@vellumai/vellum-gateway 0.8.2 → 0.8.3

package/src/http/routes/twilio-voice-verify-callback.ts

@@ -78,14 +78,17 @@ export function createTwilioVoiceVerifyCallbackHandler(
         { callSid, fromNumber },
         "No pending verification session found on callback — forwarding to assistant",
       );
-      return forwardToAssistant(config, params, req.url, caches);
+      return forwardToAssistant(
+        config,
+        params,
+        req.url,
+        validation.validatedCandidateUrl,
+        caches,
+      );
     }
 
     if (!digits) {
-      log.info(
-        { callSid, fromNumber },
-        "No digits entered — re-prompting",
-      );
+      log.info({ callSid, fromNumber }, "No digits entered — re-prompting");
       const actionUrl = buildActionUrl(url, attempt);
       return twimlResponse(
         gatherVerificationTwiml(actionUrl, attempt, session.codeDigits ?? 6),
@@ -113,7 +116,11 @@ export function createTwilioVoiceVerifyCallbackHandler(
       const nextAttempt = attempt + 1;
       const actionUrl = buildActionUrl(url, nextAttempt);
       return twimlResponse(
-        gatherVerificationTwiml(actionUrl, nextAttempt, session.codeDigits ?? 6),
+        gatherVerificationTwiml(
+          actionUrl,
+          nextAttempt,
+          session.codeDigits ?? 6,
+        ),
       );
     }
 
@@ -147,7 +154,10 @@ export function createTwilioVoiceVerifyCallbackHandler(
         );
 
         const existingGuardian = existingPhoneGuardians[0];
-        if (existingGuardian && existingGuardian.externalUserId !== fromNumber) {
+        if (
+          existingGuardian &&
+          existingGuardian.externalUserId !== fromNumber
+        ) {
           log.warn(
             {
               callSid,
@@ -209,7 +219,13 @@ export function createTwilioVoiceVerifyCallbackHandler(
       { callSid, fromNumber },
       "Voice verification complete — forwarding to assistant for call setup",
     );
-    return forwardToAssistant(config, params, req.url, caches);
+    return forwardToAssistant(
+      config,
+      params,
+      req.url,
+      validation.validatedCandidateUrl,
+      caches,
+    );
   };
 }
 
@@ -248,13 +264,17 @@ async function revokeExistingPhoneGuardian(): Promise<void> {
   try {
     const gwDb = getGatewayDb();
     for (const id of ids) {
-      gwDb.update(gwContactChannels)
+      gwDb
+        .update(gwContactChannels)
         .set({ status: "revoked", policy: "deny", updatedAt: now })
         .where(eq(gwContactChannels.id, id))
         .run();
     }
   } catch (gwErr) {
-    log.warn({ err: gwErr }, "Gateway DB revoke dual-write failed (best-effort)");
+    log.warn(
+      { err: gwErr },
+      "Gateway DB revoke dual-write failed (best-effort)",
+    );
   }
 }
 
@@ -276,6 +296,7 @@ async function forwardToAssistant(
   config: GatewayConfig,
   params: Record<string, string>,
   originalUrl: string,
+  validatedPublicUrl?: string,
   caches?: TwilioValidationCaches,
 ): Promise<Response> {
   try {
@@ -288,7 +309,12 @@ async function forwardToAssistant(
       config,
       params,
       originalUrl,
-      resolvePublicBaseWssUrl(config, caches?.configFile, platformAssistantId),
+      resolvePublicBaseWssUrl(
+        config,
+        caches?.configFile,
+        platformAssistantId,
+        validatedPublicUrl,
+      ),
     );
     return new Response(runtimeResponse.body, {
       status: runtimeResponse.status,
@@ -304,7 +330,10 @@ async function forwardToAssistant(
         },
       );
     }
-    log.error({ err }, "Failed to forward voice webhook to runtime after verification");
+    log.error(
+      { err },
+      "Failed to forward voice webhook to runtime after verification",
+    );
     return Response.json({ error: "Internal server error" }, { status: 502 });
   }
 }

package/src/http/routes/twilio-voice-webhook.test.ts

@@ -352,6 +352,61 @@ describe("resolvePublicBaseWssUrl", () => {
     );
   });
 
+  test("uses assistant ID from validated platform callback URL with Velay", () => {
+    const config = {
+      ...baseConfig,
+      velayBaseUrl: "https://velay-staging.vellum.ai",
+    };
+    const result = resolvePublicBaseWssUrl(
+      config,
+      undefined,
+      undefined,
+      "https://staging-platform.vellum.ai/v1/gateway/callbacks/019e2d0d-f355-744c-a12c-d7e7dcefcf1e/webhooks/twilio/voice/?callSessionId=37b47ade-2eaf-469a-bede-6f2454875e6e",
+    );
+    expect(result).toBe(
+      "wss://velay-staging.vellum.ai/019e2d0d-f355-744c-a12c-d7e7dcefcf1e",
+    );
+  });
+
+  test("prefers validated platform callback URL over stale configFile publicBaseUrl", () => {
+    const config = {
+      ...baseConfig,
+      velayBaseUrl: "https://velay-staging.vellum.ai",
+    };
+    const mockConfigFile = {
+      getString: (section: string, key: string) =>
+        section === "ingress" && key === "publicBaseUrl"
+          ? "https://stale-tunnel.example.test"
+          : undefined,
+    } as Parameters<typeof resolvePublicBaseWssUrl>[1];
+    const result = resolvePublicBaseWssUrl(
+      config,
+      mockConfigFile,
+      undefined,
+      "https://staging-platform.vellum.ai/v1/gateway/callbacks/019e2d0d-f355-744c-a12c-d7e7dcefcf1e/webhooks/twilio/voice?callSessionId=sess-1",
+    );
+    expect(result).toBe(
+      "wss://velay-staging.vellum.ai/019e2d0d-f355-744c-a12c-d7e7dcefcf1e",
+    );
+  });
+
+  test("does not use a platform callback URL as the websocket base", () => {
+    const config = {
+      ...baseConfig,
+      velayBaseUrl: "https://velay-staging.vellum.ai",
+    };
+    const mockConfigFile = {
+      getString: (section: string, key: string) =>
+        section === "ingress" && key === "publicBaseUrl"
+          ? "https://staging-platform.vellum.ai/v1/gateway/callbacks/019e2d0d-f355-744c-a12c-d7e7dcefcf1e"
+          : undefined,
+    } as Parameters<typeof resolvePublicBaseWssUrl>[1];
+    const result = resolvePublicBaseWssUrl(config, mockConfigFile, undefined);
+    expect(result).toBe(
+      "wss://velay-staging.vellum.ai/019e2d0d-f355-744c-a12c-d7e7dcefcf1e",
+    );
+  });
+
   test("strips trailing slash from velayBaseUrl before joining assistant ID", () => {
     const config = {
       ...baseConfig,

package/src/http/routes/twilio-voice-webhook.ts

@@ -151,7 +151,10 @@ export function createTwilioVoiceWebhookHandler(
           // The display name is intentionally included: the caller registered
           // this number themselves, so disclosing their own name is expected.
           const unverifiedStatuses = new Set(["unverified", "pending"]);
-          if (callerRecord && unverifiedStatuses.has(callerRecord.channel.status)) {
+          if (
+            callerRecord &&
+            unverifiedStatuses.has(callerRecord.channel.status)
+          ) {
             const isGuardian = callerRecord.contact.role === "guardian";
             log.info(
               {
@@ -197,7 +200,12 @@ export function createTwilioVoiceWebhookHandler(
         config,
         params,
         req.url,
-        resolvePublicBaseWssUrl(config, caches?.configFile, platformAssistantId),
+        resolvePublicBaseWssUrl(
+          config,
+          caches?.configFile,
+          platformAssistantId,
+          validation.validatedCandidateUrl,
+        ),
       );
       return new Response(runtimeResponse.body, {
         status: runtimeResponse.status,

package/src/index.ts

@@ -118,6 +118,10 @@ import { createWorkspaceCommitProxyHandler } from "./http/routes/workspace-commi
 import { createBrainGraphProxyHandler } from "./http/routes/brain-graph-proxy.js";
 import { createLogExportHandler } from "./http/routes/log-export.js";
 import { createLogTailHandler } from "./http/routes/log-tail.js";
+import {
+  createAgentCardHandler,
+  A2A_AGENT_CARD_PATH,
+} from "./http/routes/a2a-routes.js";
 import {
   createTrustRulesListHandler,
   createTrustRulesCreateHandler,
@@ -467,6 +471,8 @@ async function main() {
   const handleTrustRulesReset = createTrustRulesResetHandler();
   const handleTrustRulesSuggest = createTrustRulesSuggestHandler();
 
+  const handleAgentCard = createAgentCardHandler(configFileCache);
+
   const audioProxy = createAudioProxyHandler(config);
 
   const backupDeps = {
@@ -505,6 +511,13 @@ async function main() {
   // Auth middleware is applied declaratively per route — no manual
   // requireEdgeAuth/wrapWithAuthFailureTracking calls needed.
   const routes: RouteDefinition[] = [
+    // ── A2A agent card discovery (read-only, unauthenticated per spec) ──
+    {
+      path: A2A_AGENT_CARD_PATH,
+      method: "GET",
+      handler: (req) => handleAgentCard(req),
+    },
+
     // ── Webhooks (unauthenticated, validated by provider-specific mechanisms) ──
     {
       path: "/webhooks/telegram",
@@ -2104,6 +2117,7 @@ async function main() {
     // Fires on initial credential load and whenever vellum credentials change
     // (key rotation, late provisioning).
     if (changed.has("vellum")) {
+      velayTunnelClient?.refreshCredentials("vellum credentials changed");
       registerEmailCallbackRoute({
         credentials: credentialCache,
         configFile: configFileCache,

package/src/risk/bash-risk-classifier.test.ts

@@ -1035,6 +1035,30 @@ describe("assistant subcommand classification", () => {
     expect(result.riskLevel).toBe("low");
   });
 
+  test("assistant schedules enable → medium", async () => {
+    const result = await classifier.classify({
+      command: "assistant schedules enable schedule-1",
+      toolName: "bash",
+    });
+    expect(result.riskLevel).toBe("medium");
+  });
+
+  test("assistant schedules disable → medium", async () => {
+    const result = await classifier.classify({
+      command: "assistant schedules disable schedule-1",
+      toolName: "bash",
+    });
+    expect(result.riskLevel).toBe("medium");
+  });
+
+  test("assistant schedules cancel → medium", async () => {
+    const result = await classifier.classify({
+      command: "assistant schedules cancel schedule-1",
+      toolName: "bash",
+    });
+    expect(result.riskLevel).toBe("medium");
+  });
+
   test("assistant schedules execute → medium", async () => {
     const result = await classifier.classify({
       command: "assistant schedules execute schedule-1",

package/src/risk/command-registry/commands/assistant.ts

@@ -192,6 +192,11 @@ const ASSISTANT_SUPPORTED_COMMAND_PATHS = [
   "schedules",
   "schedules list",
   "schedules runs",
+  "schedules create",
+  "schedules enable",
+  "schedules disable",
+  "schedules cancel",
+  "schedules delete",
   "schedules execute",
   "sequence",
   "sequence list",
@@ -261,6 +266,7 @@ const ASSISTANT_SUPPORTED_COMMAND_PATHS = [
   "plugins",
   "plugins install",
   "plugins list",
+  "plugins search",
   "plugins uninstall",
 ] as const;
 
@@ -499,6 +505,33 @@ const riskOverrides: AssistantRiskOverride[] = [
   { path: "platform connect", risk: "low" },
   { path: "platform disconnect", risk: "medium" },
   { path: "platform callback-routes register", risk: "low" },
+  {
+    path: "schedules create",
+    risk: "medium",
+    reason:
+      "Creates a new recurring schedule that fires assistant-side messages",
+  },
+  {
+    path: "schedules enable",
+    risk: "medium",
+    reason: "Enables a schedule and mutates assistant schedule state",
+  },
+  {
+    path: "schedules disable",
+    risk: "medium",
+    reason: "Disables a schedule and mutates assistant schedule state",
+  },
+  {
+    path: "schedules cancel",
+    risk: "medium",
+    reason: "Cancels a pending schedule and mutates assistant schedule state",
+  },
+  {
+    path: "schedules delete",
+    risk: "medium",
+    reason:
+      "Permanently removes a schedule and its run history from assistant state",
+  },
   {
     path: "schedules execute",
     risk: "medium",

package/src/risk/command-registry.test.ts

@@ -599,6 +599,11 @@ describe("command-registry", () => {
       expect(getAssistantPath("inference session list").baseRisk).toBe("low");
       expect(getAssistantPath("schedules list").baseRisk).toBe("low");
       expect(getAssistantPath("schedules runs").baseRisk).toBe("low");
+      expect(getAssistantPath("schedules create").baseRisk).toBe("medium");
+      expect(getAssistantPath("schedules enable").baseRisk).toBe("medium");
+      expect(getAssistantPath("schedules disable").baseRisk).toBe("medium");
+      expect(getAssistantPath("schedules cancel").baseRisk).toBe("medium");
+      expect(getAssistantPath("schedules delete").baseRisk).toBe("medium");
       expect(getAssistantPath("schedules execute").baseRisk).toBe("medium");
     });
   });

package/src/runtime/client.ts

@@ -503,15 +503,58 @@ export type TwilioForwardResponse = {
  * to Twilio, keeping the signing key out of the daemon for this flow.
  */
 const TWILIO_RELAY_TOKEN_PLACEHOLDER = "__VELLUM_RELAY_TOKEN__";
+const PLATFORM_CALLBACK_MARKER = "/gateway/callbacks/";
+
+function toWebSocketBaseUrl(url: string): string {
+  return url.replace(/^http(s?)/, "ws$1");
+}
+
+function extractPlatformCallbackAssistantId(
+  value: unknown,
+): string | undefined {
+  const normalized = normalizePublicBaseUrl(value);
+  if (!normalized) return undefined;
+
+  let pathname: string;
+  try {
+    pathname = new URL(normalized).pathname;
+  } catch {
+    return undefined;
+  }
+
+  const markerIndex = pathname.indexOf(PLATFORM_CALLBACK_MARKER);
+  if (markerIndex === -1) return undefined;
+
+  const assistantIdStart = markerIndex + PLATFORM_CALLBACK_MARKER.length;
+  const assistantId = pathname.slice(assistantIdStart).split("/")[0]?.trim();
+  return assistantId || undefined;
+}
+
+function resolveVelayBaseWssUrl(
+  config: GatewayConfig,
+  platformAssistantId?: string,
+): string | undefined {
+  if (!config.velayBaseUrl || !platformAssistantId) return undefined;
+
+  const withPath =
+    config.velayBaseUrl.replace(/\/+$/, "") + "/" + platformAssistantId;
+  const normalizedVelayUrl = normalizePublicBaseUrl(withPath);
+  return normalizedVelayUrl
+    ? toWebSocketBaseUrl(normalizedVelayUrl)
+    : undefined;
+}
 
 /**
  * Resolve the public base URL as a WebSocket URL (`wss://…`).
  *
  * Sources (in priority order):
- * 1. `ingress.publicBaseUrl` from the config file — written by Velay
- *    after tunnel registration, or set manually for self-hosted.
- * 2. `VELAY_BASE_URL` + platform assistant ID — fallback for platform
- *    sidecars before the config cache has observed the registered URL.
+ * 1. `VELAY_BASE_URL` + the assistant ID from the signed platform callback
+ *    URL.
+ * 2. `ingress.publicBaseUrl` from the config file when it is a real public
+ *    gateway base URL — written by Velay after tunnel registration, or set
+ *    manually for self-hosted.
+ * 3. `VELAY_BASE_URL` + the platform assistant ID from a configured callback
+ *    URL or credential cache.
  *
  * Returns `undefined` when no source provides a value — the placeholder
  * will remain in TwiML and Twilio will fail to connect, which is the
@@ -521,20 +564,29 @@ export function resolvePublicBaseWssUrl(
   config: GatewayConfig,
   configFile?: ConfigFileCache,
   platformAssistantId?: string,
+  validatedPublicUrl?: string,
 ): string | undefined {
   const raw = configFile?.getString("ingress", "publicBaseUrl");
   const normalized = normalizePublicBaseUrl(raw);
-  if (normalized) return normalized.replace(/^http(s?)/, "ws$1");
-
-  if (config.velayBaseUrl && platformAssistantId) {
-    const withPath =
-      config.velayBaseUrl.replace(/\/+$/, "") + "/" + platformAssistantId;
-    const normalizedVelayUrl = normalizePublicBaseUrl(withPath);
-    if (normalizedVelayUrl) {
-      return normalizedVelayUrl.replace(/^http(s?)/, "ws$1");
-    }
+
+  const validatedCallbackAssistantId =
+    extractPlatformCallbackAssistantId(validatedPublicUrl);
+  const validatedCallbackWssUrl = resolveVelayBaseWssUrl(
+    config,
+    validatedCallbackAssistantId,
+  );
+  if (validatedCallbackWssUrl) return validatedCallbackWssUrl;
+
+  const configuredCallbackAssistantId = extractPlatformCallbackAssistantId(raw);
+
+  if (normalized && !configuredCallbackAssistantId) {
+    return toWebSocketBaseUrl(normalized);
   }
-  return undefined;
+
+  return resolveVelayBaseWssUrl(
+    config,
+    configuredCallbackAssistantId ?? platformAssistantId,
+  );
 }
 
 /**

package/src/twilio/validate-webhook.ts

@@ -182,6 +182,8 @@ export type TwilioValidationSuccess = {
   rawBody: string;
   /** Parsed key-value pairs from the form body. */
   params: Record<string, string>;
+  /** Candidate URL that matched X-Twilio-Signature. */
+  validatedCandidateUrl?: string;
 };
 
 /** Options bag for optional cache injection into Twilio webhook validation. */
@@ -411,5 +413,9 @@ export async function validateTwilioWebhookRequest(
     log.info(successLogContext, "Twilio webhook signature validated");
   }
 
-  return { rawBody, params };
+  return {
+    rawBody,
+    params,
+    validatedCandidateUrl: validatingCandidate.url,
+  };
 }

package/src/types.ts

@@ -6,4 +6,5 @@ export type {
   WhatsAppInboundEvent,
   SlackInboundEvent,
   EmailInboundEvent,
+  A2aInboundEvent,
 } from "./channels/inbound-event.js";

package/src/velay/client.test.ts

@@ -44,6 +44,7 @@ const WS_CLOSED = WebSocket.CLOSED;
 function makeCredentials(values: Record<string, string | undefined>) {
   return {
     get: async (key: string) => values[key],
+    onInvalidate: () => () => {},
   } as unknown as CredentialCache;
 }
 
@@ -526,6 +527,105 @@ describe("VelayTunnelClient", () => {
     expect(reconnectDelays).toEqual([10, 20, 10]);
   });
 
+  test("refreshCredentials cancels stale credential backoff and reconnects immediately", async () => {
+    const sockets: FakeWebSocket[] = [];
+    const reconnectDelays: number[] = [];
+    const reconnectCallbacks: Array<() => void> = [];
+    const credentialValues: Record<string, string | undefined> = {};
+    const credentials = makeCredentials(credentialValues);
+    const client = new VelayTunnelClient({
+      velayBaseUrl: "http://velay.example.test",
+      gatewayLoopbackBaseUrl: "http://127.0.0.1:7830",
+      credentials,
+      configFile: makeConfigFileCache({ count: 0 }),
+      webSocketConstructor: makeFakeWebSocketConstructor(sockets),
+      reconnect: { baseDelayMs: 10, maxDelayMs: 80, jitterRatio: 0 },
+      heartbeat: { intervalMs: 0, readTimeoutMs: 0 },
+      timerApi: makeManualTimerApi(reconnectDelays, reconnectCallbacks),
+    });
+
+    client.start();
+    await flushPromises();
+
+    expect(sockets).toHaveLength(0);
+    expect(reconnectDelays).toEqual([10]);
+
+    credentialValues[credentialKey("vellum", "assistant_api_key")] =
+      "api-key-123";
+    credentialValues[credentialKey("vellum", "platform_assistant_id")] =
+      "asst-123";
+
+    client.refreshCredentials("vellum credentials changed");
+    await flushPromises();
+
+    expect(sockets).toHaveLength(1);
+    expect(sockets[0].options).toEqual({
+      protocols: [VELAY_TUNNEL_SUBPROTOCOL],
+      headers: {
+        Authorization: "Api-Key api-key-123",
+        "X-Vellum-Velay-Allowed-Paths": VELAY_ALLOWED_PATHS_HEADER_VALUE,
+      },
+    });
+    expect(reconnectDelays).toEqual([10]);
+  });
+
+  test("refreshCredentials retries immediately when credentials change during active connect", async () => {
+    const sockets: FakeWebSocket[] = [];
+    const reconnectDelays: number[] = [];
+    const apiKeyCredential = credentialKey("vellum", "assistant_api_key");
+    const assistantIdCredential = credentialKey(
+      "vellum",
+      "platform_assistant_id",
+    );
+    let resolveFirstApiKeyRead: (value: string | undefined) => void = () => {};
+    const firstApiKeyRead = new Promise<string | undefined>((resolve) => {
+      resolveFirstApiKeyRead = resolve;
+    });
+    let useFreshCredentials = false;
+    const credentials = {
+      get: async (key: string) => {
+        if (key === apiKeyCredential) {
+          return useFreshCredentials ? "api-key-123" : firstApiKeyRead;
+        }
+        if (key === assistantIdCredential) return "asst-123";
+        return undefined;
+      },
+      onInvalidate: () => () => {},
+    } as unknown as CredentialCache;
+    const client = new VelayTunnelClient({
+      velayBaseUrl: "http://velay.example.test",
+      gatewayLoopbackBaseUrl: "http://127.0.0.1:7830",
+      credentials,
+      configFile: makeConfigFileCache({ count: 0 }),
+      webSocketConstructor: makeFakeWebSocketConstructor(sockets),
+      reconnect: { baseDelayMs: 10, maxDelayMs: 80, jitterRatio: 0 },
+      heartbeat: { intervalMs: 0, readTimeoutMs: 0 },
+      timerApi: makeTimerApi(reconnectDelays),
+    });
+
+    client.start();
+    await flushPromises();
+
+    expect(sockets).toHaveLength(0);
+    expect(reconnectDelays).toEqual([]);
+
+    client.refreshCredentials("vellum credentials changed");
+    useFreshCredentials = true;
+    resolveFirstApiKeyRead(undefined);
+    await flushPromises();
+
+    expect(sockets).toHaveLength(1);
+    expect(sockets[0].options).toEqual({
+      protocols: [VELAY_TUNNEL_SUBPROTOCOL],
+      headers: {
+        Authorization: "Api-Key api-key-123",
+        "X-Vellum-Velay-Allowed-Paths": VELAY_ALLOWED_PATHS_HEADER_VALUE,
+      },
+    });
+    expect(reconnectDelays).toEqual([]);
+    await client.stop();
+  });
+
   test("writes only ingress.publicBaseUrl when publishing a Velay URL", async () => {
     const sockets: FakeWebSocket[] = [];
     writeConfig({