@vellumai/assistant 0.3.22 → 0.3.24

package/src/daemon/ipc-contract.ts

@@ -25,7 +25,6 @@ export * from './ipc-contract/memory.js';
 export * from './ipc-contract/messages.js';
 export * from './ipc-contract/notifications.js';
 export * from './ipc-contract/pairing.js';
-export * from './ipc-contract/parental-control.js';
 export * from './ipc-contract/schedules.js';
 export * from './ipc-contract/sessions.js';
 export * from './ipc-contract/settings.js';
@@ -50,7 +49,6 @@ import type { _MemoryServerMessages } from './ipc-contract/memory.js';
 import type { _MessagesClientMessages, _MessagesServerMessages } from './ipc-contract/messages.js';
 import type { _NotificationsClientMessages, _NotificationsServerMessages } from './ipc-contract/notifications.js';
 import type { _PairingClientMessages, _PairingServerMessages } from './ipc-contract/pairing.js';
-import type { _ParentalControlClientMessages, _ParentalControlServerMessages } from './ipc-contract/parental-control.js';
 import type { _SchedulesClientMessages, _SchedulesServerMessages } from './ipc-contract/schedules.js';
 import type { _SessionsClientMessages, _SessionsServerMessages } from './ipc-contract/sessions.js';
 import type { _SettingsClientMessages, _SettingsServerMessages } from './ipc-contract/settings.js';
@@ -89,7 +87,6 @@ export type ClientMessage =
   | _WorkspaceClientMessages
   | _SchedulesClientMessages
   | _DiagnosticsClientMessages
-  | _ParentalControlClientMessages
   | _InboxClientMessages
   | _PairingClientMessages
   | _NotificationsClientMessages
@@ -116,7 +113,6 @@ export type ServerMessage =
   | _SchedulesServerMessages
   | _SettingsServerMessages
   | _DiagnosticsServerMessages
-  | _ParentalControlServerMessages
   | _InboxServerMessages
   | _PairingServerMessages
   | _NotificationsServerMessages

package/src/daemon/lifecycle.ts

@@ -8,6 +8,7 @@ import { reconcileCallsOnStartup } from '../calls/call-recovery.js';
 import { setRelayBroadcast } from '../calls/relay-server.js';
 import { TwilioConversationRelayProvider } from '../calls/twilio-provider.js';
 import { setVoiceBridgeDeps } from '../calls/voice-session-bridge.js';
+import { isAssistantFeatureFlagEnabled } from '../config/assistant-feature-flags.js';
 import {
   getQdrantUrlEnv,
   getRuntimeHttpHost,
@@ -21,8 +22,9 @@ import { syncUpdateBulletinOnStartup } from '../config/update-bulletin.js';
 import { HeartbeatService } from '../heartbeat/heartbeat-service.js';
 import { getHookManager } from '../hooks/manager.js';
 import { installTemplates } from '../hooks/templates.js';
-import { initSentry } from '../instrument.js';
+import { closeSentry, initSentry } from '../instrument.js';
 import { initLogfire } from '../logfire.js';
+import { getMcpServerManager } from '../mcp/manager.js';
 import * as attachmentsStore from '../memory/attachments-store.js';
 import * as conversationStore from '../memory/conversation-store.js';
 import { initializeDb } from '../memory/db.js';
@@ -54,7 +56,6 @@ import { createGuardianActionCopyGenerator, createGuardianFollowUpConversationGe
 import { initPairingHandlers } from './handlers/pairing.js';
 import { installCliLaunchers } from './install-cli-launchers.js';
 import type { ServerMessage } from './ipc-protocol.js';
-import { getMcpServerManager } from '../mcp/manager.js';
 import { initializeProvidersAndTools, registerMessagingProviders,registerWatcherProviders } from './providers-setup.js';
 import { seedInterfaceFiles } from './seed-files.js';
 import { DaemonServer } from './server.js';
@@ -96,7 +97,11 @@ export async function runDaemon(): Promise<void> {
   let socketCreated = false;
 
   try {
+    // Initialize crash reporting eagerly so early startup failures are
+    // captured. After config loads we check the opt-out flag and call
+    // closeSentry() if the user has disabled it.
     initSentry();
+
     await initLogfire();
 
     // Migration order matters: first move legacy flat files into the data dir
@@ -173,6 +178,13 @@ export async function runDaemon(): Promise<void> {
       initLogger({ dir: config.logFile.dir, retentionDays: config.logFile.retentionDays });
     }
 
+    // If the user has opted out of crash reporting, stop Sentry from capturing
+    // future events. Early-startup crashes before this point are still captured.
+    const collectUsageData = isAssistantFeatureFlagEnabled('feature_flags.collect-usage-data.enabled', config);
+    if (!collectUsageData) {
+      await closeSentry();
+    }
+
     await initializeProvidersAndTools(config);
 
     // Start the IPC socket BEFORE Qdrant so that clients can connect

package/src/daemon/session-process.ts

@@ -576,9 +576,9 @@ export async function processMessage(
 
           let stateApplied = true;
           if (turnResult.disposition === 'call_back' || turnResult.disposition === 'message_back') {
-            stateApplied = progressFollowupState(request.id, 'dispatching', turnResult.disposition) !== undefined;
+            stateApplied = progressFollowupState(request.id, 'dispatching', turnResult.disposition) !== null;
           } else if (turnResult.disposition === 'decline') {
-            stateApplied = finalizeFollowup(request.id, 'declined') !== undefined;
+            stateApplied = finalizeFollowup(request.id, 'declined') !== null;
           }
 
           if (!stateApplied) {

package/src/daemon/shutdown-handlers.ts

@@ -2,8 +2,8 @@ import * as Sentry from '@sentry/node';
 
 import type { HeartbeatService } from '../heartbeat/heartbeat-service.js';
 import type { HookManager } from '../hooks/manager.js';
-import { getSqlite, resetDb } from '../memory/db.js';
 import type { McpServerManager } from '../mcp/manager.js';
+import { getSqlite, resetDb } from '../memory/db.js';
 import type { QdrantManager } from '../memory/qdrant-manager.js';
 import type { RuntimeHttpServer } from '../runtime/http-server.js';
 import { browserManager } from '../tools/browser/browser-manager.js';

package/src/instrument.ts

@@ -32,7 +32,12 @@ function redactObject(obj: unknown): unknown {
   return obj;
 }
 
-/** Call after dotenv has loaded so SENTRY_DSN is available. */
+/**
+ * Call after dotenv has loaded so SENTRY_DSN is available.
+ * Always initializes Sentry to capture early startup crashes. If the user
+ * later opts out via the "collect-usage-data" feature flag, call closeSentry()
+ * after config is loaded to stop future event capturing.
+ */
 export function initSentry(): void {
   Sentry.init({
     dsn: getSentryDsn(),
@@ -60,3 +65,12 @@ export function initSentry(): void {
     },
   });
 }
+
+/**
+ * Stop capturing future Sentry events. Called after config loads when the
+ * user has opted out of crash reporting so that early-startup crashes are
+ * still captured but subsequent events are suppressed.
+ */
+export async function closeSentry(): Promise<void> {
+  await Sentry.close();
+}

package/src/mcp/client.ts

@@ -50,7 +50,7 @@ export class McpClient {
     } catch (err) {
       // Clean up the transport on failure (e.g., kill spawned stdio process)
       try { await this.client.close(); } catch { /* ignore cleanup errors */ }
-      this.transport = undefined;
+      this.transport = null;
       throw err;
     }
     this.connected = true;
@@ -85,7 +85,7 @@ export class McpClient {
     const isError = result.isError === true;
 
     // Handle structuredContent if present
-    if (result.structuredContent !== undefined && result.structuredContent !== null) {
+    if (result.structuredContent !== undefined) {
       return {
         content: JSON.stringify(result.structuredContent),
         isError,
@@ -96,7 +96,7 @@ export class McpClient {
     const textParts: string[] = [];
     if (Array.isArray(result.content)) {
       for (const block of result.content) {
-        if (typeof block === 'object' && block !== null && 'type' in block) {
+        if (typeof block === 'object' && block !== undefined && 'type' in block) {
           if (block.type === 'text' && 'text' in block) {
             textParts.push(String(block.text));
           } else if (block.type === 'resource' && 'resource' in block) {

package/src/memory/conversation-crud.ts

@@ -156,7 +156,27 @@ export function createConversation(titleOrOpts?: string | { title?: string; thre
     source,
     memoryScopeId,
   };
-  db.insert(conversations).values(conversation).run();
+
+  // Retry on SQLITE_BUSY and SQLITE_IOERR — transient disk I/O errors or WAL
+  // contention can cause the first attempt to fail even under normal load.
+  const MAX_RETRIES = 3;
+  for (let attempt = 0; ; attempt++) {
+    try {
+      db.insert(conversations).values(conversation).run();
+      break;
+    } catch (err) {
+      const code = (err as { code?: string }).code ?? '';
+      if (attempt < MAX_RETRIES && (code.startsWith('SQLITE_BUSY') || code.startsWith('SQLITE_IOERR'))) {
+        log.warn({ attempt, conversationId: id, code }, 'createConversation: transient SQLite error, retrying');
+        // Synchronous sleep — createConversation is synchronous and the
+        // retry window is short (50-150ms), so Bun.sleepSync is appropriate.
+        Bun.sleepSync(50 * (attempt + 1));
+        continue;
+      }
+      throw err;
+    }
+  }
+
   return conversation;
 }
 
@@ -213,7 +233,8 @@ export async function addMessage(conversationId: string, role: string, content:
       ? metadata.userMessageChannel
       : null;
   // Wrap insert + updatedAt bump in a transaction so they're atomic.
-  // Retry on SQLITE_BUSY in case busy_timeout is exhausted under heavy contention.
+  // Retry on SQLITE_BUSY* and SQLITE_IOERR* — covers WAL contention variants
+  // (SQLITE_BUSY_SNAPSHOT, SQLITE_BUSY_RECOVERY) and transient disk I/O errors.
   // Timestamp is recomputed each attempt so a late retry doesn't persist a stale updatedAt.
   const MAX_RETRIES = 3;
   let now!: number;
@@ -243,8 +264,9 @@ export async function addMessage(conversationId: string, role: string, content:
       });
       break;
     } catch (err) {
-      if (attempt < MAX_RETRIES && (err as { code?: string }).code === 'SQLITE_BUSY') {
-        log.warn({ attempt, conversationId }, 'addMessage: SQLITE_BUSY, retrying');
+      const errCode = (err as { code?: string }).code ?? '';
+      if (attempt < MAX_RETRIES && (errCode.startsWith('SQLITE_BUSY') || errCode.startsWith('SQLITE_IOERR'))) {
+        log.warn({ attempt, conversationId, code: errCode }, 'addMessage: transient SQLite error, retrying');
         await Bun.sleep(50 * (attempt + 1));
         continue;
       }

package/src/memory/migrations/119-schema-indexes-and-columns.ts

@@ -1,4 +1,5 @@
 import type { DrizzleDb } from '../db-connection.js';
+import { getSqliteFrom } from '../db-connection.js';
 
 /**
  * Add indexes, a column, and a unique constraint for schema improvements:
@@ -15,23 +16,50 @@ export function migrateSchemaIndexesAndColumns(database: DrizzleDb): void {
     database.run(/*sql*/ `ALTER TABLE memory_jobs ADD COLUMN started_at INTEGER`);
   } catch { /* already exists */ }
 
-  // Deduplicate before creating the unique index — the prior schema allowed
-  // multiple rows per (notification_decision_id, channel) via the wider
-  // (decision_id, channel, destination, attempt) unique index.  Keep the
-  // row with the latest updated_at for each group.
-  database.run(/*sql*/ `
-    DELETE FROM notification_deliveries
-    WHERE id NOT IN (
-      SELECT id FROM (
-        SELECT id, ROW_NUMBER() OVER (
-          PARTITION BY notification_decision_id, channel
-          ORDER BY updated_at DESC
-        ) AS rn
-        FROM notification_deliveries
-      )
-      WHERE rn = 1
-    )
-  `);
+  // Ensure notification_decision_id column exists on notification_deliveries.
+  // Migration 114 (createNotificationTables) should have created this column,
+  // but on databases where 114 crashed mid-run the column may be absent. Rather
+  // than silently skipping the dedup+index step (leaving the schema incompatible
+  // with runtime code that writes notificationDecisionId), we add the column
+  // here if it is missing, then proceed unconditionally.
+  const raw = getSqliteFrom(database);
+  const notifDdl = raw.query(
+    `SELECT sql FROM sqlite_master WHERE type = 'table' AND name = 'notification_deliveries'`,
+  ).get() as { sql: string } | null;
 
-  database.run(/*sql*/ `CREATE UNIQUE INDEX IF NOT EXISTS idx_notification_deliveries_decision_channel ON notification_deliveries(notification_decision_id, channel)`);
+  if (notifDdl && !notifDdl.sql.includes('notification_decision_id')) {
+    // ADD COLUMN cannot carry NOT NULL without a default in SQLite, so we add
+    // it as nullable TEXT. Existing rows get NULL, which is valid until the
+    // runtime backfills or replaces them. The unique index below is created
+    // with WHERE NOT NULL to tolerate the transition period.
+    try {
+      database.run(/*sql*/ `ALTER TABLE notification_deliveries ADD COLUMN notification_decision_id TEXT`);
+    } catch { /* column was added concurrently — safe to continue */ }
+  }
+
+  if (notifDdl) {
+    // Deduplicate before creating the unique index — the prior schema allowed
+    // multiple rows per (notification_decision_id, channel) via the wider
+    // (decision_id, channel, destination, attempt) unique index.  Keep the
+    // row with the latest updated_at for each group.
+    try {
+      database.run(/*sql*/ `
+        DELETE FROM notification_deliveries
+        WHERE id NOT IN (
+          SELECT id FROM (
+            SELECT id, ROW_NUMBER() OVER (
+              PARTITION BY notification_decision_id, channel
+              ORDER BY updated_at DESC
+            ) AS rn
+            FROM notification_deliveries
+          )
+          WHERE rn = 1
+        )
+      `);
+    } catch { /* deduplication failed — unique index creation below may fail too, which is non-fatal */ }
+
+    try {
+      database.run(/*sql*/ `CREATE UNIQUE INDEX IF NOT EXISTS idx_notification_deliveries_decision_channel ON notification_deliveries(notification_decision_id, channel) WHERE notification_decision_id IS NOT NULL`);
+    } catch { /* index already exists or constraint violation — safe to continue */ }
+  }
 }

package/src/permissions/checker.ts

@@ -398,10 +398,10 @@ async function classifyRiskUncached(toolName: string, input: Record<string, unkn
       if (HIGH_RISK_PROGRAMS.has(prog)) return RiskLevel.High;
 
       if (prog === 'rm') {
-        // `rm` of known safe workspace files (no flags, bare filename) is
-        // Medium rather than High so scope-limited allow rules can approve
-        // it without needing allowHighRisk, which would bypass path checks.
-        if (isRmOfKnownSafeFile(seg.args)) {
+        // Only downgrade rm of known safe workspace files for sandboxed bash.
+        // host_bash has a global allow rule that would auto-approve Medium-risk
+        // commands, so rm on the host must always require explicit approval.
+        if (toolName === 'bash' && isRmOfKnownSafeFile(seg.args)) {
           maxRisk = RiskLevel.Medium;
           continue;
         }

package/src/runtime/routes/inbound-message-handler.ts

@@ -1087,9 +1087,9 @@ export async function handleChannelInbound(
 
           let stateApplied = true;
           if (turnResult.disposition === 'call_back' || turnResult.disposition === 'message_back') {
-            stateApplied = progressFollowupState(request.id, 'dispatching', turnResult.disposition) !== undefined;
+            stateApplied = progressFollowupState(request.id, 'dispatching', turnResult.disposition) !== null;
           } else if (turnResult.disposition === 'decline') {
-            stateApplied = finalizeFollowup(request.id, 'declined') !== undefined;
+            stateApplied = finalizeFollowup(request.id, 'declined') !== null;
           }
 
           if (!stateApplied) {

package/src/runtime/routes/ingress-routes.ts

@@ -93,8 +93,13 @@ export async function handleRevokeMember(req: Request, memberId: string): Promis
  * POST /v1/ingress/members/:id/block
  */
 export async function handleBlockMember(req: Request, memberId: string): Promise<Response> {
-  const body = (await req.json()) as Record<string, unknown>;
-  const reason = body.reason as string | undefined;
+  let reason: string | undefined;
+  try {
+    const body = (await req.json()) as Record<string, unknown>;
+    reason = body.reason as string | undefined;
+  } catch {
+    // Body is optional — callers may omit it entirely
+  }
 
   const result = blockIngressMember(memberId, reason);
 

package/src/tools/executor.ts

@@ -56,8 +56,8 @@ export class ToolExecutor {
       startedAtMs: startTime,
     });
 
-    // Run pre-execution approval gates (abort, parental controls, guardian
-    // policy, allowed-tool-set, task-run preflight, tool registry lookup).
+    // Run pre-execution approval gates (abort, guardian policy,
+    // allowed-tool-set, task-run preflight, tool registry lookup).
     const gateResult = await this.approvalHandler.checkPreExecutionGates(
       name, input, context, executionTarget, riskLevel, startTime,
       (event) => emitLifecycleEvent(context, event),

package/src/tools/host-terminal/host-shell.ts

@@ -9,38 +9,13 @@ import type { ToolDefinition } from '../../providers/types.js';
 import { redactSecrets } from '../../security/secret-scanner.js';
 import { getLogger } from '../../util/logger.js';
 import { formatShellOutput } from '../shared/shell-output.js';
+import { buildSanitizedEnv } from '../terminal/safe-env.js';
 import type { Tool, ToolContext, ToolExecutionResult } from '../types.js';
 
 const log = getLogger('host-shell-tool');
 
-const SAFE_ENV_VARS = [
-  'PATH',
-  'HOME',
-  'TERM',
-  'LANG',
-  'EDITOR',
-  'SHELL',
-  'USER',
-  'TMPDIR',
-  'LC_ALL',
-  'LC_CTYPE',
-  'XDG_RUNTIME_DIR',
-  'DISPLAY',
-  'COLORTERM',
-  'TERM_PROGRAM',
-  'SSH_AUTH_SOCK',
-  'SSH_AGENT_PID',
-  'GPG_TTY',
-  'GNUPGHOME',
-] as const;
-
-function buildSanitizedEnv(): Record<string, string> {
-  const env: Record<string, string> = {};
-  for (const key of SAFE_ENV_VARS) {
-    if (process.env[key] != null) {
-      env[key] = process.env[key]!;
-    }
-  }
+function buildHostShellEnv(): Record<string, string> {
+  const env = buildSanitizedEnv();
   // Ensure ~/.local/bin and ~/.bun/bin are in PATH so `vellum` and `bun` are
   // always reachable, even when the daemon is launched from a macOS app
   // bundle that inherits a minimal PATH.
@@ -125,7 +100,7 @@ class HostShellTool implements Tool {
 
       const child = spawn('bash', ['-c', '--', command], {
         cwd: workingDir,
-        env: buildSanitizedEnv(),
+        env: buildHostShellEnv(),
         stdio: ['ignore', 'pipe', 'pipe'],
       });
 

package/src/tools/swarm/delegate.ts

@@ -8,6 +8,7 @@ import { executeSwarm } from '../../swarm/orchestrator.js';
 import { generatePlan } from '../../swarm/router-planner.js';
 import { getLogger } from '../../util/logger.js';
 import { truncate } from '../../util/truncate.js';
+import { registerTool } from '../registry.js';
 import type { Tool, ToolContext, ToolExecutionResult } from '../types.js';
 
 const log = getLogger('swarm-delegate');
@@ -178,6 +179,8 @@ export const swarmDelegateTool: Tool = {
   },
 };
 
+registerTool(swarmDelegateTool);
+
 /** Clear all active sessions — only for testing. */
 export function _resetSwarmActive(): void {
   activeSessions.clear();

package/src/tools/system/navigate-settings.ts

@@ -8,7 +8,6 @@ const SETTINGS_TABS = [
   'Trust',
   'Model',
   'Scheduling',
-  'Parental',
 ] as const;
 
 type SettingsTab = (typeof SETTINGS_TABS)[number];

package/src/tools/terminal/safe-env.ts

@@ -5,6 +5,8 @@
  *
  * Shared by the sandbox bash tool and skill sandbox runner.
  */
+import { getGatewayInternalBaseUrl, getIngressPublicBaseUrl } from '../../config/env.js';
+
 const SAFE_ENV_VARS = [
   'PATH',
   'HOME',
@@ -33,5 +35,12 @@ export function buildSanitizedEnv(): Record<string, string> {
       env[key] = process.env[key]!;
     }
   }
+  // Always inject an internal gateway base for local control-plane/API calls.
+  const internalGatewayBase = getGatewayInternalBaseUrl();
+  env.INTERNAL_GATEWAY_BASE_URL = internalGatewayBase;
+  // Inject a public gateway base when ingress is configured; otherwise fall
+  // back to the internal base so commands remain functional in local-only mode.
+  const publicGatewayBase = getIngressPublicBaseUrl()?.replace(/\/+$/, '');
+  env.GATEWAY_BASE_URL = publicGatewayBase || internalGatewayBase;
   return env;
 }

package/src/tools/tool-approval-handler.ts

@@ -1,5 +1,4 @@
 import { consumeGrantForInvocation } from '../approvals/approval-primitive.js';
-import { isToolBlocked } from '../security/parental-control-store.js';
 import { computeToolApprovalDigest } from '../security/tool-approval-digest.js';
 import { getTaskRunRules } from '../tasks/ephemeral-permissions.js';
 import { getLogger } from '../util/logger.js';
@@ -40,8 +39,8 @@ export type PreExecutionGateResult =
   | { allowed: false; result: ToolExecutionResult };
 
 /**
- * Handles pre-execution approval gates: abort checks, parental controls,
- * guardian policy, allowed-tool-set gating, and task-run preflight checks.
+ * Handles pre-execution approval gates: abort checks, guardian policy,
+ * allowed-tool-set gating, and task-run preflight checks.
  * These run before the interactive permission prompt flow.
  */
 export class ToolApprovalHandler {
@@ -81,36 +80,6 @@ export class ToolApprovalHandler {
       return { allowed: false, result: { content: 'Cancelled', isError: true } };
     }
 
-    // Reject tools blocked by parental control settings before any permission check.
-    if (isToolBlocked(name)) {
-      log.warn(
-        {
-          toolName: name,
-          sessionId: context.sessionId,
-          conversationId: context.conversationId,
-          principal: context.principal,
-          reason: 'blocked_by_parental_controls',
-        },
-        'Parental control blocked tool invocation',
-      );
-      const durationMs = Date.now() - startTime;
-      emitLifecycleEvent({
-        type: 'permission_denied',
-        toolName: name,
-        executionTarget,
-        input,
-        workingDir: context.workingDir,
-        sessionId: context.sessionId,
-        conversationId: context.conversationId,
-        requestId: context.requestId,
-        riskLevel,
-        decision: 'deny',
-        reason: 'Blocked by parental control settings',
-        durationMs,
-      });
-      return { allowed: false, result: { content: 'This tool is blocked by parental control settings.', isError: true } };
-    }
-
     // Reject tool invocations targeting guardian control-plane endpoints from non-guardian actors.
     const guardianCheck = enforceGuardianOnlyPolicy(name, input, context.guardianActorRole);
     if (guardianCheck.denied) {

package/src/tools/tool-manifest.ts

@@ -6,7 +6,6 @@
  * so adding/removing tools only requires editing this manifest.
  */
 
-import { RiskLevel } from '../permissions/types.js';
 import { accountManageTool } from './credentials/account-registry.js';
 import { credentialStoreTool } from './credentials/vault.js';
 import { memorySaveTool, memorySearchTool, memoryUpdateTool } from './memory/register.js';
@@ -20,22 +19,34 @@ import type { Tool } from './types.js';
 import { screenWatchTool } from './watch/screen-watch.js';
 
 // ── Eager side-effect modules ───────────────────────────────────────
-// Importing these modules triggers a top-level `registerTool()` call.
+// These static imports trigger top-level `registerTool()` side effects.
+//
+// IMPORTANT: These MUST be static imports (not dynamic `await import()`).
+// When the daemon is compiled with `bun --compile`, dynamic imports with
+// relative string literals resolve against the virtual `/$bunfs/root/`
+// filesystem root rather than the module's own directory, causing
+// "Cannot find module './filesystem/read.js'" crashes in production builds.
+// Static imports are resolved at bundle time and are always safe.
+import './assets/materialize.js';
+import './assets/search.js';
+import './filesystem/edit.js';
+import './filesystem/read.js';
+import './filesystem/view-image.js';
+import './filesystem/write.js';
+import './network/web-fetch.js';
+import './network/web-search.js';
+import './skills/delete-managed.js';
+import './skills/load.js';
+import './skills/scaffold-managed.js';
+import './swarm/delegate.js';
+import './system/request-permission.js';
+import './system/version.js';
+import './terminal/shell.js';
 
-export async function loadEagerModules(): Promise<void> {
-  await import('./filesystem/read.js');
-  await import('./filesystem/write.js');
-  await import('./filesystem/edit.js');
-  await import('./network/web-search.js');
-  await import('./network/web-fetch.js');
-  await import('./skills/load.js');
-  await import('./skills/scaffold-managed.js');
-  await import('./skills/delete-managed.js');
-  await import('./system/request-permission.js');
-  await import('./assets/search.js');
-  await import('./assets/materialize.js');
-  await import('./filesystem/view-image.js');
-  await import('./system/version.js');
+// loadEagerModules is a no-op now that all eager registrations happen via
+// static imports above. Kept for API compatibility with registry.ts callers.
+export function loadEagerModules(): Promise<void> {
+  return Promise.resolve();
 }
 
 // Tool names registered by the eager modules above.  Listed explicitly so
@@ -43,6 +54,7 @@ export async function loadEagerModules(): Promise<void> {
 // already in the registry before init ran (e.g. when a test file imports
 // an eager module at the top level).
 export const eagerModuleToolNames: string[] = [
+  'bash',
   'file_read',
   'file_write',
   'file_edit',
@@ -54,6 +66,7 @@ export const eagerModuleToolNames: string[] = [
   'request_system_permission',
   'asset_search',
   'asset_materialize',
+  'swarm_delegate',
   'view_image',
   'version',
 ];
@@ -78,76 +91,8 @@ export const explicitTools: Tool[] = [
 
 // ── Lazy tool descriptors ───────────────────────────────────────────
 // Tools that defer module loading until first invocation.
+// bash and swarm_delegate were previously lazy but are now eagerly registered
+// via side-effect imports above, preserving their full definitions (including
+// the `reason` field on bash) and fixing bun --compile module-not-found crashes.
 
-export const lazyTools: LazyToolDescriptor[] = [
-  {
-    name: 'bash',
-    description: 'Execute a shell command on the local machine',
-    category: 'terminal',
-    defaultRiskLevel: RiskLevel.Medium,
-    definition: {
-      name: 'bash',
-      description: 'Execute a shell command on the local machine',
-      input_schema: {
-        type: 'object',
-        properties: {
-          command: {
-            type: 'string',
-            description: 'The shell command to execute',
-          },
-          timeout_seconds: {
-            type: 'number',
-            description: 'Optional timeout in seconds. Defaults to the configured default (120s). Cannot exceed the configured maximum.',
-          },
-          network_mode: {
-            type: 'string',
-            enum: ['off', 'proxied'],
-            description: 'Network access mode for the command. "off" (default) blocks network access; "proxied" routes traffic through the credential proxy.',
-          },
-          credential_ids: {
-            type: 'array',
-            items: { type: 'string' },
-            description: 'Optional list of credential IDs to inject via the proxy when network_mode is "proxied".',
-          },
-        },
-        required: ['command'],
-      },
-    },
-    loader: async () => {
-      const mod = await import('./terminal/shell.js');
-      return mod.shellTool;
-    },
-  },
-  {
-    name: 'swarm_delegate',
-    description: 'Decompose a complex task into parallel specialist subtasks and execute them concurrently.',
-    category: 'orchestration',
-    defaultRiskLevel: RiskLevel.Medium,
-    definition: {
-      name: 'swarm_delegate',
-      description: 'Decompose a complex task into parallel specialist subtasks and execute them concurrently. Use this for multi-part tasks that benefit from parallel research, coding, and review.',
-      input_schema: {
-        type: 'object',
-        properties: {
-          objective: {
-            type: 'string',
-            description: 'The complex task to decompose and execute in parallel',
-          },
-          context: {
-            type: 'string',
-            description: 'Optional additional context about the task or codebase',
-          },
-          max_workers: {
-            type: 'number',
-            description: 'Maximum concurrent workers (1-6, default from config)',
-          },
-        },
-        required: ['objective'],
-      },
-    },
-    loader: async () => {
-      const mod = await import('./swarm/delegate.js');
-      return mod.swarmDelegateTool;
-    },
-  },
-];
+export const lazyTools: LazyToolDescriptor[] = [];