@vellumai/cli 0.5.7 → 0.5.8

package/src/commands/rollback.ts

@@ -1,5 +1,4 @@
 import { randomBytes } from "crypto";
-import { join } from "path";
 
 import {
   findAssistantByName,
@@ -18,12 +17,12 @@ import {
   stopContainers,
 } from "../lib/docker";
 import type { ServiceName } from "../lib/docker";
-import {
-  loadBootstrapSecret,
-  saveBootstrapSecret,
-} from "../lib/guardian-token";
-import { restoreBackup } from "../lib/backup-ops.js";
 import { emitCliError, categorizeUpgradeError } from "../lib/cli-error.js";
+import {
+  fetchOrganizationId,
+  readPlatformToken,
+  rollbackPlatformAssistant,
+} from "../lib/platform-client.js";
 import {
   broadcastUpgradeEvent,
   buildCompleteEvent,
@@ -31,37 +30,56 @@ import {
   buildStartingEvent,
   buildUpgradeCommitMessage,
   captureContainerEnv,
+  commitWorkspaceViaGateway,
   CONTAINER_ENV_EXCLUDE_KEYS,
+  performDockerRollback,
   rollbackMigrations,
   UPGRADE_PROGRESS,
   waitForReady,
 } from "../lib/upgrade-lifecycle.js";
-import { commitWorkspaceState } from "../lib/workspace-git.js";
+import { parseVersion } from "../lib/version-compat.js";
 
-function parseArgs(): { name: string | null } {
+function parseArgs(): { name: string | null; version: string | null } {
   const args = process.argv.slice(3);
   let name: string | null = null;
+  let version: string | null = null;
 
   for (let i = 0; i < args.length; i++) {
     const arg = args[i];
     if (arg === "--help" || arg === "-h") {
-      console.log("Usage: vellum rollback [<name>]");
+      console.log("Usage: vellum rollback [<name>] [--version <version>]");
       console.log("");
-      console.log("Roll back a Docker assistant to the previous version.");
+      console.log(
+        "Roll back a Docker or managed assistant to a previous version.",
+      );
       console.log("");
       console.log("Arguments:");
       console.log(
-        "  <name>  Name of the assistant to roll back (default: active or only assistant)",
+        "  <name>               Name of the assistant (default: active or only assistant)",
+      );
+      console.log("");
+      console.log("Options:");
+      console.log(
+        "  --version <version>  Target version (optional for managed — omit to roll back to previous)",
       );
       console.log("");
       console.log("Examples:");
       console.log(
-        "  vellum rollback                # Roll back the active assistant",
+        "  vellum rollback my-assistant                  # Roll back to previous version (Docker or managed)",
       );
       console.log(
-        "  vellum rollback my-assistant   # Roll back a specific assistant by name",
+        "  vellum rollback my-assistant --version v1.2.3 # Roll back to a specific version",
       );
       process.exit(0);
+    } else if (arg === "--version") {
+      const next = args[i + 1];
+      if (!next || next.startsWith("-")) {
+        console.error("Error: --version requires a value");
+        emitCliError("UNKNOWN", "--version requires a value");
+        process.exit(1);
+      }
+      version = next;
+      i++;
     } else if (!arg.startsWith("-")) {
       name = arg;
     } else {
@@ -71,7 +89,7 @@ function parseArgs(): { name: string | null } {
     }
   }
 
-  return { name };
+  return { name, version };
 }
 
 function resolveCloud(entry: AssistantEntry): string {
@@ -129,20 +147,190 @@ function resolveTargetAssistant(nameArg: string | null): AssistantEntry {
   process.exit(1);
 }
 
+async function rollbackPlatformViaEndpoint(
+  entry: AssistantEntry,
+  version?: string,
+): Promise<void> {
+  const currentVersion = entry.serviceGroupVersion;
+
+  // Step 1 — Version validation (only if version provided)
+  if (version && currentVersion) {
+    const current = parseVersion(currentVersion);
+    const target = parseVersion(version);
+    if (current && target) {
+      const isOlder =
+        target.major < current.major ||
+        (target.major === current.major && target.minor < current.minor) ||
+        (target.major === current.major &&
+          target.minor === current.minor &&
+          target.patch < current.patch);
+      if (!isOlder) {
+        const msg = `Target version ${version} is not older than the current version ${currentVersion}. Use \`vellum upgrade --version ${version}\` to upgrade.`;
+        console.error(msg);
+        emitCliError("VERSION_DIRECTION", msg);
+        process.exit(1);
+      }
+    }
+  }
+
+  // Step 2 — Workspace commit (starting)
+  await commitWorkspaceViaGateway(
+    entry.runtimeUrl,
+    entry.assistantId,
+    buildUpgradeCommitMessage({
+      action: "rollback",
+      phase: "starting",
+      from: currentVersion ?? "unknown",
+      to: version ?? "previous",
+      topology: "managed",
+      assistantId: entry.assistantId,
+    }),
+  );
+
+  // Step 3 — Authenticate
+  const token = readPlatformToken();
+  if (!token) {
+    const msg =
+      "Error: Not logged in. Run `vellum login --token <token>` first.";
+    console.error(msg);
+    emitCliError("AUTH_FAILED", msg);
+    process.exit(1);
+  }
+
+  let orgId: string;
+  try {
+    orgId = await fetchOrganizationId(token);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (msg.includes("401") || msg.includes("403")) {
+      console.error("Authentication failed. Run 'vellum login' to refresh.");
+    } else {
+      console.error(`Error: ${msg}`);
+    }
+    emitCliError("AUTH_FAILED", "Failed to authenticate with platform", msg);
+    process.exit(1);
+  }
+
+  // Step 4 — Broadcast starting event
+  console.log("📢 Notifying connected clients...");
+  await broadcastUpgradeEvent(
+    entry.runtimeUrl,
+    entry.assistantId,
+    buildStartingEvent(version ?? "previous", 90),
+  );
+
+  // Step 5 — Call rollback endpoint
+  if (version) {
+    console.log(`Rolling back to ${version}...`);
+  } else {
+    console.log("Rolling back to previous version...");
+  }
+
+  let result: { detail: string; version: string | null };
+  try {
+    result = await rollbackPlatformAssistant(token, orgId, version);
+  } catch (err) {
+    const detail = err instanceof Error ? err.message : String(err);
+
+    // Map specific server error messages to actionable CLI output
+    if (detail.includes("No previous version")) {
+      console.error(
+        "No previous version available. A successful upgrade must have been performed first.",
+      );
+    } else if (detail.includes("not older")) {
+      console.error(
+        `Target version is not older than the current version. Use 'vellum upgrade --version' instead.`,
+      );
+    } else if (detail.includes("not found")) {
+      console.error(
+        version
+          ? `Version ${version} not found.`
+          : `Rollback target not found.`,
+      );
+    } else if (
+      err instanceof TypeError ||
+      detail.includes("fetch failed") ||
+      detail.includes("ECONNREFUSED")
+    ) {
+      console.error(
+        `Connection error: ${detail}\nIs the platform reachable? Try 'vellum wake' if the assistant is asleep.`,
+      );
+    } else {
+      console.error(`Error: ${detail}`);
+    }
+
+    emitCliError("PLATFORM_API_ERROR", "Platform rollback failed", detail);
+    await broadcastUpgradeEvent(
+      entry.runtimeUrl,
+      entry.assistantId,
+      buildCompleteEvent(currentVersion ?? "unknown", false),
+    );
+    process.exit(1);
+  }
+
+  const rolledBackVersion = result.version ?? version ?? "unknown";
+
+  // Step 6 — Workspace commit (complete)
+  await commitWorkspaceViaGateway(
+    entry.runtimeUrl,
+    entry.assistantId,
+    buildUpgradeCommitMessage({
+      action: "rollback",
+      phase: "complete",
+      from: currentVersion ?? "unknown",
+      to: rolledBackVersion,
+      topology: "managed",
+      assistantId: entry.assistantId,
+      result: "success",
+    }),
+  );
+
+  // Step 7 — Print success
+  console.log(`Rolled back to version ${rolledBackVersion}.`);
+  if (!version) {
+    console.log("Tip: Run 'vellum rollback' again to undo.");
+  }
+}
+
 export async function rollback(): Promise<void> {
-  const { name } = parseArgs();
+  const { name, version } = parseArgs();
   const entry = resolveTargetAssistant(name);
   const cloud = resolveCloud(entry);
 
-  // Only Docker assistants support rollback
+  // ---------- Managed (Vellum platform) rollback ----------
+  if (cloud === "vellum") {
+    await rollbackPlatformViaEndpoint(entry, version ?? undefined);
+    return;
+  }
+
+  // ---------- Unsupported topologies ----------
   if (cloud !== "docker") {
-    const msg =
-      "Rollback is only supported for Docker assistants. For managed assistants, use the version picker to upgrade to the previous version.";
+    const msg = "Rollback is only supported for Docker and managed assistants.";
     console.error(msg);
     emitCliError("UNSUPPORTED_TOPOLOGY", msg);
     process.exit(1);
   }
 
+  // ---------- Docker: Targeted version rollback (--version specified) ----------
+  if (version) {
+    try {
+      await performDockerRollback(entry, { targetVersion: version });
+    } catch (err) {
+      const detail = err instanceof Error ? err.message : String(err);
+      console.error(`\n❌ Rollback failed: ${detail}`);
+      await broadcastUpgradeEvent(
+        entry.runtimeUrl,
+        entry.assistantId,
+        buildCompleteEvent(entry.serviceGroupVersion ?? "unknown", false),
+      );
+      emitCliError(categorizeUpgradeError(err), "Rollback failed", detail);
+      process.exit(1);
+    }
+    return;
+  }
+
+  // ---------- Docker: Saved-state rollback (no --version) ----------
+
   // Verify rollback state exists
   if (!entry.previousServiceGroupVersion || !entry.previousContainerInfo) {
     const msg =
@@ -173,30 +361,19 @@ export async function rollback(): Promise<void> {
   const res = dockerResourceNames(instanceName);
 
   try {
-    const workspaceDir = entry.resources
-      ? join(entry.resources.instanceDir, ".vellum", "workspace")
-      : undefined;
-
     // Record rollback start in workspace git history
-    if (workspaceDir) {
-      try {
-        await commitWorkspaceState(
-          workspaceDir,
-          buildUpgradeCommitMessage({
-            action: "rollback",
-            phase: "starting",
-            from: entry.serviceGroupVersion ?? "unknown",
-            to: entry.previousServiceGroupVersion ?? "unknown",
-            topology: "docker",
-            assistantId: entry.assistantId,
-          }),
-        );
-      } catch (err) {
-        console.warn(
-          `⚠️  Failed to create pre-rollback workspace commit: ${err instanceof Error ? err.message : String(err)}`,
-        );
-      }
-    }
+    await commitWorkspaceViaGateway(
+      entry.runtimeUrl,
+      entry.assistantId,
+      buildUpgradeCommitMessage({
+        action: "rollback",
+        phase: "starting",
+        from: entry.serviceGroupVersion ?? "unknown",
+        to: entry.previousServiceGroupVersion ?? "unknown",
+        topology: "docker",
+        assistantId: entry.assistantId,
+      }),
+    );
 
     console.log(
       `🔄 Rolling back Docker assistant '${instanceName}' to ${entry.previousServiceGroupVersion}...\n`,
@@ -213,13 +390,6 @@ export async function rollback(): Promise<void> {
     const cesServiceToken =
       capturedEnv["CES_SERVICE_TOKEN"] || randomBytes(32).toString("hex");
 
-    // Retrieve or generate a bootstrap secret for the gateway.
-    const loadedSecret = loadBootstrapSecret(instanceName);
-    const bootstrapSecret = loadedSecret || randomBytes(32).toString("hex");
-    if (!loadedSecret) {
-      saveBootstrapSecret(instanceName, bootstrapSecret);
-    }
-
     // Extract or generate the shared JWT signing key.
     const signingKey =
       capturedEnv["ACTOR_TOKEN_SIGNING_KEY"] || randomBytes(32).toString("hex");
@@ -301,7 +471,6 @@ export async function rollback(): Promise<void> {
     await startContainers(
       {
         signingKey,
-        bootstrapSecret,
         cesServiceToken,
         extraAssistantEnv,
         gatewayPort,
@@ -317,40 +486,6 @@ export async function rollback(): Promise<void> {
     const ready = await waitForReady(entry.runtimeUrl);
 
     if (ready) {
-      // Restore data from the backup created for the specific upgrade being
-      // rolled back. We use the persisted preUpgradeBackupPath rather than
-      // scanning for the latest backup on disk — if the most recent upgrade's
-      // backup failed, a global scan would find a stale backup from a prior
-      // cycle and overwrite newer user data.
-      const backupPath = entry.preUpgradeBackupPath as string | undefined;
-      if (backupPath) {
-        // Progress: restoring data (gateway is back up at this point)
-        await broadcastUpgradeEvent(
-          entry.runtimeUrl,
-          entry.assistantId,
-          buildProgressEvent(UPGRADE_PROGRESS.RESTORING),
-        );
-
-        console.log(`📦 Restoring data from pre-upgrade backup...`);
-        console.log(`   Source: ${backupPath}`);
-        const restored = await restoreBackup(
-          entry.runtimeUrl,
-          entry.assistantId,
-          backupPath,
-        );
-        if (restored) {
-          console.log("   ✅ Data restored successfully\n");
-        } else {
-          console.warn(
-            "   ⚠️  Data restore failed (rollback continues without data restoration)\n",
-          );
-        }
-      } else {
-        console.log(
-          "ℹ️  No pre-upgrade backup was created for this upgrade, skipping data restoration\n",
-        );
-      }
-
       // Capture new digests from the rolled-back containers
       const newDigests = await captureImageRefs(res);
 
@@ -384,30 +519,26 @@ export async function rollback(): Promise<void> {
       );
 
       // Record successful rollback in workspace git history
-      if (workspaceDir) {
-        try {
-          await commitWorkspaceState(
-            workspaceDir,
-            buildUpgradeCommitMessage({
-              action: "rollback",
-              phase: "complete",
-              from: entry.serviceGroupVersion ?? "unknown",
-              to: entry.previousServiceGroupVersion ?? "unknown",
-              topology: "docker",
-              assistantId: entry.assistantId,
-              result: "success",
-            }),
-          );
-        } catch (err) {
-          console.warn(
-            `⚠️  Failed to create post-rollback workspace commit: ${err instanceof Error ? err.message : String(err)}`,
-          );
-        }
-      }
+      await commitWorkspaceViaGateway(
+        entry.runtimeUrl,
+        entry.assistantId,
+        buildUpgradeCommitMessage({
+          action: "rollback",
+          phase: "complete",
+          from: entry.serviceGroupVersion ?? "unknown",
+          to: entry.previousServiceGroupVersion ?? "unknown",
+          topology: "docker",
+          assistantId: entry.assistantId,
+          result: "success",
+        }),
+      );
 
       console.log(
         `\n✅ Docker assistant '${instanceName}' rolled back to ${entry.previousServiceGroupVersion}.`,
       );
+      console.log(
+        "\nTip: To also restore data from before the upgrade, use `vellum restore --from <backup-path>`.",
+      );
     } else {
       console.error(
         `\n❌ Containers failed to become ready within the timeout.`,