@vellumai/assistant 0.3.19 → 0.3.21

package/src/calls/call-domain.ts

@@ -72,6 +72,8 @@ export type CancelCallInput = {
 export type AnswerCallInput = {
   callSessionId: string;
   answer: string;
+  /** When provided, the answer is matched to this specific pending question/consultation. */
+  pendingQuestionId?: string;
 };
 
 export type RelayInstructionInput = {
@@ -516,30 +518,66 @@ export async function cancelCall(input: CancelCallInput): Promise<{ ok: true; se
 
 /**
  * Answer a pending question for an active call.
+ *
+ * When `pendingQuestionId` is provided, the answer is matched to that specific
+ * pending question/consultation rather than relying on transient controller
+ * state. This allows answers to arrive while the call is active and not paused,
+ * as long as the referenced question is still pending.
  */
 export async function answerCall(input: AnswerCallInput): Promise<{ ok: true; questionId: string } | CallError> {
-  const { callSessionId, answer } = input;
+  const { callSessionId, answer, pendingQuestionId } = input;
 
   if (!answer || typeof answer !== 'string') {
     return { ok: false, error: 'Missing answer', status: 400 };
   }
 
+  const controller = getCallController(callSessionId);
+  if (!controller) {
+    log.warn({ callSessionId }, 'answerCall: no active controller for call session');
+    return { ok: false, error: 'No active controller for this call', status: 409 };
+  }
+
+  // When a specific question is targeted, validate it matches the active
+  // consultation. This prevents stale or duplicate answers from being
+  // applied to the wrong consultation.
+  if (pendingQuestionId) {
+    const activeQuestionId = controller.getPendingConsultationQuestionId();
+    if (!activeQuestionId) {
+      log.warn(
+        { callSessionId, pendingQuestionId },
+        'answerCall: pendingQuestionId provided but no consultation is active',
+      );
+      return { ok: false, error: 'Referenced question is no longer pending', status: 409 };
+    }
+    if (activeQuestionId !== pendingQuestionId) {
+      log.warn(
+        { callSessionId, pendingQuestionId, activeQuestionId },
+        'answerCall: pendingQuestionId does not match active consultation',
+      );
+      return { ok: false, error: 'Referenced question is stale — a newer consultation has superseded it', status: 409 };
+    }
+  }
+
+  // Look up the pending question in the store for record-keeping
   const question = getPendingQuestion(callSessionId);
   if (!question) {
     return { ok: false, error: 'No pending question found', status: 404 };
   }
 
-  const controller = getCallController(callSessionId);
-  if (!controller) {
-    log.warn({ callSessionId }, 'answerCall: no active controller for call session');
-    return { ok: false, error: 'No active controller for this call', status: 409 };
+  // When pendingQuestionId is given, double-check it matches the store record
+  if (pendingQuestionId && question.id !== pendingQuestionId) {
+    log.warn(
+      { callSessionId, pendingQuestionId, storeQuestionId: question.id },
+      'answerCall: store pending question does not match requested pendingQuestionId',
+    );
+    return { ok: false, error: 'Referenced question is stale', status: 409 };
   }
 
   const accepted = await controller.handleUserAnswer(answer);
   if (!accepted) {
     log.warn(
       { callSessionId },
-      'answerCall: controller rejected the answer (not in waiting_on_user state)',
+      'answerCall: controller rejected the answer (no pending consultation)',
     );
     return { ok: false, error: 'Controller is not waiting for an answer', status: 409 };
   }

package/src/calls/guardian-dispatch.ts

@@ -12,6 +12,7 @@ import {
   countPendingRequestsByCallSessionId,
   createGuardianActionDelivery,
   createGuardianActionRequest,
+  getGuardianConversationIdForCallSession,
   updateDeliveryStatus,
 } from '../memory/guardian-action-store.js';
 import { emitNotificationSignal } from '../notifications/emit-signal.js';
@@ -22,6 +23,11 @@ import type { CallPendingQuestion } from './types.js';
 
 const log = getLogger('guardian-dispatch');
 
+// Per-callSessionId serialization lock. Ensures that concurrent dispatches for
+// the same call session are serialized so the second dispatch always sees the
+// delivery row (and thus the guardian conversation ID) persisted by the first.
+const pendingDispatches = new Map<string, Promise<void>>();
+
 export interface GuardianDispatchParams {
   callSessionId: string;
   conversationId: string;
@@ -47,6 +53,31 @@ function applyDeliveryStatus(deliveryId: string, result: NotificationDeliveryRes
  * Fire-and-forget: errors are logged but do not propagate.
  */
 export async function dispatchGuardianQuestion(params: GuardianDispatchParams): Promise<void> {
+  const { callSessionId } = params;
+
+  // Serialize concurrent dispatches for the same call session so the second
+  // dispatch always sees the guardian conversation ID persisted by the first.
+  const preceding = pendingDispatches.get(callSessionId);
+  const current = (preceding ?? Promise.resolve()).then(() =>
+    dispatchGuardianQuestionInner(params),
+  );
+  // Store a suppressed-error variant so the chain never rejects, and keep
+  // a stable reference for the cleanup identity check below.
+  const suppressed = current.catch(() => {});
+  pendingDispatches.set(callSessionId, suppressed);
+
+  try {
+    await current;
+  } finally {
+    // Clean up the map entry only if it still points to our promise, to avoid
+    // removing a later dispatch's entry.
+    if (pendingDispatches.get(callSessionId) === suppressed) {
+      pendingDispatches.delete(callSessionId);
+    }
+  }
+}
+
+async function dispatchGuardianQuestionInner(params: GuardianDispatchParams): Promise<void> {
   const {
     callSessionId,
     conversationId,
@@ -84,6 +115,22 @@ export async function dispatchGuardianQuestion(params: GuardianDispatchParams):
     // in the same call session.
     const activeGuardianRequestCount = countPendingRequestsByCallSessionId(callSessionId);
 
+    // Look up the vellum conversation used for the first guardian question
+    // in this call session. When found, pass it as an affinity hint so the
+    // notification pipeline deterministically routes to the same conversation
+    // instead of letting the LLM choose a different thread.
+    const existingGuardianConversationId = getGuardianConversationIdForCallSession(callSessionId);
+    const conversationAffinityHint = existingGuardianConversationId
+      ? { vellum: existingGuardianConversationId }
+      : undefined;
+
+    if (existingGuardianConversationId) {
+      log.info(
+        { callSessionId, existingGuardianConversationId },
+        'Found existing guardian conversation for call session — enforcing thread affinity',
+      );
+    }
+
     // Route through the canonical notification pipeline. The paired vellum
     // conversation from this pipeline is the canonical guardian thread.
     let vellumDeliveryId: string | null = null;
@@ -107,6 +154,7 @@ export async function dispatchGuardianQuestion(params: GuardianDispatchParams):
         pendingQuestionId: pendingQuestion.id,
         activeGuardianRequestCount,
       },
+      conversationAffinityHint,
       dedupeKey: `guardian:${request.id}`,
       onThreadCreated: (info) => {
         if (info.sourceEventName !== 'guardian.question' || vellumDeliveryId) return;

package/src/calls/types.ts

@@ -1,5 +1,5 @@
 export type CallStatus = 'initiated' | 'ringing' | 'in_progress' | 'waiting_on_user' | 'completed' | 'failed' | 'cancelled';
-export type CallEventType = 'call_started' | 'call_connected' | 'caller_spoke' | 'assistant_spoke' | 'user_question_asked' | 'user_answered' | 'user_instruction_relayed' | 'call_ended' | 'call_failed' | 'callee_verification_started' | 'callee_verification_succeeded' | 'callee_verification_failed' | 'guardian_voice_verification_started' | 'guardian_voice_verification_succeeded' | 'guardian_voice_verification_failed' | 'outbound_guardian_voice_verification_started' | 'outbound_guardian_voice_verification_succeeded' | 'outbound_guardian_voice_verification_failed' | 'guardian_consultation_timed_out' | 'guardian_unavailable_skipped';
+export type CallEventType = 'call_started' | 'call_connected' | 'caller_spoke' | 'assistant_spoke' | 'user_question_asked' | 'user_answered' | 'user_instruction_relayed' | 'call_ended' | 'call_failed' | 'callee_verification_started' | 'callee_verification_succeeded' | 'callee_verification_failed' | 'guardian_voice_verification_started' | 'guardian_voice_verification_succeeded' | 'guardian_voice_verification_failed' | 'outbound_guardian_voice_verification_started' | 'outbound_guardian_voice_verification_succeeded' | 'outbound_guardian_voice_verification_failed' | 'guardian_consultation_timed_out' | 'guardian_unavailable_skipped' | 'guardian_consult_deferred' | 'guardian_consult_coalesced';
 export type PendingQuestionStatus = 'pending' | 'answered' | 'expired' | 'cancelled';
 
 /**

package/src/calls/voice-session-bridge.ts

@@ -10,6 +10,7 @@
  * dependencies at startup via `setVoiceBridgeDeps()`.
  */
 
+import { consumeGrantForInvocation } from '../approvals/approval-primitive.js';
 import type { ChannelId } from '../channels/types.js';
 import { getConfig } from '../config/loader.js';
 import type { ServerMessage } from '../daemon/ipc-protocol.js';
@@ -18,7 +19,6 @@ import type { GuardianRuntimeContext } from '../daemon/session-runtime-assembly.
 import { resolveChannelCapabilities } from '../daemon/session-runtime-assembly.js';
 import { buildAssistantEvent } from '../runtime/assistant-event.js';
 import { assistantEventHub } from '../runtime/assistant-event-hub.js';
-import { consumeScopedApprovalGrantByToolSignature } from '../memory/scoped-approval-grants.js';
 import { checkIngressForSecrets } from '../security/secret-ingress.js';
 import { computeToolApprovalDigest } from '../security/tool-approval-digest.js';
 import { IngressBlockedError } from '../util/errors.js';
@@ -307,6 +307,7 @@ export async function startVoiceTurn(opts: VoiceTurnOptions): Promise<VoiceTurnH
     strictSideEffects,
   };
   session.setAssistantId(opts.assistantId ?? 'self');
+  session.callSessionId = opts.callSessionId;
   session.setGuardianContext(opts.guardianContext ?? null);
   session.setCommandIntent(null);
   session.setTurnChannelContext({
@@ -345,42 +346,56 @@ export async function startVoiceTurn(opts: VoiceTurnOptions): Promise<VoiceTurnH
   const autoDeny = !isGuardian;
   const autoAllow = isGuardian;
   let lastError: string | null = null;
-  session.updateClient((msg: ServerMessage) => {
+  session.updateClient(async (msg: ServerMessage) => {
     if (msg.type === 'confirmation_request') {
       if (autoDeny) {
-        // Before auto-denying, check if a guardian from another channel
-        // has pre-approved this exact tool invocation via a scoped grant.
-        const inputDigest = computeToolApprovalDigest(msg.toolName, msg.input);
-        const consumeResult = consumeScopedApprovalGrantByToolSignature({
-          toolName: msg.toolName,
-          inputDigest,
-          consumingRequestId: msg.requestId,
-          assistantId: opts.assistantId,
-          executionChannel: 'voice',
-          conversationId: opts.conversationId,
-          callSessionId: opts.callSessionId,
-          requesterExternalUserId: opts.guardianContext?.requesterExternalUserId,
-        });
-
-        if (consumeResult.ok) {
-          log.info(
-            { turnId, toolName: msg.toolName, grantId: consumeResult.grant?.id },
-            'Consumed scoped grant — allowing non-guardian voice confirmation',
+        // Non-guardian voice callers have no interactive approval UI.
+        // The pre-exec gate (tool-approval-handler.ts) handles grant
+        // consumption with retry for tool execution confirmations, but
+        // some confirmation_request events originate from proxy/network
+        // paths (e.g. PermissionPrompter in createProxyApprovalCallback)
+        // that bypass the pre-exec gate. We do a single sync lookup here
+        // (maxWaitMs: 0) since the primary retry path is in the pre-exec
+        // gate; this secondary path just needs a quick check.
+        try {
+          const inputDigest = computeToolApprovalDigest(msg.toolName, msg.input);
+          const consumeResult = await consumeGrantForInvocation({
+            requestId: msg.requestId,
+            toolName: msg.toolName,
+            inputDigest,
+            consumingRequestId: msg.requestId,
+            assistantId: opts.assistantId ?? 'self',
+            executionChannel: 'voice',
+            conversationId: opts.conversationId,
+            callSessionId: opts.callSessionId,
+            requesterExternalUserId: opts.guardianContext?.requesterExternalUserId,
+          }, { maxWaitMs: 0 });
+
+          if (consumeResult.ok) {
+            log.info(
+              { turnId, toolName: msg.toolName, grantId: consumeResult.grant.id },
+              'Consumed scoped grant — allowing non-guardian voice confirmation',
+            );
+            session.handleConfirmationResponse(
+              msg.requestId,
+              'allow',
+              undefined,
+              undefined,
+              `Permission approved for "${msg.toolName}": guardian pre-approved via scoped grant.`,
+            );
+            publishToHub(msg);
+            return;
+          }
+        } catch (err) {
+          log.error(
+            { err, turnId, toolName: msg.toolName },
+            'Error consuming grant in voice confirmation handler — falling through to deny',
           );
-          session.handleConfirmationResponse(
-            msg.requestId,
-            'allow',
-            undefined,
-            undefined,
-            `Permission approved for "${msg.toolName}": guardian pre-approved via scoped grant.`,
-          );
-          publishToHub(msg);
-          return;
         }
 
         log.info(
           { turnId, toolName: msg.toolName },
-          'Auto-denying confirmation request for voice turn (no matching scoped grant)',
+          'Auto-denying confirmation request for non-guardian voice turn (no matching scoped grant)',
         );
         session.handleConfirmationResponse(
           msg.requestId,
@@ -429,6 +444,7 @@ export async function startVoiceTurn(opts: VoiceTurnOptions): Promise<VoiceTurnH
     session.setCommandIntent(null);
     session.setAssistantId('self');
     session.setVoiceCallControlPrompt(null);
+    session.callSessionId = undefined;
     // Reset the session's client callback to a no-op so the stale
     // closure doesn't intercept events from future turns on the same session.
     session.updateClient(() => {}, true);

package/src/cli/core-commands.ts

@@ -649,11 +649,7 @@ export function registerDoctorCommand(program: Command): void {
       const { runSandboxDiagnostics } = await import('../tools/terminal/sandbox-diagnostics.js');
       const sandbox = runSandboxDiagnostics();
       log.info(`\n  Sandbox:   ${sandbox.config.enabled ? 'enabled' : 'disabled'}`);
-      log.info(`  Backend:   ${sandbox.config.backend}`);
       log.info(`  Reason:    ${sandbox.activeBackendReason}`);
-      if (sandbox.config.backend === 'docker') {
-        log.info(`  Image:     ${sandbox.config.dockerImage}`);
-      }
       log.info('');
       for (const check of sandbox.checks) {
         if (check.ok) {

package/src/cli/mcp.ts

@@ -0,0 +1,58 @@
+import type { Command } from 'commander';
+
+import { loadRawConfig } from '../config/loader.js';
+import type { McpConfig, McpServerConfig } from '../config/mcp-schema.js';
+import { getCliLogger } from '../util/logger.js';
+
+const log = getCliLogger('cli');
+
+export function registerMcpCommand(program: Command): void {
+  const mcp = program.command('mcp').description('Manage MCP (Model Context Protocol) servers');
+
+  mcp
+    .command('list')
+    .description('List configured MCP servers and their status')
+    .option('--json', 'Output as JSON')
+    .action((opts: { json?: boolean }) => {
+      const raw = loadRawConfig();
+      const mcpConfig = raw.mcp as Partial<McpConfig> | undefined;
+      const servers = mcpConfig?.servers ?? {};
+      const entries = Object.entries(servers) as [string, McpServerConfig][];
+
+      if (entries.length === 0) {
+        if (opts.json) {
+          process.stdout.write(JSON.stringify([], null, 2) + '\n');
+        } else {
+          log.info('No MCP servers configured.');
+        }
+        return;
+      }
+
+      if (opts.json) {
+        const result = entries.map(([id, config]) => ({ id, ...config }));
+        process.stdout.write(JSON.stringify(result, null, 2) + '\n');
+        return;
+      }
+
+      log.info(`${entries.length} MCP server(s) configured:\n`);
+      for (const [id, cfg] of entries) {
+        const enabled = cfg.enabled !== false;
+        const transport = cfg.transport;
+        const risk = cfg.defaultRiskLevel ?? 'high';
+        const status = enabled ? '✓ enabled' : '✗ disabled';
+
+        log.info(`  ${id}`);
+        log.info(`    Status:    ${status}`);
+        log.info(`    Transport: ${transport?.type ?? 'unknown'}`);
+        if (transport?.type === 'stdio') {
+          log.info(`    Command:   ${transport.command} ${(transport.args ?? []).join(' ')}`);
+        } else if (transport && 'url' in transport) {
+          log.info(`    URL:       ${transport.url}`);
+        }
+        log.info(`    Risk:      ${risk}`);
+        if (cfg.allowedTools) log.info(`    Allowed:   ${cfg.allowedTools.join(', ')}`);
+        if (cfg.blockedTools) log.info(`    Blocked:   ${cfg.blockedTools.join(', ')}`);
+        log.info('');
+      }
+    });
+}

package/src/cli.ts

@@ -43,6 +43,72 @@ export function sanitizeUrlForDisplay(rawUrl: unknown): string {
   }
 }
 
+function stringifyConfirmationInputValue(value: unknown): string {
+  if (typeof value === 'string') return value;
+  if (typeof value === 'number' || typeof value === 'boolean') return String(value);
+  if (value == null) return 'null';
+  try {
+    return JSON.stringify(value);
+  } catch {
+    return String(value);
+  }
+}
+
+export function formatConfirmationInputLines(input: Record<string, unknown>): string[] {
+  const lines: string[] = [];
+  for (const key of Object.keys(input).sort()) {
+    const rawValue = input[key];
+    const value = key.toLowerCase().includes('url') && typeof rawValue === 'string'
+      ? sanitizeUrlForDisplay(rawValue)
+      : rawValue;
+    const rendered = stringifyConfirmationInputValue(value);
+    const renderedLines = rendered.split('\n');
+    if (renderedLines.length === 0) {
+      lines.push(`${key}:`);
+      continue;
+    }
+    lines.push(`${key}: ${renderedLines[0]}`);
+    for (const continuation of renderedLines.slice(1)) {
+      lines.push(`  ${continuation}`);
+    }
+  }
+  return lines;
+}
+
+export function formatConfirmationCommandPreview(req: Pick<ConfirmationRequest, 'toolName' | 'input'>): string {
+  if (req.toolName === 'bash' || req.toolName === 'host_bash') {
+    return String(req.input.command ?? '');
+  }
+  if (req.toolName === 'file_read' || req.toolName === 'host_file_read') {
+    return `read ${req.input.path ?? ''}`;
+  }
+  if (req.toolName === 'file_write' || req.toolName === 'host_file_write') {
+    return `write ${req.input.path ?? ''}`;
+  }
+  if (req.toolName === 'file_edit' || req.toolName === 'host_file_edit') {
+    return `edit ${req.input.path ?? ''}`;
+  }
+  if (req.toolName === 'web_fetch') {
+    return `fetch ${sanitizeUrlForDisplay(req.input.url ?? '')}`;
+  }
+  if (req.toolName === 'browser_navigate') {
+    return `navigate ${sanitizeUrlForDisplay(req.input.url ?? '')}`;
+  }
+  if (req.toolName === 'browser_close') {
+    return req.input.close_all_pages ? 'close all browser pages' : 'close browser page';
+  }
+  if (req.toolName === 'browser_click') {
+    return `click ${req.input.element_id ?? req.input.selector ?? ''}`;
+  }
+  if (req.toolName === 'browser_type') {
+    return `type into ${req.input.element_id ?? req.input.selector ?? ''}`;
+  }
+  if (req.toolName === 'browser_press_key') {
+    return `press "${req.input.key ?? ''}"`;
+  }
+  return req.toolName;
+}
+
 
 export async function startCli(): Promise<void> {
   const socketPath = getSocketPath();
@@ -138,48 +204,24 @@ export async function startCli(): Promise<void> {
     return false;
   }
 
-  function formatCommandPreview(req: ConfirmationRequest): string {
-    if (req.toolName === 'bash') {
-      return String(req.input.command ?? '');
-    }
-    if (req.toolName === 'file_read') {
-      return `read ${req.input.path ?? ''}`;
-    }
-    if (req.toolName === 'file_write') {
-      return `write ${req.input.path ?? ''}`;
-    }
-    if (req.toolName === 'web_fetch') {
-      return `fetch ${sanitizeUrlForDisplay(req.input.url ?? '')}`;
-    }
-    if (req.toolName === 'browser_navigate') {
-      return `navigate ${sanitizeUrlForDisplay(req.input.url ?? '')}`;
-    }
-    if (req.toolName === 'browser_close') {
-      return req.input.close_all_pages ? 'close all browser pages' : 'close browser page';
-    }
-    if (req.toolName === 'browser_click') {
-      return `click ${req.input.element_id ?? req.input.selector ?? ''}`;
-    }
-    if (req.toolName === 'browser_type') {
-      return `type into ${req.input.element_id ?? req.input.selector ?? ''}`;
-    }
-    if (req.toolName === 'browser_press_key') {
-      return `press "${req.input.key ?? ''}"`;
-    }
-    return `${req.toolName}: ${truncate(JSON.stringify(req.input), 80)}`;
-  }
-
   function renderConfirmationPrompt(req: ConfirmationRequest): void {
-    const preview = formatCommandPreview(req);
+    const preview = formatConfirmationCommandPreview(req);
+    const inputLines = formatConfirmationInputLines(req.input);
     process.stdout.write('\n');
     process.stdout.write(`\u250C ${req.toolName}: ${preview}\n`);
     process.stdout.write(`\u2502 Risk: ${req.riskLevel}${req.sandboxed ? '  [sandboxed]' : ''}\n`);
     if (req.executionTarget) {
       process.stdout.write(`\u2502 Target: ${req.executionTarget}\n`);
     }
+    if (inputLines.length > 0) {
+      process.stdout.write(`\u2502\n`);
+      for (const line of inputLines) {
+        process.stdout.write(`\u2502 ${line}\n`);
+      }
+    }
     if (req.diff) {
       const diffOutput = req.diff.isNewFile
-        ? formatNewFileDiff(req.diff.newContent, req.diff.filePath)
+        ? formatNewFileDiff(req.diff.newContent, req.diff.filePath, null)
         : formatDiff(req.diff.oldContent, req.diff.newContent, req.diff.filePath);
       if (diffOutput) {
         process.stdout.write(`\u2502\n`);
@@ -506,7 +548,7 @@ export async function startCli(): Promise<void> {
         toolStreaming = false;
         if (msg.diff) {
           const diffOutput = msg.diff.isNewFile
-            ? formatNewFileDiff(msg.diff.newContent, msg.diff.filePath)
+            ? formatNewFileDiff(msg.diff.newContent, msg.diff.filePath, null)
             : formatDiff(msg.diff.oldContent, msg.diff.newContent, msg.diff.filePath);
           if (diffOutput) {
             process.stdout.write(diffOutput);