name came from the
-  // lockfile, keep BASE_DATA_DIR — vellum wake resolves names through the
-  // lockfile rooted at BASE_DATA_DIR, so clearing it would read the wrong
-  // lockfile (e.g. $HOME) and fail or wake the wrong assistant.
-  const fromInstancePath = resolveInstanceNameFromBaseDataDir();
-  const env =
-    fromInstancePath && getBaseDataDir()
-      ? { ...process.env, BASE_DATA_DIR: undefined }
-      : process.env;
-
-  return new Promise((resolve, reject) => {
-    const proc = Bun.spawn(command, {
-      stdout: "pipe",
-      stderr: "pipe",
-      env: {
-        ...env,
-        PATH: [env.PATH, "/opt/homebrew/bin", "/usr/local/bin"]
-          .filter(Boolean)
-          .join(":"),
-      },
-    });
-    const timer = setTimeout(() => {
-      proc.kill();
-      reject(
-        new Error(`Process timed out after ${timeoutMs}ms: ${command[0]}`),
-      );
-    }, timeoutMs);
-    proc.exited.then(async (exitCode) => {
-      clearTimeout(timer);
-      const stdout = await new Response(proc.stdout).text();
-      const stderr = await new Response(proc.stderr).text();
-      resolve({ exitCode, stdout, stderr });
-    });
-  });
-}
-
-export async function probeLocalGatewayHealth(
-  options: ProbeLocalGatewayHealthOptions = {},
-): Promise<LocalGatewayHealthResult> {
-  const target = getGatewayInternalBaseUrl();
-  const localDeployment = resolveLocalDeployment();
-  const fetchImpl = options.fetchImpl ?? fetch;
-  const timeoutMs = options.timeoutMs ?? DEFAULT_PROBE_TIMEOUT_MS;
-
-  try {
-    const response = await fetchImpl(`${target}/healthz`, {
-      method: "GET",
-      signal: AbortSignal.timeout(timeoutMs),
-    });
-    if (!response.ok) {
-      return {
-        target,
-        healthy: false,
-        localDeployment,
-        error: `Gateway health check returned HTTP ${response.status}`,
-      };
-    }
-
-    return {
-      target,
-      healthy: true,
-      localDeployment,
-    };
-  } catch (err) {
-    return {
-      target,
-      healthy: false,
-      localDeployment,
-      error: formatError(err),
-    };
-  }
-}
-
-export async function ensureLocalGatewayReady(
-  options: EnsureLocalGatewayReadyOptions = {},
-): Promise<EnsureLocalGatewayReadyResult> {
-  const initialProbe = await probeLocalGatewayHealth(options);
-  if (initialProbe.healthy) {
-    return {
-      ...initialProbe,
-      recovered: false,
-      recoveryAttempted: false,
-      recoverySkipped: false,
-    };
-  }
-
-  if (!initialProbe.localDeployment) {
-    return {
-      ...initialProbe,
-      recovered: false,
-      recoveryAttempted: false,
-      recoverySkipped: true,
-      error:
-        initialProbe.error ??
-        "Skipped gateway recovery because this assistant is not locally managed",
-    };
-  }
-
-  const runWakeCommand =
-    options.runWakeCommand ??
-    (() =>
-      runDefaultWakeCommand(options.wakeTimeoutMs ?? DEFAULT_WAKE_TIMEOUT_MS));
-  const sleepImpl = options.sleepImpl ?? sleep;
-  const pollTimeoutMs =
-    options.pollTimeoutMs ?? DEFAULT_RECOVERY_POLL_TIMEOUT_MS;
-  const pollIntervalMs =
-    options.pollIntervalMs ?? DEFAULT_RECOVERY_POLL_INTERVAL_MS;
-
-  let wakeError: string | undefined;
-  try {
-    const wakeResult = await runWakeCommand();
-    if (wakeResult.exitCode !== 0) {
-      const detail = wakeResult.stderr.trim() || wakeResult.stdout.trim();
-      wakeError = detail
-        ? `vellum wake exited with code ${wakeResult.exitCode}: ${detail}`
-        : `vellum wake exited with code ${wakeResult.exitCode}`;
-    }
-  } catch (err) {
-    wakeError = `Failed to run vellum wake: ${formatError(err)}`;
-  }
-
-  const deadline = Date.now() + pollTimeoutMs;
-  let probe = await probeLocalGatewayHealth(options);
-  while (!probe.healthy && Date.now() < deadline) {
-    await sleepImpl(pollIntervalMs);
-    probe = await probeLocalGatewayHealth(options);
-  }
-
-  if (probe.healthy) {
-    return {
-      ...probe,
-      recovered: true,
-      recoveryAttempted: true,
-      recoverySkipped: false,
-    };
-  }
-
-  const combinedError = [wakeError, probe.error].filter(Boolean).join("; ");
-  return {
-    ...probe,
-    recovered: false,
-    recoveryAttempted: true,
-    recoverySkipped: false,
-    error: combinedError || undefined,
-  };
-}

package/src/security/secret-ingress.ts

@@ -1,68 +0,0 @@
-import { getConfig } from "../config/loader.js";
-import { getLogger } from "../util/logger.js";
-import { compileCustomPatterns, scanText } from "./secret-scanner.js";
-
-const log = getLogger("secret-ingress");
-
-export interface IngressCheckResult {
-  /** Whether the message should be blocked from entering the model context. */
-  blocked: boolean;
-  /** Secret types detected (empty if none). */
-  detectedTypes: string[];
-  /**
-   * User-facing notice explaining why the message was blocked.
-   * Does NOT echo the secret value — only describes what was found.
-   */
-  userNotice?: string;
-}
-
-/**
- * Scan inbound user text for secrets before it enters model context.
- *
- * When `secretDetection.blockIngress` is `true` (default), any message
- * containing a detected secret is rejected with a safe notice. This is
- * independent of `secretDetection.action`, which only controls how
- * secrets in tool *output* are handled.
- *
- * SECURITY: This function intentionally never logs the message content.
- */
-export function checkIngressForSecrets(content: string): IngressCheckResult {
-  const config = getConfig();
-  if (!config.secretDetection.enabled) {
-    return { blocked: false, detectedTypes: [] };
-  }
-
-  if (!config.secretDetection.blockIngress) {
-    return { blocked: false, detectedTypes: [] };
-  }
-
-  const entropyConfig = {
-    enabled: true,
-    base64Threshold: config.secretDetection.entropyThreshold,
-  };
-  const compiledCustom = config.secretDetection.customPatterns?.length
-    ? compileCustomPatterns(config.secretDetection.customPatterns)
-    : undefined;
-  const matches = scanText(content, entropyConfig, compiledCustom);
-
-  if (matches.length === 0) {
-    return { blocked: false, detectedTypes: [] };
-  }
-
-  const detectedTypes = [...new Set(matches.map((m) => m.type))];
-  log.warn(
-    { detectedTypes, matchCount: matches.length },
-    "Blocked inbound message containing secrets",
-  );
-
-  return {
-    blocked: true,
-    detectedTypes,
-    userNotice:
-      `Your message appears to contain sensitive information (${detectedTypes.join(
-        ", ",
-      )}). ` +
-      `For security, it was not sent to the AI. ` +
-      `Please use the secure credential prompt instead — the assistant will ask for secrets when it needs them.`,
-  };
-}

package/src/swarm/backend-claude-code.ts

@@ -1,225 +0,0 @@
-/**
- * Claude Code worker backend for swarm execution.
- *
- * Extracted from the swarm delegate tool so backend construction
- * is testable and swappable independently of the tool adapter.
- */
-
-import { resolveModelIntent } from "../providers/model-intents.js";
-import type { ModelIntent } from "../providers/types.js";
-import { getProviderKeyAsync } from "../security/secure-keys.js";
-import { getLogger } from "../util/logger.js";
-import type {
-  SwarmWorkerBackend,
-  SwarmWorkerBackendInput,
-} from "./worker-backend.js";
-import { getProfilePolicy } from "./worker-backend.js";
-
-const log = getLogger("swarm-backend-claude-code");
-
-const MAX_CLAUDE_CODE_DEPTH = 1;
-const DEPTH_ENV_VAR = "VELLUM_CLAUDE_CODE_DEPTH";
-
-/**
- * Create a Claude Code worker backend that enforces profile-based tool policies.
- * Uses the Claude Agent SDK to run autonomous worker tasks.
- */
-export function createClaudeCodeBackend(): SwarmWorkerBackend {
-  return {
-    name: "claude_code",
-
-    async isAvailable(): Promise<boolean> {
-      const apiKey = await getProviderKeyAsync("anthropic");
-      return !!apiKey;
-    },
-
-    async runTask(input: SwarmWorkerBackendInput) {
-      const start = Date.now();
-      const stderrLines: string[] = [];
-      try {
-        const { query } = await import("@anthropic-ai/claude-agent-sdk");
-        const apiKey = await getProviderKeyAsync("anthropic");
-        if (!apiKey) {
-          return {
-            success: false,
-            output: "No API key",
-            failureReason: "backend_unavailable" as const,
-            durationMs: 0,
-          };
-        }
-
-        const profilePolicy = getProfilePolicy(input.profile);
-
-        // Enforce profile restrictions — swarm workers run autonomously so
-        // there is no user to prompt; denied tools are blocked, everything
-        // else is allowed.
-        const canUseTool: import("@anthropic-ai/claude-agent-sdk").CanUseTool =
-          async (toolName) => {
-            if (profilePolicy.deny.has(toolName)) {
-              log.debug(
-                { toolName, profile: input.profile },
-                "Swarm worker tool denied by profile",
-              );
-              return {
-                behavior: "deny" as const,
-                message: `Tool "${toolName}" is denied by profile "${input.profile}"`,
-              };
-            }
-            return { behavior: "allow" as const };
-          };
-
-        // Enforce nesting depth limit
-        const currentDepth = parseInt(process.env[DEPTH_ENV_VAR] ?? "0", 10);
-        if (currentDepth >= MAX_CLAUDE_CODE_DEPTH) {
-          log.warn(
-            { currentDepth, max: MAX_CLAUDE_CODE_DEPTH },
-            "Swarm worker nesting depth exceeded",
-          );
-          return {
-            success: false,
-            output: `Nesting depth exceeded (depth ${currentDepth}, max ${MAX_CLAUDE_CODE_DEPTH})`,
-            failureReason: "backend_unavailable" as const,
-            durationMs: Date.now() - start,
-          };
-        }
-
-        // Strip the SDK's nesting guard but set our own depth counter.
-        const subprocessEnv: Record<string, string | undefined> = {
-          ...process.env,
-          ANTHROPIC_API_KEY: apiKey,
-          [DEPTH_ENV_VAR]: String(currentDepth + 1),
-        };
-        delete subprocessEnv.CLAUDECODE;
-        delete subprocessEnv.CLAUDE_CODE_ENTRYPOINT;
-
-        const conversation = query({
-          prompt: input.prompt,
-          options: {
-            cwd: input.workingDir,
-            model: input.modelIntent
-              ? resolveModelIntent(
-                  "anthropic",
-                  input.modelIntent as ModelIntent,
-                )
-              : "claude-sonnet-4-6",
-            canUseTool,
-            permissionMode: "default",
-            maxTurns: 30,
-            env: subprocessEnv,
-            stderr: (data: string) => {
-              const trimmed = data.trimEnd();
-              if (trimmed) {
-                stderrLines.push(trimmed);
-                log.debug(
-                  { stderr: trimmed },
-                  "Swarm worker subprocess stderr",
-                );
-              }
-            },
-          },
-        });
-
-        let resultText = "";
-        let hasError = false;
-        for await (const message of conversation) {
-          if (input.signal?.aborted) break;
-          if (message.type === "assistant") {
-            if (message.error) {
-              log.error(
-                { error: message.error, conversationId: message.session_id },
-                "Swarm worker assistant message error",
-              );
-              hasError = true;
-              resultText += `\n[Claude Code error: ${message.error}]`;
-            }
-            if (message.message?.content) {
-              for (const block of message.message.content) {
-                if (block.type === "text") resultText += block.text;
-              }
-            }
-          } else if (message.type === "result") {
-            if (message.subtype === "success") {
-              log.info(
-                {
-                  numTurns: message.num_turns,
-                  durationMs: message.duration_ms,
-                  costUsd: message.total_cost_usd,
-                },
-                "Swarm worker completed",
-              );
-              if (message.result && !resultText) {
-                resultText = message.result;
-              }
-            } else {
-              hasError = true;
-              const errors = message.errors ?? [];
-              const denials = message.permission_denials ?? [];
-              log.error(
-                {
-                  subtype: message.subtype,
-                  errors,
-                  permissionDenials: denials.length,
-                  numTurns: message.num_turns,
-                  durationMs: message.duration_ms,
-                },
-                "Swarm worker session failed",
-              );
-
-              const parts: string[] = [
-                `[${message.subtype}] (${message.num_turns} turns, ${(
-                  message.duration_ms / 1000
-                ).toFixed(1)}s)`,
-              ];
-              if (errors.length > 0) parts.push(`Errors: ${errors.join("; ")}`);
-              if (denials.length > 0)
-                parts.push(
-                  `Permission denied: ${denials
-                    .map((d: { tool_name: string }) => d.tool_name)
-                    .join(", ")}`,
-                );
-              resultText += `\n${parts.join("\n")}`;
-            }
-          }
-        }
-
-        // Treat abort as non-retryable cancellation, not a retryable timeout
-        if (input.signal?.aborted) {
-          return {
-            success: false,
-            output: "Cancelled (aborted)",
-            failureReason: "cancelled" as const,
-            durationMs: Date.now() - start,
-          };
-        }
-
-        return {
-          success: !hasError,
-          output: resultText || "Completed",
-          durationMs: Date.now() - start,
-        };
-      } catch (err) {
-        const errMessage = err instanceof Error ? err.message : String(err);
-        const recentStderr = stderrLines.slice(-20);
-        log.error(
-          { err, stderrTail: recentStderr },
-          "Swarm worker execution failed",
-        );
-
-        const parts = [errMessage];
-        if (recentStderr.length > 0) {
-          parts.push(
-            `\nSubprocess stderr (last ${
-              recentStderr.length
-            } lines):\n${recentStderr.join("\n")}`,
-          );
-        }
-        return {
-          success: false,
-          output: parts.join(""),
-          failureReason: "backend_unavailable" as const,
-          durationMs: Date.now() - start,
-        };
-      }
-    },
-  };
-}

package/src/swarm/checkpoint.ts

@@ -1,137 +0,0 @@
-import {
-  existsSync,
-  mkdirSync,
-  readFileSync,
-  renameSync,
-  unlinkSync,
-  writeFileSync,
-} from "node:fs";
-import { dirname, join } from "node:path";
-
-import { getLogger } from "../util/logger.js";
-import { getRootDir } from "../util/platform.js";
-import type { SwarmPlan, SwarmTaskResult } from "./types.js";
-
-const log = getLogger("swarm-checkpoint");
-
-/** Only allow safe token characters in runId (alphanumeric, hyphens, underscores, dots). */
-const SAFE_RUN_ID = /^[a-zA-Z0-9._-]+$/;
-
-function assertSafeRunId(runId: string): void {
-  if (!SAFE_RUN_ID.test(runId)) {
-    throw new Error(
-      `Invalid runId: must match ${SAFE_RUN_ID} (got "${runId}")`,
-    );
-  }
-}
-
-export interface SwarmCheckpoint {
-  runId: string;
-  objective: string;
-  /** Serialized plan for integrity verification on resume. */
-  planTaskIds: string[];
-  /** Stringified task dependency map for structural integrity on resume. */
-  planHash: string;
-  results: SwarmTaskResult[];
-  /** Set of task IDs whose dependents were blocked due to failure. */
-  blockedTaskIds: string[];
-  updatedAt: string;
-}
-
-function getCheckpointDir(): string {
-  return join(getRootDir(), "swarm-checkpoints");
-}
-
-function getCheckpointPath(runId: string): string {
-  assertSafeRunId(runId);
-  return join(getCheckpointDir(), `${runId}.json`);
-}
-
-/**
- * Deterministic fingerprint of a plan's structure: objective, task IDs,
- * roles, and dependency edges. Two plans with the same hash are structurally
- * identical and safe to resume from.
- */
-function computePlanHash(plan: SwarmPlan): string {
-  const parts = plan.tasks.map(
-    (t) => `${t.id}:${t.role}:${[...t.dependencies].sort().join(",")}`,
-  );
-  return `${plan.objective}|${parts.sort().join("|")}`;
-}
-
-/** Persist the current swarm progress to disk. */
-export function writeCheckpoint(
-  runId: string,
-  plan: SwarmPlan,
-  results: Map<string, SwarmTaskResult>,
-  blockedTaskIds: Set<string>,
-): void {
-  try {
-    const path = getCheckpointPath(runId);
-    const checkpoint: SwarmCheckpoint = {
-      runId,
-      objective: plan.objective,
-      planTaskIds: plan.tasks.map((t) => t.id),
-      planHash: computePlanHash(plan),
-      results: Array.from(results.values()),
-      blockedTaskIds: Array.from(blockedTaskIds),
-      updatedAt: new Date().toISOString(),
-    };
-
-    mkdirSync(dirname(path), { recursive: true });
-    // Atomic-ish write: write to temp then rename to avoid partial reads
-    const tmpPath = path + ".tmp";
-    writeFileSync(tmpPath, JSON.stringify(checkpoint, null, 2) + "\n");
-    renameSync(tmpPath, path);
-  } catch (err) {
-    // Checkpoint failures should not crash the orchestrator
-    log.warn(
-      { runId, error: (err as Error).message },
-      "Failed to write checkpoint",
-    );
-  }
-}
-
-/** Load a checkpoint from disk, or null if none exists. */
-export function loadCheckpoint(runId: string): SwarmCheckpoint | null {
-  const path = getCheckpointPath(runId);
-  if (!existsSync(path)) return null;
-
-  try {
-    const data = readFileSync(path, "utf-8");
-    return JSON.parse(data) as SwarmCheckpoint;
-  } catch (err) {
-    log.warn(
-      { runId, error: (err as Error).message },
-      "Failed to read checkpoint, starting fresh",
-    );
-    return null;
-  }
-}
-
-/** Remove a checkpoint file after successful completion. */
-export function removeCheckpoint(runId: string): void {
-  const path = getCheckpointPath(runId);
-  try {
-    if (existsSync(path)) unlinkSync(path);
-  } catch {
-    // Best-effort cleanup
-  }
-}
-
-/**
- * Validate that a checkpoint matches the current plan.
- * Compares objective, task IDs, roles, and dependency structure via planHash.
- * Falls back to subset check for checkpoints written before planHash existed.
- */
-export function isCheckpointCompatible(
-  checkpoint: SwarmCheckpoint,
-  plan: SwarmPlan,
-): boolean {
-  if (checkpoint.planHash) {
-    return checkpoint.planHash === computePlanHash(plan);
-  }
-  // Legacy checkpoint without planHash — fall back to subset check
-  const planTaskIds = new Set(plan.tasks.map((t) => t.id));
-  return checkpoint.planTaskIds.every((id) => planTaskIds.has(id));
-}