@vellumai/assistant 0.6.2 → 0.6.3

package/src/browser-extension-relay/protocol.ts

@@ -1,63 +0,0 @@
-/**
- * Protocol types for the Chrome extension relay bridge.
- *
- * Messages flow:
- *   Assistant → ExtensionRelayServer → WebSocket → Chrome Extension → Tab (JS eval)
- */
-
-export interface CookieSpec {
-  url: string;
-  name: string;
-  value: string;
-  domain?: string;
-  path?: string;
-  secure?: boolean;
-  httpOnly?: boolean;
-  expirationDate?: number;
-}
-
-/**
- * Command sent from the server to the extension over WebSocket.
- */
-export interface ExtensionCommand {
-  id: string; // UUID
-  action:
-    | "evaluate"
-    | "navigate"
-    | "get_cookies"
-    | "set_cookie"
-    | "screenshot"
-    | "find_tab"
-    | "new_tab";
-  tabId?: number;
-  code?: string; // for evaluate
-  url?: string; // for navigate / find_tab / new_tab
-  domain?: string; // for get_cookies
-  cookie?: CookieSpec;
-  timeoutMs?: number;
-}
-
-/**
- * Response sent from the extension back to the server.
- */
-export interface ExtensionResponse {
-  id: string;
-  success: boolean;
-  result?: unknown;
-  error?: string;
-  tabId?: number;
-}
-
-/**
- * Periodic heartbeat from the extension to the server.
- */
-export interface ExtensionHeartbeat {
-  type: "heartbeat";
-  extensionVersion: string;
-  connectedTabs: number;
-}
-
-/**
- * Any message received from the extension (heartbeat or command response).
- */
-export type ExtensionInboundMessage = ExtensionHeartbeat | ExtensionResponse;

package/src/browser-extension-relay/server.ts

@@ -1,203 +0,0 @@
-/**
- * WebSocket server for the Chrome extension relay bridge.
- *
- * Holds a single active extension connection. Commands are sent as JSON
- * and matched to pending Promises by UUID.
- */
-
-import type { ServerWebSocket } from "bun";
-
-import { getLogger } from "../util/logger.js";
-import type {
-  ExtensionCommand,
-  ExtensionHeartbeat,
-  ExtensionInboundMessage,
-  ExtensionResponse,
-} from "./protocol.js";
-
-const log = getLogger("browser-extension-relay");
-
-const DEFAULT_COMMAND_TIMEOUT_MS = 30_000;
-
-interface PendingCommand {
-  resolve: (value: ExtensionResponse) => void;
-  reject: (reason: Error) => void;
-  timer: ReturnType<typeof setTimeout>;
-}
-
-export interface BrowserRelayWebSocketData {
-  wsType: "browser-relay";
-  connectionId: string;
-}
-
-export interface ExtensionRelayStatus {
-  connected: boolean;
-  connectionId: string | null;
-  lastHeartbeatAt: number | null;
-  pendingCommandCount: number;
-}
-
-/**
- * Manages the single active Chrome extension WebSocket connection and
- * dispatches commands to it.
- */
-export class ExtensionRelayServer {
-  private ws: ServerWebSocket<BrowserRelayWebSocketData> | null = null;
-  private connectionId: string | null = null;
-  private lastHeartbeatAt: number | null = null;
-  private pendingCommands = new Map<string, PendingCommand>();
-
-  // ── WebSocket lifecycle ────────────────────────────────────────────
-
-  handleOpen(ws: ServerWebSocket<BrowserRelayWebSocketData>): void {
-    const newId = ws.data.connectionId;
-
-    if (this.ws) {
-      log.warn(
-        { oldConnectionId: this.connectionId, newConnectionId: newId },
-        "Browser extension relay: new connection displaced an existing one",
-      );
-      try {
-        this.ws.close(1001, "Displaced by new connection");
-      } catch {
-        // best-effort
-      }
-      this.rejectAllPending(
-        new Error("Extension reconnected — previous commands cancelled"),
-      );
-    }
-
-    this.ws = ws;
-    this.connectionId = newId;
-    log.info({ connectionId: newId }, "Browser extension relay connected");
-  }
-
-  handleMessage(
-    ws: ServerWebSocket<BrowserRelayWebSocketData>,
-    raw: string,
-  ): void {
-    let msg: ExtensionInboundMessage;
-    try {
-      msg = JSON.parse(raw) as ExtensionInboundMessage;
-    } catch {
-      log.warn(
-        { connectionId: ws.data.connectionId },
-        "Browser extension relay: failed to parse message",
-      );
-      return;
-    }
-
-    if ("type" in msg && msg.type === "heartbeat") {
-      this.handleHeartbeat(msg);
-      return;
-    }
-
-    // Otherwise it's a command response
-    const response = msg as ExtensionResponse;
-    const pending = this.pendingCommands.get(response.id);
-    if (!pending) {
-      log.warn(
-        { id: response.id },
-        "Browser extension relay: received response for unknown command id",
-      );
-      return;
-    }
-
-    clearTimeout(pending.timer);
-    this.pendingCommands.delete(response.id);
-    pending.resolve(response);
-  }
-
-  handleClose(
-    ws: ServerWebSocket<BrowserRelayWebSocketData>,
-    code: number,
-    reason?: string,
-  ): void {
-    const closedId = ws.data.connectionId;
-    if (this.connectionId !== closedId) {
-      // Stale close for a displaced connection — ignore
-      return;
-    }
-
-    log.info(
-      { connectionId: closedId, code, reason },
-      "Browser extension relay disconnected",
-    );
-    this.ws = null;
-    this.connectionId = null;
-    this.rejectAllPending(new Error(`Extension disconnected (code=${code})`));
-  }
-
-  // ── Command dispatch ───────────────────────────────────────────────
-
-  /**
-   * Send a command to the extension and wait for its response.
-   */
-  sendCommand(
-    command: Omit<ExtensionCommand, "id">,
-    timeoutMs: number = DEFAULT_COMMAND_TIMEOUT_MS,
-  ): Promise<ExtensionResponse> {
-    if (!this.ws) {
-      return Promise.reject(new Error("Browser extension is not connected"));
-    }
-
-    const id = crypto.randomUUID();
-    const fullCommand: ExtensionCommand = { ...command, id };
-
-    return new Promise<ExtensionResponse>((resolve, reject) => {
-      const timer = setTimeout(() => {
-        this.pendingCommands.delete(id);
-        reject(
-          new Error(
-            `Browser extension command timed out after ${timeoutMs}ms (action=${command.action})`,
-          ),
-        );
-      }, timeoutMs);
-
-      this.pendingCommands.set(id, { resolve, reject, timer });
-
-      try {
-        this.ws!.send(JSON.stringify(fullCommand));
-      } catch (err) {
-        clearTimeout(timer);
-        this.pendingCommands.delete(id);
-        reject(err instanceof Error ? err : new Error(String(err)));
-      }
-    });
-  }
-
-  // ── Status ─────────────────────────────────────────────────────────
-
-  getStatus(): ExtensionRelayStatus {
-    return {
-      connected: !!this.ws,
-      connectionId: this.connectionId,
-      lastHeartbeatAt: this.lastHeartbeatAt,
-      pendingCommandCount: this.pendingCommands.size,
-    };
-  }
-
-  // ── Private helpers ────────────────────────────────────────────────
-
-  private handleHeartbeat(msg: ExtensionHeartbeat): void {
-    this.lastHeartbeatAt = Date.now();
-    log.debug(
-      {
-        extensionVersion: msg.extensionVersion,
-        connectedTabs: msg.connectedTabs,
-      },
-      "Browser extension heartbeat received",
-    );
-  }
-
-  private rejectAllPending(err: Error): void {
-    for (const [id, pending] of this.pendingCommands) {
-      clearTimeout(pending.timer);
-      pending.reject(err);
-      this.pendingCommands.delete(id);
-    }
-  }
-}
-
-/** Module-level singleton — imported by http-server and client. */
-export const extensionRelayServer = new ExtensionRelayServer();

package/src/config/schemas/sandbox.ts

@@ -1,14 +0,0 @@
-import { z } from "zod";
-
-export const SandboxConfigSchema = z
-  .object({
-    enabled: z
-      .boolean({ error: "sandbox.enabled must be a boolean" })
-      .default(false)
-      .describe(
-        "Whether to run tool executions in a sandboxed environment for safety",
-      ),
-  })
-  .describe("Sandbox configuration for isolating tool executions");
-
-export type SandboxConfig = z.infer<typeof SandboxConfigSchema>;

package/src/permissions/permission-mode-store.ts

@@ -1,180 +0,0 @@
-/**
- * Singleton runtime store for the two-axis permission mode.
- *
- * Reads initial state from the `permissions` section of config.json on
- * initialization and persists mutations back to the config file via the
- * raw-config read/write helpers so env-var–derived keys are never leaked
- * to disk.
- *
- * Downstream consumers (e.g. SSE broadcast) register change listeners
- * via `onModeChanged()`.
- */
-
-import {
-  invalidateConfigCache,
-  loadConfig,
-  loadRawConfig,
-  saveRawConfig,
-} from "../config/loader.js";
-import { getLogger } from "../util/logger.js";
-import type { PermissionMode } from "./permission-mode.js";
-import { DEFAULT_PERMISSION_MODE } from "./permission-mode.js";
-
-const log = getLogger("permission-mode-store");
-
-// ---------------------------------------------------------------------------
-// Types
-// ---------------------------------------------------------------------------
-
-export type ModeChangeListener = (mode: PermissionMode) => void;
-
-// ---------------------------------------------------------------------------
-// Module-level state
-// ---------------------------------------------------------------------------
-
-let currentMode: PermissionMode = { ...DEFAULT_PERMISSION_MODE };
-let initialized = false;
-const listeners: ModeChangeListener[] = [];
-
-// ---------------------------------------------------------------------------
-// Internal helpers
-// ---------------------------------------------------------------------------
-
-function notifyListeners(): void {
-  const snapshot = { ...currentMode };
-  for (const listener of listeners) {
-    try {
-      listener(snapshot);
-    } catch (err) {
-      log.error({ err }, "Error in permission mode change listener");
-    }
-  }
-}
-
-/**
- * Persist the current in-memory permission mode to config.json.
- *
- * Uses the raw-config pattern (loadRawConfig → mutate → saveRawConfig) so
- * that env-var–derived fields (API keys, dataDir) are never written to disk.
- */
-function persistToConfig(): void {
-  try {
-    const raw = loadRawConfig();
-
-    // Ensure the permissions object exists
-    if (
-      raw.permissions == null ||
-      typeof raw.permissions !== "object" ||
-      Array.isArray(raw.permissions)
-    ) {
-      raw.permissions = {};
-    }
-
-    const permissions = raw.permissions as Record<string, unknown>;
-    permissions.askBeforeActing = currentMode.askBeforeActing;
-    permissions.hostAccess = currentMode.hostAccess;
-
-    saveRawConfig(raw);
-
-    // Invalidate the cached config so the next loadConfig() picks up the
-    // persisted values rather than returning stale in-memory state.
-    invalidateConfigCache();
-  } catch (err) {
-    log.error({ err }, "Failed to persist permission mode to config");
-  }
-}
-
-// ---------------------------------------------------------------------------
-// Public API
-// ---------------------------------------------------------------------------
-
-/**
- * Initialize the store from the current config. Safe to call multiple times;
- * subsequent calls are no-ops unless `resetForTesting()` has been called.
- */
-export function initPermissionModeStore(): void {
-  if (initialized) return;
-
-  try {
-    const config = loadConfig();
-    currentMode = {
-      askBeforeActing: config.permissions.askBeforeActing,
-      hostAccess: config.permissions.hostAccess,
-    };
-  } catch (err) {
-    log.warn(
-      { err },
-      "Failed to load permission mode from config; using defaults",
-    );
-    currentMode = { ...DEFAULT_PERMISSION_MODE };
-  }
-
-  initialized = true;
-}
-
-/**
- * Return the current permission mode. Initializes from config on first call
- * if `initPermissionModeStore()` hasn't been called yet.
- */
-export function getMode(): PermissionMode {
-  if (!initialized) {
-    initPermissionModeStore();
-  }
-  return { ...currentMode };
-}
-
-/**
- * Update the `askBeforeActing` axis. Persists to config.json and notifies
- * change listeners.
- */
-export function setAskBeforeActing(value: boolean): void {
-  if (!initialized) {
-    initPermissionModeStore();
-  }
-
-  if (currentMode.askBeforeActing === value) return;
-
-  currentMode.askBeforeActing = value;
-  persistToConfig();
-  notifyListeners();
-}
-
-/**
- * Update the `hostAccess` axis. Persists to config.json and notifies
- * change listeners.
- */
-export function setHostAccess(value: boolean): void {
-  if (!initialized) {
-    initPermissionModeStore();
-  }
-
-  if (currentMode.hostAccess === value) return;
-
-  currentMode.hostAccess = value;
-  persistToConfig();
-  notifyListeners();
-}
-
-/**
- * Register a callback that fires whenever the permission mode changes.
- * Returns an unsubscribe function.
- */
-export function onModeChanged(callback: ModeChangeListener): () => void {
-  listeners.push(callback);
-  return () => {
-    const idx = listeners.indexOf(callback);
-    if (idx >= 0) {
-      listeners.splice(idx, 1);
-    }
-  };
-}
-
-/**
- * Reset the store to uninitialized state. **Test-only** — production code
- * should never call this.
- */
-export function resetForTesting(): void {
-  currentMode = { ...DEFAULT_PERMISSION_MODE };
-  initialized = false;
-  listeners.length = 0;
-}

package/src/tools/browser/chrome-cdp.ts

@@ -1,239 +0,0 @@
-/**
- * Shared Chrome CDP session management.
- *
- * Consolidates the duplicated launch / readiness / window-management logic
- * that was previously copy-pasted across the Amazon and DoorDash CLIs.
- * Callers get back a {@link CdpSession} with structured metadata so they can
- * make cleanup decisions (e.g. only kill Chrome if *we* launched it).
- */
-
-import { execSync, spawn as spawnChild } from "node:child_process";
-import { homedir } from "node:os";
-import { join as pathJoin } from "node:path";
-
-// ---------------------------------------------------------------------------
-// Constants
-// ---------------------------------------------------------------------------
-
-const DEFAULT_CDP_PORT = 9222;
-const DEFAULT_CDP_BASE = `http://localhost:${DEFAULT_CDP_PORT}`;
-const DEFAULT_USER_DATA_DIR = pathJoin(
-  homedir(),
-  "Library/Application Support/Google/Chrome-CDP",
-);
-const CHROME_APP_PATH =
-  "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome";
-
-// ---------------------------------------------------------------------------
-// Types
-// ---------------------------------------------------------------------------
-
-export interface CdpSession {
-  /** Base URL for the CDP HTTP endpoints (e.g. `http://localhost:9222`). */
-  baseUrl: string;
-  /** Whether this helper launched Chrome (true) or it was already running (false). */
-  launchedByUs: boolean;
-  /** The `--user-data-dir` used for the Chrome instance. */
-  userDataDir: string;
-}
-
-export interface EnsureChromeOptions {
-  /** CDP port. Defaults to `9222`. */
-  port?: number;
-  /** User data directory for Chrome. Defaults to `~/Library/Application Support/Google/Chrome-CDP`. */
-  userDataDir?: string;
-  /** Initial URL to open when launching Chrome. */
-  startUrl?: string;
-}
-
-// ---------------------------------------------------------------------------
-// Readiness check
-// ---------------------------------------------------------------------------
-
-/**
- * Returns `true` when a CDP endpoint is responding at the given base URL
- * and has at least one open page tab. A CDP endpoint with zero tabs is
- * stale and unusable - callers should treat it as not ready.
- */
-export async function isCdpReady(
-  cdpBase: string = DEFAULT_CDP_BASE,
-): Promise<boolean> {
-  try {
-    const res = await fetch(`${cdpBase}/json/version`);
-    if (!res.ok) return false;
-
-    // Verify there's at least one page tab - a CDP endpoint with no tabs
-    // is a stale Chrome process that should be relaunched.
-    const listRes = await fetch(`${cdpBase}/json/list`);
-    if (!listRes.ok) return false;
-    const targets = (await listRes.json()) as Array<{ type: string }>;
-    return targets.some((t) => t.type === "page");
-  } catch {
-    return false;
-  }
-}
-
-// ---------------------------------------------------------------------------
-// Launch / ensure
-// ---------------------------------------------------------------------------
-
-/**
- * Ensure a Chrome instance with CDP is available. If one is already listening
- * on the target port, returns immediately. Otherwise spawns a new detached
- * Chrome process and waits for the CDP endpoint to become ready.
- *
- * Returns a {@link CdpSession} with metadata about the running instance.
- */
-export async function ensureChromeWithCdp(
-  options: EnsureChromeOptions = {},
-): Promise<CdpSession> {
-  const port = options.port ?? DEFAULT_CDP_PORT;
-  const baseUrl = `http://localhost:${port}`;
-  const userDataDir = options.userDataDir ?? DEFAULT_USER_DATA_DIR;
-
-  if (await isCdpReady(baseUrl)) {
-    return { baseUrl, launchedByUs: false, userDataDir };
-  }
-
-  // If CDP is responding but has no tabs (stale), kill the process holding the port.
-  try {
-    const versionRes = await fetch(`${baseUrl}/json/version`);
-    if (versionRes.ok) {
-      // Stale Chrome - CDP up but no tabs. Kill it so we can relaunch.
-      try {
-        execSync(`lsof -ti :${port} | xargs kill -9 2>/dev/null`, {
-          stdio: "ignore",
-        });
-      } catch {
-        // Ignore - process may have already exited.
-      }
-      // Brief wait for port to clear.
-      await new Promise((r) => setTimeout(r, 500));
-    }
-  } catch {
-    // CDP not responding at all - port is free, proceed to launch.
-  }
-
-  const args = [
-    `--remote-debugging-port=${port}`,
-    `--force-renderer-accessibility`,
-    `--user-data-dir=${userDataDir}`,
-  ];
-  if (options.startUrl) {
-    args.push(options.startUrl);
-  }
-
-  spawnChild(CHROME_APP_PATH, args, {
-    detached: true,
-    stdio: "ignore",
-  }).unref();
-
-  // Poll until CDP responds (up to 15 s)
-  for (let i = 0; i < 30; i++) {
-    await new Promise((r) => setTimeout(r, 500));
-    if (await isCdpReady(baseUrl)) {
-      return { baseUrl, launchedByUs: true, userDataDir };
-    }
-  }
-
-  throw new Error("Chrome started but CDP endpoint not responding after 15s");
-}
-
-// ---------------------------------------------------------------------------
-// Window management helpers
-// ---------------------------------------------------------------------------
-
-/**
- * Look up the first page target and return its WebSocket debugger URL.
- */
-async function findPageTarget(cdpBase: string): Promise<string | null> {
-  const res = await fetch(`${cdpBase}/json/list`);
-  const targets = (await res.json()) as Array<{
-    type: string;
-    webSocketDebuggerUrl: string;
-  }>;
-  const page = targets.find((t) => t.type === "page");
-  return page?.webSocketDebuggerUrl ?? null;
-}
-
-/**
- * Set the window state of the Chrome window owning the first page target.
- * Used by both minimize and restore.
- */
-async function setWindowState(
-  cdpBase: string,
-  windowState: "minimized" | "normal",
-): Promise<void> {
-  const wsUrl = await findPageTarget(cdpBase);
-  if (!wsUrl) return;
-
-  const ws = new WebSocket(wsUrl);
-
-  await new Promise<void>((resolve, reject) => {
-    const timeout = setTimeout(() => {
-      ws.close();
-      reject(new Error(`CDP ${windowState} timed out`));
-    }, 5000);
-
-    ws.addEventListener("open", () => {
-      ws.send(JSON.stringify({ id: 1, method: "Browser.getWindowForTarget" }));
-    });
-
-    ws.addEventListener("message", (event) => {
-      const msg = JSON.parse(String(event.data)) as {
-        id: number;
-        result?: { windowId: number };
-        error?: { message: string };
-      };
-      if (msg.id === 1 && msg.result) {
-        ws.send(
-          JSON.stringify({
-            id: 2,
-            method: "Browser.setWindowBounds",
-            params: {
-              windowId: msg.result.windowId,
-              bounds: { windowState },
-            },
-          }),
-        );
-      } else if (msg.id === 1) {
-        clearTimeout(timeout);
-        ws.close();
-        reject(new Error("Browser.getWindowForTarget failed"));
-      } else if (msg.id === 2) {
-        clearTimeout(timeout);
-        ws.close();
-        if (msg.error) {
-          reject(
-            new Error(`Browser.setWindowBounds failed: ${msg.error.message}`),
-          );
-        } else {
-          resolve();
-        }
-      }
-    });
-
-    ws.addEventListener("error", (err) => {
-      clearTimeout(timeout);
-      reject(err);
-    });
-  });
-}
-
-/**
- * Minimize the Chrome window associated with the CDP session.
- */
-export async function minimizeChromeWindow(
-  cdpBase: string = DEFAULT_CDP_BASE,
-): Promise<void> {
-  await setWindowState(cdpBase, "minimized");
-}
-
-/**
- * Restore (un-minimize) the Chrome window associated with the CDP session.
- */
-export async function restoreChromeWindow(
-  cdpBase: string = DEFAULT_CDP_BASE,
-): Promise<void> {
-  await setWindowState(cdpBase, "normal");
-}