@vellumai/assistant 0.5.6 → 0.5.8

package/src/memory/search/lexical.ts

@@ -1,48 +0,0 @@
-import { and, desc, eq, inArray, notInArray } from "drizzle-orm";
-
-import { getDb } from "../db.js";
-import { memorySegments } from "../schema.js";
-import { computeRecencyScore } from "./ranking.js";
-import type { Candidate, CandidateType } from "./types.js";
-
-export function recencySearch(
-  conversationId: string,
-  limit: number,
-  excludedMessageIds: string[] = [],
-  scopeIds?: string[],
-): Candidate[] {
-  if (!conversationId || limit <= 0) return [];
-  const db = getDb();
-  const conditions = [eq(memorySegments.conversationId, conversationId)];
-  if (excludedMessageIds.length > 0) {
-    conditions.push(notInArray(memorySegments.messageId, excludedMessageIds));
-  }
-  if (scopeIds && scopeIds.length > 0) {
-    conditions.push(inArray(memorySegments.scopeId, scopeIds));
-  }
-  const whereClause =
-    conditions.length > 1 ? and(...conditions) : conditions[0];
-  const rows = db
-    .select()
-    .from(memorySegments)
-    .where(whereClause)
-    .orderBy(desc(memorySegments.createdAt))
-    .limit(limit)
-    .all();
-  return rows.map((row) => ({
-    key: `segment:${row.id}`,
-    type: "segment" as CandidateType,
-    id: row.id,
-    source: "recency",
-    text: row.text,
-    kind: "segment",
-    conversationId: row.conversationId,
-    messageId: row.messageId,
-    confidence: 0.55,
-    importance: 0.5,
-    createdAt: row.createdAt,
-    semantic: 0,
-    recency: computeRecencyScore(row.createdAt),
-    finalScore: 0,
-  }));
-}

package/src/providers/failover.ts

@@ -1,186 +0,0 @@
-import { ProviderError } from "../util/errors.js";
-import { getLogger } from "../util/logger.js";
-import type {
-  Message,
-  Provider,
-  ProviderResponse,
-  SendMessageOptions,
-  ToolDefinition,
-} from "./types.js";
-
-const log = getLogger("failover");
-
-const DEFAULT_COOLDOWN_MS = 60_000;
-
-interface ProviderHealth {
-  unhealthySince: number | null;
-}
-
-/**
- * Determine whether an error should trigger failover to the next provider.
- * Connection errors, auth errors, and 5xx server errors trigger failover.
- * 4xx client errors do NOT trigger failover (except 429 rate limit).
- */
-function isFailoverError(error: unknown): boolean {
-  if (error instanceof ProviderError && error.statusCode !== undefined) {
-    // 429 rate limit — try next provider
-    if (error.statusCode === 429) return true;
-    // 5xx server errors — try next provider
-    if (error.statusCode >= 500) return true;
-    // Other 4xx — don't failover (bad request, auth with wrong format, etc.)
-    return false;
-  }
-
-  // Network errors — try next provider
-  if (error instanceof Error) {
-    const code = (error as NodeJS.ErrnoException).code;
-    if (
-      code === "ECONNRESET" ||
-      code === "ECONNREFUSED" ||
-      code === "ETIMEDOUT" ||
-      code === "EPIPE"
-    ) {
-      return true;
-    }
-    if (error.cause instanceof Error) {
-      const causeCode = (error.cause as NodeJS.ErrnoException).code;
-      if (
-        causeCode === "ECONNRESET" ||
-        causeCode === "ECONNREFUSED" ||
-        causeCode === "ETIMEDOUT" ||
-        causeCode === "EPIPE"
-      ) {
-        return true;
-      }
-    }
-  }
-
-  // ProviderError without a status code = connection/unknown failure
-  if (error instanceof ProviderError && error.statusCode === undefined) {
-    return true;
-  }
-
-  return false;
-}
-
-export interface ProviderHealthStatus {
-  name: string;
-  healthy: boolean;
-  unhealthySince: string | null;
-}
-
-export class FailoverProvider implements Provider {
-  public readonly name: string;
-  private readonly healthMap = new Map<string, ProviderHealth>();
-
-  constructor(
-    private readonly providers: Provider[],
-    private readonly cooldownMs: number = DEFAULT_COOLDOWN_MS,
-  ) {
-    if (providers.length === 0) {
-      throw new Error("FailoverProvider requires at least one provider");
-    }
-    this.name = providers[0].name;
-    for (const p of providers) {
-      this.healthMap.set(p.name, { unhealthySince: null });
-    }
-  }
-
-  async sendMessage(
-    messages: Message[],
-    tools?: ToolDefinition[],
-    systemPrompt?: string,
-    options?: SendMessageOptions,
-  ): Promise<ProviderResponse> {
-    let lastError: unknown;
-
-    for (const provider of this.providers) {
-      const health = this.healthMap.get(provider.name)!;
-      const now = Date.now();
-
-      // Skip providers that are still in cooldown
-      if (health.unhealthySince != null) {
-        const elapsed = now - health.unhealthySince;
-        if (elapsed < this.cooldownMs) {
-          log.debug(
-            {
-              provider: provider.name,
-              cooldownRemainingMs: this.cooldownMs - elapsed,
-            },
-            "Skipping unhealthy provider (in cooldown)",
-          );
-          continue;
-        }
-        // Cooldown expired — give it another chance
-        log.info(
-          { provider: provider.name },
-          "Provider cooldown expired, retrying",
-        );
-      }
-
-      try {
-        const response = await provider.sendMessage(
-          messages,
-          tools,
-          systemPrompt,
-          options,
-        );
-        // Success — mark healthy
-        if (health.unhealthySince != null) {
-          log.info(
-            { provider: provider.name },
-            "Provider recovered, marking healthy",
-          );
-          health.unhealthySince = null;
-        }
-        return {
-          ...response,
-          actualProvider: response.actualProvider ?? provider.name,
-        };
-      } catch (error) {
-        lastError = error;
-
-        if (isFailoverError(error)) {
-          health.unhealthySince = Date.now();
-          log.warn(
-            {
-              provider: provider.name,
-              error: error instanceof Error ? error.message : String(error),
-              statusCode:
-                error instanceof ProviderError ? error.statusCode : undefined,
-            },
-            "Provider failed, marked unhealthy",
-          );
-          continue;
-        }
-
-        // Non-failover error (e.g. 400 bad request) — don't try other providers
-        throw error;
-      }
-    }
-
-    // All providers exhausted
-    throw (
-      lastError ??
-      new ProviderError(
-        "All configured providers are unavailable",
-        this.name,
-        undefined,
-      )
-    );
-  }
-
-  getHealthStatus(): ProviderHealthStatus[] {
-    return this.providers.map((p) => {
-      const health = this.healthMap.get(p.name)!;
-      return {
-        name: p.name,
-        healthy: health.unhealthySince == null,
-        unhealthySince:
-          health.unhealthySince != null
-            ? new Date(health.unhealthySince).toISOString()
-            : null,
-      };
-    });
-  }
-}

package/src/runtime/local-gateway-health.ts

@@ -1,275 +0,0 @@
-import { getGatewayInternalBaseUrl } from "../config/env.js";
-import { getBaseDataDir, getIsContainerized } from "../config/env-registry.js";
-import { readLockfile } from "../util/platform.js";
-import { sleep } from "../util/retry.js";
-
-const DEFAULT_PROBE_TIMEOUT_MS = 2_000;
-const DEFAULT_RECOVERY_POLL_TIMEOUT_MS = 30_000;
-const DEFAULT_RECOVERY_POLL_INTERVAL_MS = 250;
-const DEFAULT_WAKE_TIMEOUT_MS = 90_000;
-
-interface LockfileAssistantEntry {
-  assistantId?: string;
-  cloud?: string;
-  hatchedAt?: string | number | Date;
-}
-
-export interface WakeCommandResult {
-  exitCode: number;
-  stdout: string;
-  stderr: string;
-}
-
-export interface LocalGatewayHealthResult {
-  target: string;
-  healthy: boolean;
-  localDeployment: boolean;
-  error?: string;
-}
-
-export interface EnsureLocalGatewayReadyResult extends LocalGatewayHealthResult {
-  recovered: boolean;
-  recoveryAttempted: boolean;
-  recoverySkipped: boolean;
-}
-
-export interface ProbeLocalGatewayHealthOptions {
-  timeoutMs?: number;
-  fetchImpl?: typeof fetch;
-}
-
-export interface EnsureLocalGatewayReadyOptions extends ProbeLocalGatewayHealthOptions {
-  pollTimeoutMs?: number;
-  pollIntervalMs?: number;
-  wakeTimeoutMs?: number;
-  runWakeCommand?: () => Promise<WakeCommandResult>;
-  sleepImpl?: (ms: number) => Promise<void>;
-}
-
-function getLatestAssistantEntry(): LockfileAssistantEntry | null {
-  try {
-    const lockData = readLockfile();
-    const assistants = lockData?.assistants;
-    if (!Array.isArray(assistants) || assistants.length === 0) {
-      return null;
-    }
-
-    const sorted = [...assistants].sort((a, b) => {
-      const dateA = new Date(
-        (a as LockfileAssistantEntry).hatchedAt || 0,
-      ).getTime();
-      const dateB = new Date(
-        (b as LockfileAssistantEntry).hatchedAt || 0,
-      ).getTime();
-      return dateB - dateA;
-    });
-
-    return (sorted[0] as LockfileAssistantEntry) ?? null;
-  } catch {
-    return null;
-  }
-}
-
-function resolveLocalDeployment(): boolean {
-  if (getIsContainerized()) {
-    return false;
-  }
-
-  const latestAssistant = getLatestAssistantEntry();
-  if (typeof latestAssistant?.cloud === "string") {
-    return latestAssistant.cloud === "local";
-  }
-
-  return true;
-}
-
-/**
- * Derive instance name from BASE_DATA_DIR which follows the multi-instance
- * path pattern (~/.local/share/vellum/assistants/<name>/).
- */
-function resolveInstanceNameFromBaseDataDir(): string | undefined {
-  const base = getBaseDataDir();
-  if (!base || typeof base !== "string") return undefined;
-
-  const normalized = base.replace(/\\/g, "/").replace(/\/+$/, "");
-  const match = normalized.match(/\/assistants\/([^/]+)$/);
-  if (match) return match[1];
-  return undefined;
-}
-
-function resolveLocalAssistantName(): string | undefined {
-  const fromPath = resolveInstanceNameFromBaseDataDir();
-  if (fromPath) return fromPath;
-
-  const latestAssistant = getLatestAssistantEntry();
-  if (
-    latestAssistant &&
-    typeof latestAssistant.assistantId === "string" &&
-    latestAssistant.assistantId.trim().length > 0
-  ) {
-    return latestAssistant.assistantId.trim();
-  }
-
-  return undefined;
-}
-
-function formatError(err: unknown): string {
-  return err instanceof Error ? err.message : String(err);
-}
-
-async function runDefaultWakeCommand(
-  timeoutMs: number,
-): Promise<WakeCommandResult> {
-  const assistantName = resolveLocalAssistantName();
-  const command = assistantName
-    ? ["vellum", "wake", assistantName]
-    : ["vellum", "wake"];
-
-  // Only when the assistant name came from the instance path (e.g.
-  // ~/.local/share/vellum/assistants/<name>/), unset BASE_DATA_DIR so the
-  // spawned CLI reads the global lockfile. When the name came from the
-  // lockfile, keep BASE_DATA_DIR — vellum wake resolves names through the
-  // lockfile rooted at BASE_DATA_DIR, so clearing it would read the wrong
-  // lockfile (e.g. $HOME) and fail or wake the wrong assistant.
-  const fromInstancePath = resolveInstanceNameFromBaseDataDir();
-  const env =
-    fromInstancePath && getBaseDataDir()
-      ? { ...process.env, BASE_DATA_DIR: undefined }
-      : process.env;
-
-  return new Promise((resolve, reject) => {
-    const proc = Bun.spawn(command, {
-      stdout: "pipe",
-      stderr: "pipe",
-      env: {
-        ...env,
-        PATH: [env.PATH, "/opt/homebrew/bin", "/usr/local/bin"]
-          .filter(Boolean)
-          .join(":"),
-      },
-    });
-    const timer = setTimeout(() => {
-      proc.kill();
-      reject(
-        new Error(`Process timed out after ${timeoutMs}ms: ${command[0]}`),
-      );
-    }, timeoutMs);
-    proc.exited.then(async (exitCode) => {
-      clearTimeout(timer);
-      const stdout = await new Response(proc.stdout).text();
-      const stderr = await new Response(proc.stderr).text();
-      resolve({ exitCode, stdout, stderr });
-    });
-  });
-}
-
-export async function probeLocalGatewayHealth(
-  options: ProbeLocalGatewayHealthOptions = {},
-): Promise<LocalGatewayHealthResult> {
-  const target = getGatewayInternalBaseUrl();
-  const localDeployment = resolveLocalDeployment();
-  const fetchImpl = options.fetchImpl ?? fetch;
-  const timeoutMs = options.timeoutMs ?? DEFAULT_PROBE_TIMEOUT_MS;
-
-  try {
-    const response = await fetchImpl(`${target}/healthz`, {
-      method: "GET",
-      signal: AbortSignal.timeout(timeoutMs),
-    });
-    if (!response.ok) {
-      return {
-        target,
-        healthy: false,
-        localDeployment,
-        error: `Gateway health check returned HTTP ${response.status}`,
-      };
-    }
-
-    return {
-      target,
-      healthy: true,
-      localDeployment,
-    };
-  } catch (err) {
-    return {
-      target,
-      healthy: false,
-      localDeployment,
-      error: formatError(err),
-    };
-  }
-}
-
-export async function ensureLocalGatewayReady(
-  options: EnsureLocalGatewayReadyOptions = {},
-): Promise<EnsureLocalGatewayReadyResult> {
-  const initialProbe = await probeLocalGatewayHealth(options);
-  if (initialProbe.healthy) {
-    return {
-      ...initialProbe,
-      recovered: false,
-      recoveryAttempted: false,
-      recoverySkipped: false,
-    };
-  }
-
-  if (!initialProbe.localDeployment) {
-    return {
-      ...initialProbe,
-      recovered: false,
-      recoveryAttempted: false,
-      recoverySkipped: true,
-      error:
-        initialProbe.error ??
-        "Skipped gateway recovery because this assistant is not locally managed",
-    };
-  }
-
-  const runWakeCommand =
-    options.runWakeCommand ??
-    (() =>
-      runDefaultWakeCommand(options.wakeTimeoutMs ?? DEFAULT_WAKE_TIMEOUT_MS));
-  const sleepImpl = options.sleepImpl ?? sleep;
-  const pollTimeoutMs =
-    options.pollTimeoutMs ?? DEFAULT_RECOVERY_POLL_TIMEOUT_MS;
-  const pollIntervalMs =
-    options.pollIntervalMs ?? DEFAULT_RECOVERY_POLL_INTERVAL_MS;
-
-  let wakeError: string | undefined;
-  try {
-    const wakeResult = await runWakeCommand();
-    if (wakeResult.exitCode !== 0) {
-      const detail = wakeResult.stderr.trim() || wakeResult.stdout.trim();
-      wakeError = detail
-        ? `vellum wake exited with code ${wakeResult.exitCode}: ${detail}`
-        : `vellum wake exited with code ${wakeResult.exitCode}`;
-    }
-  } catch (err) {
-    wakeError = `Failed to run vellum wake: ${formatError(err)}`;
-  }
-
-  const deadline = Date.now() + pollTimeoutMs;
-  let probe = await probeLocalGatewayHealth(options);
-  while (!probe.healthy && Date.now() < deadline) {
-    await sleepImpl(pollIntervalMs);
-    probe = await probeLocalGatewayHealth(options);
-  }
-
-  if (probe.healthy) {
-    return {
-      ...probe,
-      recovered: true,
-      recoveryAttempted: true,
-      recoverySkipped: false,
-    };
-  }
-
-  const combinedError = [wakeError, probe.error].filter(Boolean).join("; ");
-  return {
-    ...probe,
-    recovered: false,
-    recoveryAttempted: true,
-    recoverySkipped: false,
-    error: combinedError || undefined,
-  };
-}

package/src/security/secret-ingress.ts

@@ -1,68 +0,0 @@
-import { getConfig } from "../config/loader.js";
-import { getLogger } from "../util/logger.js";
-import { compileCustomPatterns, scanText } from "./secret-scanner.js";
-
-const log = getLogger("secret-ingress");
-
-export interface IngressCheckResult {
-  /** Whether the message should be blocked from entering the model context. */
-  blocked: boolean;
-  /** Secret types detected (empty if none). */
-  detectedTypes: string[];
-  /**
-   * User-facing notice explaining why the message was blocked.
-   * Does NOT echo the secret value — only describes what was found.
-   */
-  userNotice?: string;
-}
-
-/**
- * Scan inbound user text for secrets before it enters model context.
- *
- * When `secretDetection.blockIngress` is `true` (default), any message
- * containing a detected secret is rejected with a safe notice. This is
- * independent of `secretDetection.action`, which only controls how
- * secrets in tool *output* are handled.
- *
- * SECURITY: This function intentionally never logs the message content.
- */
-export function checkIngressForSecrets(content: string): IngressCheckResult {
-  const config = getConfig();
-  if (!config.secretDetection.enabled) {
-    return { blocked: false, detectedTypes: [] };
-  }
-
-  if (!config.secretDetection.blockIngress) {
-    return { blocked: false, detectedTypes: [] };
-  }
-
-  const entropyConfig = {
-    enabled: true,
-    base64Threshold: config.secretDetection.entropyThreshold,
-  };
-  const compiledCustom = config.secretDetection.customPatterns?.length
-    ? compileCustomPatterns(config.secretDetection.customPatterns)
-    : undefined;
-  const matches = scanText(content, entropyConfig, compiledCustom);
-
-  if (matches.length === 0) {
-    return { blocked: false, detectedTypes: [] };
-  }
-
-  const detectedTypes = [...new Set(matches.map((m) => m.type))];
-  log.warn(
-    { detectedTypes, matchCount: matches.length },
-    "Blocked inbound message containing secrets",
-  );
-
-  return {
-    blocked: true,
-    detectedTypes,
-    userNotice:
-      `Your message appears to contain sensitive information (${detectedTypes.join(
-        ", ",
-      )}). ` +
-      `For security, it was not sent to the AI. ` +
-      `Please use the secure credential prompt instead — the assistant will ask for secrets when it needs them.`,
-  };
-}