npm - @vellumai/cli - Versions diffs - 0.5.0 → 0.5.2 - Mend

@vellumai/cli 0.5.0 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/knip.json CHANGED Viewed

@@ -1,4 +1,8 @@
 {
-  "entry": ["src/**/*.test.ts", "src/**/__tests__/**/*.ts", "src/adapters/openclaw-http-server.ts"],
+  "entry": [
+    "src/**/*.test.ts",
+    "src/**/__tests__/**/*.ts",
+    "src/adapters/openclaw-http-server.ts"
+  ],
   "project": ["src/**/*.ts", "src/**/*.tsx"]
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/cli",
-  "version": "0.5.0",
+  "version": "0.5.2",
   "description": "CLI tools for vellum-assistant",
   "type": "module",
   "exports": {

package/src/commands/client.ts CHANGED Viewed

@@ -5,7 +5,11 @@ import {
   getActiveAssistant,
   loadLatestAssistant,
 } from "../lib/assistant-config";
-import { DAEMON_INTERNAL_ASSISTANT_ID, GATEWAY_PORT, type Species } from "../lib/constants";
+import {
+  DAEMON_INTERNAL_ASSISTANT_ID,
+  GATEWAY_PORT,
+  type Species,
+} from "../lib/constants";
 import { loadGuardianToken } from "../lib/guardian-token";
 import { getLocalLanIPv4, getMacLocalHostname } from "../lib/local";
@@ -84,7 +88,8 @@ function parseArgs(): ParsedArgs {
   let runtimeUrl = entry?.localUrl || entry?.runtimeUrl || FALLBACK_RUNTIME_URL;
   let assistantId = entry?.assistantId || DAEMON_INTERNAL_ASSISTANT_ID;
-  const bearerToken = loadGuardianToken(entry?.assistantId ?? "")?.accessToken ?? undefined;
+  const bearerToken =
+    loadGuardianToken(entry?.assistantId ?? "")?.accessToken ?? undefined;
   const species: Species = (entry?.species as Species) ?? "vellum";
   for (let i = 0; i < flagArgs.length; i++) {

package/src/commands/hatch.ts CHANGED Viewed

@@ -50,6 +50,7 @@ import { detectOrphanedProcesses } from "../lib/orphan-detection";
 import { isProcessAlive, stopProcess } from "../lib/process";
 import { generateInstanceName } from "../lib/random-name";
 import { validateAssistantName } from "../lib/retire-archive";
+import { leaseGuardianToken } from "../lib/guardian-token";
 import { archiveLogFile, resetLogFile } from "../lib/xdg-log";
 export type { PollResult, WatchHatchingResult } from "../lib/gcp";
@@ -717,6 +718,14 @@ async function hatchLocal(
       throw error;
     }
+    // Lease a guardian token so the desktop app can import it on first launch
+    // instead of hitting /v1/guardian/init itself.
+    try {
+      await leaseGuardianToken(runtimeUrl, instanceName);
+    } catch (err) {
+      console.error(`⚠️  Guardian token lease failed: ${err}`);
+    }
     // Auto-start ngrok if webhook integrations (e.g. Telegram, Twilio) are configured.
     // Set BASE_DATA_DIR so ngrok reads the correct instance config.
     const prevBaseDataDir = process.env.BASE_DATA_DIR;

package/src/commands/upgrade.ts CHANGED Viewed

@@ -7,6 +7,7 @@ import {
 } from "../lib/assistant-config";
 import type { AssistantEntry } from "../lib/assistant-config";
 import {
+  captureImageRefs,
   DOCKERHUB_IMAGES,
   DOCKER_READY_TIMEOUT_MS,
   GATEWAY_INTERNAL_PORT,
@@ -212,11 +213,21 @@ async function upgradeDocker(
     `🔄 Upgrading Docker assistant '${instanceName}' to ${versionTag}...\n`,
   );
-  console.log("📦 Pulling new Docker images...");
-  await exec("docker", ["pull", imageTags.assistant]);
-  await exec("docker", ["pull", imageTags.gateway]);
-  await exec("docker", ["pull", imageTags["credential-executor"]]);
-  console.log("✅ Docker images pulled\n");
+  // Capture rollback state from existing containers BEFORE pulling new
+  // images or stopping anything.  captureImageRefs uses the immutable
+  // image digest ({{.Image}}), but capturing first keeps the intent
+  // explicit and avoids relying on container-inspect ordering subtleties.
+  console.log("📸 Capturing current image references for rollback...");
+  const previousImageRefs = await captureImageRefs(res);
+  if (previousImageRefs) {
+    console.log(
+      `   Captured refs for ${Object.keys(previousImageRefs).length} service(s)\n`,
+    );
+  } else {
+    console.log(
+      "   Could not capture all container refs (fresh install or partial deployment)\n",
+    );
+  }
   console.log("💾 Capturing existing container environment...");
   const capturedEnv = await captureContainerEnv(res.assistantContainer);
@@ -224,6 +235,12 @@ async function upgradeDocker(
     `   Captured ${Object.keys(capturedEnv).length} env var(s) from ${res.assistantContainer}\n`,
   );
+  console.log("📦 Pulling new Docker images...");
+  await exec("docker", ["pull", imageTags.assistant]);
+  await exec("docker", ["pull", imageTags.gateway]);
+  await exec("docker", ["pull", imageTags["credential-executor"]]);
+  console.log("✅ Docker images pulled\n");
   console.log("🛑 Stopping existing containers...");
   await stopContainers(res);
   console.log("✅ Containers stopped\n");
@@ -281,10 +298,54 @@ async function upgradeDocker(
       `\n✅ Docker assistant '${instanceName}' upgraded to ${versionTag}.`,
     );
   } else {
-    console.log(
-      `\n⚠️  Containers are running but the assistant did not become ready within the timeout.`,
-    );
-    console.log(`   Check logs with: docker logs -f ${res.assistantContainer}`);
+    console.error(`\n❌ Containers failed to become ready within the timeout.`);
+    if (previousImageRefs) {
+      console.log(`\n🔄 Rolling back to previous images...`);
+      try {
+        await stopContainers(res);
+        await startContainers(
+          {
+            extraAssistantEnv,
+            gatewayPort,
+            imageTags: previousImageRefs,
+            instanceName,
+            res,
+          },
+          (msg) => console.log(msg),
+        );
+        const rollbackReady = await waitForReady(entry.runtimeUrl);
+        if (rollbackReady) {
+          console.log(
+            `\n⚠️  Rolled back to previous version. Upgrade to ${versionTag} failed.`,
+          );
+        } else {
+          console.error(
+            `\n❌ Rollback also failed. Manual intervention required.`,
+          );
+          console.log(
+            `   Check logs with: docker logs -f ${res.assistantContainer}`,
+          );
+        }
+      } catch (rollbackErr) {
+        console.error(
+          `\n❌ Rollback failed: ${rollbackErr instanceof Error ? rollbackErr.message : String(rollbackErr)}`,
+        );
+        console.error(`   Manual intervention required.`);
+        console.log(
+          `   Check logs with: docker logs -f ${res.assistantContainer}`,
+        );
+      }
+    } else {
+      console.log(`   No previous images available for rollback.`);
+      console.log(
+        `   Check logs with: docker logs -f ${res.assistantContainer}`,
+      );
+    }
+    process.exit(1);
   }
 }

package/src/lib/docker.ts CHANGED Viewed

@@ -569,6 +569,54 @@ export async function stopContainers(
   await removeContainer(res.assistantContainer);
 }
+/**
+ * Capture the current image references for running service containers.
+ * Returns a complete record of service → immutable image ID (sha256 digest)
+ * for all three services. Uses `{{.Image}}` rather than `{{.Config.Image}}`
+ * so rollback targets the exact image that was running, even if the tag has
+ * since been retagged to a different image.
+ *
+ * Returns null if any container could not be inspected (e.g. fresh install
+ * or partial deployment).
+ */
+export async function captureImageRefs(
+  res: ReturnType<typeof dockerResourceNames>,
+): Promise<Record<ServiceName, string> | null> {
+  const containerForService: Record<ServiceName, string> = {
+    assistant: res.assistantContainer,
+    "credential-executor": res.cesContainer,
+    gateway: res.gatewayContainer,
+  };
+  const refs: Partial<Record<ServiceName, string>> = {};
+  for (const [service, container] of Object.entries(containerForService)) {
+    try {
+      const imageRef = (
+        await execOutput("docker", [
+          "inspect",
+          "--format",
+          "{{.Image}}",
+          container,
+        ])
+      ).trim();
+      if (imageRef) {
+        refs[service as ServiceName] = imageRef;
+      }
+    } catch {
+      // Container doesn't exist or can't be inspected — skip
+    }
+  }
+  const allServices: ServiceName[] = [
+    "assistant",
+    "credential-executor",
+    "gateway",
+  ];
+  const hasAll = allServices.every((s) => s in refs);
+  return hasAll ? (refs as Record<ServiceName, string>) : null;
+}
 /**
  * Determine which services are affected by a changed file path relative
  * to the repository root.

package/src/lib/guardian-token.ts CHANGED Viewed

@@ -1,6 +1,12 @@
 import { createHash, randomUUID } from "node:crypto";
 import { execSync } from "node:child_process";
-import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import {
+  chmodSync,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  writeFileSync,
+} from "fs";
 import { homedir, platform } from "os";
 import { dirname, join } from "path";

package/src/lib/local.ts CHANGED Viewed

@@ -805,8 +805,8 @@ export function isAssistantWatchModeAvailable(): boolean {
  */
 export function isGatewayWatchModeAvailable(): boolean {
   try {
-    resolveGatewayDir();
-    return true;
+    const dir = resolveGatewayDir();
+    return existsSync(join(dir, "src", "index.ts"));
   } catch {
     return false;
   }