@vellumai/assistant 0.6.2 → 0.6.3

package/src/daemon/host-bash-proxy.ts

@@ -14,6 +14,8 @@ interface PendingRequest {
   reject: (err: Error) => void;
   timer: ReturnType<typeof setTimeout>;
   timeoutSec: number;
+  /** Detach the abort listener from the caller's signal. No-op when no signal was passed. */
+  detachAbort: () => void;
 }
 
 export class HostBashProxy {
@@ -60,8 +62,14 @@ export class HostBashProxy {
       const timeoutSec = input.timeout_seconds ?? shellMaxTimeoutSec;
       // Proxy timeout: slightly after client-side timeout, but before executor's outer timeout
       const proxyTimeoutSec = timeoutSec + 3;
+
+      // Declared up-front so onAbort (defined before detachAbort is assigned)
+      // can close over a stable reference once it's wired below.
+      let detachAbort: () => void = () => {};
+
       const timer = setTimeout(() => {
         this.pending.delete(requestId);
+        detachAbort();
         this.onInternalResolve?.(requestId);
         log.warn(
           { requestId, command: input.command },
@@ -78,13 +86,14 @@ export class HostBashProxy {
         );
       }, proxyTimeoutSec * 1000);
 
-      this.pending.set(requestId, { resolve, reject, timer, timeoutSec });
-
       if (signal) {
         const onAbort = () => {
           if (this.pending.has(requestId)) {
             clearTimeout(timer);
             this.pending.delete(requestId);
+            // Abort fired — nothing to detach, but call the no-op for symmetry
+            // so callers can rely on detachAbort being idempotent.
+            detachAbort();
             this.onInternalResolve?.(requestId);
             try {
               this.sendToClient({
@@ -98,19 +107,43 @@ export class HostBashProxy {
           }
         };
         signal.addEventListener("abort", onAbort, { once: true });
+        detachAbort = () => signal.removeEventListener("abort", onAbort);
       }
 
-      this.sendToClient({
-        type: "host_bash_request",
-        requestId,
-        conversationId,
-        command: input.command,
-        working_dir: input.working_dir,
-        timeout_seconds: input.timeout_seconds,
-        ...(input.env && Object.keys(input.env).length > 0
-          ? { env: input.env }
-          : {}),
-      } as ServerMessage);
+      this.pending.set(requestId, {
+        resolve,
+        reject,
+        timer,
+        timeoutSec,
+        detachAbort,
+      });
+
+      try {
+        this.sendToClient({
+          type: "host_bash_request",
+          requestId,
+          conversationId,
+          command: input.command,
+          working_dir: input.working_dir,
+          timeout_seconds: input.timeout_seconds,
+          ...(input.env && Object.keys(input.env).length > 0
+            ? { env: input.env }
+            : {}),
+        } as ServerMessage);
+      } catch (err) {
+        // Sender threw synchronously (e.g. client transport error during
+        // event emission). Clean up pending state and timer so we don't
+        // leak an in-flight entry that nothing will ever resolve.
+        clearTimeout(timer);
+        this.pending.delete(requestId);
+        detachAbort();
+        this.onInternalResolve?.(requestId);
+        log.warn(
+          { requestId, command: input.command, err },
+          "Host bash proxy send failed",
+        );
+        reject(err instanceof Error ? err : new Error(String(err)));
+      }
     });
   }
 
@@ -129,6 +162,7 @@ export class HostBashProxy {
       return;
     }
     clearTimeout(entry.timer);
+    entry.detachAbort();
     this.pending.delete(requestId);
     const result = formatShellOutput(
       response.stdout,
@@ -151,6 +185,7 @@ export class HostBashProxy {
   dispose(): void {
     for (const [requestId, entry] of this.pending) {
       clearTimeout(entry.timer);
+      entry.detachAbort();
       this.onInternalResolve?.(requestId);
       try {
         this.sendToClient({

package/src/daemon/host-browser-proxy.ts

@@ -0,0 +1,191 @@
+import { v4 as uuid } from "uuid";
+
+import type { ToolExecutionResult } from "../tools/types.js";
+import { AssistantError, ErrorCode } from "../util/errors.js";
+import { getLogger } from "../util/logger.js";
+import type { ServerMessage } from "./message-protocol.js";
+import type { HostBrowserRequest } from "./message-types/host-browser.js";
+
+/** Distributive omit that preserves union variant fields. */
+type DistributiveOmit<T, K extends PropertyKey> = T extends unknown
+  ? Omit<T, K>
+  : never;
+
+/** Clean input type for callers — transport envelope fields are added by the proxy. */
+export type HostBrowserInput = DistributiveOmit<
+  HostBrowserRequest,
+  "type" | "requestId" | "conversationId"
+>;
+
+const log = getLogger("host-browser-proxy");
+
+interface PendingRequest {
+  resolve: (result: ToolExecutionResult) => void;
+  reject: (err: Error) => void;
+  timer: ReturnType<typeof setTimeout>;
+  /** Detach the abort listener from the caller's signal. No-op when no signal was passed. */
+  detachAbort: () => void;
+}
+
+export class HostBrowserProxy {
+  private pending = new Map<string, PendingRequest>();
+  private sendToClient: (msg: ServerMessage) => void;
+  private onInternalResolve?: (requestId: string) => void;
+  private clientConnected = false;
+
+  constructor(
+    sendToClient: (msg: ServerMessage) => void,
+    onInternalResolve?: (requestId: string) => void,
+  ) {
+    this.sendToClient = sendToClient;
+    this.onInternalResolve = onInternalResolve;
+  }
+
+  updateSender(
+    sendToClient: (msg: ServerMessage) => void,
+    clientConnected: boolean,
+  ): void {
+    this.sendToClient = sendToClient;
+    this.clientConnected = clientConnected;
+  }
+
+  request(
+    input: HostBrowserInput,
+    conversationId: string,
+    signal?: AbortSignal,
+  ): Promise<ToolExecutionResult> {
+    if (signal?.aborted) {
+      return Promise.resolve({ content: "Aborted", isError: true });
+    }
+
+    const requestId = uuid();
+
+    return new Promise<ToolExecutionResult>((resolve, reject) => {
+      // CDP operations should be fast — 30 second default timeout matches host_file.
+      const timeoutSec = input.timeout_seconds ?? 30;
+
+      // Declared up-front so onAbort (defined before detachAbort is assigned)
+      // can close over a stable reference once it's wired below.
+      let detachAbort: () => void = () => {};
+
+      const timer = setTimeout(() => {
+        this.pending.delete(requestId);
+        detachAbort();
+        this.onInternalResolve?.(requestId);
+        log.warn(
+          { requestId, cdpMethod: input.cdpMethod },
+          "Host browser proxy request timed out",
+        );
+        resolve({
+          content: "Host browser proxy timed out waiting for client response",
+          isError: true,
+        });
+      }, timeoutSec * 1000);
+
+      if (signal) {
+        const onAbort = () => {
+          if (this.pending.has(requestId)) {
+            clearTimeout(timer);
+            this.pending.delete(requestId);
+            // Abort fired — nothing to detach, but call the no-op for symmetry
+            // so callers can rely on detachAbort being idempotent.
+            detachAbort();
+            this.onInternalResolve?.(requestId);
+            try {
+              this.sendToClient({
+                type: "host_browser_cancel",
+                requestId,
+              } as ServerMessage);
+            } catch {
+              // Best-effort cancel notification — connection may already be closed.
+            }
+            resolve({ content: "Aborted", isError: true });
+          }
+        };
+        signal.addEventListener("abort", onAbort, { once: true });
+        detachAbort = () => signal.removeEventListener("abort", onAbort);
+      }
+
+      this.pending.set(requestId, { resolve, reject, timer, detachAbort });
+
+      try {
+        this.sendToClient({
+          ...input,
+          type: "host_browser_request",
+          requestId,
+          conversationId,
+        } as ServerMessage);
+      } catch (err) {
+        // Sender threw synchronously (e.g. client transport error during
+        // event emission). Clean up pending state and timer so we don't
+        // leak an in-flight entry that nothing will ever resolve.
+        clearTimeout(timer);
+        this.pending.delete(requestId);
+        detachAbort();
+        this.onInternalResolve?.(requestId);
+        log.warn(
+          { requestId, cdpMethod: input.cdpMethod, err },
+          "Host browser proxy send failed",
+        );
+        reject(err instanceof Error ? err : new Error(String(err)));
+      }
+    });
+  }
+
+  resolve(
+    requestId: string,
+    response: { content: string; isError: boolean },
+  ): void {
+    const entry = this.pending.get(requestId);
+    if (!entry) {
+      // Benign race, not an error. A late result frame with no matching
+      // pending entry means one of:
+      //   - the proxy-side setTimeout has already resolved the caller;
+      //   - the caller's AbortSignal fired and the entry was torn down;
+      //   - a duplicate result frame was delivered (e.g. retry after a
+      //     transient WS drop).
+      // Log at debug so operators don't chase false-positive "timeout"
+      // alerts on what is actually a cleanly-handled race.
+      log.debug(
+        { requestId },
+        "Ignoring host_browser_result for unknown or already-resolved request",
+      );
+      return;
+    }
+    clearTimeout(entry.timer);
+    entry.detachAbort();
+    this.pending.delete(requestId);
+    entry.resolve({ content: response.content, isError: response.isError });
+  }
+
+  hasPendingRequest(requestId: string): boolean {
+    return this.pending.has(requestId);
+  }
+
+  isAvailable(): boolean {
+    return this.clientConnected;
+  }
+
+  dispose(): void {
+    for (const [requestId, entry] of this.pending) {
+      clearTimeout(entry.timer);
+      entry.detachAbort();
+      this.onInternalResolve?.(requestId);
+      try {
+        this.sendToClient({
+          type: "host_browser_cancel",
+          requestId,
+        } as ServerMessage);
+      } catch {
+        // Best-effort cancel notification — connection may already be closed.
+      }
+      entry.reject(
+        new AssistantError(
+          "Host browser proxy disposed",
+          ErrorCode.INTERNAL_ERROR,
+        ),
+      );
+    }
+    this.pending.clear();
+  }
+}

package/src/daemon/host-cu-proxy.ts

@@ -57,6 +57,8 @@ interface PendingRequest {
   resolve: (result: ToolExecutionResult) => void;
   reject: (err: Error) => void;
   timer: ReturnType<typeof setTimeout>;
+  /** Detach the abort listener from the caller's signal. No-op when no signal was passed. */
+  detachAbort: () => void;
 }
 
 // ---------------------------------------------------------------------------
@@ -152,8 +154,13 @@ export class HostCuProxy {
     const requestId = uuid();
 
     return new Promise<ToolExecutionResult>((resolve, reject) => {
+      // Declared up-front so onAbort (defined before detachAbort is assigned)
+      // can close over a stable reference once it's wired below.
+      let detachAbort: () => void = () => {};
+
       const timer = setTimeout(() => {
         this.pending.delete(requestId);
+        detachAbort();
         this.onInternalResolve?.(requestId);
         log.warn({ requestId, toolName }, "Host CU proxy request timed out");
         resolve({
@@ -162,13 +169,14 @@ export class HostCuProxy {
         });
       }, REQUEST_TIMEOUT_SEC * 1000);
 
-      this.pending.set(requestId, { resolve, reject, timer });
-
       if (signal) {
         const onAbort = () => {
           if (this.pending.has(requestId)) {
             clearTimeout(timer);
             this.pending.delete(requestId);
+            // Abort fired — nothing to detach, but call the no-op for symmetry
+            // so callers can rely on detachAbort being idempotent.
+            detachAbort();
             this.onInternalResolve?.(requestId);
             try {
               this.sendToClient({
@@ -182,17 +190,32 @@ export class HostCuProxy {
           }
         };
         signal.addEventListener("abort", onAbort, { once: true });
+        detachAbort = () => signal.removeEventListener("abort", onAbort);
       }
 
-      this.sendToClient({
-        type: "host_cu_request",
-        requestId,
-        conversationId,
-        toolName,
-        input,
-        stepNumber,
-        reasoning,
-      } as ServerMessage);
+      this.pending.set(requestId, { resolve, reject, timer, detachAbort });
+
+      try {
+        this.sendToClient({
+          type: "host_cu_request",
+          requestId,
+          conversationId,
+          toolName,
+          input,
+          stepNumber,
+          reasoning,
+        } as ServerMessage);
+      } catch (err) {
+        // Sender threw synchronously (e.g. client transport error during
+        // event emission). Clean up pending state and timer so we don't
+        // leak an in-flight entry that nothing will ever resolve.
+        clearTimeout(timer);
+        this.pending.delete(requestId);
+        detachAbort();
+        this.onInternalResolve?.(requestId);
+        log.warn({ requestId, toolName, err }, "Host CU proxy send failed");
+        reject(err instanceof Error ? err : new Error(String(err)));
+      }
     });
   }
 
@@ -203,6 +226,7 @@ export class HostCuProxy {
       return;
     }
     clearTimeout(entry.timer);
+    entry.detachAbort();
     this.pending.delete(requestId);
 
     // Capture pre-update state so formatObservation sees the correct previous AX tree
@@ -388,6 +412,7 @@ export class HostCuProxy {
   dispose(): void {
     for (const [requestId, entry] of this.pending) {
       clearTimeout(entry.timer);
+      entry.detachAbort();
       this.onInternalResolve?.(requestId);
       try {
         this.sendToClient({

package/src/daemon/host-file-proxy.ts

@@ -1,5 +1,6 @@
 import { v4 as uuid } from "uuid";
 
+import { readImageBase64 } from "../tools/shared/filesystem/image-read.js";
 import type { ToolExecutionResult } from "../tools/types.js";
 import { AssistantError, ErrorCode } from "../util/errors.js";
 import { getLogger } from "../util/logger.js";
@@ -23,6 +24,10 @@ interface PendingRequest {
   resolve: (result: ToolExecutionResult) => void;
   reject: (err: Error) => void;
   timer: ReturnType<typeof setTimeout>;
+  operation: HostFileInput["operation"];
+  path: string;
+  /** Detach the abort listener from the caller's signal. No-op when no signal was passed. */
+  detachAbort: () => void;
 }
 
 export class HostFileProxy {
@@ -61,8 +66,14 @@ export class HostFileProxy {
     return new Promise<ToolExecutionResult>((resolve, reject) => {
       // File operations should be fast — 30 second timeout.
       const timeoutSec = 30;
+
+      // Declared up-front so onAbort (defined before detachAbort is assigned)
+      // can close over a stable reference once it's wired below.
+      let detachAbort: () => void = () => {};
+
       const timer = setTimeout(() => {
         this.pending.delete(requestId);
+        detachAbort();
         this.onInternalResolve?.(requestId);
         log.warn(
           { requestId, operation: input.operation },
@@ -74,13 +85,14 @@ export class HostFileProxy {
         });
       }, timeoutSec * 1000);
 
-      this.pending.set(requestId, { resolve, reject, timer });
-
       if (signal) {
         const onAbort = () => {
           if (this.pending.has(requestId)) {
             clearTimeout(timer);
             this.pending.delete(requestId);
+            // Abort fired — nothing to detach, but call the no-op for symmetry
+            // so callers can rely on detachAbort being idempotent.
+            detachAbort();
             this.onInternalResolve?.(requestId);
             try {
               this.sendToClient({
@@ -94,20 +106,45 @@ export class HostFileProxy {
           }
         };
         signal.addEventListener("abort", onAbort, { once: true });
+        detachAbort = () => signal.removeEventListener("abort", onAbort);
       }
 
-      this.sendToClient({
-        ...input,
-        type: "host_file_request",
-        requestId,
-        conversationId,
-      } as ServerMessage);
+      this.pending.set(requestId, {
+        resolve,
+        reject,
+        timer,
+        operation: input.operation,
+        path: input.path,
+        detachAbort,
+      });
+
+      try {
+        this.sendToClient({
+          ...input,
+          type: "host_file_request",
+          requestId,
+          conversationId,
+        } as ServerMessage);
+      } catch (err) {
+        // Sender threw synchronously (e.g. client transport error during
+        // event emission). Clean up pending state and timer so we don't
+        // leak an in-flight entry that nothing will ever resolve.
+        clearTimeout(timer);
+        this.pending.delete(requestId);
+        detachAbort();
+        this.onInternalResolve?.(requestId);
+        log.warn(
+          { requestId, operation: input.operation, err },
+          "Host file proxy send failed",
+        );
+        reject(err instanceof Error ? err : new Error(String(err)));
+      }
     });
   }
 
   resolve(
     requestId: string,
-    response: { content: string; isError: boolean },
+    response: { content: string; isError: boolean; imageData?: string },
   ): void {
     const entry = this.pending.get(requestId);
     if (!entry) {
@@ -115,7 +152,17 @@ export class HostFileProxy {
       return;
     }
     clearTimeout(entry.timer);
+    entry.detachAbort();
     this.pending.delete(requestId);
+    if (
+      entry.operation === "read" &&
+      !response.isError &&
+      typeof response.imageData === "string" &&
+      response.imageData.length > 0
+    ) {
+      entry.resolve(readImageBase64(response.imageData, entry.path));
+      return;
+    }
     entry.resolve({ content: response.content, isError: response.isError });
   }
 
@@ -130,6 +177,7 @@ export class HostFileProxy {
   dispose(): void {
     for (const [requestId, entry] of this.pending) {
       clearTimeout(entry.timer);
+      entry.detachAbort();
       this.onInternalResolve?.(requestId);
       try {
         this.sendToClient({

package/src/daemon/lifecycle.ts

@@ -75,6 +75,11 @@ import {
   mintPairingBearerToken,
   resolveSigningKey,
 } from "../runtime/auth/token-service.js";
+import {
+  initCapabilityTokenSecret,
+  loadOrCreateCapabilityTokenSecret,
+  writeDaemonTokenFallback,
+} from "../runtime/capability-tokens.js";
 import { ensureVellumGuardianBinding } from "../runtime/guardian-vellum-migration.js";
 import { RuntimeHttpServer } from "../runtime/http-server.js";
 import { startScheduler } from "../schedule/scheduler.js";
@@ -270,6 +275,20 @@ export async function runDaemon(): Promise<void> {
     const signingKey = resolveSigningKey();
     initAuthSigningKey(signingKey);
 
+    // Load (or generate + persist) the capability-token HMAC secret used
+    // to mint scoped tokens for the chrome extension pair endpoint.
+    // Wrapped in try/catch so a disk failure here never blocks startup —
+    // tokens can still be minted using a lazy on-demand load inside the
+    // capability-tokens module.
+    try {
+      initCapabilityTokenSecret(loadOrCreateCapabilityTokenSecret());
+    } catch (err) {
+      log.warn(
+        { err },
+        "Failed to pre-load capability token secret — continuing startup (lazy load will handle subsequent calls)",
+      );
+    }
+
     // Pre-populate the feature flag cache from the gateway so all
     // subsequent sync isAssistantFeatureFlagEnabled() calls have data.
     // Fired non-blocking so a slow or unreachable gateway doesn't delay
@@ -432,8 +451,11 @@ export async function runDaemon(): Promise<void> {
 
       // Ensure a vellum guardian binding exists so the identity system works
       // without requiring a manual bootstrap step.
+      let localGuardianPrincipalId = "local";
       try {
-        ensureVellumGuardianBinding(DAEMON_INTERNAL_ASSISTANT_ID);
+        localGuardianPrincipalId = ensureVellumGuardianBinding(
+          DAEMON_INTERNAL_ASSISTANT_ID,
+        );
       } catch (err) {
         log.warn(
           { err },
@@ -441,6 +463,19 @@ export async function runDaemon(): Promise<void> {
         );
       }
 
+      // Write a dev-only fallback capability token to `~/.vellum/daemon-token`
+      // so developers can manually pair the chrome extension without the
+      // native messaging helper. Production pairing goes through
+      // `POST /v1/browser-extension-pair` via the native helper.
+      try {
+        writeDaemonTokenFallback(localGuardianPrincipalId);
+      } catch (err) {
+        log.warn(
+          { err },
+          "Failed to write dev daemon-token fallback — continuing startup",
+        );
+      }
+
       try {
         syncUpdateBulletinOnStartup();
       } catch (err) {
@@ -589,8 +624,6 @@ export async function runDaemon(): Promise<void> {
       }
     }
 
-    await initializeProvidersAndTools(config);
-
     // Start the DaemonServer (conversation manager) before Qdrant so HTTP
     // routes can begin accepting requests while Qdrant initializes.
     log.info("Daemon startup: starting DaemonServer");
@@ -745,12 +778,17 @@ export async function runDaemon(): Promise<void> {
           conversationId,
           message,
           undefined,
-          options?.trustClass
+          options
             ? {
-                trustContext: {
-                  sourceChannel: "vellum",
-                  trustClass: options.trustClass,
-                },
+                ...(options.trustClass
+                  ? {
+                      trustContext: {
+                        sourceChannel: "vellum",
+                        trustClass: options.trustClass,
+                      },
+                    }
+                  : {}),
+                ...(options.taskRunId ? { taskRunId: options.taskRunId } : {}),
               }
             : undefined,
         );
@@ -1170,6 +1208,21 @@ export async function runDaemon(): Promise<void> {
       runtimeHttp = null;
     }
 
+    // Initialize providers and tools after the HTTP server is listening so
+    // health-check and pairing requests can be served immediately.  Wrapped in
+    // its own try/catch so a failure here doesn't tear down the running HTTP
+    // server (DaemonServer.start() already calls initializeProviders internally
+    // and tools are resolved lazily at conversation creation time).
+    try {
+      log.info("Daemon startup: initializing providers and tools");
+      await initializeProvidersAndTools(config);
+    } catch (err) {
+      log.warn(
+        { err },
+        "Provider/tool initialization failed — continuing with degraded functionality",
+      );
+    }
+
     writePid(process.pid);
     log.info({ pid: process.pid }, "Daemon started");
 
@@ -1198,10 +1251,11 @@ export async function runDaemon(): Promise<void> {
         if (!runtimeManager.isReady()) {
           log.info("Downloading embedding runtime in background...");
           await runtimeManager.ensureInstalled();
-          // Reset the localBackendBroken flag so auto mode retries local embeddings
-          const { clearEmbeddingBackendCache } =
+          // Reset the sticky local-backend failure flag so auto mode retries
+          // local embeddings without evicting a worker that may already be live.
+          const { resetLocalEmbeddingFailureState } =
             await import("../memory/embedding-backend.js");
-          clearEmbeddingBackendCache();
+          resetLocalEmbeddingFailureState();
           log.info("Embedding runtime download complete");
         }
       } catch (err) {

package/src/daemon/message-protocol.ts

@@ -23,6 +23,7 @@ export * from "./message-types/diagnostics.js";
 export * from "./message-types/documents.js";
 export * from "./message-types/guardian-actions.js";
 export * from "./message-types/host-bash.js";
+export * from "./message-types/host-browser.js";
 export * from "./message-types/host-cu.js";
 export * from "./message-types/host-file.js";
 export * from "./message-types/inbox.js";
@@ -77,6 +78,10 @@ import type {
   _GuardianActionsServerMessages,
 } from "./message-types/guardian-actions.js";
 import type { _HostBashServerMessages } from "./message-types/host-bash.js";
+import type {
+  _HostBrowserClientMessages,
+  _HostBrowserServerMessages,
+} from "./message-types/host-browser.js";
 import type { _HostCuServerMessages } from "./message-types/host-cu.js";
 import type { _HostFileServerMessages } from "./message-types/host-file.js";
 import type {
@@ -157,6 +162,7 @@ export type ClientMessage =
   | _ContactsClientMessages
   | _WorkItemsClientMessages
   | _BrowserClientMessages
+  | _HostBrowserClientMessages
   | _SubagentsClientMessages
   | _DocumentsClientMessages
   | _GuardianActionsClientMessages
@@ -186,6 +192,7 @@ export type ServerMessage =
   | _DocumentsServerMessages
   | _GuardianActionsServerMessages
   | _HostBashServerMessages
+  | _HostBrowserServerMessages
   | _HostCuServerMessages
   | _HostFileServerMessages
   | _MemoryServerMessages