@vellumai/assistant 0.7.2 → 0.7.3

package/src/tools/registry.ts

@@ -8,6 +8,7 @@ import { hostFileReadTool } from "./host-filesystem/read.js";
 import { hostFileTransferTool } from "./host-filesystem/transfer.js";
 import { hostFileWriteTool } from "./host-filesystem/write.js";
 import { hostShellTool } from "./host-terminal/host-shell.js";
+import { toProviderSafeToolName } from "./provider-tool-name.js";
 import { registerSystemTools } from "./system/register.js";
 import type { Tool } from "./types.js";
 import { allUiSurfaceTools } from "./ui-surface/definitions.js";
@@ -75,6 +76,24 @@ const skillRefCount = new Map<string, number>();
 // separate and covers the case of two extensions choosing the same tool name.
 const pluginRefCount = new Map<string, number>();
 
+function withProviderSafeToolName(tool: Tool): Tool {
+  const safeName = toProviderSafeToolName(tool.name);
+  if (safeName === tool.name) {
+    return tool;
+  }
+
+  return {
+    ...tool,
+    name: safeName,
+    getDefinition(): ToolDefinition {
+      return {
+        ...tool.getDefinition(),
+        name: safeName,
+      };
+    },
+  };
+}
+
 export function registerTool(tool: Tool): void {
   const existing = tools.get(tool.name);
   if (existing) {
@@ -176,15 +195,17 @@ export function registerPluginTools(
   pluginName: string,
   newTools: Tool[],
 ): Tool[] {
-  const stamped: Tool[] = newTools.map((tool) => ({
-    ...tool,
-    origin: "plugin" as const,
-    ownerPluginId: pluginName,
-    ownerSkillId: undefined,
-    ownerMcpServerId: undefined,
-    ownerSkillBundled: undefined,
-    ownerSkillVersionHash: undefined,
-  }));
+  const stamped: Tool[] = newTools.map((tool) =>
+    withProviderSafeToolName({
+      ...tool,
+      origin: "plugin" as const,
+      ownerPluginId: pluginName,
+      ownerSkillId: undefined,
+      ownerMcpServerId: undefined,
+      ownerSkillBundled: undefined,
+      ownerSkillVersionHash: undefined,
+    }),
+  );
 
   const accepted: Tool[] = [];
   for (const tool of stamped) {

package/src/tools/terminal/shell.ts

@@ -111,6 +111,15 @@ class ShellTool implements Tool {
       return { content: "Error: command contains null bytes", isError: true };
     }
 
+    const background = input.background === true;
+    if (background && context.diskPressureCleanupModeActive === true) {
+      return {
+        content:
+          "Error: background shell commands are not available during disk pressure cleanup mode.",
+        isError: true,
+      };
+    }
+
     const config = getConfig();
     const shellLockdownActive =
       isCesShellLockdownEnabled(config) &&
@@ -276,7 +285,6 @@ class ShellTool implements Tool {
     // Background mode: spawn and return immediately. The process output is
     // delivered to the conversation as a wake when the process exits.
     // -----------------------------------------------------------------------
-    const background = input.background === true;
     if (background) {
       // Check the registry limit BEFORE spawning so we never leak an
       // untracked process when the registry is full.

package/src/tools/tool-approval-handler.ts

@@ -13,12 +13,13 @@ import { getLogger } from "../util/logger.js";
 import { getAllTools, getTool } from "./registry.js";
 import { isSideEffectTool } from "./side-effects.js";
 import { summarizeToolInput } from "./tool-input-summary.js";
-import type {
-  ExecutionTarget,
-  Tool,
-  ToolContext,
-  ToolExecutionResult,
-  ToolLifecycleEvent,
+import {
+  type ExecutionTarget,
+  isDiskPressureCleanupToolName,
+  type Tool,
+  type ToolContext,
+  type ToolExecutionResult,
+  type ToolLifecycleEvent,
 } from "./types.js";
 import { enforceVerificationControlPlanePolicy } from "./verification-control-plane-policy.js";
 
@@ -309,6 +310,30 @@ export class ToolApprovalHandler {
       };
     }
 
+    if (
+      context.diskPressureCleanupModeActive === true &&
+      !isDiskPressureCleanupToolName(name)
+    ) {
+      const msg = `Tool "${name}" is not available during disk pressure cleanup mode.`;
+      const durationMs = Date.now() - startTime;
+      emitLifecycleEvent({
+        type: "error",
+        toolName: name,
+        executionTarget,
+        input,
+        workingDir: context.workingDir,
+        conversationId: context.conversationId,
+        requestId: context.requestId,
+        riskLevel,
+        decision: "error",
+        durationMs,
+        errorMessage: msg,
+        isExpected: true,
+        errorCategory: "tool_failure",
+      });
+      return { allowed: false, result: { content: msg, isError: true } };
+    }
+
     // Gate tools not active for the current turn
     if (context.allowedToolNames && !context.allowedToolNames.has(name)) {
       const msg = `Tool "${name}" is not currently active. Load the skill that provides this tool first.`;

package/src/tools/types.ts

@@ -18,6 +18,20 @@ import type { SecretPromptResult } from "../permissions/secret-prompter.js";
 import type { ContentBlock } from "../providers/types.js";
 import type { TrustClass } from "../runtime/actor-trust-resolver.js";
 
+export const DISK_PRESSURE_CLEANUP_TOOL_NAMES: ReadonlySet<string> = new Set([
+  "bash",
+  "host_bash",
+  "file_read",
+  "file_list",
+  "host_file_read",
+  "background_tool_list",
+  "background_tool_cancel",
+]);
+
+export function isDiskPressureCleanupToolName(name: string): boolean {
+  return DISK_PRESSURE_CLEANUP_TOOL_NAMES.has(name);
+}
+
 // ---------------------------------------------------------------------------
 // Re-exports + concrete overlays for types that live in
 // @vellumai/skill-host-contracts.
@@ -177,6 +191,8 @@ export interface ToolContext {
   proxyToolResolver?: ProxyToolResolver;
   /** When set, only tools in this set may execute. Tools outside the set are blocked with an error. */
   allowedToolNames?: Set<string>;
+  /** True when this turn is restricted to storage cleanup-safe tools. */
+  diskPressureCleanupModeActive?: boolean;
   /** Prompt the user for a secret value via native SecureField UI. */
   requestSecret?: (params: {
     service: string;
@@ -192,8 +208,6 @@ export interface ToolContext {
   sendToClient?: (msg: { type: string; [key: string]: unknown }) => void;
   /** True when an interactive client is connected (not just a no-op callback). */
   isInteractive?: boolean;
-  /** Memory scope ID from the conversation's memory policy, so memory tools can target the correct scope. */
-  memoryScopeId?: string;
   /** When true, tools with side effects should always prompt for confirmation. */
   forcePromptSideEffects?: boolean;
   /**
@@ -268,6 +282,14 @@ export interface ToolContext {
    * `executeSubagentSpawn` in tools/subagent/spawn.ts.
    */
   overrideProfile?: string;
+  /**
+   * Canonical principal ID of the actor on whose behalf this tool invocation
+   * is running. Sourced from `conversation.trustContext.guardianPrincipalId`.
+   * Used by host proxies to bind cross-client targeted execution to the same
+   * authenticated user identity. May be undefined for legacy/internal flows
+   * with no resolved actor identity.
+   */
+  sourceActorPrincipalId?: string;
 }
 
 export interface Tool {

package/src/tts/provider-catalog.ts

@@ -13,8 +13,6 @@
 
 import type { TtsCallMode, TtsProviderId } from "./types.js";
 
-export type { TtsCallMode } from "./types.js";
-
 // ---------------------------------------------------------------------------
 // Catalog entry model
 // ---------------------------------------------------------------------------
@@ -22,7 +20,7 @@ export type { TtsCallMode } from "./types.js";
 /**
  * Metadata about a secret (API key / credential) required by a provider.
  */
-export interface TtsProviderSecretRequirement {
+interface TtsProviderSecretRequirement {
   /**
    * The key used to retrieve this secret from the secure credential store.
    *
@@ -49,7 +47,7 @@ export interface TtsProviderSecretRequirement {
  * These describe static, provider-wide traits — they do not change based
  * on runtime configuration or per-request parameters.
  */
-export interface TtsProviderCatalogCapabilities {
+interface TtsProviderCatalogCapabilities {
   /** Whether the provider supports chunk-level streaming synthesis. */
   readonly supportsStreaming: boolean;
 
@@ -64,7 +62,7 @@ export interface TtsProviderCatalogCapabilities {
  * metadata level — identity, display name, telephony call mode,
  * capabilities, and secret requirements.
  */
-export interface TtsProviderCatalogEntry {
+interface TtsProviderCatalogEntry {
   /** Unique provider identifier matching {@link TtsProviderId}. */
   readonly id: TtsProviderId;
 

package/src/util/disk-usage.ts

@@ -0,0 +1,138 @@
+import { spawnSync } from "node:child_process";
+import { existsSync, statfsSync } from "node:fs";
+
+import { getMinikubeStorageSize } from "../config/env-registry.js";
+import { getWorkspaceDir } from "./platform.js";
+
+export interface DiskUsageInfo {
+  path: string;
+  totalMb: number;
+  usedMb: number;
+  freeMb: number;
+}
+
+/**
+ * Measure the on-disk usage of one or more directory paths using `du -sb`.
+ * Returns the sum of all paths in bytes, or null on failure.
+ */
+function getDirectorySizeBytes(paths: string[]): number | null {
+  try {
+    const existing = paths.filter((p) => existsSync(p));
+    if (existing.length === 0) return null;
+    const result = spawnSync("du", ["-sb", ...existing], {
+      encoding: "utf-8",
+      timeout: 30_000,
+    });
+    if (result.status !== 0) return null;
+    let total = 0;
+    for (const line of result.stdout.trim().split("\n")) {
+      const size = parseInt(line.split("\t")[0], 10);
+      if (!isNaN(size) && size > 0) total += size;
+    }
+    return total > 0 ? total : null;
+  } catch {
+    return null;
+  }
+}
+
+const DU_CACHE_TTL_MS = 60_000;
+let duCacheValue: number | null = null;
+let duCacheTime = 0;
+let duCachePaths: string | null = null;
+
+function getCachedDirectorySizeBytes(paths: string[]): number | null {
+  const key = paths.join("\0");
+  const now = Date.now();
+  if (duCachePaths === key && now - duCacheTime < DU_CACHE_TTL_MS) {
+    return duCacheValue;
+  }
+  duCacheValue = getDirectorySizeBytes(paths);
+  duCacheTime = now;
+  duCachePaths = key;
+  return duCacheValue;
+}
+
+export function __resetDiskUsageCacheForTests(): void {
+  duCacheValue = null;
+  duCacheTime = 0;
+  duCachePaths = null;
+}
+
+export function getDiskUsageInfo(): DiskUsageInfo | null {
+  try {
+    const wsDir = getWorkspaceDir();
+    const diskPath = existsSync(wsDir) ? wsDir : "/";
+    const stats = statfsSync(diskPath);
+    const fsTotalBytes = stats.bsize * stats.blocks;
+    const fsFreeBytes = stats.bsize * stats.bavail;
+    const bytesToMb = (b: number) =>
+      Math.round((b / (1024 * 1024)) * 100) / 100;
+
+    // Minikube mode: the platform passes the PVC storage size so we can
+    // report accurate capacity. On hostPath-backed PVCs statfsSync reports
+    // the host's entire filesystem rather than the PVC. Detect this by
+    // comparing filesystem size against PVC size — if the filesystem is
+    // larger, measure actual directory usage with `du` instead.
+    const storageSizeRaw = getMinikubeStorageSize();
+    if (storageSizeRaw) {
+      const pvcTotalBytes = parseK8sMemoryBytes(storageSizeRaw);
+      if (pvcTotalBytes !== null && fsTotalBytes > pvcTotalBytes * 1.1) {
+        const volumePaths = [diskPath];
+        if (diskPath !== "/data" && existsSync("/data")) {
+          volumePaths.push("/data");
+        }
+        const usedBytes = getCachedDirectorySizeBytes(volumePaths);
+        if (usedBytes !== null) {
+          return {
+            path: diskPath,
+            totalMb: bytesToMb(pvcTotalBytes),
+            usedMb: bytesToMb(usedBytes),
+            freeMb: bytesToMb(Math.max(0, pvcTotalBytes - usedBytes)),
+          };
+        }
+      }
+    }
+
+    return {
+      path: diskPath,
+      totalMb: bytesToMb(fsTotalBytes),
+      usedMb: bytesToMb(fsTotalBytes - fsFreeBytes),
+      freeMb: bytesToMb(fsFreeBytes),
+    };
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Parse a Kubernetes-style memory string (e.g. "3Gi", "512Mi", "1G") into bytes.
+ * Returns null if the value is not a recognized format.
+ */
+export function parseK8sMemoryBytes(value: string): number | null {
+  const match = value
+    .trim()
+    .match(/^(\d+(?:\.\d+)?)\s*(Ki|Mi|Gi|Ti|Pi|Ei|k|M|G|T|P|E|m)?$/);
+  if (!match) return null;
+  const num = parseFloat(match[1]);
+  const unit = match[2] ?? "";
+  const multipliers: Record<string, number> = {
+    "": 1,
+    m: 1e-3,
+    k: 1e3,
+    M: 1e6,
+    G: 1e9,
+    T: 1e12,
+    P: 1e15,
+    E: 1e18,
+    Ki: 1024,
+    Mi: 1024 ** 2,
+    Gi: 1024 ** 3,
+    Ti: 1024 ** 4,
+    Pi: 1024 ** 5,
+    Ei: 1024 ** 6,
+  };
+  const mult = multipliers[unit];
+  if (mult === undefined) return null;
+  const bytes = Math.round(num * mult);
+  return bytes > 0 ? bytes : null;
+}

package/src/util/platform.ts

@@ -7,14 +7,25 @@ import { getWorkspaceDirOverride } from "../config/env-registry.js";
 /**
  * The daemon's root data directory (`~/.vellum`).
  *
- * Multi-instance path relocation is handled by the CLI when spawning the
- * daemon (via `VELLUM_WORKSPACE_DIR` and `GATEWAY_SECURITY_DIR`); the
- * assistant itself never reads an env var for this.
+ * Used as a fallback when `VELLUM_WORKSPACE_DIR` is not set, and as a
+ * stable constant for paths (like `.env`) that intentionally live at the
+ * host home directory regardless of workspace relocation.
  */
 const VELLUM_ROOT = join(homedir(), ".vellum");
 
-/** Returns the daemon's root data directory (`~/.vellum`). */
+/**
+ * Returns the Vellum root directory.
+ *
+ * Resolution order (mirrors workspace/migrations/utils.ts):
+ * 1. Parent of VELLUM_WORKSPACE_DIR — e.g. /data/.vellum/workspace → /data/.vellum
+ * 2. If that parent is "/" (workspace at top level), fall back to ~/.vellum
+ */
 export function vellumRoot(): string {
+  const override = getWorkspaceDirOverride();
+  if (override) {
+    const parent = dirname(override);
+    if (parent !== "/") return parent;
+  }
   return VELLUM_ROOT;
 }
 
@@ -160,17 +171,16 @@ export function getHistoryPath(): string {
 }
 
 /**
- * Returns the protected directory (~/.vellum/protected). Security-sensitive
- * files — trust rules, encrypted credential store, signing keys, feature-flag
- * overrides, device approval lists — live here.
+ * Returns the protected directory. Security-sensitive files — trust rules,
+ * encrypted credential store, signing keys, feature-flag overrides, device
+ * approval lists — live here.
  *
  * This directory is:
- * - Outside the workspace
  * - Outside the sandbox write boundary (tools cannot modify it)
  * - Skipped in containerized mode (credentials via CES, trust via gateway)
  */
 export function getProtectedDir(): string {
-  return join(VELLUM_ROOT, "protected");
+  return join(vellumRoot(), "protected");
 }
 
 /** Returns ~/.vellum/workspace/signals — the directory for IPC signal files. */
@@ -204,7 +214,7 @@ export function getBinDir(): string {
 
 /** Returns the path to the dot-env file (~/.vellum/.env). Stays at root because it contains secrets. */
 export function getDotEnvPath(): string {
-  return join(VELLUM_ROOT, ".env");
+  return join(vellumRoot(), ".env");
 }
 
 /** Returns the path to the embed-worker PID file (~/.vellum/workspace/embed-worker.pid). */
@@ -368,7 +378,7 @@ export function getBundledBunPath(): string | undefined {
 }
 
 export function ensureDataDir(): void {
-  const root = VELLUM_ROOT;
+  const root = vellumRoot();
   const workspace = getWorkspaceDir();
   const wsData = join(workspace, "data");
   const dirs = [

package/src/util/process-liveness.ts

@@ -0,0 +1,26 @@
+/**
+ * Cross-process liveness probe shared by file-locking helpers.
+ *
+ * Uses `kill(pid, 0)`, which sends no signal but probes the OS for whether a
+ * process exists and whether the caller has permission to signal it. Returns
+ * `false` for obviously invalid PIDs and for any error indicating the process
+ * is gone (most commonly ESRCH). Returns `true` for ESRCH-negative results
+ * (process exists) and for EPERM (process exists but is owned by another user
+ * — still alive, still must not be taken over).
+ */
+
+import { kill } from "node:process";
+
+export function isProcessAlive(pid: number): boolean {
+  if (!Number.isInteger(pid) || pid <= 0) return false;
+  try {
+    kill(pid, 0);
+    return true;
+  } catch (err) {
+    const code = (err as NodeJS.ErrnoException).code;
+    // EPERM means the PID exists but we cannot signal it — treat as alive so
+    // we don't accidentally take over another user's lock.
+    if (code === "EPERM") return true;
+    return false;
+  }
+}

package/src/workspace/heartbeat-service.ts

@@ -1,3 +1,8 @@
+import {
+  checkDiskPressureBackgroundGate,
+  diskPressureBackgroundSkipLogFields,
+  shouldLogDiskPressureBackgroundSkip,
+} from "../daemon/disk-pressure-background-gate.js";
 import { getLogger } from "../util/logger.js";
 import { getEnrichmentService } from "./commit-message-enrichment-service.js";
 import {
@@ -137,6 +142,20 @@ export class WorkspaceHeartbeatService {
       return { checked: 0, committed: 0, skipped: 0, failed: 0 };
     }
 
+    const diskPressureGate = checkDiskPressureBackgroundGate("background-work");
+    if (diskPressureGate.action === "skip") {
+      if (shouldLogDiskPressureBackgroundSkip("workspace-heartbeat")) {
+        log.warn(
+          {
+            source: "workspace-heartbeat",
+            ...diskPressureBackgroundSkipLogFields(diskPressureGate),
+          },
+          "Workspace heartbeat skipped during disk pressure cleanup mode",
+        );
+      }
+      return { checked: 0, committed: 0, skipped: 0, failed: 0 };
+    }
+
     const doCheck = async (): Promise<HeartbeatCheckResult> => {
       const result: HeartbeatCheckResult = {
         checked: 0,

package/src/workspace/migrations/065-bump-stale-heartbeat-interval.ts

@@ -0,0 +1,60 @@
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import type { WorkspaceMigration } from "./types.js";
+
+const THIRTY_MINUTES_MS = 30 * 60 * 1000;
+const LEGACY_DEFAULT_INTERVALS_MS = new Set([
+  3 * 60 * 60 * 1000,
+  6 * 60 * 60 * 1000,
+]);
+
+/**
+ * Bump stale baked heartbeat defaults to 30 minutes.
+ *
+ * Older first-launch config files materialized the then-current heartbeat
+ * default into `config.json`, so changing the schema default alone would not
+ * affect existing default users. A workspace could have intentionally selected
+ * one of these exact intervals; product intent is still to move legacy 3h/6h
+ * heartbeat schedules to the 30-minute default, and those users can reset the
+ * interval after upgrade.
+ */
+export const bumpStaleHeartbeatIntervalMigration: WorkspaceMigration = {
+  id: "065-bump-stale-heartbeat-interval",
+  description:
+    "Bump legacy heartbeat.intervalMs defaults of 3h/6h to the current 30-minute default",
+  run(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) return;
+
+    let config: Record<string, unknown>;
+    try {
+      const raw = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+      config = raw as Record<string, unknown>;
+    } catch {
+      return;
+    }
+
+    const heartbeat = config.heartbeat;
+    if (!heartbeat || typeof heartbeat !== "object" || Array.isArray(heartbeat))
+      return;
+
+    const heartbeatConfig = heartbeat as Record<string, unknown>;
+    const intervalMs = heartbeatConfig.intervalMs;
+    if (
+      typeof intervalMs !== "number" ||
+      !LEGACY_DEFAULT_INTERVALS_MS.has(intervalMs)
+    ) {
+      return;
+    }
+
+    heartbeatConfig.intervalMs = THIRTY_MINUTES_MS;
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  },
+  down(_workspaceDir: string): void {
+    // Forward-only: the stale value may have been a schema-default artifact,
+    // while 30 minutes may also have been explicitly configured later. Without
+    // per-workspace state we cannot safely distinguish those cases.
+  },
+};