@vellumai/assistant 0.9.0 → 0.10.0-staging.2

package/node_modules/@vellumai/ces-client/src/rpc-client.ts

@@ -45,6 +45,14 @@ export interface CesTransport {
   isAlive(): boolean;
   /** Tear down the transport connection. */
   close(): void;
+  /**
+   * Register a callback that fires once when the transport dies (its read side
+   * ends, the process exits, or the socket closes). Lets the client fail-fast
+   * any in-flight requests instead of letting each wait out its timeout.
+   * Optional: a transport that doesn't implement it falls back to
+   * timeout-based failure.
+   */
+  onClose?(handler: () => void): void;
 }
 
 // ---------------------------------------------------------------------------
@@ -155,6 +163,16 @@ export function createCesRpcClient(
 
   const pending = new Map<string, PendingRequest>();
 
+  /** Reject and clear every in-flight request. Shared by `close()` and the
+   *  transport-death handler. */
+  function rejectAllPending(error: Error): void {
+    for (const [id, entry] of pending) {
+      clearTimeout(entry.timer);
+      pending.delete(id);
+      entry.reject(error);
+    }
+  }
+
   // -------------------------------------------------------------------------
   // Incoming message dispatch
   // -------------------------------------------------------------------------
@@ -209,6 +227,15 @@ export function createCesRpcClient(
     }
   });
 
+  // Fail-fast on transport death: when the transport's read side ends (e.g. a
+  // spurious stdout EOF on a CES bounce) or the connection closes, reject every
+  // in-flight request immediately. The response can never arrive on a dead
+  // transport, so without this a pending call hangs until `requestTimeoutMs`
+  // (observed: 30s stalls on credential reads that raced a CES restart).
+  transport.onClose?.(() => {
+    rejectAllPending(new CesTransportError("CES transport closed"));
+  });
+
   // -------------------------------------------------------------------------
   // Send helpers
   // -------------------------------------------------------------------------
@@ -384,11 +411,7 @@ export function createCesRpcClient(
     },
 
     close(): void {
-      for (const [id, entry] of pending) {
-        clearTimeout(entry.timer);
-        entry.reject(new CesTransportError("CES client closed"));
-        pending.delete(id);
-      }
+      rejectAllPending(new CesTransportError("CES client closed"));
       ready = false;
       transport.close();
     },

package/node_modules/@vellumai/environments/src/seeds.ts

@@ -25,11 +25,8 @@ function portBlock(base: number): PortMap {
 }
 
 /**
- * Built-in environment definitions and the TS-side source of truth for the
- * set of known environment names. The Swift client mirrors this list in
- * `clients/macos/vellum-assistant/App/VellumEnvironment.swift`; since Swift
- * can't import TypeScript, drift between the two is caught at test time by
- * `cli/src/__tests__/env-drift.test.ts`.
+ * Built-in environment definitions and the source of truth for the
+ * set of known environment names.
  *
  * Custom environments via a user config file are a future phase — see the
  * "Coexisting environments" design doc. Until then, a call site that needs a

package/node_modules/@vellumai/gateway-client/src/admission-policy-contract.ts

@@ -0,0 +1,97 @@
+/**
+ * Shared admission policy vocabulary used on the gateway→runtime wire.
+ *
+ * Both the gateway (channel admission policy storage + kill switch) and the
+ * runtime (admission-policy stage) consume these values. Keeping the type
+ * here avoids the runtime importing from `gateway/src` and avoids the
+ * vocabulary drift the plan §2.1 flags for the verification-purpose
+ * `trustClass` enum.
+ */
+
+import { z } from "zod";
+
+/**
+ * Per-channel inbound admission policy — ordered from most-restrictive
+ * (`no_one`, hard kill switch) to most-permissive (`strangers`, admits any
+ * sender). See `unverified-contact-role-plan.md` §2.3.
+ */
+export const ADMISSION_POLICY_VALUES = [
+  "no_one",
+  "guardian_only",
+  "trusted_contacts",
+  "any_contact",
+  "strangers",
+] as const;
+
+export type AdmissionPolicy = (typeof ADMISSION_POLICY_VALUES)[number];
+
+export const AdmissionPolicySchema = z.enum(ADMISSION_POLICY_VALUES);
+
+/**
+ * Read-side default applied when a channel has no row in the DB. Matches
+ * today's effective semantics: guardian + active contacts admitted,
+ * strangers denied. See plan §2.2.
+ */
+export const ADMISSION_POLICY_DEFAULT: AdmissionPolicy = "trusted_contacts";
+
+/**
+ * Minimum trust rank required for each policy. Higher rank = more trusted.
+ * `no_one` is 5 — above the maximum guardian rank (4) — so no class is ever
+ * admitted. See plan §2.4 for the rank table.
+ */
+export const ADMISSION_FLOOR: Record<AdmissionPolicy, number> = {
+  no_one: 5,
+  guardian_only: 4,
+  trusted_contacts: 3,
+  any_contact: 2,
+  strangers: 1,
+};
+
+/**
+ * Hard-exempt internal channels — never subject to PUT policy, omitted from
+ * GET list, runtime admission stage short-circuits without floor check.
+ *
+ * `platform` / `a2a` are peer/internal channels with no human-trust model.
+ *
+ * `phone` is NOT exempt — voice ingress enforces the admission floor.
+ *
+ * `vellum` / `whatsapp` are NOT exempt — their floors are still enforced at
+ * runtime — but they are hidden from the configurable UI; see
+ * {@link ADMISSION_POLICY_HIDDEN_CHANNELS}.
+ */
+export const ADMISSION_POLICY_EXEMPT_CHANNELS: ReadonlySet<string> = new Set([
+  "platform",
+  "a2a",
+]);
+
+export function isAdmissionPolicyExemptChannel(channelType: string): boolean {
+  return ADMISSION_POLICY_EXEMPT_CHANNELS.has(channelType);
+}
+
+/**
+ * Channels omitted from the Channel Trust Floors list (GET) and rejected on
+ * PUT/DELETE — managed automatically at their seed default, not user
+ * configurable. Unlike {@link ADMISSION_POLICY_EXEMPT_CHANNELS} they are still
+ * enforced at runtime, so hiding a real inbound channel like `whatsapp` never
+ * silently disables its admission floor check. The startup seed re-pins any
+ * drifted row so a stale floor (e.g. a legacy `no_one`) can't strand a channel
+ * the user can no longer see.
+ *
+ * `vellum` is the local desktop/web client surface; the guardian is always
+ * max-rank there, so the seed default admits them regardless of the floor.
+ */
+export const ADMISSION_POLICY_HIDDEN_CHANNELS: ReadonlySet<string> = new Set([
+  "vellum",
+  "whatsapp",
+]);
+
+export function isAdmissionPolicyHiddenChannel(channelType: string): boolean {
+  return ADMISSION_POLICY_HIDDEN_CHANNELS.has(channelType);
+}
+
+export function isAdmissionPolicy(value: unknown): value is AdmissionPolicy {
+  return (
+    typeof value === "string" &&
+    (ADMISSION_POLICY_VALUES as readonly string[]).includes(value)
+  );
+}

package/node_modules/@vellumai/gateway-client/src/inbound-contract.ts

@@ -12,6 +12,8 @@
 
 import { z } from "zod";
 
+import { AdmissionPolicySchema } from "./admission-policy-contract.js";
+
 // ---------------------------------------------------------------------------
 // Command intent (channel-initiated commands, e.g. Telegram /start)
 // ---------------------------------------------------------------------------
@@ -67,6 +69,14 @@ export const SourceMetadataSchema = z
     /** Slack workspace/team ID. */
     account: z.string().optional(),
 
+    /**
+     * Per-channel inbound admission policy attached by the gateway. The
+     * runtime admission-policy stage enforces the floor against the
+     * resolved trust class; when absent, the runtime falls back to
+     * `ADMISSION_POLICY_DEFAULT` (`trusted_contacts`).
+     */
+    admissionPolicy: AdmissionPolicySchema.optional(),
+
     // Email-specific fields
     /** Email subject line. */
     emailSubject: z.string().optional(),

package/node_modules/@vellumai/gateway-client/src/index.ts

@@ -19,20 +19,26 @@ export * from "./gateway-ipc-contracts.js";
 
 export { ipcCall, IpcCallError, PersistentIpcClient } from "./ipc-client.js";
 
+// Outbound delivery contract (daemon → gateway) — Zod schemas + derived types
+export {
+  ApprovalActionOptionSchema,
+  ApprovalUIMetadataSchema,
+  AttachmentMetadataSchema,
+  ChannelDeliveryResultSchema,
+  ChannelReplyPayloadSchema,
+  PermissionRequestDetailsSchema,
+} from "./outbound-contract.js";
+
 export type {
   ApprovalActionOption,
   ApprovalUIMetadata,
   AttachmentMetadata,
   ChannelDeliveryResult,
   ChannelReplyPayload,
-  IpcRequest,
-  IpcResponse,
-  Logger,
   PermissionRequestDetails,
-} from "./types.js";
-
-export { noopLogger } from "./types.js";
+} from "./outbound-contract.js";
 
+// Inbound contract (gateway → daemon) — Zod schemas + derived types
 export {
   CommandIntentSchema,
   RuntimeInboundPayloadSchema,
@@ -44,3 +50,23 @@ export type {
   RuntimeInboundPayload,
   SourceMetadata,
 } from "./inbound-contract.js";
+
+// IPC, logger, and utility types
+export type { IpcRequest, IpcResponse, Logger } from "./types.js";
+
+export { noopLogger } from "./types.js";
+
+// Admission policy contract (gateway → daemon) — Zod schemas + derived types + channel sets
+export {
+  ADMISSION_FLOOR,
+  ADMISSION_POLICY_DEFAULT,
+  ADMISSION_POLICY_EXEMPT_CHANNELS,
+  ADMISSION_POLICY_HIDDEN_CHANNELS,
+  ADMISSION_POLICY_VALUES,
+  AdmissionPolicySchema,
+  isAdmissionPolicy,
+  isAdmissionPolicyExemptChannel,
+  isAdmissionPolicyHiddenChannel,
+} from "./admission-policy-contract.js";
+
+export type { AdmissionPolicy } from "./admission-policy-contract.js";

package/node_modules/@vellumai/gateway-client/src/outbound-contract.ts

@@ -0,0 +1,119 @@
+/**
+ * Daemon → gateway outbound delivery contract.
+ *
+ * Zod schemas defining the wire format for channel replies delivered from
+ * the daemon to the gateway via `POST /deliver/{channel}`. Both services
+ * import from here so the contract is enforced at compile time.
+ *
+ * The daemon constructs these payloads in `deliverChannelReply()` and
+ * `deliverApprovalPrompt()`; the gateway validates and dispatches them
+ * to the target channel provider.
+ */
+
+import { z } from "zod";
+
+// ---------------------------------------------------------------------------
+// Attachment metadata
+// ---------------------------------------------------------------------------
+
+export const AttachmentMetadataSchema = z.object({
+  id: z.string(),
+  filename: z.string(),
+  mimeType: z.string(),
+  sizeBytes: z.number(),
+  kind: z.string(),
+  data: z.string().optional(),
+  thumbnailData: z.string().optional(),
+  fileBacked: z.boolean().optional(),
+});
+
+export type AttachmentMetadata = z.infer<typeof AttachmentMetadataSchema>;
+
+// ---------------------------------------------------------------------------
+// Approval UI types
+// ---------------------------------------------------------------------------
+
+export const ApprovalActionOptionSchema = z.object({
+  id: z.string(),
+  label: z.string(),
+});
+
+export type ApprovalActionOption = z.infer<typeof ApprovalActionOptionSchema>;
+
+export const PermissionRequestDetailsSchema = z.object({
+  toolName: z.string(),
+  riskLevel: z.string(),
+  toolInput: z.record(z.string(), z.unknown()),
+  requesterIdentifier: z.string().optional(),
+});
+
+export type PermissionRequestDetails = z.infer<
+  typeof PermissionRequestDetailsSchema
+>;
+
+export const ApprovalUIMetadataSchema = z.object({
+  requestId: z.string(),
+  actions: z.array(ApprovalActionOptionSchema),
+  plainTextFallback: z.string(),
+  permissionDetails: PermissionRequestDetailsSchema.optional(),
+});
+
+export type ApprovalUIMetadata = z.infer<typeof ApprovalUIMetadataSchema>;
+
+// ---------------------------------------------------------------------------
+// Channel reply payload — the full outbound wire format
+// ---------------------------------------------------------------------------
+
+export const ChannelReplyPayloadSchema = z.object({
+  chatId: z.string(),
+  text: z.string().optional(),
+  /** Pre-formatted Block Kit blocks for Slack delivery. */
+  blocks: z.array(z.unknown()).optional(),
+  assistantId: z.string().optional(),
+  attachments: z.array(AttachmentMetadataSchema).optional(),
+  approval: ApprovalUIMetadataSchema.optional(),
+  chatAction: z.literal("typing").optional(),
+  /**
+   * When true, deliver via `chat.postEphemeral` so only the target `user`
+   * sees the message.
+   */
+  ephemeral: z.boolean().optional(),
+  /** Slack user ID — required when `ephemeral` is true. */
+  user: z.string().optional(),
+  /** When provided, update an existing message instead of posting a new one. */
+  messageTs: z.string().optional(),
+  /** When true, auto-generate Block Kit blocks from text via textToBlocks(). */
+  useBlocks: z.boolean().optional(),
+  /** When provided, add or remove an emoji reaction on a message. */
+  reaction: z
+    .object({
+      action: z.enum(["add", "remove"]),
+      name: z.string(),
+      messageTs: z.string(),
+    })
+    .optional(),
+  /** When provided, set or clear the Slack Assistants API thread status. */
+  assistantThreadStatus: z
+    .object({
+      channel: z.string(),
+      threadTs: z.string(),
+      status: z.string(),
+      /** Serialized to Slack as `loading_messages`. */
+      loadingMessages: z.array(z.string()).optional(),
+    })
+    .optional(),
+});
+
+export type ChannelReplyPayload = z.infer<typeof ChannelReplyPayloadSchema>;
+
+// ---------------------------------------------------------------------------
+// Channel delivery result — gateway response
+// ---------------------------------------------------------------------------
+
+export const ChannelDeliveryResultSchema = z.object({
+  ok: z.boolean(),
+  /** The message timestamp returned by the delivery endpoint. */
+  ts: z.string().optional(),
+});
+
+export type ChannelDeliveryResult = z.infer<typeof ChannelDeliveryResultSchema>;

package/node_modules/@vellumai/gateway-client/src/types.ts

@@ -4,92 +4,23 @@
  * Type definitions for assistant-to-gateway communication. These are
  * intentionally decoupled from the assistant's internal types so the
  * package can be consumed without importing assistant internals.
+ *
+ * HTTP delivery types (ChannelReplyPayload, ApprovalUIMetadata, etc.)
+ * are defined as Zod schemas in `outbound-contract.ts` and re-exported
+ * from the barrel `index.ts`. This file retains only IPC and utility
+ * types that don't cross an HTTP wire boundary.
  */
 
-// ---------------------------------------------------------------------------
-// HTTP delivery types
-// ---------------------------------------------------------------------------
-
-/** Metadata for a file attachment delivered alongside a channel reply. */
-export interface AttachmentMetadata {
-  id: string;
-  filename: string;
-  mimeType: string;
-  sizeBytes: number;
-  kind: string;
-  data?: string;
-  thumbnailData?: string;
-  fileBacked?: boolean;
-}
-
-/** An action option presented to the user in an approval prompt. */
-export interface ApprovalActionOption {
-  id: string;
-  label: string;
-}
-
-/**
- * Tool-permission-specific details carried alongside the approval payload.
- * Channels that support rich UI (e.g. Slack Block Kit) use these fields
- * to render a detailed permission request card.
- */
-export interface PermissionRequestDetails {
-  toolName: string;
-  riskLevel: string;
-  toolInput: Record<string, unknown>;
-  requesterIdentifier?: string;
-}
-
-/**
- * Metadata attached to gateway callback payloads for rendering approval
- * UI and routing decisions back to the correct pending interaction.
- */
-export interface ApprovalUIMetadata {
-  requestId: string;
-  actions: ApprovalActionOption[];
-  plainTextFallback: string;
-  permissionDetails?: PermissionRequestDetails;
-}
-
-/** Payload for a channel reply delivered via the gateway. */
-export interface ChannelReplyPayload {
-  chatId: string;
-  text?: string;
-  /** Pre-formatted Block Kit blocks for Slack delivery. */
-  blocks?: unknown[];
-  assistantId?: string;
-  attachments?: AttachmentMetadata[];
-  approval?: ApprovalUIMetadata;
-  chatAction?: "typing";
-  /**
-   * When true, deliver via `chat.postEphemeral` so only the target `user`
-   * sees the message.
-   */
-  ephemeral?: boolean;
-  /** Slack user ID — required when `ephemeral` is true. */
-  user?: string;
-  /** When provided, update an existing message instead of posting a new one. */
-  messageTs?: string;
-  /** When true, auto-generate Block Kit blocks from text via textToBlocks(). */
-  useBlocks?: boolean;
-  /** When provided, add or remove an emoji reaction on a message. */
-  reaction?: { action: "add" | "remove"; name: string; messageTs: string };
-  /** When provided, set or clear the Slack Assistants API thread status. */
-  assistantThreadStatus?: {
-    channel: string;
-    threadTs: string;
-    status: string;
-    /** Serialized to Slack as `loading_messages`. */
-    loadingMessages?: string[];
-  };
-}
-
-/** Result from a channel delivery attempt. */
-export interface ChannelDeliveryResult {
-  ok: boolean;
-  /** The message timestamp returned by the delivery endpoint. */
-  ts?: string;
-}
+// Re-export outbound delivery types for backward compatibility — consumers
+// that import from "./types.js" continue to work.
+export type {
+  ApprovalActionOption,
+  ApprovalUIMetadata,
+  AttachmentMetadata,
+  ChannelDeliveryResult,
+  ChannelReplyPayload,
+  PermissionRequestDetails,
+} from "./outbound-contract.js";
 
 // ---------------------------------------------------------------------------
 // IPC types