@vellumai/assistant 0.3.19 → 0.3.21

package/src/daemon/ipc-contract/settings.ts

@@ -9,6 +9,13 @@ export interface VoiceConfigUpdateRequest {
   activationKey: string;
 }
 
+/** Request from the client to generate a custom avatar via Gemini. */
+export interface GenerateAvatarRequest {
+  type: 'generate_avatar';
+  /** Text description of the desired avatar appearance. */
+  description: string;
+}
+
 // === Server → Client ===
 
 /** Sent by the daemon to update a client-side setting (e.g. activation key). */
@@ -20,7 +27,23 @@ export interface ClientSettingsUpdate {
   value: string;
 }
 
+/** Sent by the daemon after the avatar image has been regenerated and saved to disk. */
+export interface AvatarUpdated {
+  type: 'avatar_updated';
+  /** Absolute path to the updated avatar image file. */
+  avatarPath: string;
+}
+
+/** Response to a generate_avatar request indicating success or failure. */
+export interface GenerateAvatarResponse {
+  type: 'generate_avatar_response';
+  /** Whether the avatar was generated successfully. */
+  success: boolean;
+  /** Error message when success is false. */
+  error?: string;
+}
+
 // --- Domain-level union aliases (consumed by the barrel file) ---
 
-export type _SettingsClientMessages = VoiceConfigUpdateRequest;
-export type _SettingsServerMessages = ClientSettingsUpdate;
+export type _SettingsClientMessages = VoiceConfigUpdateRequest | GenerateAvatarRequest;
+export type _SettingsServerMessages = ClientSettingsUpdate | AvatarUpdated | GenerateAvatarResponse;

package/src/daemon/ipc-contract-inventory.json

@@ -5,6 +5,7 @@
     "_ComputerUseClientMessages",
     "_DiagnosticsClientMessages",
     "_DocumentsClientMessages",
+    "_GuardianActionsClientMessages",
     "_InboxClientMessages",
     "_IntegrationsClientMessages",
     "_MessagesClientMessages",
@@ -28,6 +29,7 @@
     "_ComputerUseServerMessages",
     "_DiagnosticsServerMessages",
     "_DocumentsServerMessages",
+    "_GuardianActionsServerMessages",
     "_InboxServerMessages",
     "_IntegrationsServerMessages",
     "_MemoryServerMessages",
@@ -86,7 +88,10 @@
     "fork_shared_app",
     "gallery_install",
     "gallery_list",
+    "generate_avatar",
     "get_signing_identity_response",
+    "guardian_action_decision",
+    "guardian_actions_pending_request",
     "guardian_verification",
     "heartbeat_checklist_read",
     "heartbeat_checklist_write",
@@ -124,6 +129,7 @@
     "reminder_cancel",
     "reminders_list",
     "remove_trust_rule",
+    "reorder_threads",
     "ride_shotgun_start",
     "ride_shotgun_stop",
     "sandbox_set",
@@ -210,6 +216,7 @@
     "assistant_text_delta",
     "assistant_thinking_delta",
     "auth_result",
+    "avatar_updated",
     "browser_cdp_request",
     "browser_frame",
     "browser_handoff_request",
@@ -236,9 +243,12 @@
     "fork_shared_app_response",
     "gallery_install_response",
     "gallery_list_response",
+    "generate_avatar_response",
     "generation_cancelled",
     "generation_handoff",
     "get_signing_identity",
+    "guardian_action_decision_response",
+    "guardian_actions_pending_response",
     "guardian_verification_response",
     "heartbeat_alert",
     "heartbeat_checklist_response",

package/src/daemon/ipc-contract.ts

@@ -18,6 +18,7 @@ export * from './ipc-contract/browser.js';
 export * from './ipc-contract/computer-use.js';
 export * from './ipc-contract/diagnostics.js';
 export * from './ipc-contract/documents.js';
+export * from './ipc-contract/guardian-actions.js';
 export * from './ipc-contract/inbox.js';
 export * from './ipc-contract/integrations.js';
 export * from './ipc-contract/memory.js';
@@ -42,6 +43,7 @@ import type { _BrowserClientMessages, _BrowserServerMessages } from './ipc-contr
 import type { _ComputerUseClientMessages, _ComputerUseServerMessages } from './ipc-contract/computer-use.js';
 import type { _DiagnosticsClientMessages, _DiagnosticsServerMessages } from './ipc-contract/diagnostics.js';
 import type { _DocumentsClientMessages, _DocumentsServerMessages } from './ipc-contract/documents.js';
+import type { _GuardianActionsClientMessages, _GuardianActionsServerMessages } from './ipc-contract/guardian-actions.js';
 import type { _InboxClientMessages, _InboxServerMessages } from './ipc-contract/inbox.js';
 import type { _IntegrationsClientMessages, _IntegrationsServerMessages } from './ipc-contract/integrations.js';
 import type { _MemoryServerMessages } from './ipc-contract/memory.js';
@@ -83,6 +85,7 @@ export type ClientMessage =
   | _BrowserClientMessages
   | _SubagentsClientMessages
   | _DocumentsClientMessages
+  | _GuardianActionsClientMessages
   | _WorkspaceClientMessages
   | _SchedulesClientMessages
   | _DiagnosticsClientMessages
@@ -107,6 +110,7 @@ export type ServerMessage =
   | _BrowserServerMessages
   | _SubagentsServerMessages
   | _DocumentsServerMessages
+  | _GuardianActionsServerMessages
   | _MemoryServerMessages
   | _WorkspaceServerMessages
   | _SchedulesServerMessages

package/src/daemon/lifecycle.ts

@@ -54,10 +54,11 @@ import { createGuardianActionCopyGenerator, createGuardianFollowUpConversationGe
 import { initPairingHandlers } from './handlers/pairing.js';
 import { installCliLaunchers } from './install-cli-launchers.js';
 import type { ServerMessage } from './ipc-protocol.js';
+import { getMcpServerManager } from '../mcp/manager.js';
 import { initializeProvidersAndTools, registerMessagingProviders,registerWatcherProviders } from './providers-setup.js';
 import { seedInterfaceFiles } from './seed-files.js';
 import { DaemonServer } from './server.js';
-import { setGuardianActionCopyGenerator, setGuardianFollowUpConversationGenerator } from './session-process.js';
+import { setApprovalConversationGenerator, setGuardianActionCopyGenerator, setGuardianFollowUpConversationGenerator } from './session-process.js';
 import { initSlashPairingContext } from './session-slash.js';
 import { installShutdownHandlers } from './shutdown-handlers.js';
 
@@ -307,7 +308,11 @@ export async function runDaemon(): Promise<void> {
         server.persistAndProcessMessage(conversationId, content, attachmentIds, options, sourceChannel, sourceInterface),
       interfacesDir: getInterfacesDir(),
       approvalCopyGenerator: createApprovalCopyGenerator(),
-      approvalConversationGenerator: createApprovalConversationGenerator(),
+      approvalConversationGenerator: (() => {
+        const gen = createApprovalConversationGenerator();
+        setApprovalConversationGenerator(gen);
+        return gen;
+      })(),
       guardianActionCopyGenerator: (() => {
         const gen = createGuardianActionCopyGenerator();
         setGuardianActionCopyGenerator(gen);
@@ -394,6 +399,12 @@ export async function runDaemon(): Promise<void> {
     server.setHeartbeatService(heartbeat);
     log.info({ enabled: heartbeatConfig.enabled, intervalMs: heartbeatConfig.intervalMs }, 'Heartbeat service configured');
 
+    // Retrieve the MCP manager if MCP servers were configured.
+    // The manager is a singleton created during initializeProvidersAndTools().
+    const mcpManager = config.mcp?.servers && Object.keys(config.mcp.servers).length > 0
+      ? getMcpServerManager()
+      : null;
+
     installShutdownHandlers({
       server,
       workspaceHeartbeat,
@@ -403,6 +414,7 @@ export async function runDaemon(): Promise<void> {
       scheduler,
       memoryWorker,
       qdrantManager,
+      mcpManager,
       cleanupPidFile,
     });
   } catch (err) {

package/src/daemon/main.ts

@@ -1,4 +1,5 @@
 #!/usr/bin/env bun
+process.title = 'vellum-daemon';
 import * as Sentry from '@sentry/node';
 
 import { getLogger } from '../util/logger.js';

package/src/daemon/providers-setup.ts

@@ -1,4 +1,5 @@
 import type { AssistantConfig } from '../config/types.js';
+import { getMcpServerManager } from '../mcp/manager.js';
 import { gmailMessagingProvider } from '../messaging/providers/gmail/adapter.js';
 import { slackProvider as slackMessagingProvider } from '../messaging/providers/slack/adapter.js';
 import { smsMessagingProvider } from '../messaging/providers/sms/adapter.js';
@@ -6,7 +7,8 @@ import { telegramBotMessagingProvider } from '../messaging/providers/telegram-bo
 import { whatsappMessagingProvider } from '../messaging/providers/whatsapp/adapter.js';
 import { registerMessagingProvider } from '../messaging/registry.js';
 import { initializeProviders } from '../providers/registry.js';
-import { initializeTools } from '../tools/registry.js';
+import { createMcpToolsFromServer } from '../tools/mcp/mcp-tool-factory.js';
+import { initializeTools, registerMcpTools } from '../tools/registry.js';
 import { getLogger } from '../util/logger.js';
 import { initWatcherEngine } from '../watcher/engine.js';
 import { registerWatcherProvider } from '../watcher/provider-registry.js';
@@ -19,9 +21,32 @@ import { slackProvider as slackWatcherProvider } from '../watcher/providers/slac
 const log = getLogger('lifecycle');
 
 export async function initializeProvidersAndTools(config: AssistantConfig): Promise<void> {
+  console.log('[Daemon] Initializing providers and tools...');
   log.info('Daemon startup: initializing providers and tools');
   initializeProviders(config);
+  console.log('[Daemon] Providers initialized');
   await initializeTools();
+  console.log('[Daemon] Tools initialized');
+
+  // Start MCP servers and register their tools
+  if (config.mcp?.servers && Object.keys(config.mcp.servers).length > 0) {
+    console.log('[MCP] Initializing MCP servers:', Object.keys(config.mcp.servers).join(', '));
+    const manager = getMcpServerManager();
+    try {
+      const serverToolInfos = await manager.start(config.mcp);
+      for (const { serverId, serverConfig, tools } of serverToolInfos) {
+        console.log(`[MCP] Server "${serverId}" connected — discovered ${tools.length} tools:`, tools.map(t => t.name).join(', '));
+        const mcpTools = createMcpToolsFromServer(tools, serverId, serverConfig, manager);
+        registerMcpTools(mcpTools);
+        console.log(`[MCP] Registered ${mcpTools.length} tools from "${serverId}":`, mcpTools.map(t => t.name).join(', '));
+      }
+    } catch (err) {
+      console.error('[MCP] Server initialization failed:', err);
+      log.error({ err }, 'MCP server initialization failed — continuing without MCP tools');
+    }
+  }
+
+  console.log('[Daemon] Providers and tools initialization complete');
   log.info('Daemon startup: providers and tools initialized');
 }
 

package/src/daemon/server.ts

@@ -795,6 +795,7 @@ export class DaemonServer {
     const resolvedInterface = resolveTurnInterface(sourceInterface);
     session.setAssistantId(options?.assistantId ?? 'self');
     session.setGuardianContext(options?.guardianContext ?? null);
+    await session.ensureActorScopedHistory();
     session.setChannelCapabilities(resolveChannelCapabilities(sourceChannel, sourceInterface));
     session.setCommandIntent(options?.commandIntent ?? null);
     session.setTurnChannelContext({

package/src/daemon/session-lifecycle.ts

@@ -19,10 +19,38 @@ import { repairHistory } from './history-repair.js';
 import type { SurfaceData,SurfaceType, UsageStats } from './ipc-protocol.js';
 import { unregisterCallNotifiers,unregisterWatchNotifiers } from './session-notifiers.js';
 import type { MessageQueue } from './session-queue-manager.js';
+import type { GuardianRuntimeContext } from './session-runtime-assembly.js';
 import { resetSkillToolProjection } from './session-skill-tools.js';
 
 const log = getLogger('session-lifecycle');
 
+type GuardianActorRole = GuardianRuntimeContext['actorRole'];
+
+function parseProvenanceActorRole(metadata: string | null): GuardianActorRole | undefined {
+  if (!metadata) return undefined;
+  try {
+    const parsed = JSON.parse(metadata) as { provenanceActorRole?: unknown };
+    const role = parsed?.provenanceActorRole;
+    if (role === 'guardian' || role === 'non-guardian' || role === 'unverified_channel') {
+      return role;
+    }
+  } catch {
+    // Ignore malformed metadata and treat as unknown provenance.
+  }
+  return undefined;
+}
+
+function isUntrustedActorRole(role: GuardianActorRole | undefined): boolean {
+  return role === 'non-guardian' || role === 'unverified_channel';
+}
+
+function filterMessagesForUntrustedActor(messages: conversationStore.MessageRow[]): conversationStore.MessageRow[] {
+  return messages.filter((m) => {
+    const provenanceRole = parseProvenanceActorRole(m.metadata);
+    return provenanceRole === 'non-guardian' || provenanceRole === 'unverified_channel';
+  });
+}
+
 // ── Context Interfaces ───────────────────────────────────────────────
 
 export interface LoadFromDbContext {
@@ -31,6 +59,8 @@ export interface LoadFromDbContext {
   usageStats: UsageStats;
   contextCompactedMessageCount: number;
   contextCompactedAt: number | null;
+  guardianContext?: { actorRole: GuardianActorRole };
+  loadedHistoryActorRole?: GuardianActorRole;
 }
 
 export interface AbortContext {
@@ -59,15 +89,28 @@ export interface DisposeContext extends AbortContext {
 // ── loadFromDb ───────────────────────────────────────────────────────
 
 export async function loadFromDb(ctx: LoadFromDbContext): Promise<void> {
-  const dbMessages = conversationStore.getMessages(ctx.conversationId);
+  const actorRole = ctx.guardianContext?.actorRole;
+  const allDbMessages = conversationStore.getMessages(ctx.conversationId);
+  const dbMessages = isUntrustedActorRole(actorRole)
+    ? filterMessagesForUntrustedActor(allDbMessages)
+    : allDbMessages;
 
   const conv = conversationStore.getConversation(ctx.conversationId);
-  const contextSummary = conv?.contextSummary?.trim() || null;
-  ctx.contextCompactedMessageCount = Math.max(
-    0,
-    Math.min(conv?.contextCompactedMessageCount ?? 0, dbMessages.length),
-  );
-  ctx.contextCompactedAt = conv?.contextCompactedAt ?? null;
+  const contextSummary = !isUntrustedActorRole(actorRole)
+    ? conv?.contextSummary?.trim() || null
+    : null;
+  if (isUntrustedActorRole(actorRole)) {
+    // Compacted summaries may include trusted/guardian-only details, so we
+    // disable summary-based context for untrusted actor views.
+    ctx.contextCompactedMessageCount = 0;
+    ctx.contextCompactedAt = null;
+  } else {
+    ctx.contextCompactedMessageCount = Math.max(
+      0,
+      Math.min(conv?.contextCompactedMessageCount ?? 0, dbMessages.length),
+    );
+    ctx.contextCompactedAt = conv?.contextCompactedAt ?? null;
+  }
 
   const parsedMessages: Message[] = dbMessages
     .slice(ctx.contextCompactedMessageCount)
@@ -102,6 +145,8 @@ export async function loadFromDb(ctx: LoadFromDbContext): Promise<void> {
     };
   }
 
+  ctx.loadedHistoryActorRole = actorRole;
+
   log.info({ conversationId: ctx.conversationId, count: ctx.messages.length }, 'Loaded messages from DB');
 }
 

package/src/daemon/session-memory.ts

@@ -39,6 +39,16 @@ export interface MemoryPrepareContext {
   isInteractive?: boolean;
 }
 
+/**
+ * Returns true when the latest user turn is an internal tool-result-only
+ * message (no user-authored text/image content).
+ */
+function isToolResultOnlyUserTurn(message: Message | undefined): boolean {
+  return message?.role === 'user'
+    && message.content.length > 0
+    && message.content.every((block) => block.type === 'tool_result');
+}
+
 /**
  * Build memory recall, dynamic profile, and conflict gate evaluation
  * for a single agent loop turn. Returns the augmented run messages and
@@ -86,6 +96,41 @@ export async function prepareMemoryContext(
     };
   }
 
+  // Internal tool-result turns (assistant tool loop) should not trigger
+  // memory retrieval/profile injection. Injecting memory here repeats the
+  // same long recall block on every tool step and dramatically inflates
+  // per-step prompt size/latency.
+  const latestMessage = ctx.messages[ctx.messages.length - 1];
+  if (isToolResultOnlyUserTurn(latestMessage)) {
+    return {
+      runMessages: ctx.messages,
+      recall: {
+        enabled: false,
+        degraded: false,
+        injectedText: '',
+        lexicalHits: 0,
+        semanticHits: 0,
+        recencyHits: 0,
+        entityHits: 0,
+        relationSeedEntityCount: 0,
+        relationTraversedEdgeCount: 0,
+        relationNeighborEntityCount: 0,
+        relationExpandedItemCount: 0,
+        earlyTerminated: false,
+        mergedCount: 0,
+        selectedCount: 0,
+        rerankApplied: false,
+        injectedTokens: 0,
+        latencyMs: 0,
+        topCandidates: [],
+      } as Awaited<ReturnType<typeof buildMemoryRecall>>,
+      dynamicProfile: { text: '' },
+      softConflictInstruction: null,
+      recallInjectionStrategy: 'prepend_user_block',
+      conflictClarification: null,
+    };
+  }
+
   const runtimeConfig = getConfig();
   const memoryEnabled = runtimeConfig.memory?.enabled !== false;