@vellumai/assistant 0.8.1 → 0.8.3

package/src/runtime/routes/integrations/slack/share.ts

@@ -12,9 +12,6 @@ import {
   userInfo,
 } from "../../../../messaging/providers/slack/client.js";
 import type { SlackConversation } from "../../../../messaging/providers/slack/types.js";
-import { getConnectionByProvider } from "../../../../oauth/oauth-store.js";
-import { credentialKey } from "../../../../security/credential-key.js";
-import { getSecureKeyAsync } from "../../../../security/secure-keys.js";
 import { getLogger } from "../../../../util/logger.js";
 import {
   BadRequestError,
@@ -23,50 +20,10 @@ import {
   ServiceUnavailableError,
 } from "../../errors.js";
 import type { RouteDefinition, RouteHandlerArgs } from "../../types.js";
+import { resolveSlackToken } from "./token.js";
 
 const log = getLogger("slack-share");
 
-// ---------------------------------------------------------------------------
-// Shared helpers
-// ---------------------------------------------------------------------------
-
-/**
- * Resolve a Slack token for the Share UI, mirroring the read/write auth split
- * in `messaging/providers/slack/adapter.ts`.
- *
- * For Socket Mode installs (tokens stored under `credential/slack_channel/*`),
- * prefer the user OAuth token (xoxp-) for reads when present — this lets the
- * channel picker surface channels the user belongs to but the bot doesn't.
- * Fall back to the bot token (xoxb-) otherwise.
- *
- * Writes MUST always use the bot token so posted messages come from the bot
- * identity, never the user. Passing `user_token` to chat.postMessage would
- * post as the user — unambiguously wrong for Share UI behavior.
- *
- * For legacy OAuth installs (no Socket Mode tokens), fall back to the OAuth
- * connection's access_token, which is the bot token in Slack's OAuth v2 flow.
- */
-async function resolveSlackToken(
-  mode: "read" | "write",
-): Promise<string | undefined> {
-  const botToken = await getSecureKeyAsync(
-    credentialKey("slack_channel", "bot_token"),
-  );
-  if (botToken) {
-    if (mode === "read") {
-      const userToken = await getSecureKeyAsync(
-        credentialKey("slack_channel", "user_token"),
-      );
-      return userToken ?? botToken;
-    }
-    return botToken;
-  }
-
-  const conn = getConnectionByProvider("slack");
-  if (!conn) return undefined;
-  return await getSecureKeyAsync(`oauth_connection/${conn.id}/access_token`);
-}
-
 // ---------------------------------------------------------------------------
 // GET /v1/slack/channels
 // ---------------------------------------------------------------------------
@@ -179,15 +136,11 @@ export async function handleShareToSlackChannel({
   };
 
   if (!appId || !channelId) {
-    throw new BadRequestError(
-      "Missing required fields: appId, channelId",
-    );
+    throw new BadRequestError("Missing required fields: appId, channelId");
   }
 
   if (typeof appId !== "string" || typeof channelId !== "string") {
-    throw new BadRequestError(
-      "Fields appId and channelId must be strings",
-    );
+    throw new BadRequestError("Fields appId and channelId must be strings");
   }
 
   if (message !== undefined && typeof message !== "string") {
@@ -245,8 +198,7 @@ export const ROUTES: RouteDefinition[] = [
     endpoint: "slack/channels",
     method: "GET",
     summary: "List Slack channels",
-    description:
-      "List Slack channels, groups, and DMs for the channel picker.",
+    description: "List Slack channels, groups, and DMs for the channel picker.",
     tags: ["integrations"],
     requirePolicyEnforcement: true,
     handler: () => handleListSlackChannels(),

package/src/runtime/routes/integrations/slack/token.ts

@@ -0,0 +1,43 @@
+/**
+ * Shared Slack token resolver.
+ *
+ * Resolve a Slack token for the Share UI, mirroring the read/write auth split
+ * in `messaging/providers/slack/adapter.ts`.
+ *
+ * For Socket Mode installs (tokens stored under `credential/slack_channel/*`),
+ * prefer the user OAuth token (xoxp-) for reads when present — this lets the
+ * channel picker surface channels the user belongs to but the bot doesn't.
+ * Fall back to the bot token (xoxb-) otherwise.
+ *
+ * Writes MUST always use the bot token so posted messages come from the bot
+ * identity, never the user. Passing `user_token` to chat.postMessage would
+ * post as the user — unambiguously wrong for Share UI behavior.
+ *
+ * For legacy OAuth installs (no Socket Mode tokens), fall back to the OAuth
+ * connection's access_token, which is the bot token in Slack's OAuth v2 flow.
+ */
+
+import { getConnectionByProvider } from "../../../../oauth/oauth-store.js";
+import { credentialKey } from "../../../../security/credential-key.js";
+import { getSecureKeyAsync } from "../../../../security/secure-keys.js";
+
+export async function resolveSlackToken(
+  mode: "read" | "write",
+): Promise<string | undefined> {
+  const botToken = await getSecureKeyAsync(
+    credentialKey("slack_channel", "bot_token"),
+  );
+  if (botToken) {
+    if (mode === "read") {
+      const userToken = await getSecureKeyAsync(
+        credentialKey("slack_channel", "user_token"),
+      );
+      return userToken ?? botToken;
+    }
+    return botToken;
+  }
+
+  const conn = getConnectionByProvider("slack");
+  if (!conn) return undefined;
+  return await getSecureKeyAsync(`oauth_connection/${conn.id}/access_token`);
+}

package/src/runtime/routes/integrations/twilio.ts

@@ -95,8 +95,7 @@ export async function handleSetTwilioCredentials({
 
   // Validate credentials against Twilio API
   const authHeader =
-    "Basic " +
-    Buffer.from(`${accountSid}:${authToken}`).toString("base64");
+    "Basic " + Buffer.from(`${accountSid}:${authToken}`).toString("base64");
   try {
     const res = await fetch(
       `https://api.twilio.com/2010-04-01/Accounts/${accountSid}.json`,
@@ -121,9 +120,7 @@ export async function handleSetTwilioCredentials({
     accountSid,
   );
   if (!sidStored) {
-    throw new InternalError(
-      "Failed to store Account SID in secure storage",
-    );
+    throw new InternalError("Failed to store Account SID in secure storage");
   }
 
   const tokenStored = await setSecureKeyAsync(
@@ -132,14 +129,13 @@ export async function handleSetTwilioCredentials({
   );
   if (!tokenStored) {
     await deleteSecureKeyAsync(credentialKey("twilio", "account_sid"));
-    throw new InternalError(
-      "Failed to store Auth Token in secure storage",
-    );
+    throw new InternalError("Failed to store Auth Token in secure storage");
   }
 
   const raw = loadRawConfig();
   const twilio = (raw?.twilio ?? {}) as Record<string, unknown>;
   twilio.accountSid = accountSid;
+  twilio.setupStarted = true;
   saveRawConfig({ ...raw, twilio });
 
   upsertCredentialMetadata("twilio", "account_sid", {
@@ -210,9 +206,7 @@ async function handleListTwilioNumbers() {
   return { success: true, hasCredentials: true, numbers };
 }
 
-export async function handleProvisionTwilioNumber({
-  body,
-}: RouteHandlerArgs) {
+export async function handleProvisionTwilioNumber({ body }: RouteHandlerArgs) {
   if (!(await hasTwilioCredentials())) {
     throw new BadRequestError(
       "Twilio credentials not configured. Set credentials first.",
@@ -323,8 +317,7 @@ async function handleReleaseTwilioNumber({ body }: RouteHandlerArgs) {
   };
   const raw = loadRawConfig();
   const twilio = (raw?.twilio ?? {}) as Record<string, unknown>;
-  const phoneNumber =
-    requestedNumber || (twilio.phoneNumber as string) || "";
+  const phoneNumber = requestedNumber || (twilio.phoneNumber as string) || "";
 
   if (!phoneNumber) {
     throw new BadRequestError(

package/src/runtime/routes/llm-call-sites-routes.ts

@@ -1,10 +1,20 @@
+import { resolveDefaultProfileKey } from "../../config/llm-resolver.js";
+import { loadConfig } from "../../config/loader.js";
 import { CALL_SITE_CATALOG, CALL_SITE_DOMAINS } from "../../config/schemas/call-site-catalog.js";
+import type { LLMCallSite } from "../../config/schemas/llm.js";
 import type { RouteDefinition } from "./types.js";
 
 async function handleGetCallSites() {
+  const { llm } = loadConfig();
   return {
     domains: CALL_SITE_DOMAINS,
-    callSites: CALL_SITE_CATALOG,
+    callSites: CALL_SITE_CATALOG.map((entry) => ({
+      ...entry,
+      defaultProfile: resolveDefaultProfileKey(
+        entry.id as LLMCallSite,
+        llm,
+      ),
+    })),
   };
 }
 

package/src/runtime/routes/notification-routes.ts

@@ -52,7 +52,7 @@ function handleNotificationIntentResult({ body = {} }: RouteHandlerArgs) {
 
 const AttentionHintsSchema = z.object({
   requiresAction: z.boolean(),
-  urgency: z.enum(["low", "medium", "high"]),
+  urgency: z.enum(["low", "medium", "high", "critical"]),
   deadlineAt: z.number().optional(),
   isAsyncBackground: z.boolean(),
   visibleInSourceNow: z.boolean(),

package/src/runtime/routes/oauth-commands-routes.ts

@@ -7,7 +7,12 @@
 
 import { readFileSync } from "node:fs";
 
-import { getConfig, loadRawConfig, saveRawConfig, setNestedValue } from "../../config/loader.js";
+import {
+  getConfig,
+  loadRawConfig,
+  saveRawConfig,
+  setNestedValue,
+} from "../../config/loader.js";
 import {
   getServiceMode,
   type Services,
@@ -26,9 +31,11 @@ import {
   getProvider,
   listActiveConnectionsByProvider,
   listConnections,
+  type OAuthProviderRow,
 } from "../../oauth/oauth-store.js";
 import { VellumPlatformClient } from "../../platform/client.js";
 import { withValidToken } from "../../security/token-manager.js";
+import { matchHostPattern } from "../../tools/credentials/host-pattern-match.js";
 import { getLogger } from "../../util/logger.js";
 import { BadRequestError, InternalError, NotFoundError } from "./errors.js";
 import type { RouteDefinition, RouteHandlerArgs } from "./types.js";
@@ -121,6 +128,82 @@ async function countManagedConnections(provider: string): Promise<number> {
   }
 }
 
+function parseUrl(value: string | null | undefined): URL | undefined {
+  if (!value) return undefined;
+  try {
+    return new URL(value);
+  } catch {
+    return undefined;
+  }
+}
+
+function getAllowedRequestHostPatterns(
+  providerRow: OAuthProviderRow,
+): string[] {
+  const patterns: string[] = [];
+
+  if (providerRow.injectionTemplates) {
+    try {
+      const parsed = JSON.parse(providerRow.injectionTemplates) as unknown;
+      if (Array.isArray(parsed)) {
+        for (const entry of parsed) {
+          if (
+            entry &&
+            typeof entry === "object" &&
+            typeof (entry as { hostPattern?: unknown }).hostPattern === "string"
+          ) {
+            const hostPattern = (
+              entry as { hostPattern: string }
+            ).hostPattern.trim();
+            if (hostPattern) patterns.push(hostPattern);
+          }
+        }
+      }
+    } catch {
+      // Fall back to the provider's base URL host below.
+    }
+  }
+
+  if (patterns.length === 0) {
+    const baseUrl = parseUrl(providerRow.baseUrl);
+    if (baseUrl) patterns.push(baseUrl.hostname);
+  }
+
+  return [...new Set(patterns)];
+}
+
+function assertOAuthRequestUrlAllowed(
+  providerRow: OAuthProviderRow,
+  parsedUrl: URL,
+): void {
+  const providerBaseUrl = parseUrl(providerRow.baseUrl);
+  const allowedProtocol = providerBaseUrl?.protocol ?? "https:";
+  if (parsedUrl.protocol !== allowedProtocol) {
+    throw new BadRequestError(
+      `OAuth request URL for "${providerRow.provider}" must use ${allowedProtocol.replace(/:$/, "")}.`,
+    );
+  }
+
+  const allowedHostPatterns = getAllowedRequestHostPatterns(providerRow);
+  if (allowedHostPatterns.length === 0) {
+    throw new BadRequestError(
+      `OAuth provider "${providerRow.provider}" does not define an allowed request host.`,
+    );
+  }
+
+  const allowed = allowedHostPatterns.some(
+    (pattern) =>
+      matchHostPattern(parsedUrl.hostname, pattern, {
+        includeApexForWildcard: true,
+      }) !== "none",
+  );
+  if (!allowed) {
+    throw new BadRequestError(
+      `OAuth request URL host "${parsedUrl.hostname}" is not allowed for "${providerRow.provider}". Allowed hosts: ${allowedHostPatterns.join(", ")}.`,
+    );
+  }
+}
+
 // ---------------------------------------------------------------------------
 // Disconnect handler
 // ---------------------------------------------------------------------------
@@ -176,7 +259,9 @@ async function handleDisconnect({ body = {} }: RouteHandlerArgs) {
       accountLabel = match.account_label;
     } else {
       if (entries.length === 0) {
-        throw new NotFoundError(`No active connections found for "${b.provider}".`);
+        throw new NotFoundError(
+          `No active connections found for "${b.provider}".`,
+        );
       }
       if (entries.length > 1) {
         throw new BadRequestError(
@@ -235,7 +320,9 @@ async function handleDisconnect({ body = {} }: RouteHandlerArgs) {
   } else {
     const active = listActiveConnectionsByProvider(b.provider);
     if (active.length === 0) {
-      throw new NotFoundError(`No active connections found for "${b.provider}".`);
+      throw new NotFoundError(
+        `No active connections found for "${b.provider}".`,
+      );
     }
     if (active.length > 1) {
       throw new BadRequestError(
@@ -582,11 +669,7 @@ async function handleToken({ body = {} }: RouteHandlerArgs) {
     tokenOpts = { connectionId: conn.id };
   }
 
-  const token = await withValidToken(
-    b.provider,
-    async (t) => t,
-    tokenOpts,
-  );
+  const token = await withValidToken(b.provider, async (t) => t, tokenOpts);
 
   return { ok: true, token };
 }
@@ -666,6 +749,7 @@ async function handleRequest({ body = {} }: RouteHandlerArgs) {
 
   if (b.url.startsWith("http://") || b.url.startsWith("https://")) {
     const parsed = new URL(b.url);
+    assertOAuthRequestUrlAllowed(providerRow, parsed);
     baseUrl = `${parsed.protocol}//${parsed.host}`;
     requestPath = parsed.pathname;
     for (const [key, value] of parsed.searchParams.entries()) {
@@ -717,7 +801,12 @@ async function handleRequest({ body = {} }: RouteHandlerArgs) {
   const query: Record<string, string | string[]> = { ...queryFromUrl };
 
   // Use pre-parsed data from CLI, or fall back to raw data string for direct API callers
-  const resolvedData = b.parsed_data !== undefined ? b.parsed_data : b.data !== undefined ? readBodyData(b.data) : undefined;
+  const resolvedData =
+    b.parsed_data !== undefined
+      ? b.parsed_data
+      : b.data !== undefined
+        ? readBodyData(b.data)
+        : undefined;
 
   if (resolvedData !== undefined) {
     const rawBody = resolvedData;
@@ -855,7 +944,9 @@ async function handleManagedConnect({ body = {} }: RouteHandlerArgs) {
   return { ok: true, connect_url: result.connect_url };
 }
 
-async function handleManagedConnectPoll({ queryParams = {} }: RouteHandlerArgs) {
+async function handleManagedConnectPoll({
+  queryParams = {},
+}: RouteHandlerArgs) {
   const provider = queryParams.provider;
   if (!provider) throw new BadRequestError("provider query param is required");
 
@@ -894,7 +985,8 @@ export const ROUTES: RouteDefinition[] = [
     endpoint: "oauth/mode",
     method: "GET",
     summary: "Get OAuth mode",
-    description: "Get the current OAuth mode (managed or your-own) for a provider.",
+    description:
+      "Get the current OAuth mode (managed or your-own) for a provider.",
     tags: ["oauth"],
     requirePolicyEnforcement: true,
     queryParams: [
@@ -913,8 +1005,7 @@ export const ROUTES: RouteDefinition[] = [
     method: "POST",
     policyKey: "oauth/mode.set",
     summary: "Set OAuth mode",
-    description:
-      "Set the OAuth mode (managed or your-own) for a provider.",
+    description: "Set the OAuth mode (managed or your-own) for a provider.",
     tags: ["oauth"],
     requirePolicyEnforcement: true,
     handler: handleModeSet,
@@ -955,8 +1046,7 @@ export const ROUTES: RouteDefinition[] = [
     method: "POST",
     policyKey: "oauth/token",
     summary: "Get OAuth token",
-    description:
-      "Retrieve a valid OAuth access token for a BYO-mode provider.",
+    description: "Retrieve a valid OAuth access token for a BYO-mode provider.",
     tags: ["oauth"],
     requirePolicyEnforcement: true,
     handler: handleToken,

package/src/runtime/routes/oauth-lifecycle-routes.ts

@@ -0,0 +1,43 @@
+/**
+ * Transport-agnostic routes for OAuth lifecycle events.
+ *
+ * Allows CLI commands to notify the daemon when OAuth state changes
+ * (e.g. after `assistant oauth connect`) so the daemon can refresh its
+ * cached config and credential state.
+ */
+
+import { z } from "zod";
+
+import { getConfig, invalidateConfigCache } from "../../config/loader.js";
+import type { RouteDefinition, RouteHandlerArgs } from "./types.js";
+
+// ── Handlers ──────────────────────────────────────────────────────────
+
+function handleOAuthConnectionChanged(_args: RouteHandlerArgs): {
+  refreshed: boolean;
+} {
+  invalidateConfigCache();
+  // Force re-read from disk so subsequent resolveOAuthConnection() calls
+  // in this process see the current mode setting.
+  getConfig();
+  return { refreshed: true };
+}
+
+// ── Routes ────────────────────────────────────────────────────────────
+
+export const ROUTES: RouteDefinition[] = [
+  {
+    operationId: "oauth_connection_changed",
+    endpoint: "oauth/connection-changed",
+    method: "POST",
+    policyKey: "oauth/connection-changed",
+    handler: handleOAuthConnectionChanged,
+    summary: "Notify the assistant that an OAuth connection changed",
+    description:
+      "Invalidates the config cache so the assistant picks up mode and credential changes immediately.",
+    tags: ["oauth"],
+    responseBody: z.object({
+      refreshed: z.boolean(),
+    }),
+  },
+];