@vellumai/assistant 0.3.15 → 0.3.18

package/src/notifications/thread-candidates.ts

@@ -0,0 +1,269 @@
+/**
+ * Thread candidate builder for notification thread reuse.
+ *
+ * Builds a lightweight candidate set of recent notification conversations
+ * per channel that the decision engine can choose to reuse instead of
+ * starting a new thread. Includes guardian-specific context (pending
+ * unresolved request count) when available.
+ *
+ * The candidate set is intentionally compact — only the fields the LLM
+ * needs for a routing decision, not full conversation contents.
+ */
+
+import { and, count, desc, eq, inArray, isNotNull } from 'drizzle-orm';
+
+import { getDb } from '../memory/db.js';
+import { channelGuardianApprovalRequests, conversations, notificationDecisions, notificationDeliveries, notificationEvents } from '../memory/schema.js';
+import { getLogger } from '../util/logger.js';
+import type { NotificationChannel } from './types.js';
+
+const log = getLogger('thread-candidates');
+
+/** Maximum number of candidate threads to surface per channel. */
+const MAX_CANDIDATES_PER_CHANNEL = 5;
+
+/** Only consider conversations updated within this window (ms). */
+const CANDIDATE_RECENCY_WINDOW_MS = 24 * 60 * 60 * 1000; // 24 hours
+
+// -- Public types -------------------------------------------------------------
+
+/** Guardian-specific context attached to a thread candidate when available. */
+export interface GuardianCandidateContext {
+  /** Number of unresolved (pending) guardian approval requests in this conversation. */
+  pendingUnresolvedRequestCount: number;
+}
+
+/** A single candidate conversation that the decision engine can select for reuse. */
+export interface ThreadCandidate {
+  conversationId: string;
+  title: string | null;
+  updatedAt: number;
+  /** The source event name from the most recent notification delivered to this conversation. */
+  latestSourceEventName: string | null;
+  channel: NotificationChannel;
+  /** Guardian-specific context, present only when there are relevant guardian records. */
+  guardianContext?: GuardianCandidateContext;
+}
+
+/** Candidate set for the decision engine, keyed by channel. */
+export type ThreadCandidateSet = Partial<Record<NotificationChannel, ThreadCandidate[]>>;
+
+// -- Core builder -------------------------------------------------------------
+
+/**
+ * Build the thread candidate set for all selected channels.
+ *
+ * Queries recent notification-sourced conversations that were delivered
+ * to each channel and enriches them with guardian-specific metadata
+ * when available.
+ *
+ * Errors are caught per-channel so a failure in one channel does not
+ * block candidates for others.
+ */
+export function buildThreadCandidates(
+  channels: NotificationChannel[],
+  assistantId: string,
+): ThreadCandidateSet {
+  const result: ThreadCandidateSet = {};
+  const cutoff = Date.now() - CANDIDATE_RECENCY_WINDOW_MS;
+
+  for (const channel of channels) {
+    try {
+      const candidates = buildCandidatesForChannel(channel, assistantId, cutoff);
+      if (candidates.length > 0) {
+        result[channel] = candidates;
+      }
+    } catch (err) {
+      const errMsg = err instanceof Error ? err.message : String(err);
+      log.warn({ err: errMsg, channel }, 'Failed to build thread candidates for channel');
+    }
+  }
+
+  return result;
+}
+
+// -- Per-channel query --------------------------------------------------------
+
+/**
+ * Query recent notification conversations for a given channel.
+ *
+ * Joins notification_deliveries -> notification_decisions -> notification_events
+ * to find conversations that were created by the notification pipeline for
+ * this channel, then enriches with guardian context.
+ */
+function buildCandidatesForChannel(
+  channel: NotificationChannel,
+  assistantId: string,
+  cutoffMs: number,
+): ThreadCandidate[] {
+  const db = getDb();
+
+  // Find recent notification deliveries for this channel that have a
+  // conversationId and were successfully sent.
+  const rows = db
+    .select({
+      conversationId: notificationDeliveries.conversationId,
+      channel: notificationDeliveries.channel,
+      deliverySentAt: notificationDeliveries.sentAt,
+      sourceEventName: notificationEvents.sourceEventName,
+      convTitle: conversations.title,
+      convUpdatedAt: conversations.updatedAt,
+    })
+    .from(notificationDeliveries)
+    .innerJoin(
+      notificationDecisions,
+      eq(notificationDeliveries.notificationDecisionId, notificationDecisions.id),
+    )
+    .innerJoin(
+      notificationEvents,
+      eq(notificationDecisions.notificationEventId, notificationEvents.id),
+    )
+    .innerJoin(
+      conversations,
+      eq(notificationDeliveries.conversationId, conversations.id),
+    )
+    .where(
+      and(
+        eq(notificationDeliveries.channel, channel),
+        eq(notificationDeliveries.assistantId, assistantId),
+        eq(notificationDeliveries.status, 'sent'),
+        isNotNull(notificationDeliveries.conversationId),
+      ),
+    )
+    .orderBy(desc(notificationDeliveries.sentAt))
+    .limit(MAX_CANDIDATES_PER_CHANNEL * 3) // over-fetch to allow deduplication
+    .all();
+
+  // Deduplicate by conversationId (keep the most recent delivery per conversation)
+  const seen = new Set<string>();
+  const candidates: ThreadCandidate[] = [];
+
+  for (const row of rows) {
+    if (!row.conversationId) continue;
+    if (seen.has(row.conversationId)) continue;
+
+    // Apply recency filter on the conversation's updatedAt
+    if (row.convUpdatedAt < cutoffMs) continue;
+
+    seen.add(row.conversationId);
+
+    candidates.push({
+      conversationId: row.conversationId,
+      title: row.convTitle,
+      updatedAt: row.convUpdatedAt,
+      latestSourceEventName: row.sourceEventName ?? null,
+      channel: channel,
+    });
+
+    if (candidates.length >= MAX_CANDIDATES_PER_CHANNEL) break;
+  }
+
+  // Batch-enrich all candidates with guardian context in a single query
+  if (candidates.length > 0) {
+    const pendingCounts = batchCountPendingByConversation(
+      candidates.map((c) => c.conversationId),
+      assistantId,
+    );
+    for (const candidate of candidates) {
+      const pendingCount = pendingCounts.get(candidate.conversationId) ?? 0;
+      if (pendingCount > 0) {
+        candidate.guardianContext = { pendingUnresolvedRequestCount: pendingCount };
+      }
+    }
+  }
+
+  return candidates;
+}
+
+// -- Guardian context enrichment ----------------------------------------------
+
+/**
+ * Batch-count pending guardian approval requests for multiple conversations
+ * in a single query. Returns a map from conversationId to pending count
+ * (only entries with count > 0 are included).
+ */
+function batchCountPendingByConversation(
+  conversationIds: string[],
+  assistantId: string,
+): Map<string, number> {
+  const result = new Map<string, number>();
+  if (conversationIds.length === 0) return result;
+
+  try {
+    const db = getDb();
+
+    const rows = db
+      .select({
+        conversationId: channelGuardianApprovalRequests.conversationId,
+        count: count(),
+      })
+      .from(channelGuardianApprovalRequests)
+      .where(
+        and(
+          inArray(channelGuardianApprovalRequests.conversationId, conversationIds),
+          eq(channelGuardianApprovalRequests.status, 'pending'),
+          eq(channelGuardianApprovalRequests.assistantId, assistantId),
+        ),
+      )
+      .groupBy(channelGuardianApprovalRequests.conversationId)
+      .all();
+
+    for (const row of rows) {
+      if (row.count > 0) {
+        result.set(row.conversationId, row.count);
+      }
+    }
+  } catch (err) {
+    const errMsg = err instanceof Error ? err.message : String(err);
+    log.warn({ err: errMsg }, 'Failed to batch-query guardian context for candidates');
+  }
+
+  return result;
+}
+
+// -- Prompt serialization -----------------------------------------------------
+
+/**
+ * Serialize a thread candidate set into a compact text block suitable for
+ * injection into the decision engine's user prompt.
+ *
+ * Designed to be token-efficient while giving the LLM enough context
+ * to make a reuse decision.
+ */
+export function serializeCandidatesForPrompt(candidateSet: ThreadCandidateSet): string | null {
+  const channelEntries = Object.entries(candidateSet) as [NotificationChannel, ThreadCandidate[]][];
+  if (channelEntries.length === 0) return null;
+
+  const sections: string[] = [];
+
+  for (const [channel, candidates] of channelEntries) {
+    if (candidates.length === 0) continue;
+
+    const lines: string[] = [`Channel: ${channel}`];
+    for (const c of candidates) {
+      // Escape title to prevent format corruption from quotes or newlines in
+      // user/model-provided text. JSON.stringify produces a safe single-line
+      // quoted string; we strip the outer quotes since we wrap in our own.
+      const safeTitle = c.title
+        ? JSON.stringify(c.title).slice(1, -1)
+        : '(untitled)';
+      const parts: string[] = [
+        `  - id=${c.conversationId}`,
+        `title="${safeTitle}"`,
+        `updated=${new Date(c.updatedAt).toISOString()}`,
+      ];
+      if (c.latestSourceEventName) {
+        const safeEventName = JSON.stringify(c.latestSourceEventName).slice(1, -1);
+        parts.push(`lastEvent="${safeEventName}"`);
+      }
+      if (c.guardianContext) {
+        parts.push(`pendingRequests=${c.guardianContext.pendingUnresolvedRequestCount}`);
+      }
+      lines.push(parts.join(' '));
+    }
+    sections.push(lines.join('\n'));
+  }
+
+  if (sections.length === 0) return null;
+  return sections.join('\n\n');
+}

package/src/notifications/types.ts

@@ -79,12 +79,31 @@ export interface RenderedChannelCopy {
   threadSeedMessage?: string;
 }
 
+// -- Thread action types ------------------------------------------------------
+
+/** Start a new conversation thread for the notification delivery. */
+export interface ThreadActionStartNew {
+  action: 'start_new';
+}
+
+/** Reuse an existing conversation thread identified by conversationId. */
+export interface ThreadActionReuseExisting {
+  action: 'reuse_existing';
+  conversationId: string;
+}
+
+/** Per-channel thread action — either start a new thread or reuse an existing one. */
+export type ThreadAction = ThreadActionStartNew | ThreadActionReuseExisting;
+
+
 /** Output produced by the notification decision engine for a given signal. */
 export interface NotificationDecision {
   shouldNotify: boolean;
   selectedChannels: NotificationChannel[];
   reasoningSummary: string;
   renderedCopy: Partial<Record<NotificationChannel, RenderedChannelCopy>>;
+  /** Per-channel thread actions decided by the model. Absent channels default to start_new. */
+  threadActions?: Partial<Record<NotificationChannel, ThreadAction>>;
   deepLinkTarget?: Record<string, unknown>;
   dedupeKey: string;
   confidence: number;

package/src/permissions/checker.ts

@@ -123,19 +123,6 @@ function getWrappedProgram(seg: { program: string; args: string[] }): string | u
   return undefined;
 }
 
-function isHighRiskRm(args: string[]): boolean {
-  // rm with -r, -rf, -fr, or targeting root/home
-  for (const arg of args) {
-    if (arg.startsWith('-') && (arg.includes('r') || arg.includes('f'))) {
-      return true;
-    }
-    if (arg === '/' || arg === '~' || arg === '$HOME') {
-      return true;
-    }
-  }
-  return false;
-}
-
 function getStringField(input: Record<string, unknown>, ...keys: string[]): string {
   for (const key of keys) {
     const value = input[key];
@@ -398,9 +385,7 @@ async function classifyRiskUncached(toolName: string, input: Record<string, unkn
       if (HIGH_RISK_PROGRAMS.has(prog)) return RiskLevel.High;
 
       if (prog === 'rm') {
-        if (isHighRiskRm(seg.args)) return RiskLevel.High;
-        maxRisk = RiskLevel.Medium;
-        continue;
+        return RiskLevel.High;
       }
 
       if (prog === 'chmod' || prog === 'chown' || prog === 'chgrp'

package/src/permissions/defaults.ts

@@ -37,6 +37,13 @@ const COMPUTER_USE_TOOLS = [
  * Computed at runtime so paths reflect the configured root directory.
  */
 export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
+  // Some test suites mock getConfig() with partial objects; treat missing
+  // branches as defaults so rule generation remains deterministic.
+  const config = getConfig() as {
+    sandbox?: { enabled?: boolean };
+    skills?: { load?: { extraDirs?: unknown } };
+  };
+
   const hostFileRules = HOST_FILE_TOOLS.map((tool) => ({
     id: `default:ask-${tool}-global`,
     tool,
@@ -50,11 +57,11 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
   // global default ask rule uses "**" (globstar) instead of a "tool:*" prefix
   // because commands often contain "/" (e.g. "cat /etc/hosts").
   const hostShellRule: DefaultRuleTemplate = {
-    id: 'default:ask-host_bash-global',
+    id: 'default:allow-host_bash-global',
     tool: 'host_bash',
     pattern: '**',
     scope: 'everywhere',
-    decision: 'ask',
+    decision: 'allow',
     priority: 50,
   };
 
@@ -62,7 +69,7 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
   // them (including high-risk) so the user is never prompted for sandbox work.
   // Only emit this rule when the sandbox is actually enabled; otherwise bash
   // commands execute on the host and must go through normal permission checks.
-  const sandboxEnabled = getConfig().sandbox.enabled;
+  const sandboxEnabled = config.sandbox?.enabled !== false;
   const sandboxShellRule: DefaultRuleTemplate | null = sandboxEnabled
     ? {
         id: 'default:allow-bash-global',
@@ -105,7 +112,7 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
   // and write these without prompting.  Also allow `rm BOOTSTRAP.md` so the
   // agent can delete it at the end of the onboarding ritual.
   const workspaceDir = join(getRootDir(), 'workspace').replaceAll('\\', '/');
-  const WORKSPACE_PROMPT_FILES = ['IDENTITY.md', 'USER.md', 'SOUL.md', 'BOOTSTRAP.md'] as const;
+  const WORKSPACE_PROMPT_FILES = ['IDENTITY.md', 'USER.md', 'SOUL.md', 'BOOTSTRAP.md', 'UPDATES.md'] as const;
   const WORKSPACE_FILE_TOOLS = ['file_read', 'file_write', 'file_edit'] as const;
   const workspacePromptRules = WORKSPACE_FILE_TOOLS.flatMap((tool) =>
     WORKSPACE_PROMPT_FILES.map((file) => ({
@@ -127,6 +134,15 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
     priority: 100,
   };
 
+  const updatesDeleteRule: DefaultRuleTemplate = {
+    id: 'default:allow-bash-rm-updates',
+    tool: 'bash',
+    pattern: 'rm UPDATES.md',
+    scope: workspaceDir,
+    decision: 'allow',
+    priority: 100,
+  };
+
   // Skill source directories — writing or editing skill source files should
   // require explicit user approval so a compromised agent loop cannot silently
   // modify skill code to escalate privileges.
@@ -140,7 +156,10 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
 
   // Append any user-configured extra skill directories so they get the
   // same default ask rules as managed and bundled dirs.
-  const extraDirs = getConfig().skills.load.extraDirs;
+  const rawExtraDirs = config.skills?.load?.extraDirs;
+  const extraDirs = Array.isArray(rawExtraDirs)
+    ? rawExtraDirs.filter((dir): dir is string => typeof dir === 'string')
+    : [];
   for (let i = 0; i < extraDirs.length; i++) {
     skillDirs.push({ dir: extraDirs[i].replaceAll('\\', '/'), label: `extra-${i}` });
   }
@@ -248,6 +267,7 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
     ...managedSkillRules,
     ...workspacePromptRules,
     bootstrapDeleteRule,
+    updatesDeleteRule,
     ...skillSourceMutationRules,
     skillLoadRule,
     browserNavigateRule,

package/src/permissions/prompter.ts

@@ -114,6 +114,23 @@ export class PermissionPrompter {
     pending.resolve({ decision, selectedPattern, selectedScope, decisionContext });
   }
 
+  /**
+   * Deny all pending confirmation prompts at once. Used when a new user
+   * message arrives while confirmations are outstanding — the agent will
+   * see the denial and can re-request if still needed.
+   */
+  denyAllPending(): void {
+    for (const [requestId, pending] of this.pending) {
+      clearTimeout(pending.timer);
+      this.pending.delete(requestId);
+      pending.resolve({ decision: 'deny', decisionContext: 'The user sent a new message instead of responding to this permission prompt. Stop what you are doing and respond to the user\'s new message. Do NOT retry this tool or request permission again until the user asks you to.' });
+    }
+  }
+
+  get hasPending(): boolean {
+    return this.pending.size > 0;
+  }
+
   dispose(): void {
     for (const [, pending] of this.pending) {
       clearTimeout(pending.timer);

package/src/permissions/trust-store.ts

@@ -276,6 +276,8 @@ function loadFromDisk(): TrustRule[] {
         // on loaded rules would silently widen their scope to global
         // wildcards. Stripping them and re-saving prevents scope escalation.
         for (const rule of rules) {
+          // Legacy v3 rules may carry principal-scoped fields that no longer
+          // exist in the TrustRule interface — cast to strip them at runtime.
           const r = rule as unknown as Record<string, unknown>;
           if ('principalKind' in r || 'principalId' in r || 'principalVersion' in r) {
             delete r.principalKind;

package/src/providers/failover.ts

@@ -47,6 +47,12 @@ function isFailoverError(error: unknown): boolean {
   return false;
 }
 
+export interface ProviderHealthStatus {
+  name: string;
+  healthy: boolean;
+  unhealthySince: string | null;
+}
+
 export class FailoverProvider implements Provider {
   public readonly name: string;
   private readonly healthMap = new Map<string, ProviderHealth>();
@@ -126,4 +132,17 @@ export class FailoverProvider implements Provider {
       undefined,
     );
   }
+
+  getHealthStatus(): ProviderHealthStatus[] {
+    return this.providers.map((p) => {
+      const health = this.healthMap.get(p.name)!;
+      return {
+        name: p.name,
+        healthy: health.unhealthySince == null,
+        unhealthySince: health.unhealthySince != null
+          ? new Date(health.unhealthySince).toISOString()
+          : null,
+      };
+    });
+  }
 }

package/src/providers/registry.ts

@@ -1,7 +1,7 @@
 import { wrapWithLogfire } from "../logfire.js";
 import { ConfigError } from "../util/errors.js";
 import { AnthropicProvider } from "./anthropic/client.js";
-import { FailoverProvider } from "./failover.js";
+import { FailoverProvider, type ProviderHealthStatus } from "./failover.js";
 import { FireworksProvider } from "./fireworks/client.js";
 import { GeminiProvider } from "./gemini/client.js";
 import { getProviderDefaultModel } from "./model-intents.js";
@@ -138,6 +138,51 @@ function resolveModel(config: ProvidersConfig, providerName: string): string {
   return getProviderDefaultModel(providerName);
 }
 
+export interface ProviderDebugStatus {
+  configuredPrimary: string;
+  activePrimary: string | null;
+  usedFallback: boolean;
+  registeredProviders: string[];
+  failoverHealth: ProviderHealthStatus[] | null;
+  overallHealth: 'healthy' | 'degraded' | 'down';
+}
+
+export function getProviderDebugStatus(
+  configuredProvider: string,
+  providerOrder: string[],
+): ProviderDebugStatus {
+  const registered = listProviders();
+  const selection = resolveProviderSelection(configuredProvider, providerOrder);
+
+  let failoverHealth: ProviderHealthStatus[] | null = null;
+  if (cachedFailoverProvider) {
+    failoverHealth = cachedFailoverProvider.getHealthStatus();
+  }
+
+  let overallHealth: 'healthy' | 'degraded' | 'down' = 'down';
+  if (registered.length > 0 && selection.selectedPrimary) {
+    if (!failoverHealth) {
+      overallHealth = 'healthy';
+    } else {
+      const healthyCount = failoverHealth.filter((h) => h.healthy).length;
+      if (healthyCount === failoverHealth.length) {
+        overallHealth = 'healthy';
+      } else if (healthyCount > 0) {
+        overallHealth = 'degraded';
+      }
+    }
+  }
+
+  return {
+    configuredPrimary: configuredProvider,
+    activePrimary: selection.selectedPrimary,
+    usedFallback: selection.usedFallbackPrimary,
+    registeredProviders: registered,
+    failoverHealth,
+    overallHealth,
+  };
+}
+
 export function initializeProviders(config: ProvidersConfig): void {
   providers.clear();
   cachedFailoverProvider = null;

package/src/runtime/approval-message-composer.ts

@@ -223,7 +223,7 @@ export function getFallbackMessage(context: ApprovalMessageContext): string {
       // consistency; wording adapts to channel and code type.
       const code = context.verifyCommand ?? 'the verification code';
       // Detect whether the code is a short numeric (identity-bound outbound)
-      // or a high-entropy hex (inbound challenge) and adjust wording.
+      // or a high-entropy hex (inbound challenge/bootstrap) and adjust wording.
       const isNumeric = /^\d{4,8}$/.test(code);
       if (context.channel === 'voice') {
         if (isNumeric) {

package/src/runtime/channel-guardian-service.ts

@@ -9,7 +9,7 @@
 import { createHash,randomBytes } from 'crypto';
 import { v4 as uuid } from 'uuid';
 
-import type { GuardianBinding, IdentityBindingStatus,SessionStatus, VerificationChallenge } from '../memory/channel-guardian-store.js';
+import type { GuardianBinding, IdentityBindingStatus, SessionStatus, VerificationChallenge, VerificationPurpose } from '../memory/channel-guardian-store.js';
 import {
   bindSessionIdentity as storeBindSessionIdentity,
   consumeChallenge,
@@ -62,7 +62,8 @@ export interface CreateChallengeResult {
 }
 
 export type ValidateChallengeResult =
-  | { success: true; bindingId: string }
+  | { success: true; bindingId: string; verificationType: 'guardian' }
+  | { success: true; verificationType: 'trusted_contact' }
   | { success: false; reason: string };
 
 // ---------------------------------------------------------------------------
@@ -272,6 +273,15 @@ export function validateAndConsumeChallenge(
   // Reset the rate-limit counter on success
   resetRateLimit(assistantId, channel, actorExternalUserId, actorChatId);
 
+  // Trusted contact verification sessions (created by the access request
+  // approval flow) should NOT create a guardian binding — the requester is
+  // becoming a trusted contact, not a guardian. The explicit verificationPurpose
+  // field distinguishes this from guardian outbound verification which also uses
+  // identity-bound sessions.
+  if (challenge.verificationPurpose === 'trusted_contact') {
+    return { success: true, verificationType: 'trusted_contact' };
+  }
+
   // Reject if a different user already holds the guardian binding
   const existingBinding = getActiveBinding(assistantId, channel);
   if (existingBinding && existingBinding.guardianExternalUserId !== actorExternalUserId) {
@@ -302,7 +312,7 @@ export function validateAndConsumeChallenge(
     metadataJson: Object.keys(metadata).length > 0 ? JSON.stringify(metadata) : null,
   });
 
-  return { success: true, bindingId: binding.id };
+  return { success: true, bindingId: binding.id, verificationType: 'guardian' };
 }
 
 /**
@@ -396,6 +406,7 @@ export function createOutboundSession(params: {
   maxAttempts?: number;
   sessionId?: string;
   bootstrapTokenHash?: string;
+  verificationPurpose?: VerificationPurpose;
 }): CreateOutboundSessionResult {
   // Use high-entropy hex for unbound bootstrap sessions to prevent brute-force;
   // 6-digit numeric codes are only safe when identity is already bound.
@@ -421,6 +432,7 @@ export function createOutboundSession(params: {
     destinationAddress: params.destinationAddress,
     codeDigits: params.codeDigits,
     maxAttempts: params.maxAttempts,
+    verificationPurpose: params.verificationPurpose,
     bootstrapTokenHash: params.bootstrapTokenHash,
   });
 

package/src/runtime/channel-retry-sweep.ts

@@ -117,6 +117,7 @@ export async function sweepFailedEvents(
           },
           assistantId,
           guardianContext,
+          isInteractive: guardianContext?.actorRole === 'guardian',
         },
         sourceChannel,
         sourceInterface,
@@ -133,7 +134,11 @@ export async function sweepFailedEvents(
           ? payload.externalChatId
           : undefined;
         if (externalChatId) {
-          const startFromSegment = channelDeliveryStore.getDeliveredSegmentCount(event.id);
+          // processMessage above generated a fresh assistant response, so any
+          // previously tracked segment progress belongs to the old response and
+          // must not carry over. Reset to 0 so we deliver all segments of the
+          // new response.
+          channelDeliveryStore.updateDeliveredSegmentCount(event.id, 0);
           await deliverReplyViaCallback(
             event.conversationId,
             externalChatId,
@@ -141,7 +146,7 @@ export async function sweepFailedEvents(
             bearerToken,
             assistantId,
             {
-              startFromSegment,
+              startFromSegment: 0,
               onSegmentDelivered: (count) =>
                 channelDeliveryStore.updateDeliveredSegmentCount(event.id, count),
             },