@vellumai/assistant 0.7.3 → 0.8.1

package/src/runtime/assistant-event-hub.ts

@@ -39,11 +39,7 @@ export function capabilityForMessageType(
   const stem = type.replace(/_(request|cancel)$/, "");
   return HOST_PREFIX_TO_CAPABILITY[stem];
 }
-import { emitFeedEvent } from "../home/emit-feed-event.js";
-import { rewriteCommandPreview } from "../home/rewrite-command-preview.js";
-import { redactSecrets } from "../security/secret-scanner.js";
 import { appendEventToStream } from "../signals/event-stream.js";
-import { summarizeToolInput } from "../tools/tool-input-summary.js";
 import { getLogger } from "../util/logger.js";
 import type { AssistantEvent } from "./assistant-event.js";
 import { buildAssistantEvent } from "./assistant-event.js";
@@ -420,35 +416,6 @@ export class AssistantEventHub {
     return this.listClientsByCapability(capability)[0];
   }
 
-  /**
-   * Return the best client for the given capability using an explicit
-   * interface preference order. Among clients that support `capability`,
-   * the one whose `interfaceId` appears earliest in `interfacePreference`
-   * wins. Within the same interface tier, `lastActiveAt` is the tiebreaker
-   * (most recent first). Clients not in the preference list are considered last.
-   *
-   * Used by {@link HostBrowserProxy} to prefer the Chrome Extension
-   * (`chrome-extension`) over the macOS SSE bridge (`macos`) when both are
-   * connected, so `chrome.debugger` is used ahead of the localhost:9222 path.
-   */
-  getPreferredClientByCapability(
-    capability: HostProxyCapability,
-    interfacePreference: InterfaceId[],
-  ): ClientEntry | undefined {
-    const clients = this.listClientsByCapability(capability);
-    if (clients.length === 0) return undefined;
-    // listClientsByCapability returns clients sorted by lastActiveAt desc
-    // (most recent first). A stable sort by preference index preserves that
-    // ordering within each interface tier.
-    return clients.sort((a, b) => {
-      const ai = interfacePreference.indexOf(a.interfaceId);
-      const bi = interfacePreference.indexOf(b.interfaceId);
-      const ea = ai === -1 ? interfacePreference.length : ai;
-      const eb = bi === -1 ? interfacePreference.length : bi;
-      return ea - eb;
-    })[0];
-  }
-
   /**
    * Return all client subscribers with the given interface type,
    * sorted by `lastActiveAt` descending.
@@ -557,9 +524,10 @@ export function broadcastMessage(
   const resolvedConversationId = conversationId ?? extractConversationId(msg);
   const targetClientId = options?.targetClientId;
 
-  // Confirmation-request side effects: feed event + canonical guardian request.
+  // Confirmation-request side effects: canonical guardian request creation.
+  // The home-feed `activity.failed` notification side-effect lives in the
+  // notifications pipeline now, so we no longer emit a feed event here.
   if (msg.type === "confirmation_request" && resolvedConversationId) {
-    void emitConfirmationFeedEvent(msg, resolvedConversationId);
     void createCanonicalRequestForConfirmation(msg, resolvedConversationId);
   }
 
@@ -695,53 +663,3 @@ async function createCanonicalRequestForConfirmation(
   }
 }
 
-// ── Feed events for confirmation requests ─────────────────────────────────────
-
-/**
- * Emit a feed event when a confirmation request (tool approval prompt) is
- * broadcast. Emits immediately with a technical preview, then rewrites
- * into prose in the background and updates the feed item.
- */
-async function emitConfirmationFeedEvent(
-  msg: ServerMessage & { type: "confirmation_request" },
-  conversationId: string,
-): Promise<void> {
-  try {
-    const inputRecord = msg.input as Record<string, unknown>;
-    const commandPreview =
-      redactSecrets(summarizeToolInput(msg.toolName, inputRecord)) || undefined;
-    const technicalTitle = commandPreview
-      ? `Requesting permission: ${commandPreview}`
-      : `Requesting approval to use ${msg.toolName}.`;
-    const dedupKey = `tool-approval:${msg.requestId}`;
-
-    await emitFeedEvent({
-      source: "assistant",
-      title: technicalTitle,
-      summary: technicalTitle,
-      dedupKey,
-      urgency: msg.riskLevel === "high" ? "high" : "medium",
-      conversationId,
-      detailPanel: { kind: "toolPermission" },
-    });
-
-    // Background: rewrite into prose and update the feed item.
-    if (commandPreview) {
-      const prose = await rewriteCommandPreview(msg.toolName, commandPreview);
-      if (prose) {
-        const proseTitle = `Requesting permission: ${prose}`;
-        await emitFeedEvent({
-          source: "assistant",
-          title: proseTitle,
-          summary: proseTitle,
-          dedupKey,
-          urgency: msg.riskLevel === "high" ? "high" : "medium",
-          conversationId,
-          detailPanel: { kind: "toolPermission" },
-        });
-      }
-    }
-  } catch (err) {
-    log.warn({ err }, "Failed to emit confirmation feed event from broadcast");
-  }
-}

package/src/runtime/auth/route-policy.ts

@@ -137,12 +137,25 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "conversations/wake", scopes: ["chat.write"] },
 
   { endpoint: "conversations/inference-profile", scopes: ["chat.write"] },
+  {
+    endpoint: "conversations/inference-profile-session/open",
+    scopes: ["chat.write"],
+  },
+  {
+    endpoint: "conversations/inference-profile-session/close",
+    scopes: ["chat.write"],
+  },
+  {
+    endpoint: "conversations/inference-profile-sessions",
+    scopes: ["chat.read"],
+  },
   { endpoint: "conversations/cancel", scopes: ["chat.write"] },
   { endpoint: "conversations/undo", scopes: ["chat.write"] },
   { endpoint: "conversations/regenerate", scopes: ["chat.write"] },
   { endpoint: "conversations/attention", scopes: ["chat.read"] },
   { endpoint: "conversations/seen", scopes: ["chat.write"] },
   { endpoint: "conversations/unread", scopes: ["chat.write"] },
+  { endpoint: "conversations/import", scopes: ["chat.write"] },
   { endpoint: "search", scopes: ["chat.read"] },
   { endpoint: "search/global", scopes: ["chat.read"] },
   { endpoint: "suggestion", scopes: ["chat.read"] },
@@ -307,6 +320,7 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "apps/restore", scopes: ["settings.write"] },
   { endpoint: "apps/bundle", scopes: ["settings.write"] },
   { endpoint: "apps/open-bundle", scopes: ["settings.write"] },
+  { endpoint: "apps/import-bundle", scopes: ["settings.write"] },
   { endpoint: "apps/shared-list", scopes: ["settings.read"] },
   { endpoint: "apps/fork", scopes: ["settings.write"] },
   { endpoint: "apps/share-cloud", scopes: ["settings.write"] },
@@ -315,6 +329,9 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "apps/sign-bundle", scopes: ["settings.write"] },
   { endpoint: "apps/signing-identity", scopes: ["settings.read"] },
   { endpoint: "apps/dist", scopes: ["settings.read"] },
+  { endpoint: "apps/publish", scopes: ["settings.write"] },
+  { endpoint: "apps/unpublish", scopes: ["settings.write"] },
+  { endpoint: "apps/publish-status", scopes: ["settings.read"] },
   { endpoint: "pages", scopes: ["settings.read"] },
 
   // Usage / cost telemetry
@@ -366,7 +383,10 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "acp/steer", scopes: ["chat.write"] },
   { endpoint: "acp/cancel", scopes: ["chat.write"] },
   { endpoint: "acp/close", scopes: ["chat.write"] },
-  { endpoint: "acp/sessions:DELETE", scopes: ["chat.write"] },
+  // Bulk-clear acp_session_history is a destructive global operation;
+  // require settings.write to match conversations/clear-all. The per-row
+  // delete below (acp/sessions/delete) stays at chat.write.
+  { endpoint: "acp/sessions:DELETE", scopes: ["settings.write"] },
   { endpoint: "acp/sessions/delete", scopes: ["chat.write"] },
   { endpoint: "acp", scopes: ["chat.read"] },
 
@@ -381,7 +401,14 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
 
   // Generic config read/patch
   { endpoint: "config:GET", scopes: ["settings.read"] },
+
+  // Config JSON Schema (full or scoped sub-schema)
+  { endpoint: "config/schema:GET", scopes: ["settings.read"] },
   { endpoint: "config:PATCH", scopes: ["settings.write"] },
+  // Direct single-path set (preserves null, replaces objects)
+  { endpoint: "config/set:POST", scopes: ["settings.write"] },
+  // Secret-allowlist regex validation (read-only)
+  { endpoint: "config/allowlist/validate:GET", scopes: ["settings.read"] },
 
   // LLM call site catalog
   { endpoint: "config/llm/call-sites:GET", scopes: ["settings.read"] },
@@ -415,6 +442,11 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   // Queued message deletion
   { endpoint: "messages/queued", scopes: ["chat.write"] },
 
+  // Bookmarks
+  { endpoint: "bookmarks:GET", scopes: ["chat.read"] },
+  { endpoint: "bookmarks:POST", scopes: ["chat.write"] },
+  { endpoint: "bookmarks/by-message:DELETE", scopes: ["chat.write"] },
+
   // Interfaces
   { endpoint: "interfaces", scopes: ["settings.read"] },
 
@@ -432,15 +464,9 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "memory/v2/backfill:POST", scopes: ["settings.write"] },
   { endpoint: "memory/v2/validate:POST", scopes: ["settings.read"] },
   { endpoint: "memory/v2/concept-page:POST", scopes: ["settings.read"] },
+  { endpoint: "memory/v2/list-concept-pages:POST", scopes: ["settings.read"] },
   { endpoint: "memory/v2/reembed-skills:POST", scopes: ["settings.write"] },
-  { endpoint: "memory/v2/explain-similarity:POST", scopes: ["settings.read"] },
-  { endpoint: "memory/v2/fit-anisotropy:POST", scopes: ["settings.write"] },
-  {
-    endpoint: "memory/v2/rebuild-corpus-stats:POST",
-    scopes: ["settings.write"],
-  },
   { endpoint: "memory/v2/concept-frequency:POST", scopes: ["settings.read"] },
-  { endpoint: "memory/v2/fit-anisotropy:POST", scopes: ["settings.write"] },
 
   // Trust rule listing
   { endpoint: "trust-rules/manage:GET", scopes: ["settings.read"] },
@@ -485,16 +511,29 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "backups/create", scopes: ["settings.write"] },
   { endpoint: "backups/restore", scopes: ["settings.write"] },
   { endpoint: "backups/verify", scopes: ["settings.read"] },
+  { endpoint: "backup/enable", scopes: ["settings.write"] },
+  { endpoint: "backup/disable", scopes: ["settings.write"] },
+  { endpoint: "backup/destinations", scopes: ["settings.read"] },
+  { endpoint: "backup/destinations/add", scopes: ["settings.write"] },
+  { endpoint: "backup/destinations/remove", scopes: ["settings.write"] },
+  { endpoint: "backup/destinations/set-encrypt", scopes: ["settings.write"] },
+  { endpoint: "backup/status", scopes: ["settings.read"] },
 
   // Settings (voice, avatar, client settings)
   { endpoint: "settings/voice", scopes: ["settings.write"] },
   { endpoint: "settings/avatar/generate", scopes: ["settings.write"] },
   { endpoint: "avatar/character-components", scopes: ["settings.read"] },
   { endpoint: "avatar/render-from-traits", scopes: ["settings.write"] },
+  { endpoint: "avatar/generate", scopes: ["settings.write"] },
+  { endpoint: "avatar/set", scopes: ["settings.write"] },
+  { endpoint: "avatar/remove", scopes: ["settings.write"] },
+  { endpoint: "avatar/get", scopes: ["settings.read"] },
+  { endpoint: "avatar/character/ascii", scopes: ["settings.read"] },
   { endpoint: "settings/client", scopes: ["settings.write"] },
 
   // Schedules
   { endpoint: "schedules", scopes: ["settings.read"] },
+  { endpoint: "schedules:POST", scopes: ["settings.write"] },
   { endpoint: "schedules:DELETE", scopes: ["settings.write"] },
   { endpoint: "schedules/toggle", scopes: ["settings.write"] },
   { endpoint: "schedules/run", scopes: ["settings.write"] },
@@ -533,6 +572,25 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   { endpoint: "stt/providers", scopes: ["settings.read"] },
   { endpoint: "stt/transcribe", scopes: ["chat.write"] },
 
+  // Inference provider connections
+  { endpoint: "inference/provider-connections:GET", scopes: ["settings.read"] },
+  {
+    endpoint: "inference/provider-connections:POST",
+    scopes: ["settings.write"],
+  },
+  {
+    endpoint: "inference/provider-connections/detail:GET",
+    scopes: ["settings.read"],
+  },
+  {
+    endpoint: "inference/provider-connections/detail:PATCH",
+    scopes: ["settings.write"],
+  },
+  {
+    endpoint: "inference/provider-connections/detail:DELETE",
+    scopes: ["settings.write"],
+  },
+
   // OAuth / integrations
   { endpoint: "oauth/start", scopes: ["settings.write"] },
   { endpoint: "integrations/oauth/start", scopes: ["settings.write"] }, // legacy alias
@@ -555,6 +613,25 @@ const ACTOR_ENDPOINTS: Array<{ endpoint: string; scopes: Scope[] }> = [
   // Tools
   { endpoint: "tools", scopes: ["settings.read"] },
   { endpoint: "tools/simulate-permission", scopes: ["settings.read"] },
+
+  // Webhooks
+  { endpoint: "webhooks/register", scopes: ["settings.write"] },
+  { endpoint: "webhooks", scopes: ["settings.read"] },
+
+  // Image generation
+  { endpoint: "image-generation/generate", scopes: ["settings.write"] },
+
+  // Auth introspection (returns platform identity for the calling actor)
+  { endpoint: "auth/info", scopes: ["settings.read"] },
+
+  // OAuth provider mutations (mirror oauth/apps.create/.delete shape)
+  { endpoint: "oauth/providers.register", scopes: ["settings.write"] },
+  { endpoint: "oauth/providers.update", scopes: ["settings.write"] },
+  { endpoint: "oauth/providers.delete", scopes: ["settings.write"] },
+
+  // OAuth app upsert + lookup
+  { endpoint: "oauth/apps.upsert", scopes: ["settings.write"] },
+  { endpoint: "oauth/apps/lookup", scopes: ["settings.read"] },
 ];
 
 for (const { endpoint, scopes } of ACTOR_ENDPOINTS) {
@@ -595,6 +672,9 @@ const INTERNAL_ENDPOINTS = [
   "internal/mcp/reload", // ← new
   "internal/oauth/connect/start",
   "internal/oauth/connect/status",
+  "internal/mcp/list",
+  "internal/mcp/add",
+  "internal/mcp/remove",
 ];
 for (const endpoint of INTERNAL_ENDPOINTS) {
   registerPolicy(endpoint, {
@@ -802,8 +882,224 @@ registerPolicy("background-tools/cancel", {
   allowedPrincipalTypes: ["local"],
 });
 
+// TTS CLI synthesis: local-only (CLI / IPC callers)
+registerPolicy("tts/synthesize-cli", {
+  requiredScopes: ["chat.read"],
+  allowedPrincipalTypes: ["local"],
+});
+
+// STT file transcription: local-only — handler reads/transcodes an arbitrary
+// host filesystem path, so non-local callers cannot be allowed to drive it.
+registerPolicy("stt/transcribe-file", {
+  requiredScopes: ["chat.write"],
+  allowedPrincipalTypes: ["local"],
+});
+
+// Domain management (IPC-local)
+registerPolicy("domain/register", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+
+registerPolicy("domain/status", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+
+// Email management (IPC-local)
+registerPolicy("email/register", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+
+registerPolicy("email/unregister", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+
+registerPolicy("email/send", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+
+registerPolicy("email/list", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+
+registerPolicy("email/status", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+
+registerPolicy("email/download", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+
+// Email attachment-get streams binary bytes via an IPC envelope ({ stream,
+// headers }). HTTP callers would receive the envelope serialized as JSON
+// rather than a usable byte stream, so gate the route to local principals
+// (CLI / IPC) only. Aligns with tts/synthesize-cli + stt/transcribe-file.
+registerPolicy("email/attachment-get", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+
+registerPolicy("email/attachment-list", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+
 // User-defined routes under /x/*
 registerPolicy("x", {
   requiredScopes: ["settings.read"],
   allowedPrincipalTypes: ["actor", "svc_gateway", "svc_daemon", "local"],
 });
+
+// Audit log read (CLI-local introspection of tool invocations)
+registerPolicy("audit", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+
+// Conversation CLI routes (IPC-local — feed `assistant conversations list/create/export/clear`)
+registerPolicy("conversations/cli/list", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("conversations/cli/create", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("conversations/cli/export", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+// `conversations/cli/clear` wipes every conversation + message + vector
+// collection. Elevated to settings.write and locked to local callers,
+// mirroring the `conversations/clear-all` and `conversations/wipe` gates.
+registerPolicy("conversations/cli/clear", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+
+// CLI-driven LLM dispatch. Aligns with `tts/synthesize-cli` and
+// `stt/transcribe-file` — IPC-local with chat.write because the handler
+// drives a model call on behalf of the caller.
+registerPolicy("inference/send", {
+  requiredScopes: ["chat.write"],
+  allowedPrincipalTypes: ["local"],
+});
+
+// Platform connection management (IPC-local CLI workflow)
+registerPolicy("platform/status", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("platform/connect", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("platform/disconnect", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("platform/callback-routes", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("platform/callback-routes/register", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+
+// Email sequences (IPC-local CLI workflow). Reads use settings.read, writes
+// use settings.write.
+registerPolicy("sequences/list", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("sequences/get", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("sequences/pause", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("sequences/resume", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("sequences/cancel-enrollment", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("sequences/stats", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+// Both GET and POST live on `sequences/guardrails`; the POST variant flips
+// to settings.write below.
+registerPolicy("sequences/guardrails", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("sequences/guardrails:POST", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+
+// User-defined route inspection (CLI: `assistant routes list/inspect`).
+// Reads the workspace `routes/` directory and dynamically imports modules
+// — keep firmly local-only.
+registerPolicy("user-routes/list", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("user-routes/inspect", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+
+// OAuth CLI commands (IPC-local — `assistant oauth status/ping/token/...`).
+// Migrated from CLI process to daemon IPC handlers in #30251; the existing
+// `oauth/*` entries in ACTOR_ENDPOINTS cover the actor-token surface, these
+// register policies for the CLI-only IPC paths added in that migration.
+registerPolicy("oauth/disconnect", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("oauth/mode", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("oauth/mode.set", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("oauth/status", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("oauth/ping", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("oauth/token", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("oauth/request", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("oauth/managed-connect.start", {
+  requiredScopes: ["settings.write"],
+  allowedPrincipalTypes: ["local"],
+});
+registerPolicy("oauth/managed-connect/poll", {
+  requiredScopes: ["settings.read"],
+  allowedPrincipalTypes: ["local"],
+});

package/src/runtime/auth/same-actor.ts

@@ -45,6 +45,8 @@ export type SameActorOp =
   | "host_bash"
   | "host_file"
   | "host_cu"
+  | "host_browser"
+  | "host_app_control"
   | "host_transfer";
 
 /**