@vellumai/vellum-gateway 0.5.7 → 0.5.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/vellum-gateway",
-  "version": "0.5.7",
+  "version": "0.5.9",
   "license": "MIT",
   "type": "module",
   "exports": {

package/src/__tests__/guardian-init-lockfile.test.ts

@@ -20,6 +20,8 @@ mock.module("../fetch.js", () => ({
 
 let lockFileExists = false;
 let writtenLockFiles: string[] = [];
+let consumedSecretsContent: string | null = null;
+let writtenConsumedFiles: string[] = [];
 
 mock.module("node:fs", () => ({
   ...actualFs,
@@ -27,8 +29,20 @@ mock.module("node:fs", () => ({
     if (typeof p === "string" && p.endsWith("guardian-init.lock")) {
       return lockFileExists;
     }
+    if (typeof p === "string" && p.endsWith("guardian-init-consumed.json")) {
+      return consumedSecretsContent !== null;
+    }
     return actualFs.existsSync(p);
   },
+  readFileSync: (p: string, encoding?: BufferEncoding) => {
+    if (typeof p === "string" && p.endsWith("guardian-init-consumed.json")) {
+      if (consumedSecretsContent === null) {
+        throw new Error("ENOENT");
+      }
+      return consumedSecretsContent;
+    }
+    return actualFs.readFileSync(p, encoding as BufferEncoding);
+  },
   writeFileSync: (
     p: string,
     data: string | NodeJS.ArrayBufferView,
@@ -39,6 +53,11 @@ mock.module("node:fs", () => ({
       lockFileExists = true;
       return;
     }
+    if (typeof p === "string" && p.endsWith("guardian-init-consumed.json")) {
+      consumedSecretsContent = String(data);
+      writtenConsumedFiles.push(p);
+      return;
+    }
     return actualFs.writeFileSync(p, data, options);
   },
 }));
@@ -78,13 +97,16 @@ afterEach(() => {
   fetchMock = mock(async () => new Response());
   lockFileExists = false;
   writtenLockFiles = [];
+  consumedSecretsContent = null;
+  writtenConsumedFiles = [];
 });
 
 describe("guardian/init bootstrap secret", () => {
   test("rejects requests without secret when GUARDIAN_BOOTSTRAP_SECRET is set", async () => {
     process.env.GUARDIAN_BOOTSTRAP_SECRET = "test-secret-abc123";
     try {
-      const handler = createChannelVerificationSessionProxyHandler(makeConfig());
+      const handler =
+        createChannelVerificationSessionProxyHandler(makeConfig());
       const res = await handler.handleGuardianInit(
         new Request("http://localhost:7830/v1/guardian/init", {
           method: "POST",
@@ -104,7 +126,8 @@ describe("guardian/init bootstrap secret", () => {
   test("rejects requests with wrong secret", async () => {
     process.env.GUARDIAN_BOOTSTRAP_SECRET = "test-secret-abc123";
     try {
-      const handler = createChannelVerificationSessionProxyHandler(makeConfig());
+      const handler =
+        createChannelVerificationSessionProxyHandler(makeConfig());
       const res = await handler.handleGuardianInit(
         new Request("http://localhost:7830/v1/guardian/init", {
           method: "POST",
@@ -124,7 +147,7 @@ describe("guardian/init bootstrap secret", () => {
     }
   });
 
-  test("accepts requests with correct secret", async () => {
+  test("accepts requests with correct secret and writes lock for single secret", async () => {
     process.env.GUARDIAN_BOOTSTRAP_SECRET = "test-secret-abc123";
     fetchMock = mock(async () => {
       return new Response(
@@ -134,7 +157,8 @@ describe("guardian/init bootstrap secret", () => {
     });
 
     try {
-      const handler = createChannelVerificationSessionProxyHandler(makeConfig());
+      const handler =
+        createChannelVerificationSessionProxyHandler(makeConfig());
       const res = await handler.handleGuardianInit(
         new Request("http://localhost:7830/v1/guardian/init", {
           method: "POST",
@@ -147,6 +171,9 @@ describe("guardian/init bootstrap secret", () => {
       );
 
       expect(res.status).toBe(200);
+      // Single secret: consumed file written and lock file created immediately
+      expect(writtenConsumedFiles.length).toBe(1);
+      expect(writtenLockFiles.length).toBe(1);
     } finally {
       delete process.env.GUARDIAN_BOOTSTRAP_SECRET;
     }
@@ -291,3 +318,189 @@ describe("guardian/init one-time-use lockfile", () => {
     expect(writtenLockFiles.length).toBe(0);
   });
 });
+
+describe("guardian/init multi-secret consumption tracking", () => {
+  const SECRET_A = "secret-laptop-aaa";
+  const SECRET_B = "secret-remote-bbb";
+
+  function makeInitRequest(secret?: string): Request {
+    const headers: Record<string, string> = {
+      "Content-Type": "application/json",
+    };
+    if (secret) {
+      headers["x-bootstrap-secret"] = secret;
+    }
+    return new Request("http://localhost:7830/v1/guardian/init", {
+      method: "POST",
+      headers,
+      body: JSON.stringify({
+        platform: "cli",
+        deviceId: `device-${secret ?? "none"}`,
+      }),
+    });
+  }
+
+  test("first secret is consumed but lock is deferred until all secrets used", async () => {
+    process.env.GUARDIAN_BOOTSTRAP_SECRET = `${SECRET_A},${SECRET_B}`;
+    fetchMock = mock(async () => {
+      return new Response(
+        JSON.stringify({ accessToken: "jwt-a", refreshToken: "rt-a" }),
+        { status: 200, headers: { "content-type": "application/json" } },
+      );
+    });
+
+    try {
+      const handler =
+        createChannelVerificationSessionProxyHandler(makeConfig());
+      const res = await handler.handleGuardianInit(makeInitRequest(SECRET_A));
+
+      expect(res.status).toBe(200);
+      // Consumed file written, but lock file NOT yet created
+      expect(writtenConsumedFiles.length).toBe(1);
+      expect(writtenLockFiles.length).toBe(0);
+    } finally {
+      delete process.env.GUARDIAN_BOOTSTRAP_SECRET;
+    }
+  });
+
+  test("lock file written after all secrets consumed", async () => {
+    process.env.GUARDIAN_BOOTSTRAP_SECRET = `${SECRET_A},${SECRET_B}`;
+    fetchMock = mock(async () => {
+      return new Response(
+        JSON.stringify({ accessToken: "jwt", refreshToken: "rt" }),
+        { status: 200, headers: { "content-type": "application/json" } },
+      );
+    });
+
+    try {
+      const handler =
+        createChannelVerificationSessionProxyHandler(makeConfig());
+
+      // First secret
+      const res1 = await handler.handleGuardianInit(makeInitRequest(SECRET_A));
+      expect(res1.status).toBe(200);
+      expect(writtenLockFiles.length).toBe(0);
+
+      // Second secret
+      const res2 = await handler.handleGuardianInit(makeInitRequest(SECRET_B));
+      expect(res2.status).toBe(200);
+      expect(writtenLockFiles.length).toBe(1);
+    } finally {
+      delete process.env.GUARDIAN_BOOTSTRAP_SECRET;
+    }
+  });
+
+  test("reusing a consumed secret is rejected", async () => {
+    process.env.GUARDIAN_BOOTSTRAP_SECRET = `${SECRET_A},${SECRET_B}`;
+    fetchMock = mock(async () => {
+      return new Response(
+        JSON.stringify({ accessToken: "jwt", refreshToken: "rt" }),
+        { status: 200, headers: { "content-type": "application/json" } },
+      );
+    });
+
+    try {
+      const handler =
+        createChannelVerificationSessionProxyHandler(makeConfig());
+
+      // Consume SECRET_A
+      const res1 = await handler.handleGuardianInit(makeInitRequest(SECRET_A));
+      expect(res1.status).toBe(200);
+
+      // Try to reuse SECRET_A
+      const res2 = await handler.handleGuardianInit(makeInitRequest(SECRET_A));
+      expect(res2.status).toBe(403);
+      const body = await res2.json();
+      expect(body.error).toBe("Bootstrap secret already used");
+    } finally {
+      delete process.env.GUARDIAN_BOOTSTRAP_SECRET;
+    }
+  });
+
+  test("all secrets rejected after full consumption and lock", async () => {
+    process.env.GUARDIAN_BOOTSTRAP_SECRET = `${SECRET_A},${SECRET_B}`;
+    fetchMock = mock(async () => {
+      return new Response(
+        JSON.stringify({ accessToken: "jwt", refreshToken: "rt" }),
+        { status: 200, headers: { "content-type": "application/json" } },
+      );
+    });
+
+    try {
+      const handler =
+        createChannelVerificationSessionProxyHandler(makeConfig());
+
+      // Consume both
+      await handler.handleGuardianInit(makeInitRequest(SECRET_A));
+      await handler.handleGuardianInit(makeInitRequest(SECRET_B));
+      expect(writtenLockFiles.length).toBe(1);
+
+      // Any further attempt is rejected (lock file exists)
+      const res = await handler.handleGuardianInit(makeInitRequest(SECRET_A));
+      expect(res.status).toBe(403);
+      const body = await res.json();
+      expect(body.error).toContain("already");
+    } finally {
+      delete process.env.GUARDIAN_BOOTSTRAP_SECRET;
+    }
+  });
+
+  test("concurrent requests with same secret rejected by in-flight guard", async () => {
+    process.env.GUARDIAN_BOOTSTRAP_SECRET = `${SECRET_A},${SECRET_B}`;
+    let resolveProxy: (() => void) | undefined;
+    fetchMock = mock(async () => {
+      await new Promise<void>((resolve) => {
+        resolveProxy = resolve;
+      });
+      return new Response(
+        JSON.stringify({ accessToken: "jwt", refreshToken: "rt" }),
+        { status: 200, headers: { "content-type": "application/json" } },
+      );
+    });
+
+    try {
+      const handler =
+        createChannelVerificationSessionProxyHandler(makeConfig());
+
+      // GIVEN a first request with SECRET_A is in flight
+      const p1 = handler.handleGuardianInit(makeInitRequest(SECRET_A));
+
+      // WHEN a second request with the same SECRET_A arrives concurrently
+      const res2 = await handler.handleGuardianInit(makeInitRequest(SECRET_A));
+
+      // THEN the second request is rejected
+      expect(res2.status).toBe(403);
+      const body = await res2.json();
+      expect(body.error).toBe("Bootstrap secret already used");
+
+      // AND the first request completes successfully once resolved
+      resolveProxy!();
+      const res1 = await p1;
+      expect(res1.status).toBe(200);
+    } finally {
+      delete process.env.GUARDIAN_BOOTSTRAP_SECRET;
+    }
+  });
+
+  test("consumed secret not recorded when upstream fails", async () => {
+    process.env.GUARDIAN_BOOTSTRAP_SECRET = `${SECRET_A},${SECRET_B}`;
+    fetchMock = mock(async () => {
+      return new Response(JSON.stringify({ error: "Internal error" }), {
+        status: 500,
+        headers: { "content-type": "application/json" },
+      });
+    });
+
+    try {
+      const handler =
+        createChannelVerificationSessionProxyHandler(makeConfig());
+      const res = await handler.handleGuardianInit(makeInitRequest(SECRET_A));
+
+      expect(res.status).toBe(500);
+      expect(writtenConsumedFiles.length).toBe(0);
+      expect(writtenLockFiles.length).toBe(0);
+    } finally {
+      delete process.env.GUARDIAN_BOOTSTRAP_SECRET;
+    }
+  });
+});

package/src/__tests__/slack-errors.test.ts

@@ -1,5 +1,9 @@
 import { describe, test, expect } from "bun:test";
-import { classifySlackError, isRetryable } from "../slack/errors.js";
+import {
+  classifySlackError,
+  isRetryable,
+  getUserMessage,
+} from "../slack/errors.js";
 
 describe("classifySlackError", () => {
   test("classifies auth errors", () => {
@@ -75,3 +79,83 @@ describe("isRetryable", () => {
     expect(isRetryable("channel_not_found")).toBe(false);
   });
 });
+
+describe("getUserMessage", () => {
+  test("returns specific message for channel_not_found", () => {
+    expect(getUserMessage("channel_not_found")).toBe(
+      "I can't send messages to this channel. Please re-add me to the channel.",
+    );
+  });
+
+  test("returns specific message for not_in_channel", () => {
+    expect(getUserMessage("not_in_channel")).toBe(
+      "I need to be invited to this channel first. Please add me to the channel.",
+    );
+  });
+
+  test("returns specific message for missing_scope", () => {
+    expect(getUserMessage("missing_scope")).toBe(
+      "I don't have the required permissions. Please re-install the Slack app with the necessary scopes.",
+    );
+  });
+
+  test("returns specific message for token_revoked", () => {
+    expect(getUserMessage("token_revoked")).toBe(
+      "My Slack connection has expired. Please re-configure the Slack integration.",
+    );
+  });
+
+  test("returns specific message for token_expired", () => {
+    expect(getUserMessage("token_expired")).toBe(
+      "My Slack connection has expired. Please re-configure the Slack integration.",
+    );
+  });
+
+  test("returns specific message for invalid_auth", () => {
+    expect(getUserMessage("invalid_auth")).toBe(
+      "My Slack connection has expired. Please re-configure the Slack integration.",
+    );
+  });
+
+  test("returns specific message for is_archived", () => {
+    expect(getUserMessage("is_archived")).toBe(
+      "This channel has been archived. Please unarchive it or use a different channel.",
+    );
+  });
+
+  test("returns specific message for cannot_dm_bot", () => {
+    expect(getUserMessage("cannot_dm_bot")).toBe(
+      "I can't send direct messages to other bots.",
+    );
+  });
+
+  test("falls back to category message for auth errors without specific override", () => {
+    expect(getUserMessage("not_authed")).toBe(
+      "My Slack connection has expired. Please re-configure the Slack integration.",
+    );
+    expect(getUserMessage("account_inactive")).toBe(
+      "My Slack connection has expired. Please re-configure the Slack integration.",
+    );
+  });
+
+  test("falls back to category message for permission errors without specific override", () => {
+    expect(getUserMessage("ekm_access_denied")).toBe(
+      "I don't have the required permissions for this channel. Please check my access.",
+    );
+    expect(getUserMessage("restricted_action")).toBe(
+      "I don't have the required permissions for this channel. Please check my access.",
+    );
+  });
+
+  test("returns undefined for unknown errors", () => {
+    expect(getUserMessage("some_new_error")).toBeUndefined();
+    expect(getUserMessage(undefined)).toBeUndefined();
+    expect(getUserMessage("")).toBeUndefined();
+  });
+
+  test("returns message for rate_limit errors", () => {
+    expect(getUserMessage("rate_limited")).toBe(
+      "Slack rate limit reached. Please try again in a moment.",
+    );
+  });
+});

package/src/credential-reader.ts

@@ -142,12 +142,12 @@ export function getRootDir(): string {
 /**
  * Returns the workspace root for user-facing state.
  *
- * When the WORKSPACE_DIR env var is set, returns that value (used in
- * containerized deployments where the workspace is a separate volume).
- * Otherwise falls back to ~/.vellum/workspace.
+ * When VELLUM_WORKSPACE_DIR is set, returns that value (used in containerized
+ * deployments where the workspace is a separate volume). Otherwise falls back
+ * to ~/.vellum/workspace.
  */
 export function getWorkspaceDir(): string {
-  const override = process.env.WORKSPACE_DIR?.trim();
+  const override = process.env.VELLUM_WORKSPACE_DIR?.trim();
   if (override) return override;
   return join(getRootDir(), "workspace");
 }

package/src/credential-watcher.ts

@@ -73,15 +73,27 @@ export class CredentialWatcher {
     // Watch the protected directory for store.key changes so that
     // creating or restoring the v2 store key triggers a credential reload.
     this.startWatcher(protectedDir, "store.key");
+
+    // Watch keys.enc for credential writes. When credentials are re-saved
+    // with the same values (e.g. in-chat credential_store re-entering
+    // existing tokens), the serialized credential values won't change —
+    // but the encrypted ciphertext will (new IV). Force a full reload so
+    // channel listeners restart even when the plaintext values match.
+    this.startWatcher(protectedDir, "keys.enc", { forceChanged: true });
   }
 
-  private startWatcher(dir: string, targetFilename: string): void {
+  private startWatcher(
+    dir: string,
+    targetFilename: string,
+    opts?: { forceChanged?: boolean },
+  ): void {
+    const forceChanged = opts?.forceChanged ?? false;
     try {
       const watcher = watch(dir, { persistent: false }, (_event, filename) => {
         if (filename && filename !== targetFilename) {
           return;
         }
-        this.scheduleCheck();
+        this.scheduleCheck(forceChanged);
       });
       this.watchers.push(watcher);
 
@@ -106,21 +118,28 @@ export class CredentialWatcher {
     this.watchers = [];
   }
 
-  private scheduleCheck(): void {
+  /** Whether the next scheduled poll should treat all services as changed. */
+  private pendingForceChanged = false;
+
+  private scheduleCheck(forceChanged = false): void {
+    if (forceChanged) this.pendingForceChanged = true;
     if (this.debounceTimer) {
       clearTimeout(this.debounceTimer);
     }
     this.debounceTimer = setTimeout(() => {
       this.debounceTimer = null;
-      void this.pollOnce();
+      const force = this.pendingForceChanged;
+      this.pendingForceChanged = false;
+      void this.pollOnce(force);
     }, DEBOUNCE_MS);
   }
 
-  private async pollOnce(): Promise<void> {
+  private async pollOnce(forceChanged = false): Promise<void> {
     if (this.polling) {
       // A poll is already in flight — flag that another round is needed
       // so credential updates arriving mid-poll aren't silently dropped.
       this.pendingPoll = true;
+      if (forceChanged) this.pendingForceChanged = true;
       return;
     }
     this.polling = true;
@@ -141,7 +160,7 @@ export class CredentialWatcher {
       for (const [name, { creds }] of Object.entries(services)) {
         const newVal = creds ? JSON.stringify(creds) : undefined;
         const oldVal = this.lastSerialized.get(name);
-        if (newVal !== oldVal) {
+        if (newVal !== oldVal || (forceChanged && newVal !== undefined)) {
           changedServices.add(name);
           if (newVal !== undefined) {
             this.lastSerialized.set(name, newVal);
@@ -167,7 +186,9 @@ export class CredentialWatcher {
       this.polling = false;
       if (this.pendingPoll) {
         this.pendingPoll = false;
-        void this.pollOnce();
+        const force = this.pendingForceChanged;
+        this.pendingForceChanged = false;
+        void this.pollOnce(force);
       }
     }
   }

package/src/feature-flag-registry.json

@@ -111,7 +111,7 @@
       "key": "feature_flags.ces-managed-sidecar.enabled",
       "label": "CES Managed Sidecar Transport",
       "description": "Use managed sidecar transport for CES communication when running in a containerized environment",
-      "defaultEnabled": false
+      "defaultEnabled": true
     },
     {
       "id": "ces-credential-backend",