@vellumai/assistant 0.8.2 → 0.8.3

package/src/daemon/handlers/__tests__/config-a2a.test.ts

@@ -0,0 +1,95 @@
+/**
+ * Tests for A2A config handler.
+ *
+ * Uses the real DB (via `initializeDb()`) and the test preload which sets
+ * `VELLUM_WORKSPACE_DIR` to a per-file temp directory.
+ */
+
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+mock.module("../../../util/logger.js", () => ({
+  getLogger: () =>
+    new Proxy({} as Record<string, unknown>, {
+      get: () => () => {},
+    }),
+}));
+
+import {
+  invalidateConfigCache,
+  loadRawConfig,
+  saveRawConfig,
+  setNestedValue,
+} from "../../../config/loader.js";
+import { getSqlite } from "../../../memory/db-connection.js";
+import { initializeDb } from "../../../memory/db-init.js";
+import { clearA2AConfig, getA2AConfig, setA2AConfig } from "../config-a2a.js";
+
+initializeDb();
+
+function resetTables(): void {
+  const sqlite = getSqlite();
+  sqlite.run("DELETE FROM assistant_contact_metadata");
+  sqlite.run("DELETE FROM contact_channels");
+  sqlite.run("DELETE FROM contacts");
+}
+
+function setConfigEnabled(enabled: boolean): void {
+  const raw = loadRawConfig();
+  setNestedValue(raw, "a2a.enabled", enabled);
+  saveRawConfig(raw);
+  invalidateConfigCache();
+}
+
+describe("getA2AConfig", () => {
+  beforeEach(() => {
+    resetTables();
+    setConfigEnabled(false);
+  });
+
+  test("returns enabled: false when a2a is disabled", () => {
+    const result = getA2AConfig();
+    expect(result.success).toBe(true);
+    expect(result.enabled).toBe(false);
+    expect(result.activeConnections).toBe(0);
+  });
+
+  test("returns enabled: true when a2a is enabled", () => {
+    setConfigEnabled(true);
+    const result = getA2AConfig();
+    expect(result.success).toBe(true);
+    expect(result.enabled).toBe(true);
+  });
+});
+
+describe("setA2AConfig", () => {
+  beforeEach(() => {
+    resetTables();
+    setConfigEnabled(false);
+  });
+
+  test("enables a2a in config", () => {
+    const result = setA2AConfig();
+    expect(result.success).toBe(true);
+    expect(result.enabled).toBe(true);
+  });
+
+  test("is idempotent", () => {
+    setA2AConfig();
+    const result = setA2AConfig();
+    expect(result.success).toBe(true);
+    expect(result.enabled).toBe(true);
+  });
+});
+
+describe("clearA2AConfig", () => {
+  beforeEach(() => {
+    resetTables();
+    setConfigEnabled(true);
+  });
+
+  test("disables a2a in config", () => {
+    const result = clearA2AConfig();
+    expect(result.success).toBe(true);
+    expect(result.enabled).toBe(false);
+  });
+});

package/src/daemon/handlers/config-a2a.ts

@@ -0,0 +1,289 @@
+/**
+ * A2A channel configuration handler.
+ *
+ * - getA2AConfig()     — read a2a.enabled, count active a2a contact_channels
+ * - setA2AConfig()     — set a2a.enabled = true
+ * - clearA2AConfig()   — set a2a.enabled = false
+ * - createA2AInvite()  — create a shareable invite token for link-based contact creation
+ * - redeemA2AInvite()  — receiver-side: create trusted contact from sender identity
+ */
+
+import {
+  getConfig,
+  invalidateConfigCache,
+  loadRawConfig,
+  saveRawConfig,
+  setNestedValue,
+} from "../../config/loader.js";
+import {
+  findContactByAddress,
+  searchContacts,
+  upsertContact,
+} from "../../contacts/contact-store.js";
+import type { VellumAssistantMetadata } from "../../contacts/types.js";
+import { getPublicBaseUrl } from "../../inbound/public-ingress-urls.js";
+import { getDb } from "../../memory/db-connection.js";
+import {
+  claimA2AInvite,
+  createInvite,
+  hashToken,
+} from "../../memory/invite-store.js";
+import { assistantContactMetadata } from "../../memory/schema.js";
+import { getAssistantName } from "../identity-helpers.js";
+// ── Result types ────────────────────────────────────────────────────
+
+export interface A2AConfigResult {
+  success: boolean;
+  enabled: boolean;
+  activeConnections: number;
+  error?: string;
+}
+
+export interface CreateA2AInviteResult {
+  success: boolean;
+  inviteId?: string;
+  token?: string;
+  expiresAt?: number;
+  senderGatewayUrl?: string;
+  error?: string;
+}
+
+export interface CompleteA2AInviteResult {
+  success: boolean;
+  sender?: { assistantId: string; displayName: string; gatewayUrl: string };
+  error?: string;
+}
+
+export interface RedeemA2AInviteResult {
+  success: boolean;
+  contactId?: string;
+  alreadyConnected?: boolean;
+  error?: string;
+}
+
+// ── Config operations ───────────────────────────────────────────────
+
+export function getA2AConfig(): A2AConfigResult {
+  const config = getConfig();
+  const enabled = config.a2a?.enabled ?? false;
+
+  const contacts = searchContacts({ channelType: "a2a" });
+  const activeConnections = contacts.reduce((count, c) => {
+    return (
+      count +
+      c.channels.filter((ch) => ch.type === "a2a" && ch.status === "active")
+        .length
+    );
+  }, 0);
+
+  return { success: true, enabled, activeConnections };
+}
+
+export function setA2AConfig(): A2AConfigResult {
+  const raw = loadRawConfig();
+  setNestedValue(raw, "a2a.enabled", true);
+  saveRawConfig(raw);
+  invalidateConfigCache();
+
+  const result = getA2AConfig();
+  return { ...result, success: true };
+}
+
+export function clearA2AConfig(): A2AConfigResult {
+  const raw = loadRawConfig();
+  setNestedValue(raw, "a2a.enabled", false);
+  saveRawConfig(raw);
+  invalidateConfigCache();
+
+  return { success: true, enabled: false, activeConnections: 0 };
+}
+
+// ── A2A invite creation ────────────────────────────────────────────
+
+export function createA2AInvite(params: {
+  expiresInHours?: number;
+}): CreateA2AInviteResult {
+  // 1. Ensure A2A channel is enabled (auto-enable on first invite)
+  const config = getA2AConfig();
+  if (!config.enabled) {
+    setA2AConfig();
+  }
+
+  // 2. Resolve public base URL
+  let publicBaseUrl: string;
+  try {
+    publicBaseUrl = getPublicBaseUrl(getConfig());
+  } catch {
+    return {
+      success: false,
+      error:
+        "No public base URL configured. Set ingress.publicBaseUrl in config.",
+    };
+  }
+
+  // 3. Create placeholder contact (no channels — will be bound on acceptance)
+  const contact = upsertContact({
+    displayName: "Pending A2A invite",
+    contactType: "assistant",
+    role: "contact",
+  });
+
+  // 4. Create the invite
+  const expiresInMs = (params.expiresInHours ?? 72) * 60 * 60 * 1000;
+  const { invite, rawToken } = createInvite({
+    sourceChannel: "a2a",
+    contactId: contact.id,
+    maxUses: 1,
+    expiresInMs,
+  });
+
+  return {
+    success: true,
+    inviteId: invite.id,
+    token: rawToken,
+    expiresAt: invite.expiresAt,
+    senderGatewayUrl: publicBaseUrl,
+  };
+}
+
+// ── A2A invite completion (sender side) ───────────────────────────
+
+export function completeA2AInvite(params: {
+  token: string;
+  senderAssistantId: string;
+  acceptor: {
+    assistantId: string;
+    displayName: string;
+    gatewayUrl: string;
+  };
+}): CompleteA2AInviteResult {
+  // Resolve sender identity before any mutations so we fail cleanly
+  const displayName = getAssistantName() ?? "Vellum Assistant";
+  let gatewayUrl: string;
+  try {
+    gatewayUrl = getPublicBaseUrl(getConfig());
+  } catch {
+    return {
+      success: false,
+      error:
+        "No public base URL configured. Set ingress.publicBaseUrl in config.",
+    };
+  }
+
+  const tokenHash = hashToken(params.token);
+  const claimResult = claimA2AInvite({
+    tokenHash,
+    redeemedByExternalUserId: params.acceptor.assistantId,
+  });
+
+  if (!claimResult.claimed || !claimResult.invite) {
+    return { success: false, error: claimResult.error };
+  }
+
+  const invite = claimResult.invite;
+
+  // Promote the placeholder contact with the acceptor's identity
+  upsertContact({
+    id: invite.contactId,
+    displayName: params.acceptor.displayName,
+    contactType: "assistant",
+    role: "contact",
+    channels: [
+      {
+        type: "a2a",
+        address: params.acceptor.assistantId.toLowerCase(),
+        externalUserId: params.acceptor.assistantId,
+        status: "active",
+        policy: "allow",
+      },
+    ],
+  });
+
+  // Write assistant contact metadata
+  const db = getDb();
+  const metadataJson = JSON.stringify({
+    assistantId: params.acceptor.assistantId,
+    gatewayUrl: params.acceptor.gatewayUrl,
+  } satisfies VellumAssistantMetadata);
+  db.insert(assistantContactMetadata)
+    .values({
+      contactId: invite.contactId,
+      species: "vellum",
+      metadata: metadataJson,
+    })
+    .onConflictDoUpdate({
+      target: assistantContactMetadata.contactId,
+      set: { species: "vellum", metadata: metadataJson },
+    })
+    .run();
+
+  return {
+    success: true,
+    sender: {
+      assistantId: params.senderAssistantId,
+      displayName,
+      gatewayUrl,
+    },
+  };
+}
+
+// ── A2A invite redemption (receiver side) ─────────────────────────
+
+export function redeemA2AInvite(params: {
+  sender: {
+    assistantId: string;
+    displayName: string;
+    gatewayUrl: string;
+  };
+}): RedeemA2AInviteResult {
+  // 1. Ensure A2A channel is enabled (auto-enable if needed)
+  const config = getA2AConfig();
+  if (!config.enabled) {
+    setA2AConfig();
+  }
+
+  // 2. Check for existing active contact with this sender
+  const existing = findContactByAddress("a2a", params.sender.assistantId);
+  if (
+    existing &&
+    existing.channels.some((ch) => ch.type === "a2a" && ch.status === "active")
+  ) {
+    return { success: true, alreadyConnected: true, contactId: existing.id };
+  }
+
+  // 3. Create the sender as a local trusted contact
+  const contact = upsertContact({
+    displayName: params.sender.displayName,
+    contactType: "assistant",
+    role: "contact",
+    channels: [
+      {
+        type: "a2a",
+        address: params.sender.assistantId.toLowerCase(),
+        externalUserId: params.sender.assistantId,
+        status: "active",
+        policy: "allow",
+      },
+    ],
+  });
+
+  // 4. Write assistant contact metadata
+  const db = getDb();
+  const metadataJson = JSON.stringify({
+    assistantId: params.sender.assistantId,
+    gatewayUrl: params.sender.gatewayUrl,
+  } satisfies VellumAssistantMetadata);
+  db.insert(assistantContactMetadata)
+    .values({
+      contactId: contact.id,
+      species: "vellum",
+      metadata: metadataJson,
+    })
+    .onConflictDoUpdate({
+      target: assistantContactMetadata.contactId,
+      set: { species: "vellum", metadata: metadataJson },
+    })
+    .run();
+
+  return { success: true, contactId: contact.id };
+}

package/src/daemon/handlers/conversations.ts

@@ -141,6 +141,7 @@ export async function regenerateResponse(
   const conversation = await getOrCreateConversation(conversationId);
   touchConversation(conversationId);
   conversation.updateClient(broadcastMessage, false);
+  getSubagentManager().updateParentSender(conversationId, broadcastMessage);
   const requestId = uuid();
   conversation.traceEmitter.emit("request_received", "Regenerate requested", {
     requestId,

package/src/daemon/host-app-control-proxy.ts

@@ -22,10 +22,11 @@
  * `running`; the rollback path on a failed `start` restores from the
  * current confirmed pointer (not from a per-call snapshot of a sibling
  * optimistic write), so two overlapping starts that both fail cannot
- * leave a phantom lock — and a late-arriving `running` for an older
- * overlapping start still updates the confirmed pointer so the lock
- * survives a subsequent rollback of the newer start. The lock is
- * released outright when the owning proxy's `dispose()` fires.
+ * leave a phantom lock. Each session carries a monotonic `dispatchedAt`
+ * counter so out-of-order `running` responses promote in dispatch order:
+ * the latest-dispatched start that the host confirms becomes the
+ * confirmed baseline, regardless of which response arrived last. The
+ * lock is released outright when the owning proxy's `dispose()` fires.
  *
  * `app_control_start` is the only tool that can acquire the lock — the
  * user's medium-risk approval at start time is the consent boundary. All
@@ -84,8 +85,22 @@ export interface ActiveAppControlSession {
    * the `app` of subsequent non-start tool calls.
    */
   app: string;
+  /**
+   * Strictly monotonic counter assigned when the session is created (in
+   * `request()` for a `start`). Used by {@link promoteStartIfCurrent} to
+   * tell which of two confirmations from overlapping starts is newer when
+   * host responses arrive out of order. Larger values are newer.
+   */
+  dispatchedAt: number;
 }
 
+/**
+ * Monotonic counter that stamps each `start`'s {@link
+ * ActiveAppControlSession.dispatchedAt}. Process-lifetime monotonic; the
+ * absolute value is meaningless — only ordering matters.
+ */
+let nextDispatchedAt = 1;
+
 /**
  * Currently active session, or `undefined` when no session is held. This
  * is the optimistic value: it is set the moment a `start` is dispatched
@@ -112,6 +127,13 @@ export function _getActiveAppControlSession():
   return activeAppControlSession;
 }
 
+/** Test-only helper: read the last host-confirmed session. */
+export function _getConfirmedAppControlSession():
+  | ActiveAppControlSession
+  | undefined {
+  return confirmedAppControlSession;
+}
+
 /** Test-only helper: clear both session pointers between test cases. */
 export function _resetActiveAppControlSession(): void {
   activeAppControlSession = undefined;
@@ -123,11 +145,18 @@ export function _resetActiveAppControlSession(): void {
  * round-trip. Useful for tests that exercise non-start tool paths and
  * don't need to verify the start flow itself.
  */
-export function _setActiveAppControlSession(
-  session: ActiveAppControlSession,
-): void {
-  activeAppControlSession = session;
-  confirmedAppControlSession = session;
+export function _setActiveAppControlSession(session: {
+  conversationId: string;
+  app: string;
+  dispatchedAt?: number;
+}): void {
+  const full: ActiveAppControlSession = {
+    conversationId: session.conversationId,
+    app: session.app,
+    dispatchedAt: session.dispatchedAt ?? nextDispatchedAt++,
+  };
+  activeAppControlSession = full;
+  confirmedAppControlSession = full;
 }
 
 /**
@@ -280,6 +309,7 @@ export class HostAppControlProxy extends HostProxyBase<
       attemptedSession = {
         conversationId: this.conversationId,
         app: input.app,
+        dispatchedAt: nextDispatchedAt++,
       };
       activeAppControlSession = attemptedSession;
     } else {
@@ -356,15 +386,27 @@ export class HostAppControlProxy extends HostProxyBase<
   }
 
   /**
-   * Promote this start's optimistic write to the confirmed pointer when
-   * the host returns `running`. Gated on conversation ownership rather
-   * than object identity: a newer overlapping start in the same
-   * conversation may have superseded our optimistic write while we were
-   * waiting on the host, but the host's `running` response for our
-   * `attempted` is still ground-truth that the lock should be held.
-   * The conversation-ownership check ensures we don't resurrect a session
-   * after `dispose()` cleared the lock or after another conversation
-   * acquired it.
+   * Promote this start's session to the confirmed pointer when the host
+   * returns `running`. Two gates:
+   *
+   * 1. The live optimistic write must still belong to this conversation —
+   *    if `dispose()` cleared the lock or another conversation acquired
+   *    it, this confirmation must not resurrect a stale session.
+   * 2. The confirming session must be at least as recent as the currently
+   *    confirmed one, compared via {@link
+   *    ActiveAppControlSession.dispatchedAt}. The dispatch counter is
+   *    assigned synchronously in `request()`, so it captures dispatch
+   *    order even when host responses arrive out of order. The latest
+   *    dispatched start that confirms wins, which is the right baseline
+   *    for the rollback path: if a newer start later fails, rollback
+   *    restores the most recently confirmed session, not an older one.
+   *
+   * Also advance the active pointer when it is strictly older than the
+   * newly-confirmed session. This handles the case where an even newer
+   * optimistic write has already failed and rolled active back to the
+   * previous confirmed session; without this, observe/actions for the
+   * newly-confirmed session would target the older app. A newer
+   * in-flight optimistic write (higher `dispatchedAt`) is preserved.
    */
   private promoteStartIfCurrent(
     attempted: ActiveAppControlSession | undefined,
@@ -373,7 +415,16 @@ export class HostAppControlProxy extends HostProxyBase<
     if (activeAppControlSession?.conversationId !== attempted.conversationId) {
       return;
     }
+    if (
+      confirmedAppControlSession != null &&
+      attempted.dispatchedAt <= confirmedAppControlSession.dispatchedAt
+    ) {
+      return;
+    }
     confirmedAppControlSession = attempted;
+    if (activeAppControlSession.dispatchedAt < attempted.dispatchedAt) {
+      activeAppControlSession = attempted;
+    }
   }
 
   /**

package/src/daemon/host-proxy-preactivation.ts

@@ -29,6 +29,9 @@
 import type { HostProxyCapability, InterfaceId } from "../channels/types.js";
 import { supportsHostProxy } from "../channels/types.js";
 import { assistantEventHub } from "../runtime/assistant-event-hub.js";
+import { getLogger } from "../util/logger.js";
+
+const log = getLogger("host-proxy-preactivation");
 
 /**
  * Subset of Conversation/ProcessConversationContext that
@@ -36,9 +39,29 @@ import { assistantEventHub } from "../runtime/assistant-event-hub.js";
  * `ProcessConversationContext` satisfy this structurally.
  */
 export interface HostProxyPreactivationTarget {
+  readonly conversationId: string;
   addPreactivatedSkillId(id: string): void;
 }
 
+/**
+ * Why an attachment decision went the way it did. Logged per turn so that
+ * silent-gate failures (e.g. ATL-609: computer-use never reaches the LLM
+ * surface for a macOS user) can be diagnosed from production logs without
+ * extra instrumentation.
+ */
+export type HostProxyAttachmentReason =
+  | "native_support"
+  | "cross_client"
+  | "denied_no_interface"
+  | "denied_chrome_extension"
+  | "denied_no_clients";
+
+export interface HostProxyAttachmentDecision {
+  shouldAttach: boolean;
+  reason: HostProxyAttachmentReason;
+  clientCount?: number;
+}
+
 /**
  * Registry mapping each host-proxy capability to the skill that must be
  * preactivated when that capability is supported by the source interface.
@@ -62,45 +85,89 @@ export const HOST_PROXY_SKILL_PREACTIVATIONS: ReadonlyArray<{
 ];
 
 /**
- * Returns true when a host-proxy for the given capability should be attached
- * (instantiated and preactivated) for the current turn. Two cases qualify:
+ * Returns the full attachment decision for a host-proxy capability — used both
+ * to gate proxy instantiation and to feed the structured preactivation log so
+ * silent gates can be diagnosed without re-instrumenting after the fact.
  *
- *  1. The source interface natively supports the capability (e.g. macOS → host_cu).
- *  2. The source interface doesn't support the capability natively but at least
- *     one connected client does — cross-client routing. `chrome-extension` is
- *     excluded as a security boundary: it is its own executor context and cannot
- *     broker cross-client routing to a macOS client.
+ *  1. No source interface → `denied_no_interface`.
+ *  2. Source interface natively supports the capability → `native_support`.
+ *  3. `chrome-extension` source can never broker cross-client routing to a
+ *     macOS client (security boundary) → `denied_chrome_extension`.
+ *  4. At least one connected client advertises the capability →
+ *     `cross_client` with `clientCount`.
+ *  5. Otherwise → `denied_no_clients` with `clientCount: 0`.
  *
- * This is the single source of truth for both preactivation and proxy
- * instantiation, so the two decisions stay in sync.
+ * Single source of truth for preactivation and proxy instantiation.
+ */
+export function evaluateHostProxyAttachment(
+  capability: HostProxyCapability,
+  sourceInterface: InterfaceId | undefined,
+): HostProxyAttachmentDecision {
+  if (!sourceInterface) {
+    return { shouldAttach: false, reason: "denied_no_interface" };
+  }
+  if (supportsHostProxy(sourceInterface, capability)) {
+    return { shouldAttach: true, reason: "native_support" };
+  }
+  if (sourceInterface === "chrome-extension") {
+    return { shouldAttach: false, reason: "denied_chrome_extension" };
+  }
+  const clientCount =
+    assistantEventHub.listClientsByCapability(capability).length;
+  if (clientCount > 0) {
+    return { shouldAttach: true, reason: "cross_client", clientCount };
+  }
+  return { shouldAttach: false, reason: "denied_no_clients", clientCount: 0 };
+}
+
+/**
+ * Boolean wrapper retained for the proxy-instantiation call sites that only
+ * need the gate result. Prefer `evaluateHostProxyAttachment` when the reason
+ * is also useful (e.g. for logging or telemetry).
  */
 export function shouldAttachHostProxyForCapability(
   capability: HostProxyCapability,
   sourceInterface: InterfaceId | undefined,
 ): boolean {
-  if (!sourceInterface) return false;
-  if (supportsHostProxy(sourceInterface, capability)) return true;
-  if (sourceInterface === "chrome-extension") return false;
-  return assistantEventHub.listClientsByCapability(capability).length > 0;
+  return evaluateHostProxyAttachment(capability, sourceInterface).shouldAttach;
 }
 
 /**
  * Preactivate every host-proxy-backed skill that the given source interface
- * supports. No-op when `sourceInterface` is undefined.
+ * supports, and emit one structured `log.info` line per turn capturing each
+ * capability's decision + the final preactivated skill IDs.
+ *
+ * The log line fires unconditionally — even when `sourceInterface` is
+ * undefined — because "preactivation never ran because no interface" is
+ * itself the diagnostic signal we want visible in production.
  *
  * Callers are responsible for any additional gating (e.g. only preactivating
  * when the conversation is idle vs. when re-adding after dequeue), since
- * those constraints differ across create vs. drain paths. This helper just
- * iterates the registry and dispatches.
+ * those constraints differ across create vs. drain paths.
  */
 export function preactivateHostProxySkills(
   conversation: HostProxyPreactivationTarget,
   sourceInterface: InterfaceId | undefined,
 ): void {
-  if (!sourceInterface) return;
+  const decisions: Record<string, HostProxyAttachmentDecision> = {};
+  const preactivatedSkillIds: string[] = [];
+
   for (const { capability, skillId } of HOST_PROXY_SKILL_PREACTIVATIONS) {
-    if (shouldAttachHostProxyForCapability(capability, sourceInterface)) {
+    const decision = evaluateHostProxyAttachment(capability, sourceInterface);
+    decisions[capability] = decision;
+    if (decision.shouldAttach) {
       conversation.addPreactivatedSkillId(skillId);
+      preactivatedSkillIds.push(skillId);
     }
   }
+
+  log.info(
+    {
+      conversationId: conversation.conversationId,
+      sourceInterface,
+      decisions,
+      preactivatedSkillIds,
+    },
+    "host-proxy preactivation decision",
+  );
 }