@vellumai/assistant 0.6.5 → 0.6.6

package/src/runtime/http-server.ts

@@ -36,6 +36,7 @@ import {
   handleVoiceWebhook,
 } from "../calls/twilio-routes.js";
 import { parseChannelId } from "../channels/types.js";
+import { isAssistantFeatureFlagEnabled } from "../config/assistant-feature-flags.js";
 import {
   getGatewayInternalBaseUrl,
   hasUngatedHttpAuthDisabled,
@@ -53,7 +54,10 @@ import {
   type SignalType,
 } from "../memory/conversation-attention-store.js";
 import {
+  addMessage,
   type ConversationRow,
+  createConversation,
+  deleteConversation,
   forkConversation as forkConversationInStore,
   getConversation,
   getDisplayMetaForConversations,
@@ -62,11 +66,13 @@ import { resolveConversationId } from "../memory/conversation-key-store.js";
 import {
   countConversations,
   listConversations,
+  listConversationsByTitlePrefix,
   listPinnedConversations,
 } from "../memory/conversation-queries.js";
 import type { ExternalConversationBinding } from "../memory/external-conversation-store.js";
 import * as externalConversationStore from "../memory/external-conversation-store.js";
 import { listGroups } from "../memory/group-crud.js";
+import { enqueueMemoryJob } from "../memory/jobs-store.js";
 import { resolveStreamingTranscriber } from "../providers/speech-to-text/resolve.js";
 import {
   consumeCallback,
@@ -206,6 +212,7 @@ import {
   handlePairingStatus,
   pairingRouteDefinitions,
 } from "./routes/pairing-routes.js";
+import { playgroundRouteDefinitions } from "./routes/playground/index.js";
 import { profilerRouteDefinitions } from "./routes/profiler-routes.js";
 import { recordingRouteDefinitions } from "./routes/recording-routes.js";
 import { scheduleRouteDefinitions } from "./routes/schedule-routes.js";
@@ -223,7 +230,6 @@ import { ttsRouteDefinitions } from "./routes/tts-routes.js";
 import { upgradeBroadcastRouteDefinitions } from "./routes/upgrade-broadcast-routes.js";
 import { usageRouteDefinitions } from "./routes/usage-routes.js";
 import { userRouteDefinitions } from "./routes/user-routes.js";
-import { watchRouteDefinitions } from "./routes/watch-routes.js";
 import { workItemRouteDefinitions } from "./routes/work-items-routes.js";
 import { workspaceCommitRouteDefinitions } from "./routes/workspace-commit-routes.js";
 import { workspaceRouteDefinitions } from "./routes/workspace-routes.js";
@@ -356,7 +362,6 @@ export class RuntimeHttpServer {
   private getSkillContext?: RuntimeHttpServerOptions["getSkillContext"];
   private conversationManagementDeps?: RuntimeHttpServerOptions["conversationManagementDeps"];
   private getModelSetContext?: RuntimeHttpServerOptions["getModelSetContext"];
-  private getWatchDeps?: RuntimeHttpServerOptions["getWatchDeps"];
   private getRecordingDeps?: RuntimeHttpServerOptions["getRecordingDeps"];
   private getCesClient?: RuntimeHttpServerOptions["getCesClient"];
   private onProviderCredentialsChanged?: RuntimeHttpServerOptions["onProviderCredentialsChanged"];
@@ -381,7 +386,6 @@ export class RuntimeHttpServer {
     this.getSkillContext = options.getSkillContext;
     this.conversationManagementDeps = options.conversationManagementDeps;
     this.getModelSetContext = options.getModelSetContext;
-    this.getWatchDeps = options.getWatchDeps;
     this.getRecordingDeps = options.getRecordingDeps;
     this.getCesClient = options.getCesClient;
     this.onProviderCredentialsChanged = options.onProviderCredentialsChanged;
@@ -1995,6 +1999,76 @@ export class RuntimeHttpServer {
         suggestionInFlight: this.suggestionInFlight,
         getHeartbeatService: this.getHeartbeatService,
       }),
+      ...playgroundRouteDefinitions({
+        getConversationById: async (id) => {
+          // Gate on DB existence first so genuinely-missing IDs return
+          // `undefined` (preserving the route handlers' 404 path) rather
+          // than triggering `getOrCreateConversation`'s create branch and
+          // masking the not-found case. For existing-but-not-loaded rows
+          // (e.g. freshly seeded by `POST /playground/seed-conversation`),
+          // hydrate the in-memory `Conversation` on demand so conv-scoped
+          // playground routes work without first opening the conversation
+          // in the main window.
+          if (!getConversation(id)) return undefined;
+          const sendDeps = this.sendMessageDeps;
+          if (!sendDeps) {
+            // Fall back to the in-memory active map when the daemon hasn't
+            // wired the hydration-capable accessor (e.g. unit tests).
+            const s = this.findConversation?.(id);
+            if (!s || !("abort" in s)) return undefined;
+            return s as import("../daemon/conversation.js").Conversation;
+          }
+          return sendDeps.getOrCreateConversation(id);
+        },
+        isPlaygroundEnabled: () =>
+          isAssistantFeatureFlagEnabled("compaction-playground", getConfig()),
+        listConversationsByTitlePrefix: (prefix) =>
+          listConversationsByTitlePrefix(prefix),
+        deleteConversationById: (id) => {
+          // Existence check first so we can report `false` for missing rows
+          // — `deleteConversation` always returns a result object even when
+          // no row matched.
+          if (!getConversation(id)) return false;
+          // Mirror the canonical DELETE /v1/conversations/:id handler in
+          // conversation-management-routes.ts: tear down the in-memory
+          // Conversation first (so a running agent loop can't write to a
+          // deleted row and trip FK constraints), then drop the DB row,
+          // then enqueue Qdrant vector cleanup for the returned segment
+          // and summary IDs. Without this, seeded-then-deleted playground
+          // conversations leak vectors and zombie Conversation objects.
+          if (this.findConversation?.(id)) {
+            this.conversationManagementDeps?.destroyConversation(id);
+          }
+          const deleted = deleteConversation(id);
+          for (const segId of deleted.segmentIds) {
+            enqueueMemoryJob("delete_qdrant_vectors", {
+              targetType: "segment",
+              targetId: segId,
+            });
+          }
+          for (const summaryId of deleted.deletedSummaryIds) {
+            enqueueMemoryJob("delete_qdrant_vectors", {
+              targetType: "summary",
+              targetId: summaryId,
+            });
+          }
+          return true;
+        },
+        createConversation: async (title) => {
+          const row = createConversation({ title });
+          return { id: row.id };
+        },
+        addMessage: async (conversationId, role, contentJson, options) => {
+          const persisted = await addMessage(
+            conversationId,
+            role,
+            contentJson,
+            undefined,
+            options,
+          );
+          return { id: persisted.id };
+        },
+      }),
       ...globalSearchRouteDefinitions(),
       ...approvalRouteDefinitions(),
       ...hostBashRouteDefinitions(),
@@ -2032,11 +2106,6 @@ export class RuntimeHttpServer {
       ...oauthAppsRouteDefinitions(),
       ...attachmentRouteDefinitions(),
 
-      ...(this.getWatchDeps
-        ? watchRouteDefinitions({
-            getWatchDeps: this.getWatchDeps,
-          })
-        : []),
       ...(this.getRecordingDeps
         ? recordingRouteDefinitions({
             getRecordingDeps: this.getRecordingDeps,

package/src/runtime/http-types.ts

@@ -248,8 +248,6 @@ export interface RuntimeHttpServerOptions {
   conversationManagementDeps?: ConversationManagementDeps;
   /** Lazy factory for model config set context (conversation eviction, config reload suppression). */
   getModelSetContext?: () => import("../daemon/handlers/config-model.js").ModelSetContext;
-  /** Provider for watch observation dependencies (watch routes). */
-  getWatchDeps?: () => import("./routes/watch-routes.js").WatchDeps;
   /** Provider for recording dependencies (recording routes). */
   getRecordingDeps?: () => import("./routes/recording-routes.js").RecordingDeps;
   /** Accessor for the CES client, used to push API key updates to CES after hatch. */

package/src/runtime/migrations/vbundle-builder.ts

@@ -4,7 +4,7 @@
  * A .vbundle is a gzip-compressed tar archive containing:
  * - manifest.json: metadata with schema_version, checksums, and bundle info
  * - workspace/: the entire ~/.vellum/workspace/ directory tree (DB, config,
- *   skills, hooks, prompts, attachments, etc.) — excluding large/regenerable
+ *   skills, prompts, attachments, etc.) — excluding large/regenerable
  *   dirs (embedding-models/, data/qdrant/)
  * - trust/trust.json: trust rules (optional, lives in protected/ outside workspace)
  */
@@ -429,15 +429,6 @@ export interface BuildExportVBundleOptions {
   description?: string;
   /** Absolute path to trust.json. If provided and the file exists, it is included in the archive. */
   trustPath?: string;
-  /**
-   * Absolute path to the hooks directory. Previously hooks lived outside the
-   * workspace at ~/.vellum/hooks/ and needed explicit inclusion. Now hooks
-   * live under workspace (~/.vellum/workspace/hooks/) and are included in
-   * the workspace walk. Only pass this for backward-compat scenarios where
-   * hooks are still outside the workspace; otherwise omit to avoid double
-   * export. Included in the archive under the "hooks/" prefix.
-   */
-  hooksDir?: string;
   /**
    * Absolute path to the workspace directory (~/.vellum/workspace/).
    * When provided and exists, the entire directory tree is walked and
@@ -479,7 +470,6 @@ export function buildExportVBundle(
     checkpoint,
     trustPath,
     workspaceDir,
-    hooksDir,
     credentials,
   } = options;
 
@@ -515,11 +505,6 @@ export function buildExportVBundle(
     configEntry.data = new TextEncoder().encode(sanitized);
   }
 
-  // Include hooks directory if it exists (lives at ~/.vellum/hooks/, outside workspace).
-  if (hooksDir && existsSync(hooksDir) && lstatSync(hooksDir).isDirectory()) {
-    files.push(...walkDirectory(hooksDir, "hooks"));
-  }
-
   // Include trust rules if the file exists (lives in protected/, outside workspace).
   if (trustPath && existsSync(trustPath)) {
     const trustData = new Uint8Array(readFileSync(trustPath));
@@ -820,7 +805,6 @@ export async function streamExportVBundle(
     checkpoint,
     trustPath,
     workspaceDir,
-    hooksDir,
     credentials,
   } = options;
 
@@ -845,11 +829,6 @@ export async function streamExportVBundle(
     );
   }
 
-  // Include hooks directory if it exists
-  if (hooksDir && existsSync(hooksDir) && lstatSync(hooksDir).isDirectory()) {
-    allFileMetadata.push(...walkDirectoryForMetadata(hooksDir, "hooks"));
-  }
-
   // Include trust rules if the file exists
   if (trustPath && existsSync(trustPath)) {
     const trustStat = lstatSync(trustPath);

package/src/runtime/routes/approval-prompt-ts-tracker.ts

@@ -1,40 +1,52 @@
 /**
- * In-memory tracker for approval prompt message timestamps.
+ * Persistent tracker for approval prompt message timestamps.
  *
- * Scopes guardian reaction approvals so only reactions on a known
- * approval prompt can resolve a pending request. Without this, a stray
- * 👍/✅ on any message in the guardian chat could approve a pending
- * request (since reactions are now admitted from any subscribed channel,
- * not just tracked bot threads).
+ * Scopes guardian reaction approvals so only reactions on a known approval
+ * prompt can resolve a pending request. Without this, a stray 👍/✅ on any
+ * message in the guardian chat could approve a pending request (since
+ * reactions are now admitted from any subscribed channel, not just tracked
+ * bot threads).
  *
- * Entries expire after `APPROVAL_PROMPT_TS_TTL_MS` (matches the guardian
- * approval TTL of 30 minutes, plus grace). Populated when an approval
- * prompt is successfully delivered; consulted before applying a guardian
- * reaction decision.
+ * Entries are stored in the `approval_prompt_ts_tracker` table (created by
+ * `createApprovalPromptTsTrackerTable`) so that a daemon restart between
+ * prompt delivery and guardian reaction does not silently invalidate
+ * reactions that are still within the 30-minute guardian approval TTL.
+ * Entries expire after `APPROVAL_PROMPT_TS_TTL_MS` (guardian approval TTL
+ * plus grace).
  */
+import { getSqlite } from "../../memory/db-connection.js";
+import { getLogger } from "../../util/logger.js";
 
-const APPROVAL_PROMPT_TS_TTL_MS = 35 * 60 * 1000;
-
-const tracked = new Map<string, number>();
+const log = getLogger("runtime-http");
 
-function key(channel: string, chatId: string, ts: string): string {
-  return `${channel}\u0000${chatId}\u0000${ts}`;
-}
-
-function pruneExpired(now: number): void {
-  for (const [k, expiresAt] of tracked) {
-    if (expiresAt <= now) tracked.delete(k);
-  }
-}
+const APPROVAL_PROMPT_TS_TTL_MS = 35 * 60 * 1000;
 
+// Swallow errors: callers run this inside their delivery try/catch, so a
+// tracker throw would be misread as a delivery failure and trigger
+// fallback/retry, double-posting the guardian prompt.
 export function trackApprovalPromptTs(
   channel: string,
   chatId: string,
   ts: string,
 ): void {
-  const now = Date.now();
-  pruneExpired(now);
-  tracked.set(key(channel, chatId, ts), now + APPROVAL_PROMPT_TS_TTL_MS);
+  try {
+    const now = Date.now();
+    const expiresAt = now + APPROVAL_PROMPT_TS_TTL_MS;
+    const db = getSqlite();
+    db.run(
+      /*sql*/ `DELETE FROM approval_prompt_ts_tracker WHERE expires_at <= ?`,
+      [now],
+    );
+    db.run(
+      /*sql*/ `INSERT OR REPLACE INTO approval_prompt_ts_tracker (channel, chat_id, ts, expires_at) VALUES (?, ?, ?, ?)`,
+      [channel, chatId, ts, expiresAt],
+    );
+  } catch (err) {
+    log.error(
+      { err, channel, chatId, ts },
+      "Failed to persist approval prompt ts tracker entry; continuing without tracking",
+    );
+  }
 }
 
 export function isTrackedApprovalPromptTs(
@@ -42,11 +54,19 @@ export function isTrackedApprovalPromptTs(
   chatId: string,
   ts: string,
 ): boolean {
-  const k = key(channel, chatId, ts);
-  const expiresAt = tracked.get(k);
-  if (expiresAt === undefined) return false;
-  if (expiresAt <= Date.now()) {
-    tracked.delete(k);
+  const now = Date.now();
+  const db = getSqlite();
+  const row = db
+    .query(
+      /*sql*/ `SELECT expires_at FROM approval_prompt_ts_tracker WHERE channel = ? AND chat_id = ? AND ts = ?`,
+    )
+    .get(channel, chatId, ts) as { expires_at: number } | null;
+  if (!row) return false;
+  if (row.expires_at <= now) {
+    db.run(
+      /*sql*/ `DELETE FROM approval_prompt_ts_tracker WHERE channel = ? AND chat_id = ? AND ts = ?`,
+      [channel, chatId, ts],
+    );
     return false;
   }
   return true;
@@ -54,5 +74,5 @@ export function isTrackedApprovalPromptTs(
 
 /** @internal Test-only — clear all tracked entries. */
 export function _clearApprovalPromptTsTrackerForTesting(): void {
-  tracked.clear();
+  getSqlite().run(/*sql*/ `DELETE FROM approval_prompt_ts_tracker`);
 }

package/src/runtime/routes/approval-routes.ts

@@ -10,6 +10,7 @@
  */
 import { z } from "zod";
 
+import { emitFeedEvent } from "../../home/emit-feed-event.js";
 import { getConversationByKey } from "../../memory/conversation-key-store.js";
 import { addRule } from "../../permissions/trust-store.js";
 import type { UserDecision } from "../../permissions/types.js";
@@ -210,6 +211,22 @@ export async function handleConfirm(
     "Confirmation resolved via HTTP",
   );
 
+  const approved = effectiveDecision === "allow";
+  const toolName = interaction.confirmationDetails?.toolName ?? "unknown tool";
+  void emitFeedEvent({
+    source: "assistant",
+    title: `${approved ? "Approved" : "Denied"} use of ${toolName}.`,
+    summary: `${approved ? "Approved" : "Denied"} use of ${toolName}.`,
+    dedupKey: `tool-approval:${requestId}`,
+    urgency: approved ? undefined : "medium",
+    conversationId: interaction.conversationId,
+  }).catch((err) => {
+    log.warn(
+      { err, requestId },
+      "Failed to emit tool approval resolution feed event",
+    );
+  });
+
   // ACP permissions: resolve directly without a Conversation object.
   if (interaction.directResolve) {
     interaction.directResolve(effectiveDecision as UserDecision);

package/src/runtime/routes/browser-extension-pair-routes.ts

@@ -17,7 +17,7 @@
  *     with 403.
  *   - **Browser-origin rejection**: if an `Origin` header is present it
  *     must be either empty or explicitly on the
- *     `ALLOWED_EXTENSION_ORIGINS` allowlist. This defends against a
+ *     `getAllowedExtensionOrigins()` allowlist. This defends against a
  *     malicious web page in another tab issuing a cross-origin POST from
  *     the user's browser — such a request would carry the page's origin
  *     and would be rejected here even if it somehow reached loopback.
@@ -194,7 +194,9 @@ function loadAllowedExtensionOrigins(): ReadonlySet<string> {
   // 2. Local override. Silently absent is fine; malformed warns but doesn't
   //    block other sources.
   try {
-    for (const id of readIdsFromFile(LOCAL_OVERRIDE_PATH, { allowEmpty: true })) {
+    for (const id of readIdsFromFile(LOCAL_OVERRIDE_PATH, {
+      allowEmpty: true,
+    })) {
       merged.add(`chrome-extension://${id}/`);
     }
   } catch (err) {
@@ -240,10 +242,27 @@ function loadAllowedExtensionOrigins(): ReadonlySet<string> {
  * token. Merged from the canonical repo config at
  * `meta/browser-extension/chrome-extension-allowlist.json`, an optional
  * local override at `~/.vellum/chrome-extension-allowlist.local.json`, and
- * the `VELLUM_CHROME_EXTENSION_IDS` env var. Cached at module load —
- * allowlist edits require a daemon restart to take effect.
+ * the `VELLUM_CHROME_EXTENSION_IDS` env var. Computed lazily on first
+ * access so that importing this module (e.g. for `--version`) doesn't
+ * trigger filesystem reads. Cached after first call — allowlist edits
+ * require a daemon restart to take effect.
  */
-export const ALLOWED_EXTENSION_ORIGINS = loadAllowedExtensionOrigins();
+let _allowedExtensionOrigins: ReadonlySet<string> | null = null;
+
+export function getAllowedExtensionOrigins(): ReadonlySet<string> {
+  if (!_allowedExtensionOrigins) {
+    _allowedExtensionOrigins = loadAllowedExtensionOrigins();
+  }
+  return _allowedExtensionOrigins;
+}
+
+/**
+ * Test helper: clear the cached allowlist so the next call to
+ * `getAllowedExtensionOrigins()` re-reads from disk/env.
+ */
+export function __resetAllowedExtensionOriginsForTests(): void {
+  _allowedExtensionOrigins = null;
+}
 
 /**
  * Reset the dedicated pair-endpoint rate limiter. Exported for tests
@@ -490,8 +509,8 @@ export async function handleBrowserExtensionPair(
     // and the `/`-suffixed form against the allowlist.
     const withSlash = `${originHeader}/`;
     if (
-      !ALLOWED_EXTENSION_ORIGINS.has(originHeader) &&
-      !ALLOWED_EXTENSION_ORIGINS.has(withSlash)
+      !getAllowedExtensionOrigins().has(originHeader) &&
+      !getAllowedExtensionOrigins().has(withSlash)
     ) {
       auditDeny(req, peerIp, "browser_origin_not_allowlisted", {
         originHeader,
@@ -536,7 +555,7 @@ export async function handleBrowserExtensionPair(
   // check catches the failure mode where a compromised extension id
   // that doesn't match a known Vellum build still manages to reach
   // the endpoint.
-  if (!ALLOWED_EXTENSION_ORIGINS.has(extensionOrigin)) {
+  if (!getAllowedExtensionOrigins().has(extensionOrigin)) {
     auditDeny(req, peerIp, "extension_origin_not_allowlisted", {
       extensionOrigin,
     });