@vellumai/assistant 0.3.16 → 0.3.18

package/src/notifications/decision-engine.ts

@@ -19,7 +19,7 @@ import { getLogger } from '../util/logger.js';
 import { createDecision } from './decisions-store.js';
 import { getPreferenceSummary } from './preference-summary.js';
 import type { NotificationSignal, RoutingIntent } from './signal.js';
-import { type ThreadCandidateSet, buildThreadCandidates, serializeCandidatesForPrompt } from './thread-candidates.js';
+import { buildThreadCandidates, serializeCandidatesForPrompt,type ThreadCandidateSet } from './thread-candidates.js';
 import type { NotificationChannel, NotificationDecision, RenderedChannelCopy, ThreadAction } from './types.js';
 
 const log = getLogger('notification-decision-engine');
@@ -385,13 +385,16 @@ export function validateThreadActions(
     if (action.action === 'start_new') {
       result[channel] = { action: 'start_new' };
     } else if (action.action === 'reuse_existing') {
-      const conversationId = action.conversationId;
-      if (typeof conversationId !== 'string' || !conversationId.trim()) {
+      const rawConversationId = action.conversationId;
+      if (typeof rawConversationId !== 'string' || !rawConversationId.trim()) {
         log.warn({ channel }, 'LLM returned reuse_existing without conversationId — downgrading to start_new');
         result[channel] = { action: 'start_new' };
         continue;
       }
 
+      // Normalize: the LLM may return a valid ID with leading/trailing whitespace
+      const conversationId = rawConversationId.trim();
+
       // Strict validation: the conversationId must exist in the candidate set
       const candidateIds = validCandidateIds.get(channel);
       if (!candidateIds || !candidateIds.has(conversationId)) {

package/src/notifications/deliveries-store.ts

@@ -28,6 +28,9 @@ export interface NotificationDeliveryRow {
   conversationId: string | null;
   messageId: string | null;
   conversationStrategy: string | null;
+  threadAction: string | null;
+  threadTargetConversationId: string | null;
+  threadDecisionFallbackUsed: number | null;
   clientDeliveryStatus: string | null;
   clientDeliveryError: string | null;
   clientDeliveryAt: number | null;
@@ -52,6 +55,9 @@ function rowToDelivery(row: typeof notificationDeliveries.$inferSelect): Notific
     conversationId: row.conversationId,
     messageId: row.messageId,
     conversationStrategy: row.conversationStrategy,
+    threadAction: row.threadAction,
+    threadTargetConversationId: row.threadTargetConversationId,
+    threadDecisionFallbackUsed: row.threadDecisionFallbackUsed,
     clientDeliveryStatus: row.clientDeliveryStatus,
     clientDeliveryError: row.clientDeliveryError,
     clientDeliveryAt: row.clientDeliveryAt,
@@ -76,6 +82,9 @@ export interface CreateDeliveryParams {
   conversationId?: string;
   messageId?: string;
   conversationStrategy?: string;
+  threadAction?: string;
+  threadTargetConversationId?: string;
+  threadDecisionFallbackUsed?: boolean;
 }
 
 /** Create a new delivery audit record. */
@@ -99,6 +108,9 @@ export function createDelivery(params: CreateDeliveryParams): NotificationDelive
     conversationId: params.conversationId ?? null,
     messageId: params.messageId ?? null,
     conversationStrategy: params.conversationStrategy ?? null,
+    threadAction: params.threadAction ?? null,
+    threadTargetConversationId: params.threadTargetConversationId ?? null,
+    threadDecisionFallbackUsed: params.threadDecisionFallbackUsed != null ? (params.threadDecisionFallbackUsed ? 1 : 0) : null,
     clientDeliveryStatus: null,
     clientDeliveryError: null,
     clientDeliveryAt: null,

package/src/notifications/emit-signal.ts

@@ -205,6 +205,7 @@ export async function emitNotificationSignal(params: EmitSignalParams): Promise<
 
     // Step 2: Evaluate the signal through the decision engine
     const connectedChannels = getConnectedChannels(assistantId);
+
     let decision = await evaluateSignal(signal, connectedChannels);
 
     // Step 2.5: Enforce routing intent policy (fire-time guard)

package/src/notifications/thread-candidates.ts

@@ -10,11 +10,10 @@
  * needs for a routing decision, not full conversation contents.
  */
 
-import { and, desc, eq, isNotNull } from 'drizzle-orm';
+import { and, count, desc, eq, inArray, isNotNull } from 'drizzle-orm';
 
 import { getDb } from '../memory/db.js';
-import { countPendingByConversation } from '../memory/guardian-approvals.js';
-import { conversations, notificationDeliveries, notificationDecisions, notificationEvents } from '../memory/schema.js';
+import { channelGuardianApprovalRequests, conversations, notificationDecisions, notificationDeliveries, notificationEvents } from '../memory/schema.js';
 import { getLogger } from '../util/logger.js';
 import type { NotificationChannel } from './types.js';
 
@@ -148,49 +147,78 @@ function buildCandidatesForChannel(
 
     seen.add(row.conversationId);
 
-    const candidate: ThreadCandidate = {
+    candidates.push({
       conversationId: row.conversationId,
       title: row.convTitle,
       updatedAt: row.convUpdatedAt,
       latestSourceEventName: row.sourceEventName ?? null,
       channel: channel,
-    };
-
-    // Enrich with guardian context
-    const guardianContext = buildGuardianContext(row.conversationId, assistantId);
-    if (guardianContext) {
-      candidate.guardianContext = guardianContext;
-    }
-
-    candidates.push(candidate);
+    });
 
     if (candidates.length >= MAX_CANDIDATES_PER_CHANNEL) break;
   }
 
+  // Batch-enrich all candidates with guardian context in a single query
+  if (candidates.length > 0) {
+    const pendingCounts = batchCountPendingByConversation(
+      candidates.map((c) => c.conversationId),
+      assistantId,
+    );
+    for (const candidate of candidates) {
+      const pendingCount = pendingCounts.get(candidate.conversationId) ?? 0;
+      if (pendingCount > 0) {
+        candidate.guardianContext = { pendingUnresolvedRequestCount: pendingCount };
+      }
+    }
+  }
+
   return candidates;
 }
 
 // -- Guardian context enrichment ----------------------------------------------
 
 /**
- * Build guardian-specific context for a candidate conversation.
- * Returns null when there is no guardian-relevant data.
+ * Batch-count pending guardian approval requests for multiple conversations
+ * in a single query. Returns a map from conversationId to pending count
+ * (only entries with count > 0 are included).
  */
-function buildGuardianContext(
-  conversationId: string,
+function batchCountPendingByConversation(
+  conversationIds: string[],
   assistantId: string,
-): GuardianCandidateContext | null {
+): Map<string, number> {
+  const result = new Map<string, number>();
+  if (conversationIds.length === 0) return result;
+
   try {
-    const pendingCount = countPendingByConversation(conversationId, assistantId);
-    if (pendingCount > 0) {
-      return { pendingUnresolvedRequestCount: pendingCount };
+    const db = getDb();
+
+    const rows = db
+      .select({
+        conversationId: channelGuardianApprovalRequests.conversationId,
+        count: count(),
+      })
+      .from(channelGuardianApprovalRequests)
+      .where(
+        and(
+          inArray(channelGuardianApprovalRequests.conversationId, conversationIds),
+          eq(channelGuardianApprovalRequests.status, 'pending'),
+          eq(channelGuardianApprovalRequests.assistantId, assistantId),
+        ),
+      )
+      .groupBy(channelGuardianApprovalRequests.conversationId)
+      .all();
+
+    for (const row of rows) {
+      if (row.count > 0) {
+        result.set(row.conversationId, row.count);
+      }
     }
   } catch (err) {
     const errMsg = err instanceof Error ? err.message : String(err);
-    log.warn({ err: errMsg, conversationId }, 'Failed to query guardian context for candidate');
+    log.warn({ err: errMsg }, 'Failed to batch-query guardian context for candidates');
   }
 
-  return null;
+  return result;
 }
 
 // -- Prompt serialization -----------------------------------------------------
@@ -213,13 +241,20 @@ export function serializeCandidatesForPrompt(candidateSet: ThreadCandidateSet):
 
     const lines: string[] = [`Channel: ${channel}`];
     for (const c of candidates) {
+      // Escape title to prevent format corruption from quotes or newlines in
+      // user/model-provided text. JSON.stringify produces a safe single-line
+      // quoted string; we strip the outer quotes since we wrap in our own.
+      const safeTitle = c.title
+        ? JSON.stringify(c.title).slice(1, -1)
+        : '(untitled)';
       const parts: string[] = [
         `  - id=${c.conversationId}`,
-        `title="${c.title ?? '(untitled)'}"`,
+        `title="${safeTitle}"`,
         `updated=${new Date(c.updatedAt).toISOString()}`,
       ];
       if (c.latestSourceEventName) {
-        parts.push(`lastEvent="${c.latestSourceEventName}"`);
+        const safeEventName = JSON.stringify(c.latestSourceEventName).slice(1, -1);
+        parts.push(`lastEvent="${safeEventName}"`);
       }
       if (c.guardianContext) {
         parts.push(`pendingRequests=${c.guardianContext.pendingUnresolvedRequestCount}`);

package/src/notifications/types.ts

@@ -95,13 +95,14 @@ export interface ThreadActionReuseExisting {
 /** Per-channel thread action — either start a new thread or reuse an existing one. */
 export type ThreadAction = ThreadActionStartNew | ThreadActionReuseExisting;
 
+
 /** Output produced by the notification decision engine for a given signal. */
 export interface NotificationDecision {
   shouldNotify: boolean;
   selectedChannels: NotificationChannel[];
   reasoningSummary: string;
   renderedCopy: Partial<Record<NotificationChannel, RenderedChannelCopy>>;
-  /** Per-channel thread action. When absent for a channel, defaults to start_new. */
+  /** Per-channel thread actions decided by the model. Absent channels default to start_new. */
   threadActions?: Partial<Record<NotificationChannel, ThreadAction>>;
   deepLinkTarget?: Record<string, unknown>;
   dedupeKey: string;

package/src/permissions/checker.ts

@@ -123,19 +123,6 @@ function getWrappedProgram(seg: { program: string; args: string[] }): string | u
   return undefined;
 }
 
-function isHighRiskRm(args: string[]): boolean {
-  // rm with -r, -rf, -fr, or targeting root/home
-  for (const arg of args) {
-    if (arg.startsWith('-') && (arg.includes('r') || arg.includes('f'))) {
-      return true;
-    }
-    if (arg === '/' || arg === '~' || arg === '$HOME') {
-      return true;
-    }
-  }
-  return false;
-}
-
 function getStringField(input: Record<string, unknown>, ...keys: string[]): string {
   for (const key of keys) {
     const value = input[key];
@@ -398,9 +385,7 @@ async function classifyRiskUncached(toolName: string, input: Record<string, unkn
       if (HIGH_RISK_PROGRAMS.has(prog)) return RiskLevel.High;
 
       if (prog === 'rm') {
-        if (isHighRiskRm(seg.args)) return RiskLevel.High;
-        maxRisk = RiskLevel.Medium;
-        continue;
+        return RiskLevel.High;
       }
 
       if (prog === 'chmod' || prog === 'chown' || prog === 'chgrp'

package/src/permissions/defaults.ts

@@ -37,6 +37,13 @@ const COMPUTER_USE_TOOLS = [
  * Computed at runtime so paths reflect the configured root directory.
  */
 export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
+  // Some test suites mock getConfig() with partial objects; treat missing
+  // branches as defaults so rule generation remains deterministic.
+  const config = getConfig() as {
+    sandbox?: { enabled?: boolean };
+    skills?: { load?: { extraDirs?: unknown } };
+  };
+
   const hostFileRules = HOST_FILE_TOOLS.map((tool) => ({
     id: `default:ask-${tool}-global`,
     tool,
@@ -50,11 +57,11 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
   // global default ask rule uses "**" (globstar) instead of a "tool:*" prefix
   // because commands often contain "/" (e.g. "cat /etc/hosts").
   const hostShellRule: DefaultRuleTemplate = {
-    id: 'default:ask-host_bash-global',
+    id: 'default:allow-host_bash-global',
     tool: 'host_bash',
     pattern: '**',
     scope: 'everywhere',
-    decision: 'ask',
+    decision: 'allow',
     priority: 50,
   };
 
@@ -62,7 +69,7 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
   // them (including high-risk) so the user is never prompted for sandbox work.
   // Only emit this rule when the sandbox is actually enabled; otherwise bash
   // commands execute on the host and must go through normal permission checks.
-  const sandboxEnabled = getConfig().sandbox.enabled;
+  const sandboxEnabled = config.sandbox?.enabled !== false;
   const sandboxShellRule: DefaultRuleTemplate | null = sandboxEnabled
     ? {
         id: 'default:allow-bash-global',
@@ -149,7 +156,10 @@ export function getDefaultRuleTemplates(): DefaultRuleTemplate[] {
 
   // Append any user-configured extra skill directories so they get the
   // same default ask rules as managed and bundled dirs.
-  const extraDirs = getConfig().skills.load.extraDirs;
+  const rawExtraDirs = config.skills?.load?.extraDirs;
+  const extraDirs = Array.isArray(rawExtraDirs)
+    ? rawExtraDirs.filter((dir): dir is string => typeof dir === 'string')
+    : [];
   for (let i = 0; i < extraDirs.length; i++) {
     skillDirs.push({ dir: extraDirs[i].replaceAll('\\', '/'), label: `extra-${i}` });
   }

package/src/runtime/guardian-action-followup-executor.ts

@@ -24,8 +24,8 @@ import { getGatewayInternalBaseUrl } from '../config/env.js';
 import { getOrCreateConversation } from '../memory/conversation-key-store.js';
 import {
   finalizeFollowup,
-  getGuardianActionRequest,
   type FollowupAction,
+  getGuardianActionRequest,
   type GuardianActionRequest,
 } from '../memory/guardian-action-store.js';
 import { getLogger } from '../util/logger.js';

package/src/runtime/http-server.ts

@@ -85,7 +85,6 @@ import {
   handleGetAttachmentContent,
   handleUploadAttachment,
 } from './routes/attachment-routes.js';
-import { handleDebug } from './routes/debug-routes.js';
 import {
   handleAnswerCall,
   handleCancelCall,
@@ -116,8 +115,19 @@ import {
   handleSearchConversations,
   handleSendMessage,
 } from './routes/conversation-routes.js';
+import { handleDebug } from './routes/debug-routes.js';
 import { handleSubscribeAssistantEvents } from './routes/events-routes.js';
 import { handleGetIdentity,handleHealth } from './routes/identity-routes.js';
+import {
+  handleBlockMember,
+  handleCreateInvite,
+  handleListInvites,
+  handleListMembers,
+  handleRedeemInvite,
+  handleRevokeInvite,
+  handleRevokeMember,
+  handleUpsertMember,
+} from './routes/ingress-routes.js';
 import {
   handleCancelOutbound,
   handleClearSlackChannelConfig,
@@ -140,16 +150,6 @@ import {
   handlePairingRequest,
   handlePairingStatus,
 } from './routes/pairing-routes.js';
-import {
-  handleBlockMember,
-  handleCreateInvite,
-  handleListInvites,
-  handleListMembers,
-  handleRedeemInvite,
-  handleRevokeInvite,
-  handleRevokeMember,
-  handleUpsertMember,
-} from './routes/ingress-routes.js';
 import { handleAddSecret } from './routes/secret-routes.js';
 
 // Re-export for consumers

package/src/runtime/routes/access-request-decision.ts

@@ -6,8 +6,8 @@
  * instead of resuming an agent loop.
  */
 import {
-  resolveApprovalRequest,
   type GuardianApprovalRequest,
+  resolveApprovalRequest,
 } from '../../memory/channel-guardian-store.js';
 import { getLogger } from '../../util/logger.js';
 import { createOutboundSession } from '../channel-guardian-service.js';

package/src/runtime/routes/debug-routes.ts

@@ -4,13 +4,13 @@
 
 import { statSync } from 'node:fs';
 
-import { getDbPath } from '../../util/platform.js';
+import { getConfig } from '../../config/loader.js';
 import { countConversations } from '../../memory/conversation-store.js';
-import { getMemoryJobCounts } from '../../memory/jobs-store.js';
-import { countSchedules } from '../../schedule/schedule-store.js';
 import { rawAll } from '../../memory/db.js';
-import { getConfig } from '../../config/loader.js';
+import { getMemoryJobCounts } from '../../memory/jobs-store.js';
 import { getProviderDebugStatus } from '../../providers/registry.js';
+import { countSchedules } from '../../schedule/schedule-store.js';
+import { getDbPath } from '../../util/platform.js';
 
 /** Process start time — used to calculate uptime. */
 const startedAt = Date.now();

package/src/runtime/routes/guardian-approval-interception.ts

@@ -8,8 +8,8 @@ import {
   getPendingApprovalByRequestAndGuardianChat,
   getPendingApprovalForRequest,
   getUnresolvedApprovalForRequest,
-  updateApprovalDecision,
   type GuardianApprovalRequest,
+  updateApprovalDecision,
 } from '../../memory/channel-guardian-store.js';
 import { emitNotificationSignal } from '../../notifications/emit-signal.js';
 import { getLogger } from '../../util/logger.js';
@@ -31,12 +31,12 @@ import type {
   ApprovalCopyGenerator,
 } from '../http-types.js';
 import {
-  handleAccessRequestDecision,
   deliverVerificationCodeToGuardian,
+  type DeliveryResult,
+  handleAccessRequestDecision,
   notifyRequesterOfApproval,
-  notifyRequesterOfDenial,
   notifyRequesterOfDeliveryFailure,
-  type DeliveryResult,
+  notifyRequesterOfDenial,
 } from './access-request-decision.js';
 import {
   buildGuardianDenyContext,

package/src/runtime/routes/inbound-message-handler.ts

@@ -50,12 +50,16 @@ import {
   validateAndConsumeChallenge,
 } from '../channel-guardian-service.js';
 import { deliverChannelReply } from '../gateway-client.js';
+import { processGuardianFollowUpTurn } from '../guardian-action-conversation-turn.js';
+import { executeFollowupAction } from '../guardian-action-followup-executor.js';
+import { composeGuardianActionMessageGenerative } from '../guardian-action-message-composer.js';
 import { resolveGuardianContext } from '../guardian-context-resolver.js';
 import {
   composeChannelVerifyReply,
   composeVerificationTelegram,
   GUARDIAN_VERIFY_TEMPLATE_KEYS,
 } from '../guardian-verification-templates.js';
+import { httpError } from '../http-errors.js';
 import type {
   ApprovalConversationGenerator,
   ApprovalCopyGenerator,
@@ -63,10 +67,6 @@ import type {
   GuardianFollowUpConversationGenerator,
   MessageProcessor,
 } from '../http-types.js';
-import { processGuardianFollowUpTurn } from '../guardian-action-conversation-turn.js';
-import { composeGuardianActionMessageGenerative } from '../guardian-action-message-composer.js';
-import { executeFollowupAction } from '../guardian-action-followup-executor.js';
-import { httpError } from '../http-errors.js';
 import { deliverReplyViaCallback } from './channel-delivery-routes.js';
 import {
   canonicalChannelAssistantId,
@@ -1120,9 +1120,9 @@ export async function handleChannelInbound(
             // that the request was already resolved and skip action execution.
             let stateApplied = true;
             if (turnResult.disposition === 'call_back' || turnResult.disposition === 'message_back') {
-              stateApplied = progressFollowupState(followupRequest.id, 'dispatching', turnResult.disposition) !== null;
+              stateApplied = progressFollowupState(followupRequest.id, 'dispatching', turnResult.disposition) !== undefined;
             } else if (turnResult.disposition === 'decline') {
-              stateApplied = finalizeFollowup(followupRequest.id, 'declined') !== null;
+              stateApplied = finalizeFollowup(followupRequest.id, 'declined') !== undefined;
             }
             // keep_pending: no state change — guardian can reply again
 

package/src/runtime/routes/integration-routes.ts

@@ -26,7 +26,6 @@ import {
   createGuardianChallenge,
   getGuardianStatus,
 } from '../../daemon/handlers/config-channels.js';
-import { httpError } from '../http-errors.js';
 import {
   clearSlackChannelConfig,
   getSlackChannelConfig,
@@ -39,14 +38,15 @@ import {
   setTelegramConfig,
   setupTelegram,
 } from '../../daemon/handlers/config-telegram.js';
+import { normalizePhoneNumber } from '../../util/phone.js';
 import {
   cancelOutbound,
   normalizeTelegramDestination,
   resendOutbound,
   startOutbound,
 } from '../guardian-outbound-actions.js';
+import { httpError } from '../http-errors.js';
 import { guardianVerificationLimiter } from '../verification-rate-limiter.js';
-import { normalizePhoneNumber } from '../../util/phone.js';
 
 /**
  * GET /v1/integrations/telegram/config

package/src/tools/permission-checker.ts

@@ -3,12 +3,11 @@ import { getHookManager } from '../hooks/manager.js';
 import { check, classifyRisk, generateAllowlistOptions, generateScopeOptions } from '../permissions/checker.js';
 import type { PermissionPrompter } from '../permissions/prompter.js';
 import { addRule } from '../permissions/trust-store.js';
-import { RiskLevel } from '../permissions/types.js';
 import { getLogger } from '../util/logger.js';
-import type { ExecutionTarget } from './types.js';
 import { buildPolicyContext } from './policy-context.js';
 import { isSideEffectTool } from './side-effects.js';
 import { wrapCommand } from './terminal/sandbox.js';
+import type { ExecutionTarget } from './types.js';
 import type { Tool, ToolContext, ToolLifecycleEvent } from './types.js';
 
 const log = getLogger('permission-checker');

package/src/tools/secret-detection-handler.ts

@@ -2,8 +2,8 @@ import { getConfig } from '../config/loader.js';
 import { getHookManager } from '../hooks/manager.js';
 import { PermissionPrompter } from '../permissions/prompter.js';
 import { RiskLevel } from '../permissions/types.js';
-import { compileCustomPatterns, redactSecrets, scanText } from '../security/secret-scanner.js';
 import type { SecretPattern } from '../security/secret-scanner.js';
+import { compileCustomPatterns, redactSecrets, scanText } from '../security/secret-scanner.js';
 import type { ExecutionTarget, ToolContext, ToolExecutionResult, ToolLifecycleEvent } from './types.js';
 
 /**

package/src/tools/system/voice-config.ts

@@ -32,7 +32,7 @@ export const voiceConfigUpdateTool: Tool = {
 
   async execute(
     input: Record<string, unknown>,
-    context: ToolContext,
+    _context: ToolContext,
   ): Promise<ToolExecutionResult> {
     const rawKey = input.activation_key;
     if (typeof rawKey !== 'string' || rawKey.trim() === '') {

package/src/version.ts

@@ -1,3 +1,30 @@
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+
+function resolveVersion(): string {
+  const envVersion = process.env.APP_VERSION;
+
+  // When APP_VERSION is not set, we're in local development — return the dev
+  // sentinel so Sentry (and similar) classify the session as "development".
+  if (!envVersion) return '0.0.0-dev';
+
+  // CI sets APP_VERSION to the dev placeholder during builds; resolve it to
+  // the package.json release version so Sentry gets a meaningful release tag.
+  if (envVersion === '0.0.0-dev') {
+    try {
+      const pkgPath = join(import.meta.dirname ?? __dirname, '..', 'package.json');
+      const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+      if (pkg.version && typeof pkg.version === 'string') return pkg.version;
+    } catch {
+      // package.json missing or unreadable
+    }
+    return '0.0.0-dev';
+  }
+
+  return envVersion;
+}
+
 // Version is embedded at compile time via --define in CI.
-// Falls back to "0.0.0-dev" for local development.
-export const APP_VERSION: string = process.env.APP_VERSION ?? "0.0.0-dev";
+// Falls back to "0.0.0-dev" for local development, or resolves the dev
+// placeholder to package.json version when explicitly set in CI.
+export const APP_VERSION: string = resolveVersion();