@vellumai/assistant 0.7.0 → 0.7.1

package/src/runtime/migrations/migration-transport.ts

@@ -64,16 +64,43 @@ export interface ValidationError {
 export interface ManifestFileEntry {
   path: string;
   sha256: string;
-  size: number;
+  size_bytes: number;
+}
+
+export interface ManifestAssistantInfo {
+  id: string;
+  name: string;
+  runtime_version: string;
+}
+
+export interface ManifestOrigin {
+  mode: "managed" | "self-hosted-remote" | "self-hosted-local";
+  platform_version?: string;
+  hostname?: string;
+}
+
+export interface ManifestCompatibility {
+  min_runtime_version: string;
+  max_runtime_version: string | null;
+}
+
+export interface ManifestExportOptions {
+  include_logs: boolean;
+  include_browser_state: boolean;
+  include_memory_vectors: boolean;
 }
 
 export interface Manifest {
-  schema_version: string;
+  schema_version: number;
+  bundle_id: string;
   created_at: string;
-  source?: string;
-  description?: string;
-  files: ManifestFileEntry[];
-  manifest_sha256: string;
+  assistant: ManifestAssistantInfo;
+  origin: ManifestOrigin;
+  compatibility: ManifestCompatibility;
+  contents: ManifestFileEntry[];
+  checksum: string;
+  secrets_redacted: boolean;
+  export_options: ManifestExportOptions;
 }
 
 // ---------------------------------------------------------------------------
@@ -104,8 +131,8 @@ export interface ExportRuntimeResult {
   ok: true;
   archive: ArrayBuffer;
   filename: string;
-  schemaVersion: string;
-  manifestSha256: string;
+  schemaVersion: number;
+  checksum: string;
 }
 
 /** Managed export initiates an async job and returns a job ID. */
@@ -398,8 +425,14 @@ export async function exportBundle(
     } as ExportManagedResult;
   }
 
-  // Runtime returns the binary archive
+  // Runtime returns the binary archive. The legacy
+  // `X-Vbundle-Manifest-Sha256` response header name is preserved for
+  // cross-version client compat — its value is now sourced from the
+  // renamed manifest `checksum` field.
   const archive = await response.arrayBuffer();
+  const schemaVersionHeader =
+    response.headers.get("X-Vbundle-Schema-Version") ?? "";
+  const parsedSchemaVersion = Number.parseInt(schemaVersionHeader, 10);
   return {
     ok: true,
     archive,
@@ -407,10 +440,10 @@ export async function exportBundle(
       response.headers
         .get("Content-Disposition")
         ?.match(/filename="?(.+?)"?$/)?.[1] ?? "export.vbundle",
-    schemaVersion:
-      response.headers.get("X-Vbundle-Schema-Version") ?? "unknown",
-    manifestSha256:
-      response.headers.get("X-Vbundle-Manifest-Sha256") ?? "unknown",
+    schemaVersion: Number.isFinite(parsedSchemaVersion)
+      ? parsedSchemaVersion
+      : 0,
+    checksum: response.headers.get("X-Vbundle-Manifest-Sha256") ?? "",
   } as ExportRuntimeResult;
 }
 

package/src/runtime/migrations/migration-wizard.ts

@@ -85,8 +85,8 @@ export interface MigrationWizardState {
     | {
         ok: true;
         filename: string;
-        schemaVersion: string;
-        manifestSha256: string;
+        schemaVersion: number;
+        checksum: string;
       };
 
   /** Import commit result. */

package/src/runtime/migrations/origin-mode.ts

@@ -0,0 +1,40 @@
+/**
+ * Origin-mode derivation for vbundle exports.
+ *
+ * The vbundle manifest v1 schema's `origin.mode` enum captures the deployment
+ * shape that produced the bundle. The runtime's two underlying signals are:
+ *
+ *   - `hasManagedProxyPrereqs()` — true when the daemon has the credentials
+ *     it needs to act as a managed-proxy client, i.e. this is a managed
+ *     deployment.
+ *   - `getDaemonRuntimeMode()` — `"docker"` vs `"bare-metal"`, identifying
+ *     where the daemon process is running.
+ *
+ * Folding both into a single helper keeps callers from repeating the
+ * combination logic.
+ */
+
+import { hasManagedProxyPrereqs } from "../../providers/managed-proxy/context.js";
+import { getDaemonRuntimeMode } from "../runtime-mode.js";
+
+export type VBundleOriginMode =
+  | "managed"
+  | "self-hosted-remote"
+  | "self-hosted-local";
+
+/**
+ * Returns the origin mode for the current daemon.
+ *
+ * Managed-proxy prereqs win first (a managed deployment is always
+ * "managed" regardless of where the daemon process runs); otherwise docker
+ * → "self-hosted-remote", bare-metal → "self-hosted-local".
+ */
+export async function getOriginMode(): Promise<VBundleOriginMode> {
+  if (await hasManagedProxyPrereqs()) {
+    return "managed";
+  }
+  if (getDaemonRuntimeMode() === "docker") {
+    return "self-hosted-remote";
+  }
+  return "self-hosted-local";
+}

package/src/runtime/migrations/vbundle-builder.ts

@@ -6,7 +6,6 @@
  * - workspace/: the entire ~/.vellum/workspace/ directory tree (DB, config,
  *   skills, prompts, attachments, etc.) — excluding large/regenerable
  *   dirs (embedding-models/, data/qdrant/)
- * - trust/trust.json: trust rules (optional)
  */
 
 import { createHash, randomUUID } from "node:crypto";
@@ -29,6 +28,7 @@ import { pipeline } from "node:stream/promises";
 import { createGzip, gzipSync } from "node:zlib";
 
 import { sanitizeConfigForTransfer } from "../../config/sanitize-for-transfer.js";
+import type { VBundleOriginMode } from "./origin-mode.js";
 import type {
   ManifestFileEntryType,
   ManifestType,
@@ -43,15 +43,50 @@ export interface VBundleFileEntry {
   data: Uint8Array;
 }
 
+/** v1 manifest `assistant` block. */
+export interface VBundleAssistantInfo {
+  id: string;
+  name: string;
+  runtime_version: string;
+}
+
+/** v1 manifest `origin` block. */
+export interface VBundleOriginInfo {
+  mode: VBundleOriginMode;
+  platform_version?: string;
+  hostname?: string;
+}
+
+/** v1 manifest `compatibility` block. */
+export interface VBundleCompatibility {
+  min_runtime_version: string;
+  max_runtime_version: string | null;
+}
+
+/** v1 manifest `export_options` block. */
+export interface VBundleExportOptions {
+  include_logs: boolean;
+  include_browser_state: boolean;
+  include_memory_vectors: boolean;
+}
+
 export interface BuildVBundleOptions {
   /** Files to include in the archive. Must include data/db/assistant.db. */
   files: VBundleFileEntry[];
-  /** Schema version for the manifest. Defaults to "1.0". */
-  schemaVersion?: string;
-  /** Source identifier (e.g. "runtime-export"). */
-  source?: string;
-  /** Human-readable description. */
-  description?: string;
+  /** Identity of the assistant that produced this bundle. */
+  assistant: VBundleAssistantInfo;
+  /** Where this bundle was produced. */
+  origin: VBundleOriginInfo;
+  /** Runtime-version compatibility window for importers. */
+  compatibility: VBundleCompatibility;
+  /** Which optional bundle contents this export carries. */
+  exportOptions: VBundleExportOptions;
+  /**
+   * Whether secrets were stripped from the bundle before archiving.
+   * Required at the type level — defaulting silently is exactly how the
+   * prior schema mismatch went unnoticed.
+   */
+  secretsRedacted: boolean;
 }
 
 export interface BuildVBundleResult {
@@ -284,45 +319,77 @@ function createTarArchive(
 // Core builder
 // ---------------------------------------------------------------------------
 
+/**
+ * Build the v1 manifest object and its serialized JSON bytes for a vbundle.
+ *
+ * Shared by the buffered (`buildVBundle`) and streaming
+ * (`streamExportVBundle`) emit sites so the manifest shape and self-checksum
+ * computation live in exactly one place.
+ *
+ * The checksum is computed over the canonicalized manifest with the
+ * `checksum` field set to the empty string (per the schema spec) — both
+ * producers and the validator agree on this exact wire shape.
+ */
+function buildManifestObject(input: {
+  contents: ManifestFileEntryType[];
+  assistant: VBundleAssistantInfo;
+  origin: VBundleOriginInfo;
+  compatibility: VBundleCompatibility;
+  exportOptions: VBundleExportOptions;
+  secretsRedacted: boolean;
+  now: Date;
+}): { manifest: ManifestType; manifestData: Uint8Array } {
+  const manifestWithEmptyChecksum = {
+    schema_version: 1 as const,
+    bundle_id: randomUUID(),
+    created_at: input.now.toISOString(),
+    assistant: input.assistant,
+    origin: input.origin,
+    compatibility: input.compatibility,
+    contents: input.contents,
+    checksum: "",
+    secrets_redacted: input.secretsRedacted,
+    export_options: input.exportOptions,
+  };
+  const checksum = sha256Hex(canonicalizeJson(manifestWithEmptyChecksum));
+  const manifest: ManifestType = { ...manifestWithEmptyChecksum, checksum };
+  const manifestData = new TextEncoder().encode(JSON.stringify(manifest));
+  return { manifest, manifestData };
+}
+
 /**
  * Build a .vbundle archive from the given files and metadata.
  *
  * Generates a valid manifest with SHA-256 checksums for all files and
- * a self-referencing manifest_sha256 checksum. The archive is returned
+ * a self-referencing `checksum`. The archive is returned
  * as gzip-compressed tar bytes.
  */
 export function buildVBundle(options: BuildVBundleOptions): BuildVBundleResult {
   const {
     files,
-    schemaVersion = "1.0",
-    source = "runtime-export",
-    description = "Runtime export bundle",
+    assistant,
+    origin,
+    compatibility,
+    exportOptions,
+    secretsRedacted,
   } = options;
 
   // Build file entries for the manifest
   const fileEntries: ManifestFileEntryType[] = files.map((f) => ({
     path: f.path,
     sha256: sha256Hex(f.data),
-    size: f.data.length,
+    size_bytes: f.data.length,
   }));
 
-  // Build manifest without the self-checksum
-  const manifestWithoutChecksum = {
-    schema_version: schemaVersion,
-    created_at: new Date().toISOString(),
-    source,
-    description,
-    files: fileEntries,
-  };
-
-  // Compute the manifest self-checksum
-  const manifestSha256 = sha256Hex(canonicalizeJson(manifestWithoutChecksum));
-  const manifest: ManifestType = {
-    ...manifestWithoutChecksum,
-    manifest_sha256: manifestSha256,
-  };
-
-  const manifestData = new TextEncoder().encode(JSON.stringify(manifest));
+  const { manifest, manifestData } = buildManifestObject({
+    contents: fileEntries,
+    assistant,
+    origin,
+    compatibility,
+    exportOptions,
+    secretsRedacted,
+    now: new Date(),
+  });
 
   // Build tar entries: manifest first, then all files
   const tarEntries = [
@@ -423,12 +490,16 @@ function walkDirectory(
 // ---------------------------------------------------------------------------
 
 export interface BuildExportVBundleOptions {
-  /** Source identifier. Defaults to "runtime-export". */
-  source?: string;
-  /** Human-readable description. */
-  description?: string;
-  /** Absolute path to trust.json. If provided and the file exists, it is included in the archive. */
-  trustPath?: string;
+  /** Identity of the assistant that produced this bundle. */
+  assistant: VBundleAssistantInfo;
+  /** Where this bundle was produced. */
+  origin: VBundleOriginInfo;
+  /** Runtime-version compatibility window for importers. */
+  compatibility: VBundleCompatibility;
+  /** Which optional bundle contents this export carries. */
+  exportOptions: VBundleExportOptions;
+  /** Whether secrets were stripped from the bundle before archiving. */
+  secretsRedacted: boolean;
   /**
    * Absolute path to the workspace directory (~/.vellum/workspace/).
    * When provided and exists, the entire directory tree is walked and
@@ -455,7 +526,7 @@ export interface BuildExportVBundleOptions {
  * Walks the entire workspace directory (~/.vellum/workspace/) and includes
  * all files in the archive, skipping only large/regenerable directories
  * (embedding-models/, data/qdrant/). Binary files (SQLite DB, attachments)
- * are included. Trust rules are handled separately.
+ * are included.
  *
  * The WAL is checkpointed before the walk so the exported DB file contains
  * all committed rows.
@@ -464,10 +535,12 @@ export function buildExportVBundle(
   options: BuildExportVBundleOptions,
 ): BuildVBundleResult {
   const {
-    source,
-    description,
+    assistant,
+    origin,
+    compatibility,
+    exportOptions,
+    secretsRedacted,
     checkpoint,
-    trustPath,
     workspaceDir,
     credentials,
   } = options;
@@ -504,12 +577,6 @@ export function buildExportVBundle(
     configEntry.data = new TextEncoder().encode(sanitized);
   }
 
-  // Include trust rules if the file exists.
-  if (trustPath && existsSync(trustPath)) {
-    const trustData = new Uint8Array(readFileSync(trustPath));
-    files.push({ path: "trust/trust.json", data: trustData });
-  }
-
   // Include credential entries if provided
   if (credentials?.length) {
     for (const { account, value } of credentials) {
@@ -520,8 +587,11 @@ export function buildExportVBundle(
 
   return buildVBundle({
     files,
-    source: source ?? "runtime-export",
-    description: description ?? "Runtime export bundle",
+    assistant,
+    origin,
+    compatibility,
+    exportOptions,
+    secretsRedacted,
   });
 }
 
@@ -799,10 +869,12 @@ export async function streamExportVBundle(
   options: BuildExportVBundleOptions,
 ): Promise<StreamExportVBundleResult> {
   const {
-    source,
-    description,
+    assistant,
+    origin,
+    compatibility,
+    exportOptions,
+    secretsRedacted,
     checkpoint,
-    trustPath,
     workspaceDir,
     credentials,
   } = options;
@@ -828,18 +900,6 @@ export async function streamExportVBundle(
     );
   }
 
-  // Include trust rules if the file exists
-  if (trustPath && existsSync(trustPath)) {
-    const trustStat = lstatSync(trustPath);
-    if (trustStat.isFile()) {
-      allFileMetadata.push({
-        archivePath: "trust/trust.json",
-        diskPath: trustPath,
-        size: trustStat.size,
-      });
-    }
-  }
-
   // Sanitize workspace/config.json: read from disk, sanitize, and replace the
   // disk-backed metadata entry with an in-memory entry so the streaming tar
   // writes sanitized content instead of the raw file.
@@ -886,7 +946,7 @@ export async function streamExportVBundle(
     fileEntries.push({
       path: file.archivePath,
       sha256,
-      size: file.size,
+      size_bytes: file.size,
     });
   }
 
@@ -896,25 +956,19 @@ export async function streamExportVBundle(
     fileEntries.push({
       path: entry.archivePath,
       sha256,
-      size: entry.size,
+      size_bytes: entry.size,
     });
   }
 
-  const manifestWithoutChecksum = {
-    schema_version: "1.0",
-    created_at: new Date().toISOString(),
-    source: source ?? "runtime-export",
-    description: description ?? "Runtime export bundle",
-    files: fileEntries,
-  };
-
-  const manifestSha256 = sha256Hex(canonicalizeJson(manifestWithoutChecksum));
-  const manifest: ManifestType = {
-    ...manifestWithoutChecksum,
-    manifest_sha256: manifestSha256,
-  };
-
-  const manifestData = new TextEncoder().encode(JSON.stringify(manifest));
+  const { manifest, manifestData } = buildManifestObject({
+    contents: fileEntries,
+    assistant,
+    origin,
+    compatibility,
+    exportOptions,
+    secretsRedacted,
+    now: new Date(),
+  });
 
   // ------------------------------------------------------------------
   // Pass 2: Stream tar through gzip into a temp file

package/src/runtime/migrations/vbundle-import-analyzer.ts

@@ -112,7 +112,9 @@ export class DefaultPathResolver implements PathResolver {
   constructor(
     private workspaceDir?: string,
     private hooksDir?: string,
-    private guardianPersonaPathResolver: () => string | null = resolveGuardianPersonaPath,
+    private guardianPersonaPathResolver: () =>
+      | string
+      | null = resolveGuardianPersonaPath,
   ) {}
 
   resolve(archivePath: string): string | null {
@@ -247,7 +249,7 @@ export function analyzeImport(
   const files: ImportFileReport[] = [];
   const conflicts: ImportConflict[] = [];
 
-  for (const fileEntry of manifest.files) {
+  for (const fileEntry of manifest.contents) {
     const diskPath = pathResolver.resolve(fileEntry.path);
 
     // Credential entries are handled separately by the credential import
@@ -256,7 +258,7 @@ export function analyzeImport(
       files.push({
         path: fileEntry.path,
         action: "skip",
-        bundle_size: fileEntry.size,
+        bundle_size: fileEntry.size_bytes,
         bundle_sha256: fileEntry.sha256,
         current_size: null,
         current_sha256: null,
@@ -278,7 +280,7 @@ export function analyzeImport(
         files.push({
           path: fileEntry.path,
           action: "skip",
-          bundle_size: fileEntry.size,
+          bundle_size: fileEntry.size_bytes,
           bundle_sha256: fileEntry.sha256,
           current_size: null,
           current_sha256: null,
@@ -295,7 +297,7 @@ export function analyzeImport(
       files.push({
         path: fileEntry.path,
         action: "skip",
-        bundle_size: fileEntry.size,
+        bundle_size: fileEntry.size_bytes,
         bundle_sha256: fileEntry.sha256,
         current_size: null,
         current_sha256: null,
@@ -324,7 +326,7 @@ export function analyzeImport(
         files.push({
           path: fileEntry.path,
           action,
-          bundle_size: fileEntry.size,
+          bundle_size: fileEntry.size_bytes,
           bundle_sha256: fileEntry.sha256,
           current_size: currentSize,
           current_sha256: currentSha256,
@@ -344,7 +346,7 @@ export function analyzeImport(
     files.push({
       path: fileEntry.path,
       action,
-      bundle_size: fileEntry.size,
+      bundle_size: fileEntry.size_bytes,
       bundle_sha256: fileEntry.sha256,
       current_size: currentSize,
       current_sha256: currentSha256,

package/src/runtime/migrations/vbundle-importer.ts

@@ -246,7 +246,7 @@ export function commitImport(options: ImportCommitOptions): ImportCommitResult {
   // valid disk path. This prevents path-traversal entries (e.g.
   // "workspace/../../etc/passwd") from triggering a workspace purge while
   // resolving to nothing.
-  const hasWorkspaceEntries = manifest.files.some(
+  const hasWorkspaceEntries = manifest.contents.some(
     (f) => f.path.startsWith("workspace/") && !!pathResolver.resolve(f.path),
   );
 
@@ -314,7 +314,7 @@ export function commitImport(options: ImportCommitOptions): ImportCommitResult {
   const warnings: string[] = [];
   let backupsCreated = 0;
 
-  for (const fileEntry of manifest.files) {
+  for (const fileEntry of manifest.contents) {
     // Credential entries are handled separately by extractCredentialsFromBundle()
     // in migration-routes.ts — skip them silently without warnings or skip counts.
     if (fileEntry.path.startsWith("credentials/")) {
@@ -329,7 +329,7 @@ export function commitImport(options: ImportCommitOptions): ImportCommitResult {
         path: fileEntry.path,
         disk_path: "",
         action: "skipped",
-        size: fileEntry.size,
+        size: fileEntry.size_bytes,
         sha256: fileEntry.sha256,
         backup_path: null,
       });
@@ -347,7 +347,7 @@ export function commitImport(options: ImportCommitOptions): ImportCommitResult {
         path: fileEntry.path,
         disk_path: diskPath,
         action: "skipped",
-        size: fileEntry.size,
+        size: fileEntry.size_bytes,
         sha256: fileEntry.sha256,
         backup_path: null,
       });
@@ -377,7 +377,7 @@ export function commitImport(options: ImportCommitOptions): ImportCommitResult {
         path: fileEntry.path,
         disk_path: diskPath,
         action: "skipped",
-        size: fileEntry.size,
+        size: fileEntry.size_bytes,
         sha256: fileEntry.sha256,
         backup_path: null,
       });
@@ -536,7 +536,7 @@ export function commitImport(options: ImportCommitOptions): ImportCommitResult {
   // run (e.g. workspaceDir unset) the live metadata.json is still on
   // disk untouched — we must not rewrite it here or we would drop the
   // non-vellum entries the caller chose to keep.
-  const bundleHadMetadata = manifest.files.some(
+  const bundleHadMetadata = manifest.contents.some(
     (f) => f.path === CREDENTIAL_METADATA_ARCHIVE_PATH,
   );
   if (
@@ -595,7 +595,7 @@ export function extractCredentialsFromBundle(
   entries: Map<string, VBundleTarEntry>,
   manifest: ManifestType,
 ): Array<{ account: string; value: string }> {
-  const manifestPaths = new Set(manifest.files.map((f) => f.path));
+  const manifestPaths = new Set(manifest.contents.map((f) => f.path));
   const credentials: Array<{ account: string; value: string }> = [];
   for (const [path, entry] of entries) {
     if (path.startsWith("credentials/") && manifestPaths.has(path)) {

package/src/runtime/migrations/vbundle-metadata-merge.ts

@@ -117,7 +117,7 @@ export function mergeMetadataPreservingVellum(
 }
 
 /** @internal For direct use by tests. */
-export const _internal = {
+const _internal = {
   VELLUM_SERVICE,
   parseMetadata,
   extractVellumRecords,

package/src/runtime/migrations/vbundle-streaming-importer.ts

@@ -314,10 +314,10 @@ export async function streamCommitImport(
         // Entry-count ceiling check. The manifest declares every file the
         // bundle claims to contain, so one check here bounds the work the
         // importer is willing to do for this bundle.
-        if (manifest.files.length > bundleEntryCap) {
+        if (manifest.contents.length > bundleEntryCap) {
           throw new StreamingValidationError(
             "bundle_too_many_entries",
-            `bundle contains more than ${bundleEntryCap} entries (declared: ${manifest.files.length})`,
+            `bundle contains more than ${bundleEntryCap} entries (declared: ${manifest.contents.length})`,
           );
         }
         entryIndex += 1;
@@ -350,7 +350,7 @@ export async function streamCommitImport(
       // Non-file entries are either directory markers (empty body) or
       // pax-header / other metadata payloads we don't consume. Apply the
       // bundle byte cap to their tar-header size too — an attacker could
-      // otherwise keep `manifest.files` small while stuffing huge pax/other
+      // otherwise keep `manifest.contents` small while stuffing huge pax/other
       // entry bodies, draining the importer for free. Directory bodies are
       // reliably zero-sized; pax headers are measured in bytes, so this
       // check is effectively free in the happy path.