@vellumai/assistant 0.3.2 → 0.3.3

package/src/__tests__/ingress-url-consistency.test.ts

@@ -211,4 +211,68 @@ describe('Ingress URL consistency between assistant and gateway', () => {
 
     expect(gatewayCanonical).toBe(callbackUrl);
   });
+
+  // ── SMS-specific URL consistency ──────────────────────────────────
+
+  test('SMS webhook URL consistency: gateway signature URL matches configured ingress', () => {
+    const publicBase = 'https://sms-gateway.example.com';
+    const authToken = 'test-sms-auth-token';
+
+    // The gateway registers /webhooks/twilio/sms with Twilio. Twilio signs
+    // inbound SMS requests against the full public URL.
+    const smsWebhookUrl = `${publicBase}/webhooks/twilio/sms`;
+
+    const params = {
+      Body: 'hello',
+      From: '+15551234567',
+      To: '+15559876543',
+      MessageSid: 'SM123',
+    };
+    const twilioSignature = computeTwilioSignature(smsWebhookUrl, params, authToken);
+
+    // Gateway receives the request on its local address and reconstructs
+    // the canonical URL using the configured ingress base.
+    const localUrl = 'http://127.0.0.1:7830/webhooks/twilio/sms';
+    const canonicalUrl = reconstructGatewayCanonicalUrl(publicBase, localUrl);
+
+    expect(canonicalUrl).toBe(smsWebhookUrl);
+
+    const recomputed = computeTwilioSignature(canonicalUrl, params, authToken);
+    expect(recomputed).toBe(twilioSignature);
+  });
+
+  test('SMS webhook signature fails when ingress URL is not configured (fail-visible)', () => {
+    const publicBase = 'https://sms-gateway.example.com';
+    const authToken = 'test-sms-auth-token';
+
+    const smsWebhookUrl = `${publicBase}/webhooks/twilio/sms`;
+    const params = { Body: 'test', From: '+15550001111', MessageSid: 'SM456' };
+    const twilioSignature = computeTwilioSignature(smsWebhookUrl, params, authToken);
+
+    // Without ingress config, the gateway uses the local URL — signature mismatch.
+    const localUrl = 'http://127.0.0.1:7830/webhooks/twilio/sms';
+    const canonicalWithout = reconstructGatewayCanonicalUrl(undefined, localUrl);
+    const recomputedWithout = computeTwilioSignature(canonicalWithout, params, authToken);
+    expect(recomputedWithout).not.toBe(twilioSignature);
+  });
+
+  test('all Twilio webhook paths share the /webhooks/twilio/ prefix consistently', () => {
+    const config: IngressConfig = {
+      ingress: { publicBaseUrl: 'https://consistent.example.com' },
+    };
+    const base = getPublicBaseUrl(config);
+
+    // Document the path contract: all Twilio webhooks live under /webhooks/twilio/
+    const voiceUrl = getTwilioVoiceWebhookUrl(config, 'sess');
+    const statusUrl = getTwilioStatusCallbackUrl(config);
+
+    // Verify they all share the same base and prefix
+    expect(voiceUrl).toStartWith(`${base}/webhooks/twilio/`);
+    expect(statusUrl).toStartWith(`${base}/webhooks/twilio/`);
+
+    // SMS is currently handled at the gateway level (/webhooks/twilio/sms)
+    // but the path pattern is the same
+    const smsUrl = `${base}/webhooks/twilio/sms`;
+    expect(smsUrl).toStartWith(`${base}/webhooks/twilio/`);
+  });
 });

package/src/__tests__/ipc-snapshot.test.ts

@@ -378,6 +378,10 @@ const clientMessages: Record<ClientMessageType, ClientMessage> = {
     type: 'telegram_config',
     action: 'get',
   },
+  twilio_config: {
+    type: 'twilio_config',
+    action: 'get',
+  },
   guardian_verification: {
     type: 'guardian_verification',
     action: 'create_challenge',
@@ -1218,6 +1222,12 @@ const serverMessages: Record<ServerMessageType, ServerMessage> = {
     connected: true,
     hasWebhookSecret: true,
   },
+  twilio_config_response: {
+    type: 'twilio_config_response',
+    success: true,
+    hasCredentials: true,
+    phoneNumber: '+15551234567',
+  },
   guardian_verification_response: {
     type: 'guardian_verification_response',
     success: true,

package/src/__tests__/run-orchestrator.test.ts

@@ -1,4 +1,4 @@
-import { describe, test, expect, beforeEach, afterAll, mock, spyOn } from 'bun:test';
+import { describe, test, expect, beforeEach, afterAll, mock } from 'bun:test';
 import { mkdtempSync, rmSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';

package/src/__tests__/session-process-bridge.test.ts

@@ -33,6 +33,7 @@ mock.module('../config/loader.js', () => ({
     provider: 'anthropic',
     memory: { enabled: false },
     calls: { enabled: false },
+    contextWindow: { maxInputTokens: 200000 },
   }),
 }));
 
@@ -75,6 +76,7 @@ function createMockSession(overrides?: Partial<ProcessSessionContext>): ProcessS
     traceEmitter: {
       emit: () => {},
     } as unknown as ProcessSessionContext['traceEmitter'],
+    usageStats: { inputTokens: 0, outputTokens: 0, estimatedCost: 0 },
     persistUserMessage: mock((_content: string, _attachments: unknown[], _requestId?: string) => 'mock-msg-id'),
     runAgentLoop: mock(async () => {}),
     ...overrides,

package/src/__tests__/tool-permission-simulate-handler.test.ts

@@ -314,9 +314,9 @@ describe('tool_permission_simulate handler', () => {
 
     const res = getResponse(sent);
     expect(res.success).toBe(true);
-    // The sandbox-scoped rule should not match a host tool
+    // The sandbox-scoped allow rule should not match a host tool — falls
+    // through to the default ask rule instead.
     expect(res.decision).toBe('prompt');
-    expect(res.matchedRuleId).toBeUndefined();
     expect(res.executionTarget).toBe('host');
   });
 

package/src/calls/twilio-config.ts

@@ -16,8 +16,17 @@ export interface TwilioConfig {
 export function getTwilioConfig(): TwilioConfig {
   const accountSid = getSecureKey('credential:twilio:account_sid');
   const authToken = getSecureKey('credential:twilio:auth_token');
-  const phoneNumber = process.env.TWILIO_PHONE_NUMBER || getSecureKey('credential:twilio:phone_number') || '';
   const config = loadConfig();
+
+  // Phone number resolution priority:
+  // 1. TWILIO_PHONE_NUMBER env var (explicit override)
+  // 2. config file sms.phoneNumber (primary storage)
+  // 3. credential:twilio:phone_number secure key (backward-compat fallback)
+  const phoneNumber =
+    process.env.TWILIO_PHONE_NUMBER ||
+    config.sms?.phoneNumber ||
+    getSecureKey('credential:twilio:phone_number') ||
+    '';
   const webhookBaseUrl = getPublicBaseUrl(config);
 
   // Always use the centralized relay URL derived from the public ingress base URL.

package/src/calls/twilio-rest.ts

@@ -154,3 +154,73 @@ export async function provisionPhoneNumber(
     capabilities: { voice: data.capabilities.voice, sms: data.capabilities.sms },
   };
 }
+
+export interface WebhookUrls {
+  voiceUrl: string;
+  statusCallbackUrl: string;
+  smsUrl: string;
+}
+
+/**
+ * Update the webhook URLs on a Twilio IncomingPhoneNumber.
+ *
+ * Configures voice webhook, voice status callback, and SMS webhook so
+ * that Twilio routes inbound calls and messages to the assistant's
+ * gateway endpoints.
+ */
+export async function updatePhoneNumberWebhooks(
+  accountSid: string,
+  authToken: string,
+  phoneNumber: string,
+  webhooks: WebhookUrls,
+): Promise<void> {
+  // First, find the SID for this phone number
+  const listRes = await fetch(
+    `${twilioBaseUrl(accountSid)}/IncomingPhoneNumbers.json?PhoneNumber=${encodeURIComponent(phoneNumber)}`,
+    {
+      method: 'GET',
+      headers: { Authorization: twilioAuthHeader(accountSid, authToken) },
+    },
+  );
+
+  if (!listRes.ok) {
+    const text = await listRes.text();
+    throw new Error(`Twilio API error ${listRes.status} looking up phone number: ${text}`);
+  }
+
+  const listData = (await listRes.json()) as {
+    incoming_phone_numbers: Array<{ sid: string; phone_number: string }>;
+  };
+
+  const match = listData.incoming_phone_numbers.find((n) => n.phone_number === phoneNumber);
+  if (!match) {
+    throw new Error(`Phone number ${phoneNumber} not found on Twilio account ${accountSid}`);
+  }
+
+  // Update the phone number's webhook configuration
+  const body = new URLSearchParams({
+    VoiceUrl: webhooks.voiceUrl,
+    VoiceMethod: 'POST',
+    StatusCallback: webhooks.statusCallbackUrl,
+    StatusCallbackMethod: 'POST',
+    SmsUrl: webhooks.smsUrl,
+    SmsMethod: 'POST',
+  });
+
+  const updateRes = await fetch(
+    `${twilioBaseUrl(accountSid)}/IncomingPhoneNumbers/${match.sid}.json`,
+    {
+      method: 'POST',
+      headers: {
+        Authorization: twilioAuthHeader(accountSid, authToken),
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      body: body.toString(),
+    },
+  );
+
+  if (!updateRes.ok) {
+    const text = await updateRes.text();
+    throw new Error(`Twilio API error ${updateRes.status} updating webhooks: ${text}`);
+  }
+}

package/src/config/bundled-skills/email-setup/SKILL.md

@@ -0,0 +1,56 @@
+---
+name: "Email Setup"
+description: "Create the assistant's own email address via the Vellum hosted API (one-time setup)"
+user-invocable: true
+metadata: {"vellum": {"emoji": "📧"}}
+---
+
+You are setting up your own personal email address. This is a one-time operation — once you have an email, you do not need to run this again.
+
+## Prerequisites
+
+Only proceed if the user explicitly asks you to create or set up your email address. Do NOT proactively run this skill.
+
+## Step 1: Check if Email Already Exists
+
+Before doing anything, check whether you already have an email address configured:
+
+```bash
+vellum email status
+```
+
+This will return your email address, the callback URL that inbound email will hit, and the path to the inbox locally. If you already have an email address, tell the user your existing email address and stop — do NOT create another one.
+
+## Step 2: Create Your Email
+
+Call the Vellum hosted API to provision your email. Use `host_bash` to make the request:
+
+```bash
+vellum email create <your-username>
+```
+
+For `<your-username>`, use your assistant name (lowercased, alphanumeric only). Check your identity from `IDENTITY.md` or `USER.md` to determine your name. If you don't have a name yet, ask the user what username they'd like for your email.
+
+## Step 3: Confirm Setup
+
+After the inbox is created successfully:
+
+1. Parse the command output to extract your new email address.
+2. Tell the user your new email address.
+3. Store a note in your memory or `USER.md` that your email has been provisioned so you remember it in future conversations.
+
+## Rules
+
+- **One-time only.** If an inbox already exists (Step 1), do not create another. Inform the user of the existing address.
+- **User-initiated only.** Never run this skill unless the user asks you to set up or create an email.
+- **No custom domains.** Use the default provider domain. Do not attempt domain setup.
+- **No API key prompting.** The email API key should already be configured. If the `vellum email` command fails with an API key error, tell the user the email integration is not yet configured and ask them to set it up.
+
+## Troubleshooting
+
+### API key not configured
+If you get an error about a missing API key, the email provider has not been set up. Tell the user:
+> "Email isn't configured yet. Please set up the email integration first."
+
+### Inbox creation failed
+If inbox creation returns an error (e.g. username taken), try a variation of the name (append a number or use a nickname) and retry once. If it still fails, report the error to the user.

package/src/config/bundled-skills/subagent/SKILL.md

@@ -18,6 +18,10 @@ Subagents follow this status flow: `pending` -> `running` -> `completed` / `fail
 
 Only the parent session that spawned a subagent can interact with it (check status, send messages, abort, or read output).
 
+## Silent Mode
+
+Set `send_result_to_user: false` when spawning a subagent whose result is for internal processing only. The parent will still be notified on completion, but the notification will instruct it to read the result without presenting it to the user.
+
 ## Tips
 
 - Do NOT poll `subagent_status` in a loop. You will be notified automatically when a subagent completes.

package/src/config/bundled-skills/subagent/TOOLS.json

@@ -20,6 +20,10 @@
           "context": {
             "type": "string",
             "description": "Optional additional context to pass to the subagent"
+          },
+          "send_result_to_user": {
+            "type": "boolean",
+            "description": "Whether to present the subagent's result to the user when it completes. Defaults to true. Set to false for internal/silent processing."
           }
         },
         "required": ["label", "objective"]

package/src/config/schema.ts

@@ -1066,6 +1066,9 @@ export const SmsConfigSchema = z.object({
   phoneNumber: z
     .string({ error: 'sms.phoneNumber must be a string' })
     .default(''),
+  assistantPhoneNumbers: z
+    .record(z.string(), z.string({ error: 'sms.assistantPhoneNumbers values must be strings' }))
+    .optional(),
 });
 
 const IngressBaseSchema = z.object({

package/src/config/vellum-skills/twilio-setup/SKILL.md

@@ -82,7 +82,14 @@ If the user wants to buy a new number through Twilio, send:
 - `areaCode` is optional — ask the user if they have a preferred area code
 - `country` defaults to `"US"` — ask if they want a different country (ISO 3166-1 alpha-2)
 
-The daemon provisions the number via the Twilio API and automatically assigns it to the assistant. The response includes the new `phoneNumber`.
+The daemon provisions the number via the Twilio API, automatically assigns it to the assistant (persisting to both secure storage and config), and configures Twilio webhooks (voice, status callback, SMS) if a public ingress URL is available. The response includes the new `phoneNumber`. No separate `assign_number` call is needed.
+
+**Webhook auto-configuration:** When `ingress.publicBaseUrl` is configured, the daemon automatically sets the following webhooks on the Twilio phone number:
+- Voice webhook: `{publicBaseUrl}/webhooks/twilio/voice`
+- Voice status callback: `{publicBaseUrl}/webhooks/twilio/status`
+- SMS webhook: `{publicBaseUrl}/webhooks/twilio/sms`
+
+If ingress is not yet configured, webhook setup is skipped gracefully — the number is still assigned and usable once ingress is set up later.
 
 **Trial account note:** Twilio trial accounts come with one free phone number. Check "Active Numbers" in the Twilio Console first before provisioning.
 
@@ -109,7 +116,7 @@ Then assign the chosen number:
 }
 ```
 
-The phone number must be in E.164 format.
+The phone number must be in E.164 format. Like `provision_number`, `assign_number` also auto-configures Twilio webhooks when a public ingress URL is available.
 
 ### Option C: Manual Entry
 
@@ -146,13 +153,13 @@ If not configured, load and run the public-ingress skill:
 skill_load skill=public-ingress
 ```
 
-**Twilio webhook endpoints (handled automatically by the gateway):**
+**Twilio webhook endpoints (auto-configured on provision/assign):**
 - Voice webhook: `{publicBaseUrl}/webhooks/twilio/voice`
 - Voice status callback: `{publicBaseUrl}/webhooks/twilio/status`
 - ConversationRelay WebSocket: `{publicBaseUrl}/webhooks/twilio/relay` (wss://)
 - SMS webhook: `{publicBaseUrl}/webhooks/twilio/sms`
 
-No manual Twilio webhook configuration is needed — webhook URLs are registered dynamically.
+Webhook URLs are automatically configured on the Twilio phone number when `provision_number` or `assign_number` is called with a valid ingress URL. No manual Twilio Console webhook configuration is needed.
 
 ## Step 5: Verify Setup
 

package/src/daemon/handlers/config.ts

@@ -5,7 +5,7 @@ import { addRule, removeRule, updateRule, getAllRules, acceptStarterBundle } fro
 import { classifyRisk, check, generateAllowlistOptions, generateScopeOptions } from '../../permissions/checker.js';
 import { isSideEffectTool } from '../../tools/executor.js';
 import { resolveExecutionTarget } from '../../tools/execution-target.js';
-import { getAllTools, getTool } from '../../tools/registry.js';
+import { getAllTools } from '../../tools/registry.js';
 import { listSchedules, updateSchedule, deleteSchedule, describeCronExpression } from '../../schedule/schedule-store.js';
 import { listReminders, cancelReminder } from '../../tools/reminder/reminder-store.js';
 import { getSecureKey, setSecureKey, deleteSecureKey } from '../../security/secure-keys.js';
@@ -37,7 +37,14 @@ import {
   listIncomingPhoneNumbers,
   searchAvailableNumbers,
   provisionPhoneNumber,
+  updatePhoneNumberWebhooks,
 } from '../../calls/twilio-rest.js';
+import {
+  getTwilioVoiceWebhookUrl,
+  getTwilioStatusCallbackUrl,
+  getTwilioSmsWebhookUrl,
+  type IngressConfig,
+} from '../../inbound/public-ingress-urls.js';
 import { createVerificationChallenge, getGuardianBinding, revokeBinding as revokeGuardianBinding } from '../../runtime/channel-guardian-service.js';
 import { log, CONFIG_RELOAD_DEBOUNCE_MS, defineHandlers, type HandlerContext } from './shared.js';
 import { MODEL_TO_PROVIDER } from '../session-slash.js';
@@ -509,11 +516,46 @@ function triggerGatewayReconcile(ingressPublicBaseUrl: string | undefined): void
   });
 }
 
-export function handleIngressConfig(
+/**
+ * Best-effort Twilio webhook sync helper.
+ *
+ * Computes the voice, status-callback, and SMS webhook URLs from the current
+ * ingress config and pushes them to the Twilio IncomingPhoneNumber API.
+ *
+ * Returns `{ success, warning }`. When the update fails, `success` is false
+ * and `warning` contains a human-readable message. Callers should treat
+ * failure as non-fatal so that the primary operation (provision, assign,
+ * ingress save) still succeeds.
+ */
+async function syncTwilioWebhooks(
+  phoneNumber: string,
+  accountSid: string,
+  authToken: string,
+  ingressConfig: IngressConfig,
+): Promise<{ success: boolean; warning?: string }> {
+  try {
+    const voiceUrl = getTwilioVoiceWebhookUrl(ingressConfig);
+    const statusCallbackUrl = getTwilioStatusCallbackUrl(ingressConfig);
+    const smsUrl = getTwilioSmsWebhookUrl(ingressConfig);
+    await updatePhoneNumberWebhooks(accountSid, authToken, phoneNumber, {
+      voiceUrl,
+      statusCallbackUrl,
+      smsUrl,
+    });
+    log.info({ phoneNumber }, 'Twilio webhooks configured successfully');
+    return { success: true };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    log.warn({ err, phoneNumber }, `Webhook configuration skipped: ${message}`);
+    return { success: false, warning: `Webhook configuration skipped: ${message}` };
+  }
+}
+
+export async function handleIngressConfig(
   msg: IngressConfigRequest,
   socket: net.Socket,
   ctx: HandlerContext,
-): void {
+): Promise<void> {
   const localGatewayTarget = computeGatewayTarget();
   try {
     if (msg.action === 'get') {
@@ -584,6 +626,24 @@ export function handleIngressConfig(
       // fallback branch above) rather than the raw `value` from the UI.
       const effectiveUrl = isEnabled ? process.env.INGRESS_PUBLIC_BASE_URL : undefined;
       triggerGatewayReconcile(effectiveUrl);
+
+      // Best-effort Twilio webhook reconciliation: when ingress is being
+      // enabled/updated and a Twilio number is assigned with valid credentials,
+      // push the new webhook URLs to Twilio so calls and SMS route correctly.
+      if (isEnabled && hasTwilioCredentials()) {
+        const currentConfig = loadRawConfig();
+        const smsConfig = (currentConfig?.sms ?? {}) as Record<string, unknown>;
+        const assignedNumber = (smsConfig.phoneNumber as string) ?? '';
+        if (assignedNumber) {
+          const acctSid = getSecureKey('credential:twilio:account_sid')!;
+          const acctToken = getSecureKey('credential:twilio:auth_token')!;
+          // Fire-and-forget: webhook sync failure must not block the ingress save
+          syncTwilioWebhooks(assignedNumber, acctSid, acctToken, currentConfig as IngressConfig)
+            .catch(() => {
+              // Already logged inside syncTwilioWebhooks
+            });
+        }
+      }
     } else {
       ctx.send(socket, { type: 'ingress_config_response', enabled: false, publicBaseUrl: '', localGatewayTarget, success: false, error: `Unknown action: ${String((msg as unknown as Record<string, unknown>).action)}` });
     }
@@ -1109,7 +1169,15 @@ export async function handleTwilioConfig(
       const hasCredentials = hasTwilioCredentials();
       const raw = loadRawConfig();
       const sms = (raw?.sms ?? {}) as Record<string, unknown>;
-      const phoneNumber = (sms.phoneNumber as string) ?? '';
+      // When assistantId is provided, look up in assistantPhoneNumbers first,
+      // fall back to the legacy phoneNumber field
+      let phoneNumber: string;
+      if (msg.assistantId) {
+        const mapping = (sms.assistantPhoneNumbers as Record<string, string> | undefined) ?? {};
+        phoneNumber = mapping[msg.assistantId] ?? (sms.phoneNumber as string) ?? '';
+      } else {
+        phoneNumber = (sms.phoneNumber as string) ?? '';
+      }
       ctx.send(socket, {
         type: 'twilio_config_response',
         success: true,
@@ -1192,9 +1260,12 @@ export async function handleTwilioConfig(
         hasCredentials: true,
       });
     } else if (msg.action === 'clear_credentials') {
+      // Only clear authentication credentials (Account SID and Auth Token).
+      // Preserve the phone number in both config (sms.phoneNumber) and secure
+      // key (credential:twilio:phone_number) so that re-entering credentials
+      // resumes working without needing to reassign the number.
       deleteSecureKey('credential:twilio:account_sid');
       deleteSecureKey('credential:twilio:auth_token');
-      deleteSecureKey('credential:twilio:phone_number');
       deleteCredentialMetadata('twilio', 'account_sid');
       deleteCredentialMetadata('twilio', 'auth_token');
 
@@ -1233,11 +1304,64 @@ export async function handleTwilioConfig(
       // Purchase the first available number
       const purchased = await provisionPhoneNumber(accountSid, authToken, available[0].phoneNumber);
 
+      // Auto-assign: persist the purchased number in secure storage and config
+      // (same persistence as assign_number for consistency)
+      const phoneStored = setSecureKey('credential:twilio:phone_number', purchased.phoneNumber);
+      if (!phoneStored) {
+        ctx.send(socket, {
+          type: 'twilio_config_response',
+          success: false,
+          hasCredentials: hasTwilioCredentials(),
+          phoneNumber: purchased.phoneNumber,
+          error: `Phone number ${purchased.phoneNumber} was purchased but could not be saved. Use assign_number to assign it manually.`,
+        });
+        return;
+      }
+
+      const raw = loadRawConfig();
+      const sms = (raw?.sms ?? {}) as Record<string, unknown>;
+      // When assistantId is provided, only set the legacy global phoneNumber
+      // if it's not already set — this prevents multi-assistant assignments
+      // from clobbering each other's outbound SMS number.
+      if (msg.assistantId) {
+        if (!sms.phoneNumber) {
+          sms.phoneNumber = purchased.phoneNumber;
+        }
+      } else {
+        sms.phoneNumber = purchased.phoneNumber;
+      }
+      // When assistantId is provided, also persist into the per-assistant mapping
+      if (msg.assistantId) {
+        const mapping = (sms.assistantPhoneNumbers as Record<string, string> | undefined) ?? {};
+        mapping[msg.assistantId] = purchased.phoneNumber;
+        sms.assistantPhoneNumbers = mapping;
+      }
+
+      const wasSuppressed = ctx.suppressConfigReload;
+      ctx.setSuppressConfigReload(true);
+      try {
+        saveRawConfig({ ...raw, sms });
+      } catch (err) {
+        ctx.setSuppressConfigReload(wasSuppressed);
+        throw err;
+      }
+      ctx.debounceTimers.schedule('__suppress_reset__', () => { ctx.setSuppressConfigReload(false); }, CONFIG_RELOAD_DEBOUNCE_MS);
+
+      // Best-effort webhook configuration — non-fatal so the number is
+      // still usable even if ingress isn't configured yet.
+      const webhookResult = await syncTwilioWebhooks(
+        purchased.phoneNumber,
+        accountSid,
+        authToken,
+        loadRawConfig() as IngressConfig,
+      );
+
       ctx.send(socket, {
         type: 'twilio_config_response',
         success: true,
         hasCredentials: true,
         phoneNumber: purchased.phoneNumber,
+        warning: webhookResult.warning,
       });
     } else if (msg.action === 'assign_number') {
       if (!msg.phoneNumber) {
@@ -1266,7 +1390,22 @@ export async function handleTwilioConfig(
       // Also persist in assistant config (non-secret) for the UI
       const raw = loadRawConfig();
       const sms = (raw?.sms ?? {}) as Record<string, unknown>;
-      sms.phoneNumber = msg.phoneNumber;
+      // When assistantId is provided, only set the legacy global phoneNumber
+      // if it's not already set — this prevents multi-assistant assignments
+      // from clobbering each other's outbound SMS number.
+      if (msg.assistantId) {
+        if (!sms.phoneNumber) {
+          sms.phoneNumber = msg.phoneNumber;
+        }
+      } else {
+        sms.phoneNumber = msg.phoneNumber;
+      }
+      // When assistantId is provided, also persist into the per-assistant mapping
+      if (msg.assistantId) {
+        const mapping = (sms.assistantPhoneNumbers as Record<string, string> | undefined) ?? {};
+        mapping[msg.assistantId] = msg.phoneNumber;
+        sms.assistantPhoneNumbers = mapping;
+      }
 
       const wasSuppressed = ctx.suppressConfigReload;
       ctx.setSuppressConfigReload(true);
@@ -1278,11 +1417,26 @@ export async function handleTwilioConfig(
       }
       ctx.debounceTimers.schedule('__suppress_reset__', () => { ctx.setSuppressConfigReload(false); }, CONFIG_RELOAD_DEBOUNCE_MS);
 
+      // Best-effort webhook configuration when credentials are available
+      let webhookWarning: string | undefined;
+      if (hasTwilioCredentials()) {
+        const acctSid = getSecureKey('credential:twilio:account_sid')!;
+        const acctToken = getSecureKey('credential:twilio:auth_token')!;
+        const webhookResult = await syncTwilioWebhooks(
+          msg.phoneNumber,
+          acctSid,
+          acctToken,
+          loadRawConfig() as IngressConfig,
+        );
+        webhookWarning = webhookResult.warning;
+      }
+
       ctx.send(socket, {
         type: 'twilio_config_response',
         success: true,
         hasCredentials: hasTwilioCredentials(),
         phoneNumber: msg.phoneNumber,
+        warning: webhookWarning,
       });
     } else if (msg.action === 'list_numbers') {
       if (!hasTwilioCredentials()) {
@@ -1331,9 +1485,9 @@ export function handleGuardianVerification(
   ctx: HandlerContext,
 ): void {
   try {
-    // In single-assistant mode, 'self' is the canonical assistant ID used
-    // by channel routes when validating challenges on the inbound path.
-    const assistantId = 'self';
+    // Use the assistant ID from the request when available; fall back to
+    // 'self' for backward compatibility with single-assistant mode.
+    const assistantId = msg.assistantId ?? 'self';
     const channel = msg.channel ?? 'telegram';
 
     if (msg.action === 'create_challenge') {
@@ -1354,7 +1508,7 @@ export function handleGuardianVerification(
         guardianExternalUserId: binding?.guardianExternalUserId,
       });
     } else if (msg.action === 'revoke') {
-      const revoked = revokeGuardianBinding(assistantId, channel);
+      revokeGuardianBinding(assistantId, channel);
       ctx.send(socket, {
         type: 'guardian_verification_response',
         success: true,
@@ -1411,11 +1565,10 @@ export async function handleToolPermissionSimulate(
 
     const workingDir = msg.workingDir ?? process.cwd();
 
-    // Only infer execution target when the tool is actually registered;
-    // for unresolved tools, leave it undefined so trust rules are unscoped.
-    const isRegistered = getTool(msg.toolName) !== undefined;
-    const executionTarget = isRegistered ? resolveExecutionTarget(msg.toolName) : undefined;
-    const policyContext = executionTarget ? { executionTarget } : undefined;
+    // Resolve execution target using manifest metadata or prefix heuristics.
+    // resolveExecutionTarget handles unregistered tools via prefix fallback.
+    const executionTarget = resolveExecutionTarget(msg.toolName);
+    const policyContext = { executionTarget };
 
     const riskLevel = await classifyRisk(msg.toolName, msg.input, workingDir);
     const result = await check(msg.toolName, msg.input, workingDir, policyContext);

package/src/daemon/handlers/sessions.ts

@@ -198,8 +198,9 @@ export function handleSecretResponse(
   log.warn({ requestId: msg.requestId }, 'No session found with pending secret prompt for requestId');
 }
 
-export function handleSessionList(socket: net.Socket, ctx: HandlerContext): void {
-  const conversations = conversationStore.listConversations(50);
+export function handleSessionList(socket: net.Socket, ctx: HandlerContext, offset = 0, limit = 50): void {
+  const conversations = conversationStore.listConversations(limit, false, offset);
+  const totalCount = conversationStore.countConversations();
   const bindings = externalConversationStore.getBindingsForConversations(
     conversations.map((c) => c.id),
   );
@@ -223,6 +224,7 @@ export function handleSessionList(socket: net.Socket, ctx: HandlerContext): void
         } : {}),
       };
     }),
+    hasMore: offset + conversations.length < totalCount,
   });
 }
 
@@ -541,7 +543,7 @@ export const sessionHandlers = defineHandlers({
   user_message: handleUserMessage,
   confirmation_response: handleConfirmationResponse,
   secret_response: handleSecretResponse,
-  session_list: (_msg, socket, ctx) => handleSessionList(socket, ctx),
+  session_list: (msg, socket, ctx) => handleSessionList(socket, ctx, msg.offset ?? 0, msg.limit ?? 50),
   session_create: handleSessionCreate,
   sessions_clear: (_msg, socket, ctx) => handleSessionsClear(socket, ctx),
   session_switch: handleSessionSwitch,