npm - @vellumai/assistant - Versions diffs - 0.3.15 → 0.3.16 - Mend

@vellumai/assistant 0.3.15 → 0.3.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (290) hide show

package/ARCHITECTURE.md +142 -0
package/Dockerfile +1 -1
package/README.md +5 -5
package/docs/architecture/http-token-refresh.md +252 -0
package/docs/architecture/memory.md +5 -4
package/docs/architecture/scheduling.md +4 -88
package/docs/runbook-trusted-contacts.md +283 -0
package/docs/trusted-contact-access.md +247 -0
package/package.json +1 -1
package/scripts/ipc/check-swift-decoder-drift.ts +2 -0
package/src/__tests__/__snapshots__/ipc-snapshot.test.ts.snap +2 -6
package/src/__tests__/access-request-decision.test.ts +331 -0
package/src/__tests__/asset-materialize-tool.test.ts +7 -7
package/src/__tests__/asset-search-tool.test.ts +15 -15
package/src/__tests__/attachments-store.test.ts +13 -13
package/src/__tests__/call-controller.test.ts +150 -4
package/src/__tests__/call-conversation-messages.test.ts +2 -2
package/src/__tests__/call-pointer-messages.test.ts +28 -0
package/src/__tests__/call-start-guardian-guard.test.ts +93 -0
package/src/__tests__/channel-approval-routes.test.ts +108 -12
package/src/__tests__/channel-guardian.test.ts +16 -14
package/src/__tests__/checker.test.ts +24 -0
package/src/__tests__/computer-use-skill-manifest-regression.test.ts +2 -2
package/src/__tests__/config-watcher.test.ts +358 -0
package/src/__tests__/conversation-pairing.test.ts +24 -24
package/src/__tests__/conversation-store.test.ts +36 -36
package/src/__tests__/date-context.test.ts +179 -1
package/src/__tests__/db-migration-rollback.test.ts +4 -7
package/src/__tests__/deterministic-verification-control-plane.test.ts +5 -5
package/src/__tests__/emit-signal-routing-intent.test.ts +179 -0
package/src/__tests__/gateway-only-guard.test.ts +188 -0
package/src/__tests__/guardian-action-conversation-turn.test.ts +451 -0
package/src/__tests__/guardian-action-copy-generator.test.ts +197 -0
package/src/__tests__/guardian-action-followup-executor.test.ts +379 -0
package/src/__tests__/guardian-action-followup-store.test.ts +376 -0
package/src/__tests__/guardian-action-late-reply.test.ts +294 -0
package/src/__tests__/guardian-action-no-hardcoded-copy.test.ts +71 -0
package/src/__tests__/guardian-action-sweep.test.ts +9 -9
package/src/__tests__/guardian-outbound-http.test.ts +194 -2
package/src/__tests__/guardian-verification-intent-routing.test.ts +179 -0
package/src/__tests__/guardian-verify-setup-skill-regression.test.ts +141 -0
package/src/__tests__/handlers-telegram-config.test.ts +6 -6
package/src/__tests__/hooks-runner.test.ts +13 -4
package/src/__tests__/ingress-routes-http.test.ts +443 -0
package/src/__tests__/intent-routing.test.ts +14 -0
package/src/__tests__/ipc-snapshot.test.ts +2 -5
package/src/__tests__/media-reuse-story.e2e.test.ts +7 -7
package/src/__tests__/memory-regressions.test.ts +16 -12
package/src/__tests__/non-member-access-request.test.ts +282 -0
package/src/__tests__/notification-decision-strategy.test.ts +136 -0
package/src/__tests__/notification-routing-intent.test.ts +11 -1
package/src/__tests__/notification-thread-candidates.test.ts +166 -0
package/src/__tests__/recording-intent.test.ts +1 -0
package/src/__tests__/recording-state-machine.test.ts +328 -17
package/src/__tests__/registry.test.ts +17 -8
package/src/__tests__/relay-server.test.ts +105 -0
package/src/__tests__/reminder.test.ts +13 -0
package/src/__tests__/runtime-attachment-metadata.test.ts +4 -4
package/src/__tests__/scheduler-recurrence.test.ts +50 -0
package/src/__tests__/server-history-render.test.ts +8 -8
package/src/__tests__/session-agent-loop.test.ts +1 -0
package/src/__tests__/session-runtime-assembly.test.ts +49 -0
package/src/__tests__/session-skill-tools.test.ts +1 -0
package/src/__tests__/skill-projection.benchmark.test.ts +11 -3
package/src/__tests__/slack-channel-config.test.ts +230 -0
package/src/__tests__/subagent-manager-notify.test.ts +4 -4
package/src/__tests__/swarm-session-integration.test.ts +2 -2
package/src/__tests__/system-prompt.test.ts +43 -0
package/src/__tests__/task-management-tools.test.ts +3 -3
package/src/__tests__/task-tools.test.ts +3 -3
package/src/__tests__/trust-store.test.ts +17 -1
package/src/__tests__/trusted-contact-lifecycle-notifications.test.ts +491 -0
package/src/__tests__/trusted-contact-multichannel.test.ts +409 -0
package/src/__tests__/trusted-contact-verification.test.ts +360 -0
package/src/__tests__/update-bulletin-format.test.ts +119 -0
package/src/__tests__/update-bulletin-state.test.ts +129 -0
package/src/__tests__/update-bulletin.test.ts +260 -0
package/src/__tests__/update-template-contract.test.ts +29 -0
package/src/agent/loop.ts +2 -2
package/src/amazon/client.ts +2 -3
package/src/calls/call-controller.ts +115 -34
package/src/calls/call-conversation-messages.ts +2 -2
package/src/calls/call-domain.ts +10 -3
package/src/calls/call-pointer-messages.ts +17 -5
package/src/calls/guardian-action-sweep.ts +77 -36
package/src/calls/relay-server.ts +51 -12
package/src/calls/twilio-routes.ts +3 -1
package/src/calls/types.ts +1 -1
package/src/calls/voice-session-bridge.ts +4 -4
package/src/cli/core-commands.ts +3 -3
package/src/cli/map.ts +8 -5
package/src/config/bundled-skills/phone-calls/SKILL.md +16 -1
package/src/config/bundled-skills/tasks/SKILL.md +1 -1
package/src/config/bundled-skills/tasks/TOOLS.json +4 -4
package/src/config/bundled-skills/time-based-actions/SKILL.md +11 -1
package/src/config/computer-use-prompt.ts +1 -0
package/src/config/core-schema.ts +16 -0
package/src/config/env-registry.ts +1 -0
package/src/config/env.ts +16 -1
package/src/config/memory-schema.ts +5 -0
package/src/config/schema.ts +4 -0
package/src/config/system-prompt.ts +69 -2
package/src/config/templates/BOOTSTRAP.md +1 -1
package/src/config/templates/IDENTITY.md +8 -4
package/src/config/templates/SOUL.md +14 -0
package/src/config/templates/UPDATES.md +16 -0
package/src/config/templates/USER.md +5 -1
package/src/config/types.ts +1 -0
package/src/config/update-bulletin-format.ts +52 -0
package/src/config/update-bulletin-state.ts +49 -0
package/src/config/update-bulletin.ts +82 -0
package/src/config/vellum-skills/catalog.json +6 -0
package/src/config/vellum-skills/chatgpt-import/tools/chatgpt-import.ts +1 -1
package/src/config/vellum-skills/guardian-verify-setup/SKILL.md +44 -10
package/src/config/vellum-skills/telegram-setup/SKILL.md +4 -4
package/src/config/vellum-skills/trusted-contacts/SKILL.md +147 -0
package/src/config/vellum-skills/twilio-setup/SKILL.md +2 -2
package/src/context/window-manager.ts +43 -3
package/src/daemon/config-watcher.ts +1 -0
package/src/daemon/connection-policy.ts +21 -1
package/src/daemon/daemon-control.ts +164 -7
package/src/daemon/date-context.ts +174 -1
package/src/daemon/guardian-action-generators.ts +175 -0
package/src/daemon/guardian-verification-intent.ts +120 -0
package/src/daemon/handlers/apps.ts +1 -3
package/src/daemon/handlers/config-channels.ts +2 -2
package/src/daemon/handlers/config-heartbeat.ts +1 -1
package/src/daemon/handlers/config-inbox.ts +55 -159
package/src/daemon/handlers/config-ingress.ts +1 -1
package/src/daemon/handlers/config-integrations.ts +1 -1
package/src/daemon/handlers/config-platform.ts +1 -1
package/src/daemon/handlers/config-scheduling.ts +2 -2
package/src/daemon/handlers/config-slack-channel.ts +190 -0
package/src/daemon/handlers/config-telegram.ts +1 -1
package/src/daemon/handlers/config-twilio.ts +1 -1
package/src/daemon/handlers/config-voice.ts +100 -0
package/src/daemon/handlers/config.ts +3 -0
package/src/daemon/handlers/misc.ts +83 -5
package/src/daemon/handlers/navigate-settings.ts +27 -0
package/src/daemon/handlers/recording.ts +270 -144
package/src/daemon/handlers/sessions.ts +100 -17
package/src/daemon/handlers/subagents.ts +3 -3
package/src/daemon/handlers/work-items.ts +10 -7
package/src/daemon/ipc-contract/integrations.ts +9 -1
package/src/daemon/ipc-contract/messages.ts +4 -0
package/src/daemon/ipc-contract/sessions.ts +1 -1
package/src/daemon/ipc-contract/settings.ts +26 -0
package/src/daemon/ipc-contract/shared.ts +2 -0
package/src/daemon/ipc-contract/work-items.ts +1 -7
package/src/daemon/ipc-contract-inventory.json +5 -1
package/src/daemon/ipc-contract.ts +5 -1
package/src/daemon/lifecycle.ts +306 -266
package/src/daemon/recording-intent.ts +0 -41
package/src/daemon/response-tier.ts +2 -2
package/src/daemon/server.ts +6 -6
package/src/daemon/session-agent-loop-handlers.ts +34 -9
package/src/daemon/session-agent-loop.ts +15 -8
package/src/daemon/session-history.ts +3 -2
package/src/daemon/session-media-retry.ts +3 -0
package/src/daemon/session-messaging.ts +38 -4
package/src/daemon/session-notifiers.ts +2 -2
package/src/daemon/session-process.ts +256 -23
package/src/daemon/session-queue-manager.ts +2 -0
package/src/daemon/session-runtime-assembly.ts +39 -0
package/src/daemon/session-skill-tools.ts +13 -4
package/src/daemon/session-tool-setup.ts +5 -6
package/src/daemon/session.ts +19 -8
package/src/daemon/tls-certs.ts +55 -13
package/src/daemon/tool-side-effects.ts +13 -5
package/src/gallery/default-gallery.ts +32 -9
package/src/influencer/client.ts +2 -1
package/src/memory/channel-delivery-store.ts +37 -567
package/src/memory/channel-guardian-store.ts +66 -1317
package/src/memory/conflict-store.ts +4 -4
package/src/memory/conversation-attention-store.ts +0 -3
package/src/memory/conversation-crud.ts +668 -0
package/src/memory/conversation-queries.ts +361 -0
package/src/memory/conversation-store.ts +45 -983
package/src/memory/db-connection.ts +3 -0
package/src/memory/db-init.ts +25 -0
package/src/memory/delivery-channels.ts +175 -0
package/src/memory/delivery-crud.ts +211 -0
package/src/memory/delivery-status.ts +199 -0
package/src/memory/embedding-backend.ts +70 -4
package/src/memory/embedding-local.ts +12 -2
package/src/memory/entity-extractor.ts +3 -8
package/src/memory/fts-reconciler.ts +121 -0
package/src/memory/guardian-action-store.ts +366 -3
package/src/memory/guardian-approvals.ts +569 -0
package/src/memory/guardian-bindings.ts +130 -0
package/src/memory/guardian-rate-limits.ts +196 -0
package/src/memory/guardian-verification.ts +520 -0
package/src/memory/job-handlers/index-maintenance.ts +2 -1
package/src/memory/job-utils.ts +8 -5
package/src/memory/jobs-store.ts +66 -6
package/src/memory/jobs-worker.ts +23 -1
package/src/memory/migrations/030-guardian-action-followup.ts +21 -0
package/src/memory/migrations/030-guardian-verification-purpose.ts +17 -0
package/src/memory/migrations/031-conversations-thread-type-index.ts +5 -0
package/src/memory/migrations/100-core-tables.ts +1 -1
package/src/memory/migrations/101-watchers-and-logs.ts +4 -0
package/src/memory/migrations/108-tasks-and-work-items.ts +1 -1
package/src/memory/migrations/112-assistant-inbox.ts +1 -1
package/src/memory/migrations/113-late-migrations.ts +1 -1
package/src/memory/migrations/116-messages-fts.ts +13 -0
package/src/memory/migrations/119-schema-indexes-and-columns.ts +37 -0
package/src/memory/migrations/120-fk-cascade-rebuilds.ts +161 -0
package/src/memory/migrations/index.ts +8 -3
package/src/memory/migrations/validate-migration-state.ts +114 -15
package/src/memory/qdrant-circuit-breaker.ts +105 -0
package/src/memory/retriever.ts +46 -13
package/src/memory/schema-migration.ts +3 -0
package/src/memory/schema.ts +25 -7
package/src/memory/search/semantic.ts +8 -90
package/src/notifications/README.md +1 -1
package/src/notifications/broadcaster.ts +20 -2
package/src/notifications/conversation-pairing.ts +3 -3
package/src/notifications/decision-engine.ts +173 -8
package/src/notifications/deliveries-store.ts +27 -8
package/src/notifications/preferences-store.ts +7 -7
package/src/notifications/thread-candidates.ts +234 -0
package/src/notifications/types.ts +18 -0
package/src/permissions/defaults.ts +11 -1
package/src/permissions/prompter.ts +17 -0
package/src/permissions/trust-store.ts +2 -0
package/src/providers/failover.ts +19 -0
package/src/providers/registry.ts +46 -1
package/src/runtime/approval-message-composer.ts +1 -1
package/src/runtime/channel-guardian-service.ts +15 -3
package/src/runtime/channel-retry-sweep.ts +7 -2
package/src/runtime/guardian-action-conversation-turn.ts +85 -0
package/src/runtime/guardian-action-followup-executor.ts +301 -0
package/src/runtime/guardian-action-message-composer.ts +245 -0
package/src/runtime/guardian-outbound-actions.ts +26 -6
package/src/runtime/guardian-verification-templates.ts +15 -9
package/src/runtime/http-errors.ts +93 -0
package/src/runtime/http-server.ts +133 -44
package/src/runtime/http-types.ts +53 -0
package/src/runtime/ingress-service.ts +237 -0
package/src/runtime/middleware/error-handler.ts +4 -3
package/src/runtime/middleware/rate-limiter.ts +160 -0
package/src/runtime/middleware/request-logger.ts +71 -0
package/src/runtime/middleware/twilio-validation.ts +7 -6
package/src/runtime/pending-interactions.ts +12 -0
package/src/runtime/routes/access-request-decision.ts +215 -0
package/src/runtime/routes/app-routes.ts +25 -18
package/src/runtime/routes/approval-routes.ts +18 -47
package/src/runtime/routes/attachment-routes.ts +15 -41
package/src/runtime/routes/call-routes.ts +20 -20
package/src/runtime/routes/channel-delivery-routes.ts +6 -5
package/src/runtime/routes/contact-routes.ts +4 -9
package/src/runtime/routes/conversation-attention-routes.ts +2 -1
package/src/runtime/routes/conversation-routes.ts +26 -57
package/src/runtime/routes/debug-routes.ts +71 -0
package/src/runtime/routes/events-routes.ts +3 -2
package/src/runtime/routes/guardian-approval-interception.ts +221 -0
package/src/runtime/routes/identity-routes.ts +14 -10
package/src/runtime/routes/inbound-conversation.ts +3 -2
package/src/runtime/routes/inbound-message-handler.ts +527 -62
package/src/runtime/routes/ingress-routes.ts +174 -0
package/src/runtime/routes/integration-routes.ts +78 -16
package/src/runtime/routes/pairing-routes.ts +11 -10
package/src/runtime/routes/secret-routes.ts +10 -18
package/src/runtime/verification-rate-limiter.ts +83 -0
package/src/schedule/schedule-store.ts +13 -1
package/src/schedule/scheduler.ts +1 -1
package/src/security/secret-ingress.ts +5 -2
package/src/security/secret-scanner.ts +72 -6
package/src/subagent/manager.ts +6 -4
package/src/swarm/plan-validator.ts +4 -1
package/src/tasks/task-runner.ts +3 -1
package/src/tools/browser/api-map.ts +9 -6
package/src/tools/calls/call-start.ts +20 -0
package/src/tools/executor.ts +50 -568
package/src/tools/permission-checker.ts +272 -0
package/src/tools/registry.ts +14 -6
package/src/tools/reminder/reminder-store.ts +7 -7
package/src/tools/reminder/reminder.ts +6 -3
package/src/tools/secret-detection-handler.ts +301 -0
package/src/tools/subagent/message.ts +1 -1
package/src/tools/system/voice-config.ts +62 -0
package/src/tools/tasks/index.ts +3 -3
package/src/tools/tasks/work-item-list.ts +3 -3
package/src/tools/tasks/work-item-update.ts +4 -5
package/src/tools/tool-approval-handler.ts +192 -0
package/src/tools/tool-manifest.ts +2 -0
package/src/watcher/watcher-store.ts +9 -9
package/src/work-items/work-item-runner.ts +9 -6
/package/src/memory/migrations/{026-embeddings-nullable-vector-json.ts → 026a-embeddings-nullable-vector-json.ts} +0 -0
/package/src/memory/migrations/{027-guardian-bootstrap-token.ts → 027a-guardian-bootstrap-token.ts} +0 -0

package/src/daemon/tls-certs.ts CHANGED Viewed

@@ -42,6 +42,8 @@ function computeFingerprint(cert: X509Certificate): string {
   return cert.fingerprint256.replace(/:/g, '').toLowerCase();
 }
+type CertStatus = 'valid' | 'approaching_expiry' | 'invalid';
 /**
  * Check whether an existing cert+key pair is valid:
  * - All three files exist (cert, key, fingerprint)
@@ -49,8 +51,12 @@ function computeFingerprint(cert: X509Certificate): string {
  * - Cert is not expired
  * - Fingerprint file exists and matches the cert
  * - Private key is valid and matches the certificate
+ *
+ * Returns 'valid' if the cert is good, 'approaching_expiry' if it's still usable
+ * but expires within 30 days (renewal should be attempted), or 'invalid' if the
+ * cert cannot be used at all.
  */
-async function isExistingCertValid(): Promise<boolean> {
+async function checkCertStatus(): Promise<CertStatus> {
   const certPath = getTlsCertPath();
   const keyPath = getTlsKeyPath();
   const fpPath = getTlsFingerprintPath();
@@ -63,7 +69,7 @@ async function isExistingCertValid(): Promise<boolean> {
   ]);
   if (!certExists || !keyExists || !fpExists) {
-    return false;
+    return 'invalid';
   }
   try {
@@ -76,17 +82,18 @@ async function isExistingCertValid(): Promise<boolean> {
     const x509 = new X509Certificate(certPem);
     // Check expiration
+    const now = new Date();
     const notAfter = new Date(x509.validTo);
-    if (notAfter <= new Date()) {
+    if (notAfter <= now) {
       log.info('Existing TLS certificate has expired, will regenerate');
-      return false;
+      return 'invalid';
     }
     // Check fingerprint matches
     const actualFp = computeFingerprint(x509);
     if (actualFp !== storedFp.trim()) {
       log.info('TLS fingerprint mismatch, will regenerate');
-      return false;
+      return 'invalid';
     }
     // Verify the private key is valid and matches the certificate's public key.
@@ -95,13 +102,20 @@ async function isExistingCertValid(): Promise<boolean> {
     const privateKey = createPrivateKey(keyPem);
     if (!x509.checkPrivateKey(privateKey)) {
       log.info('TLS private key does not match certificate, will regenerate');
-      return false;
+      return 'invalid';
+    }
+    // Cert is structurally valid — check if it's approaching expiry
+    const thirtyDaysMs = 30 * 24 * 60 * 60 * 1000;
+    if (notAfter.getTime() - now.getTime() < thirtyDaysMs) {
+      log.info('TLS certificate approaching expiry, will attempt renewal');
+      return 'approaching_expiry';
     }
-    return true;
+    return 'valid';
   } catch (err) {
     log.warn({ err }, 'Failed to validate existing TLS certificate, will regenerate');
-    return false;
+    return 'invalid';
   }
 }
@@ -125,8 +139,9 @@ export async function ensureTlsCert(): Promise<{ cert: string; key: string; fing
   const keyPath = getTlsKeyPath();
   const fpPath = getTlsFingerprintPath();
-  // Check if existing cert is still valid
-  if (await isExistingCertValid()) {
+  const status = await checkCertStatus();
+  if (status === 'valid') {
     const [cert, key, fingerprint] = await Promise.all([
       readFile(certPath, 'utf-8'),
       readFile(keyPath, 'utf-8'),
@@ -136,7 +151,34 @@ export async function ensureTlsCert(): Promise<{ cert: string; key: string; fing
     return { cert, key, fingerprint: fingerprint.trim() };
   }
-  // Generate new cert
+  if (status === 'approaching_expiry') {
+    // Buffer existing cert/key/fingerprint before attempting renewal.
+    // generateNewCert() overwrites key.pem in-place, so if it fails mid-flight
+    // (e.g., key written but cert generation fails), reading from disk in the
+    // catch block would return a mismatched key/cert pair.
+    const [existingCert, existingKey, existingFp] = await Promise.all([
+      readFile(certPath, 'utf-8'),
+      readFile(keyPath, 'utf-8'),
+      readFile(fpPath, 'utf-8'),
+    ]);
+    try {
+      return await generateNewCert(tlsDir, certPath, keyPath, fpPath);
+    } catch (err) {
+      log.warn({ err }, 'Proactive TLS renewal failed, continuing with existing certificate');
+      return { cert: existingCert, key: existingKey, fingerprint: existingFp.trim() };
+    }
+  }
+  // status === 'invalid' — must regenerate, no fallback
+  return await generateNewCert(tlsDir, certPath, keyPath, fpPath);
+}
+async function generateNewCert(
+  tlsDir: string,
+  certPath: string,
+  keyPath: string,
+  fpPath: string,
+): Promise<{ cert: string; key: string; fingerprint: string }> {
   log.info('Generating new self-signed TLS certificate');
   await mkdir(tlsDir, { recursive: true });
@@ -151,13 +193,13 @@ export async function ensureTlsCert(): Promise<{ cert: string; key: string; fing
     throw new Error(`Failed to generate TLS key: ${stderr}`);
   }
-  // Generate self-signed cert (10-year validity)
+  // Generate self-signed cert (1-year validity)
   const certProc = Bun.spawn(
     [
       'openssl', 'req', '-new', '-x509',
       '-key', keyPath,
       '-out', certPath,
-      '-days', '3650',
+      '-days', '365',
       '-subj', '/CN=Vellum Daemon',
     ],
     { stdout: 'pipe', stderr: 'pipe' },

package/src/daemon/tool-side-effects.ts CHANGED Viewed

@@ -7,6 +7,7 @@
  * registry entry instead of another if/else branch.
  */
+import { normalizeActivationKey } from './handlers/config-voice.js';
 import { updatePublishedAppDeployment } from '../services/published-app-updater.js';
 import { openAppViaSurface } from '../tools/apps/open-proxy.js';
 import type { ToolExecutionResult } from '../tools/types.js';
@@ -74,11 +75,6 @@ registerHook('app_update', (_name, input, _result, { ctx, broadcastToAllClients
   }
 });
-// Tell the client to open/focus the tasks window when the model lists tasks
-registerHook('task_list_show', (_name, _input, _result, { ctx }) => {
-  ctx.sendToClient({ type: 'open_tasks_window' });
-});
 // Broadcast tasks_changed so connected clients (e.g. macOS Tasks window)
 // auto-refresh when the LLM mutates the task queue via tools
 registerHook(
@@ -101,6 +97,18 @@ registerHook(
   },
 );
+// Broadcast activation key change to all connected clients so every
+// macOS/iOS instance picks up the new setting immediately.
+registerHook('voice_config_update', (_name, input, _result, { broadcastToAllClients }) => {
+  const key = input.activation_key as string | undefined;
+  if (key) {
+    const normalized = normalizeActivationKey(key);
+    if (normalized.ok) {
+      broadcastToAllClients?.({ type: 'client_settings_update', key: 'activationKey', value: normalized.value });
+    }
+  }
+});
 // ── Runner ───────────────────────────────────────────────────────────
 /**

package/src/gallery/default-gallery.ts CHANGED Viewed

@@ -107,8 +107,8 @@ const focusTimerHtml = `<!DOCTYPE html>
   <div class="mode-label" id="modeLabel">Work Session</div>
   <div class="timer-display" id="timerDisplay">25:00</div>
   <div class="controls">
-    <button class="btn-primary" id="startBtn" onclick="toggleTimer()">Start</button>
-    <button class="btn-secondary" id="resetBtn" onclick="resetTimer()">Reset</button>
+    <button class="btn-primary" id="startBtn">Start</button>
+    <button class="btn-secondary" id="resetBtn">Reset</button>
   </div>
   <div class="stats">
     <div class="stat-item">
@@ -184,6 +184,9 @@ const focusTimerHtml = `<!DOCTYPE html>
     updateDisplay();
   }
+  document.getElementById('startBtn').addEventListener('click', toggleTimer);
+  document.getElementById('resetBtn').addEventListener('click', resetTimer);
   updateDisplay();
 </script>
 </body>
@@ -334,8 +337,8 @@ const habitTrackerHtml = `<!DOCTYPE html>
   <h1>Habit Tracker</h1>
 </div>
 <div class="add-form">
-  <input type="text" id="habitInput" placeholder="Add a new habit..." onkeydown="if(event.key==='Enter')addHabit()">
-  <button class="btn-primary" onclick="addHabit()">Add</button>
+  <input type="text" id="habitInput" placeholder="Add a new habit...">
+  <button class="btn-primary" id="addHabitBtn">Add</button>
 </div>
 <div class="days-header">
   <div></div>
@@ -387,12 +390,12 @@ const habitTrackerHtml = `<!DOCTYPE html>
       html += '<div class="habit-row">';
       html += '<div style="display:flex;align-items:center;gap:8px">';
       html += '<span class="habit-name">' + escapeHtml(record.data.name) + '</span>';
-      html += '<button class="delete-btn" onclick="deleteHabit(\\''+record.id+'\\')">x</button>';
+      html += '<button class="delete-btn" data-delete-habit="'+record.id+'">x</button>';
       html += '</div>';
       dates.forEach(function(date) {
         var checked = completedDates.indexOf(date) !== -1;
         html += '<div class="check-cell">';
-        html += '<button class="check-btn' + (checked ? ' checked' : '') + '" onclick="toggleDate(\\''+record.id+'\\',\\''+date+'\\')">';
+        html += '<button class="check-btn' + (checked ? ' checked' : '') + '" data-toggle-habit="'+record.id+'" data-toggle-date="'+date+'">';
         html += checked ? '\\u2713' : '';
         html += '</button></div>';
       });
@@ -438,6 +441,17 @@ const habitTrackerHtml = `<!DOCTYPE html>
     });
   }
+  document.getElementById('habitInput').addEventListener('keydown', function(event) {
+    if (event.key === 'Enter') addHabit();
+  });
+  document.getElementById('addHabitBtn').addEventListener('click', addHabit);
+  document.getElementById('habitsList').addEventListener('click', function(event) {
+    var btn = event.target.closest('[data-delete-habit]');
+    if (btn) { deleteHabit(btn.getAttribute('data-delete-habit')); return; }
+    var toggle = event.target.closest('[data-toggle-habit]');
+    if (toggle) { toggleDate(toggle.getAttribute('data-toggle-habit'), toggle.getAttribute('data-toggle-date')); }
+  });
   initDates();
   loadHabits();
 </script>
@@ -629,9 +643,9 @@ const expenseTrackerHtml = `<!DOCTYPE html>
     <option value="entertainment">Entertainment</option>
     <option value="other">Other</option>
   </select>
-  <input type="text" class="input-desc" id="descInput" placeholder="Description..." onkeydown="if(event.key==='Enter')addExpense()">
+  <input type="text" class="input-desc" id="descInput" placeholder="Description...">
   <input type="date" class="input-date" id="dateInput">
-  <button class="btn-primary" onclick="addExpense()">Add</button>
+  <button class="btn-primary" id="addExpenseBtn">Add</button>
 </div>
 <div class="section-title">By Category</div>
 <div class="categories-grid" id="categoriesGrid"></div>
@@ -693,7 +707,7 @@ const expenseTrackerHtml = `<!DOCTYPE html>
         listHtml += '<div class="expense-meta">' + escapeHtml(r.data.category || 'other') + ' \\u00B7 ' + escapeHtml(r.data.date || '') + '</div>';
         listHtml += '</div>';
         listHtml += '<div class="expense-amount">$' + amt.toFixed(2) + '</div>';
-        listHtml += '<button class="delete-btn" onclick="deleteExpense(\\''+r.id+'\\')">x</button>';
+        listHtml += '<button class="delete-btn" data-delete-expense="'+r.id+'">x</button>';
         listHtml += '</div>';
       });
     }
@@ -724,6 +738,15 @@ const expenseTrackerHtml = `<!DOCTYPE html>
     });
   }
+  document.getElementById('descInput').addEventListener('keydown', function(event) {
+    if (event.key === 'Enter') addExpense();
+  });
+  document.getElementById('addExpenseBtn').addEventListener('click', addExpense);
+  document.getElementById('expenseList').addEventListener('click', function(event) {
+    var btn = event.target.closest('[data-delete-expense]');
+    if (btn) { deleteExpense(btn.getAttribute('data-delete-expense')); }
+  });
   loadExpenses();
 </script>
 </body>

package/src/influencer/client.ts CHANGED Viewed

@@ -47,6 +47,7 @@
 import type { ExtensionCommand, ExtensionResponse } from '../browser-extension-relay/protocol.js';
 import { extensionRelayServer } from '../browser-extension-relay/server.js';
+import { getGatewayInternalBaseUrl } from '../config/env.js';
 import { readHttpToken } from '../util/platform.js';
 // ---------------------------------------------------------------------------
@@ -133,7 +134,7 @@ async function sendRelayCommand(command: Record<string, unknown>): Promise<Exten
     );
   }
-  const resp = await fetch('http://127.0.0.1:7821/v1/browser-relay/command', {
+  const resp = await fetch(`${getGatewayInternalBaseUrl()}/v1/browser-relay/command`, {
     method: 'POST',
     headers: {
       'Content-Type': 'application/json',