@vellumai/cli 0.7.0 → 0.7.2

package/src/lib/local-runtime-client.ts

@@ -1,7 +1,14 @@
+import type { AssistantEntry } from "./assistant-config.js";
 import {
+  authHeaders,
+  invalidateOrgIdCache,
   parseUnifiedJobStatus,
   type UnifiedJobStatus,
 } from "./platform-client.js";
+import {
+  resolveRuntimeMigrationUrl,
+  resolveRuntimeUrl,
+} from "./runtime-url.js";
 
 /**
  * Thrown when the local runtime returns 409 for an export/import request
@@ -34,6 +41,29 @@ function bearerHeaders(token: string): Record<string, string> {
   };
 }
 
+/**
+ * Build the auth + content headers for a runtime migration request.
+ *
+ * - For `cloud === "vellum"` we go through the platform's wildcard runtime
+ *   proxy, which authenticates user-session / vak_ tokens via DRF's default
+ *   authentication classes — `authHeaders()` produces the right combination
+ *   (`X-Session-Token` + `Vellum-Organization-Id`, or `Authorization: Bearer
+ *   vak_...`).
+ * - For local/docker the runtime endpoint expects a guardian-token bearer.
+ */
+async function migrationRequestHeaders(
+  entry: Pick<AssistantEntry, "cloud" | "runtimeUrl">,
+  token: string,
+): Promise<Record<string, string>> {
+  if (entry.cloud === "vellum") {
+    return {
+      ...(await authHeaders(token, entry.runtimeUrl)),
+      Accept: "application/json",
+    };
+  }
+  return bearerHeaders(token);
+}
+
 interface Raw409Body {
   detail?: string;
   // The runtime's current 409 contract nests the payload under `error`:
@@ -69,13 +99,21 @@ async function throwIfInProgress(
 }
 
 /**
- * Kick off an async export-to-GCS job on the local runtime.
- * POSTs to `{runtimeUrl}/v1/migrations/export-to-gcs` and returns the
- * 202-accepted job_id. On 409 (another export in flight) throws
- * {@link MigrationInProgressError} with the existing job_id.
+ * Kick off an async export-to-GCS job on the assistant's runtime.
+ *
+ * For local/docker assistants this POSTs to
+ * `{runtimeUrl}/v1/migrations/export-to-gcs` with guardian-token bearer
+ * auth. For platform-managed (cloud="vellum") assistants the URL is rewritten
+ * to the wildcard-runtime-proxy shape
+ * `{platformUrl}/v1/assistants/<assistantId>/migrations/export-to-gcs` and
+ * authenticated via the platform-token header set the platform's DRF auth
+ * accepts (session / vak_).
+ *
+ * Returns the 202-accepted `job_id`. On 409 (another export in flight)
+ * throws {@link MigrationInProgressError} with the existing job_id.
  */
 export async function localRuntimeExportToGcs(
-  runtimeUrl: string,
+  entry: Pick<AssistantEntry, "cloud" | "runtimeUrl" | "assistantId">,
   token: string,
   params: { uploadUrl: string; description?: string },
 ): Promise<{ jobId: string }> {
@@ -84,11 +122,14 @@ export async function localRuntimeExportToGcs(
     body.description = params.description;
   }
 
-  const response = await fetch(`${runtimeUrl}/v1/migrations/export-to-gcs`, {
-    method: "POST",
-    headers: bearerHeaders(token),
-    body: JSON.stringify(body),
-  });
+  const response = await fetch(
+    resolveRuntimeMigrationUrl(entry, "export-to-gcs"),
+    {
+      method: "POST",
+      headers: await migrationRequestHeaders(entry, token),
+      body: JSON.stringify(body),
+    },
+  );
 
   await throwIfInProgress(response, "export_in_progress");
 
@@ -110,20 +151,29 @@ export async function localRuntimeExportToGcs(
 }
 
 /**
- * Kick off an async import-from-GCS job on the local runtime.
- * POSTs to `{runtimeUrl}/v1/migrations/import-from-gcs` with a signed
- * download URL. On 409 throws {@link MigrationInProgressError}.
+ * Kick off an async import-from-GCS job on the assistant's runtime.
+ *
+ * For local/docker assistants this POSTs to
+ * `{runtimeUrl}/v1/migrations/import-from-gcs` with guardian-token bearer
+ * auth. For platform-managed (cloud="vellum") assistants the URL is rewritten
+ * to the wildcard-runtime-proxy shape
+ * `{platformUrl}/v1/assistants/<assistantId>/migrations/import-from-gcs` and
+ * authenticated via the platform token. On 409 throws
+ * {@link MigrationInProgressError}.
  */
 export async function localRuntimeImportFromGcs(
-  runtimeUrl: string,
+  entry: Pick<AssistantEntry, "cloud" | "runtimeUrl" | "assistantId">,
   token: string,
   params: { bundleUrl: string },
 ): Promise<{ jobId: string }> {
-  const response = await fetch(`${runtimeUrl}/v1/migrations/import-from-gcs`, {
-    method: "POST",
-    headers: bearerHeaders(token),
-    body: JSON.stringify({ bundle_url: params.bundleUrl }),
-  });
+  const response = await fetch(
+    resolveRuntimeMigrationUrl(entry, "import-from-gcs"),
+    {
+      method: "POST",
+      headers: await migrationRequestHeaders(entry, token),
+      body: JSON.stringify({ bundle_url: params.bundleUrl }),
+    },
+  );
 
   await throwIfInProgress(response, "import_in_progress");
 
@@ -145,21 +195,28 @@ export async function localRuntimeImportFromGcs(
 }
 
 /**
- * Poll the local runtime's unified job-status endpoint.
- * GETs `{runtimeUrl}/v1/migrations/jobs/{jobId}` and parses into
- * {@link UnifiedJobStatus}.
+ * Poll the runtime's unified job-status endpoint.
+ *
+ * For local/docker assistants this GETs
+ * `{runtimeUrl}/v1/migrations/jobs/{jobId}` directly (guardian-token
+ * bearer). For platform-managed assistants it routes through the wildcard
+ * runtime proxy at
+ * `{platformUrl}/v1/assistants/<assistantId>/migrations/jobs/{jobId}` with
+ * platform-token auth — important: the platform's dedicated
+ * `/v1/migrations/jobs/{id}/` endpoint queries platform-side ImportJob
+ * records and would 404 on runtime-created job IDs.
  */
 export async function localRuntimePollJobStatus(
-  runtimeUrl: string,
+  entry: Pick<AssistantEntry, "cloud" | "runtimeUrl" | "assistantId">,
   token: string,
   jobId: string,
 ): Promise<UnifiedJobStatus> {
-  const response = await fetch(`${runtimeUrl}/v1/migrations/jobs/${jobId}`, {
-    headers: {
-      Authorization: `Bearer ${token}`,
-      Accept: "application/json",
+  const response = await fetch(
+    resolveRuntimeMigrationUrl(entry, `jobs/${jobId}`),
+    {
+      headers: await migrationRequestHeaders(entry, token),
     },
-  });
+  );
 
   if (response.status === 404) {
     throw new Error("Migration job not found");
@@ -176,3 +233,80 @@ export async function localRuntimePollJobStatus(
   >[0];
   return parseUnifiedJobStatus(raw);
 }
+
+/**
+ * The subset of `/v1/health` we care about. The runtime's full response
+ * includes additional fields (status, disk, memory, cpu, migrations, etc.)
+ * — we only model `version` here because that's all the CLI consumes today.
+ */
+export interface RuntimeIdentity {
+  version: string;
+}
+
+/**
+ * Fetch the target runtime's APP_VERSION via `/v1/health`. Used by
+ * `vellum teleport` and `vellum backup` to stamp the exported bundle's
+ * `min_runtime_version` with the version of the runtime that actually
+ * produced it — which can diverge from the orchestrating CLI's version when
+ * the target was upgraded independently.
+ *
+ * GETs `/v1/health` (not `/v1/identity`) so the call works on freshly-
+ * hatched runtimes that haven't completed onboarding. The `/v1/identity`
+ * handler reads `IDENTITY.md` from the workspace and 404s if it's missing
+ * — and `IDENTITY.md` is only written during onboarding, not hatch. The
+ * `/v1/health` handler returns the same `version` field unconditionally
+ * (no filesystem reads), so it's safe to call against any running runtime.
+ *
+ * For local/docker assistants this GETs `{runtimeUrl}/v1/health` with
+ * guardian-token bearer auth. For platform-managed (cloud="vellum")
+ * assistants the URL is rewritten to the wildcard runtime proxy shape
+ * `{platformUrl}/v1/assistants/<assistantId>/health` and authenticated via
+ * the platform token.
+ *
+ * For the vellum target this is the FIRST network call in the
+ * teleport/backup export flow, so a stale `Vellum-Organization-Id` cache
+ * entry would surface as a hard abort before any retry-friendly call (like
+ * `platformRequestSignedUrl`) gets a chance to recover. Mirror that helper's
+ * one-shot 401-retry: invalidate the org-ID cache and retry once. Local /
+ * docker entries do not use the org-ID cache and are wrapped in
+ * `callRuntimeWithAuthRetry` by callers for guardian-token refresh, so the
+ * retry is intentionally vellum-only.
+ *
+ * The function name is intentionally retained ("identity-ish info about the
+ * runtime") even though the implementation now hits `/v1/health` — renaming
+ * would force changes in 4+ callsites for no behavioral benefit.
+ *
+ * Throws on non-2xx so callers can surface the failure (we never silently
+ * fall back — see teleport.ts call site).
+ */
+export async function localRuntimeIdentity(
+  entry: Pick<AssistantEntry, "cloud" | "runtimeUrl" | "assistantId">,
+  token: string,
+): Promise<RuntimeIdentity> {
+  const url = resolveRuntimeUrl(entry, "health");
+  const doRequest = async (): Promise<Response> =>
+    fetch(url, {
+      method: "GET",
+      headers: await migrationRequestHeaders(entry, token),
+    });
+
+  let response = await doRequest();
+  if (response.status === 401 && entry.cloud === "vellum") {
+    // `entry.runtimeUrl` is the platform host for vellum-cloud entries
+    // (the wildcard runtime proxy lives there). Pass it as the cache key
+    // platformUrl so we invalidate the same entry that authHeaders cached.
+    invalidateOrgIdCache(token, entry.runtimeUrl);
+    response = await doRequest();
+  }
+
+  if (!response.ok) {
+    throw new Error(
+      `Failed to fetch runtime identity: ${response.status} ${response.statusText}`,
+    );
+  }
+  const body = (await response.json()) as { version?: unknown };
+  if (typeof body.version !== "string" || !body.version) {
+    throw new Error("Runtime identity response missing version");
+  }
+  return { version: body.version };
+}

package/src/lib/local.ts

@@ -8,7 +8,7 @@ import {
   writeFileSync,
 } from "fs";
 import { createRequire } from "module";
-import { homedir, hostname, networkInterfaces, platform, tmpdir } from "os";
+import { homedir, networkInterfaces, platform, tmpdir } from "os";
 import { dirname, join } from "path";
 
 import {
@@ -111,7 +111,9 @@ function computeIpcSocketDirOverride(workspaceDir: string): string | undefined {
  * a short override directory and set all IPC socket env vars on the target
  * env object. No-op on non-macOS or when paths are within limits.
  */
-function applyIpcSocketDirOverride(env: Record<string, string>): void {
+function applyIpcSocketDirOverride(
+  env: Record<string, string | undefined>,
+): void {
   const workspaceDir =
     env.VELLUM_WORKSPACE_DIR || join(homedir(), ".vellum", "workspace");
   const override = computeIpcSocketDirOverride(workspaceDir);
@@ -392,7 +394,6 @@ async function startDaemonFromSource(
       : {}),
   };
   if (resources) {
-    env.BASE_DATA_DIR = resources.instanceDir;
     env.VELLUM_WORKSPACE_DIR = join(
       resources.instanceDir,
       ".vellum",
@@ -403,6 +404,11 @@ async function startDaemonFromSource(
       ".vellum",
       "protected",
     );
+    env.CREDENTIAL_SECURITY_DIR = join(
+      resources.instanceDir,
+      ".vellum",
+      "protected",
+    );
     env.RUNTIME_HTTP_PORT = String(resources.daemonPort);
     env.GATEWAY_PORT = String(resources.gatewayPort);
     env.QDRANT_HTTP_PORT = String(resources.qdrantPort);
@@ -413,6 +419,8 @@ async function startDaemonFromSource(
       options.defaultWorkspaceConfigPath;
   }
 
+  applyIpcSocketDirOverride(env);
+
   // Write a sentinel PID file before spawning so concurrent hatch() calls
   // detect the in-progress spawn and wait instead of racing.
   writeFileSync(pidFile, "starting", "utf-8");
@@ -523,7 +531,6 @@ async function startDaemonWatchFromSource(
       : {}),
   };
   if (resources) {
-    env.BASE_DATA_DIR = resources.instanceDir;
     env.VELLUM_WORKSPACE_DIR = join(
       resources.instanceDir,
       ".vellum",
@@ -534,6 +541,11 @@ async function startDaemonWatchFromSource(
       ".vellum",
       "protected",
     );
+    env.CREDENTIAL_SECURITY_DIR = join(
+      resources.instanceDir,
+      ".vellum",
+      "protected",
+    );
     env.RUNTIME_HTTP_PORT = String(resources.daemonPort);
     env.GATEWAY_PORT = String(resources.gatewayPort);
     env.QDRANT_HTTP_PORT = String(resources.qdrantPort);
@@ -544,6 +556,8 @@ async function startDaemonWatchFromSource(
       options.defaultWorkspaceConfigPath;
   }
 
+  applyIpcSocketDirOverride(env);
+
   // Write a sentinel PID file before spawning so concurrent hatch() calls
   // detect the in-progress spawn and wait instead of racing.
   writeFileSync(pidFile, "starting", "utf-8");
@@ -675,51 +689,18 @@ export async function discoverPublicUrl(
     return `http://${cloudIp}:${effectivePort}`;
   }
 
-  // Log the local address source only when we actually use it.
-  if (localResult.source === "hostname") {
-    console.log(`   Discovered macOS local hostname: ${localResult.label}`);
-  } else if (localResult.source === "lan") {
-    console.log(`   Discovered LAN IP: ${localResult.label}`);
-  }
-
   return localResult.url;
 }
 
 /**
- * Resolve a LAN-reachable URL without any async I/O. Returns the best local
- * address or falls back to localhost. Does not emit any logs — the caller
- * decides whether to log based on which result is actually used.
+ * Returns the localhost URL for the gateway on the given port.
  */
 function discoverLocalUrl(effectivePort: number): {
   url: string;
-  source: "hostname" | "lan" | "localhost";
-  label?: string;
+  source: "localhost";
 } {
-  // On macOS, prefer the .local hostname (Bonjour/mDNS) so other devices on
-  // the same network can reach the gateway by name.
-  if (platform() === "darwin") {
-    const localHostname = getMacLocalHostname();
-    if (localHostname) {
-      return {
-        url: `http://${localHostname}:${effectivePort}`,
-        source: "hostname",
-        label: localHostname,
-      };
-    }
-  }
-
-  const lanIp = getLocalLanIPv4();
-  if (lanIp) {
-    return {
-      url: `http://${lanIp}:${effectivePort}`,
-      source: "lan",
-      label: lanIp,
-    };
-  }
-
-  // Final fallback to localhost when no LAN address could be discovered.
   return {
-    url: `http://localhost:${effectivePort}`,
+    url: `http://127.0.0.1:${effectivePort}`,
     source: "localhost",
   };
 }
@@ -776,19 +757,6 @@ async function discoverCloudExternalIp(): Promise<string | undefined> {
   return gcpIp ?? awsIp;
 }
 
-/**
- * Returns the macOS Bonjour/mDNS `.local` hostname (e.g. "Vargass-Mac-Mini.local"),
- * or undefined if not running on macOS or the hostname cannot be determined.
- */
-export function getMacLocalHostname(): string | undefined {
-  const host = hostname();
-  if (!host) return undefined;
-  // macOS hostnames already end with .local when Bonjour is active
-  if (host.endsWith(".local")) return host;
-  // Otherwise, append .local — macOS resolves <ComputerName>.local via mDNS
-  return `${host}.local`;
-}
-
 /**
  * Returns the local IPv4 address most likely to be reachable from other
  * devices on the same LAN.
@@ -988,8 +956,8 @@ export async function startLocalDaemon(
       for (const key of [
         "ANTHROPIC_API_KEY",
         "APP_VERSION",
-        "BASE_DATA_DIR",
         "GATEWAY_SECURITY_DIR",
+        "CREDENTIAL_SECURITY_DIR",
         "VELLUM_ENVIRONMENT",
         "VELLUM_PLATFORM_URL",
         "QDRANT_HTTP_PORT",
@@ -1015,7 +983,6 @@ export async function startLocalDaemon(
       // When running a named instance, override env so the daemon resolves
       // all paths under the instance directory and listens on its own port.
       if (resources) {
-        daemonEnv.BASE_DATA_DIR = resources.instanceDir;
         daemonEnv.VELLUM_WORKSPACE_DIR = join(
           resources.instanceDir,
           ".vellum",
@@ -1026,6 +993,11 @@ export async function startLocalDaemon(
           ".vellum",
           "protected",
         );
+        daemonEnv.CREDENTIAL_SECURITY_DIR = join(
+          resources.instanceDir,
+          ".vellum",
+          "protected",
+        );
         daemonEnv.RUNTIME_HTTP_PORT = String(resources.daemonPort);
         daemonEnv.GATEWAY_PORT = String(resources.gatewayPort);
         daemonEnv.QDRANT_HTTP_PORT = String(resources.qdrantPort);
@@ -1165,7 +1137,7 @@ export async function startGateway(
 
   const publicUrl = await discoverPublicUrl(effectiveGatewayPort);
   if (publicUrl) {
-    console.log(`   Public URL: ${publicUrl}`);
+    console.log(`   HTTP URL: ${publicUrl}`);
   }
 
   console.log("🌐 Starting gateway...");
@@ -1179,7 +1151,6 @@ export async function startGateway(
     GATEWAY_PORT: String(effectiveGatewayPort),
     // Pass gateway operational settings via env vars so the CLI does not
     // need direct access to the workspace config file.
-    RUNTIME_PROXY_ENABLED: "true",
     RUNTIME_PROXY_REQUIRE_AUTH: "true",
     UNMAPPED_POLICY: "default",
     DEFAULT_ASSISTANT_ID: "self",
@@ -1197,7 +1168,6 @@ export async function startGateway(
     // assistant DB directly for guardian bootstrap.
     ...(resources
       ? {
-          BASE_DATA_DIR: resources.instanceDir,
           VELLUM_WORKSPACE_DIR: join(
             resources.instanceDir,
             ".vellum",
@@ -1208,16 +1178,17 @@ export async function startGateway(
             ".vellum",
             "protected",
           ),
+          CREDENTIAL_SECURITY_DIR: join(
+            resources.instanceDir,
+            ".vellum",
+            "protected",
+          ),
         }
       : {}),
   };
 
   applyIpcSocketDirOverride(gatewayEnv);
 
-  if (publicUrl) {
-    console.log(`   Ingress URL: ${publicUrl}`);
-  }
-
   let gateway;
 
   const gatewayBinary = join(dirname(process.execPath), "vellum-gateway");
@@ -1263,8 +1234,8 @@ export async function startGateway(
   const gatewayUrl = publicUrl || `http://localhost:${effectiveGatewayPort}`;
 
   // Wait for the gateway to be responsive before returning. Without this,
-  // callers (e.g. displayPairingQRCode) may try to connect before the HTTP
-  // server is listening and get connection-refused errors.
+  // callers may try to connect before the HTTP server is listening and get
+  // connection-refused errors.
   const start = Date.now();
   const timeoutMs = 30000;
   let ready = false;

package/src/lib/ngrok.ts

@@ -12,13 +12,19 @@ import { dirname, join } from "node:path";
 
 import { GATEWAY_PORT } from "./constants";
 
-function getConfigPath(): string {
-  const root = join(process.env.BASE_DATA_DIR?.trim() || homedir(), ".vellum");
-  return join(root, "workspace", "config.json");
+function getDefaultWorkspaceDir(): string {
+  return (
+    process.env.VELLUM_WORKSPACE_DIR?.trim() ||
+    join(homedir(), ".vellum", "workspace")
+  );
+}
+
+function getConfigPath(workspaceDir: string): string {
+  return join(workspaceDir, "config.json");
 }
 
-function loadRawConfig(): Record<string, unknown> {
-  const configPath = getConfigPath();
+function loadRawConfig(workspaceDir: string): Record<string, unknown> {
+  const configPath = getConfigPath(workspaceDir);
   if (!existsSync(configPath)) return {};
   return JSON.parse(readFileSync(configPath, "utf-8")) as Record<
     string,
@@ -26,8 +32,11 @@ function loadRawConfig(): Record<string, unknown> {
   >;
 }
 
-function saveRawConfig(config: Record<string, unknown>): void {
-  const configPath = getConfigPath();
+function saveRawConfig(
+  workspaceDir: string,
+  config: Record<string, unknown>,
+): void {
+  const configPath = getConfigPath(workspaceDir);
   const dir = dirname(configPath);
   if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
   writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
@@ -182,33 +191,33 @@ export async function waitForNgrokUrl(
 /**
  * Persist a public ingress URL to the workspace config and enable ingress.
  */
-function saveIngressUrl(publicUrl: string): void {
-  const config = loadRawConfig();
+function saveIngressUrl(workspaceDir: string, publicUrl: string): void {
+  const config = loadRawConfig(workspaceDir);
   const ingress = (config.ingress ?? {}) as Record<string, unknown>;
   ingress.publicBaseUrl = publicUrl;
   ingress.enabled = true;
   config.ingress = ingress;
-  saveRawConfig(config);
+  saveRawConfig(workspaceDir, config);
 }
 
 /**
  * Clear the ingress public base URL from the workspace config.
  */
-function clearIngressUrl(): void {
-  const config = loadRawConfig();
+function clearIngressUrl(workspaceDir: string): void {
+  const config = loadRawConfig(workspaceDir);
   const ingress = (config.ingress ?? {}) as Record<string, unknown>;
   delete ingress.publicBaseUrl;
   config.ingress = ingress;
-  saveRawConfig(config);
+  saveRawConfig(workspaceDir, config);
 }
 
 /**
  * Check whether any webhook-based integrations (e.g. Telegram, Twilio) are
  * configured that require a public ingress URL.
  */
-function hasWebhookIntegrationsConfigured(): boolean {
+function hasWebhookIntegrationsConfigured(workspaceDir: string): boolean {
   try {
-    const config = loadRawConfig();
+    const config = loadRawConfig(workspaceDir);
     const telegram = config.telegram as Record<string, unknown> | undefined;
     if (telegram?.botUsername) return true;
     const twilio = config.twilio as Record<string, unknown> | undefined;
@@ -223,9 +232,9 @@ function hasWebhookIntegrationsConfigured(): boolean {
  * Check whether a non-ngrok ingress URL is already configured (e.g. custom
  * domain or cloud deployment), meaning ngrok is not needed.
  */
-function hasNonNgrokIngressUrl(): boolean {
+function hasNonNgrokIngressUrl(workspaceDir: string): boolean {
   try {
-    const config = loadRawConfig();
+    const config = loadRawConfig(workspaceDir);
     const ingress = config.ingress as Record<string, unknown> | undefined;
     const publicBaseUrl = ingress?.publicBaseUrl;
     if (!publicBaseUrl || typeof publicBaseUrl !== "string") return false;
@@ -244,6 +253,7 @@ function hasNonNgrokIngressUrl(): boolean {
  */
 export async function maybeStartNgrokTunnel(
   targetPort: number,
+  workspaceDir: string,
 ): Promise<ChildProcess | null> {
   // Managed/containerized deployments route webhooks through the platform's
   // callback proxy. ngrok is not needed and would not be reachable from the
@@ -252,8 +262,8 @@ export async function maybeStartNgrokTunnel(
     process.env.IS_CONTAINERIZED === "true" ||
     process.env.IS_CONTAINERIZED === "1";
   if (isContainerized) return null;
-  if (!hasWebhookIntegrationsConfigured()) return null;
-  if (hasNonNgrokIngressUrl()) return null;
+  if (!hasWebhookIntegrationsConfigured(workspaceDir)) return null;
+  if (hasNonNgrokIngressUrl(workspaceDir)) return null;
 
   const version = getNgrokVersion();
   if (!version) return null;
@@ -262,7 +272,7 @@ export async function maybeStartNgrokTunnel(
   const existingUrl = await findExistingTunnel(targetPort);
   if (existingUrl) {
     console.log(`   Found existing ngrok tunnel: ${existingUrl}`);
-    saveIngressUrl(existingUrl);
+    saveIngressUrl(workspaceDir, existingUrl);
     return null;
   }
 
@@ -274,14 +284,13 @@ export async function maybeStartNgrokTunnel(
   //   2. If pipe handles are destroyed, SIGPIPE kills ngrok on its next write.
   // Writing to a log file sidesteps both issues — the file descriptor is
   // inherited by the detached ngrok process and remains valid after CLI exit.
-  const root = join(process.env.BASE_DATA_DIR?.trim() || homedir(), ".vellum");
-  const ngrokLogPath = join(root, "workspace", "data", "logs", "ngrok.log");
+  const ngrokLogPath = join(workspaceDir, "data", "logs", "ngrok.log");
   const ngrokProcess = startNgrokProcess(targetPort, ngrokLogPath);
   ngrokProcess.unref();
 
   try {
     const publicUrl = await waitForNgrokUrl();
-    saveIngressUrl(publicUrl);
+    saveIngressUrl(workspaceDir, publicUrl);
     console.log(`   Tunnel established: ${publicUrl}`);
 
     return ngrokProcess;
@@ -317,12 +326,13 @@ export async function runNgrokTunnel(): Promise<void> {
   console.log(`Using ${version}`);
 
   const port = GATEWAY_PORT;
+  const workspaceDir = getDefaultWorkspaceDir();
 
   // Check for an existing ngrok tunnel pointing at the gateway
   const existingUrl = await findExistingTunnel(port);
   if (existingUrl) {
     console.log(`Found existing ngrok tunnel: ${existingUrl}`);
-    saveIngressUrl(existingUrl);
+    saveIngressUrl(workspaceDir, existingUrl);
     console.log("Ingress URL saved to config.");
     console.log("");
     console.log(
@@ -349,7 +359,7 @@ export async function runNgrokTunnel(): Promise<void> {
     }
     if (publicUrl) {
       console.log("\nClearing ingress URL from config...");
-      clearIngressUrl();
+      clearIngressUrl(workspaceDir);
     }
   };
 
@@ -398,7 +408,7 @@ export async function runNgrokTunnel(): Promise<void> {
   console.log(`Tunnel established: ${publicUrl}`);
   console.log(`Forwarding to:     localhost:${port}`);
 
-  saveIngressUrl(publicUrl);
+  saveIngressUrl(workspaceDir, publicUrl);
   console.log("Ingress URL saved to config.");
   console.log("");
   console.log("Press Ctrl+C to stop the tunnel and clear the ingress URL.");