@vellumai/assistant 0.3.14 → 0.3.16

package/src/tools/subagent/message.ts

@@ -23,7 +23,7 @@ export async function executeSubagentMessage(
     };
   }
 
-  const result = manager.sendMessage(subagentId, content);
+  const result = await manager.sendMessage(subagentId, content);
 
   if (result === 'queue_full') {
     return {

package/src/tools/system/voice-config.ts

@@ -0,0 +1,62 @@
+import { normalizeActivationKey } from '../../daemon/handlers/config-voice.js';
+import { RiskLevel } from '../../permissions/types.js';
+import type { ToolDefinition } from '../../providers/types.js';
+import type { Tool, ToolContext, ToolExecutionResult } from '../types.js';
+
+const TOOL_NAME = 'voice_config_update';
+
+export const voiceConfigUpdateTool: Tool = {
+  name: TOOL_NAME,
+  description:
+    'Change the push-to-talk activation key. Valid keys: fn (Fn/Globe key), ctrl (Control key), fn_shift (Fn+Shift), none (disable PTT).',
+  category: 'system',
+  defaultRiskLevel: RiskLevel.Low,
+
+  getDefinition(): ToolDefinition {
+    return {
+      name: TOOL_NAME,
+      description: this.description,
+      input_schema: {
+        type: 'object',
+        properties: {
+          activation_key: {
+            type: 'string',
+            description:
+              'The activation key to set. Accepts enum values (fn, ctrl, fn_shift, none) or natural language (e.g. "Control", "Fn+Shift", "Off").',
+          },
+        },
+        required: ['activation_key'],
+      },
+    };
+  },
+
+  async execute(
+    input: Record<string, unknown>,
+    context: ToolContext,
+  ): Promise<ToolExecutionResult> {
+    const rawKey = input.activation_key;
+    if (typeof rawKey !== 'string' || rawKey.trim() === '') {
+      return {
+        content: 'Error: activation_key is required and must be a non-empty string.',
+        isError: true,
+      };
+    }
+
+    const result = normalizeActivationKey(rawKey);
+    if (!result.ok) {
+      return { content: result.reason, isError: true };
+    }
+
+    const labels: Record<string, string> = {
+      fn: 'Fn/Globe key',
+      ctrl: 'Control key',
+      fn_shift: 'Fn+Shift',
+      none: 'disabled',
+    };
+
+    return {
+      content: `Push-to-talk activation key updated to ${labels[result.value]} (${result.value}).`,
+      isError: false,
+    };
+  },
+};

package/src/tools/tasks/index.ts

@@ -2,9 +2,9 @@
  * UX Terminology Glossary
  * ──────────────────────────────────────────────────────────────────────
  *
- * "Task" (user-facing) — A work item in the Tasks panel (backed by the
- *   `work_items` table). This is what users see, create, run, and track.
- *   The user-facing surface is simply called "Tasks".
+ * "Task" (user-facing) — A work item in the task queue (backed by the
+ *   `work_items` table). This is what users create, run, and track
+ *   through conversation.
  *
  * "Task template" / "task definition" (internal) — A reusable template
  *   saved from a conversation (backed by the `tasks` table). Templates

package/src/tools/tasks/work-item-list.ts

@@ -37,8 +37,8 @@ export async function executeTaskListShow(
     const filtered = statusFilter !== undefined;
 
     if (count === 0) {
-      const suffix = filtered ? 'no items matching filter.' : 'no tasks queued.';
-      return { content: `Opened Tasks window \u2014 ${suffix}`, isError: false };
+      const suffix = filtered ? 'No items matching that filter.' : 'No tasks queued.';
+      return { content: suffix, isError: false };
     }
 
     const label = filtered
@@ -47,7 +47,7 @@ export async function executeTaskListShow(
 
     const taskList = formatTaskList(items);
 
-    return { content: `Opened Tasks window (${label}).\n\nCurrent tasks:\n${taskList}`, isError: false };
+    return { content: `Task queue (${label}):\n${taskList}`, isError: false };
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
     return { content: `Error: ${msg}`, isError: true };

package/src/tools/tasks/work-item-update.ts

@@ -53,12 +53,11 @@ export async function executeTaskListUpdate(
 
     const item = result.workItem;
 
-    // Block direct transitions to 'done' — the only path to done is
-    // through the Review action (handleWorkItemComplete in the daemon).
-    if (input.status === 'done') {
-      log.warn({ selectorType, resolvedWorkItemId: item.id }, 'rejected attempt to set status to done directly');
+    // Allow direct transitions to 'done' only from 'awaiting_review'
+    if (input.status === 'done' && item.status !== 'awaiting_review') {
+      log.warn({ selectorType, resolvedWorkItemId: item.id, currentStatus: item.status }, 'rejected attempt to set status to done from non-review state');
       return {
-        content: 'Error: Cannot set status to \'done\' directly. Use the Review action in the Tasks window.',
+        content: `Error: Cannot mark as done from '${item.status}'. Tasks must reach 'awaiting_review' status first (typically after a task run completes). You can set the status to 'awaiting_review' if the task is ready to be completed.`,
         isError: true,
       };
     }

package/src/tools/tool-approval-handler.ts

@@ -0,0 +1,192 @@
+import { isToolBlocked } from '../security/parental-control-store.js';
+import { getTaskRunRules } from '../tasks/ephemeral-permissions.js';
+import { getLogger } from '../util/logger.js';
+import { enforceGuardianOnlyPolicy } from './guardian-control-plane-policy.js';
+import { getAllTools, getTool } from './registry.js';
+import type { ExecutionTarget, Tool, ToolContext, ToolExecutionResult, ToolLifecycleEvent } from './types.js';
+
+const log = getLogger('tool-approval-handler');
+
+export type PreExecutionGateResult =
+  | { allowed: true; tool: Tool }
+  | { allowed: false; result: ToolExecutionResult };
+
+/**
+ * Handles pre-execution approval gates: abort checks, parental controls,
+ * guardian policy, allowed-tool-set gating, and task-run preflight checks.
+ * These run before the interactive permission prompt flow.
+ */
+export class ToolApprovalHandler {
+  /**
+   * Evaluate all pre-execution approval gates for a tool invocation.
+   * Returns the resolved Tool if all gates pass, or an early-return
+   * ToolExecutionResult if any gate blocks execution.
+   */
+  checkPreExecutionGates(
+    name: string,
+    input: Record<string, unknown>,
+    context: ToolContext,
+    executionTarget: ExecutionTarget,
+    riskLevel: string,
+    startTime: number,
+    emitLifecycleEvent: (event: ToolLifecycleEvent) => void,
+  ): PreExecutionGateResult {
+    // Bail out immediately if the session was aborted before this tool started.
+    if (context.signal?.aborted) {
+      const durationMs = Date.now() - startTime;
+      emitLifecycleEvent({
+        type: 'error',
+        toolName: name,
+        executionTarget,
+        input,
+        workingDir: context.workingDir,
+        sessionId: context.sessionId,
+        conversationId: context.conversationId,
+        requestId: context.requestId,
+        riskLevel,
+        decision: 'error',
+        durationMs,
+        errorMessage: 'Cancelled',
+        isExpected: true,
+        errorCategory: 'tool_failure',
+      });
+      return { allowed: false, result: { content: 'Cancelled', isError: true } };
+    }
+
+    // Reject tools blocked by parental control settings before any permission check.
+    if (isToolBlocked(name)) {
+      log.warn(
+        {
+          toolName: name,
+          sessionId: context.sessionId,
+          conversationId: context.conversationId,
+          principal: context.principal,
+          reason: 'blocked_by_parental_controls',
+        },
+        'Parental control blocked tool invocation',
+      );
+      const durationMs = Date.now() - startTime;
+      emitLifecycleEvent({
+        type: 'permission_denied',
+        toolName: name,
+        executionTarget,
+        input,
+        workingDir: context.workingDir,
+        sessionId: context.sessionId,
+        conversationId: context.conversationId,
+        requestId: context.requestId,
+        riskLevel,
+        decision: 'deny',
+        reason: 'Blocked by parental control settings',
+        durationMs,
+      });
+      return { allowed: false, result: { content: 'This tool is blocked by parental control settings.', isError: true } };
+    }
+
+    // Reject tool invocations targeting guardian control-plane endpoints from non-guardian actors.
+    const guardianCheck = enforceGuardianOnlyPolicy(name, input, context.guardianActorRole);
+    if (guardianCheck.denied) {
+      log.warn({
+        toolName: name,
+        sessionId: context.sessionId,
+        conversationId: context.conversationId,
+        actorRole: context.guardianActorRole,
+        reason: 'guardian_only_policy',
+      }, 'Guardian-only policy blocked tool invocation');
+      const durationMs = Date.now() - startTime;
+      emitLifecycleEvent({
+        type: 'permission_denied',
+        toolName: name,
+        executionTarget,
+        input,
+        workingDir: context.workingDir,
+        sessionId: context.sessionId,
+        conversationId: context.conversationId,
+        requestId: context.requestId,
+        riskLevel,
+        decision: 'deny',
+        reason: guardianCheck.reason!,
+        durationMs,
+      });
+      return { allowed: false, result: { content: guardianCheck.reason!, isError: true } };
+    }
+
+    // Gate tools not active for the current turn
+    if (context.allowedToolNames && !context.allowedToolNames.has(name)) {
+      const msg = `Tool "${name}" is not currently active. Load the skill that provides this tool first.`;
+      const durationMs = Date.now() - startTime;
+      emitLifecycleEvent({
+        type: 'error',
+        toolName: name,
+        executionTarget,
+        input,
+        workingDir: context.workingDir,
+        sessionId: context.sessionId,
+        conversationId: context.conversationId,
+        requestId: context.requestId,
+        riskLevel,
+        decision: 'error',
+        durationMs,
+        errorMessage: msg,
+        isExpected: true,
+        errorCategory: 'tool_failure',
+      });
+      return { allowed: false, result: { content: msg, isError: true } };
+    }
+
+    // Belt-and-suspenders guard for task runs: only preflight-approved tools
+    // may execute. This catches cases where ephemeral rules might not cover
+    // a tool, ensuring unapproved calls fail deterministically instead of
+    // falling through to the interactive prompter.
+    if (context.taskRunId) {
+      const taskRules = getTaskRunRules(context.taskRunId);
+      const approvedToolNames = new Set(taskRules.map((r) => r.tool));
+      if (approvedToolNames.size > 0 && !approvedToolNames.has(name)) {
+        const msg = `Tool '${name}' was not approved in the task's preflight. Add it to required tools and re-approve.`;
+        const durationMs = Date.now() - startTime;
+        emitLifecycleEvent({
+          type: 'permission_denied',
+          toolName: name,
+          executionTarget,
+          input,
+          workingDir: context.workingDir,
+          sessionId: context.sessionId,
+          conversationId: context.conversationId,
+          requestId: context.requestId,
+          riskLevel,
+          decision: 'deny',
+          reason: msg,
+          durationMs,
+        });
+        return { allowed: false, result: { content: msg, isError: true } };
+      }
+    }
+
+    // Resolve the tool from the registry
+    const tool = getTool(name);
+    if (!tool) {
+      const available = getAllTools().filter((t) => t.executionMode !== 'proxy' || context.proxyToolResolver).map((t) => t.name).sort().join(', ');
+      const msg = `Unknown tool: ${name}. Available tools: ${available}`;
+      const durationMs = Date.now() - startTime;
+      emitLifecycleEvent({
+        type: 'error',
+        toolName: name,
+        executionTarget,
+        input,
+        workingDir: context.workingDir,
+        sessionId: context.sessionId,
+        conversationId: context.conversationId,
+        requestId: context.requestId,
+        riskLevel,
+        decision: 'error',
+        durationMs,
+        errorMessage: msg,
+        isExpected: true,
+        errorCategory: 'tool_failure',
+      });
+      return { allowed: false, result: { content: msg, isError: true } };
+    }
+
+    return { allowed: true, tool };
+  }
+}

package/src/tools/tool-manifest.ts

@@ -12,6 +12,7 @@ import { credentialStoreTool } from './credentials/vault.js';
 import { memorySaveTool, memorySearchTool, memoryUpdateTool } from './memory/register.js';
 import type { LazyToolDescriptor } from './registry.js';
 import { vellumSkillsCatalogTool } from './skills/vellum-catalog.js';
+import { voiceConfigUpdateTool } from './system/voice-config.js';
 import type { Tool } from './types.js';
 import { screenWatchTool } from './watch/screen-watch.js';
 
@@ -66,6 +67,7 @@ export const explicitTools: Tool[] = [
   accountManageTool,
   screenWatchTool,
   vellumSkillsCatalogTool,
+  voiceConfigUpdateTool,
 ];
 
 // ── Lazy tool descriptors ───────────────────────────────────────────

package/src/watcher/watcher-store.ts

@@ -1,7 +1,7 @@
 import { and, asc, desc, eq, gte, lte } from 'drizzle-orm';
 import { v4 as uuid } from 'uuid';
 
-import { getDb } from '../memory/db.js';
+import { getDb, rawChanges } from '../memory/db.js';
 import { watcherEvents,watchers } from '../memory/schema.js';
 import { truncate } from '../util/truncate.js';
 import { DEFAULT_POLL_INTERVAL_MS } from './constants.js';
@@ -142,8 +142,8 @@ export function updateWatcher(
 
 export function deleteWatcher(id: string): boolean {
   const db = getDb();
-  const result = db.delete(watchers).where(eq(watchers.id, id)).run() as unknown as { changes?: number };
-  return (result.changes ?? 0) > 0;
+  db.delete(watchers).where(eq(watchers.id, id)).run();
+  return rawChanges() > 0;
 }
 
 // ── Claim / Complete ────────────────────────────────────────────────
@@ -167,7 +167,7 @@ export function claimDueWatchers(now: number): Watcher[] {
 
   const claimed: Watcher[] = [];
   for (const row of candidates) {
-    const result = db
+    db
       .update(watchers)
       .set({ status: 'polling', updatedAt: now })
       .where(and(
@@ -175,9 +175,9 @@ export function claimDueWatchers(now: number): Watcher[] {
         eq(watchers.nextPollAt, row.nextPollAt),
         eq(watchers.status, 'idle'),
       ))
-      .run() as unknown as { changes?: number };
+      .run();
 
-    if ((result.changes ?? 0) === 0) continue;
+    if (rawChanges() === 0) continue;
     claimed.push(parseWatcherRow({ ...row, status: 'polling', updatedAt: now }));
   }
   return claimed;
@@ -271,12 +271,12 @@ export function setWatcherConversationId(id: string, conversationId: string): vo
  */
 export function resetStuckWatchers(): number {
   const db = getDb();
-  const result = db
+  db
     .update(watchers)
     .set({ status: 'idle', updatedAt: Date.now() })
     .where(eq(watchers.status, 'polling'))
-    .run() as unknown as { changes?: number };
-  return result.changes ?? 0;
+    .run();
+  return rawChanges();
 }
 
 // ── Watcher Events ──────────────────────────────────────────────────

package/src/work-items/work-item-runner.ts

@@ -127,8 +127,8 @@ export function runWorkItemInBackground(workItemId: string): RunWorkItemResult {
               workItemId,
               title: workItem.title,
             } as ServerMessage);
-            (session as unknown as { taskRunId?: string }).taskRunId = taskRunId;
-            (session as unknown as { headlessLock: boolean }).headlessLock = true;
+            session.taskRunId = taskRunId;
+            session.headlessLock = true;
           }
           await session.processMessage(message, [], (event) => {
             broadcast(event);
@@ -136,8 +136,10 @@ export function runWorkItemInBackground(workItemId: string): RunWorkItemResult {
         },
       );
 
-      if (session) {
-        (session as unknown as { headlessLock: boolean }).headlessLock = false;
+      // TS can't track that session is mutated inside the closure above
+      const doneSession = session as { headlessLock: boolean } | null;
+      if (doneSession) {
+        doneSession.headlessLock = false;
       }
 
       const current = getWorkItem(workItemId);
@@ -154,8 +156,9 @@ export function runWorkItemInBackground(workItemId: string): RunWorkItemResult {
       broadcastWorkItemStatus(broadcast, workItemId);
       broadcast({ type: 'tasks_changed' } as ServerMessage);
     } catch (err) {
-      if (session) {
-        (session as unknown as { headlessLock: boolean }).headlessLock = false;
+      const errSession = session as { headlessLock: boolean } | null;
+      if (errSession) {
+        errSession.headlessLock = false;
       }
       log.error({ err, workItemId }, 'work item background run failed');
       updateWorkItem(workItemId, {