@vellumai/cli 0.8.5 → 0.8.7-dev.202606052118.34cd356

package/src/lib/docker.ts

@@ -1,5 +1,11 @@
 import { randomBytes } from "crypto";
-import { chmodSync, existsSync, mkdirSync, watch as fsWatch } from "fs";
+import {
+  chmodSync,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  watch as fsWatch,
+} from "fs";
 import { arch, platform } from "os";
 import { dirname, join, resolve } from "path";
 
@@ -12,6 +18,7 @@ import {
   setActiveAssistant,
 } from "./assistant-config";
 import type { AssistantEntry } from "./assistant-config";
+import { buildHatchConfigValues, writeInitialConfig } from "./config-utils";
 import { buildServiceRunArgs } from "./statefulset.js";
 import type { Species } from "./constants";
 import { getDefaultPorts } from "./environments/paths.js";
@@ -35,7 +42,7 @@ import {
   resolveHatchProvider,
 } from "./provider-secrets.js";
 import { findOpenPort } from "./port-allocator.js";
-import { exec, execOutput } from "./step-runner";
+import { exec, execOutput, execWithStdin } from "./step-runner";
 import {
   closeLogFile,
   openLogFile,
@@ -471,6 +478,17 @@ export async function retireDocker(name: string): Promise<void> {
     }
   }
 
+  // Future: consider stopping Colima VM when no Docker instances remain.
+  // Considerations:
+  // - Use loadAllAssistantsAcrossEnvs() instead of loadAllAssistants() to
+  //   avoid stopping Colima while another VELLUM_ENVIRONMENT still has a
+  //   running Docker instance.
+  // - Track whether Vellum started Colima (vs. the user already had it
+  //   running for non-Vellum workloads) \u2014 e.g. via a dedicated Colima
+  //   profile (`colima start --profile vellum`) or a sentinel file.
+  // - Only stop if both conditions are met: no cross-env Docker instances
+  //   AND Vellum owns the Colima lifecycle.
+
   console.log(`\u2705 Docker instance retired.`);
 }
 
@@ -1130,7 +1148,20 @@ export async function hatchDocker(
           await loadImageViaHost(HOST_IMAGE_LOADER_URL, ref, log);
         } else {
           log(`   ↪ pulling ${ref}`);
-          await exec("docker", ["pull", ref]);
+          const MAX_PULL_RETRIES = 3;
+          for (let attempt = 1; attempt <= MAX_PULL_RETRIES; attempt++) {
+            try {
+              await exec("docker", ["pull", ref]);
+              break;
+            } catch (err) {
+              if (attempt === MAX_PULL_RETRIES) throw err;
+              const delaySec = 2 ** attempt;
+              log(
+                `   ⚠ pull failed (attempt ${attempt}/${MAX_PULL_RETRIES}), retrying in ${delaySec}s...`,
+              );
+              await new Promise((r) => setTimeout(r, delaySec * 1000));
+            }
+          }
         }
       }
       log("✅ Docker images acquired");
@@ -1164,11 +1195,53 @@ export async function hatchDocker(
       "chown 1001:1001 /workspace /run/assistant-ipc /run/gateway-ipc",
     ]);
 
-    // BYOK setup (API key, custom profiles, active-profile selection) is
-    // driven post-boot by the CLI calling the Assistant's public APIs
-    // (`POST /v1/secrets`, etc.) via `configureHatchProviderApiKey` below.
-    // The Assistant container comes up clean — no overlay file, no
-    // client-side workspace-config injection.
+    // Stage the BYOK default-workspace-config overlay *inside* the workspace
+    // volume so the daemon's startup loader can consume it. The loader
+    // (`mergeDefaultWorkspaceConfig` in assistant/src/config/loader.ts) does:
+    //   1. JSON.parse + deep-merge into the workspace's config.json.
+    //   2. `renameSync(defaultConfigPath, <workspace>/default-config.json)`
+    //      to mark the overlay consumed so subsequent restarts skip it.
+    //
+    // The rename must be same-filesystem. Bind-mounting the host file into
+    // `/tmp/...` (the pre-#32025 design) crossed filesystems and silently
+    // failed with EXDEV, so every `docker start` re-applied the overlay.
+    // Staging into the workspace volume keeps the rename in-place.
+    //
+    // Streaming the JSON via stdin (instead of bind-mounting the host file
+    // into the staging container) sidesteps macOS Colima's virtiofs share,
+    // which doesn't expose `/var/folders/...` (where `os.tmpdir()` resolves
+    // on macOS) and would otherwise materialize an empty directory at the
+    // bind-mount target.
+    //
+    // @deprecated stopgap. Replacement direction is one of:
+    //   1. Post-hatch API calls (POST /v1/secrets + a small endpoint that
+    //      returns canonical inference-profile templates).
+    //   2. Move inference-profile seeds out of workspace config and into
+    //      Assistant code, eliminating the overlay entirely.
+    // See `cli/src/lib/config-utils.ts` JSDoc for context.
+    const hatchConfigValues = buildHatchConfigValues(configValues, provider);
+    const hostOverlayPath = writeInitialConfig(hatchConfigValues);
+    const stagedOverlayInContainer = "/workspace/.default-config-overlay.json";
+    const extraAssistantEnv: Record<string, string> = {};
+    if (hostOverlayPath) {
+      await execWithStdin(
+        "docker",
+        [
+          "run",
+          "--rm",
+          "-i",
+          "-v",
+          `${res.workspaceVolume}:/workspace`,
+          "busybox",
+          "sh",
+          "-c",
+          `cat > ${stagedOverlayInContainer} && chown 1001:1001 ${stagedOverlayInContainer}`,
+        ],
+        readFileSync(hostOverlayPath, "utf-8"),
+      );
+      extraAssistantEnv.VELLUM_DEFAULT_WORKSPACE_CONFIG_PATH =
+        stagedOverlayInContainer;
+    }
 
     const cesServiceToken = randomBytes(32).toString("hex");
     const signingKey = randomBytes(32).toString("hex");
@@ -1190,6 +1263,7 @@ export async function hatchDocker(
         signingKey,
         bootstrapSecret,
         cesServiceToken,
+        extraAssistantEnv,
         gatewayPort,
         imageTags,
         instanceName,

package/src/lib/environments/__tests__/paths.test.ts

@@ -27,7 +27,8 @@ const {
   getLockfilePaths,
   getMultiInstanceDir,
 } = await import("../paths.js");
-type EnvironmentDefinition = import("../types.js").EnvironmentDefinition;
+type EnvironmentDefinition =
+  import("@vellumai/environments").EnvironmentDefinition;
 
 const prod: EnvironmentDefinition = {
   name: "production",

package/src/lib/environments/__tests__/seeds.test.ts

@@ -1,7 +1,8 @@
 import { describe, expect, test } from "bun:test";
 
+import { SEEDS } from "@vellumai/environments";
+
 import { getDefaultPorts } from "../paths.js";
-import { SEEDS } from "../seeds.js";
 
 describe("SEEDS port blocks", () => {
   test("production uses the legacy (pre-MVP) port layout", () => {

package/src/lib/environments/paths.ts

@@ -1,7 +1,7 @@
 import { homedir } from "os";
 import { join } from "path";
 
-import type { EnvironmentDefinition, PortMap } from "./types.js";
+import type { EnvironmentDefinition, PortMap } from "@vellumai/environments";
 
 const PRODUCTION_ENVIRONMENT_NAME = "production";
 

package/src/lib/environments/resolve.ts

@@ -1,49 +1,27 @@
+import { mkdirSync, unlinkSync, writeFileSync } from "fs";
+import { dirname } from "path";
+
+import { SEEDS, type EnvironmentDefinition } from "@vellumai/environments";
 import {
-  existsSync,
-  mkdirSync,
-  readFileSync,
-  unlinkSync,
-  writeFileSync,
-} from "fs";
-import { homedir } from "os";
-import { dirname, join } from "path";
-
-import { SEEDS } from "./seeds.js";
-import type { EnvironmentDefinition } from "./types.js";
+  defaultEnvironmentFilePath,
+  readDefaultEnvironment as readPersistedDefaultEnvironment,
+} from "@vellumai/local-mode";
 
 const DEFAULT_ENVIRONMENT_NAME = "production";
 
-/**
- * Path to the user's persisted default environment file.
- * Lives at `~/.config/vellum/environment` — a fixed, environment-agnostic
- * location so it can be read before the environment is resolved.
- */
-function getDefaultEnvironmentPath(): string {
-  const xdgConfig =
-    process.env.XDG_CONFIG_HOME?.trim() || join(homedir(), ".config");
-  return join(xdgConfig, "vellum", "environment");
-}
-
 /**
  * Read the persisted default environment name, if any.
  * Returns `undefined` if no file exists or the file is empty.
  */
 export function readDefaultEnvironment(): string | undefined {
-  const filePath = getDefaultEnvironmentPath();
-  try {
-    if (!existsSync(filePath)) return undefined;
-    const content = readFileSync(filePath, "utf-8").trim();
-    return content.length > 0 ? content : undefined;
-  } catch {
-    return undefined;
-  }
+  return readPersistedDefaultEnvironment(process.env);
 }
 
 /**
  * Persist a default environment name to the user config file.
  */
 export function writeDefaultEnvironment(name: string): void {
-  const filePath = getDefaultEnvironmentPath();
+  const filePath = defaultEnvironmentFilePath(process.env);
   mkdirSync(dirname(filePath), { recursive: true });
   writeFileSync(filePath, name + "\n", "utf-8");
 }
@@ -52,7 +30,7 @@ export function writeDefaultEnvironment(name: string): void {
  * Remove the persisted default environment file, falling back to production.
  */
 export function clearDefaultEnvironment(): void {
-  const filePath = getDefaultEnvironmentPath();
+  const filePath = defaultEnvironmentFilePath(process.env);
   try {
     unlinkSync(filePath);
   } catch {
@@ -115,7 +93,7 @@ export function getCurrentEnvironment(
       // writers don't end up in disjoint states on a typo.
       process.stderr.write(
         `warning: unknown environment "${name}"; falling back to "${DEFAULT_ENVIRONMENT_NAME}". ` +
-          `Add it to cli/src/lib/environments/seeds.ts and rebuild if this was intentional.\n`,
+          `Add it to packages/environments/src/seeds.ts and rebuild if this was intentional.\n`,
       );
     }
     const fallback = SEEDS[DEFAULT_ENVIRONMENT_NAME];
@@ -174,5 +152,3 @@ export function resolveEnvironmentSource(override?: string): {
   }
   return { name: DEFAULT_ENVIRONMENT_NAME, source: "default" };
 }
-
-

package/src/lib/guardian-token.ts

@@ -2,18 +2,24 @@ import { createHash, randomUUID } from "node:crypto";
 import { execSync } from "node:child_process";
 import {
   chmodSync,
+  closeSync,
   existsSync,
   mkdirSync,
+  openSync,
   readFileSync,
+  rmdirSync,
   statSync,
+  unlinkSync,
   writeFileSync,
+  writeSync,
 } from "fs";
 import { platform } from "os";
 import { dirname, join } from "path";
 
+import { SEEDS } from "@vellumai/environments";
+
 import { getConfigDir } from "./environments/paths.js";
 import { getCurrentEnvironment } from "./environments/resolve.js";
-import { SEEDS } from "./environments/seeds.js";
 
 const DEVICE_ID_SALT = "vellum-assistant-host-id";
 
@@ -40,6 +46,27 @@ function getGuardianTokenPath(assistantId: string): string {
   );
 }
 
+/**
+ * Best-effort removal of an assistant's stored guardian token (used by
+ * `vellum unpair` to forget a paired connection). Never throws if the token
+ * file or its per-assistant directory is already absent.
+ */
+export function deleteGuardianToken(assistantId: string): void {
+  const tokenPath = getGuardianTokenPath(assistantId);
+  try {
+    unlinkSync(tokenPath);
+  } catch {
+    /* already gone */
+  }
+  // Clean up the now-empty per-assistant directory; rmdir throws if it still
+  // holds other files, in which case we leave it.
+  try {
+    rmdirSync(dirname(tokenPath));
+  } catch {
+    /* not empty or absent */
+  }
+}
+
 function getPersistedDeviceIdPath(): string {
   return join(getConfigDir(getCurrentEnvironment()), "device-id");
 }
@@ -160,42 +187,136 @@ export function saveGuardianToken(
   chmodSync(tokenPath, 0o600);
 }
 
+/** Abort the refresh POST if the gateway is slow/unreachable (it's now on the
+ *  hot request path, so it must never hang indefinitely). */
+const REFRESH_FETCH_TIMEOUT_MS = 15_000;
+/** Max time to wait for the per-assistant refresh lock before proceeding. */
+const REFRESH_LOCK_WAIT_MS = 10_000;
+/** A lock older than this is treated as stale (holder crashed) and stolen. */
+const REFRESH_LOCK_STALE_MS = 30_000;
+const REFRESH_LOCK_POLL_MS = 100;
+
+function getRefreshLockPath(assistantId: string): string {
+  return join(dirname(getGuardianTokenPath(assistantId)), "refresh.lock");
+}
+
+const delay = (ms: number) => new Promise((r) => setTimeout(r, ms));
+
+/**
+ * Best-effort exclusive cross-process lock for a per-assistant token refresh.
+ * Created atomically with `wx`; a stale lock (crashed holder) is stolen.
+ * Returns true if acquired, false if it timed out (caller proceeds degraded).
+ */
+async function acquireRefreshLock(lockPath: string): Promise<boolean> {
+  mkdirSync(dirname(lockPath), { recursive: true, mode: 0o700 });
+  const deadline = Date.now() + REFRESH_LOCK_WAIT_MS;
+  for (;;) {
+    try {
+      const fd = openSync(lockPath, "wx", 0o600);
+      writeSync(fd, String(process.pid));
+      closeSync(fd);
+      return true;
+    } catch (err) {
+      if ((err as NodeJS.ErrnoException).code !== "EEXIST") return false;
+      try {
+        if (Date.now() - statSync(lockPath).mtimeMs > REFRESH_LOCK_STALE_MS) {
+          unlinkSync(lockPath); // steal a stale lock, then retry
+          continue;
+        }
+      } catch {
+        continue; // lock vanished between open and stat — retry
+      }
+      if (Date.now() >= deadline) return false;
+      await delay(REFRESH_LOCK_POLL_MS);
+    }
+  }
+}
+
+function releaseRefreshLock(lockPath: string): void {
+  try {
+    unlinkSync(lockPath);
+  } catch {
+    /* already released/stolen */
+  }
+}
+
 /**
  * Call POST /v1/guardian/refresh on the remote gateway to obtain a new
  * access token using an existing (possibly expired) access token for auth.
  * Returns the refreshed token data (persisted locally), or null if the
  * refresh fails (e.g. no stored token, or refresh token itself is expired).
+ *
+ * Concurrency-safe: the gateway rotates refresh tokens and treats reuse of an
+ * already-rotated token as replay (revoking the whole token family), so two
+ * processes (e.g. `vellum message` + `vellum events`) refreshing the same
+ * stored token at once would self-revoke and force re-pairing. We serialize on
+ * a per-assistant lock and, once held, re-read the stored token: if another
+ * process already rotated it while we waited, we return that fresh token
+ * instead of replaying our now-stale refresh token.
  */
 export async function refreshGuardianToken(
   gatewayUrl: string,
   assistantId: string,
 ): Promise<GuardianTokenData | null> {
-  const tokenData = loadGuardianToken(assistantId);
-  if (!tokenData) return null;
+  const before = loadGuardianToken(assistantId);
+  if (!before) return null;
 
   // Gateway persists expiresAt as epoch-ms numbers; Date.parse("1234567890000")
   // returns NaN. new Date() accepts both ISO strings and epoch-ms numbers.
-  const refreshExpiry = new Date(tokenData.refreshTokenExpiresAt).getTime();
-  if (!Number.isFinite(refreshExpiry) || refreshExpiry <= Date.now()) return null;
+  const refreshExpiry = new Date(before.refreshTokenExpiresAt).getTime();
+  if (!Number.isFinite(refreshExpiry) || refreshExpiry <= Date.now())
+    return null;
 
+  const lockPath = getRefreshLockPath(assistantId);
+  const locked = await acquireRefreshLock(lockPath);
   try {
+    // Re-read under the lock: a concurrent process may have rotated the token
+    // while we waited. If the stored refresh token changed, ours is now stale
+    // (replaying it would trip reuse-detection) — use the fresh token instead.
+    const current = loadGuardianToken(assistantId);
+    if (current && current.refreshToken !== before.refreshToken) {
+      return current;
+    }
+
+    // We did NOT acquire the lock (another process is likely mid-refresh) and
+    // the stored token hasn't been rotated yet. Do NOT call the gateway: our
+    // refresh token may be the one the winner is rotating right now, and
+    // replaying a rotated token revokes the whole family (forcing re-pair).
+    // Give up — the caller surfaces the original 401, and the next attempt
+    // picks up the winner's persisted token.
+    if (!locked) return null;
+
+    const tokenData = current ?? before;
+
     const response = await fetch(`${gatewayUrl}/v1/guardian/refresh`, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         Authorization: `Bearer ${tokenData.accessToken}`,
       },
-      body: JSON.stringify({ refreshToken: tokenData.refreshToken }),
+      body: JSON.stringify({
+        refreshToken: tokenData.refreshToken,
+        // The refresh token is device-bound; send the device id used at init
+        // (falling back to a fresh computation for tokens persisted before the
+        // field was stored) so the gateway can verify the binding.
+        deviceId: tokenData.deviceId || computeDeviceId(),
+      }),
+      signal: AbortSignal.timeout(REFRESH_FETCH_TIMEOUT_MS),
     });
     if (!response.ok) return null;
 
     const json = (await response.json()) as Record<string, unknown>;
     const refreshed: GuardianTokenData = {
-      guardianPrincipalId: (json.guardianPrincipalId as string) ?? tokenData.guardianPrincipalId,
+      guardianPrincipalId:
+        (json.guardianPrincipalId as string) ?? tokenData.guardianPrincipalId,
       accessToken: json.accessToken as string,
-      accessTokenExpiresAt: (json.accessTokenExpiresAt as string | number) ?? tokenData.accessTokenExpiresAt,
+      accessTokenExpiresAt:
+        (json.accessTokenExpiresAt as string | number) ??
+        tokenData.accessTokenExpiresAt,
       refreshToken: (json.refreshToken as string) ?? tokenData.refreshToken,
-      refreshTokenExpiresAt: (json.refreshTokenExpiresAt as string | number) ?? tokenData.refreshTokenExpiresAt,
+      refreshTokenExpiresAt:
+        (json.refreshTokenExpiresAt as string | number) ??
+        tokenData.refreshTokenExpiresAt,
       refreshAfter: (json.refreshAfter as string) ?? tokenData.refreshAfter,
       isNew: false,
       deviceId: tokenData.deviceId,
@@ -205,6 +326,8 @@ export async function refreshGuardianToken(
     return refreshed;
   } catch {
     return null;
+  } finally {
+    if (locked) releaseRefreshLock(lockPath);
   }
 }