@vellumai/assistant 0.6.1 → 0.6.3

package/src/cli/commands/credentials.ts

@@ -312,7 +312,7 @@ Examples:
           });
         }
 
-        // Build a lookup of oauth connections keyed by providerKey for enrichment.
+        // Build a lookup of oauth connections keyed by provider for enrichment.
         // listConnections() returns rows in no guaranteed order, so we compare
         // createdAt to keep the most recent active connection per provider —
         // matching the behaviour of getConnectionByProvider() used by inspect.
@@ -320,9 +320,9 @@ Examples:
         const connectionsByProvider = new Map<string, OAuthConnectionRow>();
         for (const conn of allConnections) {
           if (conn.status !== "active") continue;
-          const existing = connectionsByProvider.get(conn.providerKey);
+          const existing = connectionsByProvider.get(conn.provider);
           if (!existing || conn.createdAt > existing.createdAt) {
-            connectionsByProvider.set(conn.providerKey, conn);
+            connectionsByProvider.set(conn.provider, conn);
           }
         }
 

package/src/cli/commands/default-action.ts

@@ -5,10 +5,77 @@ import { shouldAutoStartDaemon } from "../../daemon/connection-policy.js";
 import { ensureDaemonRunning } from "../../daemon/lifecycle.js";
 
 export function registerDefaultAction(program: Command): void {
-  program.action(async () => {
+  program.action(async (_options: unknown, cmd: Command) => {
+    // Commander routes unknown subcommands to the root action as positional
+    // args instead of raising an error. Detect this case and fail with a
+    // helpful message so users don't silently get the interactive CLI when
+    // they mistype a command name.
+    if (cmd.args.length > 0) {
+      const unknown = cmd.args[0];
+      const available = cmd.commands.map((c) => c.name());
+      const suggestion = findClosestCommand(unknown, available);
+      const lines = [`unknown command '${unknown}'`];
+      if (suggestion) {
+        lines.push(`(Did you mean '${suggestion}'?)`);
+      }
+      lines.push(`Run 'assistant --help' to see a list of available commands.`);
+      cmd.error(lines.join("\n"), {
+        code: "commander.unknownCommand",
+        exitCode: 1,
+      });
+      return;
+    }
+
     if (shouldAutoStartDaemon()) {
       await ensureDaemonRunning();
     }
     await startCli();
   });
 }
+
+/**
+ * Find the closest matching command name using Levenshtein distance.
+ * Returns the best match if the distance is ≤ 40% of the longer string's
+ * length, otherwise returns undefined.
+ */
+function findClosestCommand(
+  input: string,
+  candidates: string[],
+): string | undefined {
+  let best: string | undefined;
+  let bestDist = Infinity;
+
+  for (const name of candidates) {
+    const dist = levenshtein(input.toLowerCase(), name.toLowerCase());
+    if (dist < bestDist) {
+      bestDist = dist;
+      best = name;
+    }
+  }
+
+  // Only suggest if the edit distance is at most 40% of the longer string
+  const maxLen = Math.max(input.length, best?.length ?? 0);
+  if (best && bestDist <= Math.ceil(maxLen * 0.4)) {
+    return best;
+  }
+  return undefined;
+}
+
+function levenshtein(a: string, b: string): number {
+  const m = a.length;
+  const n = b.length;
+  const dp: number[][] = Array.from({ length: m + 1 }, () =>
+    Array(n + 1).fill(0),
+  );
+  for (let i = 0; i <= m; i++) dp[i][0] = i;
+  for (let j = 0; j <= n; j++) dp[0][j] = j;
+  for (let i = 1; i <= m; i++) {
+    for (let j = 1; j <= n; j++) {
+      dp[i][j] =
+        a[i - 1] === b[j - 1]
+          ? dp[i - 1][j - 1]
+          : 1 + Math.min(dp[i - 1][j], dp[i][j - 1], dp[i - 1][j - 1]);
+    }
+  }
+  return dp[m][n];
+}

package/src/cli/commands/email.ts

@@ -2,6 +2,7 @@ import { readFileSync, writeFileSync } from "node:fs";
 
 import type { Command } from "commander";
 
+import { getAssistantDomain } from "../../config/env.js";
 import { VellumPlatformClient } from "../../platform/client.js";
 import { getCliLogger } from "../logger.js";
 import { shouldOutputJson, writeOutput } from "../output.js";
@@ -9,15 +10,19 @@ import { shouldOutputJson, writeOutput } from "../output.js";
 const log = getCliLogger("email");
 
 export function registerEmailCommand(program: Command): void {
+  const domain = getAssistantDomain();
   const email = program
     .command("email")
-    .description("Email channel operations")
+    .description(
+      `Get your own email address (@${domain}) — register, send, receive, and manage email natively`,
+    )
     .option("--json", "Machine-readable compact JSON output");
 
   email.addHelpText(
     "after",
     `
-Manage the assistant's email channel on the Vellum platform.
+Set up and manage this assistant's native email address on the Vellum
+platform. No third-party email provider or browser sign-up needed.
 
 Examples:
   $ assistant email register mybot
@@ -30,12 +35,12 @@ Examples:
 
   email
     .command("register <username>")
-    .description("Register an @vellum.me email address for this assistant")
+    .description(`Register an @${domain} email address for this assistant`)
     .addHelpText(
       "after",
       `
 Arguments:
-  username   The local part of the email address (e.g. "mybot" → mybot@vellum.me)
+  username   The local part of the email address (e.g. "mybot" → mybot@${domain})
 
 Registers a new email address on the Vellum platform for the current
 assistant. Each assistant can have one email address. The address is
@@ -43,10 +48,10 @@ immediately active for receiving inbound email.
 
 Examples:
   $ assistant email register mybot
-  ✓ Registered mybot@vellum.me
+  ✓ Registered mybot@${domain}
 
   $ assistant email register support --json
-  {"address":"support@vellum.me","id":"...","created_at":"..."}`,
+  {"address":"support@${domain}","id":"...","created_at":"..."}`,
     )
     .action(async (username: string, _opts: unknown, cmd: Command) => {
       try {
@@ -122,14 +127,14 @@ immediately available for reuse.
 
 Examples:
   $ assistant email unregister
-  Remove mybot@vellum.me? (y/N) y
-  ✓ Unregistered mybot@vellum.me
+  Remove mybot@${domain}? (y/N) y
+  ✓ Unregistered mybot@${domain}
 
   $ assistant email unregister --confirm
-  ✓ Unregistered mybot@vellum.me
+  ✓ Unregistered mybot@${domain}
 
   $ assistant email unregister --json
-  {"unregistered":"mybot@vellum.me"}`,
+  {"unregistered":"mybot@${domain}"}`,
     )
     .action(async (_opts: { confirm?: boolean }, cmd: Command) => {
       try {
@@ -222,12 +227,12 @@ current usage and quota information from the platform.
 
 Examples:
   $ assistant email status
-  Address: mybot@vellum.me
+  Address: mybot@${domain}
   Status:  active
   Sent:    12 / 100 (daily)
 
   $ assistant email status --json
-  {"address":"mybot@vellum.me","status":"active","usage":{"sent_today":12,"daily_limit":100}}`,
+  {"address":"mybot@${domain}","status":"active","usage":{"sent_today":12,"daily_limit":100}}`,
     )
     .action(async (_opts: unknown, cmd: Command) => {
       try {
@@ -446,7 +451,7 @@ or --format json for the full message object.
 Examples:
   $ assistant email download msg_abc123
   From:    user@example.com
-  To:      mybot@vellum.me
+  To:      mybot@${domain}
   Subject: Hello
   Date:    2026-04-05 12:00:00
 

package/src/cli/commands/mcp.ts

@@ -34,13 +34,25 @@ export async function checkServerHealth(
       }),
     ]);
 
-    if (!client.isConnected) {
-      return "! Needs authentication";
+    if (client.isConnected) {
+      await client.disconnect();
+      return "\u2713 Connected";
+    }
+
+    // connect() swallows errors — check lastError to distinguish auth from
+    // transport failures (DNS, TLS, 500, stdio crash, etc.).
+    const err = client.lastError;
+    if (err) {
+      const message = err.message;
+      if (message.includes("timeout")) {
+        return "\u2717 Timed out";
+      }
+      return `\u2717 Error: ${message}`;
     }
 
-    await client.disconnect();
-    return "\u2713 Connected";
+    return "! Needs authentication";
   } catch (err) {
+    // Only the external timeout Promise can throw here (connect() never does).
     try {
       await client.disconnect();
     } catch {

package/src/cli/commands/oauth/__tests__/connect.test.ts

@@ -264,9 +264,9 @@ describe("assistant oauth connect", () => {
 
   test("managed mode with --no-browser: prints connect URL", async () => {
     mockGetProvider = () => ({
-      providerKey: "google",
-      authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenUrl: "https://oauth2.googleapis.com/token",
+      provider: "google",
+      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
       managedServiceConfigKey: "google-oauth",
     });
     mockIsManagedMode = () => true;
@@ -301,9 +301,9 @@ describe("assistant oauth connect", () => {
 
   test("managed mode default: opens browser and polls for new connection", async () => {
     mockGetProvider = () => ({
-      providerKey: "google",
-      authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenUrl: "https://oauth2.googleapis.com/token",
+      provider: "google",
+      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
       managedServiceConfigKey: "google-oauth",
     });
     mockIsManagedMode = () => true;
@@ -357,9 +357,9 @@ describe("assistant oauth connect", () => {
 
   test("BYO mode with --no-browser: prints auth URL", async () => {
     mockGetProvider = () => ({
-      providerKey: "google",
-      authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenUrl: "https://oauth2.googleapis.com/token",
+      provider: "google",
+      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
       managedServiceConfigKey: null,
     });
     mockIsManagedMode = () => false;
@@ -368,7 +368,7 @@ describe("assistant oauth connect", () => {
       id: "app-1",
       clientId: "byo-client-id",
       clientSecretCredentialPath: "oauth_app/app-1/client_secret",
-      providerKey: "google",
+      provider: "google",
       createdAt: 0,
       updatedAt: 0,
     });
@@ -376,7 +376,7 @@ describe("assistant oauth connect", () => {
     mockOrchestrateOAuthConnect = async () => ({
       success: true,
       deferred: true,
-      authUrl: "https://accounts.google.com/o/oauth2/v2/auth?state=abc",
+      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth?state=abc",
       state: "abc",
       service: "google",
     });
@@ -403,9 +403,9 @@ describe("assistant oauth connect", () => {
 
   test("BYO mode default calls orchestrator with isInteractive: true", async () => {
     mockGetProvider = () => ({
-      providerKey: "google",
-      authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenUrl: "https://oauth2.googleapis.com/token",
+      provider: "google",
+      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
       managedServiceConfigKey: null,
     });
     mockIsManagedMode = () => false;
@@ -414,7 +414,7 @@ describe("assistant oauth connect", () => {
       id: "app-1",
       clientId: "test-id",
       clientSecretCredentialPath: "oauth_app/app-1/client_secret",
-      providerKey: "google",
+      provider: "google",
       createdAt: 0,
       updatedAt: 0,
     });
@@ -455,9 +455,9 @@ describe("assistant oauth connect", () => {
 
   test("BYO mode: missing app with --client-id returns error with hint", async () => {
     mockGetProvider = () => ({
-      providerKey: "google",
-      authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenUrl: "https://oauth2.googleapis.com/token",
+      provider: "google",
+      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
       managedServiceConfigKey: null,
     });
     mockIsManagedMode = () => false;
@@ -483,9 +483,9 @@ describe("assistant oauth connect", () => {
 
   test("BYO mode: no client_id found returns error with hint", async () => {
     mockGetProvider = () => ({
-      providerKey: "google",
-      authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenUrl: "https://oauth2.googleapis.com/token",
+      provider: "google",
+      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
       managedServiceConfigKey: null,
     });
     mockIsManagedMode = () => false;
@@ -509,9 +509,9 @@ describe("assistant oauth connect", () => {
 
   test("--client-id is silently ignored in managed mode", async () => {
     mockGetProvider = () => ({
-      providerKey: "google",
-      authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenUrl: "https://oauth2.googleapis.com/token",
+      provider: "google",
+      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
       managedServiceConfigKey: "google-oauth",
     });
     mockIsManagedMode = () => true;
@@ -547,9 +547,9 @@ describe("assistant oauth connect", () => {
 
   test("JSON output for deferred case includes ok, deferred, authUrl, service", async () => {
     mockGetProvider = () => ({
-      providerKey: "slack",
-      authUrl: "https://slack.com/oauth/v2/authorize",
-      tokenUrl: "https://slack.com/api/oauth.v2.access",
+      provider: "slack",
+      authorizeUrl: "https://slack.com/oauth/v2/authorize",
+      tokenExchangeUrl: "https://slack.com/api/oauth.v2.access",
       managedServiceConfigKey: null,
     });
     mockIsManagedMode = () => false;
@@ -558,7 +558,7 @@ describe("assistant oauth connect", () => {
       id: "app-slack",
       clientId: "slack-client-id",
       clientSecretCredentialPath: "oauth_app/app-slack/client_secret",
-      providerKey: "slack",
+      provider: "slack",
       createdAt: 0,
       updatedAt: 0,
     });
@@ -566,7 +566,7 @@ describe("assistant oauth connect", () => {
     mockOrchestrateOAuthConnect = async () => ({
       success: true,
       deferred: true,
-      authUrl: "https://slack.com/oauth/v2/authorize?state=xyz",
+      authorizeUrl: "https://slack.com/oauth/v2/authorize?state=xyz",
       state: "xyz",
       service: "slack",
     });
@@ -591,9 +591,9 @@ describe("assistant oauth connect", () => {
 
   test("JSON output for completed case includes ok, grantedScopes, accountInfo", async () => {
     mockGetProvider = () => ({
-      providerKey: "google",
-      authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenUrl: "https://oauth2.googleapis.com/token",
+      provider: "google",
+      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
       managedServiceConfigKey: null,
     });
     mockIsManagedMode = () => false;
@@ -602,7 +602,7 @@ describe("assistant oauth connect", () => {
       id: "app-1",
       clientId: "completed-client-id",
       clientSecretCredentialPath: "oauth_app/app-1/client_secret",
-      providerKey: "google",
+      provider: "google",
       createdAt: 0,
       updatedAt: 0,
     });
@@ -635,9 +635,9 @@ describe("assistant oauth connect", () => {
 
   test("BYO mode: client_secret required but missing returns error with hint", async () => {
     mockGetProvider = () => ({
-      providerKey: "google",
-      authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenUrl: "https://oauth2.googleapis.com/token",
+      provider: "google",
+      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
       tokenEndpointAuthMethod: "client_secret_post",
       managedServiceConfigKey: null,
       requiresClientSecret: 1,
@@ -648,7 +648,7 @@ describe("assistant oauth connect", () => {
       id: "app-1",
       clientId: "test-id",
       clientSecretCredentialPath: "oauth_app/app-1/client_secret",
-      providerKey: "google",
+      provider: "google",
       createdAt: 0,
       updatedAt: 0,
     });
@@ -668,15 +668,42 @@ describe("assistant oauth connect", () => {
     expect(parsed.error).toContain("apps upsert");
   });
 
+  // -------------------------------------------------------------------------
+  // Manual-token providers (slack_channel, telegram)
+  // -------------------------------------------------------------------------
+
+  test("manual-token provider returns error directing to credentials command", async () => {
+    mockGetProvider = () => ({
+      provider: "slack_channel",
+      authorizeUrl: "urn:manual-token",
+      tokenExchangeUrl: "urn:manual-token",
+      managedServiceConfigKey: null,
+    });
+    mockIsManagedMode = () => false;
+
+    const { exitCode, stdout } = await runCommand([
+      "connect",
+      "slack_channel",
+      "--json",
+    ]);
+    expect(exitCode).toBe(1);
+    const parsed = JSON.parse(stdout);
+    expect(parsed.ok).toBe(false);
+    expect(parsed.error).toContain("manual token configuration");
+    expect(parsed.error).toContain("assistant credentials set");
+    expect(parsed.error).toContain("--service");
+    expect(parsed.error).toContain("--field");
+  });
+
   // -------------------------------------------------------------------------
   // Orchestrator error propagation
   // -------------------------------------------------------------------------
 
   test("BYO mode: orchestrator error propagates correctly", async () => {
     mockGetProvider = () => ({
-      providerKey: "google",
-      authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      tokenUrl: "https://oauth2.googleapis.com/token",
+      provider: "google",
+      authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+      tokenExchangeUrl: "https://oauth2.googleapis.com/token",
       managedServiceConfigKey: null,
     });
     mockIsManagedMode = () => false;
@@ -685,7 +712,7 @@ describe("assistant oauth connect", () => {
       id: "app-1",
       clientId: "client-id",
       clientSecretCredentialPath: "oauth_app/app-1/client_secret",
-      providerKey: "google",
+      provider: "google",
       createdAt: 0,
       updatedAt: 0,
     });

package/src/cli/commands/oauth/__tests__/disconnect.test.ts

@@ -15,19 +15,19 @@ let mockGetConnection: (
 ) => Record<string, unknown> | undefined = () => undefined;
 
 let mockGetActiveConnection: (
-  providerKey: string,
+  provider: string,
   opts?: { account?: string },
 ) => Record<string, unknown> | undefined = () => undefined;
 
 let mockListActiveConnectionsByProvider: (
-  providerKey: string,
+  provider: string,
 ) => Array<Record<string, unknown>> = () => [];
 
 let mockDisconnectOAuthProviderResult: "disconnected" | "not-found" | "error" =
   "disconnected";
 
 let mockDisconnectOAuthProviderCalls: Array<{
-  providerKey: string;
+  provider: string;
   account: string | undefined;
   connectionId: string | undefined;
 }> = [];
@@ -64,17 +64,17 @@ mock.module("../../../../config/loader.js", () => ({
 mock.module("../../../../oauth/oauth-store.js", () => ({
   getProvider: (key: string) => mockGetProvider(key),
   getConnection: (id: string) => mockGetConnection(id),
-  getActiveConnection: (providerKey: string, opts?: { account?: string }) =>
-    mockGetActiveConnection(providerKey, opts),
-  listActiveConnectionsByProvider: (providerKey: string) =>
-    mockListActiveConnectionsByProvider(providerKey),
+  getActiveConnection: (provider: string, opts?: { account?: string }) =>
+    mockGetActiveConnection(provider, opts),
+  listActiveConnectionsByProvider: (provider: string) =>
+    mockListActiveConnectionsByProvider(provider),
   disconnectOAuthProvider: async (
-    providerKey: string,
+    provider: string,
     account?: string,
     connectionId?: string,
   ) => {
     mockDisconnectOAuthProviderCalls.push({
-      providerKey,
+      provider,
       account,
       connectionId,
     });
@@ -295,7 +295,7 @@ describe("assistant oauth disconnect", () => {
 
   test("both --account and --connection-id returns error", async () => {
     mockGetProvider = () => ({
-      providerKey: "google",
+      provider: "google",
       managedServiceConfigKey: null,
     });
 
@@ -323,7 +323,7 @@ describe("assistant oauth disconnect", () => {
   describe("managed mode", () => {
     beforeEach(() => {
       mockGetProvider = () => ({
-        providerKey: "google",
+        provider: "google",
         managedServiceConfigKey: "google-oauth",
       });
       mockIsManagedMode = () => true;
@@ -484,7 +484,7 @@ describe("assistant oauth disconnect", () => {
   describe("BYO mode", () => {
     beforeEach(() => {
       mockGetProvider = () => ({
-        providerKey: "google",
+        provider: "google",
         managedServiceConfigKey: null,
       });
       mockIsManagedMode = () => false;
@@ -494,7 +494,7 @@ describe("assistant oauth disconnect", () => {
       mockListActiveConnectionsByProvider = () => [
         {
           id: "conn-1",
-          providerKey: "google",
+          provider: "google",
           accountInfo: "user@gmail.com",
           status: "active",
         },
@@ -514,16 +514,16 @@ describe("assistant oauth disconnect", () => {
 
       // Verify disconnectOAuthProvider was called
       expect(mockDisconnectOAuthProviderCalls).toHaveLength(1);
-      expect(mockDisconnectOAuthProviderCalls[0].providerKey).toBe("google");
+      expect(mockDisconnectOAuthProviderCalls[0].provider).toBe("google");
       expect(mockDisconnectOAuthProviderCalls[0].connectionId).toBe("conn-1");
     });
 
     test("--account matches accountInfo", async () => {
-      mockGetActiveConnection = (providerKey, opts) => {
+      mockGetActiveConnection = (_provider, opts) => {
         if (opts?.account === "user@gmail.com") {
           return {
             id: "conn-1",
-            providerKey: "google",
+            provider: "google",
             accountInfo: "user@gmail.com",
             status: "active",
           };
@@ -567,7 +567,7 @@ describe("assistant oauth disconnect", () => {
         if (id === "conn-123") {
           return {
             id: "conn-123",
-            providerKey: "google",
+            provider: "google",
             accountInfo: "user@gmail.com",
             status: "active",
           };
@@ -593,7 +593,7 @@ describe("assistant oauth disconnect", () => {
         if (id === "conn-slack") {
           return {
             id: "conn-slack",
-            providerKey: "slack",
+            provider: "slack",
             accountInfo: null,
             status: "active",
           };
@@ -619,13 +619,13 @@ describe("assistant oauth disconnect", () => {
       mockListActiveConnectionsByProvider = () => [
         {
           id: "conn-1",
-          providerKey: "google",
+          provider: "google",
           accountInfo: "user1@gmail.com",
           status: "active",
         },
         {
           id: "conn-2",
-          providerKey: "google",
+          provider: "google",
           accountInfo: "user2@gmail.com",
           status: "active",
         },
@@ -666,7 +666,7 @@ describe("assistant oauth disconnect", () => {
       mockListActiveConnectionsByProvider = () => [
         {
           id: "conn-1",
-          providerKey: "google",
+          provider: "google",
           accountInfo: null,
           status: "active",
         },