@vellumai/assistant 0.6.1 → 0.6.3

package/src/runtime/migrations/rebind-secrets-screen.ts

@@ -194,18 +194,63 @@ export function markTaskPending(
 
 /**
  * Build the task list from definitions and completion state.
+ *
+ * When credential import results are provided:
+ * - If all credentials were imported successfully, the re-enter-secrets task
+ *   is marked as auto-completed with an updated description.
+ * - If some credentials failed, the description is updated to list only the
+ *   failed credentials that need manual re-entry.
+ * - If no credentials were in the bundle (legacy), the original behavior is kept.
  */
-function buildTasks(completionState: RebindTaskCompletionState): RebindTask[] {
-  return TASK_DEFINITIONS.map((def) => ({
-    id: def.id,
-    title: def.title,
-    description: def.description,
-    status: completionState[def.id]
-      ? ("complete" as const)
-      : ("pending" as const),
-    required: def.required,
-    ...(def.helpText !== undefined ? { helpText: def.helpText } : {}),
-  }));
+function buildTasks(
+  completionState: RebindTaskCompletionState,
+  credentialsImported?: MigrationWizardState["credentialsImported"],
+): RebindTask[] {
+  return TASK_DEFINITIONS.map((def) => {
+    // Apply credential import awareness to the re-enter-secrets task
+    if (def.id === "re-enter-secrets" && credentialsImported) {
+      if (credentialsImported.failed === 0 && credentialsImported.total > 0) {
+        // All credentials imported successfully — auto-complete this task
+        return {
+          id: def.id,
+          title: "API keys and secrets transferred",
+          description: `All ${credentialsImported.total} credential(s) were automatically imported from the bundle. No manual re-entry needed.`,
+          status: "complete" as const,
+          required: def.required,
+          helpText:
+            "Credentials were securely transferred as part of the migration bundle. You can verify them in Settings > Models & Services.",
+        };
+      }
+
+      if (credentialsImported.failed > 0) {
+        // Partial failure — show only the failed credentials
+        const failedList = credentialsImported.failedAccounts
+          .map((a) => `"${a}"`)
+          .join(", ");
+        return {
+          id: def.id,
+          title: "Re-enter failed credentials",
+          description: `${credentialsImported.succeeded} of ${credentialsImported.total} credential(s) were imported automatically. The following failed and need manual re-entry: ${failedList}.`,
+          status: completionState[def.id]
+            ? ("complete" as const)
+            : ("pending" as const),
+          required: def.required,
+          helpText: `Navigate to Settings > Models & Services to re-enter the failed credential(s): ${failedList}.`,
+        };
+      }
+    }
+
+    return {
+      id: def.id,
+      title: def.title,
+      description: def.description,
+      status: completionState[def.id]
+        ? ("complete" as const)
+        : ("pending" as const),
+      required: def.required,
+      ...(def.helpText !== undefined ? { helpText: def.helpText } : {}),
+    };
+  });
 }
 
 /**
@@ -235,6 +280,7 @@ export function deriveRebindSecretsScreenState(
   completionState: RebindTaskCompletionState,
 ): RebindSecretsScreenState {
   const rebindStep = wizardState.steps["rebind-secrets"];
+  const credInfo = wizardState.credentialsImported;
 
   // Not yet accessible -- earlier steps incomplete
   if (
@@ -246,15 +292,22 @@ export function deriveRebindSecretsScreenState(
     }
   }
 
+  // Apply credential-aware completion state: if all credentials imported
+  // successfully, treat re-enter-secrets as auto-completed.
+  let effectiveCompletion = completionState;
+  if (credInfo && credInfo.total > 0 && credInfo.failed === 0) {
+    effectiveCompletion = markTaskComplete(completionState, "re-enter-secrets");
+  }
+
   // Already completed (viewing from a later step or after completion)
   if (rebindStep.status === "success") {
-    const tasks = buildTasks(completionState);
+    const tasks = buildTasks(effectiveCompletion, credInfo);
     return { phase: "complete", tasks };
   }
 
   // Active -- show the checklist
   if (wizardState.currentStep === "rebind-secrets") {
-    const tasks = buildTasks(completionState);
+    const tasks = buildTasks(effectiveCompletion, credInfo);
     const requiredTasks = tasks.filter((t) => t.required);
     const completedTasks = tasks.filter((t) => t.status === "complete");
     const requiredCompletedTasks = requiredTasks.filter(
@@ -264,7 +317,7 @@ export function deriveRebindSecretsScreenState(
     return {
       phase: "active",
       tasks,
-      allRequiredComplete: areAllRequiredTasksComplete(completionState),
+      allRequiredComplete: areAllRequiredTasksComplete(effectiveCompletion),
       completedCount: completedTasks.length,
       totalCount: tasks.length,
       requiredCount: requiredTasks.length,
@@ -289,7 +342,15 @@ export function completeMigration(
   wizardState: MigrationWizardState,
   completionState: RebindTaskCompletionState,
 ): MigrationWizardState {
-  if (!areAllRequiredTasksComplete(completionState)) {
+  // Apply credential-aware effective completion: if all credentials were
+  // imported successfully, treat re-enter-secrets as auto-completed
+  // (mirrors the logic in deriveRebindSecretsScreenState).
+  let effectiveCompletion = completionState;
+  const credInfo = wizardState?.credentialsImported;
+  if (credInfo && credInfo.total > 0 && credInfo.failed === 0) {
+    effectiveCompletion = { ...completionState, "re-enter-secrets": true };
+  }
+  if (!areAllRequiredTasksComplete(effectiveCompletion)) {
     throw new Error(
       "Cannot complete migration: not all required tasks are done",
     );

package/src/runtime/migrations/vbundle-builder.ts

@@ -28,6 +28,7 @@ import { Readable } from "node:stream";
 import { pipeline } from "node:stream/promises";
 import { createGzip, gzipSync } from "node:zlib";
 
+import { sanitizeConfigForTransfer } from "../../config/sanitize-for-transfer.js";
 import type {
   ManifestFileEntryType,
   ManifestType,
@@ -66,6 +67,20 @@ interface FileMetadata {
   size: number;
 }
 
+/** In-memory entry for data not backed by a file on disk (e.g. credentials). */
+interface InMemoryEntry {
+  archivePath: string;
+  data: Uint8Array;
+  size: number;
+}
+
+/** Union of disk-backed and in-memory tar stream entries. */
+type TarStreamEntry = FileMetadata | InMemoryEntry;
+
+function isInMemoryEntry(entry: TarStreamEntry): entry is InMemoryEntry {
+  return "data" in entry;
+}
+
 // ---------------------------------------------------------------------------
 // Hash helpers
 // ---------------------------------------------------------------------------
@@ -439,6 +454,8 @@ export interface BuildExportVBundleOptions {
    * Called before the workspace walk so the DB file is up to date.
    */
   checkpoint?: () => void;
+  /** Optional credential entries to include in the archive under credentials/ prefix. */
+  credentials?: Array<{ account: string; value: string }>;
 }
 
 /**
@@ -456,8 +473,15 @@ export interface BuildExportVBundleOptions {
 export function buildExportVBundle(
   options: BuildExportVBundleOptions,
 ): BuildVBundleResult {
-  const { source, description, checkpoint, trustPath, workspaceDir, hooksDir } =
-    options;
+  const {
+    source,
+    description,
+    checkpoint,
+    trustPath,
+    workspaceDir,
+    hooksDir,
+    credentials,
+  } = options;
 
   // Flush WAL to the main database file before reading so the export
   // captures all committed rows (SQLite WAL mode keeps recent writes
@@ -483,6 +507,14 @@ export function buildExportVBundle(
     );
   }
 
+  // Sanitize workspace/config.json to strip environment-specific fields
+  const configEntry = files.find((f) => f.path === "workspace/config.json");
+  if (configEntry) {
+    const configJson = new TextDecoder().decode(configEntry.data);
+    const sanitized = sanitizeConfigForTransfer(configJson);
+    configEntry.data = new TextEncoder().encode(sanitized);
+  }
+
   // Include hooks directory if it exists (lives at ~/.vellum/hooks/, outside workspace).
   if (hooksDir && existsSync(hooksDir) && lstatSync(hooksDir).isDirectory()) {
     files.push(...walkDirectory(hooksDir, "hooks"));
@@ -494,6 +526,14 @@ export function buildExportVBundle(
     files.push({ path: "trust/trust.json", data: trustData });
   }
 
+  // Include credential entries if provided
+  if (credentials?.length) {
+    for (const { account, value } of credentials) {
+      const data = new TextEncoder().encode(value);
+      files.push({ path: `credentials/${account}`, data });
+    }
+  }
+
   return buildVBundle({
     files,
     source: source ?? "runtime-export",
@@ -688,7 +728,7 @@ function tarPaddingBytes(dataSize: number): Uint8Array {
  */
 async function* generateTarStream(
   manifestJson: Uint8Array,
-  files: FileMetadata[],
+  files: TarStreamEntry[],
 ): AsyncGenerator<Uint8Array> {
   // Manifest entry
   yield createPaxAndHeaderBlocks("manifest.json", manifestJson.length);
@@ -697,43 +737,52 @@ async function* generateTarStream(
 
   // File entries
   for (const file of files) {
-    yield createPaxAndHeaderBlocks(file.archivePath, file.size);
-
-    // Stream exactly file.size bytes from disk. Capping the read at the
-    // declared size keeps the tar structure valid even if the file grows
-    // between passes (common for log files on active assistants). If the
-    // file shrinks below the declared size, zero-pad to maintain block
-    // alignment. The WAL checkpoint before export is the primary
-    // consistency mechanism for the database.
-    let bytesWritten = 0;
-    if (file.size > 0) {
-      try {
-        const stream = createReadStream(file.diskPath, {
-          start: 0,
-          end: file.size - 1,
-        });
-        for await (const chunk of stream) {
-          const data =
-            chunk instanceof Uint8Array ? chunk : new Uint8Array(chunk);
-          bytesWritten += data.length;
-          yield data;
+    const entrySize = isInMemoryEntry(file) ? file.size : file.size;
+    yield createPaxAndHeaderBlocks(file.archivePath, entrySize);
+
+    if (isInMemoryEntry(file)) {
+      // In-memory entry — yield data directly
+      if (file.size > 0) {
+        yield file.data;
+      }
+    } else {
+      // Disk-backed entry — stream from disk
+      // Stream exactly file.size bytes from disk. Capping the read at the
+      // declared size keeps the tar structure valid even if the file grows
+      // between passes (common for log files on active assistants). If the
+      // file shrinks below the declared size, zero-pad to maintain block
+      // alignment. The WAL checkpoint before export is the primary
+      // consistency mechanism for the database.
+      let bytesWritten = 0;
+      if (file.size > 0) {
+        try {
+          const stream = createReadStream(file.diskPath, {
+            start: 0,
+            end: file.size - 1,
+          });
+          for await (const chunk of stream) {
+            const data =
+              chunk instanceof Uint8Array ? chunk : new Uint8Array(chunk);
+            bytesWritten += data.length;
+            yield data;
+          }
+        } catch {
+          // File was deleted or rotated between passes — emit zeros for
+          // the full declared size so the tar structure stays valid
         }
-      } catch {
-        // File was deleted or rotated between passes — emit zeros for
-        // the full declared size so the tar structure stays valid
       }
-    }
 
-    // If the file shrank, pad with zeros in bounded chunks to reach
-    // the declared size without a large single allocation
-    let remaining = file.size - bytesWritten;
-    while (remaining > 0) {
-      const chunkSize = Math.min(remaining, 65536);
-      yield new Uint8Array(chunkSize);
-      remaining -= chunkSize;
+      // If the file shrank, pad with zeros in bounded chunks to reach
+      // the declared size without a large single allocation
+      let remaining = file.size - bytesWritten;
+      while (remaining > 0) {
+        const chunkSize = Math.min(remaining, 65536);
+        yield new Uint8Array(chunkSize);
+        remaining -= chunkSize;
+      }
     }
 
-    yield tarPaddingBytes(file.size);
+    yield tarPaddingBytes(entrySize);
   }
 
   // End-of-archive: two zero blocks
@@ -765,8 +814,15 @@ export interface StreamExportVBundleResult {
 export async function streamExportVBundle(
   options: BuildExportVBundleOptions,
 ): Promise<StreamExportVBundleResult> {
-  const { source, description, checkpoint, trustPath, workspaceDir, hooksDir } =
-    options;
+  const {
+    source,
+    description,
+    checkpoint,
+    trustPath,
+    workspaceDir,
+    hooksDir,
+    credentials,
+  } = options;
 
   // Flush WAL to the main database file before reading
   if (checkpoint) {
@@ -806,6 +862,42 @@ export async function streamExportVBundle(
     }
   }
 
+  // Sanitize workspace/config.json: read from disk, sanitize, and replace the
+  // disk-backed metadata entry with an in-memory entry so the streaming tar
+  // writes sanitized content instead of the raw file.
+  const configMetadataIdx = allFileMetadata.findIndex(
+    (f) => f.archivePath === "workspace/config.json",
+  );
+
+  const sanitizedConfigEntries: InMemoryEntry[] = [];
+  if (configMetadataIdx !== -1) {
+    const configMeta = allFileMetadata[configMetadataIdx];
+    const rawConfigData = readFileSync(configMeta.diskPath, "utf8");
+    const sanitized = sanitizeConfigForTransfer(rawConfigData);
+    const sanitizedData = new TextEncoder().encode(sanitized);
+
+    // Remove the disk-backed entry and replace with an in-memory entry
+    allFileMetadata.splice(configMetadataIdx, 1);
+    sanitizedConfigEntries.push({
+      archivePath: "workspace/config.json",
+      data: sanitizedData,
+      size: sanitizedData.length,
+    });
+  }
+
+  // Build in-memory entries for credentials (not disk-backed)
+  const inMemoryEntries: InMemoryEntry[] = [];
+  if (credentials?.length) {
+    for (const { account, value } of credentials) {
+      const data = new TextEncoder().encode(value);
+      inMemoryEntries.push({
+        archivePath: `credentials/${account}`,
+        data,
+        size: data.length,
+      });
+    }
+  }
+
   // ------------------------------------------------------------------
   // Pass 1: Compute SHA-256 checksums to build the manifest
   // ------------------------------------------------------------------
@@ -820,6 +912,16 @@ export async function streamExportVBundle(
     });
   }
 
+  // Add in-memory entries (sanitized config, credentials) to the manifest
+  for (const entry of [...sanitizedConfigEntries, ...inMemoryEntries]) {
+    const sha256 = sha256Hex(entry.data);
+    fileEntries.push({
+      path: entry.archivePath,
+      sha256,
+      size: entry.size,
+    });
+  }
+
   const manifestWithoutChecksum = {
     schema_version: "1.0",
     created_at: new Date().toISOString(),
@@ -842,7 +944,12 @@ export async function streamExportVBundle(
 
   const tempPath = join(tmpdir(), `vbundle-export-${randomUUID()}.tmp`);
 
-  const tarGenerator = generateTarStream(manifestData, allFileMetadata);
+  const allEntries: TarStreamEntry[] = [
+    ...allFileMetadata,
+    ...sanitizedConfigEntries,
+    ...inMemoryEntries,
+  ];
+  const tarGenerator = generateTarStream(manifestData, allEntries);
   const tarReadable = Readable.from(tarGenerator);
   const gzipStream = createGzip();
   const writeStream = createWriteStream(tempPath, { mode: 0o600 });

package/src/runtime/migrations/vbundle-import-analyzer.ts

@@ -93,6 +93,11 @@ export class DefaultPathResolver implements PathResolver {
   ) {}
 
   resolve(archivePath: string): string | null {
+    // Skip credential entries — handled separately by the credential import step
+    if (archivePath.startsWith("credentials/")) {
+      return null;
+    }
+
     // New format: workspace/ prefix — maps directly into the workspace dir
     if (archivePath.startsWith("workspace/") && this.workspaceDir) {
       const relPath = archivePath.slice("workspace/".length);
@@ -190,6 +195,20 @@ export function analyzeImport(
   for (const fileEntry of manifest.files) {
     const diskPath = pathResolver.resolve(fileEntry.path);
 
+    // Credential entries are handled separately by the credential import
+    // step — skip them without flagging as unknown/conflict.
+    if (fileEntry.path.startsWith("credentials/")) {
+      files.push({
+        path: fileEntry.path,
+        action: "skip",
+        bundle_size: fileEntry.size,
+        bundle_sha256: fileEntry.sha256,
+        current_size: null,
+        current_sha256: null,
+      });
+      continue;
+    }
+
     if (!diskPath) {
       // Unknown archive path — would have nowhere to write
       conflicts.push({

package/src/runtime/migrations/vbundle-importer.ts

@@ -24,6 +24,7 @@ import {
 } from "node:fs";
 import { dirname, join } from "node:path";
 
+import { sanitizeConfigForTransfer } from "../../config/sanitize-for-transfer.js";
 import type { PathResolver } from "./vbundle-import-analyzer.js";
 import type { ManifestType, VBundleTarEntry } from "./vbundle-validator.js";
 import { validateVBundle } from "./vbundle-validator.js";
@@ -227,6 +228,12 @@ export function commitImport(options: ImportCommitOptions): ImportCommitResult {
   let backupsCreated = 0;
 
   for (const fileEntry of manifest.files) {
+    // Credential entries are handled separately by extractCredentialsFromBundle()
+    // in migration-routes.ts — skip them silently without warnings or skip counts.
+    if (fileEntry.path.startsWith("credentials/")) {
+      continue;
+    }
+
     const diskPath = pathResolver.resolve(fileEntry.path);
 
     if (!diskPath) {
@@ -315,9 +322,20 @@ export function commitImport(options: ImportCommitOptions): ImportCommitResult {
       }
     }
 
+    // Sanitize config files to strip environment-specific fields (defense-in-depth)
+    let dataToWrite: Uint8Array = archiveEntry.data;
+    if (
+      fileEntry.path === "workspace/config.json" ||
+      fileEntry.path === "config/settings.json"
+    ) {
+      const configJson = new TextDecoder().decode(archiveEntry.data);
+      const sanitized = sanitizeConfigForTransfer(configJson);
+      dataToWrite = new TextEncoder().encode(sanitized);
+    }
+
     // Write the file
     try {
-      writeFileSync(diskPath, archiveEntry.data);
+      writeFileSync(diskPath, dataToWrite);
     } catch (err) {
       return {
         ok: false,
@@ -335,14 +353,17 @@ export function commitImport(options: ImportCommitOptions): ImportCommitResult {
     }
 
     // Step 3: Post-write integrity check — verify the written file
+    // Use the SHA of the data we actually wrote (which may differ from the
+    // manifest SHA if the config was sanitized during import).
+    const expectedSha256 = sha256Hex(dataToWrite);
     try {
       const writtenData = new Uint8Array(readFileSync(diskPath));
       const writtenSha256 = sha256Hex(writtenData);
 
-      if (writtenSha256 !== fileEntry.sha256) {
+      if (writtenSha256 !== expectedSha256) {
         warnings.push(
           `Post-write integrity warning for "${fileEntry.path}": ` +
-            `expected SHA-256 ${fileEntry.sha256}, got ${writtenSha256}`,
+            `expected SHA-256 ${expectedSha256}, got ${writtenSha256}`,
         );
       }
     } catch {
@@ -355,8 +376,8 @@ export function commitImport(options: ImportCommitOptions): ImportCommitResult {
       path: fileEntry.path,
       disk_path: diskPath,
       action,
-      size: archiveEntry.size,
-      sha256: fileEntry.sha256,
+      size: dataToWrite.length,
+      sha256: expectedSha256,
       backup_path: backupPath,
     });
   }
@@ -380,6 +401,35 @@ export function commitImport(options: ImportCommitOptions): ImportCommitResult {
   return { ok: true, report };
 }
 
+// ---------------------------------------------------------------------------
+// Credential extraction
+// ---------------------------------------------------------------------------
+
+/**
+ * Extract credential entries from a validated vbundle tar entries map.
+ *
+ * Credentials are stored under the `credentials/` prefix in the archive,
+ * where the remainder of the path is the account name and the entry data
+ * is the credential value.
+ */
+export function extractCredentialsFromBundle(
+  entries: Map<string, VBundleTarEntry>,
+  manifest: ManifestType,
+): Array<{ account: string; value: string }> {
+  const manifestPaths = new Set(manifest.files.map((f) => f.path));
+  const credentials: Array<{ account: string; value: string }> = [];
+  for (const [path, entry] of entries) {
+    if (path.startsWith("credentials/") && manifestPaths.has(path)) {
+      const account = path.slice("credentials/".length);
+      if (account) {
+        const value = new TextDecoder().decode(entry.data);
+        credentials.push({ account, value });
+      }
+    }
+  }
+  return credentials;
+}
+
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------

package/src/runtime/pending-interactions.ts

@@ -1,13 +1,15 @@
 /**
  * In-memory tracker that maps requestId to conversation info for pending
- * confirmation, secret, host_bash, host_file, and host_cu interactions.
+ * confirmation, secret, host_bash, host_file, host_cu, and host_browser
+ * interactions.
  *
  * When the agent loop emits a confirmation_request, secret_request,
- * host_bash_request, host_file_request, or host_cu_request, the onEvent
- * callback registers the interaction here. Standalone HTTP endpoints
- * (/v1/confirm, /v1/secret, /v1/trust-rules, /v1/host-bash-result,
- * /v1/host-file-result, /v1/host-cu-result) look up the conversation from this
- * tracker to resolve the interaction.
+ * host_bash_request, host_file_request, host_cu_request, or
+ * host_browser_request, the onEvent callback registers the interaction here.
+ * Standalone HTTP endpoints (/v1/confirm, /v1/secret, /v1/trust-rules,
+ * /v1/host-bash-result, /v1/host-file-result, /v1/host-cu-result,
+ * /v1/host-browser-result) look up the conversation from this tracker to
+ * resolve the interaction.
  */
 
 import type { Conversation } from "../daemon/conversation.js";
@@ -45,10 +47,22 @@ export interface PendingInteraction {
     | "host_bash"
     | "host_file"
     | "host_cu"
+    | "host_browser"
     | "acp_confirmation";
   confirmationDetails?: ConfirmationDetails;
   /** For ACP permissions: resolves directly without a Conversation object. */
   directResolve?: (decision: UserDecision) => void;
+  /**
+   * For host_browser interactions originating outside an agent loop
+   * (e.g. the `assistant browser chrome relay` CLI shim that POSTs to
+   * /v1/browser-cdp). Resolves the CDP round-trip directly without
+   * touching a Conversation. When set, /v1/host-browser-result invokes
+   * this instead of `interaction.conversation.resolveHostBrowser`.
+   */
+  directBrowserResolve?: (response: {
+    content: string;
+    isError: boolean;
+  }) => void;
 }
 
 const pending = new Map<string, PendingInteraction>();
@@ -82,7 +96,7 @@ export function get(requestId: string): PendingInteraction | undefined {
 
 /**
  * Return all pending interactions for a given conversation.
- * Needed by channel approval migration (PR 3).
+ * Needed by channel approval migration.
  */
 export function getByConversation(
   conversationId: string,
@@ -100,12 +114,13 @@ export function getByConversation(
  * Remove pending confirmation and secret interactions for a given conversation.
  * Used when auto-denying all pending interactions (e.g. new user message).
  *
- * host_bash, host_file, and host_cu interactions are intentionally skipped
- * — they represent in-flight tool executions proxied to the client, not
- * confirmations to auto-deny. Removing them would orphan the request: the
- * client would POST to /v1/host-bash-result, /v1/host-file-result, or
- * /v1/host-cu-result after completing the operation, get a 404, and the
- * proxy timer would fire with a spurious timeout error.
+ * host_bash, host_file, host_cu, and host_browser interactions are
+ * intentionally skipped — they represent in-flight tool executions proxied to
+ * the client, not confirmations to auto-deny. Removing them would orphan the
+ * request: the client would POST to /v1/host-bash-result,
+ * /v1/host-file-result, /v1/host-cu-result, or /v1/host-browser-result after
+ * completing the operation, get a 404, and the proxy timer would fire with a
+ * spurious timeout error.
  */
 export function removeByConversation(conversation: Conversation): void {
   for (const [requestId, interaction] of pending) {
@@ -114,6 +129,7 @@ export function removeByConversation(conversation: Conversation): void {
       interaction.kind !== "host_bash" &&
       interaction.kind !== "host_file" &&
       interaction.kind !== "host_cu" &&
+      interaction.kind !== "host_browser" &&
       interaction.kind !== "acp_confirmation"
     ) {
       pending.delete(requestId);