@vellumai/assistant 0.6.3 → 0.6.4

package/src/oauth/byo-connection.test.ts

@@ -77,6 +77,7 @@ const mockConnections = new Map<
     expiresAt: number | null;
     grantedScopes?: string;
     accountInfo?: string | null;
+    status?: string;
   }
 >();
 const mockApps = new Map<
@@ -92,14 +93,26 @@ const mockProviders = new Map<
   string,
   {
     key: string;
+    provider: string;
     tokenExchangeUrl: string;
     tokenEndpointAuthMethod?: string;
+    tokenExchangeBodyFormat?: string;
     baseUrl?: string;
+    managedServiceConfigKey?: string | null;
   }
 >();
 
 mock.module("./oauth-store.js", () => ({
   getConnectionByProvider: (service: string) => mockConnections.get(service),
+  getActiveConnection: (
+    service: string,
+    opts?: { clientId?: string; account?: string },
+  ) => {
+    const conn = mockConnections.get(service);
+    if (!conn) return undefined;
+    if (opts?.account && conn.accountInfo !== opts.account) return undefined;
+    return conn;
+  },
   getConnection: (id: string) => {
     for (const conn of mockConnections.values()) {
       if (conn.id === id) return conn;
@@ -192,12 +205,15 @@ async function setupCredential(
   const connId = `conn-${service}`;
   mockProviders.set(service, {
     key: service,
+    provider: service,
     tokenExchangeUrl: "https://oauth2.googleapis.com/token",
+    tokenExchangeBodyFormat: "form",
     // Only well-known providers (gmail) have a baseUrl; custom services don't
     baseUrl:
       service === "google"
         ? "https://gmail.googleapis.com/gmail/v1/users/me"
         : undefined,
+    managedServiceConfigKey: null,
   });
   mockApps.set(appId, {
     id: appId,
@@ -212,6 +228,7 @@ async function setupCredential(
     expiresAt: opts?.expiresAt ?? Date.now() + 3600 * 1000,
     grantedScopes: JSON.stringify(opts?.grantedScopes ?? ["read", "write"]),
     accountInfo: null,
+    status: "active",
   });
   // Store access token in oauth-store key format
   await setSecureKeyAsync(
@@ -509,7 +526,7 @@ describe("resolveOAuthConnection", () => {
   test("throws when no base URL configured", async () => {
     await setupCredential("custom-service");
     await expect(resolveOAuthConnection("custom-service")).rejects.toThrow(
-      /No base URL configured for "custom-service"/,
+      /OAuth provider "custom-service" has no base URL configured/,
     );
   });
 });

package/src/oauth/byo-connection.ts

@@ -82,7 +82,9 @@ export class BYOOAuthConnection implements OAuthConnection {
           method: req.method,
           headers,
           body: req.body ? JSON.stringify(req.body) : undefined,
-          signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
+          signal: req.signal
+            ? AbortSignal.any([req.signal, AbortSignal.timeout(REQUEST_TIMEOUT_MS)])
+            : AbortSignal.timeout(REQUEST_TIMEOUT_MS),
         });
 
         if (resp.status === 401) {

package/src/oauth/connect-orchestrator.ts

@@ -209,6 +209,8 @@ export async function orchestrateOAuthConnect(
     authorizeParams,
     userinfoUrl,
     tokenEndpointAuthMethod,
+    tokenExchangeBodyFormat:
+      (providerRow.tokenExchangeBodyFormat as "form" | "json") ?? "form",
   };
 
   const storageParams = {

package/src/oauth/connection-resolver.ts

@@ -1,5 +1,9 @@
 import { getConfig } from "../config/loader.js";
-import { type Services, ServicesSchema } from "../config/schemas/services.js";
+import {
+  getServiceMode,
+  type Services,
+  ServicesSchema,
+} from "../config/schemas/services.js";
 import { VellumPlatformClient } from "../platform/client.js";
 import { getSecureKeyAsync } from "../security/secure-keys.js";
 import { getLogger } from "../util/logger.js";
@@ -47,7 +51,7 @@ export async function resolveOAuthConnection(
 
   if (managedKey && managedKey in ServicesSchema.shape) {
     const services: Services = getConfig().services;
-    if (services[managedKey as keyof Services].mode === "managed") {
+    if (getServiceMode(services, managedKey as keyof Services) === "managed") {
       const client = await VellumPlatformClient.create();
       if (!client || !client.platformAssistantId) {
         const detail = !client

package/src/oauth/connection.ts

@@ -11,6 +11,8 @@ export interface OAuthConnectionRequest {
    * use the same credential but different base URLs).
    */
   baseUrl?: string;
+  /** Optional abort signal to cancel the request. */
+  signal?: AbortSignal;
 }
 
 export interface OAuthConnectionResponse {

package/src/oauth/oauth-store.ts

@@ -72,6 +72,7 @@ export function seedProviders(
     tokenExchangeUrl: string;
     refreshUrl?: string;
     tokenEndpointAuthMethod?: string;
+    tokenExchangeBodyFormat?: string;
     userinfoUrl?: string;
     pingUrl?: string;
     pingMethod?: string;
@@ -122,6 +123,7 @@ export function seedProviders(
     // token endpoint auth method.
     const tokenEndpointAuthMethod =
       p.tokenEndpointAuthMethod || "client_secret_post";
+    const tokenExchangeBodyFormat = p.tokenExchangeBodyFormat || "form";
     const userinfoUrl = p.userinfoUrl ?? null;
     const pingUrl = p.pingUrl ?? null;
     const pingMethod = p.pingMethod ?? null;
@@ -176,6 +178,7 @@ export function seedProviders(
         tokenExchangeUrl,
         refreshUrl,
         tokenEndpointAuthMethod,
+        tokenExchangeBodyFormat,
         userinfoUrl,
         baseUrl,
         defaultScopes,
@@ -217,6 +220,7 @@ export function seedProviders(
           tokenExchangeUrl,
           refreshUrl,
           tokenEndpointAuthMethod,
+          tokenExchangeBodyFormat,
           userinfoUrl,
           baseUrl: sql`COALESCE(${oauthProviders.baseUrl}, ${baseUrl})`,
           scopeSeparator,
@@ -279,6 +283,7 @@ export function registerProvider(params: {
   tokenExchangeUrl: string;
   refreshUrl?: string;
   tokenEndpointAuthMethod?: string;
+  tokenExchangeBodyFormat?: string;
   userinfoUrl?: string;
   pingUrl?: string;
   pingMethod?: string;
@@ -331,6 +336,7 @@ export function registerProvider(params: {
     refreshUrl: params.refreshUrl ?? null,
     tokenEndpointAuthMethod:
       params.tokenEndpointAuthMethod || "client_secret_post",
+    tokenExchangeBodyFormat: params.tokenExchangeBodyFormat || "form",
     userinfoUrl: params.userinfoUrl ?? null,
     baseUrl: params.baseUrl ?? null,
     defaultScopes: JSON.stringify(params.defaultScopes),
@@ -402,6 +408,7 @@ export function updateProvider(
     tokenExchangeUrl: string;
     refreshUrl: string;
     tokenEndpointAuthMethod: string;
+    tokenExchangeBodyFormat: string;
     userinfoUrl: string;
     pingUrl: string;
     pingMethod: string;
@@ -452,6 +459,8 @@ export function updateProvider(
   if (params.tokenEndpointAuthMethod !== undefined)
     set.tokenEndpointAuthMethod =
       params.tokenEndpointAuthMethod || "client_secret_post";
+  if (params.tokenExchangeBodyFormat !== undefined)
+    set.tokenExchangeBodyFormat = params.tokenExchangeBodyFormat || "form";
   if (params.userinfoUrl !== undefined) set.userinfoUrl = params.userinfoUrl;
   if (params.pingUrl !== undefined) set.pingUrl = params.pingUrl;
   if (params.pingMethod !== undefined) set.pingMethod = params.pingMethod;

package/src/oauth/platform-connection.test.ts

@@ -1,5 +1,13 @@
 import { describe, expect, mock, test } from "bun:test";
 
+import * as actualRetry from "../util/retry.js";
+
+// Stub out sleep so retry tests don't wait for real delays.
+mock.module("../util/retry.js", () => ({
+  ...actualRetry,
+  sleep: () => Promise.resolve(),
+}));
+
 import type { VellumPlatformClient } from "../platform/client.js";
 import { BackendError, VellumError } from "../util/errors.js";
 import {
@@ -226,6 +234,96 @@ describe("PlatformOAuthConnection", () => {
     );
   });
 
+  test("retries on 429 and succeeds", async () => {
+    let callCount = 0;
+    const client = makeMockClient(
+      mock(async () => {
+        callCount++;
+        if (callCount <= 2) {
+          return new Response("", { status: 429 });
+        }
+        return new Response(
+          JSON.stringify({ status: 200, headers: {}, body: { ok: true } }),
+          { status: 200 },
+        );
+      }) as unknown as typeof globalThis.fetch,
+    );
+
+    const conn = new PlatformOAuthConnection({ ...DEFAULT_OPTIONS, client });
+    const result = await conn.request({ method: "GET", path: "/test" });
+
+    expect(result.status).toBe(200);
+    expect(result.body).toEqual({ ok: true });
+    expect(callCount).toBe(3);
+  });
+
+  test("throws after exhausting retries on 429", async () => {
+    const client = makeMockClient(
+      mock(
+        async () => new Response("", { status: 429 }),
+      ) as unknown as typeof globalThis.fetch,
+    );
+
+    const conn = new PlatformOAuthConnection({ ...DEFAULT_OPTIONS, client });
+    await expect(
+      conn.request({ method: "GET", path: "/test" }),
+    ).rejects.toThrow("Platform proxy returned unexpected status 429");
+  });
+
+  test("retries on 500 and succeeds", async () => {
+    let callCount = 0;
+    const client = makeMockClient(
+      mock(async () => {
+        callCount++;
+        if (callCount === 1) {
+          return new Response("", { status: 500 });
+        }
+        return new Response(
+          JSON.stringify({ status: 200, headers: {}, body: null }),
+          { status: 200 },
+        );
+      }) as unknown as typeof globalThis.fetch,
+    );
+
+    const conn = new PlatformOAuthConnection({ ...DEFAULT_OPTIONS, client });
+    const result = await conn.request({ method: "GET", path: "/test" });
+
+    expect(result.status).toBe(200);
+    expect(callCount).toBe(2);
+  });
+
+  test("does not retry on 424", async () => {
+    let callCount = 0;
+    const client = makeMockClient(
+      mock(async () => {
+        callCount++;
+        return new Response("", { status: 424 });
+      }) as unknown as typeof globalThis.fetch,
+    );
+
+    const conn = new PlatformOAuthConnection({ ...DEFAULT_OPTIONS, client });
+    await expect(
+      conn.request({ method: "GET", path: "/test" }),
+    ).rejects.toThrow(CredentialRequiredError);
+    expect(callCount).toBe(1);
+  });
+
+  test("does not retry on 403", async () => {
+    let callCount = 0;
+    const client = makeMockClient(
+      mock(async () => {
+        callCount++;
+        return new Response("", { status: 403 });
+      }) as unknown as typeof globalThis.fetch,
+    );
+
+    const conn = new PlatformOAuthConnection({ ...DEFAULT_OPTIONS, client });
+    await expect(
+      conn.request({ method: "GET", path: "/test" }),
+    ).rejects.toThrow("Platform proxy returned unexpected status 403");
+    expect(callCount).toBe(1);
+  });
+
   test("uses connectionId in proxy URL regardless of provider format", async () => {
     const client = makeMockClient(
       mock(async (url: string | URL | Request) => {

package/src/oauth/platform-connection.ts

@@ -1,11 +1,18 @@
 import type { VellumPlatformClient } from "../platform/client.js";
 import { BackendError } from "../util/errors.js";
+import {
+  getHttpRetryDelay,
+  isRetryableStatus,
+  sleep,
+} from "../util/retry.js";
 import type {
   OAuthConnection,
   OAuthConnectionRequest,
   OAuthConnectionResponse,
 } from "./connection.js";
 
+const MAX_RETRIES = 3;
+
 export class CredentialRequiredError extends BackendError {
   constructor(message = "Connection not set up on platform") {
     super(message);
@@ -76,39 +83,53 @@ export class PlatformOAuthConnection implements OAuthConnection {
       },
     };
 
-    const response = await this.client.fetch(proxyPath, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify(body),
-    });
-
-    if (response.status === 424) {
-      throw new CredentialRequiredError();
-    }
-
-    if (response.status === 502) {
-      throw new ProviderUnreachableError();
-    }
-
-    if (!response.ok) {
-      throw new BackendError(
-        `Platform proxy returned unexpected status ${response.status}`,
-      );
+    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+      const response = await this.client.fetch(proxyPath, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify(body),
+        signal: req.signal,
+      });
+
+      if (response.status === 424) {
+        throw new CredentialRequiredError();
+      }
+
+      if (response.status === 502) {
+        throw new ProviderUnreachableError();
+      }
+
+      if (
+        !response.ok &&
+        isRetryableStatus(response.status) &&
+        attempt < MAX_RETRIES
+      ) {
+        await sleep(getHttpRetryDelay(response, attempt));
+        continue;
+      }
+
+      if (!response.ok) {
+        throw new BackendError(
+          `Platform proxy returned unexpected status ${response.status}`,
+        );
+      }
+
+      const json = (await response.json()) as {
+        status: number;
+        headers: Record<string, string>;
+        body: unknown;
+      };
+
+      return {
+        status: json.status,
+        headers: json.headers,
+        body: json.body,
+      };
     }
 
-    const json = (await response.json()) as {
-      status: number;
-      headers: Record<string, string>;
-      body: unknown;
-    };
-
-    return {
-      status: json.status,
-      headers: json.headers,
-      body: json.body,
-    };
+    throw new BackendError("Platform proxy request failed after retries");
   }
 
   async withToken<T>(_fn: (token: string) => Promise<T>): Promise<T> {

package/src/oauth/seed-providers.ts

@@ -27,6 +27,7 @@ export const PROVIDER_SEED_DATA: Record<
     tokenExchangeUrl: string;
     refreshUrl?: string;
     tokenEndpointAuthMethod?: string;
+    tokenExchangeBodyFormat?: string;
     userinfoUrl?: string;
     pingUrl?: string;
     pingMethod?: string;
@@ -85,6 +86,7 @@ export const PROVIDER_SEED_DATA: Record<
       "https://www.googleapis.com/auth/gmail.readonly",
       "https://www.googleapis.com/auth/gmail.modify",
       "https://www.googleapis.com/auth/gmail.send",
+      "https://www.googleapis.com/auth/gmail.settings.basic",
       "https://www.googleapis.com/auth/calendar.readonly",
       "https://www.googleapis.com/auth/calendar.events",
       "https://www.googleapis.com/auth/userinfo.email",
@@ -140,6 +142,7 @@ export const PROVIDER_SEED_DATA: Record<
     clientIdPlaceholder: null,
     logoUrl: "https://cdn.simpleicons.org/slack",
     defaultScopes: [
+      "channels:join",
       "channels:read",
       "channels:history",
       "groups:read",
@@ -199,6 +202,8 @@ export const PROVIDER_SEED_DATA: Record<
     },
     authorizeParams: { owner: "user" },
     tokenEndpointAuthMethod: "client_secret_basic",
+    tokenExchangeBodyFormat: "json",
+    managedServiceConfigKey: "notion-oauth",
     loopbackPort: 17323,
     injectionTemplates: [
       {
@@ -238,6 +243,8 @@ export const PROVIDER_SEED_DATA: Record<
     },
     tokenEndpointAuthMethod: "client_secret_basic",
     loopbackPort: 17335,
+    managedServiceConfigKey: "twitter-oauth",
+    featureFlag: "managed-x-oauth-integration",
     injectionTemplates: [
       {
         hostPattern: "api.x.com",

package/src/permissions/checker.ts

@@ -20,7 +20,11 @@ import {
   looksLikePathOnlyInput,
 } from "../tools/network/url-safety.js";
 import { getTool } from "../tools/registry.js";
-import { getDeprecatedDir, getWorkspaceHooksDir } from "../util/platform.js";
+import {
+  getDeprecatedDir,
+  getProtectedDir,
+  getWorkspaceHooksDir,
+} from "../util/platform.js";
 import {
   buildShellAllowlistOptions,
   buildShellCommandCandidates,
@@ -962,11 +966,17 @@ function isActorTokenSigningKeyPath(
   if (!filePath) return false;
   const cwd = workingDir ?? process.cwd();
   const resolvedPath = resolve(cwd, filePath);
-  const signingKeyPaths = [
-    join(homedir(), ".vellum", "protected", "actor-token-signing-key"),
-    join(getDeprecatedDir(), "actor-token-signing-key"),
-    resolve(cwd, "deprecated", "actor-token-signing-key"),
-  ];
+  // Include both the per-instance protected dir AND the legacy global
+  // ~/.vellum/protected path so upgraded machines with a host-wide signing
+  // key still classify reads as High risk.
+  const signingKeyPaths = Array.from(
+    new Set([
+      join(homedir(), ".vellum", "protected", "actor-token-signing-key"),
+      join(getProtectedDir(), "actor-token-signing-key"),
+      join(getDeprecatedDir(), "actor-token-signing-key"),
+      resolve(cwd, "deprecated", "actor-token-signing-key"),
+    ]),
+  );
   return signingKeyPaths.includes(resolvedPath);
 }
 

package/src/permissions/defaults.ts

@@ -3,6 +3,7 @@ import { join } from "node:path";
 import { getIsContainerized } from "../config/env-registry.js";
 import { getConfig } from "../config/loader.js";
 import { getBundledSkillsDir } from "../config/skills.js";
+import { resolveGuardianPersonaPath } from "../prompts/persona-resolver.js";
 import { getWorkspaceDir } from "../util/platform.js";
 
 export interface DefaultRuleTemplate {
@@ -15,6 +16,16 @@ export interface DefaultRuleTemplate {
   allowHighRisk?: boolean;
 }
 
+/**
+ * Escape minimatch metacharacters so a literal path is matched literally when
+ * interpolated into a rule pattern. Without this, characters like `*`, `?`,
+ * `[`, `]`, `{`, `}` in a filename would be treated as wildcards and broaden
+ * the resulting allow rule beyond the intended file.
+ */
+function escapeMinimatchPath(p: string): string {
+  return p.replace(/[?*[\]{}()!|\\]/g, "\\$&");
+}
+
 const HOST_FILE_TOOLS = [
   "host_file_read",
   "host_file_write",
@@ -118,7 +129,6 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
   const workspaceDir = getWorkspaceDir().replaceAll("\\", "/");
   const WORKSPACE_PROMPT_FILES = [
     "IDENTITY.md",
-    "USER.md",
     "SOUL.md",
     "BOOTSTRAP.md",
     "UPDATES.md",
@@ -139,6 +149,40 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
     })),
   );
 
+  // Guardian persona file — the contact-store-resolved `users/<slug>.md`
+  // for the current guardian. Once the workspace has a guardian contact,
+  // their per-user persona file should be readable/editable without a
+  // prompt.
+  //
+  // Resolved dynamically at template-build time (rather than hardcoded
+  // like WORKSPACE_PROMPT_FILES) because the slug depends on the
+  // installed guardian. The try/catch protects against early-boot paths
+  // where the DB may not yet be initialized — in that case no guardian
+  // persona rules are emitted and the agent will be prompted on first
+  // edit until the guardian contact is created.
+  let guardianPersonaRules: DefaultRuleTemplate[] = [];
+  try {
+    const guardianPath = resolveGuardianPersonaPath();
+    if (guardianPath) {
+      const posixPath = guardianPath.replaceAll("\\", "/");
+      const escapedPath = escapeMinimatchPath(posixPath);
+      guardianPersonaRules = WORKSPACE_FILE_TOOLS.map((tool) => ({
+        id: `default:allow-${tool}-guardian-persona`,
+        tool,
+        pattern: `${tool}:${escapedPath}`,
+        scope: "everywhere",
+        decision: "allow" as const,
+        priority: 100,
+      }));
+    }
+  } catch {
+    // If guardian resolution fails at default-rule computation, the rule
+    // will be missing until the trust cache is invalidated and rebuilt.
+    // Runtime guardian-creation paths invalidate the cache via
+    // `clearTrustCache()` in `contacts-write.createGuardianBinding` so
+    // that the next `getRules()` call picks up the new auto-allow rule.
+  }
+
   const bootstrapDeleteRule: DefaultRuleTemplate = {
     id: "default:allow-bash-rm-bootstrap",
     tool: "bash",
@@ -248,6 +292,8 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
     "browser_snapshot",
     "browser_screenshot",
     "browser_close",
+    "browser_attach",
+    "browser_detach",
     "browser_click",
     "browser_type",
     "browser_press_key",
@@ -258,6 +304,7 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
     "browser_extract",
     "browser_wait_for_download",
     "browser_fill_credential",
+    "browser_status",
   ] as const;
 
   const browserToolRules: DefaultRuleTemplate[] = BROWSER_TOOLS_NO_SLASH.map(
@@ -303,6 +350,7 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
     ...computerUseRules,
     ...managedSkillRules,
     ...workspacePromptRules,
+    ...guardianPersonaRules,
     bootstrapDeleteRule,
     updatesDeleteRule,
     ...skillSourceMutationRules,

package/src/permissions/trust-store.ts

@@ -6,7 +6,6 @@ import {
   renameSync,
   writeFileSync,
 } from "node:fs";
-import { homedir } from "node:os";
 import { dirname, join } from "node:path";
 
 import { Minimatch } from "minimatch";
@@ -14,6 +13,7 @@ import { v4 as uuid } from "uuid";
 
 import { getIsContainerized } from "../config/env-registry.js";
 import { getLogger } from "../util/logger.js";
+import { getProtectedDir } from "../util/platform.js";
 import { getDefaultRuleTemplates } from "./defaults.js";
 import * as trustClient from "./trust-client.js";
 import type {
@@ -135,12 +135,12 @@ function getTrustPath(): string {
  * Resolve the gateway security directory.
  *
  * Docker: `GATEWAY_SECURITY_DIR` env var.
- * Local:  falls back to `~/.vellum/` + `protected/`.
+ * Local:  the per-instance protected directory resolved by `getProtectedDir()`.
  */
 function getGatewaySecurityDir(): string {
   const securityDir = process.env.GATEWAY_SECURITY_DIR;
   if (securityDir) return securityDir;
-  return join(homedir(), ".vellum", "protected");
+  return getProtectedDir();
 }
 
 /**

package/src/permissions/workspace-policy.ts

@@ -65,6 +65,9 @@ const NETWORK_TOOLS = new Set([
   "browser_hover",
   "browser_screenshot",
   "browser_close",
+  "browser_attach",
+  "browser_detach",
+  "browser_status",
   "network_request",
 ]);
 

package/src/platform/client.test.ts

@@ -23,6 +23,16 @@ mock.module("../config/env.js", () => ({
   getPlatformAssistantId: () => mockAssistantId,
 }));
 
+// Stub the credential-store fallback so tests stay hermetic and do not
+// read real values from the host credential backend.
+mock.module("../security/secure-keys.js", () => ({
+  getSecureKeyAsync: async () => null,
+}));
+
+mock.module("../security/credential-key.js", () => ({
+  credentialKey: (namespace: string, key: string) => `${namespace}:${key}`,
+}));
+
 // ---------------------------------------------------------------------------
 // Import under test (after mocks)
 // ---------------------------------------------------------------------------