@vellumai/assistant 0.10.2-dev.202606242332.3fa9b2b → 0.10.2-dev.202606250106.466483e

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vellumai/assistant",
-  "version": "0.10.2-dev.202606242332.3fa9b2b",
+  "version": "0.10.2-dev.202606250106.466483e",
   "license": "MIT",
   "type": "module",
   "exports": {

package/src/__tests__/conversation-agent-loop.test.ts

@@ -10,8 +10,14 @@ import {
 } from "bun:test";
 
 import type { LoopToolExecutor } from "../agent/loop.js";
+import {
+  queueConversationNotice,
+  resetConversationNoticesForTests,
+} from "../daemon/conversation-notices.js";
 import type { ServerMessage } from "../daemon/message-protocol.js";
+import type { UserPromptSubmitContext } from "../plugin-api/types.js";
 import { resetPluginRegistryAndRegisterDefaults } from "../plugins/defaults/index.js";
+import { registerPlugin } from "../plugins/registry.js";
 import type { Message, Provider, ToolDefinition } from "../providers/types.js";
 import { ContextOverflowError } from "../providers/types.js";
 
@@ -273,8 +279,8 @@ const deleteMessageByIdMock = mock(() => ({
 const reserveMessageMock = mock(async () => ({ id: "msg-reserve" }));
 const updateMessageContentMock = mock(() => {});
 mock.module("../memory/conversation-crud.js", () => ({
-    setConversationProcessingStartedAt: () => {},
-    isConversationProcessing: () => false,
+  setConversationProcessingStartedAt: () => {},
+  isConversationProcessing: () => false,
   setConversationOriginChannelIfUnset: () => {},
   updateConversationUsage: () => {},
   updateMessageMetadata: updateMessageMetadataMock,
@@ -867,7 +873,14 @@ beforeEach(() => {
   indexMessageNowMock.mockClear();
   projectAssistantMessageMock.mockClear();
   publishSyncInvalidationMock.mockClear();
+  resolveAssistantAttachmentsMock.mockClear();
+  resolveAssistantAttachmentsMock.mockImplementation(async () => ({
+    assistantAttachments: [],
+    emittedAttachments: [],
+    directiveWarnings: [],
+  }));
   mockMessageById = null;
+  resetConversationNoticesForTests();
   // The compaction pipeline runs through the plugin registry; reset and
   // re-register every default so it dispatches to middleware backed by the
   // mocked collaborators these tests install (`syncMessageToDisk`, etc.)
@@ -876,6 +889,120 @@ beforeEach(() => {
 });
 
 describe("session-agent-loop", () => {
+  describe("user-prompt-submit hook failures", () => {
+    test("logs and continues with prior hook mutations", async () => {
+      registerPlugin({
+        manifest: {
+          name: "test-user-prompt-rewrite",
+          version: "1.0.0",
+        },
+        hooks: {
+          "user-prompt-submit": async (_ctx: UserPromptSubmitContext) => ({
+            latestMessages: [
+              {
+                role: "user" as const,
+                content: [{ type: "text" as const, text: "rewritten prompt" }],
+              },
+            ],
+          }),
+        },
+      });
+      registerPlugin({
+        manifest: {
+          name: "test-user-prompt-throw",
+          version: "1.0.0",
+        },
+        hooks: {
+          "user-prompt-submit": async () => {
+            throw new Error("simulated hook failure");
+          },
+        },
+      });
+
+      const events: ServerMessage[] = [];
+      const ctx = makeCtx({ providerResponses: [textResponse("ok")] });
+      const runSpy = spyOn(ctx.agentLoop, "run");
+
+      await runAgentLoopImpl(ctx, "hello", "msg-1", (msg) => events.push(msg));
+
+      expect(runSpy).toHaveBeenCalledTimes(1);
+      const call = runSpy.mock.calls[0]?.[0] as
+        | { messages: Message[] }
+        | undefined;
+      expect(call?.messages[0]?.content).toEqual([
+        { type: "text", text: "rewritten prompt" },
+      ]);
+      expect(
+        events.find((event) => event.type === "conversation_error"),
+      ).toBeUndefined();
+      expect(
+        events.find((event) => event.type === "message_complete"),
+      ).toBeDefined();
+    });
+  });
+
+  describe("conversation notices", () => {
+    test("emits queued billing notices after a successful turn", async () => {
+      const events: ServerMessage[] = [];
+      const ctx = makeCtx({ providerResponses: [textResponse("ok")] });
+      queueConversationNotice(ctx.conversationId, "memory-v3-test", {
+        source: "memory_v3",
+        code: "PROVIDER_BILLING",
+        userMessage: "You've run out of credits.",
+        errorCategory: "credits_exhausted",
+      });
+
+      await runAgentLoopImpl(ctx, "hello", "msg-1", (msg) => events.push(msg));
+
+      expect(
+        events.find((event) => event.type === "conversation_error"),
+      ).toBeUndefined();
+      const messageCompleteIndex = events.findIndex(
+        (event) => event.type === "message_complete",
+      );
+      const conversationNoticeIndex = events.findIndex(
+        (event) => event.type === "conversation_notice",
+      );
+
+      expect(messageCompleteIndex).toBeGreaterThanOrEqual(0);
+      expect(conversationNoticeIndex).toBeGreaterThan(messageCompleteIndex);
+      expect(events[conversationNoticeIndex]).toEqual({
+        type: "conversation_notice",
+        conversationId: "test-conv",
+        source: "memory_v3",
+        code: "PROVIDER_BILLING",
+        userMessage: "You've run out of credits.",
+        errorCategory: "credits_exhausted",
+      });
+    });
+
+    test("clears queued notices when post-loop success work fails", async () => {
+      resolveAssistantAttachmentsMock.mockImplementation(async () => {
+        throw new Error("attachment resolution failed");
+      });
+      const events: ServerMessage[] = [];
+      const ctx = makeCtx({ providerResponses: [textResponse("ok")] });
+      queueConversationNotice(ctx.conversationId, "memory-v3-test", {
+        source: "memory_v3",
+        code: "PROVIDER_BILLING",
+        userMessage: "You've run out of credits.",
+        errorCategory: "credits_exhausted",
+      });
+
+      await runAgentLoopImpl(ctx, "hello", "msg-1", (msg) => events.push(msg));
+
+      expect(
+        events.find((event) => event.type === "conversation_notice"),
+      ).toBeUndefined();
+      expect(
+        events.find((event) => event.type === "message_complete"),
+      ).toBeUndefined();
+      expect(
+        events.find((event) => event.type === "conversation_error"),
+      ).toBeDefined();
+    });
+  });
+
   describe("timezone turn context", () => {
     test("passes ctx.clientTimezone and ui.detectedTimezone into timezone resolution", async () => {
       mockUiConfig = {

package/src/__tests__/plugin-pipeline.test.ts

@@ -0,0 +1,96 @@
+import { beforeEach, describe, expect, test } from "bun:test";
+
+import { runHook } from "../plugins/pipeline.js";
+import {
+  registerPlugin,
+  resetPluginRegistryForTests,
+} from "../plugins/registry.js";
+
+beforeEach(() => {
+  resetPluginRegistryForTests();
+});
+
+describe("plugin pipeline", () => {
+  test("logs and skips failed hooks while preserving threaded mutations", async () => {
+    registerPlugin({
+      manifest: {
+        name: "test-first-hook",
+        version: "1.0.0",
+      },
+      hooks: {
+        "user-prompt-submit": async () => ({
+          value: 1,
+        }),
+      },
+    });
+    registerPlugin({
+      manifest: {
+        name: "test-throwing-hook",
+        version: "1.0.0",
+      },
+      hooks: {
+        "user-prompt-submit": async () => {
+          throw new Error("hook failed");
+        },
+      },
+    });
+    registerPlugin({
+      manifest: {
+        name: "test-final-hook",
+        version: "1.0.0",
+      },
+      hooks: {
+        "user-prompt-submit": async (ctx: { value: number }) => ({
+          value: ctx.value + 1,
+        }),
+      },
+    });
+
+    const result = await runHook("user-prompt-submit", { value: 0 });
+
+    expect(result).toEqual({ value: 2 });
+  });
+
+  test("discards in-place mutations from a failed hook", async () => {
+    registerPlugin({
+      manifest: {
+        name: "test-first-hook",
+        version: "1.0.0",
+      },
+      hooks: {
+        "user-prompt-submit": async (ctx: { items: string[] }) => {
+          ctx.items.push("first");
+        },
+      },
+    });
+    registerPlugin({
+      manifest: {
+        name: "test-throwing-hook",
+        version: "1.0.0",
+      },
+      hooks: {
+        "user-prompt-submit": async (ctx: { items: string[] }) => {
+          ctx.items.push("failed");
+          throw new Error("hook failed");
+        },
+      },
+    });
+    registerPlugin({
+      manifest: {
+        name: "test-final-hook",
+        version: "1.0.0",
+      },
+      hooks: {
+        "user-prompt-submit": async (ctx: { items: string[] }) => {
+          ctx.items.push("final");
+        },
+      },
+    });
+
+    const result = await runHook<{ items: string[] }>("user-prompt-submit", {
+      items: [],
+    });
+
+    expect(result.items).toEqual(["first", "final"]);
+  });
+});

package/src/api/events/conversation-notice.ts

@@ -0,0 +1,26 @@
+/**
+ * `conversation_notice` SSE event.
+ *
+ * Non-terminal, conversation-scoped notice for actionable runtime conditions
+ * that should not mark the turn as failed. The client may render CTA UI from
+ * this event while preserving the current assistant response.
+ */
+
+import { z } from "zod";
+
+import { ConversationErrorCodeSchema } from "./conversation-error.js";
+
+export const ConversationNoticeSourceSchema = z.enum(["memory_v3"]);
+
+export const ConversationNoticeEventSchema = z.object({
+  type: z.literal("conversation_notice"),
+  conversationId: z.string(),
+  source: ConversationNoticeSourceSchema,
+  code: ConversationErrorCodeSchema,
+  userMessage: z.string(),
+  errorCategory: z.string().optional(),
+});
+
+export type ConversationNoticeEvent = z.infer<
+  typeof ConversationNoticeEventSchema
+>;

package/src/api/index.ts

@@ -11,6 +11,7 @@ import { ConfirmationRequestEventSchema } from "./events/confirmation-request.js
 import { ContactRequestEventSchema } from "./events/contact-request.js";
 import { ConversationErrorEventSchema } from "./events/conversation-error.js";
 import { ConversationListInvalidatedEventSchema } from "./events/conversation-list-invalidated.js";
+import { ConversationNoticeEventSchema } from "./events/conversation-notice.js";
 import { ConversationTitleUpdatedEventSchema } from "./events/conversation-title-updated.js";
 import { DiskPressureStatusChangedEventSchema } from "./events/disk-pressure-status-changed.js";
 import { DocumentCommentCreatedEventSchema } from "./events/document-comment-created.js";
@@ -138,6 +139,11 @@ export {
   type ConversationListInvalidatedReason,
   ConversationListInvalidatedReasonSchema,
 } from "./events/conversation-list-invalidated.js";
+export {
+  type ConversationNoticeEvent,
+  ConversationNoticeEventSchema,
+  ConversationNoticeSourceSchema,
+} from "./events/conversation-notice.js";
 export {
   type ConversationTitleUpdatedEvent,
   ConversationTitleUpdatedEventSchema,
@@ -509,6 +515,7 @@ export const AssistantEventSchema = z.discriminatedUnion("type", [
   ContactRequestEventSchema,
   ConversationErrorEventSchema,
   ConversationListInvalidatedEventSchema,
+  ConversationNoticeEventSchema,
   ConversationTitleUpdatedEventSchema,
   DiskPressureStatusChangedEventSchema,
   DocumentCommentCreatedEventSchema,

package/src/config/feature-flag-registry.json

@@ -403,11 +403,11 @@
       "defaultEnabled": false
     },
     {
-      "id": "mcp-settings",
+      "id": "mcp-add-server",
       "scope": "assistant",
-      "key": "mcp-settings",
-      "label": "MCP Settings",
-      "description": "Show the MCP page in Settings for managing Model Context Protocol server connections: view status, enable/disable, configure, and inspect registered tools per server.",
+      "key": "mcp-add-server",
+      "label": "MCP Add Server",
+      "description": "Show the Add Server action on the MCP settings page. The MCP page itself remains visible; this flag gates only creating new Model Context Protocol server connections.",
       "defaultEnabled": false
     },
     {

package/src/daemon/conversation-agent-loop.ts

@@ -100,6 +100,10 @@ import {
   isUserCancellation,
 } from "./conversation-error.js";
 import { raceWithTimeout } from "./conversation-media-retry.js";
+import {
+  clearConversationNotices,
+  drainConversationNotices,
+} from "./conversation-notices.js";
 import {
   getSlackCompactionWatermarkForPrefix,
   loadSlackChronologicalContext,
@@ -1017,6 +1021,15 @@ export async function runAgentLoopImpl(
       );
     }
 
+    const shouldEmitQueuedConversationNotices =
+      !overflowTerminalReason &&
+      !yieldedForHandoff &&
+      !state.providerErrorUserMessage &&
+      !abortController.signal.aborted;
+    if (!shouldEmitQueuedConversationNotices) {
+      clearConversationNotices(ctx.conversationId);
+    }
+
     // Flush remaining tool results. On a normal turn these drain at the next
     // `message_complete`; an aborted or yielded loop exits with them still
     // buffered, so finalize the (possibly already on-arrival-reserved) grouped
@@ -1409,10 +1422,16 @@ export async function runAgentLoopImpl(
             ? { messageId: state.lastAssistantMessageId }
             : {}),
         });
+        if (shouldEmitQueuedConversationNotices) {
+          for (const notice of drainConversationNotices(ctx.conversationId)) {
+            onEvent(notice);
+          }
+        }
         publishLoopMessagesChanged();
       }
     }
   } catch (err) {
+    clearConversationNotices(ctx.conversationId);
     const errorCtx = {
       phase: "agent_loop" as const,
       aborted: abortController.signal.aborted,

package/src/daemon/conversation-notices.ts

@@ -0,0 +1,60 @@
+import type { ConversationNoticeEvent } from "../api/events/conversation-notice.js";
+
+export type PendingConversationNotice = Omit<
+  ConversationNoticeEvent,
+  "type" | "conversationId"
+>;
+
+const MAX_TRACKED_CONVERSATIONS = 256;
+
+const pendingNotices = new Map<
+  string,
+  Map<string, PendingConversationNotice>
+>();
+
+function touchConversation(
+  conversationId: string,
+): Map<string, PendingConversationNotice> {
+  const existing = pendingNotices.get(conversationId);
+  if (existing) {
+    pendingNotices.delete(conversationId);
+    pendingNotices.set(conversationId, existing);
+    return existing;
+  }
+  if (pendingNotices.size >= MAX_TRACKED_CONVERSATIONS) {
+    const oldest = pendingNotices.keys().next().value;
+    if (oldest !== undefined) pendingNotices.delete(oldest);
+  }
+  const next = new Map<string, PendingConversationNotice>();
+  pendingNotices.set(conversationId, next);
+  return next;
+}
+
+export function queueConversationNotice(
+  conversationId: string,
+  key: string,
+  notice: PendingConversationNotice,
+): void {
+  touchConversation(conversationId).set(key, notice);
+}
+
+export function drainConversationNotices(
+  conversationId: string,
+): ConversationNoticeEvent[] {
+  const notices = pendingNotices.get(conversationId);
+  if (!notices) return [];
+  pendingNotices.delete(conversationId);
+  return Array.from(notices.values(), (notice) => ({
+    type: "conversation_notice" as const,
+    conversationId,
+    ...notice,
+  }));
+}
+
+export function clearConversationNotices(conversationId: string): void {
+  pendingNotices.delete(conversationId);
+}
+
+export function resetConversationNoticesForTests(): void {
+  pendingNotices.clear();
+}

package/src/daemon/message-types/conversations.ts

@@ -4,6 +4,7 @@ import type { CompactionCircuitClosedEvent } from "../../api/events/compaction-c
 import type { CompactionCircuitOpenEvent } from "../../api/events/compaction-circuit-open.js";
 import type { ConversationErrorEvent } from "../../api/events/conversation-error.js";
 import type { ConversationListInvalidatedEvent } from "../../api/events/conversation-list-invalidated.js";
+import type { ConversationNoticeEvent } from "../../api/events/conversation-notice.js";
 import type { ConversationTitleUpdatedEvent } from "../../api/events/conversation-title-updated.js";
 import type { GenerationCancelledEvent } from "../../api/events/generation-cancelled.js";
 import type { GenerationHandoffEvent } from "../../api/events/generation-handoff.js";
@@ -543,6 +544,7 @@ export type _ConversationsServerMessages =
   | CompactionCircuitOpenEvent
   | CompactionCircuitClosedEvent
   | ConversationErrorEvent
+  | ConversationNoticeEvent
   | ConversationInfo
   | ConversationTitleUpdatedEvent
   | ConversationListResponse

package/src/plugins/defaults/memory-v3-shadow/__tests__/injection.test.ts

@@ -67,13 +67,17 @@ let pruneConfig: {
   maxResidentBytes: number;
   targetResidentBytes: number;
 } | null = null;
-/** Canned orchestrate result per turnIndex; `null` simulates a failed turn. */
-let turnResults = new Map<number, OrchestrateResult | null>();
+/** Canned orchestrate result per turnIndex; `null` simulates an ordinary miss. */
+let turnResults = new Map<number, OrchestrateResult | null | Error>();
 const observeTurnSpy = mock(
   async (
     _conversationId: string,
     turnIndex: number,
-  ): Promise<OrchestrateResult | null> => turnResults.get(turnIndex) ?? null,
+  ): Promise<OrchestrateResult | null> => {
+    const value = turnResults.get(turnIndex) ?? null;
+    if (value instanceof Error) throw value;
+    return value;
+  },
 );
 
 const logCalls: Array<{ data: unknown; msg: string }> = [];
@@ -199,6 +203,9 @@ const {
 } = await import("../ever-injected-store.js");
 const { V3_CARDS_INJECTION_HEADER } = await import("../render-injection.js");
 const { flushPruneValveForTests } = await import("../prune.js");
+const { drainConversationNotices, resetConversationNoticesForTests } =
+  await import("../../../../daemon/conversation-notices.js");
+const { MemoryV3RetrievalUnavailableError } = await import("../pool-select.js");
 
 // ─── helpers ────────────────────────────────────────────────────────────────
 
@@ -313,6 +320,7 @@ beforeEach(async () => {
   logCalls.length = 0;
   testDb = makeDb();
   resetMemoryV3InjectorStateForTests();
+  resetConversationNoticesForTests();
 });
 
 afterAll(async () => {
@@ -335,6 +343,28 @@ describe("memoryV3Injector — frozen net-new cards", () => {
     expect(getActiveSlugs("conv-1")).toEqual(new Set());
   });
 
+  test("live retrieval failure queues a degraded-memory notice", async () => {
+    liveEnabled = true;
+    turnResults.set(
+      0,
+      new MemoryV3RetrievalUnavailableError("selector unavailable"),
+    );
+
+    await expect(produceCardsWithoutCommit("conv-1", 0)).resolves.toBeNull();
+
+    expect(drainConversationNotices("conv-1")).toEqual([
+      {
+        type: "conversation_notice",
+        conversationId: "conv-1",
+        source: "memory_v3",
+        code: "UNKNOWN",
+        userMessage:
+          "Memory is temporarily unavailable, so this response may not use your saved memories. You can retry in a moment.",
+        errorCategory: "memory_v3_degraded",
+      },
+    ]);
+  });
+
   test("turn 1 renders cards; turn 2 re-selecting the same pages renders ZERO new cards", async () => {
     liveEnabled = true;
     turnResults.set(0, result(["page-a", "page-b"]));

package/src/plugins/defaults/memory-v3-shadow/__tests__/pool-select.test.ts

@@ -26,6 +26,7 @@
  * The provider is stubbed so no network calls fire; mirrors selector.test.ts.
  */
 
+import { createRequire } from "node:module";
 import { beforeEach, describe, expect, mock, test } from "bun:test";
 
 import type {
@@ -35,6 +36,7 @@ import type {
   SendMessageOptions,
   ToolUseContent,
 } from "../../../../providers/types.js";
+import { ProviderError } from "../../../../util/errors.js";
 import type { MemoryRoutingTurn } from "../types.js";
 
 // ---------------------------------------------------------------------------
@@ -43,6 +45,11 @@ import type { MemoryRoutingTurn } from "../types.js";
 // ---------------------------------------------------------------------------
 
 let providerStub: Provider | null = null;
+const registryReal = {
+  ...(createRequire(import.meta.url)(
+    "../../../../providers/registry.js",
+  ) as Record<string, unknown>),
+};
 
 interface ProviderCall {
   messages: Message[];
@@ -57,6 +64,12 @@ mock.module("../../../../providers/provider-send-message.js", () => ({
     response.content.find((b): b is ToolUseContent => b.type === "tool_use"),
 }));
 
+mock.module("../../../../providers/registry.js", () => ({
+  ...registryReal,
+  getProviderRoutingSource: (providerName: string) =>
+    providerName === "managed" ? "managed-proxy" : "user-key",
+}));
+
 mock.module("../../../../util/logger.js", () => ({
   getLogger: () => ({
     warn: (...args: unknown[]) => warnCalls.push({ args }),
@@ -253,10 +266,9 @@ describe("selectPool — id mapping", () => {
 });
 
 // ---------------------------------------------------------------------------
-// selectPool — infrastructure failures THROW (no silent degradation). A
-// deliberate empty selection and an empty pool (covered above) still return
-// normally; only a genuine infra failure throws so the LIVE injector can
-// hard-fail the turn instead of shipping it with no memory.
+// selectPool — infrastructure failures THROW. A deliberate empty selection and
+// an empty pool (covered above) still return normally; only a genuine infra
+// failure throws so callers can log it distinctly from an empty selection.
 // ---------------------------------------------------------------------------
 
 describe("selectPool — infrastructure failures throw", () => {
@@ -371,6 +383,38 @@ describe("selectPool — infrastructure failures throw", () => {
     ]);
   });
 
+  test("managed provider 402 attaches a non-terminal credits notice", async () => {
+    providerStub = {
+      name: "managed",
+      sendMessage: async (messages, options) => {
+        providerCalls.push({ messages, options });
+        throw new ProviderError(
+          "Together AI API error (402): 402 status code (no body)",
+          "managed",
+          402,
+        );
+      },
+    };
+    let caught: unknown;
+    try {
+      await selectPool(makePool(), makeTurn("x"));
+    } catch (err) {
+      caught = err;
+    }
+
+    expect(caught).toBeInstanceOf(MemoryV3RetrievalUnavailableError);
+    const notice = (
+      caught as InstanceType<typeof MemoryV3RetrievalUnavailableError>
+    ).conversationNotice;
+    expect(notice).toEqual({
+      source: "memory_v3",
+      code: "PROVIDER_BILLING",
+      userMessage:
+        "You've run out of credits. Add funds to continue using the assistant.",
+      errorCategory: "credits_exhausted",
+    });
+  });
+
   test("provider throw redacts sensitive message details in diagnostics", async () => {
     const providerSecret = ["sk-proj-", "a".repeat(40)].join("");
     const message = `provider rejected Authorization: Bearer ${providerSecret}`;

package/src/plugins/defaults/memory-v3-shadow/__tests__/shadow-plugin.test.ts

@@ -808,7 +808,7 @@ describe("memory-v3 shadow plugin", () => {
   });
 });
 
-describe("memory-v3 infrastructure-failure handling (hard-fail vs swallow)", () => {
+describe("memory-v3 infrastructure-failure handling", () => {
   const throwInfra = () =>
     orchestrateSpy.mockImplementationOnce(async () => {
       throw new MemoryV3RetrievalUnavailableError(
@@ -816,14 +816,12 @@ describe("memory-v3 infrastructure-failure handling (hard-fail vs swallow)", ()
       );
     });
 
-  test("LIVE injector HARD-FAILS the turn on an infra failure (no silent memory loss)", async () => {
+  test("LIVE injector logs and degrades to no v3 block on an infra failure", async () => {
     liveEnabled = true;
     shadowEnabled = false;
     throwInfra();
 
-    await expect(produce("conv-infra-live", 0)).rejects.toThrow(
-      MemoryV3RetrievalUnavailableError,
-    );
+    expect(await produce("conv-infra-live", 0)).toBeNull();
   });
 
   test("SHADOW injector swallows an infra failure (v2 fallback) — no throw, no block", async () => {
@@ -832,7 +830,7 @@ describe("memory-v3 infrastructure-failure handling (hard-fail vs swallow)", ()
     throwInfra();
 
     // Shadow mode: v2 retrieval still ran this turn, so the v3 injector returns
-    // null rather than failing the turn.
+    // null.
     expect(await produce("conv-infra-shadow", 0)).toBeNull();
   });
 
@@ -853,8 +851,6 @@ describe("memory-v3 infrastructure-failure handling (hard-fail vs swallow)", ()
       throw new Error("some unexpected non-infra bug");
     });
 
-    // Only INFRA failures hard-fail; any other error stays non-fatal so a bug
-    // in one lane can't take every turn down.
     expect(await produce("conv-nonfatal-live", 0)).toBeNull();
   });
 });

package/src/plugins/defaults/memory-v3-shadow/injector.ts

@@ -63,6 +63,10 @@
 import { isAssistantFeatureFlagEnabled } from "../../../config/assistant-feature-flags.js";
 import { getConfig } from "../../../config/loader.js";
 import { isMemoryV3Live } from "../../../config/memory-v3-gate.js";
+import {
+  type PendingConversationNotice,
+  queueConversationNotice,
+} from "../../../daemon/conversation-notices.js";
 import { isPersonalMemoryAllowed } from "../../../daemon/trust-context.js";
 import {
   wrapMemoryBlock,
@@ -120,6 +124,26 @@ function lruSet<V>(map: Map<string, V>, key: string, value: V): void {
   map.set(key, value);
 }
 
+function queueMemoryV3ConversationNotice(
+  err: MemoryV3RetrievalUnavailableError,
+  ctx: TurnContext,
+  live: boolean,
+): void {
+  if (!live) return;
+  const notice: PendingConversationNotice = err.conversationNotice ?? {
+    source: "memory_v3",
+    code: "UNKNOWN",
+    userMessage:
+      "Memory is temporarily unavailable, so this response may not use your saved memories. You can retry in a moment.",
+    errorCategory: "memory_v3_degraded",
+  };
+  queueConversationNotice(
+    ctx.conversationId,
+    `memory_v3:${ctx.turnIndex}:${notice.errorCategory ?? notice.code}`,
+    notice,
+  );
+}
+
 // ─── shared per-turn orchestration memo ─────────────────────────────────────
 
 interface ObservedTurn {
@@ -245,16 +269,16 @@ export const memoryV3Injector: Injector = {
     try {
       observed = await observeTurnOnce(ctx.conversationId, ctx.turnIndex);
     } catch (err) {
-      // A memory-v3 INFRASTRUCTURE failure (the selector lost its provider —
-      // e.g. a transient CES credential blip). Under `memory-v3-live` the
-      // user-prompt-submit hook already skipped v2 retrieval, so swallowing
-      // here would ship the turn with NO memory at all — exactly the silent
-      // degradation we want to eliminate. Hard-fail the turn instead (a clean,
-      // retryable error). In shadow mode v2 still ran this turn, so fall back
-      // to it (return null). Non-infra errors are already swallowed inside
-      // observeTurn; anything else reaching here stays non-fatal.
-      if (live && err instanceof MemoryV3RetrievalUnavailableError) {
-        throw err;
+      if (err instanceof MemoryV3RetrievalUnavailableError) {
+        queueMemoryV3ConversationNotice(err, ctx, live);
+        log.error(
+          {
+            err: err.message,
+            conversationId: ctx.conversationId,
+            mode: live ? "live" : "shadow",
+          },
+          "memory-v3 selection failed; skipping v3 memory for this turn",
+        );
       }
       return null;
     }
@@ -405,12 +429,16 @@ export const memoryV3SpotlightInjector: Injector = {
         placement: "after-memory-prefix",
       };
     } catch (err) {
-      // Live-only injector: an infra failure must hard-fail the turn. The cards
-      // injector (ordered ahead of this one) normally throws first, so this
-      // path is defensive — it keeps the behavior correct if the cards injector
-      // is ever disabled or reordered.
       if (err instanceof MemoryV3RetrievalUnavailableError) {
-        throw err;
+        queueMemoryV3ConversationNotice(err, ctx, true);
+        log.error(
+          {
+            err: err.message,
+            conversationId: ctx.conversationId,
+          },
+          "memory-v3 spotlight selection failed; skipping spotlight",
+        );
+        return null;
       }
       log.warn(
         {

package/src/plugins/defaults/memory-v3-shadow/pool-select.ts

@@ -41,15 +41,15 @@
  *   - infrastructure failure (selector provider unavailable — e.g. a transient
  *     CES credential blip drops the API key — or no usable `tool_use` / schema
  *     mismatch surviving the short re-prompt retry) → throw
- *     {@link MemoryV3RetrievalUnavailableError}. There is NO deterministic-lane
- *     fallback: the LIVE injector propagates this to hard-fail the turn
- *     (retryable) rather than silently shipping it with no `<memory>` block,
- *     while the shadow/observation path swallows it and lets v2 retrieval serve
- *     the turn.
+ *     {@link MemoryV3RetrievalUnavailableError}. The live injector treats this
+ *     as a logged memory miss for the turn; shadow/observation callers swallow
+ *     it so v2 retrieval can serve the turn.
  */
 
 import { z } from "zod";
 
+import { classifyConversationError } from "../../../daemon/conversation-error.js";
+import type { PendingConversationNotice } from "../../../daemon/conversation-notices.js";
 import { loadPromptOverride } from "../../../memory/prompt-override.js";
 import { cachedTextBlock } from "../../../providers/cache-control.js";
 import {
@@ -77,17 +77,43 @@ const log = getLogger("memory-v3-pool-select");
  * re-prompt retry. Deliberately DISTINCT from a deliberate empty selection
  * (`ids: []`) and an empty candidate pool, both of which return normally.
  *
- * The LIVE memory-v3 injector propagates this to hard-fail the turn (a clean,
- * retryable failure) rather than silently shipping with no memory; the
+ * The live memory-v3 injector logs this as a memory miss for the turn; the
  * shadow/observation path catches and swallows it.
  */
 export class MemoryV3RetrievalUnavailableError extends Error {
-  constructor(message: string) {
-    super(message);
+  readonly conversationNotice?: PendingConversationNotice;
+
+  constructor(
+    message: string,
+    options?: {
+      cause?: unknown;
+      conversationNotice?: PendingConversationNotice;
+    },
+  ) {
+    super(
+      message,
+      options?.cause === undefined ? undefined : { cause: options.cause },
+    );
     this.name = "MemoryV3RetrievalUnavailableError";
+    this.conversationNotice = options?.conversationNotice;
   }
 }
 
+function providerBillingNoticeFromError(
+  error: unknown,
+): PendingConversationNotice | undefined {
+  const classified = classifyConversationError(error, {
+    phase: "agent_loop",
+  });
+  if (classified.code !== "PROVIDER_BILLING") return undefined;
+  return {
+    source: "memory_v3",
+    code: classified.code,
+    userMessage: classified.userMessage,
+    errorCategory: classified.errorCategory,
+  };
+}
+
 /** A dynamic-tail (finder) candidate: the slug plus the descriptor that
  *  justifies it — a matched section for a needle/dense hit, or a curated link
  *  description for an edge page. Rendered as a one-line snippet, prefixed
@@ -368,7 +394,7 @@ export async function selectPool(
         stableCount: pool.stable.length,
         finderCount: pool.finder.length,
       },
-      "pool selector provider unavailable — failing the turn rather than dropping memory",
+      "pool selector provider unavailable",
     );
     throw new MemoryV3RetrievalUnavailableError(
       "memory-v3 pool selector provider unavailable",
@@ -422,6 +448,12 @@ export async function selectPool(
   // (no usable tool_use, or tool input that fails the schema) re-prompts before
   // we give up. `null` from an attempt means "unusable, retry"; the provider
   // layer already backs off transient throws, so this loop adds no delay.
+  //
+  // `lastError` captures the most recent attempt's thrown provider error —
+  // `retryForResult` swallows attempt throws, so without this an infrastructure
+  // failure (e.g. an upstream HTTP 4xx/5xx) is indistinguishable from a 200 that
+  // carried no usable tool_use. It is cleared on every attempt that reaches a
+  // response, so it reflects the LAST attempt's failure mode.
   let lastError: unknown = null;
   const parsed = await retryForResult(async () => {
     attempt += 1;
@@ -504,10 +536,14 @@ export async function selectPool(
           providerName: provider.name,
           failures,
         },
-        "pool selector provider call failed after retries — failing the turn rather than dropping memory",
+        "pool selector provider call failed after retries",
       );
       throw new MemoryV3RetrievalUnavailableError(
         `memory-v3 pool selector provider call failed after retries: ${redactedDetail}`,
+        {
+          cause: lastError,
+          conversationNotice: providerBillingNoticeFromError(lastError),
+        },
       );
     }
     log.warn(
@@ -519,7 +555,7 @@ export async function selectPool(
         providerName: provider.name,
         failures,
       },
-      "pool selector returned no usable tool_use after retries — failing the turn rather than dropping memory",
+      "pool selector returned no usable tool_use after retries",
     );
     throw new MemoryV3RetrievalUnavailableError(
       "memory-v3 pool selector returned no usable selection after retries",

package/src/plugins/defaults/memory-v3-shadow/shadow-plugin.ts

@@ -605,13 +605,9 @@ export async function observeTurn(
     writeSelections(conversationId, turnIndex, rows);
     return result;
   } catch (err) {
-    // An INFRASTRUCTURE failure (the selector lost its provider — e.g. a
-    // transient CES credential blip) must NOT be silently swallowed: re-throw
-    // so the LIVE injector hard-fails the turn (a clean, retryable failure)
-    // rather than shipping it with no `<memory>` block. The shadow/observation
-    // callers (the injector in shadow mode, runShadowObservation) catch this
-    // and swallow it, so observation never fails a turn. Other (non-infra)
-    // errors stay non-fatal and degrade to no v3 block, as before.
+    // Infrastructure failures are surfaced to callers that want distinct
+    // logging from ordinary orchestration misses. Observation callers swallow
+    // them so memory-v3 never fails the turn.
     if (err instanceof MemoryV3RetrievalUnavailableError) {
       throw err;
     }
@@ -641,8 +637,6 @@ export async function runShadowObservation(
   try {
     await observeTurn(conversationId, turnIndex);
   } catch {
-    // Shadow observation is fire-and-forget and must NEVER fail a turn.
-    // `observeTurn` now re-throws infra failures so the LIVE injector can
-    // hard-fail on them; here (observation only) we swallow them.
+    // Shadow observation is fire-and-forget and must never fail a turn.
   }
 }

package/src/plugins/pipeline.ts

@@ -4,9 +4,10 @@
  * A "hook" is a named lifecycle event (`user-prompt-submit`, `post-tool-use`,
  * ...) that every registered plugin may handle. The runner walks each plugin's
  * hook for a given event in registration order, threading a context value
- * through the chain so hooks can observe and transform it. A hook either
- * mutates the context in place (returning `void`) or returns a partial
- * context whose fields are merged onto the threaded value.
+ * through the chain so hooks can observe and transform it. Each hook receives
+ * an isolated draft of the current context. A hook either mutates the draft in
+ * place (returning `void`) or returns a partial context whose fields are merged
+ * onto the draft. Failed hook drafts are discarded.
  *
  * `getHooksFor` is now async — it pulls user-land hooks from the mtime
  * cache (filesystem-as-truth) and default plugin hooks from the registry
@@ -16,34 +17,131 @@
  */
 
 import type { HookName } from "../plugin-api/constants.js";
+import { getLogger } from "../util/logger.js";
 import { getHooksFor } from "./registry.js";
+import type { PluginHookFn } from "./types.js";
 
 // ─── Hook runner ────────────────────────────────────────────────────────────
 
+const log = getLogger("plugin-pipeline");
+
+function isPluginLogger(value: unknown): value is {
+  info: unknown;
+  warn: unknown;
+  error: unknown;
+  debug: unknown;
+} {
+  return (
+    value !== null &&
+    typeof value === "object" &&
+    typeof (value as { info?: unknown }).info === "function" &&
+    typeof (value as { warn?: unknown }).warn === "function" &&
+    typeof (value as { error?: unknown }).error === "function" &&
+    typeof (value as { debug?: unknown }).debug === "function"
+  );
+}
+
+function isPlainObject(value: object): boolean {
+  const prototype = Object.getPrototypeOf(value);
+  return prototype === Object.prototype || prototype === null;
+}
+
+function cloneHookValue<T>(value: T, seen = new WeakMap<object, unknown>()): T {
+  if (value === null || typeof value !== "object") return value;
+  if (value instanceof Error || isPluginLogger(value)) return value;
+
+  const existing = seen.get(value);
+  if (existing !== undefined) return existing as T;
+
+  if (Array.isArray(value)) {
+    const copy: unknown[] = [];
+    seen.set(value, copy);
+    for (const item of value) {
+      copy.push(cloneHookValue(item, seen));
+    }
+    return copy as T;
+  }
+
+  if (value instanceof Date) {
+    return new Date(value.getTime()) as T;
+  }
+
+  if (value instanceof Map) {
+    const copy = new Map();
+    seen.set(value, copy);
+    for (const [key, mapValue] of value) {
+      copy.set(cloneHookValue(key, seen), cloneHookValue(mapValue, seen));
+    }
+    return copy as T;
+  }
+
+  if (value instanceof Set) {
+    const copy = new Set();
+    seen.set(value, copy);
+    for (const item of value) {
+      copy.add(cloneHookValue(item, seen));
+    }
+    return copy as T;
+  }
+
+  if (!isPlainObject(value)) return value;
+
+  const copy: Record<PropertyKey, unknown> = {};
+  seen.set(value, copy);
+  for (const key of Reflect.ownKeys(value)) {
+    copy[key] = cloneHookValue(
+      (value as Record<PropertyKey, unknown>)[key],
+      seen,
+    );
+  }
+  return copy as T;
+}
+
 /**
  * Execute a hook chain: walk every registered plugin's hook for `name` in
  * registration order, threading `initialCtx` through each. Hooks may either
- * mutate the context in place (returning `void`) or return a partial context
- * whose fields are merged onto the threaded value — keys the hook returns
- * overwrite the running context, every other field is preserved. The final
- * context after the chain settles is returned.
+ * mutate their draft context in place (returning `void`) or return a partial
+ * context whose fields are merged onto the draft — keys the hook returns
+ * overwrite the running context, every other field is preserved. If a hook
+ * throws, its draft is discarded and the next hook receives the last
+ * successfully committed context. The final context after the chain settles is
+ * returned.
  *
  * @param name        The hook identifier — pick one from {@link HOOKS}.
  * @param initialCtx  Context the first hook receives.
  * @returns The final context after the chain settles. Same reference as
- *          `initialCtx` when no plugin registers `name`, and when every
- *          chained hook returns `void` (mutation-in-place style).
+ *          `initialCtx` when no plugin registers `name`.
  */
 export async function runHook<TCtx>(
   name: HookName,
   initialCtx: TCtx,
 ): Promise<TCtx> {
-  const hooks = await getHooksFor<TCtx>(name);
+  let hooks: PluginHookFn<TCtx>[];
+  try {
+    hooks = await getHooksFor<TCtx>(name);
+  } catch (err) {
+    log.error(
+      { err, hookName: name },
+      "plugin hook discovery failed — proceeding without hooks",
+    );
+    return initialCtx;
+  }
+
   let active = initialCtx;
   for (const hook of hooks) {
-    const result = await hook(active);
-    if (result !== undefined) {
-      active = { ...active, ...result };
+    const draft = cloneHookValue(active);
+    try {
+      const result = await hook(draft);
+      if (result !== undefined) {
+        active = { ...draft, ...result };
+      } else {
+        active = draft;
+      }
+    } catch (err) {
+      log.error(
+        { err, hookName: name },
+        "plugin hook failed — proceeding with current context",
+      );
     }
   }
   return active;