@vellumai/cli 0.6.4 → 0.6.5

package/src/lib/guardian-token.ts

@@ -5,6 +5,7 @@ import {
   existsSync,
   mkdirSync,
   readFileSync,
+  statSync,
   writeFileSync,
 } from "fs";
 import { platform } from "os";
@@ -12,6 +13,7 @@ import { dirname, join } from "path";
 
 import { getConfigDir } from "./environments/paths.js";
 import { getCurrentEnvironment } from "./environments/resolve.js";
+import { SEEDS } from "./environments/seeds.js";
 
 const DEVICE_ID_SALT = "vellum-assistant-host-id";
 
@@ -200,3 +202,64 @@ export async function leaseGuardianToken(
   saveGuardianToken(assistantId, tokenData);
   return tokenData;
 }
+
+/**
+ * Copy a guardian token from a sibling environment's config directory into
+ * the current environment's dir when the current one is missing it.
+ *
+ * The CLI's per-environment config layout (`~/.config/vellum{-env}/`) scopes
+ * the lockfile and the guardian token by VELLUM_ENVIRONMENT. Lockfiles are
+ * cross-written at hatch time, but a guardian token is only written under
+ * the env the assistant was hatched in. If the user later wakes the same
+ * assistant under a different env (e.g. a freshly built desktop app ships
+ * with VELLUM_ENVIRONMENT=local while the original hatch was under dev),
+ * the app cannot locate a bearer token and falls into a 401 → auth-rate-
+ * limit → 429 cascade against the local gateway.
+ *
+ * Returns true if a token was seeded, false if a token was already present
+ * or no sibling env had one to copy.
+ */
+export function seedGuardianTokenFromSiblingEnv(assistantId: string): boolean {
+  if (loadGuardianToken(assistantId) !== null) return false;
+
+  const currentEnvName = getCurrentEnvironment().name;
+  const destPath = getGuardianTokenPath(assistantId);
+
+  const candidates: { path: string; mtimeMs: number }[] = [];
+  for (const env of Object.values(SEEDS)) {
+    if (env.name === currentEnvName) continue;
+    const sibling = join(
+      getConfigDir(env),
+      "assistants",
+      assistantId,
+      "guardian-token.json",
+    );
+    try {
+      const stat = statSync(sibling);
+      candidates.push({ path: sibling, mtimeMs: stat.mtimeMs });
+    } catch {
+      continue;
+    }
+  }
+  candidates.sort((a, b) => b.mtimeMs - a.mtimeMs);
+
+  const now = Date.now();
+  for (const { path: sibling } of candidates) {
+    try {
+      const raw = readFileSync(sibling);
+      const parsed = JSON.parse(raw.toString("utf-8")) as GuardianTokenData;
+      const refreshExpiry = Date.parse(parsed.refreshTokenExpiresAt);
+      if (!Number.isFinite(refreshExpiry) || refreshExpiry <= now) continue;
+      const dir = dirname(destPath);
+      if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true, mode: 0o700 });
+      }
+      writeFileSync(destPath, raw, { mode: 0o600 });
+      chmodSync(destPath, 0o600);
+      return true;
+    } catch {
+      continue;
+    }
+  }
+  return false;
+}

package/src/lib/hatch-local.ts

@@ -305,10 +305,26 @@ export async function hatchLocal(
   // IP which the daemon rejects as non-loopback.
   emitProgress(6, 7, "Securing connection...");
   const loopbackUrl = `http://127.0.0.1:${resources.gatewayPort}`;
-  try {
-    await leaseGuardianToken(loopbackUrl, instanceName);
-  } catch (err) {
-    console.error(`⚠️  Guardian token lease failed: ${err}`);
+  const maxLeaseAttempts = 3;
+  for (let attempt = 1; attempt <= maxLeaseAttempts; attempt++) {
+    try {
+      await leaseGuardianToken(loopbackUrl, instanceName);
+      break;
+    } catch (err) {
+      if (attempt < maxLeaseAttempts) {
+        const delayMs = 2000 * 2 ** (attempt - 1);
+        console.error(
+          `⚠️  Guardian token lease attempt ${attempt}/${maxLeaseAttempts} failed — retrying in ${delayMs / 1000}s: ${err}`,
+        );
+        await new Promise((r) => setTimeout(r, delayMs));
+      } else {
+        console.error(
+          `⚠️  Guardian token lease failed after ${maxLeaseAttempts} attempts: ${err}\n` +
+            `   The assistant is running but guardian-token.json was not written.\n` +
+            `   If the desktop app loses its stored credentials, re-hatch to recover.`,
+        );
+      }
+    }
   }
 
   // Auto-start ngrok if webhook integrations (e.g. Telegram, Twilio) are configured.

package/src/lib/local.ts

@@ -1076,6 +1076,7 @@ export async function startGateway(
     // (mirrors the daemon env setup).
     ...(resources
       ? {
+          BASE_DATA_DIR: resources.instanceDir,
           VELLUM_WORKSPACE_DIR: join(
             resources.instanceDir,
             ".vellum",

package/src/lib/platform-client.ts

@@ -222,6 +222,140 @@ export async function ensureSelfHostedLocalRegistration(
   return (await response.json()) as EnsureRegistrationResponse;
 }
 
+// ---------------------------------------------------------------------------
+// API key reprovisioning
+// ---------------------------------------------------------------------------
+
+export interface ReprovisionApiKeyResponse {
+  provisioning: {
+    assistant_api_key: string;
+  };
+}
+
+/**
+ * Reprovision (rotate) the API key for a self-hosted local assistant.
+ *
+ * Calls `POST /v1/assistants/self-hosted-local/reprovision-api-key/`.
+ * Returns a fresh API key. The previous key is revoked server-side.
+ */
+export async function reprovisionAssistantApiKey(
+  token: string,
+  organizationId: string,
+  clientInstallationId: string,
+  runtimeAssistantId: string,
+  clientPlatform: string,
+  assistantVersion?: string,
+  platformUrl?: string,
+): Promise<ReprovisionApiKeyResponse> {
+  const resolvedUrl = platformUrl || getPlatformUrl();
+  const body: Record<string, string> = {
+    client_installation_id: clientInstallationId,
+    runtime_assistant_id: runtimeAssistantId,
+    client_platform: clientPlatform,
+  };
+  if (assistantVersion) {
+    body.assistant_version = assistantVersion;
+  }
+
+  const response = await fetch(
+    `${resolvedUrl}/v1/assistants/self-hosted-local/reprovision-api-key/`,
+    {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Accept: "application/json",
+        "X-Session-Token": token,
+        "Vellum-Organization-Id": organizationId,
+      },
+      body: JSON.stringify(body),
+    },
+  );
+
+  if (response.status === 401 || response.status === 403) {
+    throw new Error("Authentication required for API key reprovisioning.");
+  }
+
+  if (!response.ok) {
+    const detail = await response.text().catch(() => "");
+    throw new Error(
+      `API key reprovisioning failed (${response.status}): ${detail || response.statusText}`,
+    );
+  }
+
+  return (await response.json()) as ReprovisionApiKeyResponse;
+}
+
+// ---------------------------------------------------------------------------
+// Credential reading from running assistant via gateway
+// ---------------------------------------------------------------------------
+
+export interface GatewayCredentialResult {
+  /** The credential value, if found. */
+  value: string | null;
+  /** True when the gateway/daemon was unreachable (network error, timeout, etc.). */
+  unreachable: boolean;
+}
+
+/**
+ * Read an existing credential from the assistant's secret store via the
+ * gateway-proxied `POST /v1/secrets/read` endpoint (with `reveal: true`).
+ *
+ * Returns a result distinguishing "key not found" (`value: null,
+ * unreachable: false`) from "gateway unreachable" (`value: null,
+ * unreachable: true`). Callers should only reprovision when the gateway
+ * is reachable but the key is genuinely missing — reprovisioning while
+ * the gateway is down would revoke the old key server-side without being
+ * able to inject the replacement.
+ *
+ * Never throws.
+ */
+export async function readGatewayCredential(
+  gatewayUrl: string,
+  name: string,
+  bearerToken?: string,
+): Promise<GatewayCredentialResult> {
+  try {
+    const headers: Record<string, string> = {
+      "Content-Type": "application/json",
+      Accept: "application/json",
+    };
+    if (bearerToken) {
+      headers["Authorization"] = `Bearer ${bearerToken}`;
+    }
+
+    const response = await fetch(`${gatewayUrl}/v1/secrets/read`, {
+      method: "POST",
+      headers,
+      body: JSON.stringify({ type: "credential", name, reveal: true }),
+      signal: AbortSignal.timeout(10_000),
+    });
+
+    if (!response.ok) {
+      // 5xx means the gateway/daemon backend is down — treat as unreachable
+      // so callers don't revoke a potentially valid key.
+      return { value: null, unreachable: response.status >= 500 };
+    }
+
+    const json = (await response.json()) as {
+      found: boolean;
+      value?: string;
+      unreachable?: boolean;
+    };
+    // The daemon's /v1/secrets/read returns `unreachable: true` when the
+    // credential backend (CES) can't be reached. Respect that signal.
+    if (json.unreachable) {
+      return { value: null, unreachable: true };
+    }
+    return {
+      value: json.found && json.value ? json.value : null,
+      unreachable: false,
+    };
+  } catch {
+    // Network error, timeout, or gateway down
+    return { value: null, unreachable: true };
+  }
+}
+
 // ---------------------------------------------------------------------------
 // Credential injection into running assistant via gateway
 // ---------------------------------------------------------------------------

package/src/{commands → lib}/ssh-apple-container.ts

@@ -1,13 +1,17 @@
 import { createConnection } from "net";
 import { existsSync } from "fs";
 
-import type { AssistantEntry } from "../lib/assistant-config";
+import type { AssistantEntry } from "./assistant-config";
 
 /**
  * Connect to an Apple Container assistant via its management socket.
  * Sends a JSON handshake then relays stdin/stdout in raw mode.
  */
-export async function sshAppleContainer(entry: AssistantEntry): Promise<void> {
+export async function sshAppleContainer(
+  entry: AssistantEntry,
+  command?: string[],
+  service?: string,
+): Promise<void> {
   const mgmtSocket = entry.mgmtSocket as string | undefined;
   if (!mgmtSocket) {
     console.error(
@@ -34,8 +38,8 @@ export async function sshAppleContainer(entry: AssistantEntry): Promise<void> {
 
   const handshake =
     JSON.stringify({
-      command: ["/bin/bash"],
-      service: "vellum-assistant",
+      command: command && command.length > 0 ? command : ["/bin/bash"],
+      service: service || "vellum-assistant",
       cols,
       rows,
     }) + "\n";

package/src/shared/provider-env-vars.ts

@@ -1,19 +1,43 @@
 /**
  * Provider API key environment variable names, keyed by provider ID.
  *
- * Keep in sync with:
- *   - assistant/src/shared/provider-env-vars.ts
- *   - meta/provider-env-vars.json  (consumed by the macOS client build)
+ * Two sources are merged into a single combined map:
  *
- * Once a consolidated shared package exists in packages/, all three
- * copies can be replaced by a single import.
+ *   1. Search-provider env vars — sourced from `meta/provider-env-vars.json`
+ *      (single source of truth, also bundled into the macOS client).
+ *   2. LLM-provider env vars — sourced from `PROVIDER_CATALOG` in
+ *      `assistant/src/providers/model-catalog.ts` via a locally-maintained
+ *      mirror (the CLI does not import from `assistant/src/`; drift is caught
+ *      by `cli/src/__tests__/llm-provider-env-var-parity.test.ts`).
+ *
+ * The combined map is what cloud-infra code (docker.ts, aws.ts, gcp.ts)
+ * iterates to forward provider API keys from the caller's environment into
+ * containers / VMs. Keeping both kinds of provider env vars in one map means
+ * the infra call sites don't need to know which kind is which — they just
+ * forward every value whose env var is set.
  */
-export const PROVIDER_ENV_VAR_NAMES: Record<string, string> = {
+
+/** LLM provider env var names. Mirrors `PROVIDER_CATALOG` entries with an `envVar`. */
+export const LLM_PROVIDER_ENV_VAR_NAMES: Record<string, string> = {
   anthropic: "ANTHROPIC_API_KEY",
   openai: "OPENAI_API_KEY",
   gemini: "GEMINI_API_KEY",
   fireworks: "FIREWORKS_API_KEY",
   openrouter: "OPENROUTER_API_KEY",
+};
+
+/** Search-provider env var names. Mirrors `meta/provider-env-vars.json`. */
+export const SEARCH_PROVIDER_ENV_VAR_NAMES: Record<string, string> = {
   brave: "BRAVE_API_KEY",
   perplexity: "PERPLEXITY_API_KEY",
 };
+
+/**
+ * Combined provider env var names — the union of LLM and search providers.
+ * Used by the cloud-infra flows (docker/aws/gcp) to forward every supported
+ * provider API key from the caller's environment.
+ */
+export const PROVIDER_ENV_VAR_NAMES: Record<string, string> = {
+  ...LLM_PROVIDER_ENV_VAR_NAMES,
+  ...SEARCH_PROVIDER_ENV_VAR_NAMES,
+};