@vellumai/assistant 0.6.3 → 0.6.4

package/src/runtime/auth/token-service.ts

@@ -22,6 +22,7 @@ import {
 import { homedir } from "node:os";
 import { dirname, join } from "node:path";
 
+import { getIsContainerized } from "../../config/env-registry.js";
 import { getLogger } from "../../util/logger.js";
 import { getDeprecatedDir } from "../../util/platform.js";
 import { CURRENT_POLICY_EPOCH, isStaleEpoch } from "./policy.js";
@@ -115,6 +116,58 @@ export function loadOrCreateSigningKey(): Buffer {
   return newKey;
 }
 
+/**
+ * Best-effort sync of the env-resolved signing key to the canonical disk
+ * path so out-of-process CLI commands (e.g. browser relay) that load from
+ * disk converge on the same key the daemon uses.
+ *
+ * Security note: this does NOT expand the signing key's exposure surface.
+ * `loadOrCreateSigningKey()` already writes a signing key to the exact same
+ * disk path (getSigningKeyPath()) with the same mode (0600). A signing key
+ * is always on disk for CLI subprocesses to read — this function just
+ * ensures the disk key matches the env-provided key so those subprocesses
+ * mint tokens the daemon will actually accept.
+ *
+ * Skipped in containerized mode where disk key files are not used.
+ * Uses atomic write (tmp + rename) with mode 0600 for safe persistence.
+ * Never throws -- logs a warning on write failure and continues with
+ * the in-memory key.
+ */
+function syncEnvSigningKeyToDiskIfNeeded(key: Buffer): void {
+  if (getIsContainerized()) {
+    return;
+  }
+
+  const keyPath = getSigningKeyPath();
+
+  try {
+    // If the file already exists and is byte-equal, no-op.
+    if (existsSync(keyPath)) {
+      const existing = readFileSync(keyPath);
+      if (existing.length === key.length && timingSafeEqual(existing, key)) {
+        return;
+      }
+    }
+
+    // Write atomically: tmp file + rename.
+    const dir = dirname(keyPath);
+    if (!existsSync(dir)) {
+      mkdirSync(dir, { recursive: true });
+    }
+    const tmpPath = keyPath + ".tmp." + process.pid;
+    writeFileSync(tmpPath, key, { mode: 0o600 });
+    renameSync(tmpPath, keyPath);
+    chmodSync(keyPath, 0o600);
+
+    log.info("Synced env signing key to disk for CLI convergence");
+  } catch (err) {
+    log.warn(
+      { err },
+      "Failed to sync env signing key to disk — continuing with in-memory key",
+    );
+  }
+}
+
 /**
  * Resolve the signing key for the daemon from the `ACTOR_TOKEN_SIGNING_KEY`
  * env var (hex-encoded, 64 chars). The CLI launcher sets this before
@@ -128,8 +181,10 @@ export function resolveSigningKey(): Buffer {
         `Invalid ACTOR_TOKEN_SIGNING_KEY: expected 64 hex characters, got ${envKey.length} chars`,
       );
     }
+    const key = Buffer.from(envKey, "hex");
+    syncEnvSigningKeyToDiskIfNeeded(key);
     log.info("Signing key loaded from ACTOR_TOKEN_SIGNING_KEY env var");
-    return Buffer.from(envKey, "hex");
+    return key;
   }
 
   // Fallback: env var not set (e.g. daemon spawned by cli/src/lib/local.ts

package/src/runtime/btw-sidechain.ts

@@ -35,6 +35,7 @@ export interface RunBtwSidechainParams {
   onEvent?: (event: ProviderEvent) => void;
   userPersona?: string | null;
   channelPersona?: string | null;
+  userSlug?: string | null;
 }
 
 export interface RunBtwSidechainResult {
@@ -70,6 +71,7 @@ export async function runBtwSidechain(
           excludeBootstrap: true,
           userPersona: params.userPersona,
           channelPersona: params.channelPersona,
+          userSlug: params.userSlug,
         }));
 
   const { signal: timeoutSignal, cleanup } = createTimeout(

package/src/runtime/capability-tokens.ts

@@ -27,7 +27,6 @@ import {
   unlinkSync,
   writeFileSync,
 } from "node:fs";
-import { homedir } from "node:os";
 import { dirname, join } from "node:path";
 
 import { getLogger } from "../util/logger.js";
@@ -375,18 +374,19 @@ export function verifyHostBrowserCapability(
  * (PRs 7/12/13).
  */
 export function getDaemonTokenFilePath(): string {
-  // Always under `~/.vellum/` (not the configurable workspace dir) so the
-  // native messaging helper can find it at a fixed path regardless of
-  // workspace overrides. This is a dev-only convenience path — production
-  // pairing goes through the native messaging flow.
-  return join(homedir(), ".vellum", "daemon-token");
+  // Stored under the per-instance protected directory. Both writer and
+  // reader run in the same daemon process, so they resolve the same
+  // per-instance path (honoring BASE_DATA_DIR for multi-instance setups).
+  // This is a dev-only convenience path — production pairing goes through
+  // the native messaging flow.
+  return join(getProtectedDir(), "daemon-token");
 }
 
 /**
- * Write a freshly-minted capability token to `~/.vellum/daemon-token` with
- * 0600 permissions. Swallows errors so a failure here never blocks daemon
- * startup — this is a dev-convenience path, not a production auth
- * requirement.
+ * Write a freshly-minted capability token to the per-instance dev token
+ * file (see `getDaemonTokenFilePath`) with 0600 permissions. Swallows
+ * errors so a failure here never blocks daemon startup — this is a
+ * dev-convenience path, not a production auth requirement.
  */
 export function writeDaemonTokenFallback(guardianId: string): void {
   try {

package/src/runtime/channel-invite-transport.ts

@@ -58,7 +58,7 @@ export interface ChannelInviteAdapter {
 
   /**
    * Resolve the channel-specific handle to reach the assistant (e.g.
-   * "@botName", "+15551234567", "hello@domain.agentmail.to").
+   * "@botName", "+15551234567", "hello@vellum.me").
    * Returns `undefined` when the handle cannot be resolved (e.g.
    * credentials not yet configured).
    */

package/src/runtime/channel-invite-transports/email.ts

@@ -2,17 +2,16 @@
  * Email channel invite adapter.
  *
  * Resolves the assistant's email address for use in invite instructions.
- * Uses the EmailService's cached primary inbox lookup so the real address
- * is returned when an inbox is configured. Falls back to `undefined` when
- * no inbox exists, which causes the invite instruction generator to emit
- * generic "on Email" wording instead of a misleading stub address.
+ * Reads the address from workspace config (`email.address`). Returns
+ * `undefined` when no address is configured, which causes the invite
+ * instruction generator to emit generic "on Email" wording.
  *
  * Email invites use the universal 6-digit code path for redemption, so
  * this adapter only implements `resolveChannelHandleAsync` — no
  * `buildShareLink` or `extractInboundToken` needed.
  */
 
-import { getEmailService } from "../../email/service.js";
+import { getNestedValue, loadRawConfig } from "../../config/loader.js";
 import type { ChannelInviteAdapter } from "../channel-invite-transport.js";
 
 // ---------------------------------------------------------------------------
@@ -23,6 +22,15 @@ export const emailInviteAdapter: ChannelInviteAdapter = {
   channel: "email",
 
   async resolveChannelHandleAsync(): Promise<string | undefined> {
-    return getEmailService().getPrimaryInboxAddress();
+    try {
+      const raw = loadRawConfig();
+      const address = getNestedValue(raw, "email.address");
+      if (typeof address === "string" && address.length > 0) {
+        return address;
+      }
+    } catch {
+      // Config unavailable
+    }
+    return undefined;
   },
 };

package/src/runtime/channel-readiness-service.ts

@@ -1,9 +1,8 @@
 import { resolveTwilioPhoneNumber } from "../calls/twilio-config.js";
 import { hasTwilioCredentials } from "../calls/twilio-rest.js";
 import { getChannelInvitePolicy } from "../channels/config.js";
-import { getConfig, loadRawConfig } from "../config/loader.js";
+import { getConfig, getNestedValue, loadRawConfig } from "../config/loader.js";
 import { isEmailEnabled } from "../email/feature-gate.js";
-import { getEmailService } from "../email/service.js";
 import { shouldUsePlatformCallbacks } from "../inbound/platform-callback-registration.js";
 import { credentialKey } from "../security/credential-key.js";
 import { getSecureKeyAsync } from "../security/secure-keys.js";
@@ -81,8 +80,9 @@ async function checkCredential(
 
 /** Check that public ingress is configured and enabled. */
 function checkIngress(allowManagedCallbacks = false): ReadinessCheckResult {
-  const { configured, usesManagedCallbacks } =
-    hasWebhookRoutingConfigured(allowManagedCallbacks);
+  const { configured, usesManagedCallbacks } = hasWebhookRoutingConfigured(
+    allowManagedCallbacks,
+  );
   return check(
     "ingress",
     configured,
@@ -150,17 +150,13 @@ const telegramProbe: ChannelProbe = {
 const emailProbe: ChannelProbe = {
   channel: "email",
   async runLocalChecks(): Promise<ReadinessCheckResult[]> {
-    const hasApiKey = !!(
-      (await getSecureKeyAsync("agentmail")) ||
-      (await getSecureKeyAsync(credentialKey("agentmail", "api_key")))
-    );
     const invitePolicy = getChannelInvitePolicy("email");
     return [
       check(
-        "agentmail_api_key",
-        hasApiKey,
-        "AgentMail API key is configured",
-        "AgentMail API key is not configured",
+        "platform_email",
+        true,
+        "Email is handled through the platform (Mailgun)",
+        "Email requires platform registration",
       ),
       check(
         "invite_policy",
@@ -172,23 +168,17 @@ const emailProbe: ChannelProbe = {
     ];
   },
   async runRemoteChecks(): Promise<ReadinessCheckResult[]> {
-    // Only worth checking if the API key is present
-    const hasApiKey = !!(
-      (await getSecureKeyAsync("agentmail")) ||
-      (await getSecureKeyAsync(credentialKey("agentmail", "api_key")))
-    );
-    if (!hasApiKey) return [];
-
     try {
-      const address = await getEmailService().getPrimaryInboxAddress();
-      const hasInbox = !!address;
+      const raw = loadRawConfig();
+      const address = getNestedValue(raw, "email.address");
+      const hasInbox = typeof address === "string" && address.length > 0;
       return [
         {
           name: "inbox_configured",
           passed: hasInbox,
           message: hasInbox
             ? `Inbox address is configured (${address})`
-            : "No inbox address configured — create one with: assistant email setup inboxes",
+            : "No inbox address configured — register one with: assistant email register <username>",
         },
       ];
     } catch (err) {

package/src/runtime/chrome-extension-registry.ts

@@ -20,8 +20,10 @@
  *   - When a caller does not pin a specific instance, the registry picks
  *     the "most recently active" instance for the guardian (highest
  *     `lastActiveAt` timestamp). `lastActiveAt` is bumped on register and
- *     on every successful `send()`, which is a good enough stand-in for
- *     WebSocket heartbeats under the current load profile.
+ *     on every successful `send()` — but NOT by keepalive pings. Keepalive
+ *     frames update a separate `lastKeepaliveAt` field that is used only
+ *     for liveness checks, preventing idle instances from stealing the
+ *     routing default via periodic keepalive traffic.
  *   - When no `clientInstanceId` is present on the handshake (older
  *     extension builds, dev bypass paths), we synthesize a placeholder
  *     `legacy:<connectionId>` key. The send/lookup path treats it the
@@ -65,8 +67,20 @@ export interface ChromeExtensionConnection {
    * connection — updated on register and on each successful `send()`.
    * Used by the default-send routing path to pick the "most recently
    * active" instance when the caller does not pin a specific one.
+   *
+   * Crucially, this is NOT updated by keepalive pings — those update
+   * `lastKeepaliveAt` instead. This separation prevents idle instances
+   * from stealing the routing default via periodic keepalive traffic.
    */
   lastActiveAt: number;
+  /**
+   * Wall-clock timestamp (ms) of the most recent keepalive ping
+   * received on this connection. Updated exclusively by `touch()`
+   * (i.e. keepalive frames). Does NOT affect routing — used only for
+   * liveness checks (e.g. a future stale-connection sweep can evict
+   * connections whose `lastKeepaliveAt` is too far in the past).
+   */
+  lastKeepaliveAt?: number;
   /**
    * Monotonic registration sequence number assigned by the registry
    * on each `register()` call. Used as a tuple-secondary tiebreaker
@@ -198,6 +212,28 @@ export class ChromeExtensionRegistry {
     }
   }
 
+  /**
+   * Update the `lastKeepaliveAt` timestamp for the connection identified
+   * by `connectionId`, without changing routing semantics or registration
+   * state. Used by keepalive frames to signal that the extension is still
+   * alive and reachable. Deliberately does NOT update `lastActiveAt` — that
+   * field is reserved for actual CDP traffic (register, send) so that idle
+   * instances cannot steal the routing default via periodic keepalive pings.
+   *
+   * No-op if no connection with the given id is currently registered
+   * (e.g. after a race between disconnect and a trailing keepalive frame).
+   */
+  touch(connectionId: string): void {
+    for (const instances of this.byGuardian.values()) {
+      for (const conn of instances.values()) {
+        if (conn.id === connectionId) {
+          conn.lastKeepaliveAt = Date.now();
+          return;
+        }
+      }
+    }
+  }
+
   /**
    * Return the default "active" connection for a guardian — the
    * instance with the most recent `lastActiveAt` timestamp. Ties on