@vellumai/cli 0.5.16 → 0.6.1

package/src/commands/backup.ts

@@ -6,7 +6,6 @@ import { getBackupsDir, formatSize } from "../lib/backup-ops.js";
 import { loadGuardianToken, leaseGuardianToken } from "../lib/guardian-token";
 import {
   readPlatformToken,
-  fetchOrganizationId,
   platformInitiateExport,
   platformPollExportStatus,
   platformDownloadExport,
@@ -196,24 +195,11 @@ async function backupPlatform(
     process.exit(1);
   }
 
-  let orgId: string;
-  try {
-    orgId = await fetchOrganizationId(token, runtimeUrl);
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    if (msg.includes("401") || msg.includes("403")) {
-      console.error("Authentication failed. Run 'vellum login' to refresh.");
-      process.exit(1);
-    }
-    throw err;
-  }
-
   // Step 2 — Initiate export job
   let jobId: string;
   try {
     const result = await platformInitiateExport(
       token,
-      orgId,
       "CLI backup",
       runtimeUrl,
     );
@@ -244,7 +230,7 @@ async function backupPlatform(
   while (Date.now() < deadline) {
     let status: { status: string; downloadUrl?: string; error?: string };
     try {
-      status = await platformPollExportStatus(jobId, token, orgId, runtimeUrl);
+      status = await platformPollExportStatus(jobId, token, runtimeUrl);
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
       // Let non-transient errors (e.g. 404 "job not found") propagate immediately

package/src/commands/events.ts

@@ -0,0 +1,146 @@
+/**
+ * `vellum events [assistant]`
+ *
+ * Subscribe to assistant events via the SSE endpoint and stream them
+ * to stdout.  By default, events are rendered as human-readable
+ * markdown.  Pass `--json` to emit one JSON object per event,
+ * separated by newlines.
+ */
+
+import { extractFlag } from "../lib/arg-utils.js";
+import { AssistantClient } from "../lib/assistant-client.js";
+
+function printUsage(): void {
+  console.log(`vellum events - Stream events from a running assistant
+
+USAGE:
+    vellum events [assistant] [options]
+
+ARGUMENTS:
+    [assistant]    Instance name (default: active assistant)
+
+OPTIONS:
+    --conversation-key <key>  Scope to a single conversation
+    --json                    Output raw JSON events (one per line)
+    -h, --help                Show this help message
+
+EXAMPLES:
+    vellum events
+    vellum events my-assistant
+    vellum events --json
+    vellum events --conversation-key my-thread
+`);
+}
+
+interface AssistantEvent {
+  id: string;
+  assistantId: string;
+  conversationId?: string;
+  emittedAt: string;
+  message: {
+    type: string;
+    text?: string;
+    thinking?: string;
+    toolName?: string;
+    input?: Record<string, unknown>;
+    result?: string;
+    isError?: boolean;
+    content?: string;
+    message?: string;
+    chunk?: string;
+    conversationId?: string;
+    [key: string]: unknown;
+  };
+}
+
+/** Render an event as human-readable markdown to stdout. */
+function renderMarkdown(event: AssistantEvent): void {
+  const msg = event.message;
+  switch (msg.type) {
+    case "assistant_text_delta":
+      process.stdout.write(msg.text ?? "");
+      break;
+    case "assistant_thinking_delta":
+      process.stdout.write(msg.thinking ?? "");
+      break;
+    case "tool_use_start":
+      console.log(`\n> **Tool call:** \`${msg.toolName}\``);
+      if (msg.input && Object.keys(msg.input).length > 0) {
+        console.log("```json");
+        console.log(JSON.stringify(msg.input, null, 2));
+        console.log("```");
+      }
+      break;
+    case "tool_input_delta":
+      process.stdout.write(msg.content ?? "");
+      break;
+    case "tool_result":
+      if (msg.isError) {
+        console.log(`\n> **Tool error** (\`${msg.toolName}\`): ${msg.result}`);
+      } else {
+        console.log(`\n> **Tool result** (\`${msg.toolName}\`): ${msg.result}`);
+      }
+      break;
+    case "tool_output_chunk":
+      process.stdout.write(msg.chunk ?? "");
+      break;
+    case "message_complete":
+      console.log("\n");
+      break;
+    case "error":
+      console.error(`\n**Error:** ${msg.message}`);
+      break;
+    case "user_message_echo":
+      console.log(`\n**You:** ${msg.text}`);
+      break;
+    default:
+      // Silently skip events that don't have a markdown representation
+      // (e.g. heartbeat comments, activity states, etc.)
+      break;
+  }
+}
+
+export async function events(): Promise<void> {
+  const rawArgs = process.argv.slice(3);
+
+  if (rawArgs.includes("--help") || rawArgs.includes("-h")) {
+    printUsage();
+    return;
+  }
+
+  const jsonOutput = rawArgs.includes("--json");
+  let args = rawArgs.filter((a) => a !== "--json");
+
+  const [conversationKey, filteredArgs] = extractFlag(
+    args,
+    "--conversation-key",
+  );
+  args = filteredArgs;
+
+  const assistantId = args[0];
+
+  const client = new AssistantClient({ assistantId });
+
+  // Use an explicit AbortController so we can clean up on SIGINT
+  const controller = new AbortController();
+  process.on("SIGINT", () => {
+    controller.abort();
+    process.exit(0);
+  });
+
+  const query: Record<string, string> = {};
+  if (conversationKey) {
+    query.conversationKey = conversationKey;
+  }
+
+  for await (const event of client.stream<AssistantEvent>("/events", {
+    signal: controller.signal,
+    query,
+  })) {
+    if (jsonOutput) {
+      console.log(JSON.stringify(event));
+    } else {
+      renderMarkdown(event);
+    }
+  }
+}

package/src/commands/message.ts

@@ -0,0 +1,105 @@
+/**
+ * `vellum message <assistant> <message>`
+ *
+ * Send a message to a running assistant via its runtime HTTP API and
+ * print the result.  This is a fire-and-send command — it does NOT
+ * subscribe to SSE events (use `vellum events` for that).
+ */
+
+import { extractFlag } from "../lib/arg-utils.js";
+import { AssistantClient } from "../lib/assistant-client.js";
+
+function printUsage(): void {
+  console.log(`vellum message - Send a message to a running assistant
+
+USAGE:
+    vellum message [assistant] <message>
+
+ARGUMENTS:
+    [assistant]    Instance name (default: active assistant)
+    <message>      Message content to send
+
+OPTIONS:
+    --conversation-key <key>  Conversation key (default: stable key per channel/interface)
+    --json                    Output raw JSON response
+
+EXAMPLES:
+    vellum message "hello"
+    vellum message my-assistant "ping"
+    vellum message --conversation-key my-thread "hello"
+    vellum message --json "hello"
+`);
+}
+
+export async function message(): Promise<void> {
+  const rawArgs = process.argv.slice(3);
+
+  if (rawArgs.includes("--help") || rawArgs.includes("-h")) {
+    printUsage();
+    return;
+  }
+
+  const jsonOutput = rawArgs.includes("--json");
+  let args = rawArgs.filter((a) => a !== "--json");
+
+  const [conversationKey, filteredArgs] = extractFlag(
+    args,
+    "--conversation-key",
+  );
+  args = filteredArgs;
+
+  let assistantId: string | undefined;
+  let messageContent: string | undefined;
+
+  if (args.length >= 2) {
+    // vellum message <assistant> <message>
+    assistantId = args[0];
+    messageContent = args[1];
+  } else if (args.length === 1) {
+    // vellum message <message>  (uses active/latest assistant)
+    messageContent = args[0];
+  }
+
+  if (!messageContent) {
+    console.error("Error: message content is required.");
+    console.error("");
+    printUsage();
+    process.exit(1);
+  }
+
+  const client = new AssistantClient({ assistantId });
+
+  const payload: Record<string, string> = {
+    content: messageContent,
+    sourceChannel: "vellum",
+    interface: "cli",
+  };
+  if (conversationKey) {
+    payload.conversationKey = conversationKey;
+  }
+
+  const response = await client.post("/messages/", payload);
+
+  if (!response.ok) {
+    const body = await response.text().catch(() => "");
+    console.error(
+      `Error: HTTP ${response.status}: ${body || response.statusText}`,
+    );
+    process.exit(1);
+  }
+
+  const result = (await response.json()) as {
+    accepted: boolean;
+    messageId: string;
+  };
+
+  if (jsonOutput) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    if (result.accepted) {
+      console.log(`Message accepted (id: ${result.messageId})`);
+    } else {
+      console.log(`Message rejected (id: ${result.messageId})`);
+    }
+  }
+}

package/src/commands/restore.ts

@@ -8,7 +8,6 @@ import {
 } from "../lib/guardian-token.js";
 import {
   readPlatformToken,
-  fetchOrganizationId,
   rollbackPlatformAssistant,
   platformImportPreflight,
   platformImportBundle,
@@ -177,18 +176,6 @@ async function restorePlatform(
     process.exit(1);
   }
 
-  let orgId: string;
-  try {
-    orgId = await fetchOrganizationId(token, entry.runtimeUrl);
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    if (msg.includes("401") || msg.includes("403")) {
-      console.error("Authentication failed. Run 'vellum login' to refresh.");
-      process.exit(1);
-    }
-    throw err;
-  }
-
   // Step 2 — Dry-run path
   if (opts.dryRun) {
     if (opts.version) {
@@ -205,7 +192,6 @@ async function restorePlatform(
       preflightResult = await platformImportPreflight(
         new Uint8Array(bundleData),
         token,
-        orgId,
         entry.runtimeUrl,
       );
     } catch (err) {
@@ -316,12 +302,7 @@ async function restorePlatform(
     );
 
     try {
-      await rollbackPlatformAssistant(
-        token,
-        orgId,
-        opts.version,
-        entry.runtimeUrl,
-      );
+      await rollbackPlatformAssistant(token, opts.version, entry.runtimeUrl);
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
       if (msg.includes("401") || msg.includes("403")) {
@@ -345,7 +326,6 @@ async function restorePlatform(
     importResult = await platformImportBundle(
       new Uint8Array(bundleData),
       token,
-      orgId,
       entry.runtimeUrl,
     );
   } catch (err) {

package/src/commands/retire.ts

@@ -4,7 +4,7 @@ import {
 } from "../lib/assistant-config";
 import type { AssistantEntry } from "../lib/assistant-config";
 import {
-  fetchOrganizationId,
+  authHeaders,
   getPlatformUrl,
   readPlatformToken,
 } from "../lib/platform-client";
@@ -93,16 +93,11 @@ async function retireVellum(
     process.exit(1);
   }
 
-  const orgId = await fetchOrganizationId(token, runtimeUrl);
-
   const platformUrl = runtimeUrl || getPlatformUrl();
   const url = `${platformUrl}/v1/assistants/${encodeURIComponent(assistantId)}/retire/`;
   const response = await fetch(url, {
     method: "DELETE",
-    headers: {
-      "X-Session-Token": token,
-      "Vellum-Organization-Id": orgId,
-    },
+    headers: await authHeaders(token, runtimeUrl),
   });
 
   if (!response.ok) {

package/src/commands/rollback.ts

@@ -17,7 +17,6 @@ import {
 import type { ServiceName } from "../lib/docker";
 import { emitCliError, categorizeUpgradeError } from "../lib/cli-error.js";
 import {
-  fetchOrganizationId,
   readPlatformToken,
   rollbackPlatformAssistant,
 } from "../lib/platform-client.js";
@@ -35,7 +34,7 @@ import {
   UPGRADE_PROGRESS,
   waitForReady,
 } from "../lib/upgrade-lifecycle.js";
-import { parseVersion } from "../lib/version-compat.js";
+import { compareVersions } from "../lib/version-compat.js";
 
 function parseArgs(): { name: string | null; version: string | null } {
   const args = process.argv.slice(3);
@@ -153,21 +152,12 @@ async function rollbackPlatformViaEndpoint(
 
   // Step 1 — Version validation (only if version provided)
   if (version && currentVersion) {
-    const current = parseVersion(currentVersion);
-    const target = parseVersion(version);
-    if (current && target) {
-      const isOlder =
-        target.major < current.major ||
-        (target.major === current.major && target.minor < current.minor) ||
-        (target.major === current.major &&
-          target.minor === current.minor &&
-          target.patch < current.patch);
-      if (!isOlder) {
-        const msg = `Target version ${version} is not older than the current version ${currentVersion}. Use \`vellum upgrade --version ${version}\` to upgrade.`;
-        console.error(msg);
-        emitCliError("VERSION_DIRECTION", msg);
-        process.exit(1);
-      }
+    const cmp = compareVersions(version, currentVersion);
+    if (cmp !== null && cmp >= 0) {
+      const msg = `Target version ${version} is not older than the current version ${currentVersion}. Use \`vellum upgrade --version ${version}\` to upgrade.`;
+      console.error(msg);
+      emitCliError("VERSION_DIRECTION", msg);
+      process.exit(1);
     }
   }
 
@@ -181,20 +171,6 @@ async function rollbackPlatformViaEndpoint(
     process.exit(1);
   }
 
-  let orgId: string;
-  try {
-    orgId = await fetchOrganizationId(token, entry.runtimeUrl);
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    if (msg.includes("401") || msg.includes("403")) {
-      console.error("Authentication failed. Run 'vellum login' to refresh.");
-    } else {
-      console.error(`Error: ${msg}`);
-    }
-    emitCliError("AUTH_FAILED", "Failed to authenticate with platform", msg);
-    process.exit(1);
-  }
-
   // Step 3 — Call rollback endpoint
   if (version) {
     console.log(`Rolling back to ${version}...`);
@@ -204,12 +180,7 @@ async function rollbackPlatformViaEndpoint(
 
   let result: { detail: string; version: string | null };
   try {
-    result = await rollbackPlatformAssistant(
-      token,
-      orgId,
-      version,
-      entry.runtimeUrl,
-    );
+    result = await rollbackPlatformAssistant(token, version, entry.runtimeUrl);
   } catch (err) {
     const detail = err instanceof Error ? err.message : String(err);
 
@@ -352,6 +323,11 @@ export async function rollback(): Promise<void> {
       `   Captured ${Object.keys(capturedEnv).length} env var(s) from ${res.assistantContainer}\n`,
     );
 
+    // Capture GUARDIAN_BOOTSTRAP_SECRET from the gateway container (it is only
+    // set on gateway, not assistant) so it persists across container restarts.
+    const gatewayEnv = await captureContainerEnv(res.gatewayContainer);
+    const bootstrapSecret = gatewayEnv["GUARDIAN_BOOTSTRAP_SECRET"];
+
     // Extract CES_SERVICE_TOKEN from captured env, or generate fresh one
     const cesServiceToken =
       capturedEnv["CES_SERVICE_TOKEN"] || randomBytes(32).toString("hex");
@@ -430,6 +406,7 @@ export async function rollback(): Promise<void> {
     await startContainers(
       {
         signingKey,
+        bootstrapSecret,
         cesServiceToken,
         extraAssistantEnv,
         gatewayPort,