@vellumai/assistant 0.6.1 → 0.6.3

package/src/daemon/handlers/shared.ts

@@ -81,6 +81,8 @@ export interface HistorySurface {
   data: Record<string, unknown>;
   actions?: Array<{ id: string; label: string; style?: string }>;
   display?: string;
+  completed?: boolean;
+  completionSummary?: string;
 }
 
 export interface RenderedHistoryContent {
@@ -108,6 +110,11 @@ export interface ConversationCreateOptions {
   transport?: ConversationTransportMetadata;
   assistantId?: string;
   trustContext?: TrustContext;
+  /**
+   * Active task-run scope for this turn. Cleared when omitted so background
+   * task permissions do not leak into later turns on a reused conversation.
+   */
+  taskRunId?: string;
   /** Normalized auth context for the conversation. */
   authContext?: AuthContext;
   /** Whether this turn can block on interactive approval prompts. */
@@ -281,6 +288,11 @@ export function renderHistoryContent(content: unknown): RenderedHistoryContent {
           : {},
         actions: Array.isArray(block.actions) ? block.actions : undefined,
         display: typeof block.display === "string" ? block.display : undefined,
+        completed: block.completed === true ? true : undefined,
+        completionSummary:
+          typeof block.completionSummary === "string"
+            ? block.completionSummary
+            : undefined,
       };
       surfaces.push(surface);
       contentOrder.push(`surface:${surfaces.length - 1}`);
@@ -337,6 +349,59 @@ export function renderHistoryContent(content: unknown): RenderedHistoryContent {
       }
       continue;
     }
+    if (block.type === "server_tool_use") {
+      finalizeSegment();
+      const name = typeof block.name === "string" ? block.name : "unknown";
+      const input = isRecord(block.input)
+        ? (block.input as Record<string, unknown>)
+        : {};
+      const id = typeof block.id === "string" ? block.id : "";
+      const entry: HistoryToolCall = { name, input };
+      toolCalls.push(entry);
+      if (id) pendingToolUses.set(id, entry);
+      contentOrder.push(`tool:${toolCalls.length - 1}`);
+      if (!seenToolUse) {
+        seenToolUse = true;
+        if (!seenText) toolCallsBeforeText = true;
+      }
+      continue;
+    }
+    if (block.type === "web_search_tool_result") {
+      const toolUseId =
+        typeof block.tool_use_id === "string" ? block.tool_use_id : "";
+      const isError =
+        isRecord(block.content) &&
+        (block.content as { type?: string }).type ===
+          "web_search_tool_result_error";
+
+      // Format search results into readable text.
+      let resultContent = "";
+      if (Array.isArray(block.content)) {
+        resultContent = (block.content as unknown[])
+          .filter(
+            (r): r is { type: string; title: string; url: string } =>
+              typeof r === "object" &&
+              r != null &&
+              (r as { type?: string }).type === "web_search_result",
+          )
+          .map((r) => `${r.title}\n${r.url}`)
+          .join("\n\n");
+      }
+
+      const matched = toolUseId ? pendingToolUses.get(toolUseId) : null;
+      if (matched) {
+        matched.result = resultContent;
+        matched.isError = isError;
+      } else {
+        toolCalls.push({
+          name: "web_search",
+          input: {},
+          result: resultContent,
+          isError,
+        });
+      }
+      continue;
+    }
     if (block.type === "tool_result") {
       const toolUseId =
         typeof block.tool_use_id === "string" ? block.tool_use_id : "";

package/src/daemon/handlers/skills.ts

@@ -9,7 +9,7 @@ import {
   statSync,
 } from "node:fs";
 import { homedir } from "node:os";
-import { join, relative } from "node:path";
+import { basename, join, relative, sep } from "node:path";
 
 import { isAssistantFeatureFlagEnabled } from "../../config/assistant-feature-flags.js";
 import {
@@ -31,9 +31,21 @@ import {
   getConfiguredProvider,
   userMessage,
 } from "../../providers/provider-send-message.js";
-import { isTextMimeType as isTextMime } from "../../runtime/routes/workspace-utils.js";
+import {
+  isTextMimeType as isTextMime,
+  MAX_INLINE_TEXT_SIZE,
+} from "../../runtime/routes/workspace-utils.js";
 import { getCatalog } from "../../skills/catalog-cache.js";
 import {
+  hasHiddenOrSkippedSegment,
+  readCatalogSkillFileContent,
+  readCatalogSkillFiles,
+  sanitizeRelativePath,
+  type SkillFileEntry,
+  SKIP_DIRS,
+} from "../../skills/catalog-files.js";
+import {
+  type CatalogSkill,
   installSkillLocally,
   upsertSkillsIndex,
 } from "../../skills/catalog-install.js";
@@ -64,6 +76,7 @@ import {
 import { getWorkspaceSkillsDir } from "../../util/platform.js";
 import type {
   SkillDetailResponse,
+  SkillFileContentResponse,
   SlimSkillResponse,
 } from "../message-types/skills.js";
 import {
@@ -73,10 +86,6 @@ import {
   log,
 } from "./shared.js";
 
-// ─── MIME detection helpers ───────────────────────────────────────────────────
-
-const MAX_INLINE_SIZE = 2 * 1024 * 1024; // 2 MB
-
 // ─── Shared context for standalone functions ─────────────────────────────────
 
 /**
@@ -364,7 +373,7 @@ export async function listSkillsWithCatalog(
   const installed = listSkills(ctx);
   const installedIds = new Set(installed.map((s) => s.id));
 
-  let catalogSkills: import("../../skills/catalog-install.js").CatalogSkill[];
+  let catalogSkills: CatalogSkill[];
   try {
     catalogSkills = await getCatalog();
   } catch {
@@ -376,15 +385,7 @@ export async function listSkillsWithCatalog(
   // Create SlimSkillResponses for catalog skills not already installed.
   const available: SlimSkillResponse[] = catalogSkills
     .filter((cs) => !installedIds.has(cs.id))
-    .map((cs) => ({
-      id: cs.id,
-      name: cs.metadata?.vellum?.["display-name"] ?? cs.name,
-      description: cs.description,
-      emoji: cs.emoji,
-      kind: "catalog" as const,
-      origin: "vellum" as const,
-      status: "available" as const,
-    }));
+    .map((cs) => catalogSkillToSlim(cs));
 
   const merged = [...installed, ...available];
 
@@ -494,16 +495,12 @@ export async function getSkill(
 
 // ─── Skill file listing ──────────────────────────────────────────────────────
 
-export interface SkillFileEntry {
-  path: string; // relative to skill directory root (e.g. "SKILL.md", "tools/foo.ts")
-  name: string; // basename
-  size: number;
-  mimeType: string;
-  isBinary: boolean;
-  content: string | null; // inline text if ≤ 2 MB and text MIME, else null
-}
-
-const SKIP_DIRS = new Set(["node_modules", "__pycache__", ".git"]);
+// `SkillFileEntry` lives in `../../skills/catalog-files.ts` to keep a single
+// source of truth for the shape and avoid a circular import (catalog-files
+// depends on `catalog-cache.ts`, which would otherwise be reachable via this
+// handler module). Re-exported here so handlers can import it alongside
+// the other skill handler exports.
+export type { SkillFileEntry } from "../../skills/catalog-files.js";
 
 /**
  * Returns true if `filePath` is a symlink whose resolved real path escapes
@@ -550,7 +547,7 @@ function readDirRecursive(dir: string, rootDir: string): SkillFileEntry[] {
       const mimeType = Bun.file(fullPath).type;
       const isText = isTextMime(mimeType, dirent.name);
       let content: string | null = null;
-      if (isText && stat.size <= MAX_INLINE_SIZE) {
+      if (isText && stat.size <= MAX_INLINE_TEXT_SIZE) {
         content = readFileSync(fullPath, "utf-8");
       }
       entries.push({
@@ -568,26 +565,224 @@ function readDirRecursive(dir: string, rootDir: string): SkillFileEntry[] {
   return entries;
 }
 
-export function getSkillFiles(
+/**
+ * Map a `CatalogSkill` (from the Vellum platform API) to a `SlimSkillResponse`
+ * shaped for the "available catalog skill" case. Shared between
+ * `listSkillsWithCatalog` (merging catalog entries into the installed list)
+ * and `getSkillFiles` (catalog fallback for preview listings). Keeping the
+ * mapping in one place avoids divergence between the list and detail paths.
+ */
+function catalogSkillToSlim(cs: CatalogSkill): SlimSkillResponse {
+  return {
+    id: cs.id,
+    name: cs.metadata?.vellum?.["display-name"] ?? cs.name,
+    description: cs.description,
+    emoji: cs.emoji,
+    kind: "catalog",
+    origin: "vellum",
+    status: "available",
+  };
+}
+
+/**
+ * Read a single file's content from an installed or catalog skill.
+ *
+ * Installed-skill path (eager): reads the file directly from the skill's
+ * on-disk directory. Applies lexical containment, symlink rejection, and
+ * realpath containment checks for defense in depth.
+ *
+ * Catalog fallback: when the skill id is not backed by a local directory
+ * (e.g. an uninstalled Vellum catalog skill), delegates to
+ * `readCatalogSkillFileContent`, which handles both the dev-mode repo
+ * checkout path and the platform preview API path internally.
+ */
+export async function getSkillFileContent(
   skillId: string,
+  relativePath: string,
   _ctx: SkillOperationContext,
-):
+): Promise<SkillFileContentResponse | { error: string; status: number }> {
+  const sanitized = sanitizeRelativePath(relativePath);
+  if (!sanitized) {
+    return { error: "Invalid path", status: 400 };
+  }
+
+  // Reject any sanitized path that references a hidden segment (dotfiles
+  // like `.env`, dot-dirs like `.git`) or a SKIP_DIRS segment (e.g.
+  // `node_modules`, `__pycache__`). Both file-listing endpoints (installed
+  // and catalog) intentionally omit these entries, so allowing the content
+  // endpoint to read them would create a data-exposure path and break
+  // parity with the visible file list. This check runs BEFORE both the
+  // installed-skill disk read and the catalog fallback so the rejection
+  // is uniform regardless of source.
+  if (hasHiddenOrSkippedSegment(sanitized)) {
+    return { error: "Invalid path", status: 400 };
+  }
+
+  const found = findSkillById(skillId);
+  if (found) {
+    if (!existsSync(found.summary.directoryPath)) {
+      // Resolver lists the skill as installed but the directory is missing
+      // on disk (corrupted install, mid-delete race, external unmount, etc.).
+      // Return a distinct 404 instead of falling through to the catalog path
+      // so the content response stays consistent with `listSkillsWithCatalog`
+      // and `getSkillFiles`, which classify the same id as `kind: "installed"`.
+      return {
+        error: `Skill directory missing for "${skillId}"`,
+        status: 404,
+      };
+    }
+    const dir = found.summary.directoryPath;
+    const abs = join(dir, sanitized);
+
+    // Lexical containment: the resolved absolute path must stay inside the
+    // skill directory even after `join` normalization. Cheap short-circuit
+    // before any fs calls.
+    if (!(abs === dir || abs.startsWith(dir + sep))) {
+      return { error: "Invalid path", status: 400 };
+    }
+
+    // Defense-in-depth symlink rejection: refuse to follow a symlinked file
+    // inside the skill dir that could point outside the root. Also catches
+    // symlinked parent directories via a realpath containment check.
+    let lstat;
+    try {
+      lstat = lstatSync(abs);
+    } catch {
+      return { error: "File not found", status: 404 };
+    }
+    if (lstat.isSymbolicLink()) {
+      return { error: "File not found", status: 404 };
+    }
+    if (!lstat.isFile()) {
+      return { error: "File not found", status: 404 };
+    }
+
+    let realAbs: string;
+    let realDir: string;
+    try {
+      realAbs = realpathSync(abs);
+      realDir = realpathSync(dir);
+    } catch {
+      return { error: "File not found", status: 404 };
+    }
+    if (!(realAbs === realDir || realAbs.startsWith(realDir + sep))) {
+      return { error: "File not found", status: 404 };
+    }
+
+    let stat;
+    try {
+      stat = statSync(abs);
+    } catch {
+      return { error: "File not found", status: 404 };
+    }
+    if (!stat.isFile()) {
+      return { error: "File not found", status: 404 };
+    }
+
+    const name = basename(sanitized);
+    const mimeType = Bun.file(abs).type;
+    const isText = isTextMime(mimeType, name);
+    const isBinary = !isText;
+    let content: string | null = null;
+    if (isText && stat.size <= MAX_INLINE_TEXT_SIZE) {
+      try {
+        content = readFileSync(abs, "utf-8");
+      } catch {
+        content = null;
+      }
+    }
+    return {
+      path: sanitized,
+      name,
+      size: stat.size,
+      mimeType,
+      isBinary,
+      content,
+    };
+  }
+
+  // Catalog fallback: skill is not installed locally. Try the catalog
+  // preview helper, which handles both dev-mode repo checkouts and the
+  // platform preview API.
+  let catalog: Awaited<ReturnType<typeof getCatalog>> = [];
+  try {
+    catalog = await getCatalog();
+  } catch {
+    catalog = [];
+  }
+  const inCatalog = catalog.some((s) => s.id === skillId);
+  if (!inCatalog) {
+    return { error: "Skill not found", status: 404 };
+  }
+
+  const result = await readCatalogSkillFileContent(skillId, sanitized);
+  if (!result) {
+    return { error: "File not found", status: 404 };
+  }
+  return {
+    path: result.path,
+    name: result.name,
+    size: result.size,
+    mimeType: result.mimeType,
+    isBinary: result.isBinary,
+    content: result.content,
+  };
+}
+
+export async function getSkillFiles(
+  skillId: string,
+  _ctx: SkillOperationContext,
+): Promise<
   | { skill: SlimSkillResponse; files: SkillFileEntry[] }
-  | { error: string; status: number } {
+  | { error: string; status: number }
+> {
+  // Preferred path: the skill is resolved locally (bundled, managed,
+  // workspace, or extra) AND its directory exists on disk. Read files
+  // eagerly with inline content.
   const found = findSkillById(skillId);
-  if (!found) {
+  if (found) {
+    if (existsSync(found.summary.directoryPath)) {
+      const dirPath = found.summary.directoryPath;
+      const files = readDirRecursive(dirPath, dirPath);
+      files.sort((a, b) => a.path.localeCompare(b.path));
+      return { skill: found.item, files };
+    }
+    // Resolver lists the skill as installed but the directory is missing
+    // on disk (corrupted install, mid-delete race, external unmount, etc.).
+    // Return a distinct 404 instead of falling through to the catalog path
+    // so the detail response stays consistent with `listSkillsWithCatalog`,
+    // which classifies the same id as `kind: "installed"`.
+    return {
+      error: `Skill directory missing for "${skillId}"`,
+      status: 404,
+    };
+  }
+
+  // Fallback: skill is not installed. Try the Vellum catalog — this covers
+  // previewing files for an uninstalled catalog skill without touching the
+  // install flow.
+  let catalog: CatalogSkill[];
+  try {
+    catalog = await getCatalog();
+  } catch {
+    return { error: `Skill "${skillId}" not found`, status: 404 };
+  }
+  const cs = catalog.find((c) => c.id === skillId);
+  if (!cs) {
     return { error: `Skill "${skillId}" not found`, status: 404 };
   }
 
-  const dirPath = found.summary.directoryPath;
-  if (!existsSync(dirPath)) {
-    return { error: `Skill directory not found for "${skillId}"`, status: 404 };
+  const files = await readCatalogSkillFiles(skillId);
+  if (files === null) {
+    return {
+      error: `Skill files unavailable for "${skillId}"`,
+      status: 404,
+    };
   }
 
-  const files = readDirRecursive(dirPath, dirPath);
+  const skill = catalogSkillToSlim(cs);
   files.sort((a, b) => a.path.localeCompare(b.path));
-
-  return { skill: found.item, files };
+  return { skill, files };
 }
 
 export function enableSkill(

package/src/daemon/host-bash-proxy.ts

@@ -14,6 +14,8 @@ interface PendingRequest {
   reject: (err: Error) => void;
   timer: ReturnType<typeof setTimeout>;
   timeoutSec: number;
+  /** Detach the abort listener from the caller's signal. No-op when no signal was passed. */
+  detachAbort: () => void;
 }
 
 export class HostBashProxy {
@@ -60,8 +62,14 @@ export class HostBashProxy {
       const timeoutSec = input.timeout_seconds ?? shellMaxTimeoutSec;
       // Proxy timeout: slightly after client-side timeout, but before executor's outer timeout
       const proxyTimeoutSec = timeoutSec + 3;
+
+      // Declared up-front so onAbort (defined before detachAbort is assigned)
+      // can close over a stable reference once it's wired below.
+      let detachAbort: () => void = () => {};
+
       const timer = setTimeout(() => {
         this.pending.delete(requestId);
+        detachAbort();
         this.onInternalResolve?.(requestId);
         log.warn(
           { requestId, command: input.command },
@@ -78,13 +86,14 @@ export class HostBashProxy {
         );
       }, proxyTimeoutSec * 1000);
 
-      this.pending.set(requestId, { resolve, reject, timer, timeoutSec });
-
       if (signal) {
         const onAbort = () => {
           if (this.pending.has(requestId)) {
             clearTimeout(timer);
             this.pending.delete(requestId);
+            // Abort fired — nothing to detach, but call the no-op for symmetry
+            // so callers can rely on detachAbort being idempotent.
+            detachAbort();
             this.onInternalResolve?.(requestId);
             try {
               this.sendToClient({
@@ -98,19 +107,43 @@ export class HostBashProxy {
           }
         };
         signal.addEventListener("abort", onAbort, { once: true });
+        detachAbort = () => signal.removeEventListener("abort", onAbort);
       }
 
-      this.sendToClient({
-        type: "host_bash_request",
-        requestId,
-        conversationId,
-        command: input.command,
-        working_dir: input.working_dir,
-        timeout_seconds: input.timeout_seconds,
-        ...(input.env && Object.keys(input.env).length > 0
-          ? { env: input.env }
-          : {}),
-      } as ServerMessage);
+      this.pending.set(requestId, {
+        resolve,
+        reject,
+        timer,
+        timeoutSec,
+        detachAbort,
+      });
+
+      try {
+        this.sendToClient({
+          type: "host_bash_request",
+          requestId,
+          conversationId,
+          command: input.command,
+          working_dir: input.working_dir,
+          timeout_seconds: input.timeout_seconds,
+          ...(input.env && Object.keys(input.env).length > 0
+            ? { env: input.env }
+            : {}),
+        } as ServerMessage);
+      } catch (err) {
+        // Sender threw synchronously (e.g. client transport error during
+        // event emission). Clean up pending state and timer so we don't
+        // leak an in-flight entry that nothing will ever resolve.
+        clearTimeout(timer);
+        this.pending.delete(requestId);
+        detachAbort();
+        this.onInternalResolve?.(requestId);
+        log.warn(
+          { requestId, command: input.command, err },
+          "Host bash proxy send failed",
+        );
+        reject(err instanceof Error ? err : new Error(String(err)));
+      }
     });
   }
 
@@ -129,6 +162,7 @@ export class HostBashProxy {
       return;
     }
     clearTimeout(entry.timer);
+    entry.detachAbort();
     this.pending.delete(requestId);
     const result = formatShellOutput(
       response.stdout,
@@ -151,6 +185,7 @@ export class HostBashProxy {
   dispose(): void {
     for (const [requestId, entry] of this.pending) {
       clearTimeout(entry.timer);
+      entry.detachAbort();
       this.onInternalResolve?.(requestId);
       try {
         this.sendToClient({