@vellumai/cli 0.6.3 → 0.6.5

package/src/commands/ps.ts

@@ -4,12 +4,12 @@ import {
   findAssistantByName,
   getActiveAssistant,
   loadAllAssistants,
-  updateServiceGroupVersion,
   type AssistantEntry,
 } from "../lib/assistant-config";
 import { loadGuardianToken } from "../lib/guardian-token";
 import { checkHealth, checkManagedHealth } from "../lib/health-check";
 import { dockerResourceNames } from "../lib/docker";
+import { existsSync } from "fs";
 import {
   classifyProcess,
   detectOrphanedProcesses,
@@ -335,6 +335,31 @@ async function showAssistantProcesses(entry: AssistantEntry): Promise<void> {
     return;
   }
 
+  if (cloud === "apple-container") {
+    const mgmtSocket = entry.mgmtSocket as string | undefined;
+    const socketAlive = mgmtSocket ? existsSync(mgmtSocket) : false;
+    const rows: TableRow[] = [
+      {
+        name: "container",
+        status: withStatusEmoji(socketAlive ? "running" : "not running"),
+        info: socketAlive
+          ? `mgmt ${mgmtSocket}`
+          : "management socket not found",
+      },
+    ];
+    if (entry.runtimeUrl) {
+      const token = loadGuardianToken(entry.assistantId)?.accessToken;
+      const health = await checkHealth(entry.runtimeUrl, token);
+      rows.push({
+        name: "gateway",
+        status: withStatusEmoji(health.status),
+        info: entry.runtimeUrl + (health.detail ? ` | ${health.detail}` : ""),
+      });
+    }
+    printTable(rows);
+    return;
+  }
+
   let output: string;
   try {
     if (cloud === "gcp") {
@@ -395,7 +420,8 @@ async function listAllAssistants(): Promise<void> {
   }
 
   const rows: TableRow[] = assistants.map((a) => {
-    const infoParts = [a.runtimeUrl];
+    const infoParts: string[] = [];
+    if (a.runtimeUrl) infoParts.push(a.runtimeUrl);
     if (a.cloud) infoParts.push(`cloud: ${a.cloud}`);
     if (a.species) infoParts.push(`species: ${a.species}`);
     const prefix = a.assistantId === activeId ? "* " : "  ";
@@ -445,6 +471,13 @@ async function listAllAssistants(): Promise<void> {
           const token = loadGuardianToken(a.assistantId)?.accessToken;
           health = await checkHealth(a.localUrl ?? a.runtimeUrl, token);
         }
+      } else if (a.cloud === "apple-container") {
+        // Apple containers are managed by the macOS app. Probe the gateway
+        // (runtimeUrl is always written to the lockfile during hatch).
+        const token = loadGuardianToken(a.assistantId)?.accessToken;
+        health = a.runtimeUrl
+          ? await checkHealth(a.runtimeUrl, token)
+          : { status: "unknown" as const, detail: "no runtime URL" };
       } else if (a.cloud === "vellum") {
         health = await checkManagedHealth(a.runtimeUrl, a.assistantId);
       } else {
@@ -452,11 +485,8 @@ async function listAllAssistants(): Promise<void> {
         health = await checkHealth(a.localUrl ?? a.runtimeUrl, token);
       }
 
-      if (health.status === "healthy" && health.version) {
-        updateServiceGroupVersion(a.assistantId, health.version);
-      }
-
-      const infoParts = [a.runtimeUrl];
+      const infoParts: string[] = [];
+      if (a.runtimeUrl) infoParts.push(a.runtimeUrl);
       if (a.cloud) infoParts.push(`cloud: ${a.cloud}`);
       if (a.species) infoParts.push(`species: ${a.species}`);
       if (health.detail) infoParts.push(health.detail);

package/src/commands/recover.ts

@@ -51,16 +51,20 @@ export async function recover(): Promise<void> {
     );
   }
 
-  // 3. Check ~/.vellum doesn't already exist
-  const vellumDir = join(homedir(), ".vellum");
-  if (existsSync(vellumDir)) {
+  // 3. Check that the recovering entry's own target directory is free.
+  const target = join(entry.resources.instanceDir, ".vellum");
+  if (existsSync(target)) {
     console.error(
-      "Error: ~/.vellum already exists. Retire the current assistant first.",
+      `Error: ${target} already exists (owned by ${entry.assistantId}). ` +
+        `Retire the current assistant first.`,
     );
     process.exit(1);
   }
 
   // 4. Extract archive
+  // TODO: extraction target is hardcoded to homedir(); multi-instance entries
+  //       whose instanceDir differs from homedir will extract to the wrong
+  //       location. Tracked separately from the collision-check regression.
   await exec("tar", ["xzf", archivePath, "-C", homedir()]);
 
   // 5. Restore lockfile entry

package/src/commands/restore.ts

@@ -563,6 +563,14 @@ export async function restore(): Promise<void> {
   // Detect topology and route platform assistants through Django import
   const cloud =
     entry.cloud || (entry.project ? "gcp" : entry.sshUser ? "custom" : "local");
+
+  if (cloud === "apple-container") {
+    console.error(
+      `Error: '${name}' uses the Apple Containers runtime. Restore is not yet supported for this topology.`,
+    );
+    process.exit(1);
+  }
+
   if (cloud === "vellum") {
     await restorePlatform(entry, name, bundleData, { version, dryRun });
     return;

package/src/commands/retire.ts

@@ -12,6 +12,7 @@ import { retireInstance as retireAwsInstance } from "../lib/aws";
 import { retireDocker } from "../lib/docker";
 import { retireInstance as retireGcpInstance } from "../lib/gcp";
 import { retireLocal } from "../lib/retire-local";
+import { retireAppleContainer } from "../lib/retire-apple-container";
 import { exec } from "../lib/step-runner";
 import {
   openLogFile,
@@ -100,7 +101,12 @@ async function retireVellum(
     headers: await authHeaders(token, runtimeUrl),
   });
 
-  if (!response.ok) {
+  // Treat 404 as success: the assistant is already gone from the platform
+  // (previously retired, deleted from the web UI, or retired from another
+  // device) so the caller's job is done. Falling through to the lockfile
+  // cleanup avoids leaving a stale entry that would otherwise wedge the
+  // macOS app in a permanent health-check loop.
+  if (!response.ok && response.status !== 404) {
     const body = await response.text();
     console.error(
       `Error: Platform retire failed (${response.status}): ${body}`,
@@ -108,7 +114,13 @@ async function retireVellum(
     process.exit(1);
   }
 
-  console.log("\u2705 Platform-hosted instance retired.");
+  if (response.status === 404) {
+    console.log(
+      "\u2705 Platform-hosted instance already retired (404) — cleaning up local state.",
+    );
+  } else {
+    console.log("\u2705 Platform-hosted instance retired.");
+  }
 }
 
 function parseSource(): string | undefined {
@@ -201,13 +213,8 @@ async function retireInner(): Promise<void> {
   const cloud = resolveCloud(entry);
 
   if (cloud === "apple-container") {
-    console.error(
-      `Error: '${name}' uses the Apple Containers runtime. Its lifecycle is managed by the macOS app — use the app to retire it.`,
-    );
-    process.exit(1);
-  }
-
-  if (cloud === "gcp") {
+    await retireAppleContainer(name, entry);
+  } else if (cloud === "gcp") {
     const project = entry.project;
     const zone = entry.zone;
     if (!project || !zone) {

package/src/commands/rollback.ts

@@ -29,12 +29,13 @@ import {
   captureContainerEnv,
   commitWorkspaceViaGateway,
   CONTAINER_ENV_EXCLUDE_KEYS,
+  fetchCurrentVersion,
+  fetchPreviousVersion,
   performDockerRollback,
   rollbackMigrations,
   UPGRADE_PROGRESS,
   waitForReady,
 } from "../lib/upgrade-lifecycle.js";
-import { compareVersions } from "../lib/version-compat.js";
 
 function parseArgs(): { name: string | null; version: string | null } {
   const args = process.argv.slice(3);
@@ -148,20 +149,7 @@ async function rollbackPlatformViaEndpoint(
   entry: AssistantEntry,
   version?: string,
 ): Promise<void> {
-  const currentVersion = entry.serviceGroupVersion;
-
-  // Step 1 — Version validation (only if version provided)
-  if (version && currentVersion) {
-    const cmp = compareVersions(version, currentVersion);
-    if (cmp !== null && cmp >= 0) {
-      const msg = `Target version ${version} is not older than the current version ${currentVersion}. Use \`vellum upgrade --version ${version}\` to upgrade.`;
-      console.error(msg);
-      emitCliError("VERSION_DIRECTION", msg);
-      process.exit(1);
-    }
-  }
-
-  // Step 2 — Authenticate
+  // Step 1 — Authenticate
   const token = readPlatformToken();
   if (!token) {
     const msg =
@@ -171,6 +159,9 @@ async function rollbackPlatformViaEndpoint(
     process.exit(1);
   }
 
+  // Fetch current version from health endpoint (best-effort)
+  const currentVersion = await fetchCurrentVersion(entry.runtimeUrl);
+
   // Step 3 — Call rollback endpoint
   if (version) {
     console.log(`Rolling back to ${version}...`);
@@ -215,7 +206,7 @@ async function rollbackPlatformViaEndpoint(
     await broadcastUpgradeEvent(
       entry.runtimeUrl,
       entry.assistantId,
-      buildCompleteEvent(currentVersion ?? "unknown", false),
+      buildCompleteEvent(currentVersion ?? version ?? "unknown", false),
     );
     process.exit(1);
   }
@@ -234,6 +225,13 @@ export async function rollback(): Promise<void> {
   const entry = resolveTargetAssistant(name);
   const cloud = resolveCloud(entry);
 
+  if (cloud === "apple-container") {
+    console.error(
+      `Error: '${entry.assistantId}' uses the Apple Containers runtime. Rollback is not yet supported for this topology.`,
+    );
+    process.exit(1);
+  }
+
   // ---------- Managed (Vellum platform) rollback ----------
   if (cloud === "vellum") {
     await rollbackPlatformViaEndpoint(entry, version ?? undefined);
@@ -258,7 +256,7 @@ export async function rollback(): Promise<void> {
       await broadcastUpgradeEvent(
         entry.runtimeUrl,
         entry.assistantId,
-        buildCompleteEvent(entry.serviceGroupVersion ?? "unknown", false),
+        buildCompleteEvent(version ?? "unknown", false),
       );
       emitCliError(categorizeUpgradeError(err), "Rollback failed", detail);
       process.exit(1);
@@ -268,8 +266,14 @@ export async function rollback(): Promise<void> {
 
   // ---------- Docker: Saved-state rollback (no --version) ----------
 
+  // Fetch current + previous version from live APIs
+  const currentVersion = await fetchCurrentVersion(entry.runtimeUrl);
+  const previousVersion =
+    (await fetchPreviousVersion(currentVersion, entry.previousVersion)) ??
+    "unknown";
+
   // Verify rollback state exists
-  if (!entry.previousServiceGroupVersion || !entry.previousContainerInfo) {
+  if (!entry.previousContainerInfo) {
     const msg =
       "No rollback state available. Run `vellum upgrade` first to create a rollback point.";
     console.error(msg);
@@ -305,15 +309,15 @@ export async function rollback(): Promise<void> {
       buildUpgradeCommitMessage({
         action: "rollback",
         phase: "starting",
-        from: entry.serviceGroupVersion ?? "unknown",
-        to: entry.previousServiceGroupVersion ?? "unknown",
+        from: currentVersion ?? "unknown",
+        to: previousVersion,
         topology: "docker",
         assistantId: entry.assistantId,
       }),
     );
 
     console.log(
-      `🔄 Rolling back Docker assistant '${instanceName}' to ${entry.previousServiceGroupVersion}...\n`,
+      `🔄 Rolling back Docker assistant '${instanceName}' to ${previousVersion}...\n`,
     );
 
     // Capture current container env
@@ -367,7 +371,7 @@ export async function rollback(): Promise<void> {
     await broadcastUpgradeEvent(
       entry.runtimeUrl,
       entry.assistantId,
-      buildStartingEvent(entry.previousServiceGroupVersion),
+      buildStartingEvent(previousVersion),
     );
     // Brief pause to allow SSE delivery before containers stop.
     await new Promise((r) => setTimeout(r, 500));
@@ -428,7 +432,6 @@ export async function rollback(): Promise<void> {
       // Swap current/previous state to enable "rollback the rollback"
       const updatedEntry: AssistantEntry = {
         ...entry,
-        serviceGroupVersion: entry.previousServiceGroupVersion,
         containerInfo: {
           assistantImage: prev.assistantImage ?? previousImageRefs.assistant,
           gatewayImage: prev.gatewayImage ?? previousImageRefs.gateway,
@@ -438,7 +441,6 @@ export async function rollback(): Promise<void> {
           cesDigest: newDigests?.["credential-executor"],
           networkName: res.network,
         },
-        previousServiceGroupVersion: entry.serviceGroupVersion,
         previousContainerInfo: entry.containerInfo,
         // Clear the backup path — it belonged to the upgrade we just rolled back
         preUpgradeBackupPath: undefined,
@@ -451,7 +453,7 @@ export async function rollback(): Promise<void> {
       await broadcastUpgradeEvent(
         entry.runtimeUrl,
         entry.assistantId,
-        buildCompleteEvent(entry.previousServiceGroupVersion, true),
+        buildCompleteEvent(previousVersion, true),
       );
 
       // Record successful rollback in workspace git history
@@ -461,8 +463,8 @@ export async function rollback(): Promise<void> {
         buildUpgradeCommitMessage({
           action: "rollback",
           phase: "complete",
-          from: entry.serviceGroupVersion ?? "unknown",
-          to: entry.previousServiceGroupVersion ?? "unknown",
+          from: currentVersion ?? "unknown",
+          to: previousVersion,
           topology: "docker",
           assistantId: entry.assistantId,
           result: "success",
@@ -470,7 +472,7 @@ export async function rollback(): Promise<void> {
       );
 
       console.log(
-        `\n✅ Docker assistant '${instanceName}' rolled back to ${entry.previousServiceGroupVersion}.`,
+        `\n✅ Docker assistant '${instanceName}' rolled back to ${previousVersion}.`,
       );
       console.log(
         "\nTip: To also restore data from before the upgrade, use `vellum restore --from <backup-path>`.",
@@ -485,10 +487,7 @@ export async function rollback(): Promise<void> {
       await broadcastUpgradeEvent(
         entry.runtimeUrl,
         entry.assistantId,
-        buildCompleteEvent(
-          entry.previousServiceGroupVersion ?? "unknown",
-          false,
-        ),
+        buildCompleteEvent(previousVersion, false),
       );
       emitCliError(
         "READINESS_TIMEOUT",
@@ -502,7 +501,7 @@ export async function rollback(): Promise<void> {
     await broadcastUpgradeEvent(
       entry.runtimeUrl,
       entry.assistantId,
-      buildCompleteEvent(entry.serviceGroupVersion ?? "unknown", false),
+      buildCompleteEvent(previousVersion, false),
     );
     emitCliError(categorizeUpgradeError(err), "Rollback failed", detail);
     process.exit(1);

package/src/commands/ssh.ts

@@ -6,6 +6,7 @@ import {
 } from "../lib/assistant-config";
 import type { AssistantEntry } from "../lib/assistant-config";
 import { dockerResourceNames } from "../lib/docker";
+import { sshAppleContainer } from "../lib/ssh-apple-container";
 
 const SSH_OPTS = [
   "-o",
@@ -81,6 +82,12 @@ export async function ssh(): Promise<void> {
     process.exit(1);
   }
 
+  // Apple container: connect to the management socket for an interactive shell.
+  if (cloud === "apple-container") {
+    await sshAppleContainer(entry);
+    return;
+  }
+
   let child;
 
   if (cloud === "docker") {