@vellumai/assistant 0.6.0 → 0.6.2

package/src/permissions/permission-mode-store.ts

@@ -0,0 +1,180 @@
+/**
+ * Singleton runtime store for the two-axis permission mode.
+ *
+ * Reads initial state from the `permissions` section of config.json on
+ * initialization and persists mutations back to the config file via the
+ * raw-config read/write helpers so env-var–derived keys are never leaked
+ * to disk.
+ *
+ * Downstream consumers (e.g. SSE broadcast) register change listeners
+ * via `onModeChanged()`.
+ */
+
+import {
+  invalidateConfigCache,
+  loadConfig,
+  loadRawConfig,
+  saveRawConfig,
+} from "../config/loader.js";
+import { getLogger } from "../util/logger.js";
+import type { PermissionMode } from "./permission-mode.js";
+import { DEFAULT_PERMISSION_MODE } from "./permission-mode.js";
+
+const log = getLogger("permission-mode-store");
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+export type ModeChangeListener = (mode: PermissionMode) => void;
+
+// ---------------------------------------------------------------------------
+// Module-level state
+// ---------------------------------------------------------------------------
+
+let currentMode: PermissionMode = { ...DEFAULT_PERMISSION_MODE };
+let initialized = false;
+const listeners: ModeChangeListener[] = [];
+
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
+
+function notifyListeners(): void {
+  const snapshot = { ...currentMode };
+  for (const listener of listeners) {
+    try {
+      listener(snapshot);
+    } catch (err) {
+      log.error({ err }, "Error in permission mode change listener");
+    }
+  }
+}
+
+/**
+ * Persist the current in-memory permission mode to config.json.
+ *
+ * Uses the raw-config pattern (loadRawConfig → mutate → saveRawConfig) so
+ * that env-var–derived fields (API keys, dataDir) are never written to disk.
+ */
+function persistToConfig(): void {
+  try {
+    const raw = loadRawConfig();
+
+    // Ensure the permissions object exists
+    if (
+      raw.permissions == null ||
+      typeof raw.permissions !== "object" ||
+      Array.isArray(raw.permissions)
+    ) {
+      raw.permissions = {};
+    }
+
+    const permissions = raw.permissions as Record<string, unknown>;
+    permissions.askBeforeActing = currentMode.askBeforeActing;
+    permissions.hostAccess = currentMode.hostAccess;
+
+    saveRawConfig(raw);
+
+    // Invalidate the cached config so the next loadConfig() picks up the
+    // persisted values rather than returning stale in-memory state.
+    invalidateConfigCache();
+  } catch (err) {
+    log.error({ err }, "Failed to persist permission mode to config");
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+/**
+ * Initialize the store from the current config. Safe to call multiple times;
+ * subsequent calls are no-ops unless `resetForTesting()` has been called.
+ */
+export function initPermissionModeStore(): void {
+  if (initialized) return;
+
+  try {
+    const config = loadConfig();
+    currentMode = {
+      askBeforeActing: config.permissions.askBeforeActing,
+      hostAccess: config.permissions.hostAccess,
+    };
+  } catch (err) {
+    log.warn(
+      { err },
+      "Failed to load permission mode from config; using defaults",
+    );
+    currentMode = { ...DEFAULT_PERMISSION_MODE };
+  }
+
+  initialized = true;
+}
+
+/**
+ * Return the current permission mode. Initializes from config on first call
+ * if `initPermissionModeStore()` hasn't been called yet.
+ */
+export function getMode(): PermissionMode {
+  if (!initialized) {
+    initPermissionModeStore();
+  }
+  return { ...currentMode };
+}
+
+/**
+ * Update the `askBeforeActing` axis. Persists to config.json and notifies
+ * change listeners.
+ */
+export function setAskBeforeActing(value: boolean): void {
+  if (!initialized) {
+    initPermissionModeStore();
+  }
+
+  if (currentMode.askBeforeActing === value) return;
+
+  currentMode.askBeforeActing = value;
+  persistToConfig();
+  notifyListeners();
+}
+
+/**
+ * Update the `hostAccess` axis. Persists to config.json and notifies
+ * change listeners.
+ */
+export function setHostAccess(value: boolean): void {
+  if (!initialized) {
+    initPermissionModeStore();
+  }
+
+  if (currentMode.hostAccess === value) return;
+
+  currentMode.hostAccess = value;
+  persistToConfig();
+  notifyListeners();
+}
+
+/**
+ * Register a callback that fires whenever the permission mode changes.
+ * Returns an unsubscribe function.
+ */
+export function onModeChanged(callback: ModeChangeListener): () => void {
+  listeners.push(callback);
+  return () => {
+    const idx = listeners.indexOf(callback);
+    if (idx >= 0) {
+      listeners.splice(idx, 1);
+    }
+  };
+}
+
+/**
+ * Reset the store to uninitialized state. **Test-only** — production code
+ * should never call this.
+ */
+export function resetForTesting(): void {
+  currentMode = { ...DEFAULT_PERMISSION_MODE };
+  initialized = false;
+  listeners.length = 0;
+}

package/src/permissions/permission-mode.ts

@@ -0,0 +1,31 @@
+import { z } from "zod";
+
+/**
+ * Two-axis permission model:
+ * - `askBeforeActing` — LLM behavior toggle: when true the assistant checks in
+ *   with the user before taking actions.
+ * - `hostAccess` — System-enforced gate: when true the assistant can execute
+ *   commands on the host machine without prompting.
+ */
+export type PermissionMode = {
+  askBeforeActing: boolean;
+  hostAccess: boolean;
+};
+
+export const DEFAULT_PERMISSION_MODE: PermissionMode = {
+  askBeforeActing: true,
+  hostAccess: false,
+};
+
+export const PermissionModeSchema = z.object({
+  askBeforeActing: z
+    .boolean({ error: "permissionMode.askBeforeActing must be a boolean" })
+    .default(true)
+    .describe("Whether the assistant should check in before taking actions"),
+  hostAccess: z
+    .boolean({ error: "permissionMode.hostAccess must be a boolean" })
+    .default(false)
+    .describe(
+      "Whether the assistant can execute commands on the host machine without prompting",
+    ),
+});

package/src/permissions/prompter.ts

@@ -58,7 +58,6 @@ export class PermissionPrompter {
       newContent: string;
       isNewFile: boolean;
     },
-    sandboxed?: boolean,
     conversationId?: string,
     executionTarget?: ExecutionTarget,
     persistentDecisionsAllowed?: boolean,
@@ -119,7 +118,6 @@ export class PermissionPrompter {
           scope: o.scope,
         })),
         diff,
-        sandboxed,
         conversationId,
         executionTarget,
         persistentDecisionsAllowed: persistentDecisionsAllowed ?? true,

package/src/permissions/workspace-policy.ts

@@ -74,8 +74,17 @@ const HOST_TOOLS = new Set([
   "host_file_write",
   "host_file_edit",
   "host_bash",
+  "computer_use_run_applescript",
 ]);
 
+/**
+ * Check whether a tool name is a host-level tool that requires the
+ * `hostAccess` permission to execute.
+ */
+export function isHostTool(toolName: string): boolean {
+  return HOST_TOOLS.has(toolName);
+}
+
 /** Safe local-only tools that are always workspace-scoped. */
 const ALWAYS_SCOPED_TOOLS = new Set([
   "skill_load",

package/src/platform/client.ts

@@ -2,7 +2,7 @@
  * Centralized platform API client.
  *
  * Owns managed proxy context resolution, prerequisite validation, and
- * authenticated fetch for all platform API calls that use Api-Key auth.
+ * authenticated fetch for all platform API calls.
  */
 
 import { getPlatformAssistantId } from "../config/env.js";

package/src/prompts/system-prompt.ts

@@ -8,15 +8,17 @@ import {
 } from "node:fs";
 import { join } from "node:path";
 
+import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
 import { getIsContainerized } from "../config/env-registry.js";
+import { loadConfig } from "../config/loader.js";
 import { listConnections } from "../oauth/oauth-store.js";
+import { getMode } from "../permissions/permission-mode-store.js";
 import { resolveBundledDir } from "../util/bundled-asset.js";
 import { getLogger } from "../util/logger.js";
 import {
   getConversationsDir,
   getWorkspaceDir,
   getWorkspacePromptPath,
-  isMacOS,
 } from "../util/platform.js";
 import { stripCommentLines } from "../util/strip-comment-lines.js";
 import { SYSTEM_PROMPT_CACHE_BOUNDARY } from "./cache-boundary.js";
@@ -86,6 +88,26 @@ export function ensurePromptFiles(): void {
         );
       }
     }
+
+    // Also seed BOOTSTRAP-REFERENCE.md (ui_show payloads read on-demand)
+    const refDest = getWorkspacePromptPath("BOOTSTRAP-REFERENCE.md");
+    if (!existsSync(refDest)) {
+      const refSrc = join(templatesDir, "BOOTSTRAP-REFERENCE.md");
+      try {
+        if (existsSync(refSrc)) {
+          copyFileSync(refSrc, refDest);
+          log.info(
+            { file: "BOOTSTRAP-REFERENCE.md", dest: refDest },
+            "Created BOOTSTRAP-REFERENCE.md for first-run onboarding",
+          );
+        }
+      } catch (err) {
+        log.warn(
+          { err, file: "BOOTSTRAP-REFERENCE.md" },
+          "Failed to create BOOTSTRAP-REFERENCE.md from template",
+        );
+      }
+    }
   }
 
   // Auto-delete stale BOOTSTRAP.md at startup.  The model is instructed to
@@ -100,6 +122,20 @@ export function ensurePromptFiles(): void {
       if (existsSync(convDir) && readdirSync(convDir).length > 0) {
         unlinkSync(bootstrapCleanup);
         log.info("Auto-deleted stale BOOTSTRAP.md — prior conversations exist");
+
+        // Also clean up the reference file
+        const refCleanup = getWorkspacePromptPath("BOOTSTRAP-REFERENCE.md");
+        if (existsSync(refCleanup)) {
+          try {
+            unlinkSync(refCleanup);
+            log.info("Auto-deleted stale BOOTSTRAP-REFERENCE.md");
+          } catch (err) {
+            log.warn(
+              { err },
+              "Failed to auto-delete stale BOOTSTRAP-REFERENCE.md",
+            );
+          }
+        }
       }
     } catch (err) {
       log.warn({ err }, "Failed to auto-delete stale BOOTSTRAP.md");
@@ -277,6 +313,9 @@ export function buildSystemPrompt(options?: BuildSystemPromptOptions): string {
   // Journal entries are extracted into graph nodes by the memory pipeline.
   // Journal files remain writable on disk.
 
+  const askBeforeActingSection = buildAskBeforeActingSection();
+  if (askBeforeActingSection) dynamicParts.push(askBeforeActingSection);
+
   const dynamic = dynamicParts.join("\n\n");
 
   return staticParts.join("\n\n") + SYSTEM_PROMPT_CACHE_BOUNDARY + dynamic;
@@ -319,12 +358,6 @@ function buildAccessPreferenceSection(hasNoClient: boolean): string {
     "## External Service Access",
     "",
     "Priority: (1) sandbox `bash` - install tools yourself, only fall back to host when you need local files/auth; (2) `host_bash` with CLIs (gh, aws, etc.) using --json flags; (3) browser automation as last resort (no API, visual interaction, or OAuth consent).",
-    ...(isMacOS()
-      ? [
-          "",
-          "On macOS, prefer osascript/CLI via `host_bash` over computer use tools, which take over the user's cursor. Use foreground computer use only when no scripting alternative exists or the user explicitly asks.",
-        ]
-      : []),
   ].join("\n");
 }
 
@@ -358,6 +391,25 @@ function buildIntegrationSection(): string {
   return lines.join("\n");
 }
 
+function buildAskBeforeActingSection(): string | null {
+  try {
+    const config = loadConfig();
+    if (!isAssistantFeatureFlagEnabled("permission-controls-v2", config)) {
+      return null;
+    }
+    const mode = getMode();
+    if (!mode.askBeforeActing) return null;
+
+    return [
+      "## Action Confirmation Mode",
+      "",
+      'You are in "Ask before acting" mode. Use your judgment about when to check in with the user before proceeding. You should ask for confirmation before actions that are costly, time-consuming, or hard to reverse — for example: sending emails or messages, deleting files or data, making purchases, posting publicly, modifying permissions, or taking actions with significant real-world consequences. You do NOT need to ask before routine low-stakes actions like reading files, searching, running safe shell commands, or making code edits — just do those.',
+    ].join("\n");
+  } catch {
+    return null;
+  }
+}
+
 function buildContainerizedSection(): string {
   const workspaceDir = getWorkspaceDir();
   return [

package/src/prompts/templates/BOOTSTRAP-REFERENCE.md

@@ -0,0 +1,100 @@
+_ Reference payloads for BOOTSTRAP.md onboarding. Read by the assistant when needed.
+_ This file is deleted alongside BOOTSTRAP.md when onboarding completes.
+
+## Personality Form
+
+Use this exact `ui_show` payload for Step 2 (Personality Quiz):
+
+ui_show({
+  surface_type: "form",
+  data: {
+    description: "Let's figure out how we work together. Pick what feels right.",
+    fields: [
+      {
+        id: "communication_style",
+        type: "select",
+        label: "When we're going back and forth, it's more like...",
+        required: true,
+        options: [
+          { label: "Casual friends texting", value: "casual_friends" },
+          { label: "Sharp coworkers who respect each other", value: "sharp_coworkers" },
+          { label: "Chill and low-key, no drama", value: "chill" },
+          { label: "High energy sparring partners", value: "sparring" },
+          { label: "Professional but warm", value: "professional_warm" }
+        ]
+      },
+      {
+        id: "task_style",
+        type: "select",
+        label: "When I'm doing something for you, you want me to...",
+        required: true,
+        options: [
+          { label: "Just do it, don't explain unless I ask", value: "just_do_it" },
+          { label: "Walk me through your thinking", value: "explain" },
+          { label: "Ask me before making big decisions", value: "check_first" },
+          { label: "Be opinionated, push back if you disagree", value: "opinionated" }
+        ]
+      },
+      {
+        id: "humor",
+        type: "select",
+        label: "When it comes to humor...",
+        required: true,
+        options: [
+          { label: "Dry and deadpan", value: "dry" },
+          { label: "Playful and light", value: "playful" },
+          { label: "Keep it professional", value: "professional" },
+          { label: "Match my energy", value: "match" }
+        ]
+      },
+      {
+        id: "depth",
+        type: "select",
+        label: "When explaining things...",
+        required: true,
+        options: [
+          { label: "Keep it simple", value: "simple" },
+          { label: "I like details", value: "detailed" },
+          { label: "Depends on the topic", value: "adaptive" }
+        ]
+      }
+    ],
+    submitLabel: "Lock it in"
+  }
+})
+
+## Task Card (Email Not Connected)
+
+Use this `ui_show` payload for Step 4 when Gmail/Outlook is NOT in the Connected Services section:
+
+ui_show({
+  surface_type: "card",
+  data: {
+    title: "Pick something. I'll do it right now.",
+    body: "These are real, not demos."
+  },
+  actions: [
+    { id: "relay_prompt", label: "Connect my email", data: { prompt: "I'd like to connect my Gmail or Outlook so you can help me manage my email and calendar" } },
+    { id: "relay_prompt", label: "Research a topic and make me a deck", data: { prompt: "I'd like you to research a topic for me and turn it into a visual deck" } },
+    { id: "relay_prompt", label: "Build me something", data: { prompt: "Help me build a simple interactive app or tool" } },
+    { id: "relay_prompt", label: "Do something with a photo", data: { prompt: "I have a photo I'd like you to analyze, edit, or create something from" } }
+  ]
+})
+
+## Task Card (Email Already Connected)
+
+Use this `ui_show` payload for Step 4 when Google or Outlook IS in the Connected Services section:
+
+ui_show({
+  surface_type: "card",
+  data: {
+    title: "Pick something. I'll do it right now.",
+    body: "These are real, not demos."
+  },
+  actions: [
+    { id: "relay_prompt", label: "Check my email", data: { prompt: "Check my email and calendar and give me a summary of what's going on" } },
+    { id: "relay_prompt", label: "Research a topic and make me a deck", data: { prompt: "I'd like you to research a topic for me and turn it into a visual deck" } },
+    { id: "relay_prompt", label: "Build me something", data: { prompt: "Help me build a simple interactive app or tool" } },
+    { id: "relay_prompt", label: "Do something with a photo", data: { prompt: "I have a photo I'd like you to analyze, edit, or create something from" } }
+  ]
+})