@vellumai/assistant 0.3.19 → 0.3.21

package/src/runtime/routes/pairing-routes.ts

@@ -17,6 +17,8 @@ const log = getLogger('runtime-http');
 export interface PairingHandlerContext {
   pairingStore: PairingStore;
   bearerToken: string | undefined;
+  /** Feature-flag client token to include in pairing approval responses so iOS can PATCH flags. */
+  featureFlagToken: string | undefined;
   pairingBroadcast?: (msg: ServerMessage) => void;
 }
 
@@ -90,6 +92,7 @@ export async function handlePairingRequest(req: Request, ctx: PairingHandlerCont
         bearerToken: ctx.bearerToken,
         gatewayUrl: entry.gatewayUrl,
         localLanUrl: entry.localLanUrl,
+        ...(ctx.featureFlagToken ? { featureFlagToken: ctx.featureFlagToken } : {}),
       });
     }
 
@@ -138,6 +141,7 @@ export function handlePairingStatus(url: URL, ctx: PairingHandlerContext): Respo
       bearerToken: entry.bearerToken,
       gatewayUrl: entry.gatewayUrl,
       localLanUrl: entry.localLanUrl,
+      ...(ctx.featureFlagToken ? { featureFlagToken: ctx.featureFlagToken } : {}),
     });
   }
 

package/src/security/encrypted-store.ts

@@ -17,9 +17,9 @@ import {
   pbkdf2Sync,
   randomBytes,
 } from 'node:crypto';
-import { chmodSync,readFileSync, writeFileSync } from 'node:fs';
+import { chmodSync, readFileSync, renameSync, writeFileSync } from 'node:fs';
 import { hostname, userInfo } from 'node:os';
-import { dirname,join } from 'node:path';
+import { dirname, join } from 'node:path';
 
 import { ensureDir,pathExists } from '../util/fs.js';
 import { getLogger } from '../util/logger.js';
@@ -94,24 +94,40 @@ function deriveKey(salt: Buffer): Buffer {
 
 /**
  * Read result: distinguishes "file missing" from "file corrupt/unreadable".
- * - `null`: file does not exist (safe to create)
+ * - `null`: file does not exist or was corrupt (backed up and removed)
  * - `StoreFile`: successfully parsed
- * - throws: file exists but cannot be parsed (corrupt/invalid)
+ * - throws: transient I/O error from readFileSync (EACCES, EMFILE, EIO, etc.)
  */
 function readStore(): StoreFile | null {
   const path = getStorePath();
   if (!pathExists(path)) return null;
 
+  // Read outside the parse try/catch so transient filesystem errors (EACCES,
+  // EMFILE, EIO) propagate to callers instead of triggering corruption recovery.
   const raw = readFileSync(path, 'utf-8');
-  const parsed = JSON.parse(raw);
-  if (parsed.version !== 1 || typeof parsed.salt !== 'string' || typeof parsed.entries !== 'object') {
-    throw new Error('Encrypted store has invalid format');
+
+  try {
+    const parsed = JSON.parse(raw);
+    if (parsed.version !== 1 || typeof parsed.salt !== 'string' || typeof parsed.entries !== 'object') {
+      throw new Error('Encrypted store has invalid format');
+    }
+    // Use null-prototype object for entries to prevent prototype pollution
+    const safeEntries: Record<string, EncryptedEntry> = Object.create(null);
+    Object.assign(safeEntries, parsed.entries);
+    parsed.entries = safeEntries;
+    return parsed as StoreFile;
+  } catch (err) {
+    // Corrupted or invalid store file — back it up and start fresh so the
+    // daemon doesn't crash on every credential access.
+    const backupPath = `${path}.corrupt.${Date.now()}`;
+    log.error({ err, backupPath }, 'Encrypted store is corrupt — backing up and resetting');
+    try {
+      renameSync(path, backupPath);
+    } catch (renameErr) {
+      log.warn({ err: renameErr }, 'Failed to back up corrupt store file');
+    }
+    return null;
   }
-  // Use null-prototype object for entries to prevent prototype pollution
-  const safeEntries: Record<string, EncryptedEntry> = Object.create(null);
-  Object.assign(safeEntries, parsed.entries);
-  parsed.entries = safeEntries;
-  return parsed as StoreFile;
 }
 
 function writeStore(store: StoreFile): void {
@@ -123,11 +139,9 @@ function writeStore(store: StoreFile): void {
 }
 
 function getOrCreateStore(): StoreFile {
-  const path = getStorePath();
-  if (pathExists(path)) {
-    // File exists — must be parseable, otherwise fail to prevent data loss
-    return readStore()!;
-  }
+  const existing = readStore();
+  if (existing) return existing;
+
   const salt = randomBytes(SALT_LENGTH);
   const entries: Record<string, EncryptedEntry> = Object.create(null);
   const store: StoreFile = {

package/src/security/keychain.ts

@@ -4,17 +4,22 @@
  * - macOS: uses the `security` CLI to interact with Keychain
  * - Linux: uses `secret-tool` (libsecret) for GNOME/KDE keyrings
  *
- * All operations are synchronous to match the config loader's sync API.
+ * Sync variants (getKey, setKey, deleteKey) match the config loader's sync API.
+ * Async variants (getKeyAsync, setKeyAsync, deleteKeyAsync) avoid blocking
+ * the event loop and should be preferred for non-startup code paths.
+ *
  * Callers should check `isKeychainAvailable()` before use and fall back
  * to encrypted-at-rest storage when the keychain is not accessible.
  */
 
-import { execFileSync } from 'node:child_process';
+import { execFile, execFileSync } from 'node:child_process';
+import { promisify } from 'node:util';
 
 import { getLogger } from '../util/logger.js';
 import { isLinux,isMacOS } from '../util/platform.js';
 
 const log = getLogger('keychain');
+const execFileAsync = promisify(execFile);
 
 const SERVICE_NAME = 'vellum-assistant';
 
@@ -67,6 +72,29 @@ export function isKeychainAvailable(): boolean {
   }
 }
 
+/** Async version of `isKeychainAvailable` — probes without blocking the event loop. */
+export async function isKeychainAvailableAsync(): Promise<boolean> {
+  try {
+    if (deps.isMacOS()) {
+      await execFileAsync('security', ['list-keychains'], {
+        timeout: 5000,
+      });
+      return true;
+    }
+
+    if (deps.isLinux()) {
+      await execFileAsync('which', ['secret-tool'], {
+        timeout: 5000,
+      });
+      return true;
+    }
+
+    return false;
+  } catch {
+    return false;
+  }
+}
+
 /**
  * Retrieve a secret from the OS keychain.
  * Returns `null` if the key doesn't exist.
@@ -251,3 +279,149 @@ function linuxDeleteKey(account: string): boolean {
     return false;
   }
 }
+
+// ---------------------------------------------------------------------------
+// Async variants — non-blocking alternatives to the sync functions above.
+// Preferred for non-startup code paths to avoid blocking the event loop.
+// ---------------------------------------------------------------------------
+
+/**
+ * Async version of `getKey` — retrieve a secret without blocking the event loop.
+ * Returns `null` if the key doesn't exist.
+ * Throws on runtime errors (keychain unavailable, locked, etc.).
+ */
+export async function getKeyAsync(account: string): Promise<string | null> {
+  if (deps.isMacOS()) return macosGetKeyAsync(account);
+  if (deps.isLinux()) return linuxGetKeyAsync(account);
+  return null;
+}
+
+/**
+ * Async version of `setKey` — store a secret without blocking the event loop.
+ * Returns true on success, false on failure.
+ */
+export async function setKeyAsync(account: string, value: string): Promise<boolean> {
+  try {
+    if (deps.isMacOS()) return await macosSetKeyAsync(account, value);
+    if (deps.isLinux()) return await linuxSetKeyAsync(account, value);
+    return false;
+  } catch (err) {
+    log.warn({ err, account }, 'Failed to write to keychain');
+    return false;
+  }
+}
+
+/**
+ * Async version of `deleteKey` — delete a secret without blocking the event loop.
+ * Returns true on success, false if not found or on failure.
+ */
+export async function deleteKeyAsync(account: string): Promise<boolean> {
+  try {
+    if (deps.isMacOS()) return await macosDeleteKeyAsync(account);
+    if (deps.isLinux()) return await linuxDeleteKeyAsync(account);
+    return false;
+  } catch (err) {
+    log.debug({ err, account }, 'Failed to delete from keychain');
+    return false;
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Async macOS Keychain
+// ---------------------------------------------------------------------------
+
+async function macosGetKeyAsync(account: string): Promise<string | null> {
+  try {
+    const { stdout } = await execFileAsync('security', [
+      'find-generic-password',
+      '-s', SERVICE_NAME,
+      '-a', account,
+      '-w',
+    ], { timeout: 5000 });
+    return stdout.replace(/\n$/, '') || null;
+  } catch (err: unknown) {
+    // Exit code 44 = item not found — return null.
+    if (err && typeof err === 'object' && 'code' in err && (err as { code: number }).code === 44) {
+      return null;
+    }
+    throw err;
+  }
+}
+
+async function macosSetKeyAsync(account: string, value: string): Promise<boolean> {
+  try {
+    await execFileAsync('security', [
+      'add-generic-password',
+      '-s', SERVICE_NAME,
+      '-a', account,
+      '-w', value,
+      '-U',
+    ], { timeout: 5000 });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function macosDeleteKeyAsync(account: string): Promise<boolean> {
+  try {
+    await execFileAsync('security', [
+      'delete-generic-password',
+      '-s', SERVICE_NAME,
+      '-a', account,
+    ], { timeout: 5000 });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Async Linux via `secret-tool`
+// ---------------------------------------------------------------------------
+
+async function linuxGetKeyAsync(account: string): Promise<string | null> {
+  try {
+    const { stdout } = await execFileAsync('secret-tool', [
+      'lookup',
+      'service', SERVICE_NAME,
+      'account', account,
+    ], { timeout: 5000 });
+    return stdout.replace(/\n$/, '') || null;
+  } catch (err: unknown) {
+    if (err && typeof err === 'object' && 'code' in err && (err as { code: number }).code === 1) {
+      const stderr = String((err as { stderr?: unknown }).stderr ?? '').trim();
+      if (stderr.length > 0) throw err;
+      return null;
+    }
+    throw err;
+  }
+}
+
+async function linuxSetKeyAsync(account: string, value: string): Promise<boolean> {
+  // secret-tool reads the secret from stdin
+  return new Promise<boolean>((resolve) => {
+    const child = execFile('secret-tool', [
+      'store',
+      '--label', `${SERVICE_NAME}: ${account}`,
+      'service', SERVICE_NAME,
+      'account', account,
+    ], { timeout: 5000 }, (err) => {
+      resolve(!err);
+    });
+    child.stdin?.end(value);
+  });
+}
+
+async function linuxDeleteKeyAsync(account: string): Promise<boolean> {
+  try {
+    await execFileAsync('secret-tool', [
+      'clear',
+      'service', SERVICE_NAME,
+      'account', account,
+    ], { timeout: 5000 });
+    return true;
+  } catch {
+    return false;
+  }
+}

package/src/security/secure-keys.ts

@@ -30,6 +30,19 @@ function getBackend(): Backend {
   return resolvedBackend;
 }
 
+async function getBackendAsync(): Promise<Backend> {
+  if (resolvedBackend !== undefined) return resolvedBackend;
+
+  if (await keychain.isKeychainAvailableAsync()) {
+    log.debug('Using OS keychain for secure key storage');
+    resolvedBackend = 'keychain';
+  } else {
+    log.debug('OS keychain unavailable, using encrypted file storage');
+    resolvedBackend = 'encrypted';
+  }
+  return resolvedBackend;
+}
+
 /**
  * Try a keychain operation; on failure, permanently downgrade to encrypted
  * backend and retry. This handles systems where the keychain CLI exists
@@ -167,6 +180,90 @@ export function isDowngradedFromKeychain(): boolean {
   return downgradedFromKeychain;
 }
 
+// ---------------------------------------------------------------------------
+// Async variants — non-blocking alternatives that avoid blocking the event
+// loop during keychain operations. Preferred for non-startup code paths.
+// ---------------------------------------------------------------------------
+
+/**
+ * Async version of `getSecureKey` — retrieve a secret without blocking.
+ */
+export async function getSecureKeyAsync(account: string): Promise<string | undefined> {
+  const backend = await getBackendAsync();
+  if (backend === 'keychain') {
+    try {
+      return (await keychain.getKeyAsync(account)) ?? undefined;
+    } catch {
+      log.warn('Keychain read failed at runtime, falling back to encrypted file storage');
+      resolvedBackend = 'encrypted';
+      downgradedFromKeychain = true;
+      return encryptedStore.getKey(account);
+    }
+  }
+  if (backend === 'encrypted') {
+    const value = encryptedStore.getKey(account);
+    if (value === undefined && downgradedFromKeychain) {
+      try {
+        return (await keychain.getKeyAsync(account)) ?? undefined;
+      } catch {
+        return undefined;
+      }
+    }
+    return value;
+  }
+  return undefined;
+}
+
+/**
+ * Async version of `setSecureKey` — store a secret without blocking.
+ */
+export async function setSecureKeyAsync(account: string, value: string): Promise<boolean> {
+  const backend = await getBackendAsync();
+  if (backend === 'encrypted') return encryptedStore.setKey(account, value);
+  if (backend !== 'keychain') return false;
+
+  const result = await keychain.setKeyAsync(account, value);
+  if (result === false) {
+    log.warn('Keychain operation failed at runtime, falling back to encrypted file storage');
+    resolvedBackend = 'encrypted';
+    downgradedFromKeychain = true;
+    return encryptedStore.setKey(account, value);
+  }
+  return result;
+}
+
+/**
+ * Async version of `deleteSecureKey` — delete a secret without blocking.
+ */
+export async function deleteSecureKeyAsync(account: string): Promise<boolean> {
+  const backend = await getBackendAsync();
+  if (backend === 'encrypted') {
+    const result = encryptedStore.deleteKey(account);
+    if (downgradedFromKeychain) {
+      await keychain.deleteKeyAsync(account); // best-effort
+    }
+    return result;
+  }
+  if (backend !== 'keychain') return false;
+
+  try {
+    if ((await keychain.getKeyAsync(account)) == null) {
+      return false;
+    }
+  } catch {
+    // fall through
+  }
+
+  const result = await keychain.deleteKeyAsync(account);
+  if (result === false) {
+    log.warn('Keychain operation failed at runtime, falling back to encrypted file storage');
+    resolvedBackend = 'encrypted';
+    downgradedFromKeychain = true;
+    return encryptedStore.deleteKey(account);
+  }
+  return result;
+}
+
 /** @internal Test-only: reset the cached backend so it's re-evaluated. */
 export function _resetBackend(): void {
   resolvedBackend = undefined;

package/src/security/tool-approval-digest.ts

@@ -27,7 +27,7 @@ export function canonicalJsonSerialize(value: unknown): string {
 }
 
 function sortKeysDeep(value: unknown): unknown {
-  if (value === null || value === undefined) return value;
+  if (value == null) return value;
 
   if (Array.isArray(value)) {
     return value.map(sortKeysDeep);

package/src/tools/browser/browser-execution.ts

@@ -12,7 +12,7 @@ import {
 import type { ToolContext, ToolExecutionResult } from '../types.js';
 import { detectAuthChallenge, detectCaptchaChallenge, formatAuthChallenge } from './auth-detector.js';
 import type { PageResponse,RouteHandler } from './browser-manager.js';
-import { browserManager } from './browser-manager.js';
+import { browserManager, SCREENCAST_HEIGHT,SCREENCAST_WIDTH } from './browser-manager.js';
 import {
   ensureScreencast,
   getElementBounds,
@@ -770,7 +770,7 @@ export async function executeBrowserScroll(
       if (bounds) {
         // Convert screencast coords back to page coords for mouse.move
         const result = await page.evaluate(`(() => ({ vw: window.innerWidth, vh: window.innerHeight }))()`) as { vw: number; vh: number };
-        const scale = Math.min(1280 / result.vw, 960 / result.vh);
+        const scale = Math.min(SCREENCAST_WIDTH / result.vw, SCREENCAST_HEIGHT / result.vh);
         const pageX = (bounds.x + bounds.w / 2) / scale;
         const pageY = (bounds.y + bounds.h / 2) / scale;
         await page.mouse.move(pageX, pageY);

package/src/tools/browser/browser-manager.ts

@@ -10,6 +10,11 @@ import { checkBrowserRuntime } from './runtime-check.js';
 
 const log = getLogger('browser-manager');
 
+// Screencast capture dimensions — used by coordinate math across the browser module
+// to map between page coordinates and screencast-frame coordinates.
+export const SCREENCAST_WIDTH = 800;
+export const SCREENCAST_HEIGHT = 600;
+
 function getDownloadsDir(): string {
   const dir = join(getDataDir(), 'browser-downloads');
   mkdirSync(dir, { recursive: true });
@@ -20,6 +25,7 @@ export type DownloadInfo = { path: string; filename: string };
 
 type BrowserContext = {
   newPage(): Promise<Page>;
+  pages?(): Page[];
   close(): Promise<void>;
 };
 
@@ -253,32 +259,11 @@ class BrowserManager {
           }
         }
 
-        // If a client is connected, launch headed Chromium (minimized) so the user
-        // can interact directly when handoff triggers (e.g. CAPTCHAs).
-        // The window stays offscreen until bringToFront() is called during handoff.
-        const hasSender = !!(invokingSessionId && this.sessionSenders.get(invokingSessionId));
-        if (hasSender && this._browserMode === 'headless') {
-          try {
-            const pw2 = await import('playwright');
-            const headedBrowser = await pw2.chromium.launch({
-              channel: 'chrome',
-              headless: false,
-              args: [
-                '--window-position=-32000,-32000',
-                '--window-size=1,1',
-                '--disable-blink-features=AutomationControlled',
-              ],
-            });
-            const ctx = headedBrowser.contexts()[0] || await headedBrowser.newContext();
-            this.cdpBrowser = headedBrowser as unknown as typeof this.cdpBrowser;
-            this._browserLaunched = true;
-            this.setBrowserMode('cdp');
-            await this.initBrowserCdpSession();
-            log.info('Launched headed Chromium (minimized) for interactive handoff support');
-            return ctx as unknown as BrowserContext;
-          } catch (err2) {
-            log.warn({ err: err2 }, 'Headed Chromium launch failed, falling back to headless');
-          }
+        if (invokingSessionId && this.sessionSenders.get(invokingSessionId) && this._browserMode === 'headless') {
+          log.info(
+            { sessionId: invokingSessionId },
+            'CDP unavailable/declined; staying in headless mode (no visible browser window will be auto-launched)',
+          );
         }
       }
 
@@ -380,7 +365,26 @@ class BrowserManager {
     this.snapshotMaps.delete(sessionId);
     await this.stopScreencast(sessionId);
 
-    const page = await context.newPage();
+    let page: Page | undefined;
+
+    // In connectOverCDP mode, Chrome often starts with a pre-opened blank tab.
+    // Only reuse blank/new-tab pages to avoid hijacking active user tabs, which
+    // could cause user-visible disruption or data loss when the session closes.
+    if (this._browserMode === 'cdp' && !this._browserLaunched && typeof context.pages === 'function') {
+      const BLANK_TAB_URLS = new Set(['about:blank', 'chrome://newtab/', 'chrome://new-tab-page/']);
+      const claimedPages = new Set(this.pages.values());
+      const reusable = context.pages().find((p) => {
+        if (p.isClosed() || claimedPages.has(p)) return false;
+        const url = p.url();
+        return BLANK_TAB_URLS.has(url) || url === '';
+      });
+      if (reusable) {
+        page = reusable;
+        log.debug({ sessionId, url: reusable.url() }, 'Reusing blank CDP tab instead of creating a new page');
+      }
+    }
+
+    page ??= await context.newPage();
     this.pages.set(sessionId, page);
     this.rawPages.set(sessionId, page);
 
@@ -509,17 +513,27 @@ class BrowserManager {
     this.cdpSessions.set(sessionId, cdp);
     this.screencastCallbacks.set(sessionId, onFrame);
 
+    // Keep screencast intentionally low-frequency to avoid Chrome renderer /
+    // WindowServer spikes while users type in interactive auth flows.
+    const MIN_FRAME_INTERVAL_MS = 1000;
+    let lastFrameTime = 0;
+
     cdp.on('Page.screencastFrame', (params) => {
-      onFrame({ data: params.data as string, metadata: params.metadata as ScreencastFrameMetadata });
+      const now = Date.now();
+      if (now - lastFrameTime >= MIN_FRAME_INTERVAL_MS) {
+        lastFrameTime = now;
+        onFrame({ data: params.data as string, metadata: params.metadata as ScreencastFrameMetadata });
+      }
+      // Always ack so CDP continues delivering frames (otherwise it stalls)
       silentlyWithLog(cdp.send('Page.screencastFrameAck', { sessionId: params.sessionId }), 'screencast frame ack');
     });
 
     await cdp.send('Page.startScreencast', {
       format: 'jpeg',
-      quality: 60,
-      maxWidth: 1280,
-      maxHeight: 960,
-      everyNthFrame: 1,
+      quality: 30,
+      maxWidth: SCREENCAST_WIDTH,
+      maxHeight: SCREENCAST_HEIGHT,
+      everyNthFrame: 4,
     });
   }
 

package/src/tools/browser/browser-screencast.ts

@@ -1,7 +1,7 @@
 import { v4 as uuid } from 'uuid';
 
 import type { BrowserFrame, BrowserViewSurfaceData, ServerMessage } from '../../daemon/ipc-contract.js';
-import { browserManager } from './browser-manager.js';
+import { browserManager, SCREENCAST_HEIGHT,SCREENCAST_WIDTH } from './browser-manager.js';
 
 // Track active screencast sessions
 const activeScreencasts = new Map<string, { surfaceId: string }>();
@@ -161,7 +161,7 @@ export async function getElementBounds(
       })()
     `) as { x: number; y: number; w: number; h: number; vw: number; vh: number } | null;
     if (!result) return null;
-    const scale = Math.min(1280 / result.vw, 960 / result.vh);
+    const scale = Math.min(SCREENCAST_WIDTH / result.vw, SCREENCAST_HEIGHT / result.vh);
     return {
       x: result.x * scale,
       y: result.y * scale,

package/src/tools/calls/call-start.ts

@@ -23,7 +23,7 @@ export async function executeCallStart(
       return {
         content: [
           'Error: A guardian voice verification call is already active for this number.',
-          'Use the guardian outbound verification flow (`/v1/integrations/guardian/outbound/start` or `/resend`) and wait for completion before using `call_start`.',
+          'Use the guardian outbound verification flow via the gateway API (`/v1/integrations/guardian/outbound/start` or `/resend`) and wait for completion before using `call_start`.',
         ].join(' '),
         isError: true,
       };

package/src/tools/executor.ts

@@ -58,7 +58,7 @@ export class ToolExecutor {
 
     // Run pre-execution approval gates (abort, parental controls, guardian
     // policy, allowed-tool-set, task-run preflight, tool registry lookup).
-    const gateResult = this.approvalHandler.checkPreExecutionGates(
+    const gateResult = await this.approvalHandler.checkPreExecutionGates(
       name, input, context, executionTarget, riskLevel, startTime,
       (event) => emitLifecycleEvent(context, event),
     );
@@ -70,24 +70,29 @@ export class ToolExecutor {
     const tool = gateResult.tool;
 
     try {
-      // Check permissions via the extracted PermissionChecker
-      const permResult = await this.permissionChecker.checkPermission(
-        name,
-        input,
-        tool,
-        context,
-        executionTarget,
-        (event) => emitLifecycleEvent(context, event),
-        sanitizeToolInput,
-        startTime,
-        computePreviewDiff,
-      );
+      // A consumed scoped grant is a complete authorization — skip the
+      // interactive permission/prompt flow so non-interactive sessions
+      // don't auto-deny prompt-gated tools and burn the one-time grant.
+      if (!gateResult.grantConsumed) {
+        // Check permissions via the extracted PermissionChecker
+        const permResult = await this.permissionChecker.checkPermission(
+          name,
+          input,
+          tool,
+          context,
+          executionTarget,
+          (event) => emitLifecycleEvent(context, event),
+          sanitizeToolInput,
+          startTime,
+          computePreviewDiff,
+        );
 
-      riskLevel = permResult.riskLevel;
-      decision = permResult.decision;
+        riskLevel = permResult.riskLevel;
+        decision = permResult.decision;
 
-      if (!permResult.allowed) {
-        return { content: permResult.content, isError: true };
+        if (!permResult.allowed) {
+          return { content: permResult.content, isError: true };
+        }
       }
 
       const hookResult = await getHookManager().trigger('pre-tool-execute', {