@vellumai/assistant 0.7.3 → 0.8.1

package/src/workspace/migrations/079-home-feed-notification-only.ts

@@ -0,0 +1,197 @@
+/**
+ * Workspace migration `076-home-feed-notification-only`.
+ *
+ * Rewrites `<workspace>/data/home-feed.json` from the legacy v1 schema
+ * (mixed `nudge | digest | action | thread` types with `source`,
+ * `author`, `minTimeAway` fields) into the collapsed v2 schema (single
+ * `notification` type, no source/author/minTimeAway).
+ *
+ * Behaviour:
+ *   - Missing file → no-op.
+ *   - Malformed JSON → log and no-op (daemon startup must never block;
+ *     the writer's `readHomeFeed()` already treats unreadable files as
+ *     empty so the next append cycle naturally rewrites a clean file).
+ *   - Already v2 → no-op (idempotent).
+ *   - v1 (or any non-v2 shape with an `items` array): drop entries
+ *     whose `type !== "action"` (legacy nudge/digest/thread items have
+ *     no v2 analogue and weren't surfaced as live notifications anyway,
+ *     per PR 15 of the home-notif-feed-revamp plan); for kept entries
+ *     drop `source` / `author` / `minTimeAway` and rewrite `type` to
+ *     `"notification"`. Persist as `{ version: 2, items, updatedAt }`.
+ *
+ * Idempotent: running the migration a second time on a v2 file is a
+ * no-op. The runner's checkpoint also skips re-runs, but this in-file
+ * guard keeps the migration safe even if the checkpoint is wiped.
+ *
+ * `down()` is a no-op — the legacy v1 fields (`source`, `author`,
+ * `minTimeAway`, the four item types) were dropped during the
+ * forward migration and cannot be recovered. Rolling back to v1 from
+ * v2 would also leave the writer producing a shape the older code
+ * cannot parse, so a real rollback would require reverting the writer
+ * code in lockstep.
+ */
+
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import { getLogger } from "../../util/logger.js";
+import type { WorkspaceMigration } from "./types.js";
+
+const log = getLogger("workspace-migration-076-home-feed-notification-only");
+
+const HOME_FEED_RELATIVE_PATH = join("data", "home-feed.json");
+
+/** v2 file format. Mirrors `HomeFeedFile` in `home/feed-types.ts`. */
+interface V2HomeFeedFile {
+  version: 2;
+  items: V2FeedItem[];
+  updatedAt: string;
+}
+
+/**
+ * v2 item shape. Inlined rather than imported from `home/feed-types.ts`
+ * so the migration stays self-contained — per AGENTS.md migrations
+ * should minimise cross-module coupling so they remain stable as code
+ * around them evolves.
+ */
+interface V2FeedItem {
+  id: string;
+  type: "notification";
+  priority: number;
+  title: string;
+  summary: string;
+  timestamp: string;
+  status: string;
+  expiresAt?: string;
+  actions?: unknown[];
+  urgency?: string;
+  conversationId?: string;
+  detailPanel?: unknown;
+  createdAt: string;
+}
+
+export const homeFeedNotificationOnlyMigration: WorkspaceMigration = {
+  id: "home-feed-notification-only-v2",
+  description:
+    "Rewrite home-feed.json into v2 schema (single 'notification' type)",
+
+  run(workspaceDir: string): void {
+    const path = join(workspaceDir, HOME_FEED_RELATIVE_PATH);
+    if (!existsSync(path)) {
+      return;
+    }
+
+    let raw: unknown;
+    try {
+      raw = JSON.parse(readFileSync(path, "utf-8"));
+    } catch (err) {
+      // Daemon startup must never block on a parse failure here. The
+      // writer's read path also treats malformed files as empty, so
+      // skipping the migration just means the next append cycle will
+      // overwrite the file with a fresh v2 snapshot.
+      log.warn(
+        { err, path },
+        "Failed to parse home-feed.json; skipping migration",
+      );
+      return;
+    }
+
+    if (!isPlainObject(raw)) {
+      log.warn({ path }, "home-feed.json is not an object; skipping migration");
+      return;
+    }
+
+    if (raw.version === 2) {
+      // Already migrated.
+      return;
+    }
+
+    const rawItems = Array.isArray(raw.items) ? raw.items : [];
+    const items: V2FeedItem[] = [];
+    for (const entry of rawItems) {
+      const migrated = migrateItem(entry);
+      if (migrated) items.push(migrated);
+    }
+
+    const next: V2HomeFeedFile = {
+      version: 2,
+      items,
+      updatedAt: new Date().toISOString(),
+    };
+
+    try {
+      writeFileSync(path, JSON.stringify(next, null, 2), "utf-8");
+      log.info(
+        { path, items: items.length },
+        "Rewrote home-feed.json to v2 schema",
+      );
+    } catch (err) {
+      log.warn(
+        { err, path },
+        "Failed to write migrated home-feed.json; leaving prior file in place",
+      );
+    }
+  },
+
+  down(_workspaceDir: string): void {
+    // Lossy migration — legacy fields (source/author/minTimeAway and
+    // nudge/digest/thread items) cannot be reconstructed. The writer
+    // code itself only emits v2 now, so rolling back would also leave
+    // the file in a shape the v1 reader could not parse without
+    // reverting feed-writer.ts in lockstep.
+  },
+};
+
+/**
+ * Convert a single legacy item into a v2 item, or return `null` to
+ * drop it. Only `type === "action"` items survive — legacy
+ * nudge/digest/thread entries have no v2 analogue and were not
+ * surfaced as live notifications by PR 4's wiring (only assistant-
+ * authored `action` items reached the live feed via
+ * `home-feed-side-effect.ts`).
+ */
+function migrateItem(entry: unknown): V2FeedItem | null {
+  if (!isPlainObject(entry)) return null;
+  if (entry.type !== "action") return null;
+
+  // Required fields — fail-soft on missing critical strings rather
+  // than throwing, so a single bad legacy entry does not lose the
+  // rest of the items.
+  if (
+    typeof entry.id !== "string" ||
+    typeof entry.title !== "string" ||
+    typeof entry.summary !== "string" ||
+    typeof entry.timestamp !== "string" ||
+    typeof entry.createdAt !== "string"
+  ) {
+    return null;
+  }
+  const priority =
+    typeof entry.priority === "number" && Number.isInteger(entry.priority)
+      ? entry.priority
+      : 50;
+  const status = typeof entry.status === "string" ? entry.status : "new";
+
+  const out: V2FeedItem = {
+    id: entry.id,
+    type: "notification",
+    priority,
+    title: entry.title,
+    summary: entry.summary,
+    timestamp: entry.timestamp,
+    status,
+    createdAt: entry.createdAt,
+  };
+  if (typeof entry.expiresAt === "string") out.expiresAt = entry.expiresAt;
+  if (Array.isArray(entry.actions)) out.actions = entry.actions;
+  if (typeof entry.urgency === "string") out.urgency = entry.urgency;
+  if (typeof entry.conversationId === "string") {
+    out.conversationId = entry.conversationId;
+  }
+  if (isPlainObject(entry.detailPanel)) out.detailPanel = entry.detailPanel;
+  return out;
+}
+
+function isPlainObject(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}

package/src/workspace/migrations/080-restrict-vercel-api-token-metadata.ts

@@ -0,0 +1,182 @@
+/**
+ * Workspace migration `080-restrict-vercel-api-token-metadata`.
+ *
+ * Repairs legacy Vercel API token credential metadata that was stored
+ * with overly permissive policy (e.g. `bash` in allowedTools and
+ * injection templates targeting `api.vercel.com`). Rewrites the
+ * Vercel record to the hardened policy:
+ *
+ *   - `allowedTools: ["publish_page", "unpublish_page"]`
+ *   - `allowedDomains: []`
+ *   - `injectionTemplates` removed
+ *
+ * Behaviour:
+ *   - Missing metadata file -> no-op.
+ *   - Malformed JSON -> log and no-op.
+ *   - Unrecognized future schema version -> no-op.
+ *   - No `vercel`/`api_token` credential record -> no-op.
+ *   - Already matches target policy -> no-op (no rewrite, no updatedAt bump).
+ *   - Non-Vercel credential records are never modified.
+ *
+ * Idempotent: running twice produces no second write. The runner's
+ * checkpoint also prevents re-runs, but this in-file guard keeps the
+ * migration safe even if the checkpoint is wiped.
+ *
+ * This migration never touches secure secret values — only the
+ * metadata policy fields.
+ */
+
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import { getLogger } from "../../util/logger.js";
+import type { WorkspaceMigration } from "./types.js";
+
+const log = getLogger(
+  "workspace-migration-080-restrict-vercel-api-token-metadata",
+);
+
+const METADATA_RELATIVE_PATH = join("data", "credentials", "metadata.json");
+
+/** Known on-disk schema versions we can safely handle. */
+const KNOWN_VERSIONS = new Set([1, 2, 3, 4, 5]);
+
+/** The hardened target policy for the Vercel API token. */
+const TARGET_ALLOWED_TOOLS = ["publish_page", "unpublish_page"];
+const TARGET_ALLOWED_DOMAINS: string[] = [];
+
+export const restrictVercelApiTokenMetadataMigration: WorkspaceMigration = {
+  id: "080-restrict-vercel-api-token-metadata",
+  description:
+    "Restrict existing Vercel API token metadata to publish tools only",
+
+  run(workspaceDir: string): void {
+    const metadataPath = join(workspaceDir, METADATA_RELATIVE_PATH);
+    if (!existsSync(metadataPath)) {
+      return;
+    }
+
+    let raw: string;
+    try {
+      raw = readFileSync(metadataPath, "utf-8");
+    } catch (err) {
+      log.warn(
+        { err, path: metadataPath },
+        "Failed to read credentials metadata; skipping migration",
+      );
+      return;
+    }
+
+    let parsed: unknown;
+    try {
+      parsed = JSON.parse(raw);
+    } catch (err) {
+      log.warn(
+        { err, path: metadataPath },
+        "Failed to parse credentials metadata JSON; skipping migration",
+      );
+      return;
+    }
+
+    if (!isPlainObject(parsed)) {
+      log.warn(
+        { path: metadataPath },
+        "Credentials metadata is not an object; skipping migration",
+      );
+      return;
+    }
+
+    // Respect unrecognized future schema versions — do not touch the file.
+    const version = typeof parsed.version === "number" ? parsed.version : 1;
+    if (!KNOWN_VERSIONS.has(version)) {
+      log.info(
+        { version, path: metadataPath },
+        "Credentials metadata has unrecognized version; skipping migration",
+      );
+      return;
+    }
+
+    const credentials = Array.isArray(parsed.credentials)
+      ? parsed.credentials
+      : [];
+
+    // Find the Vercel API token record.
+    const vercelIdx = credentials.findIndex(
+      (c: unknown) =>
+        isPlainObject(c) && c.service === "vercel" && c.field === "api_token",
+    );
+
+    if (vercelIdx === -1) {
+      // No Vercel credential — nothing to repair.
+      return;
+    }
+
+    const vercelRecord = credentials[vercelIdx] as Record<string, unknown>;
+
+    // Check if already matches target policy.
+    if (alreadyMatchesTarget(vercelRecord)) {
+      return;
+    }
+
+    // Rewrite the Vercel record to the target policy.
+    vercelRecord.allowedTools = TARGET_ALLOWED_TOOLS;
+    vercelRecord.allowedDomains = TARGET_ALLOWED_DOMAINS;
+    delete vercelRecord.injectionTemplates;
+    vercelRecord.updatedAt = Date.now();
+
+    try {
+      writeFileSync(metadataPath, JSON.stringify(parsed, null, 2), "utf-8");
+      log.info(
+        { path: metadataPath },
+        "Repaired Vercel API token metadata to hardened policy",
+      );
+    } catch (err) {
+      log.warn(
+        { err, path: metadataPath },
+        "Failed to write repaired credentials metadata; leaving prior file in place",
+      );
+    }
+  },
+
+  down(_workspaceDir: string): void {
+    // Cannot recover the original vulnerable policy — and we would not
+    // want to even if we could. This is a security hardening migration.
+  },
+};
+
+/**
+ * Returns true when the Vercel record already matches the target
+ * hardened policy, meaning no rewrite is necessary.
+ */
+function alreadyMatchesTarget(record: Record<string, unknown>): boolean {
+  const tools = record.allowedTools;
+  const domains = record.allowedDomains;
+
+  if (!Array.isArray(tools) || tools.length !== TARGET_ALLOWED_TOOLS.length) {
+    return false;
+  }
+  const sortedTools = [...tools].sort();
+  const sortedTarget = [...TARGET_ALLOWED_TOOLS].sort();
+  for (let i = 0; i < sortedTools.length; i++) {
+    if (sortedTools[i] !== sortedTarget[i]) return false;
+  }
+
+  if (!Array.isArray(domains) || domains.length !== 0) {
+    return false;
+  }
+
+  // injectionTemplates must be absent or undefined.
+  if (
+    "injectionTemplates" in record &&
+    record.injectionTemplates !== undefined &&
+    record.injectionTemplates !== null
+  ) {
+    return false;
+  }
+
+  return true;
+}
+
+function isPlainObject(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}

package/src/workspace/migrations/081-backfill-bash-allowed-tools-for-injection-credentials.ts

@@ -0,0 +1,160 @@
+/**
+ * Workspace migration `081-backfill-bash-allowed-tools-for-injection-credentials`.
+ *
+ * After migration 080 stripped Vercel's injection templates and locked
+ * its `allowedTools` to `["publish_page", "unpublish_page"]`, the new
+ * shell.ts credential policy enforcement (`isToolAllowed("bash", meta.allowedTools)`)
+ * would reject every other service that legitimately uses proxied bash
+ * via injection templates — because their `allowedTools` was never populated.
+ *
+ * This migration backfills `"bash"` into `allowedTools` for any credential
+ * that:
+ *   1. Has a non-empty `injectionTemplates` array (i.e., it uses proxied bash).
+ *   2. Has empty or missing `allowedTools`.
+ *
+ * Credentials that already have populated `allowedTools` (like the
+ * now-hardened Vercel credential) are NOT touched.
+ *
+ * Behaviour:
+ *   - Missing metadata file -> no-op.
+ *   - Malformed JSON -> log and no-op.
+ *   - Unrecognized future schema version -> no-op.
+ *   - No qualifying credentials -> no-op (no rewrite).
+ *   - Already backfilled -> no-op (idempotent).
+ *
+ * Idempotent: running twice produces no second write.
+ */
+
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import { getLogger } from "../../util/logger.js";
+import type { WorkspaceMigration } from "./types.js";
+
+const log = getLogger(
+  "workspace-migration-081-backfill-bash-allowed-tools-for-injection-credentials",
+);
+
+const METADATA_RELATIVE_PATH = join("data", "credentials", "metadata.json");
+
+/** Known on-disk schema versions we can safely handle. */
+const KNOWN_VERSIONS = new Set([1, 2, 3, 4, 5]);
+
+export const backfillBashAllowedToolsForInjectionCredentialsMigration: WorkspaceMigration =
+  {
+    id: "081-backfill-bash-allowed-tools-for-injection-credentials",
+    description:
+      "Backfill bash into allowedTools for credentials with injection templates",
+
+    run(workspaceDir: string): void {
+      const metadataPath = join(workspaceDir, METADATA_RELATIVE_PATH);
+      if (!existsSync(metadataPath)) {
+        return;
+      }
+
+      let raw: string;
+      try {
+        raw = readFileSync(metadataPath, "utf-8");
+      } catch (err) {
+        log.warn(
+          { err, path: metadataPath },
+          "Failed to read credentials metadata; skipping migration",
+        );
+        return;
+      }
+
+      let parsed: unknown;
+      try {
+        parsed = JSON.parse(raw);
+      } catch (err) {
+        log.warn(
+          { err, path: metadataPath },
+          "Failed to parse credentials metadata JSON; skipping migration",
+        );
+        return;
+      }
+
+      if (!isPlainObject(parsed)) {
+        log.warn(
+          { path: metadataPath },
+          "Credentials metadata is not an object; skipping migration",
+        );
+        return;
+      }
+
+      // Respect unrecognized future schema versions — do not touch the file.
+      const version = typeof parsed.version === "number" ? parsed.version : 1;
+      if (!KNOWN_VERSIONS.has(version)) {
+        log.info(
+          { version, path: metadataPath },
+          "Credentials metadata has unrecognized version; skipping migration",
+        );
+        return;
+      }
+
+      const credentials = Array.isArray(parsed.credentials)
+        ? parsed.credentials
+        : [];
+
+      let modified = false;
+
+      for (const cred of credentials) {
+        if (!isPlainObject(cred)) continue;
+
+        // Only target credentials with non-empty injectionTemplates.
+        if (!hasNonEmptyInjectionTemplates(cred)) continue;
+
+        // Only target credentials with empty or missing allowedTools.
+        if (hasPopulatedAllowedTools(cred)) continue;
+
+        // Backfill "bash" into allowedTools.
+        cred.allowedTools = ["bash"];
+        cred.updatedAt = Date.now();
+        modified = true;
+      }
+
+      if (!modified) {
+        return;
+      }
+
+      try {
+        writeFileSync(metadataPath, JSON.stringify(parsed, null, 2), "utf-8");
+        log.info(
+          { path: metadataPath },
+          "Backfilled bash into allowedTools for credentials with injection templates",
+        );
+      } catch (err) {
+        log.warn(
+          { err, path: metadataPath },
+          "Failed to write backfilled credentials metadata; leaving prior file in place",
+        );
+      }
+    },
+
+    down(_workspaceDir: string): void {
+      // This is a forward-only data repair. Rolling back would re-break
+      // proxied bash for affected services.
+    },
+  };
+
+/**
+ * Returns true when the credential has a non-empty `injectionTemplates` array.
+ */
+function hasNonEmptyInjectionTemplates(
+  record: Record<string, unknown>,
+): boolean {
+  const templates = record.injectionTemplates;
+  return Array.isArray(templates) && templates.length > 0;
+}
+
+/**
+ * Returns true when the credential has a populated (non-empty) `allowedTools` array.
+ */
+function hasPopulatedAllowedTools(record: Record<string, unknown>): boolean {
+  const tools = record.allowedTools;
+  return Array.isArray(tools) && tools.length > 0;
+}
+
+function isPlainObject(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}

package/src/workspace/migrations/082-backfill-managed-profile-labels.ts

@@ -0,0 +1,154 @@
+/**
+ * Workspace migration `082-backfill-managed-profile-labels`.
+ *
+ * Backfills `label` on the three canonical managed inference profiles
+ * (`balanced`, `quality-optimized`, `cost-optimized`) when the on-disk
+ * profile is missing it.
+ *
+ * Why this is needed
+ * ------------------
+ * Migration 052 (`seed-default-inference-profiles`) seeds the three
+ * canonical Anthropic profiles with provider/model/maxTokens/effort/
+ * thinking but **no `label`** field. The runtime profile seeder
+ * (`seedInferenceProfiles`) materializes labels on its second pass —
+ * but only when the profile didn't already exist. In platform mode
+ * (`IS_PLATFORM=true`) it deliberately defers to the existing on-disk
+ * entry to avoid clobbering platform-supplied overlay fragments, so the
+ * label never gets written.
+ *
+ * Net result: a fresh Cloud-hosted assistant (Marina QA #5, 0.8.1) shows
+ * raw slugs in the profile picker — `balanced`, `quality-optimized`,
+ * `cost-optimized` — instead of the human labels `Balanced`, `Quality`,
+ * `Speed`. This migration heals existing installs by writing the bare
+ * template label when absent.
+ *
+ * Behavior
+ * --------
+ *   - Missing config.json -> no-op.
+ *   - Malformed JSON -> log and no-op.
+ *   - `llm.profiles` absent -> no-op.
+ *   - For each canonical name: backfill `label` only when the key is
+ *     absent on disk. An explicit `null` (user cleared the label) is
+ *     preserved. A user-set string is preserved.
+ *   - Non-canonical profile names are never touched.
+ *
+ * Idempotent: running twice produces no second write.
+ *
+ * Does NOT skip on `VELLUM_DEFAULT_WORKSPACE_CONFIG_PATH`: the platform
+ * overlay supplies its own label when it cares, and the runtime seeder's
+ * `preservedProfileNames` skip path will defer to that overlay-supplied
+ * label on every boot. This migration only fills the gap when no source
+ * (overlay, migration 052, or seeder) ever wrote a label.
+ */
+
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+import { getLogger } from "../../util/logger.js";
+import type { WorkspaceMigration } from "./types.js";
+
+const log = getLogger("workspace-migration-082-backfill-managed-profile-labels");
+
+/**
+ * Bare template labels for the canonical managed profile triplet. Kept in
+ * sync with `MANAGED_PROFILE_TEMPLATES` in
+ * `assistant/src/config/seed-inference-profiles.ts`. Duplicated here
+ * intentionally — migrations are forward-only and self-contained per the
+ * workspace migrations AGENTS contract; future renames in the seeder
+ * must NOT retroactively change the data this migration writes.
+ */
+const CANONICAL_MANAGED_PROFILE_LABELS: Record<string, string> = {
+  balanced: "Balanced",
+  "quality-optimized": "Quality",
+  "cost-optimized": "Speed",
+};
+
+export const backfillManagedProfileLabelsMigration: WorkspaceMigration = {
+  id: "082-backfill-managed-profile-labels",
+  description:
+    "Backfill label on canonical managed inference profiles when absent",
+
+  run(workspaceDir: string): void {
+    const configPath = join(workspaceDir, "config.json");
+    if (!existsSync(configPath)) {
+      return;
+    }
+
+    let raw: string;
+    try {
+      raw = readFileSync(configPath, "utf-8");
+    } catch (err) {
+      log.warn(
+        { err, path: configPath },
+        "Failed to read config.json; skipping migration",
+      );
+      return;
+    }
+
+    let parsed: unknown;
+    try {
+      parsed = JSON.parse(raw);
+    } catch (err) {
+      log.warn(
+        { err, path: configPath },
+        "Failed to parse config.json; skipping migration",
+      );
+      return;
+    }
+
+    if (!isPlainObject(parsed)) {
+      return;
+    }
+
+    const llm = readObject(parsed.llm);
+    if (!llm) return;
+
+    const profiles = readObject(llm.profiles);
+    if (!profiles) return;
+
+    let modified = false;
+
+    for (const [name, label] of Object.entries(
+      CANONICAL_MANAGED_PROFILE_LABELS,
+    )) {
+      const profile = readObject(profiles[name]);
+      if (!profile) continue;
+      // Only backfill when the key is absent. Explicit `null` (user cleared
+      // the label) and any user-set string both signal intent and survive.
+      if ("label" in profile) continue;
+      profile.label = label;
+      modified = true;
+    }
+
+    if (!modified) return;
+
+    try {
+      writeFileSync(configPath, JSON.stringify(parsed, null, 2) + "\n", "utf-8");
+      log.info(
+        { path: configPath },
+        "Backfilled missing labels on canonical managed inference profiles",
+      );
+    } catch (err) {
+      log.warn(
+        { err, path: configPath },
+        "Failed to write backfilled config.json; leaving prior file in place",
+      );
+    }
+  },
+
+  down(_workspaceDir: string): void {
+    // Forward-only data repair. Rolling back would re-break the picker
+    // for installs whose only label source was this migration.
+  },
+};
+
+function readObject(value: unknown): Record<string, unknown> | null {
+  if (value === null || typeof value !== "object" || Array.isArray(value)) {
+    return null;
+  }
+  return value as Record<string, unknown>;
+}
+
+function isPlainObject(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}