@vellumai/assistant 0.3.18 → 0.3.20

package/src/daemon/ipc-contract/guardian-actions.ts

@@ -0,0 +1,53 @@
+// Guardian action decision IPC types.
+// Enables desktop clients to fetch pending guardian prompts and submit
+// button decisions deterministically (without text parsing).
+
+// === Client -> Server ===
+
+export interface GuardianActionsPendingRequest {
+  type: 'guardian_actions_pending_request';
+  conversationId: string;
+}
+
+export interface GuardianActionDecision {
+  type: 'guardian_action_decision';
+  requestId: string;
+  action: string;
+  conversationId?: string;
+}
+
+// === Server -> Client ===
+
+export interface GuardianActionsPendingResponse {
+  type: 'guardian_actions_pending_response';
+  conversationId: string;
+  prompts: Array<{
+    requestId: string;
+    requestCode: string;
+    state: string;
+    questionText: string;
+    toolName: string | null;
+    actions: Array<{ action: string; label: string }>;
+    expiresAt: number;
+    conversationId: string;
+    callSessionId: string | null;
+  }>;
+}
+
+export interface GuardianActionDecisionResponse {
+  type: 'guardian_action_decision_response';
+  applied: boolean;
+  reason?: string;
+  requestId?: string;
+  userText?: string;
+}
+
+// --- Domain-level union aliases (consumed by the barrel file) ---
+
+export type _GuardianActionsClientMessages =
+  | GuardianActionsPendingRequest
+  | GuardianActionDecision;
+
+export type _GuardianActionsServerMessages =
+  | GuardianActionsPendingResponse
+  | GuardianActionDecisionResponse;

package/src/daemon/ipc-contract/sessions.ts

@@ -156,6 +156,11 @@ export interface ConversationSearchRequest {
   maxMessagesPerConversation?: number;
 }
 
+export interface ReorderThreadsRequest {
+  type: 'reorder_threads';
+  updates: Array<{ sessionId: string; displayOrder: number | null; isPinned: boolean }>;
+}
+
 // === Server → Client ===
 
 export interface ConversationSearchMatchingMessage {
@@ -213,7 +218,7 @@ export interface AssistantAttention {
 
 export interface SessionListResponse {
   type: 'session_list_response';
-  sessions: Array<{ id: string; title: string; createdAt?: number; updatedAt: number; threadType?: ThreadType; source?: string; channelBinding?: ChannelBinding; conversationOriginChannel?: ChannelId; conversationOriginInterface?: InterfaceId; assistantAttention?: AssistantAttention }>;
+  sessions: Array<{ id: string; title: string; createdAt?: number; updatedAt: number; threadType?: ThreadType; source?: string; channelBinding?: ChannelBinding; conversationOriginChannel?: ChannelId; conversationOriginInterface?: InterfaceId; assistantAttention?: AssistantAttention; displayOrder?: number; isPinned?: boolean }>;
   /** Whether more sessions exist beyond the returned page. */
   hasMore?: boolean;
 }
@@ -392,7 +397,8 @@ export type _SessionsClientMessages =
   | SessionRenameRequest
   | SessionsClearRequest
   | ConversationSearchRequest
-  | MessageContentRequest;
+  | MessageContentRequest
+  | ReorderThreadsRequest;
 
 export type _SessionsServerMessages =
   | AuthResult

package/src/daemon/ipc-contract/settings.ts

@@ -9,6 +9,13 @@ export interface VoiceConfigUpdateRequest {
   activationKey: string;
 }
 
+/** Request from the client to generate a custom avatar via Gemini. */
+export interface GenerateAvatarRequest {
+  type: 'generate_avatar';
+  /** Text description of the desired avatar appearance. */
+  description: string;
+}
+
 // === Server → Client ===
 
 /** Sent by the daemon to update a client-side setting (e.g. activation key). */
@@ -20,7 +27,23 @@ export interface ClientSettingsUpdate {
   value: string;
 }
 
+/** Sent by the daemon after the avatar image has been regenerated and saved to disk. */
+export interface AvatarUpdated {
+  type: 'avatar_updated';
+  /** Absolute path to the updated avatar image file. */
+  avatarPath: string;
+}
+
+/** Response to a generate_avatar request indicating success or failure. */
+export interface GenerateAvatarResponse {
+  type: 'generate_avatar_response';
+  /** Whether the avatar was generated successfully. */
+  success: boolean;
+  /** Error message when success is false. */
+  error?: string;
+}
+
 // --- Domain-level union aliases (consumed by the barrel file) ---
 
-export type _SettingsClientMessages = VoiceConfigUpdateRequest;
-export type _SettingsServerMessages = ClientSettingsUpdate;
+export type _SettingsClientMessages = VoiceConfigUpdateRequest | GenerateAvatarRequest;
+export type _SettingsServerMessages = ClientSettingsUpdate | AvatarUpdated | GenerateAvatarResponse;

package/src/daemon/ipc-contract/skills.ts

@@ -95,6 +95,7 @@ export interface SkillsListResponse {
     updateAvailable: boolean;
     userInvocable: boolean;
     clawhub?: { author: string; stars: number; installs: number; reports: number; publishedAt: string };
+    provenance?: { kind: 'first-party' | 'third-party' | 'local'; provider?: string; originId?: string; sourceUrl?: string };
   }>;
 }
 

package/src/daemon/ipc-contract-inventory.json

@@ -5,6 +5,7 @@
     "_ComputerUseClientMessages",
     "_DiagnosticsClientMessages",
     "_DocumentsClientMessages",
+    "_GuardianActionsClientMessages",
     "_InboxClientMessages",
     "_IntegrationsClientMessages",
     "_MessagesClientMessages",
@@ -28,6 +29,7 @@
     "_ComputerUseServerMessages",
     "_DiagnosticsServerMessages",
     "_DocumentsServerMessages",
+    "_GuardianActionsServerMessages",
     "_InboxServerMessages",
     "_IntegrationsServerMessages",
     "_MemoryServerMessages",
@@ -86,7 +88,10 @@
     "fork_shared_app",
     "gallery_install",
     "gallery_list",
+    "generate_avatar",
     "get_signing_identity_response",
+    "guardian_action_decision",
+    "guardian_actions_pending_request",
     "guardian_verification",
     "heartbeat_checklist_read",
     "heartbeat_checklist_write",
@@ -124,6 +129,7 @@
     "reminder_cancel",
     "reminders_list",
     "remove_trust_rule",
+    "reorder_threads",
     "ride_shotgun_start",
     "ride_shotgun_stop",
     "sandbox_set",
@@ -210,6 +216,7 @@
     "assistant_text_delta",
     "assistant_thinking_delta",
     "auth_result",
+    "avatar_updated",
     "browser_cdp_request",
     "browser_frame",
     "browser_handoff_request",
@@ -236,9 +243,12 @@
     "fork_shared_app_response",
     "gallery_install_response",
     "gallery_list_response",
+    "generate_avatar_response",
     "generation_cancelled",
     "generation_handoff",
     "get_signing_identity",
+    "guardian_action_decision_response",
+    "guardian_actions_pending_response",
     "guardian_verification_response",
     "heartbeat_alert",
     "heartbeat_checklist_response",

package/src/daemon/ipc-contract.ts

@@ -18,6 +18,7 @@ export * from './ipc-contract/browser.js';
 export * from './ipc-contract/computer-use.js';
 export * from './ipc-contract/diagnostics.js';
 export * from './ipc-contract/documents.js';
+export * from './ipc-contract/guardian-actions.js';
 export * from './ipc-contract/inbox.js';
 export * from './ipc-contract/integrations.js';
 export * from './ipc-contract/memory.js';
@@ -42,6 +43,7 @@ import type { _BrowserClientMessages, _BrowserServerMessages } from './ipc-contr
 import type { _ComputerUseClientMessages, _ComputerUseServerMessages } from './ipc-contract/computer-use.js';
 import type { _DiagnosticsClientMessages, _DiagnosticsServerMessages } from './ipc-contract/diagnostics.js';
 import type { _DocumentsClientMessages, _DocumentsServerMessages } from './ipc-contract/documents.js';
+import type { _GuardianActionsClientMessages, _GuardianActionsServerMessages } from './ipc-contract/guardian-actions.js';
 import type { _InboxClientMessages, _InboxServerMessages } from './ipc-contract/inbox.js';
 import type { _IntegrationsClientMessages, _IntegrationsServerMessages } from './ipc-contract/integrations.js';
 import type { _MemoryServerMessages } from './ipc-contract/memory.js';
@@ -83,6 +85,7 @@ export type ClientMessage =
   | _BrowserClientMessages
   | _SubagentsClientMessages
   | _DocumentsClientMessages
+  | _GuardianActionsClientMessages
   | _WorkspaceClientMessages
   | _SchedulesClientMessages
   | _DiagnosticsClientMessages
@@ -107,6 +110,7 @@ export type ServerMessage =
   | _BrowserServerMessages
   | _SubagentsServerMessages
   | _DocumentsServerMessages
+  | _GuardianActionsServerMessages
   | _MemoryServerMessages
   | _WorkspaceServerMessages
   | _SchedulesServerMessages

package/src/daemon/lifecycle.ts

@@ -57,7 +57,7 @@ import type { ServerMessage } from './ipc-protocol.js';
 import { initializeProvidersAndTools, registerMessagingProviders,registerWatcherProviders } from './providers-setup.js';
 import { seedInterfaceFiles } from './seed-files.js';
 import { DaemonServer } from './server.js';
-import { setGuardianActionCopyGenerator, setGuardianFollowUpConversationGenerator } from './session-process.js';
+import { setApprovalConversationGenerator, setGuardianActionCopyGenerator, setGuardianFollowUpConversationGenerator } from './session-process.js';
 import { initSlashPairingContext } from './session-slash.js';
 import { installShutdownHandlers } from './shutdown-handlers.js';
 
@@ -307,7 +307,11 @@ export async function runDaemon(): Promise<void> {
         server.persistAndProcessMessage(conversationId, content, attachmentIds, options, sourceChannel, sourceInterface),
       interfacesDir: getInterfacesDir(),
       approvalCopyGenerator: createApprovalCopyGenerator(),
-      approvalConversationGenerator: createApprovalConversationGenerator(),
+      approvalConversationGenerator: (() => {
+        const gen = createApprovalConversationGenerator();
+        setApprovalConversationGenerator(gen);
+        return gen;
+      })(),
       guardianActionCopyGenerator: (() => {
         const gen = createGuardianActionCopyGenerator();
         setGuardianActionCopyGenerator(gen);

package/src/daemon/main.ts

@@ -1,4 +1,5 @@
 #!/usr/bin/env bun
+process.title = 'vellum-daemon';
 import * as Sentry from '@sentry/node';
 
 import { getLogger } from '../util/logger.js';

package/src/daemon/server.ts

@@ -795,6 +795,7 @@ export class DaemonServer {
     const resolvedInterface = resolveTurnInterface(sourceInterface);
     session.setAssistantId(options?.assistantId ?? 'self');
     session.setGuardianContext(options?.guardianContext ?? null);
+    await session.ensureActorScopedHistory();
     session.setChannelCapabilities(resolveChannelCapabilities(sourceChannel, sourceInterface));
     session.setCommandIntent(options?.commandIntent ?? null);
     session.setTurnChannelContext({

package/src/daemon/session-lifecycle.ts

@@ -19,10 +19,38 @@ import { repairHistory } from './history-repair.js';
 import type { SurfaceData,SurfaceType, UsageStats } from './ipc-protocol.js';
 import { unregisterCallNotifiers,unregisterWatchNotifiers } from './session-notifiers.js';
 import type { MessageQueue } from './session-queue-manager.js';
+import type { GuardianRuntimeContext } from './session-runtime-assembly.js';
 import { resetSkillToolProjection } from './session-skill-tools.js';
 
 const log = getLogger('session-lifecycle');
 
+type GuardianActorRole = GuardianRuntimeContext['actorRole'];
+
+function parseProvenanceActorRole(metadata: string | null): GuardianActorRole | undefined {
+  if (!metadata) return undefined;
+  try {
+    const parsed = JSON.parse(metadata) as { provenanceActorRole?: unknown };
+    const role = parsed?.provenanceActorRole;
+    if (role === 'guardian' || role === 'non-guardian' || role === 'unverified_channel') {
+      return role;
+    }
+  } catch {
+    // Ignore malformed metadata and treat as unknown provenance.
+  }
+  return undefined;
+}
+
+function isUntrustedActorRole(role: GuardianActorRole | undefined): boolean {
+  return role === 'non-guardian' || role === 'unverified_channel';
+}
+
+function filterMessagesForUntrustedActor(messages: conversationStore.MessageRow[]): conversationStore.MessageRow[] {
+  return messages.filter((m) => {
+    const provenanceRole = parseProvenanceActorRole(m.metadata);
+    return provenanceRole === 'non-guardian' || provenanceRole === 'unverified_channel';
+  });
+}
+
 // ── Context Interfaces ───────────────────────────────────────────────
 
 export interface LoadFromDbContext {
@@ -31,6 +59,8 @@ export interface LoadFromDbContext {
   usageStats: UsageStats;
   contextCompactedMessageCount: number;
   contextCompactedAt: number | null;
+  guardianContext?: { actorRole: GuardianActorRole };
+  loadedHistoryActorRole?: GuardianActorRole;
 }
 
 export interface AbortContext {
@@ -59,15 +89,28 @@ export interface DisposeContext extends AbortContext {
 // ── loadFromDb ───────────────────────────────────────────────────────
 
 export async function loadFromDb(ctx: LoadFromDbContext): Promise<void> {
-  const dbMessages = conversationStore.getMessages(ctx.conversationId);
+  const actorRole = ctx.guardianContext?.actorRole;
+  const allDbMessages = conversationStore.getMessages(ctx.conversationId);
+  const dbMessages = isUntrustedActorRole(actorRole)
+    ? filterMessagesForUntrustedActor(allDbMessages)
+    : allDbMessages;
 
   const conv = conversationStore.getConversation(ctx.conversationId);
-  const contextSummary = conv?.contextSummary?.trim() || null;
-  ctx.contextCompactedMessageCount = Math.max(
-    0,
-    Math.min(conv?.contextCompactedMessageCount ?? 0, dbMessages.length),
-  );
-  ctx.contextCompactedAt = conv?.contextCompactedAt ?? null;
+  const contextSummary = !isUntrustedActorRole(actorRole)
+    ? conv?.contextSummary?.trim() || null
+    : null;
+  if (isUntrustedActorRole(actorRole)) {
+    // Compacted summaries may include trusted/guardian-only details, so we
+    // disable summary-based context for untrusted actor views.
+    ctx.contextCompactedMessageCount = 0;
+    ctx.contextCompactedAt = null;
+  } else {
+    ctx.contextCompactedMessageCount = Math.max(
+      0,
+      Math.min(conv?.contextCompactedMessageCount ?? 0, dbMessages.length),
+    );
+    ctx.contextCompactedAt = conv?.contextCompactedAt ?? null;
+  }
 
   const parsedMessages: Message[] = dbMessages
     .slice(ctx.contextCompactedMessageCount)
@@ -102,6 +145,8 @@ export async function loadFromDb(ctx: LoadFromDbContext): Promise<void> {
     };
   }
 
+  ctx.loadedHistoryActorRole = actorRole;
+
   log.info({ conversationId: ctx.conversationId, count: ctx.messages.length }, 'Loaded messages from DB');
 }
 

package/src/daemon/session-memory.ts

@@ -39,6 +39,16 @@ export interface MemoryPrepareContext {
   isInteractive?: boolean;
 }
 
+/**
+ * Returns true when the latest user turn is an internal tool-result-only
+ * message (no user-authored text/image content).
+ */
+function isToolResultOnlyUserTurn(message: Message | undefined): boolean {
+  return message?.role === 'user'
+    && message.content.length > 0
+    && message.content.every((block) => block.type === 'tool_result');
+}
+
 /**
  * Build memory recall, dynamic profile, and conflict gate evaluation
  * for a single agent loop turn. Returns the augmented run messages and
@@ -86,6 +96,41 @@ export async function prepareMemoryContext(
     };
   }
 
+  // Internal tool-result turns (assistant tool loop) should not trigger
+  // memory retrieval/profile injection. Injecting memory here repeats the
+  // same long recall block on every tool step and dramatically inflates
+  // per-step prompt size/latency.
+  const latestMessage = ctx.messages[ctx.messages.length - 1];
+  if (isToolResultOnlyUserTurn(latestMessage)) {
+    return {
+      runMessages: ctx.messages,
+      recall: {
+        enabled: false,
+        degraded: false,
+        injectedText: '',
+        lexicalHits: 0,
+        semanticHits: 0,
+        recencyHits: 0,
+        entityHits: 0,
+        relationSeedEntityCount: 0,
+        relationTraversedEdgeCount: 0,
+        relationNeighborEntityCount: 0,
+        relationExpandedItemCount: 0,
+        earlyTerminated: false,
+        mergedCount: 0,
+        selectedCount: 0,
+        rerankApplied: false,
+        injectedTokens: 0,
+        latencyMs: 0,
+        topCandidates: [],
+      } as Awaited<ReturnType<typeof buildMemoryRecall>>,
+      dynamicProfile: { text: '' },
+      softConflictInstruction: null,
+      recallInjectionStrategy: 'prepend_user_block',
+      conflictClarification: null,
+    };
+  }
+
   const runtimeConfig = getConfig();
   const memoryEnabled = runtimeConfig.memory?.enabled !== false;